Last Update: 2 December 2022
Technology Levels and Service Packs mentioned in this document, when available, can be obtained from Fix Central at:
General Recommendations
Review the
AIX 7.3 Release Notes for system requirements, limitations, and other information vital to successful installation.
The AIX installation DVDs and the level of AIX preinstalled on new systems might not contain the latest fixes available. Missing fixes might be critical to the proper operation of your system. Update these systems to a current service pack level from
Fix Central.
Commit all applied updates before you upgrade your system to a new Service Pack (SP) or Technology Level (TL). If you use workload partitions (WPARs), commit all applied updates in the WPARs before you update the global LPAR.
When you update to a new TL, it is good practice to first update the install tools using:
install_all_updates -d <software_source> -i
Then preview the remainder of the TL update using:
install_all_updates -d <software_source> -p
And apply the TL update using:
install_all_updates -d <software_source>
Any library or executable file that is updated by an interim fix (emgr) or service update, which is in use by an active process, is not reflected in that process until it is restarted. In addition, any process that is using a library and does a dlopen() of the same library after the library is updated, could experience inconsistencies.
2 December 2022
NIM sendmail Error With Mixed lpp_source
If you install from a mixed NIM lpp_source, you see the following message on the client console and /var/adm/ras/devinst.log.
exec(): 0509-036 Cannot load program /usr/sbin/sendmail because of the following errors:
0509-022 Cannot load module /usr/lib/sasl/libntlm.so(shr.o).
0509-150 Dependent module libcrypto_compat.a(libcrypto.so) could not be loaded.
0509-022 Cannot load module libcrypto_compat.a(libcrypto.so).
0509-026 System error: A file or directory in the path name does not exist.
A mixed NIM lpp_source is one that has images from AIX 7.3 Technology Level 0 installation media along with updates from later technology levels.
The message is generated by the installation of the 7.3.0.x version of bos.net.tcp.sendmail and may be safely ignored. The 7.3.0.x image depends on a deprecated library which is not available in the version of OpenSSL that ships with Technology Level 1 and later. And after the error is shown, the update for bos.net.tcp.sendmail from Technology Level 1 will be applied. This will restart the sendmail subsystem, which can be verified using the lssrc command.
# lssrc -s sendmail
Subsystem Group PID Status
sendmail mail 6554068 active
1 November 2022
SUMA workaround for November security change
On 11 November 2022, the service that SUMA relies on to retrieve fixes will undergo a security change causing SUMA commands to fail unless default settings are changed by running the following command:
# suma -c -a DOWNLOAD_PROTOCOL=https
This one-time change to the default SUMA communication protocol will not be necessary on future levels of AIX, namely:
AIX 7.3 TL1 SP1 (7300-01-01-2246) - estimated to be available 2 December 2022
AIX 7.2 TL5 SP5 (7200-05-05-2246) - estimated to be available 2 December 2022
AIX 7.1 TL5 SP11 (7100-05-11-2246) - estimated to be available in March 2023
20 May 2022 - Updated 25 May 2022
Firewall Changes Might Be Needed For Fix Retrieval
IBM is planning to implement infrastructure improvements to electronic fix distribution in early June.
Public internet IP address and hostnames are changing for the IBM servers that support internet delivery of fixes and updates for customer system's software, hardware, and operating system.
This change pertains to all operating systems supported by IBM Electronic Fix Distribution (EFD) / IBM Fix Central system.
Customer action might be required to ensure uninterrupted fix delivery services.
See the full bulletin for details.
Service Update Management Assistant (SUMA) is not affected by this change.
10 December 2021
Secure Boot failure with ntpd
Secure Boot checks fail for 7300-00-01-2148 LPARs configured to run ntp4. Failed boots display this message:
Secure boot: Signature verification failed for /usr/sbin/xntpd
This issue can be worked around by deleting the erroneous entry from the Trusted Signature Database (TSD) by running:
trustchk -d /usr/sbin/ntp4/ntpd4
If you are already hitting this problem, then you need to reduce your Secure Boot policy to allow boot. Then, delete the TSD entry, set the Secure Boot policy back to a level of 2 or less, and boot one more time.
Limitations with Java8.jre 8.0.0.635
Java 8 32-bit SR6FP35 (VRMF 8.0.0.635) might not load properly on AIX 7.3.
When you migrate from AIX 7.2 to AIX 7.3, if the logical partition has Java 8 32-bit SR6FP35 (VRMF 8.0.0.635) installed, you must upgrade the Java version to a later level that can be downloaded from the
Java SDK on AIX page.
If a newer version is not available, Java 8 32-bit SR6FP30 (VRMF 8.0.0.630) images are provided on the AIX 7.3 Expansion Pack. You can force-install these Java images to revert to an earlier version that does not have the loading issues.