Admin Alert: Did You Lose ECS on February 1?

February 3, 2010 Joe Hertvik

On February 1, 2010, some i/OS V5R3Mx, V5R4Mx, and V6R1Mx systems lost their ability to call IBM service. On that date, IBM changed some of the Host Names and IP Addresses that i/OS systems use to automatically call service via ECS and ESA. As a result, many iSeries, System i, and Power i systems can no longer automatically contact service unless certain PTFs are installed. Was your system affected?

What Happened?

I discovered this change too late to publicize it before February 1. But better late than never, and this article tells you how to detect if your partitions have lost IBM service connectivity and how to restore it, if necessary. Here’s the situation.

Using a TCP/IP connection or a modem, most shops set up their i/OS systems to automatically call IBM service using Electronic Customer Support (ECS) and the Electronic Service Agent (ESA) when there is a problem. The connection information, including host names, IP addresses, and telephone numbers, is embedded in operating system files in the AS/400 Integrated File System (AS/400 IFS). IBM recently started changing the Host Names and IP addresses that your iSeries, System i, or Power i machines use to connect to IBM service, and the final change was scheduled for February 1 deployment. To prepare i/OS machines to contact IBM’s new service locations, Big Blue enabled support for its updated connection information in the following PTFs.

SI34552 for i/OS V6R1Mx systems–This PTF can be applied immediately or on a delayed basis at the next IPL
SI37079 or SI34505 for i/OS V5R4Mx systems–These PTFs can also be applied immediately or on a delayed basis at the next IPL

If these fix PTFs aren’t loaded on your partition, your system may no longer be able to call for service via ESA/ECS and any connection attempts might fail. In researching the issue, it was unclear which systems were going to lose connectivity so you may want to test your system first to see if it still can connect to IBM service before you apply PTFs.

Testing Your Connection

You can test your connection in one of two ways. First, you can use the operating system’s Electronic Service Agent to verify your ESA/ECS connection. Open the ESA by running the following Go to Menu (GO) command.

GO MENU(SERVICE)

On the ESA menu that appears, select option 17 (Verify Service Agent Connection). This option will test the connection between your system and IBM service. If the connection was successful, the system will issue the following message to your job.

CPIEF84 - Verify operation completed successfully

In addition to testing your connection with option 17, you can also verify that your connection is working correctly by running the following Send Service Request (SNDSRVRQS) command.

SNDSRVRQS ACTION(*TEST)

If successful, this command will establish a communications session with IBM service, similar to what occurred with the Verify Service Agent Connection menu option. If successful, SNDSRVRQS will return the following status message to your job.

CPZ8C02 - Test request complete

If your system isn’t able to connect to IBM service, order and install the proper PTF at your earliest convenience to restore connectivity.

If You Need PTFs

You should note that some of the IBM and business partner communications designate loading PTF SI34505 to fix the problem for V5R4Mx systems. While you can try to download SI34505, it has been superseded by SI37079 and SI37079, which will also fix the issue for V5R4Mx. So you can download either PTF (if available) for V5R4Mx systems. Both PTFs will work.

Only one PTF (SI34552) is currently designated to fix ECS/ESA connection problems on V6R1Mx systems.

The connection fixes are available for individual download from IBM; they are also available in cumulative PTF package C9111610 and above for i/OS V6R1Mx or cumulative PTF package C9104540 and above for i/OS V5R4Mx. If you’re applying the proper individual ECS/ESA PTF, be sure to check its cover letter and make sure that you also download and install all the prerequisite and co-requisite PTFs that go along with your PTF.

Also note that you’re out of luck if your system is running i/OS V5R3Mx or below. IBM is no longer supporting these versions, and Big Blue is NOT issuing PTFs to provide connectivity to the new Host Names and IP addresses for those operating systems. Pre-V5R4Mx systems will no longer be able to automatically call out to IBM service when there is a problem.

To verify whether you have the PTFs installed, run the following Display Program Temporary Fix (DSPPTF) command and look for the designated system PTF in the list that appears.

For i/OS V6R1MX systems, DSPPTF LICPGM(5761SS1)
For V5R4Mx systems, DSPPTF LICPGM(5722SS1)

After download, read and perform the installation instructions IBM provides in the cover letters for each PTF:

However, you’re not necessarily out of the woods after the PTF is installed. You may still have to adjust your firewall settings to allow traffic to and from the new IBM service destinations.

Firewall Considerations

After installing your system’s designated PTF, the following file will be present in this AS/400 IFS location.

/QIBM/UserData/OS400/UniversalConnection/
serviceProviderIBMLocationDefinition.txt

The location definition file contains all the IP addresses and TCP ports that the operating system uses to call IBM service. To open this file and view the IP addresses and ports that you may need to update in your firewall configuration, use the following Display File (DSPF) command on a 5250 green screen.

DSPF STMF('/qibm/userdata/os400/universalconnection/
serviceProviderIBMLocationDefinition.txt')

This file contains three different tables listing out IP addresses and TCP ports to add to your firewall to ensure that IBM service connections go through. The first table is a direct 1-to-1 mapping between the IBM service destinations and the IP addresses and TCP ports your applications will use to reach each destination. There may be duplicate addresses in this table. The second table contains all the unique IP addresses and ports that ECS/ESA use to reach IBM service destinations. These addresses and ports are the ones that you may need to add to your firewall to allow remote connectivity with IBM service. The third table only contains a few VPN addresses.

This location definition file is only available after your ECS/ESA connection change PTF is loaded. If you don’t see this file on your system, the correctional PTF may not be loaded.

For more information on firewall settings and ECS/ESA, see IBM’s Software Technical Document 419109186, Electronic Service Agent (ESA) and ECS VPN and HTTP Firewall Settings.

A Problem Detected and Averted

The information in this article should allow you to detect whether your partitions have lost IBM service connectivity and allow you to fix the problem, if necessary. The fix is relatively easy to perform and because the corrective PTFs can be applied immediately, you may not even have to IPL your system to get things back to normal.

RELATED RESOURCES

Cover Letter for PTF SI37079 for i/OS V5R4Mx

Cover Letter for PTF SI34552 for i/OS V6R1Mx

IBM Software Technical Document 419109186, Electronic Service Agent (ESA) and ECS VPN and HTTP Firewall Settings

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

Revolutionary Performance Management Software

At Greymine, we recognize there is a void in the IT world for a dedicated performance management company and also for a performance management tool that’s modern, easy to use, and doesn’t cost an arm and a leg. That’s why we created PERFSCAN.

PERFSCAN is designed to make your job easier. With revolutionary technology, an easy-to-read report and graphics engine, and real time monitoring, tasks that used to take days can now take minutes. This means you will know your system better and will be able to provide better service to your customers.

OUR FEATURES

PERFSCAN is full of robust features that don’t require you to take a three-day class in order to use the product effectively.

Customizable Performance Reporting

Whether you are troubleshooting a major system problem or simply creating a monthly report, PERFSCAN lets you select any combination of desired performance metrics (CPU, Disk, and Memory).

User Defined Performance Guidelines

No matter if you are a managed service provider managing complex systems in the cloud or a customer analyzing your on-premises solution, PERFSCAN gives you the flexibility to define all mission critical guidelines how they need to be.

Understanding The Impact Of Change

Tired of all the finger pointing when performance is suffering? PERFSCAN’s innovative What’s Changed and Period vs. Period analysis creates a culture of proof by correlating known environmental changes with system performance metrics.

Comprehensive Executive Summary

Creating performance graphs is easy. Understanding what they mean is another thing. With one mouse click, PERFSCAN includes an easy-to-understand executive summary for each core metric analyzed.

Combined Real-Time Monitor And Performance Analysis Tool

With PERFSCAN’s combined built in enterprise real-time monitor and historical performance analysis capability, you will always know how your mission-critical systems are performing.

Cloud Performance Reporting Is Easy

Managing performance for production systems in the cloud can be a black hole to many system administrators. The good news is PERFSCAN analyzes all core metrics regardless of the location. That’s why MSPs and customers love PERFSCAN.

Detailed Job Analysis

PERFSCAN shows detailed top job analysis for any desired period. All metrics are displayed in two ways: Traditional Report and Percentage Breakdown Pie Chart. This toggle capability instantly shows the jobs using the most system resources.

Save Report Capability

Your boss lost the report you gave to him on Friday. Now what do you do? With PERFSCAN’s save report capability, any report can be retrieved in a matter of seconds.

Professional PDF Reporting With Branding

Creating professional looking reports for your customers has never been easier with PERFSCAN. Branding for our partners and service provider customers is easy with PERFSCAN.

Check it out at perfscan.com

Dutch Consultant Taps Magic’s iBolt for JDE Integration Projects The Power7 Rollout Begins In The Middle

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search