This section describes system administration bugs in Solaris 10 OS.
When the system is configured for Solaris Trusted Extensions and you use the SMC to create roles, the role's home directory might have incorrect ownership. Various error messages are displayed.
Workaround: Log in as the root user. After you create a role, verify whether the new role's home directory has the correct owner and group.
# ls -ld /export/home/myrole drwxr-xr-x 15 myrole sysadmin 1024 Jul 26 15:29 /export/home/myrole
The group for all roles should be sysadmin(14). Otherwise, change the group to sysadmin(14) by using the following chown command:
# chown myrole:sysadmin /export/home/myrole
While using Storade rasagent running with Emulex HBA driver version 2.20K and above, the following error message is posted to the /var/adm/messages file:
NOTICE: fp_rnid_intr: FP_IS_PKT_ERROR failed
Workaround: These messages may be ignored. To stop the messages from being posted to the /var/adm/messages file, stop the Storade rasagent deamon.
Using the optional parameter --alias or -a with the iscsitadm create target command within the iSCSI process daemon might cause the daemon process to panic by creating a process code dump.
Because the iSCSI target daemon process is under the control of the Solaris SMF facility, the facility automatically restarts after a momentary pause while the process creates its core file.
Workaround: Do not specify the optional --alias or -a parameters with the iscsitadm create target CLI command. Use the optional parameters with the iscsitadm modify target CLI command.
When running the Java technology-based Interoperability Standards Test Suite (JIST), read, write, or compare load test with 10 threads as part of the entrance test for Amber Road, the iSCSI target generates a core dump. This core dump might cause the JIST test to fail with data compare errors. Sometimes the JIST might run successfully. However, a new core file is generated.
When you attach a zone, if the original host and the new host have packages at the same patch level but at different intermediate patch histories, the zone attach might fail. Various error messages are displayed. The error message depends on the patch histories of the two hosts.
Workaround: Ensure that the original host and the new host machines have had the same sequence of patch versions applied for each patch.
In systems which have an AHCI compliant SATA controller, the BIOS setup typically enables the controller to be set in either AHCI, legacy, or RAID modes. Solaris supports AHCI and legacy modes.
The SATA mode setting in BIOS must not be changed after an initial Solaris installation. The SATA mode setting must also not be changed before or after a Solaris upgrade. If the SATA mode BIOS setting is modified after installing Solaris, the system will reset and fail to boot without indicating what led to the failure.
Workaround: If boot failure is encountered as a result of changing the BIOS setting, revert back to the original setting in order to boot Solaris.
Starting with patch 119254-42 and 119255-42, the patch installation utilities, patchadd and patchrm, have been modified to change the way that certain patches delivering features are handled. This utilities modification affects the installation of these patches on any Solaris 10 release. These “deferred-activation” patches handle the large scope of change delivered in feature patches better.
These large kernel patches have always required a reboot, but now the required reboot activates the changes made by the loopback file system, lofs. lofs ensures the stability of the running system. The patch README provides instructions on which patches require a reboot.
Note - Sun strongly recommends that patch operations are carried out in a single-user mode, especially when this is recommended by the patch README.
If you are running non-global zones or have lofs disabled, consider the following points when installing or removing deferred-activation patches:
All non-global zones must be in a halted state for this patch operation. You must halt the non-global zone before applying the patch.
Deferred-activation patching requires the loopback file system, lofs in order to complete successfully. Systems running Sun Cluster 3.1 or Sun Cluster 3.2 are likely to have lofs turned off because of restrictions on HA-NFS functionality when lofs is enabled. Therefore, before a deferred-activation patch is installed, you must re-enable the loopback file system by performing the following steps.
Remove or comment out the following line in the /etc/system file:
Reboot your system.
Install the patch.
After you have completed the patch installation operation, restore or uncomment the same line from the /etc/system file.
Reboot the system to resume normal operations.
No error message is displayed.
Workaround: Sun recommends Solaris Live Upgrade to manage patching. Solaris Live Upgrade prevents the problems of patching a running system. Solaris Live Upgrade reduces the amount of downtime involved in patching and reduces risk by providing fallback capability if problems occur. For more information, see Solaris 10 8/07 Installation Guide: Solaris Live Upgrade and Upgrade Planning.
When run on large file systems, for example ZFS, applications using statvfs(2) or statfs(2) to get information about the state of the file system exhibit an error. The following error message is displayed:
Value too large for defined data type
Workaround: Applications should use statvfs64() instead.
Uninstallation of Solaris Trusted Extensions on x86 systems fails. On rebooting the system, the following error message is displayed:
NOTICE: template type for bge0 incorrectly configured Change to CIPSO type for 126.96.36.199 ifconfig: setifflags: SIOCSLIFFLAGS: bge0: Invalid argument NOTICE: bge0 failed: Cannot insert CIPSO template for local addr 188.8.131.52 ip_arp_done: init failed
The system then hangs.
Workaround: Perform the following steps:
Uninstall Solaris Trusted Extensions but do not reboot the system.
Run the following commands.
# touch /etc/system # bootadm update-archive
Reboot the system.
On systems running a Solaris release that is not zones aware, using patchadd -R, or any command that accepts the -R option to specify an alternate root path for a global zone that has non-global zones installed, will not work.
In contrast with the error message that is displayed by using the luupgrade [-t, -T, -p, -P] command, no error message regarding the use of appropriate command-level restrictions is displayed in this instance.
There is no indication that the -R option did not work. As a result of the failure of the command, Solaris 10 packages or patches are not installed on any of the installed non-global zones.
This problem occurs while installing and uninstalling packages or patches.
Note - The -R option works if the alternate boot environment has configured non-global zones, but no installed non-global zones. However, to avoid a potential problem, or if you are not sure whether there are any installed non-global zones used as the alternate root path, restrict the use of the -R option in all instances.
For more information, see the following man pages :
Workaround 1: Upgrade the OS to at least the Solaris 10 1/06 release.
If you are running the Solaris 10 3/05 release, install the following patches to enable the use of commands that accept the -R option to create an alternate root path:
Patch ID 119254-19 for SPARC based systems
Patch ID 119255-19 for x86 based systems
Workaround 2: Restrict the use of the patchadd -R command or any command that accepts the -R option to create an alternate root path.
Instead, boot the alternate root, for example, the Solaris 10 release, as the active OS. Then install and uninstall the Solaris 10 packages and patches without using the -R option.
A system that runs the Sun Patch Manager Tool 2.0 can manage remote systems that run Patch Manager Tool, including Sun Patch Manager Tool 1.0.
However, a system with an earlier version of Patch Manager Tool cannot manage remote systems that run Patch Manager Tool 2.0. Earlier versions include the following:
Sun Patch Manager Base Software 1.x
Sun Patch Manager Tool 1.0
Note - Common Information Model/Web Based Enterprise Management (CIM/WBEM) support for Patch Manager Tool does not exist in the Solaris 8 OS. Consequently, remote management with Patch Manager does not apply to Solaris 8 systems.
During dynamic reconfiguration (DR), error messages might be displayed. The messages are displayed if you perform DR while input and output operations are active on devices that are in the DR path. After the messages are displayed, the input and output operations are retried and eventually succeed. The following is a sample that is displayed:
Jul 28 12:23:19 qame10-a scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@19,700000/SUNW,qlc@2,1/fp@0,0/ssd@w2100000c5056fa13,0 (ssd6): Jul 28 12:23:19 qame10-a transport rejected fatal error Jul 28 12:22:08 qame10-a scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@19,700000/SUNW,qlc@2,1/fp@0,0/ssd@w2100000c5056f9a7,0 (ssd36): Jul 28 12:22:08 qame10-a SCSI transport failed: reason 'timeout': retrying command
Workaround: None. Ignore the error messages.
The patchadd and patchrm commands work improperly in non-global zones with inherited file systems. Consequently, in those zones, the pkgchk command might generate error messages about packages under the following circumstances:
In the global zone, you apply patches for the Solaris 10 zone system by using the patchadd command.
You use the patchrm command to remove patches that you just recently applied.
In a non-global zone with inherited file systems, you check with the pkgchk command for information about a package in any of the removed patches.
The following sample message is displayed when the pkgchk command is used on SUNWcsu under the circumstances previously listed.
# pkgchk SUNWcsu ERROR: /usr/lib/inet/certdb modtime <04/26/05 10:55:26 PM> expected <01/23/05 01:48:24 AM> actual file size <36012> expected <42152> actual file cksum <37098> expected <19747> actual ERROR: /usr/lib/inet/certlocal modtime <04/26/05 10:55:26 PM> expected <01/23/05 01:48:24 AM> actual file size <44348> expected <84636> actual
Workaround: None. The errors are harmless. Ignore the error messages.
Systems with the Solaris 10 8/07 release might cause problems with IPsec. This problem might occur on a freshly installed system or a system that imports a large number of new Service Management Facility (SMF) manifests during the boot. After these booting conditions, IPsec, which is part of svc:/network/initial:default, might be initialized prior to the encryption framework, which is part of svc:/system/cryptosvc:default. Because authentication or encryption algorithms are not available, creation of IPsec security associations might fail with an error message such as the following:
PF_KEY error: type=ADD, errno=22: Invalid argument, diagnostic code=40: Unsupported authentication algorithm
For example, this error might occur when using DR on a Sun Fire E25K system, which involves IPsec services.
Workaround: Before performing operations that use IPsec services, perform the following steps after a boot that imports a large number of new SMF manifests:
Issue this command after booting:
If /etc/inet/secret/ipseckeys exists on the system, also issue this command:
ipseckey -f /etc/inet/secret/ipseckeys
Now you can perform actions that create IPsec security associations, such as using DR on a Sun Fire E25K system.
This procedure needs to be repeated only when a large number of new SMF manifests are imported during the boot.
If you attempt to launch the Solaris Product Registry administration utility in a zone, the attempt fails. During the zone installation, productregistry, the Solaris Product Registry database, is not duplicated in the zone. Consequently, the utility cannot run in a zone.
Workaround: As superuser, copy the productregistry database to the zone.
# cp /var/sadm/install/productregistry zone_path/var/sadm/install/
In the previous command, zone_path is the path to the root directory of the zone that you created.
If you use the smdiskless command to delete a diskless client, the command fails. The diskless client is not removed from the system databases. The following error message is displayed:
Failing with error EXM_BMS.
Workaround: Unshare the /export partition before adding the client.
If you use the smosservice delete command to remove a diskless client service, the command does not successfully remove all the service directories.
Workaround: Follow these steps.
Make sure that no clients exist that use the service.
# unshare /export/exec/Solaris_10_sparc.all # rm -rf /export/exec/Solaris_10_sparc.all # rm -rf /export/exec/.copyofSolaris_10_sparc.all # rm -rf /export/.copyofSolaris_10 # rm -rf /export/Solaris_10 # rm -rf /export/share # rm -rf /export/root/templates/Solaris_10 # rm -rf /export/root/clone/Solaris_10 # rm -rf /tftpboot/inetboot.sun4u.Solaris_10
Remove the following entry from the /etc/bootparams file.
Note - Remove this entry only if this file server does not provide functions or resources for any other services.
Remove the following entry from the /etc/dfs/dfstab file.
share -F nfs -o ro /export/exec/Solaris_8_sparc.all/usr
Modify the /var/sadm/system/admin/services/Solaris_10 file.
If the file server is not Solaris_10, delete the file.
If the file server is Solaris_10, remove all entries after the first three lines. The deleted lines indicate the service USR_PATH and SPOOLED ROOT packages in /export/root/templates/Solaris_10 and the supported platforms.
If you attempt to stop the system by pressing keyboard sequences such as Stop-A or L1-A, the system might panic. An error message similar to the following example is displayed:
panic[cpu2]/thread=2a100337d40: pcisch2 (pci@9,700000): consistent dma sync timeout
Workaround: Do not use keyboard sequences to force the system to enter OpenBoot PROM.
After modifying the contents of snmpd.conf, you can issue the command kill -HUP snmp Process ID. This command stops the snmp process. The command then sends a signal to the System Management Agent's master agent (snmpd) to reread snmpd.conf and implement the modifications that you introduced. The command might not always cause the master agent to reread the configuration file. Consequently, using the command might not always activate modifications in the configuration file.
Instead of using kill -HUP, restart the System Management Agent after adding modifications to snmpd.conf. Perform the following steps:
Type the following command:
# /etc/init.d/init.sma restart
You are booting a Sun LX50 which has a Service partition and Solaris 10 OS on x86 is installed. Pressing the F4 function key to boot the Service partition, when given the option, causes the screen to go blank. The system then fails to boot the Service partition.
Workaround: Do not press the F4 key when the BIOS Bootup Screen is displayed. After a time-out period, the Current Disk Partition Information screen is displayed. Select the number in the Part# column that corresponds to type=DIAGNOSTIC. Press the Return key. The system boots the Service partition.
The Solaris WBEM Services 2.5 daemon cannot locate providers that are written to the com.sun.wbem.provider interface or to the com.sun.wbem.provider20 interface. Even if you create a Solaris_ProviderPath instance for a provider that is written to these interfaces, the Solaris WBEM Services 2.5 daemon does not locate the provider.
Workaround: To enable the daemon to locate such a provider, stop and restart the Solaris WBEM Services 2.5 daemon.
# /etc/init.d/init.wbem stop # /etc/init.d/init.wbem start
Note - If you use the javax API to develop your provider, you do not need to stop and restart the Solaris WBEM Services 2.5 daemon. The Solaris WBEM Services 2.5 daemon dynamically recognizes javax providers.
If you choose to use the com.sun application programming interface rather than the javax application programming interface to develop your WBEM software, only Common Information Model (CIM) remote method invocation (RMI) is fully supported. Other protocols, such as XML/HTTP, are not guaranteed to work completely with the com.sun application programming interface.
The following table lists examples of invocations that execute successfully under RMI but fail under XML/HTTP:
The Solaris Management Console Mounts and Shares tool cannot modify mount options on system-critical file systems such as root (/), /usr, and /var.
Workaround: Choose one of the following workarounds:
Use the remount option with the mount command.
# mount -F file-system-type -o remount, additional-mount-options \ device-to-mount mount-point
Note - Mount property modifications that are made by using the -remount option with the mount command are not persistent. In addition, all mount options that are not specified in the additional-mount-options portion of the previous command inherit the default values that are specified by the system. See the man page mount_ufs(1M) for more information.
Edit the appropriate entry in the /etc/vfstab file to modify the file-system mount properties, then reboot the system.