Chapter 2 Solaris Runtime Issues

This chapter describes runtime issues that are known to be problems. For late-breaking Solaris runtime issues that were not identified in time to be included in these release notes, refer to the Solaris 9 12/03 Release Notes at http://docs.sun.com/db/doc/817-2706.

The following runtime bug description has been added to this chapter since this document was published on the Solaris 9 12/03 Documentation CD and in the Installation Kiosk on the Solaris 9 12/03 Installation CD:

• xmlValidateDocument() Function Might Cause Stack Corruption (4856338)

• patchadd Command Installs Signed Patch if Two Identical Patches Exist in Same Location (4949580)

• Solaris 9 12/03 Documentation CD Uninstall Process Fails (4920548)

Smart Card Bugs

System Does Not Respond to Smart Card (4415094)

If ocfserv terminates and the display is locked, the system remains locked even when a smart card is inserted or removed.

Workaround: Perform the following steps to unlock your system:

1. Perform a remote login to the machine on which the ocfserv process was terminated.

2. Become superuser.

3. Kill the dtsession process by typing the following in a terminal window.

   # pkill dtsession

ocfserv restarts and smart card login and capability are restored.

Edit Config File Menu Item in Smartcards Management Console Does Not Work (4447632)

The Edit Config File menu item in the Smartcards Management Console does not edit smart card configuration files that are located in /etc/smartcard/opencard.properties. If the menu item is selected, a warning is displayed which indicates not to continue unless requested by technical support.

Workaround: Do not use the Edit Config File menu item in the Smartcards Management Console. For information on smart card configuration, see the Solaris Smartcard Administration Guide.

Common Desktop Environment (CDE) Bugs

xmlValidateDocument() Function Might Cause Stack Corruption (4856338)

Applications that use the /usr/lib/libxml2.so.2 library might fail intermittently with a core dump if the xmlValidateDocument() function is used. This problem is caused by a stack overrun in the library for documents that have been validated by using the xmlValidateDocument() function.

The problem is only encountered if the code is compiled against a libxml2 release that was introduced prior to the Solaris 9 4/03 release. Then, the code is executed on one of the following releases:

• Solaris 9 4/03

• Solaris 9 8/03

• Solaris 9 12/03

Workaround: Apply the following patches to all Solaris 9 releases:

• For SPARC systems, apply patch 114014-07.

• For x86 systems, apply patch 114015-07.

Applications that were compiled against libxml2.so on a system using the Solaris 9 4/03, Solaris 9 8/03, or Solaris 9 12/03 release need to be recompiled if libxml2.so feature test macros were used. This recompilation is required because the version of libxml2.so that shipped in the Solaris software has been reverted to 2.4.23, due to the binary incompatibility. This binary incompatibility was present in the 2.5.4 version of libxml2.

CDE Removable Media Auto Run Capability Removed (4634260)

The Removable Media auto run capability in the CDE desktop environment has been temporarily removed from the Solaris 9 12/03 software.

Workaround: To use the auto run function for a CD-ROM or another removable media volume, you must do one of the following:

• Run the volstart program from the top level of the removable media file system.

• Follow the instructions that are included with the CD for access from outside of CDE.

SPARC: dtmail Crashes When Launched From the Command Line if FontList Option Is Specified (4677329)

dtmail crashes after connecting with the IMAP server if the FontList option is specified when dtmail is launched from the command line. See the following example:

/usr/dt/bin/dtmail -xrm "Dtmail*FontList: -*-r-normal-*:"

The following error message is displayed:

Segmentation Fault

This problem occurs in both the C and ja locales.

Workaround: Do not specify the FontList option when you launch dtmail from the command line.

CDE Mailer Appears to Hang While Displaying Email With Long Lines (4418793)

If you try to read an email message with many long lines in any of the Solaris 9 12/03 Unicode or UTF-8 locales, CDE Mailer (dtmail) appears to hang. The message does not display immediately.

Workaround: Choose one of the following workarounds:

• Enlarge the dtmail Mailbox window to accommodate 132 columns.

• Disable the Complex Text Layout feature by following these steps:

  1. Become superuser.

  2. Change directories to your system's locale directory.

     # cd /usr/lib/locale/locale-name

     In the previous example, locale-name refers to the name of your system's Solaris 9 12/03 Unicode or UTF-8 locale.

  3. Rename the locale layout engine category.

     # mv LO_LTYPE LO_LTYPE-

     ---

     Note –

     Rename the category for the locale layout engine to the original name (LO_LTYPE) before you apply any patches to the locale layout engine.

     ---

Solaris PDASync Cannot Delete Last Entry From the Desktop (4260435)

After you delete the last item from the desktop, the item is restored from the handheld device to the desktop when you synchronize your handheld device. Examples of items that you might delete, and then have restored, are the last appointment in your Calendar or the last address in the Address Manager.

Workaround: Manually delete the last entry from the handheld device prior to synchronization.

Solaris PDASync Does Not Support Data Exchange With the Multibyte Internationalized PDA Device (4263814)

If you exchange multibyte data between a PDA device and Solaris CDE, the data might be corrupted in both environments.

Workaround: Back up your data on your personal computer with the PDA backup utility before you run the Solaris^TM PDASync application. If you accidentally exchange multibyte data and corrupt that data, restore your data from the backup.

GNOME 2.0 Issues and Bugs

GNOME 2.0 Documentation

For release notes and troubleshooting information for the GNOME 2.0 desktop, see the following documents at http://docs.sun.com:

• GNOME 2.0 Desktop for the Solaris Operating Environment Release Notes

• GNOME 2.0 Desktop for the Solaris Operating Environment Troubleshooting Guide

System Administration Bugs

patchadd Command Installs Signed Patch if Two Identical Patches Exist in Same Location (4949580)

If a signed patch's contents are extracted into the same directory as the signed patch, the extracted patch cannot be installed by using the /usr/sbin/patchadd command. Instead, the signed patch is installed when you execute /usr/sbin/patchadd ./patchid. The unsigned, extracted patch is ignored.

In some instances, the following error messages might be displayed:

Verifying signed patch patchid...
ERROR: Unable to open keystore /var/sadm/security/patchadd
/truststore for reading
ERROR: Unable to lock keystore /var/sadm/security
for exclusive access
Signature invalid on signed patch patchid.
Patchadd is terminating.

Workaround: Choose from the following workarounds:

• Extract the signed patch into a directory other than the directory where the signed patch exists. Use the path to the extracted patch when executing the /usr/sbin/patchadd command.

• After extracting the signed patch, but before running the /usr/sbin/patchadd command, delete the .jar file.

• Do not extract the signed patch. Instead, populate the package keystore and install the signed patch directly. Follow these steps:

  1. Become superuser.

  2. Execute the following commands:

     # /usr/bin/mkdir /var/sadm/security

     # /usr/bin/keytool -export -storepass changeit -alias \ gtecybertrustca -keystore usr/java/jre/lib/security/cacerts -file \ /tmp/gte.crt

     # /usr/bin/pkgadm addcert -t -f der /tmp/gte.crt

Change the default password changeit to the password that is used to protect the Java keystore.

lucreate Command Fails When Mounted Storage Device Name Is a Subset of Another Mounted Storage Device or a Storage Device Used for a New Boot Environment (4912890)

When using the lucreate command to create a new boot environment, the command fails in the following instances:

• The device path for any mounted storage device is a subset of the device path for another mounted storage device.

  For example, one file system is currently mounted on /dev/md/dsk/d1, and another file system is currently mounted on /dev/md/dsk/d10.

• The device path for any mounted storage device is a subset of the device path for a storage device used as an argument to the lucreate command.

  For example, if one file system is currently mounted on /dev/md/dsk/d10 and /dev/md/dsk/d100 is used as an option to lucreate, specifying a file system for the new boot environment.

The following misleading error messages are displayed:

The file system creation utility /usr/lib/fs/ufsufs/mkfs is not available.

Unable to create all required file systems for boot-environment.

Cannot make file systems for boot-environment

Workaround: Ensure that there are no file systems in use on storage devices that have device names which are subsets of other storage devices with file systems that are also in use.

If any name ambiguity exists among the mounted file systems, rename the existing Solaris Volume Management metadevices.

In the following workaround, d10 and d100 are used as an example only. Other examples of ambiguous device names are d20 and d200, or d377 and d37, where d20 matches d200 and d377 matches d37.

1. Become superuser.

2. Use the metarename command to rename one of the ambiguous metadevice names.

   # metarename d10 d300

   The metadevice d10 is renamed to d300.

The file system on d10 must be unmounted before using the metarename command.

While the file system in unmounted, edit the /etc/vfstab file. Also, edit any other appropriate configuration file that contains the name of the metadevice you are renaming. Change any references of the old metadevice name to the new metadevice name.

If a process is accessing data on the file system, take the system down to single-user mode to unmount the file system. Reboot the system after making the changes.

Existence of /etc/named.conf File Causes Solaris Management Console Operations on User and Group Accounts to Fail (4777931)

If you use Solaris Management Console to perform operations on a User or Group account on a system that serves as a Domain Name Service (DNS) server, errors occur. These errors occur if the /etc/named.conf file exists on that system.

The following errors occur when you perform these operations from the graphical user interface (GUI) or when you use smuser and smgroup, which are command-line interfaces for the console.

The console launches a new dialog box or the smuser command exits with the following error messages when operated on a User:

"The attempt to view Users or Roles has failed due to an unexpected
error.
        This was caused by the following error: CIM_ERR_FAILED."

The console launches a new dialog box or the smgroup command exits with the following error message when operated on a Group:

"Attempted Read of Group IDs failed with unexpected CIM error:
        CIM_ERR_FAILED."operations from the GUI or command-line interface.

Workaround: Choose from one of the following workarounds:

• To solve this problem by restarting the DNS server, follow these steps:

  1. Become superuser.

  2. Move the named.conf file to a different directory. For example:

     # mv /etc/named.conf /var/named/named.conf

  3. Restart the DNS server.

     # pkill -9 in.named

     # /usr/sbin/in.named /var/named/named.conf

• To solve this problem by restarting the WBEM server, follow these steps:

  1. Become superuser.

  2. Use a text editor to edit the /usr/sadm/lib/wbem/WbemUtilityServices.properties file.

     Replace the /etc/named.conf string with /tmp/new-filename.

     ---

     Note –

     Ensure that the file name that you choose does not already exist on the system.

     ---

  3. Stop WBEM server.

     # /etc/init.d/init.wbem stop

  4. Start the WBEM server

     # /etc/init.d/init.wbem start

For more information, see the smuser(1M) and the smgroup(1M) man pages.

x86: Pressing the F4 Key During BIOS Bootup Fails to Boot the Service Partition (4782757)

You are booting a Sun LX50 which has a Service partition and the Solaris 9 12/03 (x86 Platform Edition) software is installed. Pressing the F4 function key to boot the Service partition, when given the option, causes the screen to go blank. The system then fails to boot the Service partition.

Workaround: Do not press the F4 key when the BIOS Bootup Screen is displayed. After a time-out period, the Current Disk Partition Information screen is displayed. Select the number in the Part# column that corresponds to type=DIAGNOSTIC. Press the Return key. The system boots the Service partition.

UltraSPARC II CP Event Message Not Always Produced (4732403)

In the Solaris 9 12/03 release, on UltraSPARC II based systems, the CP Event message that accompanies some Uncorrectable Memory Error messages is not always produced. The following systems are included:

• Sun Enterprise^TM 10000 system

• Sun Enterprise 6500 system

• Sun Enterprise 6000 system

• Sun Enterprise 5500 system

• Sun Enterprise 5000 system

• Sun Enterprise 4500 system

• Sun Enterprise 4000 system

• Sun Enterprise 3500 system

• Sun Enterprise 3000 system

The result is that some information needed to identify a failing CPU might not always be present.

Workaround: For the latest information, check the SunSolve^SM Web site at http://sunsolve.sun.com.

Solaris WBEM Services 2.5 Daemon Cannot Locate com.sun Application Programming Interface Providers (4619576)

The Solaris WBEM Services 2.5 daemon cannot locate providers that are written to the com.sun.wbem.provider interface or to the com.sun.wbem.provider20 interface. Even if you create a Solaris_ProviderPath instance for a provider that is written to these interfaces, the Solaris WBEM Services 2.5 daemon does not locate the provider.

Workaround: To enable the daemon to locate such a provider, stop and restart the Solaris WBEM Services 2.5 daemon.

# /etc/init.d/init.wbem stop

# /etc/init.d/init.wbem start

If you use the javax API to develop your provider, you do not need to stop and restart the Solaris WBEM Services 2.5 daemon. The Solaris WBEM Services 2.5 daemon dynamically recognizes javax providers.

Some com.sun Application Programming Interface Method Invocations Fail Under XML/HTTP Transport Protocol (4497393, 4497399, 4497406, 4497411)

If you choose to use the com.sun application programming interface rather than the javax application programming interface to develop your WBEM software, only Common Information Model (CIM) remote method invocation (RMI) is fully supported. Other protocols, such as XML/HTTP, are not guaranteed to work completely with the com.sun application programming interface.

The following table lists examples of invocations that execute successfully under RMI but fail under XML/HTTP:

Cannot Modify File-System Mount Properties With Solaris Management Console Mounts and Shares Tool (4466829)

The Solaris Management Console Mounts and Shares tool cannot modify mount options on system-critical file systems such as root (/), /usr, and /var.

Workaround: Choose one of the following workarounds:

• Use the remount option with the mount command.

  # mount -F file-system-type -o remount,additional-mount-options \ device-to-mount mount-point

  ---

  Note –

  Mount property modifications that are made by using the -remount option with the mount command are not persistent. In addition, all mount options that are not specified in the additional-mount-options portion of the previous command inherit the default values that are specified by the system. See the man page mount_ufs(1M) for more information.

  ---

• Edit the appropriate entry in the /etc/vfstab file to modify the file-system mount properties, then reboot the system.

CIM_ERR_LOW_ON_MEMORY Error Occurs When Trying to Add Data With WBEM (4312409)

The following error message is displayed when memory is low:

CIM_ERR_LOW_ON_MEMORY

You cannot add more entries when the CIM Object Manager is low on memory. You must reset the CIM Object Manager Repository.

Workaround: To reset the CIM Object Manager Repository, follow these steps:

1. Become superuser.

2. Stop the CIM Object Manager.

   # /etc/init.d/init.wbem stop

3. Remove the JavaSpaces^TM log directory.

   # /bin/rm -rf /var/sadm/wbem/log

4. Restart the CIM Object Manager.

   # /etc/init.d/init.wbem start

   ---

   Note –

   When you reset the CIM Object Manager Repository, you lose any proprietary definitions in your data store. You must recompile the MOF files that contain those definitions by using the mofcomp command. See the following example:

   # /usr/sadm/bin/mofcomp -u root -p root-password your-mof-file

   ---

Solaris Volume Manager Issue

Solaris Volume Manager metattach Command Might Fail

If you have a Solaris Volume Manager mirrored root (/) file system in which the file system does not start on cylinder 0, all submirrors you attach must also not start on cylinder 0.

If you attempt to attach a submirror starting on cylinder 0 to a mirror in which the original submirror does not start on cylinder 0, the following error message is displayed:

can't attach labeled submirror to an unlabeled mirror

Workaround: Choose one of the following workarounds:

• Ensure that both the root file system and the volume for the other submirror start on cylinder 0.

• Ensure that both the root file system and the volume for the other submirror do not start on cylinder 0.

By default, the JumpStart installation process starts swap at cylinder 0 and the root (/) file system somewhere else on the disk. Common system administration practice is to start slice 0 at cylinder 0. Mirroring a default JumpStart installation with root on slice 0, but not cylinder 0, to a typical secondary disk with slice 0 that starts at cylinder 0, can cause problems. This mirroring results in an error message when you attempt to attach the second submirror. For more information about the default behavior of Solaris installation programs, see the Solaris 9 12/03 Installation Guide.

Solaris Volume Manager Bugs

Solaris Volume Manager metahs -e Command Fails on Copper Cable Storage Boxes When Failed Hot Spare Disk Has Been Swapped Out (4644106)

The metahs -e command might fail if you encounter the following circumstances:

1. A hot-spare device encounters a problem, such as an induced error, when using the metaverify test utility.

2. Solaris Volume Manager software attempts to activate the hot spare when an error occurs on a metadevice. The hot spare is marked broken.

3. The system is brought down. The failed disk that contains the hot spare is replaced with a new disk at the same location.

4. When the system is booted, Solaris Volume Manager software does not recognize the new hot spare.

5. The metahs -e command is used to enable the hot spare on the new disk.

The following message is displayed:

WARNING: md: d0: open error of hotspare (Unavailable)

The failure occurs because the Solaris Volume Manager software does not internally recognize the new hot-spare disk that was swapped into the same physical location. The Solaris Volume Manager software continues to display the device ID of the disk that is no longer in the system.

This failure is not known to occur on a Photon or storage enclosures where the device number changes when a disk is replaced.

Workaround: Choose one of the following workarounds:

• Follow these steps to update the device ID for the hot-spare disk in the Solaris Volume Manager state database:

  1. Become superuser.

  2. Type the following command to update the device ID for the hot-spare:

     # metadevadm -u logical-device-name

  3. Type the following command to make the new hot-spare disk available:

     # metareplace -e logical-device-name

• Follow these steps to manage hot spares and hot-spare pools on the system:

  1. Become superuser.

  2. Type the following command to delete the entry for the hot-spare slice:

     # metahs -d hsphot-spare-pool-number logical-device-name

  3. Type the following command to create a new entry for the hot-spare slice at the same location with the correct device ID:

     # metahs -a hsphot-spare-pool-number logical-device-name

Solaris Volume Manager metadevadm Command Fails if Logical Device Name No Longer Exists (4645721)

You cannot replace a failed drive with a drive that has been configured with the Solaris Volume Manager software. The replacement drive must be new to Solaris Volume Manager software. If you physically move a disk from one slot to another slot on a Photon, the metadevadm command fails. This failure occurs when the logical device name for the slice no longer exists. However, the device ID for the disk remains present in the metadevice replica. The following message is displayed:

Unnamed device detected. Please run 'devfsadm && metadevadm -r to resolve.

You can access the disk at the new location during this time. However, you might need to use the old logical device name to access the slice.

Workaround: Physically move the drive back to its original slot.

Solaris Volume Manager metarecover Command Fails to Update metadb Namespace (4645776)

If you remove and replace a physical disk from the system, and then use the metarecover -p -d command to write the appropriate soft partition specific information to the disk, an open failure results. The command does not update the metadevice database namespace to reflect the change in disk device identification. The condition causes an open failure for each such soft partition that is built on top of the disk. The following message is displayed:

Open Error

Workaround: Create a soft partition on the new disk instead of using the metarecover command to recover the soft partition.

If the soft partition is part of a mirror or RAID 5, use the metareplace command without the -e option to replace the old soft partition with the new soft partition.

# metareplace dx mirror or RAID 5 old_soft_partition new_soft_partition

Networking Bug

Configuring Multiple Tunnels Between Two IP Nodes With Filtering Enabled Might Result in Packet Loss (4152864)

If you configure multiple IP tunnels between two IP nodes, and enable ip_strict_dst_multihoming or other IP filters, packet loss might result.

Workaround: Choose one of the following:

• First, configure a single tunnel between the two IP nodes. Add addresses to the tunnel by using the ifconfig command with the addif option.

• Do not enable ip_strict_dst_multihoming on tunnels between two IP nodes.

Security Bugs

Unlocking CDE Screenlock Removes Kerberos Version 5 Credentials (4674474)

If you unlock a locked CDE session, all your cached Kerberos version 5 (krb5) credentials might be removed. The result is you might not be able to access various system utilities. This problem occurs under the following conditions:

• In the /etc/pam.conf file, the dtsession services for your system are configured to use the krb5 module by default.

• You lock your CDE session, and then try to unlock the session.

If this problem occurs, the following error message is displayed:

lock screen: PAM-KRB5 (auth): Error verifying TGT with host/host-name:
Permission denied in replay cache code

Workaround: Add the following non-pam_krb5 dtsession entries to the /etc/pam.conf file:

dtsession auth requisite pam_authtok_get.so.1
dtsession auth required  pam_unix_auth.so.1

With these entries in the /etc/pam.conf file, the pam_krb5 module does not run by default.

cron, at, and batch Cannot Schedule Jobs for Locked Accounts (4622431)

In the Solaris 9 12/03 release, locked accounts are treated in the same way as expired or nonexistent accounts. As a result, the cron, at, and batch utilities cannot schedule jobs on locked accounts.

Workaround: To enable locked accounts to accept cron, at, or batch jobs, replace the password field of a locked account (*LK*) with the string NP, for no password.

Additional Software Bug

SPARC: Veritas Volume Manager Might Fail on Systems Running Solaris 9 12/03 Software (4642114)

If you try to perform various tasks with Veritas Volume Manager on a system that is running the Solaris 9 12/03 software, the following utilities might produce a core dump:

• vxddladm addjob

• vxddladm addsupport

Workaround: Follow these steps:

1. Become superuser.

2. Verify that the /var/ld/ld.config file and /usr/bin/crle utility exist on the system.

3. Type the following commands in a terminal window:

   # /usr/bin/cp /var/ld/ld.config /var/ld/ld.config.save # /usr/bin/crle -E LD_LIBRARY_PATH=/usr/lib # appropriate-vxddladm-command # /usr/bin/mv /var/ld/ld.config.save /var/ld/ld.config

Documentation CD Issues

iPlanet Directory Server 5.1 Documentation Links Do Not Work Properly

In the iPlanet^TM Directory Server 5.1 Collection (Solaris Edition), links titled DocHome do not work. In addition, links between separate books do not work. If you select these links, your browser displays a Not Found error.

Workaround: To navigate between iPlanet Directory Server 5.1 documents on your system, go to the iPlanet Directory Server 5.1 Collection (Solaris Edition) page at http://docs.sun.com. Click the link to the document you want to view.

SUNWsdocs Package Necessary to Remove Other Documentation Packages

If you remove the SUNWsdocs package, then try to remove other documentation packages, the removal fails. This problem occurs because the SUNWsdocs package is installed with any collection and provides the browser entry point.

Workaround: If you removed the SUNWsdocs package, reinstall the SUNWsdocs package from the documentation media and then remove the other documentation packages.

Documentation CD Bugs

Solaris 9 12/03 Documentation CD Uninstall Process Fails (4920548)

If you install on your system any two, or all three of the following documentation media, and then attempt to uninstall any one of these CDs, the uninstaller summary panel reports a Failed status:

• Solaris 9 12/03 Documentation 1 of 2 CD

• Solaris 9 12/03 Documentation 2 of 2 CD

• Solaris 9 on Sun Hardware documentation set on the Solaris 9 12/03 Software Supplement CD

This problem occurs because all three CDs contain packages that are dependent on the SUNWsdocs package.

The CD that you attempt to uninstall will remain registered. However, a Damaged status is displayed in the product registry. The uninstaller will interpret this status as a failure.

The documentation set is then skipped during the uninstall process, even though the associated packages have been removed from the system.

Workaround: Follow these steps to correct the problem:

1. Uninstall the remaining Solaris 9 12/03 documentation CDs.

2. Unregister the Solaris 9 12/03 documentation CD that was not uninstalled properly.

3. Reinstall the Solaris 9 12/03 documentation media, if necessary.

European Locale PDF Documents Available Only Through C Locale (4674475)

In the Solaris 9 12/03 software and other systems based on UNIX, PDF documents on the Solaris 9 12/03 Documentation 1 of 2 CD are not accessible in the following European locales:

• de (German)

• es (Spanish)

• fr (French)

• it (Italian)

• sv (Swedish)

This problem occurs because of a limitation with Adobe Acrobat Reader. For more information on this problem, see the Adobe Technote site at http://www.adobe.com:80/support/techdocs/294de.htm.

Workaround: Choose one of the following workarounds.

• In the Solaris 9 12/03 software and other systems based on UNIX, set the environment variable LC_ALL to C acroread. For example, in the C shell, type the following command in a terminal window:

  % env LC_ALL=C acroread

• For systems that are not based on UNIX, upgrade to Adobe Acrobat Reader 5.0 or a later version.

Removing Solaris 9 12/03 Documentation Packages Might Unexpectedly Uninstall Some Solaris 9 12/03 Documentation Collections (4641961)

Some Solaris 9 12/03 documentation collections might be unexpectedly removed from your system under the following circumstances:

1. You install both the Solaris 9 12/03 Documentation 1 of 2 and 2 of 2 CDs on your system.

2. You then use the prodreg utility or the Solaris 9 12/03 Documentation CD installer program to remove certain documentation packages.

The Solaris 9 12/03 Documentation CD 1 of 2 and 2 of 2 have three collections in common. If you remove the packages that contain these collections from either of the Solaris 9 12/03 Documentation 1 of 2 or 2 of 2 CD installations, the package is removed for both installations.

The following table lists the packages that might be removed unexpectedly:

Workaround: Choose one of the following workarounds:

• If the uninstall process unexpectedly removed these documentation packages, and you want these packages on your system, reinstall the packages from the Solaris 9 12/03 Documentation 1 of 2 or 2 of 2 CDs.

• To avoid this problem, use the pkgrm utility to remove the packages that you want to eliminate from your system.

Localization Issue

Hardware for Estonian Keyboard Type 6, French Canadian Keyboard Type 6, and Polish Programmers Keyboard Type 5 Not Available in the Solaris 9 12/03 Release

Software support for three additional keyboard layouts has been added to the Solaris 9 software for this release: Estonian keyboard Type 6, French Canadian keyboard Type 6, and Polish programmers keyboard Type 5.

This software gives users in Estonia, Canada, and Poland greater flexibility for keyboard input by modifying standard U.S. keyboard layouts to their own language needs.

Currently, no hardware is available for the three additional keyboard layout types.

Workaround: To take advantage of this new keyboard software, modify the /usr/openwin/share/etc/keytables/keytable.map file in one of the following ways:

• For the Estonian Type 6 keyboard, make the following changes:

  1. Change the US6.kt entry to Estonia6.kt in the /usr/openwin/share/etc/keytables/keytable.map file. The modified entry should read as follows:

     6 0 Estonia6.kt

  2. Add the following entries to the /usr/openwin/lib/locale/iso8859-15/Compose file:

     <scaron>	: "/xa8"	scaron
     <scaron>	: "/xa6"	scaron
     <scaron>	: "/270"	scaron
     <scaron>	: "/264"	scaron

  3. Reboot the system for the changes to take effect.

• For the French Canadian Type 6 keyboard, make the following changes:

  1. Change the US6.kt entry to Canada6.kt in the /usr/openwin/share/etc/keytables/keytable.map file. The modified entry should read as follows:

     6 0 Canada6.kt

  2. Reboot the system for the changes to take effect.

• If you are using the existing Polish Type 5 keyboard layout, make the following changes:

  1. Change the Poland5.kt entry to Poland5_pr.kt in the /usr/openwin/ share/etc/keytables/keytable.map file. The modified entry should read as follows:

     4 52 Poland5_pr.kt

     ---

     Note –

     If you are using a keyboard with dip-switches, make sure the switches are set to the correct binary value for the Polish keytable entry (binary 52) before rebooting the system.

     ---

  2. If you are using a standard U.S. Type 5 keyboard, change the US5.kt entry to Poland5_pr.kt in the /usr/openwin/share/etc/keytables/keytable.map file. The modified entry should read as follows:

     4 33 Poland5_pr.kt

  3. Reboot the system for the changes to take effect.

Localization Bugs

SPARC: Shift-U Does Not Work as Expected in Arabic Locales (4303879)

To generate the diacritic character in Arabic locales, type the Arabic character, then Shift-U.

Sort Capability in the European UTF-8 Locales Does Not Function Correctly (4307314)

The sort capability in the European UTF-8 locales does not work properly.

Workaround: Before you attempt to sort in a FIGGS UTF-8 locale, set the LC_COLLATE variable to the ISO–1 equivalent.

# echo $LC_COLLATE
>  es_ES.UTF-8
# LC_COLLATE=es_ES.IS08859-1
# export LC_COLLATE

Then start sorting.

Sun ONE Application Server Bugs

Default Browser Is Incompatible With Sun ONE Application Server 7 (4741123)

When you attempt to use the Sun ONE Application Server Administrative UI with the Solaris 9 12/03 software default browser, the following error message is displayed:

Unsupported Browser: Netscape 4.78

It is recommended that you upgrade your browser to Netscape 4.79 or 
Netscape 6.2 (or later) to run the Sun One Application Server 
Administrative UI. Those who choose to continue and not upgrade may
notice degraded performance or unexpected behavior.

If you are running the version of Sun ONE Application Server Administrative UI that is included in the Solaris 9 12/03 release, use Netscape 4.79 or Netscape 7.0 software.

Workaround: Use /usr/dt/appconfig/SUNWns/netscape instead of /usr/dt/bin/netscape.

Access Control List Editing Not Supported on Some Versions of Netscape Navigator Software (4750616)

Sun ONE Application Server Access Control List (ACL) editing is not supported on some versions of Netscape Navigator^TM software. If you attempt to edit ACL entries while using either Netscape Navigator version 6.x or Netscape Navigator version 7.x software, you might encounter intermittent problems.

The following are the types of problems that might occur:

• The browser window disappears.

• The ACL edit screen does not display when launched.

Workaround: Choose one of the following workarounds:

• Use the supported 4.79 version of Netscape Navigator software or Microsoft Internet Explorer, version 6.0.

• Edit the ACL file manually. For details on ACL file formatting, see the Sun ONE Application Server 7 Administrator's Guide.

Accessing an Oracle 9.1 Database With an Oracle 9.2 Client Might Cause Data Corruption (4707531)

If you use an Oracle® 9.2 client to access an Oracle 9.1 database, data corruption might occur when a number column follows a timestamp column.

The problem might be caused by using the ojdbc14.jar file with an Oracle 9.1 database. Application of the patch might assist in addressing the situation on Solaris 32-bit machines that run an Oracle 9.1 database. This JDBC^TM driver is for Oracle working with JDK^TM 1.4.

Workaround: Obtain the patch that Oracle might make available from the Oracle Web site for Bug 2199718. Apply the patch to your server.

Administration Interface Reports Verifier Error When Viewing Persistence Manager Factory Resource Created From the Command Line (4733109)

A verifier error is reported for a Persistence Manager Factory resource that was created using the command-line interface. The following error is displayed when the resource is viewed in the Sun ONE Application Server Administration interface:

ArgChecker Failure: Validation failed for jndiName: object must be non-null

Workaround: Perform the following steps to create a new Persistence Management Factory resource:

1. Create a jdbc-connection pool with data source information to connect to a database.

2. Create a jdbc-resource to make the connection pool available through a Java Naming and Directory Interface^TM (J.N.D.I.) lookup.

3. Create a persistence-management resource with the jdbc-resource that was created in Step 2.

any Value in Address Attribute of iiop-listener Element in server.xml File Is Not Supported (4743366)

The any value in the address attribute of the iiop-listener element in the server.xml file allows for listening on all interfaces that are available on a system. This support includes both IPv4 and IPv6 interfaces. However, the Sun ONE Application Server default configuration uses an address value of 0.0.0.0 in the iiop-listener element. This default configuration does not listen on IPv6 interfaces. The configuration only listens on all IPv4 interfaces on a system.

Workaround: Use the :: value in the address attribute of the iiop-listener element in the server.xml file to listen on all IPv4 and IPv6 interfaces on a system.

Application Server Fails to Restart When Converting to an SSL-Enabled Environment (4723776)

If you attempt to restart the Sun ONE Application Server after installing a certificate, then enabling security, the restart fails. A message indicates that the server failed to receive a password.

When the Secure Socket Layer (SSL) is not enabled, passwords are not cached, which results in the failure of restart. The restart command does not support the transition from non-SSL to SSL enabled mode.

This problem only occurs the first time the server is restarted. Subsequent restarts work fine.

Workaround: Choose one of the following workarounds:

• If you have encountered this problem. Click the Start button.

• To avoid this problem, perform the following steps instead of clicking the Restart button:

  1. Click the Stop button.

  2. Click the Start button.

Application Server Might Crash During Dynamic Reloading (4750461)

If an application has many Enterprise JavaBeans^TM components, the server might crash during dynamic reloading of the application. The dynamic reloading feature is used in the development environment to quickly test minor changes to an application. The crash is caused by attempting to use more file descriptors than are available.

Workaround: Follow these steps:

1. Increase the file descriptors limit by adding lines, in this format, to the /etc/system file.

   • set rlim_fd_max=8192

   • set rlim_fd_cur=2048

   The values can be set higher or lower, depending upon the size of the application.

2. Reboot the system.

External Certificate Nickname Does Not Display in Administration Interface Nickname List (4725473)

If you install an external certificate through the Sun ONE Application Administration interface, a problem is encountered. This problem is encountered when you attempt to enable SSL for the http-listener by using the certificate that is installed on the external cryptographic module. Although the installation of the certificate is successful, the certificate nickname does not display in the Administration interface.

Workaround: Complete the following steps:

1. Log in to the system where the Sun ONE Application Server software is installed as an Administrative User.

2. Link the http-listener to the certificate that is installed on the external cryptographic module by using the asadmin command. For more information on the asadmin command, see the asadmin(1AS) man page.

   # asadmin create-ssl --user admin user--password password --host host name \ --port port --type http-listener --certname nobody@apprealm:Server-Cert \ --instance instance --ssl3enabled=true \ --ssl3tlsciphers +rsa_rc4_128_md5 http-listener-1

   The previous command establishes the link between the certificate and the server instance. The command does not install the certificate. The certificate was installed through the Administration interface.

   ---

   Note –

   Although the certificate is linked with http-listener, the http-listener listens in non SSL mode.

   ---

3. Enable the http-listener to listen in SSL mode. Use the following command:

   # asadmin set --user admin user --password password --host host name \ --port port server1.http-listener.http-listener-1.securityEnabled=true

   The previous command switches the server instance listening state from non-SSL to SSL. After you complete the previous steps, the certificate is displayed in the Administration interface.

You can now use the Administration interface to edit the http-listener as needed.

flexanlg Command Might Cause Open Failure Error (4742993)

If you are running the Sun ONE Application Server software in the Solaris 9 12/03 release, an open failure error might be displayed. The following error is displayed if you use the flexanlg command from /usr/appserver/bin:

ld.so.1: /usr/appserver/bin/flexanlg: fatal: libplc4.so:open failed:
No such file or directory
killed

Workaround: Complete these steps.

1. Add the following entry to the LD_LIBRARY_PATH file:

   /usr/lib/mps

2. Run the flexanlg command.

   % /usr/appserver/bin/flexanlg

IPv6-only Clients Cannot Connect to the Application Server (4742559)

If IPv6 is not used in your network, this problem does not apply to you.

By default, the Sun ONE Application Server 7 instances and Admin Server instances use IPv4. IPv4 is supported by all system software on which the Sun ONE Application Server is available. The Sun ONE Application Server configuration changes are required for conformance on those platforms where IPv6 is supported.

If these configuration changes are to be made, you must be absolutely sure of IPv6 support. If the IPv6 related configuration is applied to a system that has only IPv4 support, Application Server instances might not start.

Workaround: Perform the following configuration changes:

1. Start the Admin Server.

2. Start the Admin Console by connecting to the Admin Server HTTP host or port in a browser.

3. Select the server instance to configure for IPv6, for example, server1.

4. Expand the HTTP Listeners node in the tree view.

5. Select the HTTP Listener to configure for IPv6, for example, http-listener1.

6. Change the value of the IP Address field to ANY in the General section.

7. In the Advanced section, change the value of the Family field to INET6.

   If you set the Family field to INET6 IPv4, functionality is not disabled unless an IPv6 address is selected for IP address. Selection of an IP address of ANY matches any IPv4 or IPv6 address.

8. Click Save.

9. Select your server instance from the left pane.

10. Click Apply Changes.

11. Click Stop.

12. Click Start.

    The server restarts and implements your changes.

Modified Samples Are Not Updated Until Redeployed (4726161)

If users attempt to deploy a sample more than once after making small changes and repackaging the application, the following error message is displayed:

Already Deployed

This issue affects most of the samples because the samples use the Ant utility and the common.xml file, which have the deploy target. The combined use mixes deployment of applications with registration of resources.

Workaround: Choose one of the following workarounds:

• For the majority of the sample applications that use the Ant utility build.xml files, which include the common.xml file, type the following command:

  % asant deploy_common

• For all other sample applications, type the following commands:

  % asant undeploy % asant deploy

Nonzero Transaction Setting Causes Slow Local Transactions (4700241)

The Local Transaction Manager does not support transactions with definite timeouts. If you set the timeout-in-seconds attribute in the transaction-service element to a value that is greater than 0, all local transactions are processed as global transactions. A timeout value of 0 means that the transaction manager waits indefinitely if there is no response from a participating data source.

If the Data source driver does not support global transactions, a local transaction might fail.

Workaround: Reset the timeout-in-seconds value to the default of 0.

Oracle JDBC Driver Optimizations Not Being Initiated (4732684)

To utilize Oracle JDBC optimizations with Container-Managed Persistence (CMP) beans, the classes12.zip must be specified in the classpath-suffix attribute of the server.xml file. Do not place the classes12.zip file in the instance/lib/ directory, the default for third-party libraries.

Workaround: Add the classes12.zip file to the classpath-suffix attribute of the server.xml file.

RMI-IIOP Clients Do Not Work for IPv6 Addresses Where DNS Address Lookups Fail for the IPv6 Address (4743419)

If a DNS lookup for an IPv6 address fails, clients of Remote Method Invocation-Internet Inter-ORB Protocol (RMI-IIOP) do not work for IPv6 addresses.

Workaround: DNS should be set up at the deployment site, in order to look up an IPv6 address.

Sun ONE Application Server Security Bug

The Application Server Starts All Instances as Root Allowing Nonroot Users Root Access (4780076)

Several issues are associated with Application Server startup when the Sun ONE Application Server is installed as part of a Solaris installation:

• All application server and administrative server instances are started automatically during Solaris system startup. In many environments, not all the instances are expected to be started automatically during Solaris system startup. Starting every defined instance can adversely impact the memory that is available on a system.

• When application server instances and administrative server instances are started automatically, the startup script for each instance is executed as root. Execution of nonroot-owned instance startup scripts can give nonroot user's access to the root user through modification of the instance-level startup scripts.

During the installation of the Sun ONE Application Server, the /etc/init.d/appserv script and symbolic links to the S84appserv and K05appserv scripts in the /etc/rc*.d/ directories are installed. These scripts cause all application server instances and administrative server instances, defined as part of the application server installation, to be started and stopped automatically during Solaris system startup and shutdown.

The /etc/init.d/appserv script contains the following section of code:

case "$1" in
'start')
    /usr/sbin/asadmin start-appserv
    ;;
'stop')
    /usr/sbin/asadmin stop-appserv
    ;;

Execution of the asadmin start-appserv command causes the administration server instance and all application server instances, defined in all administrative domains, to be started during Solaris system startup. Because the system startup and shutdown scripts are executed as root, the startup script for each application server and administrative server instance is also executed as root. The instance-level startup script is named startserv and is located at instance-dir/bin/startserv. Because instances can be owned by users other than root, the startserv scripts could be modified by the nonroot user to execute commands as the root user.

If an instance is using a privileged network port, the instance's startserv script must be executed as root. However, run as user is typically set in the instance's configuration. The purpose is to force the instance to run as the specified user after the instance has been initially started by the root user.

Workaround: Perform one of the following workarounds, depending on your environment:

• If your environment does not require all application server and administrative server instances to be started as root, then comment out execution of the asadmin start-appserv and asadmin stop-appserv commands in the /etc/init.d/appserv script.

• If your environment requires starting either specific administrative domains or specific instances within one or more administrative domains, you can modify or create a script to automate that process. Note that specific administrative domains include the administrative server instance and all application server instances of each domain.

  Perform one of the following steps:

  • Modify the /etc/init.d/appserv script to start the domains or instances of interest.

  • Define new /etc/rc*.d/ scripts that conform to the needs of your environment.

Startup Considerations: When modifying the Solaris software startup scripts to automatically start either specific application server administrative domains or specific application server instances, consider the following:

• Starting a specific domain – If you want to start the administrative server instance and all application server instances of a specific administrative domain as the root user, modify the /etc/rc*.d/ scripts as follows:

  case "$1" in
  'start')
     /usr/sbin/asadmin start-domain --domain production-domain
     ;;
  'stop')
     /usr/sbin/asadmin stop-domain --domain production-domain
     ;;

• Starting a specific application server instance as a nonroot user – Modify the /etc/rc*.d/ scripts to use the su command with the -c option.

  case "$1" in
  'start')
     su - usera -c "/usr/sbin/asadmin start-instance --domain test-domain 
  instance-a"
     su - userb -c "/usr/sbin/asadmin start-instance --domain test-domain 
  instance-b"
     ;;
  'stop')
     su - usera -c "/usr/sbin/asadmin stop-instance --domain test-domain 
  instance-a"
     su - userb -c "/usr/sbin/asadmin stop-instance --domain test-domain 
  instance-b"
     ;;

See the Sun ONE Application Server 7 Administrator's Guide for more information on the startup and shutdown commands that are available through the asadmin command-line interface.

Sun ONE Directory Server (Formerly iPlanet Directory Server) Issues

Setup Issue

When typing a Distinguished Name (DN) during installation, use the UTF-8 character set encoding. Other encodings are not supported. Installation operations do not convert data from local character set encoding to UTF-8 character set encoding. Lightweight Directory Interchange Format (LDIF) files that are used to import data must also use UTF-8 character set encoding. Import operations do not convert data from local character set encoding to UTF-8 character set encoding.

Schema Issues

The schema provided with the Sun Open Net Environment (Sun ONE) Directory Server (formerly iPlanet Directory Server) 5.1 differs from the schema that is specified in RFC 2256 for the groupOfNames and groupOfUniquenames object classes. In the schema provided, the member and uniquemember attribute types are optional. RFC 2256 specifies at least one value for these types must be present in the respective object class.

The aci attribute is an operational attribute that is not returned in a search, unless you explicitly request the attribute.

Replication Issue

Multimaster replication over a wide area network (WAN) is currently not supported.

Server Plug-In Issues

Sun ONE Directory Server 5.1 provides the user identification number (UID) Uniqueness plug-in. By default, the plug-in is not activated. To ensure attribute uniqueness for specific attributes, create a new instance of the Attribute Uniqueness plug-in for each attribute. For more information on the Attribute Uniqueness plug-in, refer to the iPlanet Directory Server 5.1 Administrator's Guide at http://docs.sun.com.

The Referential Integrity plug-in is now off by default. To avoid conflict resolution loops, the Referential Integrity plug-in should only be enabled on one master replica in a multimaster replication environment. Before enabling the Referential Integrity plug-in on servers that issue chaining requests, analyze your performance resource, time, and integrity needs. Integrity checks can consume significant memory and CPU resources.

Roles and Class of Service Issue

The nsRoleDN attribute is used to define a role. This attribute should not be used for evaluating role membership in a user's entry. When evaluating role membership, look at the nsrole attribute.

Indexing Issue

If virtual list view (VLV) indexes encompass more than one database, the VLV indexes do not work correctly.

Sun ONE Directory Server Bugs

Cannot Inactivate Users Through Console (4521017)

If you launch the Sun ONE Directory Server 5.1 Console and create a new user or new role as inactive, the newly created user or newly created role is not inactivated. Users and roles cannot be created through the Console as inactive.

Workaround: To create an inactive user or inactive role, follow these steps:

1. Create the new user or new role.

2. Double-click the newly created user or newly created role. Or, select the newly created user or newly created role. Click the Properties item from the Object menu.

3. Click the Account tab.

4. Click the Inactivate button.

5. Click OK.

The newly created user or newly created role is inactivated.

Cannot Configure Directory With a Root Suffix That Contains Spaces (4526501)

If you specify a base DN that contains a space, for example, o=U.S. Government,C=US at Sun ONE Directory Server 5.1 configuration time, the resulting DN is truncated to Government,C=US. At configuration time, the DN should be typed as o=U.S.%20Government,C=US.

Workaround: To correct the base DN entry, follow these steps:

1. Select the top directory entry in the left side of the navigation pane of the Servers and Applications tab on the Console.

2. Edit the suffix in the User directory subtree field.

3. Click OK.

Password Policy Information Is Not Synchronized Between Servers (4527608)

If you update a nonmaster directory server with password policy information, the information is not replicated to all other servers. This information includes account lockouts.

Workaround: Manage password policy information manually on each server.

Account Lockout Remains Effective After the User Password Is Changed (4527623)

If Account Lockout is effective and the user password is changed, Account Lockout remains effective.

Workaround: Reset the accountUnlockTime, passwordRetryCount, and retryCountResetTime lockout attributes to unlock the account.

Console Backup Done Immediately After Installation Fails (4531022)

If you install the Sun ONE Directory Server 5.1, start the console, initialize the directory with an LDIF file, and then back up the server, the Console reports the backup was successful. However, the backup has actually failed.

Workaround: Perform the following tasks from the Console after you initialize the database:

1. Stop the server.

2. Restart the server.

3. Perform the backup.

Server Ignores Case-Sensitive Syntax When Normalizing DN Attributes (4630941)

You cannot use the LDAP naming services to create automount path names that are identical, with the exception of case results in nonunique path names. The directory server does not allow creation of entries if the naming attribute is defined with case-sensitive syntax, and an entry already exists with the same name, but a different case.

For example, /home/foo and /home/Foo paths cannot coexist.

If entry attr=foo,dc=mycompany,dc=com exists, the server does not allow the creation of attr=Foo,dc=mycompany,dc=com. A corollary of this problem is when LDAP naming services are used, automount path names have to be unique, regardless of their case.

Workaround: None.

Stopping the Server During Export, Backup, Restore, or Index Creation Crashes the Server (4678334)

If the server is stopped during export, backup, restore or index creation, the server crashes.

Workaround: Do not stop the server during these types of operations.

Replication Unable to Use Self-Signed Certificate (4679442)

If you attempt to configure replication over SSL with certificate-based authentication, replication does not work if either of the following conditions exist:

• The supplier's certificate is self-signed.

• The supplier's certificate is only capable of behaving as an SSL server certificate that is unable to play the role of the client during an SSL handshake.

Workaround: None.

UFS File System Issue

SPARC: Do Not Create a UFS File System on VxVM Volumes Greater Than 2 Tbytes in Size

If you attempt to create a UFS file system on a Veritas Volume Manager (VxVM) volume that is of 2 Tbytes or greater, you produce an error state. The outcome is a file system that is the size of the VxVM volume modulo 2 Tbytes. For example, a VxVM volume 8.4 Tbytes in size would produce a .4 Tbyte file system.

No warning message is displayed.

Workaround: None.

UFS File System Bug

SPARC: Using fssnap on a Multiterabyte UFS File System Does Not Work (4836824)

Using the fssnap command to create a snapshot of a UFS file system that is greater than 1 Tbyte in size is not supported in the Solaris 9 12/03 release. The following error message is displayed:

fssnap: Fatal: File system /dir/snapshot0 support large files.

Workaround: None.