Deferred patching broken for machines with zones

Similar Messages

• Is patching Sol 10 machines with zones safe?

  Now that Sun update has been released, "smpatch update" explicitly checks for the presence of non global zones and refused to run.
  Now, its fairly trival to reproduce the "smpatch update" functionality from "smpatch download" which still works and a bit of scripting.
  Ive done this on a test machine with zones with no obvious ill effects.
  However since Sun went to the trouble of disabling "smpatch update", you have to presume there was a good reason.
  So is patching machines with zones safe. Or is there some known problem with doing this.

  The problem was that the underlying tool patchadd was not zones aware and then changes (I believe for bug: 6200143 ) changed the exit codes that smpatch relies on.
  Now in Solaris 10 patchadd/patchrm now returns only an exit code of 1 or 0 when using zones which is insufficient both for smpatch and for the Update Manager.
  So there are two options:
  If the system does not have any local zones configured then you can run "patchadd -t" in transitional mode which reverts back to the old pre Solaris 10 rich return codes that smpatch needs.
  If there are zones on the system, using smpatch download + patchadd will work, but you cannot get rich status from patchadd:
  Running "patchadd -t" on a system with local zones gives:
  # patchadd -t
  Transition patching (-t option) is not supported in a zones environment.
  HTH
  ethan

• Entire environment on one machine with zones

  I've been pondering some of what zones can do, and it occurred to me that one could build an entire reasonably secure environment using one machine with multiple zones...
  * Global zone with no network ports active, console only
  * One zone for firewall, heavily ipf'd - mapped to external and internal network ports
  * One zone for webserver - mapped to internal network port
  * One zone for fileserver - mapped to internal network port
  * Other zones as needed - probably all mapped to internal network ports
  * All zones secured with ipf to allow very little access, particularly from firewall zone
  It seems like this would allow a very flexible environment, and would give the security of having multiple boxes.
  Thoughts/Comments?

  I've been pondering some of what zones can do, and it
  occurred to me that one could build an entire
  reasonably secure environment using one machine with
  multiple zones...
  * Global zone with no network ports active,
  ve, console only
  * One zone for firewall, heavily ipf'd - mapped to
  to external and internal network ports
  * One zone for webserver - mapped to internal
  nal network port
  * One zone for fileserver - mapped to internal
  nal network port
  * Other zones as needed - probably all mapped to
  to internal network ports
  * All zones secured with ipf to allow very little
  tle access, particularly from firewall zone
  It seems like this would allow a very flexible
  environment, and would give the security of having
  multiple boxes.
  Thoughts/Comments? You are definately on the right track. If I haven't said it before, I will say it now - All services that can be, should be run in a zone. That means web servers, DNS servers, LDAP, file servers, etc. Between zones and least privilege (you are using least privilege aren't you), you can create a very secure and contained service environment.
  Imagine the surprise of a script kiddie when by pure luck they compromise your zone, but sadly they can't install their favorite rootkit because /dev/kmem, /usr, /devices, etc. are completely off limits no matter how much they scream about having UID 0. Remember, this is even more secure than having multiple boxes; this is like having multiple boxes where root ain't root. The best part is that zones are cheap. You can create them at will without performance impact, and can limit resource usage via a number of different means.
  There is a new paradigm in town and it's name is Zones. Use zones and use them often. This is a no lose proposition.
  Happy zoning.
  Thanks,
  Jarod

• Cloning Solaris 10 with zones

  What is the best method to use when cloning a Solaris machine with zones, to ensure all software is included and can be easily installed
  on new hardware?
  Thank you!

  If you use UFS, then ufsdump/ufsrestore
  If you use ZFS, then zfs send/zfs receive
  But, if you are using hardware or software RAID, you can also try to move one disk to an another machine.
  You can see with these simple examples, that you have several methods and it depends how you configured your machine, Solaris and the zones. And finally, it depends too what is the source machine and what is the target machine, and how they are configured.

• PSU patch info for E business release 12.1.2.

  Can some one please let me know the document or procedure which should refer to apply PSU patch for E business suite. Do we have to apply two patches separately for  Ebusiness suite database - 11.2.0.3 and application server?
  Please help. I need an immediate assistance.

  Are you referring to PSU or CPU? -- https://forums.oracle.com/search.jspa?&q=PSU+AND+CPU
  Please see:
  Oracle E-Business Suite Releases 11i and 12 Critical Patch Update Knowledge Document (July 2013) (Doc ID 1559732.1)
  Database Patch Set Update Overlay Patches Required for Use with PSUs and Oracle E-Business Suite (Doc ID 1147107.1)
  Database PSU-CPU Cross-Reference List (Doc ID 1119703.1)
  Thanks,
  Hussein

• Kernel Patching with zones

  I have a T2000 installed with the Solaris 10 1/06 release with several zones created on it. 4 zones are "sparse" root, and one (zone-5) is a "whole root" zone.
  In order to apply and certify (internally) the latest sendmail patch, Solaris 10 needs a later kernel patch than I had installed (this is a subject for another discussion...). So I downloaded the latest patch cluster (4/6 Recommended cluster) to apply it.
  I shut down the non-global zones, and took the machine to single user mode, and installed the cluster. It seemed to go in fine, except for the following error:
  Zone zone-5
  Rejected patches:
  122856-01
  Patches that passed the dependency check:
  None.
  Fatal failure occurred - impossible to install any patches.
  zone-5: For patch 122856-01, required patch 118822-30 does not exist.
  Fatal failure occurred - impossible to install any patches.Now, 118822-30 is a kernel patch series that is prerequisite for the latest kernel patch (118833-03). Zone-5 is my only whole-root zone. I then looked at the patch cluster log, and discovered that a handful of patches (including 118822-30) had also failed:
  titan15n> grep failed /var/sadm/install_data/Solaris_10_Recommended_Patch_Cluster_log
  Pkgadd failed. See /var/tmp/119254-19.log.6615 for details
  Pkgadd failed. See /var/tmp/118712-09.log.9307 for details
  Pkgadd failed. See /var/tmp/119578-18.log.15160 for details
  Pkgadd failed. See /var/tmp/121308-03.log.18339 for details
  Pkgadd failed. See /var/tmp/119689-07.log.22068 for details
  Pkgadd failed. See /var/tmp/118822-30.log.9404 for details
  Pkgadd failed. See /var/tmp/119059-11.log.29911 for details
  Pkgadd failed. See /var/tmp/119596-03.log.4724 for details
  Pkgadd failed. See /var/tmp/119985-02.log.8349 for details
  Pkgadd failed. See /var/tmp/122032-02.log.13334 for details
  Pkgadd failed. See /var/tmp/118918-14.log.27743 for detailsLooking at any of these logs (in the non-global zone-5's /var/tmp directory shows failures like the following snippet:
  pkgadd: ERROR: unable to create unique temporary file </usr/platform/sun4us/include/sys/cheetahregs.h6HaG8w>: (30) Read-only file sy
  stem
  pkgadd: ERROR: unable to create unique temporary file </usr/platform/sun4us/include/sys/clock.h7HaG8w>: (30) Read-only file system
  pkgadd: ERROR: unable to create unique temporary file </usr/platform/sun4us/include/sys/dvma.h8HaG8w>: (30) Read-only file systemQuestion(s):
  Why would there be read-only file systems where tmp files are getting written? Possibly a timing issue?
  Is there a "best practice" on applying patch clusters, and specifically, the kernel patch? Did I make a mistake in taking the zones down first? It seems like the zones were being booted up as the patches were getting applied, but I may be misinterpreting the output.
  Even though the patches failed to apply to zone-5, the uname -a output in the zone show the latest kernel patch, but does NOT show 118822-30 (118822-25 is what showrev -p in the non-global zone-5 shows -- which is the level I was at before attempting to patch).
  Any solutions?
  Thanks.

  The kernel config and patch are irrelevant - I have tried to compile the stock arch kernel just to make sure that it WASN'T the patch - I simple copied the folder from ABS, did makepkg and installed - no lucky. The problem seems to be that all of the kernels I compile end up with the folder in /lib/modules having -dirty on the end of them. How do I stop this '-dirty'?
  I notice in the build I get this message -
  ==> Building the kernel
  fatal: cannot describe '604d205b49b9a478cbda542c65bacb9e1fa4c840'
    CHK     include/linux/version.h

• PWA site template with warning "Your Local Machine Time Zone does not match your current Sharepoint Regional Settings"

  SharePoint 2010 (SP2010 SP1+ AU CU 2011) site built with Project Web Access template shows message in yellow "Your Local Machine Time Zone does not match your current Sharepoint Regional Settings."
  KB Article http://support.microsoft.com/kb/2749599/en-us suggests applying Windows and SharePoint updates, but does not points to a specific update. Also suggests to enable "Always follow
  web settings" for affected users who are in different time zone than the server time zone, but it does not work either.
  Manjeet Singh

  Hi,
  According to your post, my understanding is that SharePoint 2010 (SP2010 SP1+ AU CU 2011) site built with Project Web Access template shows warning "Your Local Machine Time Zone does not match your current Sharepoint Regional Settings".
  Users are getting this message even after correctly specifying and changing the timezone in their Sharepoint Settings. This is a common problem across the net, but we've found a workaround
  that will eliminate this problem.
  Step 1: Open your Web Database in your Browser
  Step 2: Click the Arrow Under the Login ID (upper right corner)
  Step 3: Choose My Settings
  Step 4: Click the My Regional Settings Link
  Step 5: Uncheck the 'Always Follow Web Settings' check and specify your time zone.
  Step 6: Click OK
  For more information, you can refer to:
  Warning Message about time zone difference between your computer and the regional settings
  of Sha...
  Thanks & Regards,
  Jason Guo
  Jason Guo
  TechNet Community Support

• Windows 7 64 bit machine with printer installed locally takes 2-3 minutes for printing most of the time and fails to print some time.

  Our customer  have 3-4 windows machines in local area network (No Domain Login) with different OS versions and platform architecture (32 / 64 bit)
  I have no idea about the configuration of  machine to which printer is hooked up but it is running Windows for sure.
  This machine is accessible from any other machine in LAN. They have another machine running Windows 7 64 bit OS  on which they have installed the printer connected to earlier machine  using local printer driver installation
  with local TCP/IP port being selected during installation. Installation goes well,  printer gets installed successfully and  shows ready state. but when we try to print anything on it takes 2-3 minutes to complete print job. They have tried
  this on printers with couple of different model and make but the result is same delayed printing. They have also tried to install different printer drivers like HP printer model specific driver and HP universal driver too , but the result is
  the same in all cases. earlier when they were using  32 bit XP machine with printer installed same way that they installed now for win 7 64 , there was no issue seen with regards delayed printing. is this a issue with windows  7 64
  bit printing system ? or it has to do something with mixed and matched (32/64 bit )printer drivers running on different machines on LAN ?
  I will try to get more information with regards to the machine to which printer is connected.In the mean please revert back to me if any one had face similar issue and able to resolve it successfully.    
  Thanks in Advance.

  Hi,
  Have you tried ping ip address of printer? and check if there exists any data lost in network connection. If your network connection is crowded, it can cause delay for printer.
  Also, please attempt to disable all security software temporarily, such as antivirus, firewalls,etc and
  clear all printer cache.
  Locate to task manager, check the state of spoolsv.exe, including cpu and memory. If it has high cpu or memory usage, it may be caused by malware. Thus, you'd better to make a full scan with the latest anti-virus.
  Karen Hu
  TechNet Community Support

• Partitioning an ext. HD for use with Time Machine HFS+/FAT32

  Hi, I hope that this question is not already answered somewhere - I did a couple of searches but couldn't find the answers I need.
  I'm setting up an external LaCie 500GB HD (USB 2.0) for a friend, in order to use it for Time Machine backups (one partition) and as a non-backuped "data dump" (music / films etc.).
  My plan is the following: Partition the ext. HD into a 200 GB HFS+ Journaled partition for use with Time Machine, and a 300 GB FAT32 partition for data (FAT32 to ensure the interoperability with PCs).
  I have a couple of questions (apart from if you think the proposed setup is good in general):
  1. The Time Machine partition would be used to back up a MacBook with a 120GB HD - in your opinion, is 200GB too much/enough/too less space?
  2. In general, does Time Machine work with partitions on ext. HDs as seen in the setup I propose? (or should I use a drive with only one partition?)
  3. are there any possible problems I might run into when partitioning a drive into two different file systems as HFS+ and FAT32?
  4. Is it OK to use the Leopard Disk Utility for this or should I use another application?
  thanks a lot for your answers!

  Hi,
  Could you please share the answers you found?
  I'm going through a very similar situation...
  Thanks!
  Beto.

• Best hard drive for use with Time Machine

  Hi,
  Has anyone determined what the best external hard drive is for use with Time Machine? Is there a particular one that works exceptionally well with Time Machine, or is it much of a muchness?
  I'm looking for a Firewire 400 & Firewire 800 drive that STAYS ON all the time, and doesn't automatically spin down or spin up like the rubbish WD My Book drives do.

  I can't tell you if it is the "best" hard drive for you to use with TM, but I'm quite happy with the 500 GB Buffalo Technology DriveStation Combo TurboUSB I bought recently. It is quiet, quite inexpensive for the capacity (I paid about $120 for one on sale at Fry's), & completely compatible with OS X & TM.
  Best of all for me, it automatically powers down when my iMac sleeps. It also spins down after a time if the Mac's Energy Saver preference "Put hard disk(s) to sleep when possible" is checked; otherwise it remains spun up until the Mac is put to sleep or switched off.
  It comes with "Turbo" USB & Memeo "AutoBackup" software, neither of which I installed. (The box didn't claim these extras came in a Mac version but both Mac & Windows versions were included on the CD.) Out-of-the-box, I reformatted the drive with the Apple Partition Map scheme & two partitions, a 160 GB one for cloning my internal drive & the rest for TM. The drive works perfectly for both uses & seems quite fast, as one would expect from a 7200 rpm SATA drive.

• Partitioning an External 320gb drive for use with Time Machine and...

  I want to be able to use my Western Digital 320GB external drive for use with Time Machine and to use as extra storage space on both my Mac and when I boot into Windows Vista.
  Is this possible?
  I was playing around in Disk Utility and would I partition the part I want to use for Time Machine with the Mac OS Journaled, and whatever I want as space for windows, use a MS - DOS format?
  Has anyone done this before?
  Cheers-

  Unless you are using 64 bit version of MSWindows (64 bit XP/Vista), it won't be able to handle a disk with GUID partition table (GPT). Disks with Apple Partition Map (APM) or GUID partition table are the only ones that Time Machine will work with (not MBR disks). Note also that the MBR/APM/GPT are at the DISK level and not the partition level, so don't mix the format with partitioning scheme. Time Machine disks are meant to live in the Mac universe (for now, anyway) and sharing with the MSWindows 32-bit universe is not possible.
  See http://img87.imageshack.us/my.php?image=macpcdiskdd06sv8.png for some additional background.

• Can i install VS 2013 in my Virtual Machine with Windows 8.1 and work for Mobile Development,Mobile Emulator can work in my Virtual Machine ?

  I have a Virtual Machine with Windows 8.1 OS and 4gb RAM, 200gb Disk.
  I want to develop apps for Windows Mobile 8.1 with VS 2013 Update 4, Mobile Emulators can work in my Virtual Machine, bcz i am getting bellow error.
  Windows Phone Emulator is unable to verify that the virtual machine is running:
  Something happend while starting a virtual machine:'Emulator 8.1 WVGA 4 inch 512MB.APPUSER' failed to start.(Virtual machine ID xxxxxx-xxxxx-xxxx-xxxx-xxxxxxx)
  The Virtual Machine Management Service failed to start the virtual machine 'Emulator 8.1 WVGA 4inch 512MB.appuser' because one of the Hyper-V components is not running (Virtual machine ID xxxx-xxxxx-xxxx-xxxx-xxxx).

  No you cannot do that.  You need a physical machine that supports Hyper-V
  Jeff Sanders (MSFT)
  @jsandersrocks - Windows Store Developer Solutions
  @WSDevSol
  Getting Started With Windows Azure Mobile Services development?
  Click here
  Getting Started With Windows Phone or Store app development?
  Click here
  My Team Blog: Windows Store & Phone Developer Solutions
  My Blog: Http Client Protocol Issues (and other fun stuff I support)

• How to apply patch for MSAHH02_0-10003081.ZIP( xMSA FOR HH (WITH CRM) 5.0 S

  Hi All,
  I am working on xapps for Mobile to implement CRM mobile sales for handheld using  CRMHH 5.0. For that I am using the WAR file MSAHH02_0-10003081.ZIP( xMSA FOR HH (WITH CRM) 5.0 SR02 ) available on SAP marketplace.
  Now I want to apply the patch available for the same i.e. MSAHH02P_4-10003081.ZIP(Patch for MSA FOR HH (WITH CRM) 5.0 SR02 )
  Can anyone please tell the  procedure to apply the patch.
  Thanks & Regards
  Sumit

  HI
  For latest patches you can check at
  http://service.sap.com/swdc -> Support Packages and
  Patches -> Entry by application -> Application Components
  -> SAP ERP -> ERP2004 -> SAP ECC Server
  There are two kinds of kernal files:
  SAPDBEXE and SAPEXE,one is DB dependent and one file is DB independent.
  For downloading the kernal patch:Follow the below path as per your OS and DB combination
  for downloading a kernel patch
  go through following
  service.sap.com/swdc
  downloads-> SAP Support packages -> My Company's Application Components -> SAP KERNEL 32 bit ->SAP KERNEL 4.6D 32-BIT ->SAP KERNEL 4.6D 32-BIT->Windows Server on IA32 32bit -> Select ur database->Windows Server on IA32 32bit
  Reward suitable points

• I use Time Machine with an external hard disc which has worked perfectly for some years.  Recently Time Machine has aborted backups if the screen saver starts when back-up is in progress. I use a Maxtor OneTouch4 back-up system.  Any ideas?

  I use Time Machine with an external hard disc which has worked perfectly for some years.  Recently Time Machine has aborted backups if the screen saver starts when back-up is in progress. I use a Maxtor OneTouch4 back-up system.  Any ideas?
  Has Apple recently up-dated my OS (Lion) such that every time the screen saver starts it disables Time Machine.  I have to switch-off the computer and re-start in order to undertake  a back-up.  I have now switched of all screen savers.

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  The purpose of this exercise is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login. Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. The instructions provided by Apple are as follows:
  Be sure your Mac is shut down.
  Press the power button.
  Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
  Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).
  Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem(s)?
  After testing, reboot as usual (i.e., not in safe mode.)

• I just bought and backed up my computer and time machine with a "Seagate BackUp Plus for Mac". Now my time machine is empty. Panicked. can anyone help?

  I just bought and backed up my computer and time machine with a "Seagate BackUp Plus for Mac". Now my time machine is empty. Panicked. can anyone help?

  Lets start over...
  Please restart the network.. shut down everything..
  Restart in order.. modem.. router.. if different to TC.. or TC.. client devices.. wait 2min between each startup.
  If the TC does not show up on the computer, in finder.. then we need more info.. what OS are you running?
  Does the TC show up in Airport utility? Are you running wireless or ethernet?
  If you still have issues.. plug the TC directly into the computer by ethernet.
  Do a full factory reset of the TC.. and see if it now shows up.
  Please tell us exactly what model TC it is and how old.. the A1xxx model number from the base will help if you don't know.
  You take a screen shot of the TC opened in finder.
  eg..
  My TC is named Tardis4.. click on it.. and then open the data folder.. on this one called Tardisdata.
  Then take a screen shot of it so we can see what the problem is.. screenshot.. with area selection.. control + shift + 4 .. the picture goes into the desktop.. and then you click the picture icon in the posting web page controls and select the picture.