Solaris 11 IDR (Interim Diagnostic/Relief)

[cah]

I was frustrated with Verizon's gateway router blocking SSH and MySQL packets.
I tried to get Actiontec (the vendor of the gateway router) to respond but without any luck so I approached Oracle support. To my surprised, I got some very good and prompt responses back from Oracle support. Service Request Number: SR 3-5661194891. I will create a PDF file out of this service request when it is finally completed and closed.

After a few days back and forth troubleshooting and information gathering, Oracle support determined it is the abnormal windows size Actiontec is using that causes Solaris 11 (starting from later versions of Solaris 10) to blocked the packets for security reasons - "the tunable tcp_init_wnd_chk (to disable the security protection against the window size attacks) is not working".

The workaround did not work due to compiler compatibility issue on x86/x64 platform. The tech support helped created a bug fix ticket internally (bug creates is 7167477).

Even though the root cause is Ationtec's window size but I haven't got any feedback from them since May 4th.

The service from Oracle/Sun is obvious much better than Actiontec without a doubt.

....... waiting for an IDR from 05/13/2012 to 06/21/2012 .......

I got a notification from SUN support today (06/21/2012) saying an IDR (Interim Diagnostic/Relief) from engineering team is ready for me to test.

Hi,

a new version of the IDR (Interim Diagnostic/Relief) 232 has been uploaded to this service request.
Please check the attachement section of this service request where you should be able to find a file called idr232.2.p5p
download the file idr232.2.p5p and install it by using the command "pkg install -g ./idr232.2.p5p idr232". See document 1452392.1 for more information about Solaris 11 IDRs and how to apply or remove them.

A reboot is requied after the IDR installation to activate the fix.
Once the fix is active you should be able to tune the lowest allowed initial window size to be even lower than an ethernet packet.
This can be done by using /etc/system and adding a line such as

set ip:tcp_init_wnd_chk = 512

(or use an even lower value such as 100).

Please ntoe that after any change in /etc/system another reboot is required to activate the new setting.

Please let me know if this IDR works for you and allows you to tune the window size checks until you get the final fix from your firewall vendor. Thanks.

Best regards,
Wolfgang Ley.

The installation failed partially.....

Code: Select all

%pkg install -g ./idr232.2.p5p idr232
           Packages to install:   1
            Packages to update:   1
       Create boot environment: Yes
Create backup boot environment:  No

DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  2/2         8/8      0.8/0.8$<3>

PHASE                                        ACTIONS
Removal Phase                                    1/1 
Install Phase                                    7/7
Update Phase                                     4/4

PHASE                                          ITEMS
Package State Update Phase                       3/3 
Package Cache Update Phase                       1/1
Image State Update Phase                         2/2 

PHASE                                          ITEMS
Reading Existing Index                           8/8 
Indexing Packages                                2/2
pkg: '/sbin/bootadm update-archive -R /tmp/tmpsImdFP' failed. 
with a return code of 1.

A clone of solaris exists and has been updated and activated.
On the next boot the Boot Environment solaris-1 will be
mounted on '/'.  Reboot when ready to switch to this updated BE.

Can't find IDR installed on the server:

Code: Select all

%pkg info idr232
pkg: info: no packages matching the following patterns you specified are
installed on the system.  Try specifying -r to query remotely:

        idr232

[cah]

Sent over the truss information to Oracle support and they found /default directory was blocking the IDR installation. They asked me to rename it and roll back to original BE (Boot Environment) and then reinstall IDR package again.

Here are the steps:

List BEs:

Code: Select all

%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          486.34M static 2012-03-25 22:47 
solaris-1 NR     /          18.64G  static 2012-06-21 14:31 

Set booting BE to be the original BE:

Code: Select all

%bootadm set-menu default=0

Check BEs again:

Code: Select all

%beadm list                
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   R      -          486.34M static 2012-03-25 22:47 
solaris-1 N      /          18.64G  static 2012-06-21 14:31 

Activate the original BE:

Code: Select all

%beadm activate solaris

Check BEs again:

Code: Select all

%beadm list            
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   R      -          20.27G  static 2012-03-25 22:47 
solaris-1 N      /          244.32M static 2012-06-21 14:31

NOTICE 1: The space sizes have changed!!

Reboot the server:

Code: Select all

cahtoh02:/export/home/cah%shutdown -y -g0 -i6

Shutdown started.    Fri Jun 22 18:24:50 EDT 2012

Changing to init state 6 - please wait
Broadcast Message from root (pts/1) on cahtoh02 Fri Jun 22 18:24:50...
THE SYSTEM cahtoh02 IS BEING SHUT DOWN NOW ! ! !
Log off now or risk your files being damaged

After rebooting the server, check BEs again:

Code: Select all

%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   NR     /          20.32G  static 2012-03-25 22:47 
solaris-1 -      -          259.31M static 2012-06-21 14:31 

NOTICE 2: Space sizes changed again!!
NOTICE 3: BBS post(s) disappeared.... Maybe because of BE change.....

Destroy solaris-1 BE (the one with IDR) :

Code: Select all

%beadm destroy -F solaris-1

Check BE(s) again:

Code: Select all

%beadm list                
BE      Active Mountpoint Space  Policy Created          
--      ------ ---------- -----  ------ -------          
solaris NR     /          15.56G static 2012-03-25 22:47 

NOTICE 4: Space size changed again!

Install the IDR232 again with truss capturing command:

Code: Select all

%truss -aefdl -rall -wall -vall -xall -o /var/tmp/truss.out pkg install -g ./idr232.2.p5p idr232
           Packages to install:   1
            Packages to update:   1
       Create boot environment: Yes
Create backup boot environment:  No

DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  2/2         8/8      0.8/0.8$<3>

PHASE                                        ACTIONS
Removal Phase                                    1/1 
Install Phase                                    7/7
Update Phase                                     4/4 

PHASE                                          ITEMS
Package State Update Phase                       3/3 
Package Cache Update Phase                       1/1
Image State Update Phase                         2/2 

PHASE                                          ITEMS
Reading Existing Index                           8/8 
Indexing Packages                                2/2

A clone of solaris exists and has been updated and activated.
On the next boot the Boot Environment solaris-1 will be
mounted on '/'.  Reboot when ready to switch to this updated BE.

Check BEs again:

Code: Select all

%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   N      /          1.07G   static 2012-03-25 22:47 
solaris-1 R      -          18.91G  static 2012-06-22 18:32 

NOTICE 5: Space sizes changed again! Getting bigger......

Check if the right setting is in /etc/system:

Code: Select all

%grep tcp_init_wnd_chk /etc/system
set ip:tcp_init_wnd_chk = 512

Reboot the server again and check BEs after system came back:

Code: Select all

%shutdown -y -g0 -i6
.................

%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.08G   static 2012-03-25 22:47 
solaris-1 NR     /          18.98G  static 2012-06-22 18:32 

NOTICE 6: Space sizes changed again!

By performing these steps, no error was seen during IDR installing and SSH and MySQL connections work as expected! Hooray!!

Verification:

Code: Select all

%mdb -k 
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc pcplusmp scsi_vhci zfs ip hook neti arp usba kssl sd fctl s1394 sockfs lofs random idm crypto nfs sppp sata cpc fcip logindmux ptm ufs ipc ]
> tcp_init_wnd_chk/D
tcp_init_wnd_chk:
tcp_init_wnd_chk:               512             
> ::q
mdb: invalid command '::q': unknown dcmd name
> ::quit

%kstat -p tcp:0:tcpstat:tcp_zwin_ack_syn
tcp:0:tcpstat:tcp_zwin_ack_syn  0

[cah]

Here is the history of all conversation on this Service Request.

SR 3-5661194891 Detail.pdf

SR 3-5661194891 details

(160.45 KiB) Downloaded 687 times

[cah]

I got a notice this morning regarding SRU availability from Oracle.
Here is the message:

Hi,

the Solaris 11 Support Repository Update (SRY) 12.4 has been released to address the chaneg request
7071362 tcp_icmp_source_quench and other tunables may no longer be field modifiable
which caused the tunable in /etc/system (to workaround the firewall tcp window size issue) not to work.

Please install the released update to get the fix for this service request from our side.
Check if you are currently running with the installed idr. This can be done by using the command "pkg info idr232".
If the idr is installed then please uninstall the idr (the instruction on the required pkg command are included in the pkg info command) and reboot the system afterwards.

Once the IDR is no longer active: Please install the SRU 12.4 by using the command "pkg update".
See MOS document 1497909.1 for information on the SRU 12.4 and MOS document 1021281.1 for general information on SRUs (including how to access and install).
The system needs to be rebooted after the package update. You can use the command "pkg info entire" to verify that the new SRU 12.4 hs been installed.

Please keep in mind that thix fix was just for the problem that the Solaris tunable to allow incoming insecure tcp window size was not working.
The real fix still need to come from your firewall vendor to not use such malicious initial TCP window sizes (smaller than the MSS).

Please let me know once you have installed the update and whether there are any remaining questions/issues for Oracle or whetehr we can close this service request. Thanks.

Best regards,
Wolfgang ley

I then checked the 2 documents he mentioned: 1497909.1 (https://support.oracle.com/epmos/faces/ ... wkb9y5_223) and 1021281.1(https://support.oracle.com/epmos/faces/ ... wkb9y5_181). In 1021281.1, certificate needs to be obtained. I downloaded both key and certificate from https://pkg-register.oracle.com/registe ... info/8003/:

Oracle_Solaris_11_Support.key.pem.pdf

Key
extension pem is not allowed so I changed it to .pem.pdf

(891 Bytes) Downloaded 404 times

Oracle_Solaris_11_Support.certificate.pem.pdf

Certificate
extension pem is not allowed so I changed it to .pem.pdf

(725 Bytes) Downloaded 374 times

Since it may break SSH connection I have from work, I will perform the steps at home.

[cah]

Code: Select all

cahtoh02:/root%pkg info idr232
          Name: idr232
       Summary: Solaris 11 FCS IDR To back out This IDR : # /usr/bin/pkg update --reject pkg://solaris/idr232@2,5.11 pkg:/system/kernel@0.5.11,5.11-0.175.0.0.0.2.1:20111019T075711Z 
         State: Installed
     Publisher: solaris
       Version: 2
 Build Release: 5.11
        Branch: None
Packaging Date: June 21, 2012 02:53:43 PM 
          Size: 5.45 kB
          FMRI: pkg://solaris/idr232@2,5.11:20120621T145343Z

Code: Select all

cahtoh02:/root%/usr/bin/pkg update --reject pkg://solaris/idr232@2,5.11 pkg:/system/kernel@0.5.11,5.11-0.175.0.0.0.2.1:20111019T075711Z 
            Packages to remove:   1
            Packages to update:   1
       Create boot environment: Yes
Create backup boot environment:  No

DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  2/2         5/5      0.7/0.7$<3>

PHASE                                        ACTIONS
Removal Phase                                    7/7 
Install Phase                                    1/1
Update Phase                                     4/4 

PHASE                                          ITEMS
Package State Update Phase                       3/3 
Package Cache Update Phase                       2/2
Image State Update Phase                         2/2 

PHASE                                          ITEMS
Reading Existing Index                           8/8 
Indexing Packages                                2/2

A clone of solaris-1 exists and has been updated and activated.
On the next boot the Boot Environment solaris-2 will be
mounted on '/'.  Reboot when ready to switch to this updated BE.

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 N      /          6.98M   static 2012-06-22 18:32 
solaris-2 R      -          20.08G  static 2012-10-18 00:32 

Code: Select all

cahtoh02:/root%shutdown -y -g0 -i6

Shutdown started.    Thursday, October 18, 2012 12:36:09 AM EDT

Changing to init state 6 - please wait
Broadcast Message from root (pts/1) on cahtoh02 Thu Oct 18 00:36:09...
THE SYSTEM cahtoh02 IS BEING SHUT DOWN NOW ! ! !
Log off now or risk your files being damaged

Code: Select all

cahtoh02:/root%Last login: Thu Oct 18 00:28:54 2012 from cahtoh_gw
Oracle Corporation      SunOS 5.11      11.0    November 2011
cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 -      -          35.14M  static 2012-06-22 18:32 
solaris-2 NR     /          20.13G  static 2012-10-18 00:32 

[cah]

Code: Select all

cahtoh02:/root%pkg update
            Packages to remove:   1
           Packages to install:   7
            Packages to update: 278
           Mediators to change:   1
       Create boot environment: Yes
Create backup boot environment:  No

DOWNLOAD                                  PKGS       FILES    XFER (MB)
network/ssh                            141/286   2804/9845   94.7/272.8$<3>
...
DOWNLOAD                                  PKGS       FILES    XFER (MB)
driver/network/ethernet/vxge           171/286   3270/9845  104.1/272.8$<3>
...
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              286/286   9845/9845  272.8/272.8$<3>

PHASE                                        ACTIONS
Removal Phase                              2488/2488 
Install Phase                              3166/3166 
Update Phase                             10667/13337 
...
Update Phase                             13337/13337 

PHASE                                          ITEMS
Package State Update Phase                   564/564 
Package Cache Update Phase                   279/279 
Image State Update Phase                         2/2 

PHASE                                          ITEMS
Reading Existing Index                           8/8 
Indexing Packages                            286/286
Optimizing Index...

PHASE                                          ITEMS
Indexing Packages                            821/821 

A clone of solaris-2 exists and has been updated and activated.
On the next boot the Boot Environment solaris-3 will be
mounted on '/'.  Reboot when ready to switch to this updated BE.


---------------------------------------------------------------------------
NOTE: Please review release notes posted at:

http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=SERNS
---------------------------------------------------------------------------

Code: Select all

cahtoh02:/root%shutdown -y -g0 -i6

Shutdown started.    Thursday, October 18, 2012 12:55:11 AM EDT

Changing to init state 6 - please wait
Broadcast Message from root (pts/1) on cahtoh02 Thu Oct 18 00:55:11...
THE SYSTEM cahtoh02 IS BEING SHUT DOWN NOW ! ! !
Log off now or risk your files being damaged

The pkg update took about 18 minutes...

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 -      -          35.14M  static 2012-06-22 18:32 
solaris-2 -      -          21.68M  static 2012-10-18 00:32 
solaris-3 NR     /          22.31G  static 2012-10-18 00:50 

Code: Select all

cahtoh02:/root%pkg info entire
          Name: entire
       Summary: entire incorporation including Support Repository Update (Oracle Solaris 11 11/11 SRU 12.4).
   Description: This package constrains system package versions to the same
                build.  WARNING: Proper system update and correct package
                selection depend on the presence of this incorporation.
                Removing this package will result in an unsupported system.  For
                more information see https://support.oracle.com/CSP/main/article
                ?cmd=show&type=NOT&doctype=REFERENCE&id=1372094.1.
      Category: Meta Packages/Incorporations
         State: Installed
     Publisher: solaris
       Version: 0.5.11 (Oracle Solaris 11 SRU 12.4)
 Build Release: 5.11
        Branch: 0.175.0.12.0.4.0
Packaging Date: October  2, 2012 04:17:28 PM 
          Size: 5.45 kB
          FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.0.12.0.4.0:20121002T161728Z

After rebooting with the latest updated SRU 12.4, SSH (and some other apps) stopped working!!!

[cah]

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 -      -          35.14M  static 2012-06-22 18:32 
solaris-2 -      -          21.68M  static 2012-10-18 00:32 
solaris-3 NR     /          22.48G  static 2012-10-18 00:50

Code: Select all

cahtoh02:/root%bootadm set-menu default=1

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 R      -          35.14M  static 2012-06-22 18:32 
solaris-2 -      -          21.68M  static 2012-10-18 00:32 
solaris-3 N      /          22.48G  static 2012-10-18 00:50 

Code: Select all

cahtoh02:/root%beadm activate solaris-1

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 R      -          19.89G  static 2012-06-22 18:32 
solaris-2 -      -          21.68M  static 2012-10-18 00:32 
solaris-3 N      /          2.43G   static 2012-10-18 00:50 

Code: Select all

cahtoh02:/root%shutdown -y -g0 -i6

Shutdown started.    Thursday, October 18, 2012 10:14:58 PM EDT

Changing to init state 6 - please wait
Broadcast Message from root (pts/1) on cahtoh02 Thu Oct 18 22:14:58...
THE SYSTEM cahtoh02 IS BEING SHUT DOWN NOW ! ! !
Log off now or risk your files being damaged

Code: Select all

Last login: Thu Oct 18 00:28:54 2012 from cahtoh_gw
Oracle Corporation      SunOS 5.11      11.0    November 2011
cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 NR     /          19.94G  static 2012-06-22 18:32 
solaris-2 -      -          21.68M  static 2012-10-18 00:32 
solaris-3 -      -          2.43G   static 2012-10-18 00:50 

[cah]

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 NR     /          20.28G  static 2012-06-22 18:32 
solaris-2 -      -          21.68M  static 2012-10-18 00:32 
solaris-3 -      -          2.43G   static 2012-10-18 00:50 

Code: Select all

cahtoh02:/root%beadm destroy -F solaris-3

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 NR     /          20.28G  static 2012-06-22 18:32 
solaris-2 -      -          394.24M static 2012-10-18 00:32 
cahtoh02:/root%beadm destroy -f solaris-2
Are you sure you want to destroy solaris-2?  This action cannot be undone(y/[n]): ^Ccahtoh02:/root%beadm destroy -f so^Cris-2

Code: Select all

cahtoh02:/root%beadm destroy -F solaris-2

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 NR     /          19.90G  static 2012-06-22 18:32 

[cah]

I received another notification from Oracle yesterday (11/20/2012) saying a new SRU 13.4 is ready and he had verified the needed changes are indeed in this release.

Hi,

the Solaris 11 Support Repository Update (SRU) 13.4 ha been released and is available for you (see MOS document 1506900.1 for the README).
I have verified that the tunable now finally works with this SRU. Please update to this SRU (remove the IDR first - if still in place) and then use the /etc/system tunable to allow incoming packets with an invalid small initial window size.
Let me know once you have installed SRU 13.4, rebooted to activate the new SRU and whether this works now. Thanks

Best regards,
Wolfgang Ley.

So I start updating from IDR 232 to SRU 13.4.

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 NR     /          20.83G  static 2012-06-22 18:32

Code: Select all

cahtoh02:/root%pkg info idr232
          Name: idr232
       Summary: Solaris 11 FCS IDR To back out This IDR : # /usr/bin/pkg update --reject pkg://solaris/idr232@2,5.11 pkg:/system/kernel@0.5.11,5.11-0.175.0.0.0.2.1:20111019T075711Z 
         State: Installed
     Publisher: solaris
       Version: 2
 Build Release: 5.11
        Branch: None
Packaging Date: Thu Jun 21 14:53:43 2012
          Size: 5.45 kB
          FMRI: pkg://solaris/idr232@2,5.11:20120621T145343Z

Backing out IDR 232:

Code: Select all

cahtoh02:/root%/usr/bin/pkg update --reject pkg://solaris/idr232@2,5.11 pkg:/system/kernel@0.5.11,5.11-0.175.0.0.0.2.1:20111019T075711Z 

            Packages to remove:   1
            Packages to update:   1
       Create boot environment: Yes
Create backup boot environment:  No

DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  2/2         5/5      0.7/0.7$<3>

PHASE                                        ACTIONS
Removal Phase                                    7/7 
Install Phase                                    1/1
Update Phase                                     4/4

PHASE                                          ITEMS
Package State Update Phase                       3/3 
Package Cache Update Phase                       2/2
Image State Update Phase                         2/2 

PHASE                                          ITEMS
Reading Existing Index                           8/8 
Indexing Packages                                2/2

A clone of solaris-1 exists and has been updated and activated.
On the next boot the Boot Environment solaris-2 will be
mounted on '/'.  Reboot when ready to switch to this updated BE.

Code: Select all

cahtoh02:/root%beadm list                                                     
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 N      /          2.30M   static 2012-06-22 18:32 
solaris-2 R      -          21.09G  static 2012-11-21 18:47 

Code: Select all

cahtoh02:/root%shutdown -y -g0 -i6

Shutdown started.    Wed Nov 21 18:51:00 EST 2012

Changing to init state 6 - please wait
Broadcast Message from root (pts/1) on cahtoh02 Wed Nov 21 19:10:00...
THE SYSTEM cahtoh02 IS BEING SHUT DOWN NOW ! ! !
Log off now or risk your files being damaged

Solaris-2 is the BE without IDR232 and can't be connected from work directly. I had to ssh in from dept01.

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 -      -          34.71M  static 2012-06-22 18:32 
solaris-2 NR     /          21.16G  static 2012-11-21 18:47 

Updating to SRU 13.4:

Code: Select all

cahtoh02:/root%pkg update
            Packages to remove:   1
           Packages to install:   7
            Packages to update: 283
           Mediators to change:   1
       Create boot environment: Yes
Create backup boot environment:  No

DOWNLOAD                                  PKGS       FILES    XFER (MB)
system/kernel                           43/291    466/9928   11.0/277.7$<3>
...
Completed                              291/291   9928/9928  277.7/277.7$<3>


PHASE                                        ACTIONS
Removal Phase                              2509/2509 
Install Phase                              3191/3191 
Update Phase                              3420/13489 
...
Update Phase                             13489/13489 

PHASE                                          ITEMS
Package State Update Phase                   574/574 
Package Cache Update Phase                   284/284 
Image State Update Phase                         2/2 

PHASE                                          ITEMS
Reading Existing Index                           8/8 
Indexing Packages                            291/291
Optimizing Index...

PHASE                                          ITEMS
Indexing Packages                            821/821 

A clone of solaris-2 exists and has been updated and activated.
On the next boot the Boot Environment solaris-3 will be
mounted on '/'.  Reboot when ready to switch to this updated BE.


---------------------------------------------------------------------------
NOTE: Please review release notes posted at:

http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=SERNS
---------------------------------------------------------------------------

solaris-3 BE created by the updating process:

Code: Select all

cahtoh02:/root%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 -      -          34.71M  static 2012-06-22 18:32 
solaris-2 N      /          1.19M   static 2012-11-21 18:47 
solaris-3 R      -          23.08G  static 2012-11-21 19:05 

Code: Select all

cahtoh02:/root%shutdown -y -g0 -i6

Shutdown started.    Wed Nov 21 19:10:00 EST 2012

Changing to init state 6 - please wait
Broadcast Message from root (pts/1) on cahtoh02 Wed Nov 21 19:10:00...
THE SYSTEM cahtoh02 IS BEING SHUT DOWN NOW ! ! !
Log off now or risk your files being damaged

The pkg update took about 18 ~ 19 minutes...

After rebooting it, I was able to connect to hsiao.net from work!!
MyAQL workbench works too!

Code: Select all

/export/home/cah%beadm list
BE        Active Mountpoint Space   Policy Created          
--        ------ ---------- -----   ------ -------          
solaris   -      -          1.11G   static 2012-03-25 22:47 
solaris-1 -      -          34.71M  static 2012-06-22 18:32 
solaris-2 -      -          17.25M  static 2012-11-21 18:47 
solaris-3 NR     /          23.14G  static 2012-11-21 19:05

Code: Select all

/export/home/cah%pkg info entire
          Name: entire
       Summary: entire incorporation including Support Repository Update (Oracle Solaris 11 11/11 SRU 13.4).
   Description: This package constrains system package versions to the same
                build.  WARNING: Proper system update and correct package
                selection depend on the presence of this incorporation.
                Removing this package will result in an unsupported system.  For
                more information see https://support.oracle.com/CSP/main/article
                ?cmd=show&type=NOT&doctype=REFERENCE&id=1372094.1.
      Category: Meta Packages/Incorporations
         State: Installed
     Publisher: solaris
       Version: 0.5.11 (Oracle Solaris 11 SRU 13.4)
 Build Release: 5.11
        Branch: 0.175.0.13.0.4.0
Packaging Date: Tue Nov 06 19:46:23 2012
          Size: 5.45 kB
          FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.0.13.0.4.0:20121106T194623Z

All seems to work.
I will keep all BEs for some time and remove old BEs until I feel confident that SRU 13.4 behaves as expected.

[cah]

Now that SRU 13.4 works for me, I had asked Wolfganf Ley to close the ticket in 2 weeks and he will close it on December 7.

I printed another copy of all details related to this ticket and converted it into a PDF file for reference.

This is an ideal tech support model for all.

SR 3-5661194891 Solaris 11 sshd version Sun_SSH_2.0 issue.pdf

(211.51 KiB) Downloaded 881 times