Post NetWare 5.1 Support Pack 5 Updates
Novell Cool Solutions: Feature
By David Stagg
Digg This -
Posted: 17 Apr 2003
A number of questions are repeatedly asked of Novell Support about Product patches and updates that should be included in routine maintenance.
- Why are patches available that are not on the Minimum Patch List?
- Should other patches be applied with the Support Pack?
- Can other patches be included with a Support Pack installation?
This document provides some background on Novell's Patch and Support Pack process as well as an example of including a number of Post NetWare 5.1 Support Pack 5 patches into a single installation.
Hopefully this information will allow customers to better assess the need for specific patches and include multiple patches in a single routine maintenance installation.
- Support Packs and Patches
- Importance of Routine Maintenance and Testing
- Identifying Post Patches to include
- NetWare 5.1 Support Pack 5 and Recommended Post Patches
- Patch Details
- Patch File Links
- JAVA 1.3.1 Update
To better understand the differences between patch status, minimum patch list, what patches should be applied to a production server; the process involved with Support Packs and patches needs to be clearly understood.
As issues or problems are identified by (or to) Novell Support they are documented and published as Solutions for the information of Engineers, Partners and Customers. When a bug is identified a Defect is created that may result in changes to code to correct the identified bug. These changes will usually result in a Test Patch (Field Test File - FTF), that customers may use to test and resolve the problem. If the problem is resolved, this code change will be moved to a track that will usually have the fix added to the next Support Pack. As Support Packs are released some months apart the patch file may get some additional testing and also be released on the Novell Support Web Site as a ?Beta? patch.
The status ?Beta? is used to identify patches that are going through the testing process. This also indicates to customers that the patch has not yet received full regression and compatibility testing. In this state, these patches may be important to resolve specific issues that customers may encounter. At this time, Novell is not able to provide the same level of assurance for the patch that can be provided for a Support Pack release. Until full testing is completed on the patch and it is incorporated in the next Support Pack release, it will usually remain in a ?Beta? status.
One other aspect of the full testing process is that issues can be encountered after the code base for the next Support Pack is closed. In these situations, it is possible to have a Post SP Patch that actually is dated before the Support Pack release date.
Patches that are actually moved from a ?Beta? status to ?Released? between Support Pack releases may also be included in the Minimum Patch List. This list provides the currently recommended ?minimum? patches that should be on all NetWare servers in production. Often there may be other patches that are ?Recommended? but not currently on the Minimum Patch List. These recommended patches are provided as part of the overall process that allows customers to address or prevent problems from occurring in their environments.
It is important to keep production environments up to date with Support Packs and specific patches to avoid and prevent problems. When production environments are behind in regular maintenance, customers run the risk of encountering issues that can not be fixed with available patches until other patches or Support Packs are applied. Most patches are only tested on the current Support Packs and may not work correctly with older Support Packs. Regular maintenance also provides a stable ?supportable? environment.
Customers should always test Support Packs and Patches in a test or lab environment before deploying into production environments. Without a lab or test environment, deploying any patch may result in unforeseen issues that often leads to greater down time and may require greater work to correct.
With the Support Pack and Patch process covered it is now time to identify which patches to include with the Support Pack for a routine maintenance on the servers in your environment. Start with the File Finder at http://support.novell.com and select the Product that you are updating. Identify the date of the Support Pack you are working from and list all the files that have been posted around the same time and since. Record and read through the documentation with each Patch file to identify what the issues addressed by each patch are. Click the ?Beta? link to identify all of the patches that have been posted since the Support Pack and are still in ?Beta? status. Again carefully read all of the documentation and the issues that were addressed by each patch.
Each customer needs to decide which patches should be added to the maintenance cycle with a Support Pack within the guidelines of corporate policy and with an understanding of the issues each patch addresses. If the current Policy is to not install ?Beta? patches in production environments, the choices here will be limited. Customers need to be aware of the issues that the currently posted ?Beta? patches address should a problem occur.
Once the list of patches to include is identified, then testing must be done to verify that the overlay process is an option in reducing the number of installs and reboots required for the customer's environment.
The following information is provided for NetWare 5.1 Support Pack 5 and the Post SP5 patches that are currently recommended. This information is provided subject to the Disclaimer at the end of this document. These recommendations are based on specific experiences that Premium Support Engineers have had with their customers. As always, validate these patches in your environment before deploying them into a production environment.
Overlaying Patches on top of a Support Pack
The process of Patch overlay is usually fairly straightforward. Most Post Support Pack Patches can be overlayed on top of a Support Pack (SP) to enable a 1 time/1 reboot installation. Each patch has to be checked for files being installed and where they would be included in a Support Pack. Where a patch file includes files that are direct updates of files in a Support Pack, the overlay process simply replaces those files in the SP with the files from the Patch. Where patch files do not exist in the SP, they may be copied to SP directories in some cases.
Not all files from a Patch are copied to the Support Pack. Readme files, installation script files (*.IPS and *.ICS) and others may be included for the process of the patch installation by itself. Read the included readme file for each patch to identify the files that need to be included.
As always, validate this overlay Support Pack and patches in your environment before deploying them into a production environment.
NetWare 5.1 Support Pack 5 and Post Patches
Recommended Post SP5 Patches:
- NW51SP5.EXE: NetWare 5.1 Support Pack 5
- FLSYSFT8.EXE: Post NetWare 5.1 SP5 FILESYS.NLM Patch
- TCP581O.EXE: TCP update 5.81o - NetWare 5.1 Support Pack 5 (*)
- NSS5P.EXE: NSS post SP5 updates (**)
- DS883C.EXE: NDS 8.x update for NetWare 5.1 ver. 8.83c (servers with DS 8.x) (***)
- DS760C.EXE: NDS 7.x update for NetWare 5.1 ver 7.60c (servers with DS 7.x) (***)
- PERL5002.EXE: Perl Vulnerability Patch
- NSCRIPT1.EXE: NetBasic buffer/scripting vulnerabiltiy patch
- FCONFIG3.EXE: CONFIG.NLM for NetWare 5.1 and 6
- ODINEB1A.EXE: Fixes abend in ODINEB - spinlock attempting context switch
- TRUST110A.EXE: TRUSTEE.NLM for NetWare 5.1 and 6
(*) This Patch (or TCP581P.EXE) is recommended on servers equipped with more than one processor that are running the multiprocessor support modules (CPQMPK MPS14 etc.). On the server where it is not the case, the TCPIP modules from SP5 will be sufficient.
(**) This Patch is recommended for servers that have NSS volumes on NetWare 5.1 servers. This patch can be applied to a NetWare Cluster, however the cluster MUST be running the Clustering Support Pack 2.
(***) One of these two patches are recommended for servers with DS 8.x or DS 7.x. If you have eDirectory installed already, neither of these patches should be used. In preparation for eDirectory being installed into your production Tree, Directory Services should be updated to these versions.
Some Other Optional Post SP5 Patches:
- VERADSR.EXE: DSREPAIR.NLM for Veritas Users Only with DS 8.73 or greater
- PSM4B.EXE: PSM modules for NetWare 5.1 and NetWare 6 (P4 multi-processor machines with HyperThreading support).
- NDP3SP2D.EXE: NDPS Post CSP8 NDPS updates (Snapins)
- 308411.EXE: ConsoleOne Intruder Detection report issue.
- DHCPCLNT.EXE: NetWare DHCP Client - only for servers where the IP address is assigned by DHCP
Note: The above list was completed and tested as of the date this document was last modified. Always check the Novell Support Web Site for updates and changes to these patches.
The following notes provide additional information that is specific to each of the recommended Patches. Each patch description is followed by simple instructions to overlay each of the Recommended patches in the above list. Optional Patches will require testing for overlay options.
This is the NetWare 5.1 Support Pack 5 download file. Here are a few things to watch for before the installation:
If you have compression turned on for the SYS: volume, the Support Pack might take longer to install because the files being backed up and updated need to be uncompressed. To prevent this in the future, purge files on the server before installing, change the number of days before compression to a higher number, and flag the following directories on SYS: as Don't Compress (SYS:\PUBLIC, SYS:\SYSTEM, SYS:\ETC).
If loaded, unload DOSFAT.NSS, which mounts the server's C: drive as a volume.
Unload all your 3rd party application before the installation of the Support Pack.
If the CONFIG.SYS file of the server has the FILES variable set to a value of 30 or less (i.e. FILES=30) , the server might have some problems when restarting. Recommend to set FILES to a minimum of 50. (See TID 10069451 for more information.)
To install NetWare 5.1 and Support Pack 5 at the same time on new server, please download NW51SP5EF.EXE (This is an overlay of NetWare 5.1 and SP5 combined, English - French. Other language combinations are also available.)
This patch contains a FILESYS.NLM that addresses several minor issues with this file, the main issue being a problem that can occur when performing file rename operations. This patch file (FILESYS.NLM) needs to be copied to your server startup folder (i.e. C:\NWSERVER) where it will take precedence over the FILESYS code imbedded in SERVER.EXE. It is good practice to confirm that the SP install deleted the previous (older) version of the file that was there.
Overlay: Copy FLSYSFT8\NW5\FILESYS.NLM to NW51SP5\STARTUP\FILESYS.NLM
This patch contains updated version of both the Domestic (128-bit) and Null (no encryption) version of the NetWare 5.1 TCPIP stack. The TCPIP stack included in NetWare 5.1 SP5 addresses most of the issues fixed in this post patch but an issue related to ABENDs on multiprocessors machine makes it a stong recommendation on servers running with multiprocessor support.
Overlay: Copy all files from the DOMESTIC and NULL subfolders to the appropriate NW51SP5\PRODUCTS\TCPIP\ subfolders. (Only the NULL will install).
Note: Check the TCP581P.EXE files for more recent issues. If any are applicable to your environment, use the TCP581P.EXE Patch file instead of TCP581O.EXE
This Patch contains Post SP5 updated NSS modules that address a number of identified issues. The complete list of issues resolved in this Patch is included in the Patch Readme. The number of fixes included in the patch makes it a strong recommendation for NetWAre 5.1 servers running with NSS volumes.
Overlay: Copy all NSS5P\*.NSS and NSS5P\*.NLM files to NW51SP5\SYS\SYSTEM
This patch contains the latest PUBLIC version of DS 8.x code. Since 8.78 code, the main issues addressed in here that you want to avoid are the following.
- An issue with xref referral hints not being purged when servers are removed from the tree
- An issue with referral hints not cleaning up after a server IP address change. Running into those issues can result in the need to perform many server -XK3 repairs or require direct Novell Technical Support to fix bad referrals.
Copy \STARTUP\DSLOADER.NLM to NW51SP5\PRODUCTS\NDS8\STARTUP\DSLOADER.NLM
Copy \SYS\SYSTEM\*.* to NW51SP5\PRODUCTS\NDS8\SYS\SYSTEM\*.*
Copy \SYS\SYSTEM\NLS\4\*.* to NW51SP5\PRODUCTS\NDS8\SYS\SYSTEM\NLS\4\*.*
Copy \SYS\SYSTEM\SCHEMA\*.* to NW51SP5\PRODUCTS\NDS8\SYS\SYSTEM\SCHEMA\*.*
This patch contains the latest PUBLIC version of DS 7.x code. This version addresses many issues that affect correct schema handling and Tree walking problems with bad referral hints. This is a highly recommended patch for all servers running DS 7.x code, prior to eDirectory being installed into the Tree.
Copy \STARTUP\DSLOADER.NLM to NW51SP5\PRODUCTS\NDS7\STARTUP\DSLOADER.NLM
Copy \SYS\SYSTEM\*.NLM to NW51SP5\PRODUCTS\NDS7\SYS\SYSTEM\*.NLM
Copy \SYS\SYSTEM\SCHEMA\*.* to NW51SP5\PRODUCTS\NDS7\SYS\SYSTEM\SCHEMA
This patch addresses a PERL security vulnerability published in August. The patch is easy to overlay on top of Support Pack 5. See overlay instructions below.
Overlay: Copy PERL5.ZIP to NW51SP5\SYS\JAVA_INS\PERL5.ZIP
This patch addresses a NetBasic buffer/scripting vulnerabiltiy published in August. The patch is easy to overlay on top of Support Pack 5. See overlay instructions below.
Overlay: Copy NSCRIPT.ZIP to NW51SP5\SYS\JAVA_INS\NSCRIPT.ZIP
This patch contains a new CONFIG.NLM that provides a lot more information then the previous versions of the utility. It also has a series of new command line switches that will give the user a lot more flexibility in your reporting.
Overlay: Copy CONFIG.NLM to NW51SP5\SYS\SYSTEM
This patch fixes an abend with ODINEB because of AllocEventNode preserves bits that it didn't use to. The abend shows: Attempted context switch while holding spinlock.
Overlay: Copy ODINEB1A\51\NEB.NLM to NW51SP5\STARTUP\NEB.NLM
This is a PUBLIC release of the TRUSTEE.NLM which can be used to backup and restore File System Trustee Assignments and Inherited Rights Filters. This can be scripted as part of normal procedures using CRON to provide regular backups of all Trustee Assignments for Disaster Recovery.
Overlay: Copy TRUSTEE.NLM to NW51SP5\SYS\SYSTEM
The deployment of Support Pack 5 might be a very good opportunity to deploy the NetWare JVM 1.3.1. This would facilitate upgrades to eDirectory 8.6.x on the NetWare 5.1 servers across the enterprise. For remote site the use of JVM131R.EXE will greatly speed up the JVM upgrade process. JVM131R.EXE can also be used for local servers for consistency in installation methods.
If ZENworks for Desktops 3.x is installed an additional patch ZD3XJVM.EXE will be required with the JAVA 1.3.1 update.
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
David Stagg is a Primary Support Engineer with Novell Premium Services Engineering in Canada.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com