Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1941503.1
Update Date:2017-04-05
Keywords:
Solution Type  Problem Resolution Sure

Solution  1941503.1 :   Sparc Enterprise M3000/M4000/M5000/M8000/M9000 Servers: XSCF may be affected by security scanner tools running on the network generating SCF-800x-xx events  

Related Items 
    

  • Sun SPARC Enterprise M8000 Server
    •  
  • Sun SPARC Enterprise M4000 Server
    •  
  • Sun SPARC Enterprise M3000 Server
    •  
  • Sun SPARC Enterprise M9000-32 Server
    •  
  • Sun SPARC Enterprise M5000 Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: Mx000
    •  






In this Document


Symptoms


Cause


Solution


References


Applies to:  

Sun SPARC Enterprise M3000 Server - Version All Versions and later
Sun SPARC Enterprise M4000 Server - Version All Versions and later
Sun SPARC Enterprise M5000 Server - Version All Versions and later
Sun SPARC Enterprise M8000 Server - Version All Versions and later
Sun SPARC Enterprise M9000-32 Server - Version All Versions and later
Information in this document applies to any platform.



Symptoms


XSCF (eXtended System Controller Facility, the platform Service Processor) may be vulnerable when a Security scanning software is being run on the network where the XSCFU is attached.
As result, it is possible that the XSCF(s) shows to be degraded or failed.


Looking at the logs, something similar to the following may be registered:


xscf> showlogs error
Date: Oct 06 00:56:31 CEST 2014 Code: 40004000-faff5502-011d400100000000
 Status: Information Occurred: Oct 06 00:56:16.199 CEST 2014
 FRU: /FIRMWARE,/XSCFU_B#0
 Msg: XSCF process down detected
 UUID: e70094c8-1e4b-42e0-aa8d-95ddc08bb4f4 MSG-ID: SCF-8005-NE             ---> SCF-8005-NE - XSCF firmware is defective (Doc 1021929.1)


or


xscf> showlogs error
Date: Oct 06 00:53:12 CEST 2014 Code: 80002080-55020000-010a000200000000
 Status: Alarm Occurred: Oct 06 00:41:21.820 CEST 2014
 FRU: /XSCFU_B#1
 Msg: Device error on serial interconnection between XSCFUs
 UUID: d311af3e-71d4-434e-9e18-0cd77b2bd101 MSG-ID: SCF-8006-WP             ---> SCF-8006-WP - Hardware problem detected within an XSCFU (Doc 1021871.1)


or


xscf> showlogs error
Date: Feb 16 03:11:45 UTC 2014 Code: 60000000-c201faff-011d001200000000
 Status: Warning Occurred: Feb 16 03:11:36.575 UTC 2014
 FRU: /XSCFU,/FIRMWARE
 Msg: XSCF watchdog timeout
 UUID: 9046d2eb-8e4c-447b-9935-67f9df0a92a9 MSG-ID: SCF-8006-YS             ---> SCF-8006-YS - Hard-to-diagnose failure of the XSCF has occurred (Doc 1021876.1)



On M4000/M5000 servers with an attached IO Box it has been observed that the PCI Link Card to which the IO Box is attached gets degraded because of a TWI access error:


XSCF> showlogs error
<timestamp> <FMA event ID> Warning /IOU#1/PCI#2/LINK,/IOU#1 TWI access error (code=190D)  

XSCF> showstatus
IOU#1 Status:Normal;
* PCI#2 Status:Degraded;


 


Cause


A scanning software run against the XSCF network port.




Snapshot unpacked with the OPL Tool will show the HTTPS attack notice, like the following ones:


from Mon Oct 20 20:40 2014 to Mon Oct 20 20:54 2014.
 nCircle (http://www.ncircle.com) was running during this period ! 
 from Wed Oct 22 01:52 2014 to Wed Oct 22 02:00 2014.
 nCircle (http://www.ncircle.com) was running during this period ! 
 from Wed Oct 22 02:46 2014 to Wed Oct 22 03:05 2014.
 nCircle (http://www.ncircle.com) was running during this period ! 
 from Thu Oct 23 03:34 2014 to Thu Oct 23 03:41 2014.
 nCircle (http://www.ncircle.com) was running during this period ! 
 from Thu Oct 23 04:15 2014 to Thu Oct 23 04:44 2014.
 nCircle (http://www.ncircle.com) was running during this period ! 
 from Fri Oct 24 04:24 2014 to Fri Oct 24 04:32 2014.
 nCircle (http://www.ncircle.com) was running during this period ! 
 from Fri Oct 24 04:54 2014 to Fri Oct 24 05:20 2014.
 nCircle (http://www.ncircle.com) was running during this period !


Warning: HTTP Attack Alert
A potential HTTP attack has been detected during the following period(s) : 
from Mon Oct 06 00:27 2014 to Mon Oct 06 00:44 2014.
from Mon Oct 06 04:44 2014 to Mon Oct 06 05:02 2014.


The above is displayed by Internal OPL tool only





 


Solution


Best option is to use the Network Packet filtering feature (setpacketfilters) introduced in 1092 XCP release to define IP packet filtering rules. More information available in the XSCF's Admin Guide.


Possible workaround:


    

  • Disable https (sethttps -c disable)
    • 

  • Only connect XSCFs to a secured management network

    • 



In case that the TWI access error mentioned in the symptoms section has been observed after a network security scan has been executed, please apply the suggested workaround and then clear the degraded PCI card:


XSCF> clearfault IOU#1-PCI#2

From XCP version 1115 on, the clearfault command can be executed by administrators. 
If the installed XCP Version is below 1115, please open a Service Request at Oracle. A Technical Support Engineer will then clear the fault in a remote session.



Internal Only section


 


References:


Sun SPARC(R) Enterprise M3000/M4000/M5000/M8000/M9000 (OPL) Servers: Current Issues Page (Doc ID 1315765.1)






 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback