Any OpenVMS command that refreshes the display can have unexpected
results when executed as a remote SSH command. For example, the
following command exhibits this behavior:
Executed locally, this command displays a bar chart that is
continuously updated. When executed as a remote command, it displays
each update sequentially. In addition, you cannot terminate the command
using Ctrl/C.
3.5.2 SSH File Copy Restrictions
- On OpenVMS, setting the
ForcePTTYAllocation
keyword to YES in the SSH2_CONFIG. file can result in failures when
performing file copy operations. (In other implementations of SSH,
setting the keyword
ForcePTTYAllocation
to
YES
in the SSH2_CONFIG. file has the same effect as using the
-t
option to the SSH command.)
- Using the
scp
and
sftp
commands from an OpenVMS SSH client to a UNIX server running OpenSSH is
not fully supported because certain operations cause the OpenVMS client
to hang. The hang cannot be terminated by entering Ctrl/C and Ctrl/Y.
- File transfer is limited to OpenVMS files with the following record
formats (as displayed by the DIRECTORY/FULL command):
- STREAM_LF
- Fixed-length 512-byte records
- Not all variants of UNIX path names are supported when referring to
files on OpenVMS clients and servers.
- Using the SCP and SFTP commands from a non-OpenVMS client may have
unpredictable results, depending on how the client formats the target
file name and whether the client is SSH2 compatible.
3.5.3 SSH_ADD Utility Restrictions
If you do not specify the key file in the SSH_ADD command, and SSH_ADD
finds no INDENTIFICATION. file, it adds only the first private key it
finds in the [username.SSH2] directory.
3.6 LPD Restrictions
The LPD$SPOOL logical name has been removed from the software.
3.7 IMAP Dependencies
The IMAP server is limited in the number of connections an IMAP server
process can handle before it forces the kernel to create a new IMAP
server process. This value is set in the TCPIP$IMAP.CONF file to 25.
For example:
3.8 NSLOOKUP Over a TELNET Connection Fails Under OpenVMS V7.3-1
If you use TELNET to connect to a system where the subsystem attribute
maxbuf
is set to greater than 32767 and execute a C program that uses a C
runtime call (such as
getc
or
gets
) to read data from the terminal, the C program may return a generic
user IO error message rather than the specific errors returned by RMS.
To solve this problem:
- Set the subsystem attribute
maxbuf
to 32767. This is a dynamic parameter, so no reboot is required.
- Install the OpenVMS patch VMS731_RMS-V0100.
- Reset the
maxbuf
attribute to the desired value.
3.9 FTP Restrictions
The FTP server does not allow you to specify an IP address other than
that of the connected client, or the specification of a privileged
port, in the PORT, LPRT, or EPRT commands. Any such commands are
rejected with the following error:
500 Illegal {PORT|LPRT|EPRT} command.
|
The FTP server and client prevent data connection "theft" by
a third party. For the FTP server, this applies to passive-mode
connections from an IP address other than the client's, or from a
privileged port. For the FTP client, this applies to active-mode
connections from an IP address other than the server's, or from a port
other than port 20.
You can restore the original behavior by defining the following logical
names:
| Server |
Client |
|
TCPIP$FTPD_ALLOW_ADDR_REDIRECT
|
TCPIP$FTP_ALLOW_ADDR_REDIRECT
|
|
TCPIP$FTPD_ALLOW_PORT_REDIRECT
|
TCPIP$FTP_ALLOW_PORT_REDIRECT
|
These logical names allow you to relax the IP address and port checks
independently in the FTP server and the FTP client.
3.10 Determining the TCP/IP Device Name from a Channel Assignment
OpenVMS provides several ways to determine the name of a device on a
channel assignment. Using the SYS$GETDVI/SYS$GETDVIW system services,
the DVI$_DEVNAM, DVI$_FULLDEVNAM, and DVI$_UNIT items all return
information about the device. While the first two items provide the
full device name, the DVI$_UNIT item returns only the unit number of
the device. To form the complete device name, a program must prefix the
unit number (as a string) with the device name and controller
information. In the case of the TCP/IP device name, the programmer
could add the string
BG
or
BGA
. For example,
BG + 1234
would produce the device name
BG1234:
.
The TCP/IP device name may be altered in a future release. It is good
programming practice to use the DVI$_DEVNAM or DVI$_FULLDEVNAM items to
obtain the full device-name string. Such programs are not based on the
assumption that the TCP/IP device name is BGnnnn or
BGAnnnn, and would not be affected by any change in the TCP/IP
device name strategy.
3.11 RCP Full Transparent Copy Operations
The following sections describe limitations of RCP on OpenVMS.
3.11.1 Using RCP to Transfer STREAM_LF Files
RCP on OpenVMS is best used for transferring text files. Under previous
versions of TCP/IP Services, RCP converts any type of OpenVMS file that
is not STREAM_LF to STREAM_LF format using the standard OpenVMS
$CONVERT utility by specifying the files in the following way:
FILE;ORGA SEQU;RECO;CARR CARR;FORM STREAM_LF;SIZE 0;BLOCK YES
|
RCP sends the converted file using block-mode RMS file I/O (SYS$READ())
and writes the data using block-mode (SYS$WRITE()).
This behavior has been changed so that RCP does not convert FIXED or
UNDEFINED format files (in addition to STREAM_LF files). You can
restore the old behavior using the following logical name:
TCPIP$RCP_SEND_FIX_FORMAT_AS_ASCII
|
If this logical name is set, the original behavior of converting FIXED
and UNDEFINED files is restored. If this logical name is set to a
number other than 1, the default behavior is enabled. Files with a
fixed-length record size that exactly matches the value of the logical
name are not converted.
For example, if you set this logical name to 512, all FIXED and
UNDEFINED files are converted except for files with a fixed-length
record size of 512 (such as OpenVMS executable image files).
The receiving peer, if OpenVMS, always creates a file of type
STREAM_LF. The RCP protocol provides no method of transferring file
type information between sender and receiver. Therefore, the receiving
peer has no way of knowing anything about file structure.
In an OpenVMS-to-OpenVMS transfer, if the original file was FIXED or
UNDEFINED and was not converted, use the DCL command SET
FILE/ATTRIBUTES to change the attributes on the resulting STREAM_LF
file to correspond to the format of the original file.
For example, after transferring an OpenVMS executable image file (FIXED
format with a record-length of 512 bytes), enter the following command
to make it an executable image again:
$ SET FILE/ATTR=(RFM:FIX,LRL:512) RCP-COPIED-FILE.EXE
|
3.11.2 RCP File Size Limitations
The RCP protocol requires that the length of the file be sent as part
of the protocol. The length is interpreted as a signed 32-bit integer.
On OpenVMS, the file's length is determined using an RTL call to
fstat()
. Therefore, files transferred using RCP must be less than 2 GB minus 1
byte (2147483647 bytes).
In comparison, FTP does not have any of these limitations. However, FTP
uses a different security model.
3.12 NFS Problems and Restrictions
The following sections describe problems and restrictions with NFS.
3.12.1 NFS Server Problems and Restrictions
- Using the
ls
command from a Solaris Version 9 client may hang the OpenVMS server
with no error message on either client or server. To avoid this
problem, set the nfs subsystem attribute
ovms_xqp_plus_enabled
to 7. Refer to the HP TCP/IP Services for OpenVMS Management guide for more information about this
attribute.
- Directories in a container file system cannot be deleted, either by
the TCP/IP management command REMOVE DIRECTORY or by clients. The
following error message is displayed:
- Under TCP/IP Services Version 5.3, the NFS client command "mkdir
dirname.dir" used on an ODS-5 volume with the TYPELESS_DIRECTORIES
export option produces a directory with the OpenVMS name
"dirname.DIR;1", which is displayed back to the NFS client as
simply "dirname."
This problem has been fixed in
TCP/IP Services Version 5.4. The directory is now created with the
OpenVMS file specification "dirname.dir.DIR;1", which is
displayed back to the client as "dirname.dir," as expected.
Therefore, non-OpenVMS clients using an ODS-5 volume should always
refer to directories according to whether or not the
TYPELESS_DIRECTORIES option is in use.
- With the TYPELESS_DIRECTORIES option, the file
"dirname.DIR;1" must be referred to as "dirname".
- Without the TYPELESS_DIRECTORIES option, the file
"dirname.DIR;1" must be referred to as
"dirname.dir".
Note that you may need to change some export records, either to
include the ".dir" at each directory level, or to add the
TYPELESS_DIRECTORIES option.
Client MOUNT commands must also
conform to this convention.
- When performing a mount operation or starting the NFS server with
OPCOM enabled, the TCP/IP Services MOUNT server can erroneously display
the following message:
%TCPIP-E-NFS_BFSCAL, operation MOUNT_POINT failed on file /dev/dir
|
This message appears even when the MOUNT or NFS startup has
successfully completed. In the case of a mount operation, if it has
actually succeeded, the following message will also be displayed:
%TCPIP-S-NFS_MNTSUC, mounted file system /dev/dir
|
- If the NFS server and the NFS client are in different domains and
unqualified host names are used in requests, the lock server (LOCKD)
fails to honor the request and leaves the file unlocked.
When the
server attempts to look up a host using its unqualified host name (for
example,
johnws
) instead of the fully qualified host name (for example,
johnws.abc com
), and the host is not in the same domain as the server, the request
fails.
To solve this type of problem, you can do one of the
following:
- When you configure the NFS client, specify the fully qualified host
name, including the domain name. This ensures that translation will
succeed.
- Add an entry to the NFS server's hosts database for the client's
unqualified host name. Only that NFS server will be able to translate
this host name. This solution will not work if the client obtains its
address dynamically from DHCP.
3.12.2 NFS Client Problems and Restrictions
- To get proper timestamps, when the system time is changed for
daylight savings time (DST), dismount all DNFS devices. (The TCP/IP
management command SHOW MOUNT should show zero mounted devices.) Then
remount the devices.
- The NFS client should properly handle file names with the semicolon
character on ODS-5 disk volumes. (For example,
a^;b.dat;5
is a valid file name.)
The current version does not handle these
types of file names properly; they are truncated at the semicolon.
- The NFS client included with TCP/IP Services uses the NFS Version 2
protocol only.
- With the NFS Version 2 protocol, the value of the file size is
limited to 32 bits.
- The ISO Latin-1 character set is supported. The UCS-2 characters
are not supported.
- File names, including file extensions, can be no more than 236
characters long.
- Files containing characters not accepted by ODS-5 on the active
OpenVMS version or whose name and extension exceeds 236 characters are
truncated to zero length. This makes them invisible to OpenVMS and is
consistent with prior OpenVMS NFS client behavior.
3.13 IPv6 Restrictions
The following sections describe restrictions in the use of IPv6.
3.13.1 Mobile IPv6 Restrictions
The implementation of mobile IPv6 in this version of TCP/IP Services does
not support binding update authentication as specified in
draft-ietf-mobileip-ipv6-15.TXT
, Section 4.4, including the authentication data sub-option defined in
Section 5.6. You should limit the use of this version to testing
environments that are not subject to attack, because system integrity
can be compromised by accepting unauthenticated bindings.
3.13.2 6to4 Configuration is Not Supported
TCP/IP Services contains the TCPIP$IP6_SETUP.COM command procedure for
configuring IPv6 on a node. The use of this procedure to configure the
6to4 tunnel mechanism is not supported in this release. Attempts to
configure 6to4 with the procedure will not succeed.
3.13.3 IPv6 Requires the BIND Resolver
If you are using IPv6, you must enable the BIND resolver. To enable the
BIND resolver, use the TCPIP$CONFIG.COM command procedure. From the
Core menu, select BIND Resolver.
You must specify the BIND server to enable the BIND resolver. If you do
not have access to a BIND server, specify the node address 127.0.0.0 as
your BIND server.
3.14 TCP/IP Management Command Restrictions
The following restrictions apply to the TCP/IP management commands:
- TCP/IP Services version 5.4 introduces failSAFE IP, which
obsoletes the IP cluster alias address. Consequently, the following
TCP/IP management commands are no longer supported:
- TCPIP SET INTERFACE /NOCLUSTER
- TCPIP SHOW INTERFACE /CLUSTER
To show interface addresses, including IP cluster alias addresses,
you must use the following sequence of DCL commands:
$ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM
$ ifconfig -a
|
To delete a cluster alias address from the active system, use a DCL
command similar to the following:
$ ifconfig ie0 -alias 10.10.10.1
|
For backward compatibility, the following TCP/IP management
commands continue to be supported:
- SET CONFIGURATION INTERFACE /CLUSTER
- SET CONFIGURATION INTERFACE /NOCLUSTER
- SHOW CONFIGURATION INTERFACE /CLUSTER
- SET NAME_SERVICE /PATH
This command requires the SYSNAM
privilege. If you enter the command without the appropriate privilege
at the process level, the command does not work and you are not
notified. If you enter the command at the SYSTEM level, the command
does not work and receive an error message.
- SET SERVICE command
When you modify parameters to a service,
disable and reenable the service for the modifications to take effect.
3.15 NTP Problems and Restrictions
- NTP uses a slew mechanism to synchronize the system clock. The
method that NTP uses to obtain a maximum slew value (the maximum amount
that NTP will adjust the clock in one attempt) changes when you upgrade
from NTP Version 3 to NTP Version 4. As a result of this change, it may
take longer for clocks to come into synchronization under NTPv4 than it
did under NTPv3.
- The NTP server has a stratum limit of 15. The server does not
synchronize to any time server that reports a stratum of 15 or greater.
This may cause problems if you try to synchronize to a server running
the UCX NTP server, if that server has been designated as "free
running" (with the
local-master
command). For proper operation, the
local-master
designation must be specified with a stratum no greater than 14.
- Whenn running on certain high-performance Alpha systems, NTP may be
unable to adjust the system clock; therefore, NTP will not be able to
provide accurate timekeeping. When this happens, the following error
message appears in the NTP log file:
%SYSTEM-F-BADLOGIC, internal logic error detected
VMS timekeeping is not working as expected - can't proceed
|
3.16 SNMP Problems
This section describes restrictions to the SNMP component for this
release. For more information about using SNMP, refer to the
Compaq TCP/IP Services for OpenVMS SNMP Programming and Reference manual.
3.16.1 Incomplete Restart
When the SNMP master agent and subagents fail or are stopped,
TCP/IP Services is often able to restart all processes automatically.
However, under certain conditions, subagent processes may not restart.
When this happens, the display from the DCL command SHOW SYSTEM does
not include TCPIP$OS_MIBS and TCPIP$HR_MIB. If this situation occurs,
restart SNMP by entering the following commands:
$ @SYS$STARTUP:TCPIP$SNMP_SHUTDOWN.COM
$ @SYS$STARTUP:TCPIP$SNMP_STARTUP.COM
|
3.16.2 SNMP IVP Error
On slow systems, the SNMP Installation Verification Procedure can fail
because a subagent does not respond to the test query. The error
messages look like this:
.
.
.
Shutting down the SNMP service... done.
Creating temporary read/write community SNMPIVP_153.
Enabling SET operations.
Starting the SNMP service... done.
SNMPIVP: unexpected text in response to SNMP request:
"- no such name - returned for variable 1"
See file SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$SNMP_REQUEST.DAT for more
details.
sysContact could not be retrieved. Status = 0
The SNMP IVP has NOT completed successfully.
SNMP IVP request completed.
Press Return to continue ...
|
You can ignore these types of messages in the IVP.
3.16.3 Using Existing MIB Subagent Modules
If an existing subagent does not execute properly, you may need to
relink it against the current version of TCP/IP Services to produce a
working image. Some subagents (such as those for OpenVMS support of
Compaq Insight Manager) also require a minimum version of OpenVMS and a
minimum version of TCP/IP Services.
The following restrictions apply:
- In general, only executable images linked against the following
versions of the eSNMP shareable image are upward compatible with the
current version of TCP/IP Services:
- UCX$ESNMP_SHR.EXE from TCP/IP Services Version 4.2 ECO 4
- TCPIP$ESNMP_SHR.EXE from TCP/IP Services Version 5.0A ECO 1
Images built under versions other than these can be relinked with
one of the shareable images, or with TCPIP$ESNMP_SHR.EXE in the current
version of TCP/IP Services.
- The underlying eSNMP API changed from DPI in Version 5.0 to AgentX
in the current version of TCP/IP Services. Therefore, executable images
linked against older object library versions of the API (*$ESNMP.OLB)
must be relinked against either the new object library or the new
shareable image. Linking against the shareable image ensures future
upward compatibility and results in smaller image sizes.
Note
Although images may run without being relinked, backward compatibility
is not guaranteed. These images can result in inaccurate data or
run-time problems.
|
- This version of TCP/IP Services provides an updated version of the
UCX$ESNMP_SHR.EXE shareable image to provide compatibility with
subagents linked under TCP/IP Services Version 4.2 ECO 4. Do not delete
this file.
- The SNMP server responds correctly to SNMP requests directed to a
cluster alias. Note, however, that an unexpected host may be reached
when querying from a TCP/IP Services Version 4.x system that
is a member of a cluster group but is not the current impersonator.
- The SNMP master agent and subagents do not start if the value of
logical name TCPIP$INET_HOST does not yield the IP address of a
functional interface on the host when used in a DNS query. This problem
does not occur if the server host is configured correctly with a
permanent network connection (for example, Ethernet or FDDI). The
problem can occur when a host is connected through PPP and the IP
address used for the PPP connection does not match the IP address of
the TCPIP$INET_HOST logical name.
- Under certain conditions observed primarily on OpenVMS VAX systems,
the master agent or subagent exits with an error from an internal
select()
socket call. In most circumstances, looping does not occur. You can
control the number of iterations if looping occurs by defining the
TCPIP$SNMP_SELECT_ERROR_LIMIT logical name.
- The MIB browser provided with TCP/IP Services
(TCPIP$SNMP_REQUEST.EXE) supports
getnext
processing of OIDs that include the 32-bit OpenVMS process ID as a
component. However, other MIB browsers may not provide this support.
For example, the following OIDs and values are supported on OpenVMS:
1.3.6.1.2.1.25.4.2.1.1.1321206828 = 1321206828
1.3.6.1.2.1.25.4.2.1.1.1321206829 = 1321206829
1.3.6.1.2.1.25.4.2.1.1.1321206830 = 1321206830
|
These examples are from
hrSWRunTable
; the
hrSWRunPerfTable
may be affected as well.
- You can ignore the following warning that appears in the log file
if a null OID value (0.0) is retrieved in response to a
Get
,
GetNext
, or
GetBulk
request:
o_oid; Null oid or oid->elements, or oid->nelem == 0
|