Before Copy and Paste, There Was Just … Copy
Rob McNelly shares the story of a client going old school to deal with a locked-down virtual desktop; IBM i announces details; and tips and updates from IBM Support

Recently I was on a call with a client that was working on a system via a locked-down virtual desktop. This virtual desktop strictly enforced what we could and could not do—namely, we weren’t allowed to copy and paste to or from the desktop. In addition, the client lacked the regular network access needed to copy files to the LPAR in question.
Working from an HMC console session that was connected via this secure virtual desktop left only one realistic option. The client needed to copy a relatively long script into the environment. And by copy, I don’t mean copy and paste. I mean literally copy. The script had to be typed in manually. So what normally could be accomplished in seconds ended up taking good chunk of time.
For readers of a certain age—specifically, those of us on the call—this brought back memories of typing in code from computer magazines. There was no public internet and personal computers of that era lacked networking capabilities, so print was our only resource, and manually typing code was often the only option. Of course the typical outcome of this was we would then need to debug the typos that would, inevitably, crop up from entering long programs by hand. The kicker was that the magazines themselves routinely introduced typos into their printed code—since, again, this sort of thing could only be done manually.
Ultimately, this blast from the past reminded us that we have it pretty good now. Today I take calls and answer emails and texts from anywhere I can get a phone signal. Tethering a laptop to a hotspot is almost mundane now, but not that long ago, my pager would go off and I’d have to find a payphone. Then I’d need to locate a place to plug in a dial-up modem so I could access a machine in a data center. So much of our lives has been made so much easier over all this time, and with the pace of progress being what it is, it’s easy to forget where we’ve come from. Computing could be pretty painful back then.
IBM i Announcement Details
While I typically focus on AIX- and VIOS-related topics, I do maintain interest in the IBM i ecosystem. Sentimentality plays a part—in my early career I was an operator on AS/400 systems—but there are current, practical reasons as well. I also manage Power systems, and as a supported operating system, IBM i sits prominently under this umbrella alongside AIX. And there are current users and operators of Power hardware working in AIX environments that also have IBM i client LPARs running on their machines.
With that, check out TechChannel’s coverage of the latest IBM i announcements and updates. IBM provides details here and here.
OpenSSH User Certificates
It’s always nice hearing from people who, when trying to track down the solution to an issue they’re experiencing, find the answer in one of my old articles. That happened again just recently. Personally, it motivates me not just to keep writing but to keep highlighting useful tips and information that I come across.
On that note, I was recently looking for information about OpenSSH user certificates on AIX. As usual, IBM Support provides a straightforward explanation.
Much More From IBM Support
Some additional Support docs to share. First is this information that covers the potential of unexpected I/O performance loss on AIX 7.3 TL3 or VIOS 4.1.1 with offload_iodone enabled. This issue may only be triggered by a small subset of instances, but if you are impacted by it, you’ll be grateful for this information.
Here’s a quick Q&A about etherchannel logging messages ECH_CHAIN_FAIL and ECH_PING_FAIL_BCKP in the errpt on a daily basis:
“Answer: There were two different events that occurred every day. First, the failover from the primary adapter to the backup adapter at 4:00 AM, followed by a failback from the backup adapter to the primary adapter due to a ping failure a few hours later. This cycle continued for few days.
“The “ECH_CHAN_FAIL:All primary EtherChannel adapters failed: switching over to backup adapter” is logged when etherchannel failover from the primary adapter to the backup adapter occurs due to link failure or manual failover. In this particular case, it was logged because a script was running the following command at 4:00 AM every day without the administrator’s knowledge. The ethchan_config forces a failover of the etherchannel.”
This doc covers Oracle ASM and AIX LVM disks. Obviously you don’t want to mix the two, but here’s some background:
“In Oracle 10g Oracle released a disk management layer named Automatic Storage Management (ASM). This is typically deployed with Oracle RAC in order to manage raw disks used by the Oracle database in a RAC cluster.
“Disks being used by Oracle ASM cannot be also used with AIX LVM. The main reason for this is because the Oracle ASM software puts information on the raw disk to identify it as an Oracle disk, which wipes out any existing PVID or VGDA information.”
Finally, learn about enabling jumbo frames and diagnose the issues when admins are unable to perform DR failover rehearsal operations using vSCSI.
AIX Security Bulletin
This follow-up comes via Chris Gibson’s mailing list. As noted in this APAR and detailed in this security bulletin (which I previously mentioned), vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands. This new problem could present itself once recent security iFixes (CVE-2024-56346 and CVE-2024-56347) for nimesis and nimsh for the bos.sysmgt.nim.client, bos.sysmgt.nim.master, bos.sysmgt.sysbr filesets) are installed.
The nimclient -l -l command hangs when the NIM master has more than 780 NIM resources configured (in an SSL-enabled NIM environment).
Here are the steps to recreate.
“nimclient -l -l” and “nimclient -l -L master” commands hang if the NIM master has more than 780 resources in SSL enabled environment.
1. Enable SSL on NIM master and NIM client.
2. Create “script” type resources in NIM master using the command:
while [ $i -lt 780 ];
do
touch /scripts/scripts$i
nim -o define -t script -a server=master -a location=/scripts/scripts$i scripts$i
i=$((i+1));
done
3. On nim client, execute “nimclient -l -l” or “nimclient -l -L master” commands. The result is the nimclient command hangs.
Contact IBM support to request an iFix for this issue.