This README contains information about the IBM(R) WebSphere(R) Everyplace(TM) Connection Manager Version 4.2.3 as well as any late-breaking information that was not available for printed publications. This product contains RSA encryption code. This product is supported on AIX 4.3.3 and above. To download AIX operating system fixes, see: http://www.developer.ibm.com/welcome/support/fixes.html _____________________________________________________________________________ Table of Contents 1.0 Product Description 2.0 Getting Help 3.0 Installing and Configuring 4.0 Late-breaking Information 5.0 Fixed Authorized Problem Analysis Reports (APARs) 6.0 Trademarks and Copyright _____________________________________________________________________________ 1.0 Product Description The IBM WebSphere Everyplace Connection Manager consists of the following components: o Connection Manager runtime environment. o Gatekeeper, a Java(TM) graphical user interface for managing and configuring the Connection Manager system and subsystems. o Access Manager used to support Gatekeeper access to the runtime environment and persistent data store. o Mobility Client, an optional interface that provides an optimized and secure IP tunnel for communication with the Connection Manager using a variety of wireless and wireline networks. _____________________________________________________________________________ 2.0 Getting Help Online help is available through the Gatekeeper and the Mobility Client. Also see the web site at: www.ibm.com/software/pervasive/products/support/connection_manager.shtml for more information and the latest updates. _____________________________________________________________________________ 3.0 Installing and Configuring 3.1 See the IBM WebSphere Everyplace Connection Manager Administrator's Guide for information about installing for the first time or applying maintenance. The guide is in portable document format (PDF) and you will need Adobe Acrobat Reader Version 3.0 or greater to display or print it. This guide is on the installation CD and is also located at www.ibm.com/support/search.wss?rs=804&tc=SSZQDW&dc=DA400 _____________________________________________________________________________ 4.0 Late-breaking Information 4.1 If you are using Netscape Directory Server with the Connection Manager, you must configure it to store passwords as clear text to enable support for the Mobility Client for Palm OS. 4.2 If you run a Connection Manager subordinate node on Solaris 8, and if this node is part of a cluster with a principal node that is running on AIX 4.3.3, the "in use" license count is not incremented when the subordinate node requests licenses. Therefore, license use counts for the cluster will not be accurate. 4.3 If you are using Secure Hashing Algorithm (SHA) to store passwords in LDAP (the default for Netscape Directory), login sessions using the native PPP protocol and CHAP for authentication will fail. If this type of session is a requirement, use clear text for password storage. 4.4 New features for Version 4.2.3 o HTTP codec is a service that uses TCP-Lite as an underlying transport to provide a reduction in the over-the-air (OTA) byte count by removing and/or byte-encoding header fields in a HyperText Transport Protocol (HTTP) data stream. On the Mobility Client, HTTP codec removes or encodes HTTP request headers, transmits the HTTP data stream, then reconstitutes the request headers at the Connection Manager before passing the traffic to target web servers. o Support for the Mobility Client on Linux handheld and desktop systems. o Support for the Mobility Client on Palm OS Version 3.5.2 and later, Palm OS Version 4.0 and Palm OS Version 4.1. o Separation of the code base for Everyplace Wireless Gateway Version 2.1.1.12 or later from new function added to this version and subsequent versions of the Connection Manager. o Support for binary standard context routing (B-SCR) format, for Motient networks. o Some devices have serial numbers associated with their hardware which can be used for identification. Users who connect using the Mobility Client configured for Password key exchange can have an additional level of security by taking advantage of device identifiers. Not all client platforms and devices support device identification. When it is available, the Mobility Client Help -> About is updated to display the Device Identifier. If a user is configured to use device identification, the unique identifier is combined with the password during authentication. 4.5 If you are using wg_monitor on the Solaris operating system, first run some traffic through the Connection Manager before running the wg_monitor command, otherwise arithmatic errors may cause wg_monitor, wgated, or both processes to end abnormally. 4.6 If you are using License Use Management (LUM), change the setting in the i4ls.ini file (located in the LUM server installation directory) from LogAllEvents=yes to LogAllEvents=no to prevent the LUM server from terminating abnormally. _____________________________________________________________________________ 5.0 Fixed Authorized Problem Analysis Reports (APARs) Problems resolved with version 4.2.3.1 include: IY39674 Add search capability to Broadcast Group and messaging IY41534 Hashed passwords used in SMS cause failure in SMS-C IY42067 When an RPA MNC is running, the messaging gateway will not start IY42068 The mechanism for specifying the source address on SMS messages submitted using the messaging toolkit API is not working IY42490 "Active" mode doesn't work correctly for sms-ucp MNC Problems resolved with version 4.2.3.2 include: IY43365 MIG GW core dumps. Looks to be terminating Idle sessions IY43454 Secure WAP connections (WTLS) fail when using DES or TripleDES IY44633 IPSIZE not shown in ACCTDATAINFO table IY43938 Heartbeat configuration missing from Motient MNC panels IY44448 TCP-Lite performance enhancements IY44265 Floating window added to datatac confirmed modes. IY44534 Native PPP Dial support, login fails. IY44720 Change confirmed mode for Motient networks to be synchronous and make use of status messages from the service provider. IY44945 Stale WLP Session information in Motient networks can cause crypto keys to be out of sync. Decrypt errors are visible in the gateway log and client traces. IY45002 Add a session identifier to WLP transactions to allow us to ignore old unrelated packets. IY45015 Modify TCP-OPT engine to retransmit data when a roam occurs. IY45027 LDAP Bind authentication fails on 4.2.3 and later clients. IY45029 PDU(Receiver) Tab Missing From Gatekeeper IY45037 Improve placement of transmit window size on ardis-mnc props IY45193 Password policy name changes not reflected in user accounts. Causes gateway to core. IY45206 Roaming changes IY45210 TCP-OPT enhancements to remove excessive FIN pkts IY45274 Confirmed mode enhancements for Motorola PMR and Dataradio networks IY45425 device resolver not sending X-IBM-PVC headers IY45949 wg_cert -r causes gateway to core IY46007 WECM client fails to log off for WTLS connection 19035 Long radius shared secret causes gateway to core. Problems resolved with version 4.2.3.3 include: IY43817 DNS hostname lookups fail with 2.1.1.13 EWC for win32 IY45035f_2 Discrepancies between ACTTDATAINFO and ACCTDISCINFO IY46796 WAP code doesn't support content types of '*/*' or 'images/*' IY46997 wgated hang IY47067 IP Address assigned to client is in use by another userid. Only applicable to FIXED IP address assignment types. IY47105 Gateway should reset crypto after successive failures. This APAR is prevelent in HA environments when moving back and forth between HA nodes. IY47438 "password expired" message is misleading when applied to secondary auth requirement. IY47684 HTTPAS login form is returned out sequence by T-Mobile IY47729 T-Mobile usage of the HTTP application services layer fails to login. Form attributes are out of the experted order. IY48129 NAT and TCP-Lite do not work together IY49223 WAP proxy fails to deliver data when Content-Length token is not present. IY49337 GW sending response from Pri. RADIUS to secondary RADIUS server IY49338 non-existent user allowed into WECM when using RADIUS auth IY50379 Locality and State OUs are not added to CSR when using wg_cert tool IY50631 Date format for wg.log is not using English when Use Message Cat is set to false IY50701 TERM_USER_OVERRIDE when new login attempt's active status is set to active incorrectly Problems resolved with version 4.2.3.4 include: IY50379 Locality and State OUs are not added to CSR when using wg_cert tool IY52544 Verisign root certificates have expired, preventing HTTP access services from establishing SSL connections IY54787 Use of TCP-Lite may lead to dead-lock condition in lossy networks when the TCP-Lite session is activated prior to completion of the login exchange IY54796 Use of TCP-Lite may lead to dead-lock when logging in with a user ID that is already active in the system IY55738 Gatekeeper and wg_monitor showing different values for users connected to WECM due to IP address leakage IY56622 Connection Manager 5.0.1.2 core dumps when using two party key distribution protocol (TPKDP) on all supported platforms IY56750 Deadlock condition in TCP-Lite IY56783 Gateway hang when LDAP server is unavailable IY56799 Connection Manager is sending data packets which are too large for the DataTAC network IY56951 Functional change to add an option to disable terminate requests when the gateway is being shutdown IY56976 Scheduling error for WLP login threads. Jobs not getting evenly distributed. IY57135 WLP control packet processing delay in Connection Manager IY57136 Memory leak in AES encryption routines may lead to a deadlock in the Connection Manager IY57302 Connection Manager cores when TCP-Lite sessions are not closed IY57661 WECM gateway core dump IY57871 Core dump in gateway when the same user account is used to log into the gateway simultaneously IY58203 Memory leak when WECM acts as an SMS gateway IY58273 Memory leak when fragmenting packets with TCP-Lite IY58669 WECM Connection Manager on Linux will hang up or freeze when using SSHA passwords IY58911 Hang in IP Stack receive processing from the MNI IY59979 Connection Manager suddenly restarts. No core dump is generated. IY60385 IP Address mismatch between DSS and active session table. IY62120 Add "activeKey" attribute to the always update list for IY60385. This attribute should always be updated. _____________________________________________________________________________ 6.0 Trademarks and Copyright AIX, Everyplace, IBM, SecureWay and WebSphere, are trademarks or registered trademarks of the IBM Corporation in the United States or other countries or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product, and service names may be trademarks or service marks of others. Copyright International Business Machines and others, 1994, 2004. All rights reserved.