This README contains information about the IBM(R) WebSphere(R) Everyplace(TM) 
Connection Manager Version 4.2.3 as well as any late-breaking information 
that was not available for printed publications.

This product contains RSA encryption code.

This product is supported on AIX 4.3.3 and above. 

To download AIX operating system fixes, see:

   http://www.developer.ibm.com/welcome/support/fixes.html

_____________________________________________________________________________
Table of Contents

1.0  Product Description
2.0  Getting Help
3.0  Installing and Configuring
4.0  Late-breaking Information
5.0  Fixed Authorized Problem Analysis Reports (APARs) 
6.0  Trademarks and Copyright


_____________________________________________________________________________
1.0 Product Description

The IBM WebSphere Everyplace Connection Manager consists of the following 
components:

  o Connection Manager runtime environment.
  o Gatekeeper, a Java(TM) graphical user interface for managing and 
    configuring the Connection Manager system and subsystems.
  o Access Manager used to support Gatekeeper access to the 
    runtime environment and persistent data store.
  o Mobility Client, an optional interface that provides an optimized and 
    secure IP tunnel for communication with the Connection Manager using a 
    variety of wireless and wireline networks.


_____________________________________________________________________________
2.0 Getting Help

Online help is available through the Gatekeeper and the Mobility Client. 
Also see the web site at:
www.ibm.com/software/pervasive/products/support/connection_manager.shtml
for more information and the latest updates.


_____________________________________________________________________________
3.0 Installing and Configuring

3.1 See the IBM WebSphere Everyplace Connection Manager Administrator's Guide 
for information about installing for the first time or applying maintenance. 
The guide is in portable document format (PDF) and you will need Adobe Acrobat 
Reader Version 3.0 or greater to display or print it.  This guide is on the 
installation CD and is also located at
www.ibm.com/support/search.wss?rs=804&tc=SSZQDW&dc=DA400


_____________________________________________________________________________
4.0 Late-breaking Information   

4.1  If you are using Netscape Directory Server with the Connection Manager, 
you must configure it to store passwords as clear text to enable 
support for the Mobility Client for Palm OS.

4.2  If you run a Connection Manager subordinate node on Solaris 8, and if 
this node is part of a cluster with a principal node that is running on 
AIX 4.3.3, the "in use" license count is not incremented when the subordinate 
node requests licenses. Therefore, license use counts for the cluster will 
not be accurate.
   
4.3  If you are using Secure Hashing Algorithm (SHA) to store passwords in 
LDAP (the default for Netscape Directory), login sessions using the 
native PPP protocol and CHAP for authentication will fail. If this 
type of session is a requirement, use clear text for password storage.

4.4  New features for Version 4.2.3

o  HTTP codec is a service that uses TCP-Lite as an underlying transport to 
   provide a reduction in the over-the-air (OTA) byte count by removing 
   and/or byte-encoding header fields in a HyperText Transport Protocol 
   (HTTP) data stream. On the Mobility Client, HTTP codec removes or encodes 
   HTTP request headers, transmits the HTTP data stream, then reconstitutes 
   the request headers at the Connection Manager before passing the traffic 
   to target web servers.
   
o  Support for the Mobility Client on Linux handheld and desktop systems.

o  Support for the Mobility Client on Palm OS Version 3.5.2 and later, 
   Palm OS Version 4.0 and Palm OS Version 4.1.

o  Separation of the code base for Everyplace Wireless Gateway Version 
   2.1.1.12 or later from new function added to this version and subsequent 
   versions of the Connection Manager.
   
o  Support for binary standard context routing (B-SCR) format, for Motient 
   networks.
   
o  Some devices have serial numbers associated with their hardware which can 
   be used for identification. Users who connect using the Mobility Client 
   configured for Password key exchange can have an additional level of 
   security by taking advantage of device identifiers. Not all client 
   platforms and devices support device identification. When it is available, 
   the Mobility Client Help -> About is updated to display the Device 
   Identifier. If a user is configured to use device identification, the 
   unique identifier is combined with the password during authentication.

4.5  If you are using wg_monitor on the Solaris operating system, first run
some traffic through the Connection Manager before running the wg_monitor 
command, otherwise arithmatic errors may cause wg_monitor, wgated, or both
processes to end abnormally.

4.6  If you are using License Use Management (LUM), change the setting in 
the i4ls.ini file (located in the LUM server installation directory) from 
LogAllEvents=yes to LogAllEvents=no to prevent the LUM server from 
terminating abnormally.

_____________________________________________________________________________
5.0 Fixed Authorized Problem Analysis Reports (APARs) 

Problems resolved with version 4.2.3.1 include:

IY39674  Add search capability to Broadcast Group and messaging
IY41534  Hashed passwords used in SMS cause failure in SMS-C
IY42067  When an RPA MNC is running, the messaging gateway will not start
IY42068  The mechanism for specifying the source address on SMS messages 
         submitted using the messaging toolkit API is not working
IY42490  "Active" mode doesn't work correctly for sms-ucp MNC

Problems resolved with version 4.2.3.2 include:

IY43365   MIG GW core dumps.  Looks to be terminating Idle sessions
IY43454   Secure WAP connections (WTLS) fail when using DES or TripleDES
IY44633   IPSIZE not shown in ACCTDATAINFO table
IY43938   Heartbeat configuration missing from Motient MNC panels
IY44448   TCP-Lite performance enhancements
IY44265   Floating window added to datatac confirmed modes.
IY44534   Native PPP Dial support, login fails.
IY44720   Change confirmed mode for Motient networks to be synchronous and
          make use of status messages from the service provider.
IY44945   Stale WLP Session information in Motient networks can cause 
         crypto keys to be out of sync.  Decrypt errors are visible in the
          gateway log and client traces.
IY45002   Add a session identifier to WLP transactions to allow us to 
          ignore old unrelated packets.
IY45015   Modify TCP-OPT engine to retransmit data when a roam occurs.
IY45027   LDAP Bind authentication fails on 4.2.3 and later clients.
IY45029   PDU(Receiver) Tab Missing From Gatekeeper
IY45037   Improve placement of transmit window size on ardis-mnc props
IY45193   Password policy name changes not reflected in user accounts.
          Causes gateway to core.
IY45206   Roaming changes
IY45210   TCP-OPT enhancements to remove excessive FIN pkts
IY45274   Confirmed mode enhancements for Motorola PMR and Dataradio networks
IY45425   device resolver not sending X-IBM-PVC headers
IY45949   wg_cert -r causes gateway to core  
IY46007   WECM client fails to log off for WTLS connection
19035     Long radius shared secret causes gateway to core.

Problems resolved with version 4.2.3.3 include:

IY43817   DNS hostname lookups fail with 2.1.1.13 EWC for win32          
IY45035f_2 Discrepancies between ACTTDATAINFO and ACCTDISCINFO
IY46796   WAP code doesn't support content types of '*/*' or 'images/*'
IY46997   wgated hang
IY47067   IP Address assigned to client is in use by another userid.  Only
          applicable to FIXED IP address assignment types.
IY47105   Gateway should reset crypto after successive failures.  This
          APAR is prevelent in HA environments when moving back and
	  forth between HA nodes.
IY47438   "password expired" message is misleading when applied to 
          secondary auth requirement.
IY47684   HTTPAS login form is returned out sequence by T-Mobile
IY47729   T-Mobile usage of the HTTP application services layer fails to
          login.  Form attributes are out of the experted order.
IY48129   NAT and TCP-Lite do not work together
IY49223   WAP proxy fails to deliver data when Content-Length token is
          not present.
IY49337   GW sending response from Pri. RADIUS to secondary RADIUS server
IY49338   non-existent user allowed into WECM when using RADIUS auth
IY50379   Locality and State OUs are not added to CSR when using wg_cert tool
IY50631   Date format for wg.log is not using English when Use Message Cat
          is set to false
IY50701   TERM_USER_OVERRIDE when new login attempt's active status is set
          to active incorrectly   

Problems resolved with version 4.2.3.4 include:

IY50379   Locality and State OUs are not added to CSR when using wg_cert tool
IY52544   Verisign root certificates have expired, preventing HTTP access 
          services from establishing SSL connections
IY54787   Use of TCP-Lite may lead to dead-lock condition in lossy networks
          when the TCP-Lite session is activated prior to completion of
          the login exchange
IY54796	  Use of TCP-Lite may lead to dead-lock when logging in with a
          user ID that is already active in the system
IY55738   Gatekeeper and wg_monitor showing different values for users 
          connected to WECM due to IP address leakage
IY56622   Connection Manager 5.0.1.2 core dumps when using two party key
          distribution protocol (TPKDP) on all supported platforms
IY56750   Deadlock condition in TCP-Lite
IY56783   Gateway hang when LDAP server is unavailable
IY56799   Connection Manager is sending data packets which are too large for 
          the DataTAC network
IY56951   Functional change to add an option to disable terminate requests
          when the gateway is being shutdown
IY56976   Scheduling error for WLP login threads.  Jobs not getting
	  evenly distributed.
IY57135   WLP control packet processing delay in Connection Manager
IY57136   Memory leak in AES encryption routines may lead to a deadlock in 
          the Connection Manager
IY57302   Connection Manager cores when TCP-Lite sessions are not closed
IY57661   WECM gateway core dump
IY57871   Core dump in gateway when the same user account is used to log into
          the gateway simultaneously
IY58203   Memory leak when WECM acts as an SMS gateway
IY58273   Memory leak when fragmenting packets with TCP-Lite
IY58669   WECM Connection Manager on Linux will hang up or freeze when using
          SSHA passwords
IY58911   Hang in IP Stack receive processing from the MNI
IY59979   Connection Manager suddenly restarts.  No core dump is generated.
IY60385   IP Address mismatch between DSS and active session table.
IY62120   Add "activeKey" attribute to the always update list for
          IY60385.  This attribute should always be updated.  

Problems resolved with version 4.2.3.5 include:

IY62689	  TCP-Lite session may get destroyed while waiting for a SYN/ACK.
          A small timing hole was discovered where a maintenance thread
          could cleanup a session erroneously.
IY63725 - HTTP Codec for tcp-lite inserting "Connection: close" when
          "Connection" token is not present for http responses.

_____________________________________________________________________________
6.0 Trademarks and Copyright
                   
AIX, Everyplace, IBM, SecureWay and WebSphere, are trademarks or registered 
trademarks of the IBM Corporation in the United States or other countries or 
both.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. 
in the United States, other countries, or both.

Other company, product, and service names may be trademarks or service marks 
of others.

Copyright International Business Machines and others, 1994, 2004. All rights 
reserved.