IBM Support

IT41904: FDC record with Probe ID CO373099 does not include the peer connection name in the header

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It is expected that a queue manager channel process will
generate a failure data capture (FDC) record with probe ID
CO373099 from the cciTcpSslResetCallback function if an invalid
TLS renegotiation flow is detected (at TLS 1.2 or earlier
protocol levels). This FDC record does not state the remote peer
connection name in the header, which is likely to be of
interest for diagnostic purposes.

+---------------------------------------------------------------
--------------+
|
              |
| IBM MQ First Failure Symptom Report
              |
| =========================================
              |
|
              |
| [...]
              |
| Probe Id          :- CO373099
              |
| Application Name  :- MQM
              |
| Component         :- cciTcpSslResetCallback
              |
| SCCS Info         :-
/build/slot2/p920_P/src/lib/comms/amqccisa.c,          |
| Program Name      :- amqrmppa
              |
| [...]
              |
| Major Errorcode   :- rrcE_PROTOCOL_ERROR
              |
| Minor Errorcode   :- OK
              |
| Probe Type        :- MSGAMQ9504
              |
| Probe Severity    :- 2
              |
| Probe Description :- AMQ9504E: A protocol error was detected
for channel    |
|   '????'.
              |
| FDCSequenceNumber :- 0
              |
| Comment1          :- ????
              |
| Comment2          :- Detected multiple key resets
              |
|
              |
+---------------------------------------------------------------
--------------+

MQM Function Stack
cciResponderThread
ccxResponder
rrxResponder
rriAcceptSess
ccxReceive
cciSslSecureReceive
ccigsk_secure_soc_read
cciTcpSslResetCallback
xcsFFST

Local fix

  • The information in question can be identified later on in the
FDC file, in the "Conversation Control Block" section as
follows:

Conversation Control Block
{
  ID                       CONV
  Type                     2
  MaxTransmissionSize      15360
  PeerName                 9.20.88.99

Problem summary

  • ****************************************************************
USERS AFFECTED:
All users of MQ who have a TLS configuration and are seeking to
identify the remote peer associated with a failure data capture
record with probe ID CO373099.


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
The diagnostic logic evaluated in this error scenario did not
include a call to include the peer name in the diagnostic header
(although it could be found elsewhere, as described in the local
fix section).

Problem conclusion

  • The MQ client and queue manager TLS channel logic has been
modified to add the peer connection name to the header of the
FDC record generated when cciTcpSslResetCallback fails due to a
invalid TLS negotiation.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.2 LTS   9.2.0.7
v9.3 LTS   9.3.0.2
v9.x CD    9.3.2

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT41904
    • 

  • Reported component name
    MQ BASE V9.2
    • 

  • Reported component ID
    5724H7281
    • 

  • Reported release
    920
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-08-31
    • 

  • Closed date
    2022-11-18
    • 

  • Last modified date
    2022-11-18
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MQ BASE V9.2
    • 

  • Fixed component ID
    5724H7281
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"920","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            19 November 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback