IT25509: SESSIONSECURITY OF THE NODE IS NOT UPDATED WITH STRICT WHEN THE CLIENT ESTABLISHED THE SESSION USING SHAREDMEM OR NAMEDPIPE.

8.1.6.000-IBM-SPSRV-AIX
8.1.6.000-IBM-SPSRV-Linuxppc64le
8.1.6.000-IBM-SPSRV-Linuxs390x
8.1.6.000-IBM-SPSRV-Linuxx86_64
8.1.6.000-IBM-SPSRV-WindowsX64
8.1.6.000-IBM-SPOC-AIX
8.1.6.000-IBM-SPOC-LinuxPPC64le
8.1.6.000-IBM-SPOC-Linuxs390x
8.1.6.000-IBM-SPOC-Linuxx86_64
8.1.6.000-IBM-SPOC-WindowsX64
8.1.6.000-IBM-SPCMS-Linuxx86_64
8.1.6.000-IBM-SPCMS-WindowsI32
8.1.6.000-IBM-SPCMS-WindowsX64
8.1.6.100-IBM-SPSRV-Linuxppc64le
8.1.6.100-IBM-SPSRV-AIX
8.1.6.100-IBM-SPSRV-Linuxs390x
8.1.6.100-IBM-SPSRV-Linuxx86_64
8.1.6.100-IBM-SPSRV-WindowsX64
7.1.10.000-TIV-TSMSRV-AIX
7.1.10.000-TIV-TSMSRV-HP-UX
7.1.10.000-TIV-TSMSRV-Linuxppc64
7.1.10.000-TIV-TSMSRV-Linuxs390x
7.1.10.000-TIV-TSMSRV-Linuxx86_64
7.1.10.000-TIV-TSMSRV-SolarisSPARC
7.1.10.000-TIV-TSMSRV-WIN
IBM Spectrum Protect Server V8.1 Fix Pack 6 (V8.1.6) Downloads
IBM Spectrum Protect Server V8.1.6.X interim fix downloads
IBM Spectrum Protect Server V7.1 Fix Pack 10 (7.1.10.000) Downloads

APAR status

• Closed as program error.

Error description

• After the 7.1.8/8.1.2 or higher level of client once established
  session with the server 7.1.8/8.1.2 or higher level using
  COMMMETHOD SHAREDMEM or NAMEDPIPE, the old level client of the
  same node name will be rejected with ANR0428W/ANS1357S.
  
  ANR0428W Session * for node nodename(platform) refused - client
  is down-level with this server version.
  
  ANS1357S Session rejected: Downlevel client code version
  
  With this situation, Query Node may display incorrect "Session
  Security: Transitional."  It should be updated with "Session
  Security: Strict" even when COMMMETHOD SHAREDMEM or NAMEDPIPE is
  used.
  
  
  IBM Spectrum Protect Versions affected:
  IBM Spectrum Protect Server 7.1.8/8.1.2 or higher level on all
  supported platforms.
  
  
  Initial Impact:
  Low
  
  Additional keywords:
  TS000997334, TSM
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * All IBM Spectrum Protect server users.                       *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * See error description.                                       *
  ****************************************************************
  * RECOMMENDATION:                                              *
  * Apply fixing level when available. This problem is currently *
  * projected to be fixed in levels 7.1.10 and 8.1.6. Note that  *
  * this is subject to change at the discretion of IBM.          *
  ****************************************************************
  

Problem conclusion

• This problem was fixed.
  Affected platforms for reported release:  AIX, HP-UX, Solaris,
  Linux, and Windows.
  Platforms fixed:  AIX, Linux, HP-UX, Solaris, and Windows.
  If a client or administrative id transitions to
  SESSIONSECURITY=STRICT mode using SHARED MEMORY or NAMED PIPES,
  it may require the following procedure to later use TLS for
  communications:
   If the id does not have TLS certificates for the server, they
  must be obtained either through
     1. manual configuration OR
     2. resetting the id's SESSIONSECURITY to TRANSITIONAL mode,
  and connecting to the server to automatically obtain the
  necessary certificates.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  TSM SERVER

• Fixed component ID

  5698ISMSV

Applicable component levels