CICS initialization failures related to security

If SEC=YES is specified, external security is required. If external security cannot be provided, CICS® cannot be initialized.

Figure 1 shows an example of a failure to initialize.

If security initialization fails:
  • Examine the DFHXS1106 message return codes. In the example shown in Figure 1, SAF return code X'00000004' and reason code X'00000000' were issued:

    A return code of X'00000004' indicates that an error occurred in the MVS security router (RACROUTE). See the RACROUTE macro reference in CICS security control points.

  • Check the CICS startup options, in particular the Xname system initialization parameters. Make sure that:
    • The class is defined to RACF® and is active (use the SETROPTS LIST command to check this).
    • The class is defined in the router table. To do this, examine the installation source for ICHRFR01 for any installation-defined classes. (The description of the ICHFRTB macro in z/OS Security Server RACF Macros and Interfaces includes a listing of the IBM®-supplied module, ICHRFR0X.)

Figure 1 shows that XPPT=UNKNOWN has been specified. This causes CICS to try to use a class called MUNKNOWN. MUNKNOWN has not been defined to the MVS router, or to the RACF CDT.