Diagnosing problems with Express Logon

The Express® Logon feature in Communications Server for z/OS® allows a user on a workstation, with a TN3270E client and an X.509 certificate, to log on to an SNA application without entering an ID or password.

This topic describes how to diagnose problems using Express Logon for the z/OS Communications Server Express Logon feature, including the Digital Certificate Access Server (DCAS). It contains the following sections:
For complete information about Express Logon, see the following:
For most situations in which the DCAS does not start, a message to the console is displayed. If the explanation in z/OS Communications Server: IP and SNA Codes does not help, you should turn on debugging and logging. You can specify debugging and logging as startup parameters from the z/OS UNIX shell or from the MVS™ console as a started procedure:
  • If the DCAS is started from the z/OS UNIX shell, you can specify the following: 
    dcas -d <debugging_level>  -l <logtype>
  • If the DCAS is started from the MVS console, you can specify debugging and logging on the PARM statement after the final slash, as shown in the following example: 
     //DCAS   PROC
 //*
 //DCAS   EXEC PGM=EZADCDMN,REGION=4096K,TIME=NOLIMIT,
 // PARM='POSIX(ON) ALL31(ON)/-d -1 SYSLOGD'

The following optional parameters can be used with both DCAS UNIX commands and MVS started procedures:

-d or -D
Indicates debugging. The following levels apply:
1
Specifies log error and warning messages.
2
Specifies log error, warning, and informational messages.
3
Specifies log error, warning, informational, and debug messages.
The default level is 3.
-l or -L
Indicates logging to SYSLOGD or to a designated log file. If you do not specify this parameter, logging defaults to /tmp/dcas.log.

If you specify a debug level, but not logging, the DCAS attempts to open the default log file /tmp/dcas.log. If this fails, debugging is turned off.

For SYSLOGD, the DCAS uses the log facility local0.

If DCAS has already been started you can issue a MODIFY DCAS,DEBUG=debug_level from the MVS console to enable, disable, or switch the level of debugging. See z/OS Communications Server: IP System Administrator's Commands for more information about this command.

An accent mark (`) is used in the definition above, not a single quotation mark.

For further aid in diagnosing errors, see the error logs of the TN3270E middle-tier servers. Also, examine the HOD client security message panel.

The following netstat commands, issued from the middle-tier server, are useful in determining connectivity problems between z/OS Communications Server and DCAS.

For AIX®, the netstat command is: 
netstat -an | grep port#
For CS/2, the netstat command is: 
netstat -sn | grep port#
For NT, the netstat command is: 
netstat -an | more port#

In the netstat commands, port# is the listening port of DCAS. The default DCAS port is 8990.

Parent topic: Diagnosing z/OS Communications Server components