OA29305: LU 6.2 SESSION FAILS DUE TO INCORRECT LU-LU VERIFICATION LEVEL.

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• An LU 6.2 BIND was received from a partner LU containing both a
  real name and a USERVAR name. During BIND processing, a RACROUTE
  call was issued to load the associated profile.  The profile
  name provided on the RACROUTE call was built using the USERVAR
  name instead of the real name.  The RACROUTE call failed, and
  the BIND response was built using the default LU-LU verification
  level from the APPL statement.  If the RACROUTE call had been
  issued using a profile name derived from the real name of the
  partner LU, the profile would have been loaded, and the BIND
  response would have been built using LU-LU verification data
  from the security manager (RACF).
  

Local fix

• Do not initiate sessions from the host that has the USERVAR
  name defined.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: All using VTAM APPC (APPC=YES on VTAM APPL   *
  *                 statement).                                  *
  ****************************************************************
  * PROBLEM DESCRIPTION: VTAM/APPC LU 6.2 BIND rejected due to   *
  *                      incorrect LU-LU verification level.     *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  The problem may be summarized as follows:
  
  1. IMS was defined as a VTAM/APPC application with the
     the following parameter statements:
  
     APPC=YES
     SECACPT=CONV
     VERIFY=NONE
  
  2. A BIND request was received by IMS from CICS for logmode
     SNASVCMG.  The BIND request contained both a real name
     name and a USERVAR name (the latter in the user data
     portion of the BIND) to represent the PLU.
  
  3. VTAM/APPC on the IMS side performed conversation level
     security processing when processing the BIND request.
     This processing included building a profile name and
     issuing a RACROUTE call to load the profile.  The provided
     profile name was a three part name constructed in this
     fashion:
  
     IMSnetid.IMSLUname.CICSUSERVARname
  
     The RACROUTE EXTRACT call failed with return code 8
     indicating that the profile did not exist.
  
  4. The BIND response was returned to CICS using the
     default information from the APPL statement. Indicator
     BINAVFS was turned off in the BIND response.
  
  5. A new session was later started from IMS to CICS (IMS was
     the PLU). A new RACROUTE EXTRACT was issued, this time using
     a profile name constructed in the following fashion:
  
     IMSnetid.IMSLUname.CICSrealname
  
     This time the RACROUTE call succeeded, and the BIND request
     specified BINAVFS on (already verified accepted).  The
     BIND request was not accepted because the previous BIND
     has specified already verified not accepted.
  

Problem conclusion

• To resolve this problem, the following changes have
  been made:
  
  1. Module ISTNSCSI has been changed to set the SMP
     return code SMPCFGER (config error) during CONVSEC
     processing if the RACROUTE EXTRACT fails because the
     profile does not exist.
  
  2. Module ISTNSCBA has been changed to retry the RACF
     EXTRACT procedure if the first attempt failed with the
     config error return code and the first attempt was made
     using a profile name derived using the USERVAR or generic
     resource name of the PLU.  The second attempt will be
     made using a profile name derived from the real name
     of the PLU.
  
  3. Module ISTNSCLR has been included for maintenance
     purposes only.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UA48311 UA48312 UA48313 UA48314

Modules/Macros

• ISTNSCBA ISTNSCLR ISTNSCSI
  

Fix information

• Fixed component name

  VTAM V4 MVS/ESA

• Fixed component ID

  569511701

Applicable component levels

• R1A0 PSY UA48311

     UP09/08/06 P F908

• R1B0 PSY UA48312

     UP09/08/06 P F908

• R180 PSY UA48313

     UP09/08/06 P F908

• R190 PSY UA48314

     UP09/08/06 P F908

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.