A fix is available
APAR status
Closed as program error.
Error description
z/OS Explorer internal defects and enhancements
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: 1. all z/OS Explorer users * * 2. All users * * 3. All users * * 4. All users * * 5. All users * * 6. All users * * 7. None * * 8. IBM support * * 9. Sysprog * * 10. * **************************************************************** * PROBLEM DESCRIPTION: 1. JMON S0C4 abend during startup * * 2. It is critical for applications on * * RSED based to be able to use SAF JWT * * as a single sign-on authentication * * method to access RSED-base server * * services. * * 3. Some dataset and members when * * created with its ISPF statistic * * filled with certain invalid data may * * cause RSED detection of its SCLM * * control bit incorrectly, causing * * unexpected result for the operation * * on the dataset member. * * 4. RSED 3.3.3 support of Java 17 * * requires the support of ability to * * retrieve socket fd using JNI * * reflection (used in AT-TLS support), * * and it must work for old client * * versions prior to Java 11 support of * * RSED release timeline. * * 5. It is critical for applications on * * RSED based to be able to use SAF JWT * * as a single sign-on authentication * * method to access RSED-base server * * services. * * 6. IVP Daemon failed at the second * * step of the test to connect to * * ServerThread. * * 7. RSED includes non--existing * * bin/classic directory when using Java * * 11 * * 8. FEKLOGS does not gather * * java.security file for Java 11 * * 9. JMON may suffer S0C4 ABEND when * * loaded from updated LINKLIST * * 10. * **************************************************************** 1. ABEND0C4 at FEJJMON+1460 during JMON startup 2. The SAF JWT generation and validation service could be provided by RSED for RSED-base and extension services. 3. When RSED reads the ISPF statistics of a dataset member for SCLM control bit, it missed to have the existing standard check on version and modification level. For some invalid ISPF data, RSED detects the SCLM control bit of the dataset member incorrectly as ON. 4. Change to support JNI reflection was done. The second required change to support old clients, which uses a different Base64 mechanism in a way that its sent data can be read with IBM Base64Decoder, but not with Java Base64 decoder. 5. The SAF JWT generation and validation service could be provided by RSED for RSED-base and extension services. 6. In the second step connecting to ServerThread, IVP Daemon does not configure the gsk environment properly, causing the handshake and the connection failed. The first step in the test to connect to Daemon is working fine. 7. z/OS Explorer RSED includes non--existing bin/classic directory when using Java 11 8. z/OS Explorer FEKLOGS does not gather java.security file for Java 11 9. JES Job Monitor (JMON) may suffer S0C4 ABEND in LOADCSA when loaded from an updated LINKLIST 10.
Problem conclusion
1. corrected reentrant issue 2. RSED ZosOmvsService now can generate and validate SAF JWT via client-server API or handle. 3. RSED now validate the ISPF statistics of a dataset member based on the existing check on version and modification level before retrieving the SCLM control bit. In addition to that, a loose check on valid day is added to the validation of the ISPF statistic. 4. Early release of Java 17 is expected to still allow the usage of the internal IBM Base64Decoder. RSED needs to utilize this method in order to support the connection from old client prior to Java 11 support releases. 5. RSED ZosOmvsService now can generate and validate SAF JWT via client-server API or handle. 6. IVP Daemon does not set up the gsk environment properly for the ServerThread connection test, causing the handshake and test failure. In AT-TLS mode, it was logged explicitly in syslog with the TTLS 406 error. By preparing a correct gsk environment for the ServerThread connection, the handshake and the connection to the ServerThread port is fine. Note that as the connection in the test is not a complete client connection establishment, the pseudo connection will be shutdown from the server side as it does not receive the client message as expected in a standard client connection with corresponding messages logged in user logs. 7. rse.final.env detects Java version and only includes bin/classic for J8 8. FEKLOGS now detects Java version and selects correct directory 9. added ERRET to LOADCSA 10.
Temporary fix
Comments
×**** PE24/01/08 FIX IN ERROR. SEE APAR PH59049 FOR DESCRIPTION
APAR Information
APAR number
PH56739
Reported component name
EXP FOR Z/OS HO
Reported component ID
5655EXP23
Reported release
330
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-09-05
Closed date
2023-10-16
Last modified date
2024-01-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI94017
Modules/Macros
FEJENF70 FEJJCNFG FEJJJCL FEJJMON FEJTSO FEK1SMPE FEK2RCVE FEK3ALOC FEK4ZFS FEK5MKD FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR FEK@CONE FEK@CONF FEK@CUST FEK@DEB FEK@DESC FEK@FLOW FEK@GEN FEK@GENW FEK@ISPF FEK@IVP FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1 FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX FEKATTR FEKDSI FEKEESX0 FEKFASIZ FEKFATT1 FEKFBLD FEKFCIPH FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6 FEKFCORE FEKFDBG FEKFDBG6 FEKFDBGM FEKFDIR FEKFDIR6 FEKFDIVP FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI FEKFENVP FEKFENVR FEKFENVS FEKFEPL FEKFERRF FEKFGDGE FEKFICUL FEKFISPF FEKFIVP0 FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU FEKFJLIC FEKFJSON FEKFJVM FEKFLATR FEKFLDSI FEKFLDSL FEKFLEOP FEKFLOGS FEKFLPTH FEKFMAI6 FEKFMAIN FEKFMINE FEKFMNTL FEKFNTCE FEKFOMVS FEKFPATT FEKFPLUG FEKFPTC FEKFRIVP FEKFRMSG FEKFRSES FEKFRSRV FEKFSCMD FEKFSEND FEKFSSL FEKFSTUP FEKFT000 FEKFT002 FEKFT003 FEKFT004 FEKFTIVP FEKFTSO FEKFUTIL FEKFVERS FEKFXITA FEKFXITL FEKFZOS FEKHCONF FEKHCUST FEKHDEB FEKHDESC FEKHFLOW FEKHGEN FEKHISPF FEKHIVP FEKHIVPD FEKHJESJ FEKHMAIN FEKHMIGO FEKHOPTE FEKHOPTN FEKHPRIM FEKHRSE1 FEKHRSEO FEKHSTRT FEKHTAB1 FEKHTAB2 FEKINIT FEKKEYS FEKLOCKA FEKLOGR FEKLOGS FEKM00 FEKM01 FEKM02 FEKMKDIR FEKMOUNT FEKMSGC FEKMSGS FEKPKCS1 FEKRACF FEKRSED FEKSAPF FEKSAPPL FEKSBPX FEKSCLAS FEKSCLOG FEKSCMD FEKSCPYM FEKSCPYU FEKSDSN FEKSENV FEKSETUP FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON FEKSJWT FEKSJWTU FEKSLPA FEKSPROG FEKSPTKT FEKSRSED FEKSSERV FEKSSTC FEKSSU FEKSUSER FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT FEKXMAIN FEKXML HUHFCOR6 HUHFCORE
Fix information
Fixed component name
EXP FOR Z/OS HO
Fixed component ID
5655EXP23
Applicable component levels
R330 PSY UI94017
UP23/10/21 P F310
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSBDYH","label":"IBM Explorer for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"330","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
09 January 2024