IBM Support

PI40620: ABEND OC1/AKEA IN DFHSOSE OCCURS DURING CICS INITIALISATION

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After applying maintenance to DFHSOSE, it is possible that
    message DFHSO0001 AN ABEND (CODE 0C1/AKEA) HAS OCCURRED AT
    OFFSET X'FFFF' IN MODULE DFHSOSE is produced with a dump. CICS
    will continue to initialise, however upon control being given to
    CICS, any SSL calls will fail.
    SSL support is made available during initialisation when DFHSIT
    parameters TCPIP=YES and KEYFILE=library.sublibrary are both
    active. SSL is only used if the customer installs TCPIPSERVICE
    resource definitions that request SSL support.
    The program check is a result of an error in the Linkage Editor
    failing to include module IPCRYPTS in the DFHSOSE phase during
    the service application. There are two reasons and
    circumventions for this:
    1. The customer does not have a permanent LIBDEF OBJ,SEARCH for
    the CSI TCP/IP sublibrary in which IPCRYPTS.OBJ exists. In this
    case, the service must be re-applied with a corrected permanent
    LIBDEF. In z/VSE 5.2, the CSI TCP/IP code was moved from
    PRD1.BASE to PRD2.TCPIPC.
    2. The customer only has the BSI TCP/IP sublibrary and there is
    no IPCRYPTS.OBJ member that can be included. In this case, the
    customer must deactivate the DFHSIT KEYFILE parameter value. BSI
    TCP/IP SSL activity is always performed externally to the CICS
    partition, and there is no reason to request CICS to enable its
    own SSL support during initialisation.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICS Users                               *
    ****************************************************************
    * PROBLEM DESCRIPTION: During sockets domain initialization    *
    *                      an abend 0C1/AKEA occurs in module      *
    *                      DFHSOSE at offset X'FFFF'.              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When wanting to use the secure sockets layer (SSL), CICS will
    need access to module IPCRYPTS which is part of the IBM TCP/IP
    for VSE/ESA library. If this library or its equivalent is
    unavailable to CICS when running a linkedit for module DFHSOSE
    (such as when applying a PTF), the next time CICS is
    initializing the sockets domain where the system initialization
    parameters TCPIP=YES and KEYFILE=xxx.yyy have been set in the
    system initialization table (SIT) then message "DFHSO0001 An
    abend (code 0C1/AKEA) has occurred at offset X'FFFF' in module
    DFHSOSE" is issued.
    

Problem conclusion

  • DFHSOSE has been altered to ensure that if IPCRYPTS is
    unavailable to CICS, then CICS will disable the SSL function and
    issue message DFHSO0104 with program name IPCRYPTS specified on
    the CICS JOBLOG.
    
    The CICS Transaction Server for VSE/ESA Messages and Codes
    Release 1, GC34-5561-08, Chapter 1. DFH messages, section
    DFHSOxxxx messages has been altered to change the description of
    the DFHSO0104 message to read as follows:
    
    DFHSO0104 applid Secure sockets program
              pgmname could not be loaded. Secure
              Sockets Layer is not available.
    
    Explanation: The program module pgmname, which is required to
    implement the secure sockets layer, could  not be loaded.
    
    System Action: System initialization continues, but support for
    the secure sockets layer is not enabled.
    
    User Response: If this message is preceded by message DFHSO0103,
    try restarting CICS with ENCRYPTION=NORMAL.
    
    If pgmname is IPCRYPTS and you are using IBM/BSI TCP/IP, you can
    either ignore the message or remove the KEYFILE parameter from
    the SIT. If you are using IBM/CSI TCP/IP, IPCRYPTS would
    normally be missing due to incorrectly applying a PTF to
    DFHSOSE. In which case, the PTF must be re-applied with a LIBDEF
    OBJ PERM that includes the IBM/CSI sublibrary.
    
    Destination: Console Routecodes 2, 9, 10 and 11
    
    Module: DFHSODM DFHSOSE
    
    XMEOUT Parameters: applid, pgmname
    

Temporary fix

  • FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PI40620

  • Reported component name

    CICSTS FOR VSE

  • Reported component ID

    564805400

  • Reported release

    B0P

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-05-07

  • Closed date

    2015-07-22

  • Last modified date

    2015-08-10

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI29611

Modules/Macros

  • DFHMESOC DFHMESOE DFHMESOG DFHMESOK DFHSOSE
    

Publications Referenced
GC34556108    

Fix information

  • Fixed component name

    CICSTS FOR VSE

  • Fixed component ID

    564805400

Applicable component levels

  • RB0P PSY UI29611

       UP15/08/10 I 1000

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1.1","Edition":""}]

Document Information

Modified date:
10 August 2015