IBM Support

PM03817: DFHXS1111 & DFHAC2003 FOR TRANSACTIONS STARTED OVER ISC SESSIONS

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Customer has a ISC connection to CICS TS VSE 1.1.1 . CICS TS VSE
    is the AOR in this case .During normal work DFHXS1111 and
    DFHAC2003 comes up for the transcations started over the ISC
    connection/session .
    The first DFHXS1111 and DFHAC2003 both refer to CICSUSER.
    Subsequent DFHXS1111 refer to CICSUSER whereas DFHAC2003 refer
    to CICSPROD!
    DFLTUSER:
    On z/VSE AOR (DCIA) is CICSUSER.
    Region USERID:
    On z/VSE AOR (DCIA) is CICSPROD.
    Connection definition shows
    SECURITYNAME(CICSPROD) ATTACHSEC(LOCAL)
    A CEMT PERFORM SECURITY REBUILD did not solve the issue.
    Only a restart of CICS TS VSE solved it.
    CICS internal trace shows that in the failing case the wrong
    security token is used at the session TCTTE and therefore the
    DFHXS1111 comes up.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICS users.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Unexpected DFHXS1111, DFHAC2003 and     *
    *                      BST120I messages when using ISC         *
    *                      connection with ATTACHSEC(LOCAL).       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When using transaction routing over ISC where CICS security is
    active and link security is predefined using ATTACHSEC(LOCAL),
    it is possible to receive VSE message BST120I ('INSUFFICIENT
    ACCESS AUTHORITY') followed by CICS messages DFHXS1111 and
    DFHAC2003, even though the security was set up correctly.
    The ISC connection and sessions have predefined security
    correctly set by ATTACHSEC(LOCAL) with a SECURITYNAME that is
    correctly defined to VSE security.
    
    The use of transaction routing results in the creation of a
    surrogate TCTTE on the AOR. The terminal sharing program
    DFHZTSP performs a SIGNON_SURROGATE operation to transfer
    the link security to the surrogate, leaving the link with only
    default security. When a transaction terminates normally on the
    AOR, DFHZTSP performs a SIGNOFF_SURROGATE to restore the APPC
    session security. However in this case an RTIMOUT abend caused
    DFHZTSP's error routine to be driven and this incorrectly freed
    the session without first restoring its security. The session
    was then reused and the signoff was never performed, leaving
    it with only default security.
    
    When subsequent transactions use the link they failed due to
    inadequate authority and CICS had to be restarted.
    
    Additional keywords: msgBST120I msgDFHXS1111 msgDFHAC2003
    

Problem conclusion

  • DFHZTSP has been changed to remove the DFHTC TYPE=FREE that
    frees the session. This has been moved to DFHZISP so that it
    is executed just before the session security is restored.
    

Temporary fix

  • FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PM03817

  • Reported component name

    CICSTS FOR VSE

  • Reported component ID

    564805400

  • Reported release

    B0P

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-12-17

  • Closed date

    2010-03-10

  • Last modified date

    2010-11-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UK55073

Modules/Macros

  •    DFHZISP  DFHZTSP
    

Fix information

  • Fixed component name

    CICSTS FOR VSE

  • Fixed component ID

    564805400

Applicable component levels

  • RB0P PSY UK55073

       UP10/03/11 P E430

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1.1","Edition":""}]

Document Information

Modified date:
04 November 2010