A fix is available
APAR status
Closed as program error.
Error description
During a warm or emergency startup, an IPCONN definition defined as SSL=YES is restored and causes message DFHIS0002 with code x'0105' to be produced when the KEYRING associated with the CICS region does not have a default certificate. . NOTE: The same configuration has no problem when the startup is INITIAL or COLD. . DFHISDM calls routine DFHISDM_WARM_START_IPCONNS when startup is not Cold. This is to Recover IPCONN defnitions from the Global Catalog. Within this routine, DFHISDM initializes ISIC_CERTIFICATE_X to ON and calls DFHISIC for ADD_IPCONN. Within ADD_IPCONN routine, DFHISIC calls VALIDATE_CERTIFICATE when SSL=YES and ISIC_CERTIFICATE_X is ON. VALIDATE_CERTIFICATE eventually calls INQUIRE_CERTIFICATE which ends up as a call to the security manager. The security manager returns SAF_RESPONSE(8) ESM_RESPONSE(8) ESM_REASON(2C) meaning NO_DEFAULT_CERTIFICATE . ADDITIONAL KEYWORD(s): No Default Certificate ISIC VALIDATE CERTIFICATE IPCONN 105 IPIC KIXREVSCB
Local fix
There are two options to work around this problem before PTF is applied. First, adding a default certificate in the keyring. Second, restart CICS using INITAL or COLD instead of AUTO
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users * **************************************************************** * PROBLEM DESCRIPTION: msgDFHIS0002 code x'0105' issued during * * a warm start and CICS terminates when * * IPCONNs that use SSL are restored from * * the catalog. * **************************************************************** * RECOMMENDATION: * **************************************************************** An IPCONN with SSL(YES) is installed in to CICS. SSL client authentication is not being used so the certificate attribute is left blank. When CICS is shut down and subsequently warm started the IPCONN definition is restored from the catalog. DFHISDM calls DFHISIC FUNCTION(ADD_IPCONN) to do this passing the information from the catalog. DFHISDM is always supplying a certificate label even if a certificate was not specified for this IPCONN. DFHISIC detects that the IPCONN has SSL(YES) and that a certificate has been supplied so it calls DFHXSCT to validate the certificate. The certificate label is actually blanks so the validation is done against the default certificate. In this case the KEYRING did not contain a default certificate so the validation fails. This is an unexpected failure so DFHISDM issues message DFHIS0002 with code x'0105' and returns a disaster response to the domain manager. This causes the CICS startup to be terminated.
Problem conclusion
DFHISDM has been modified to only pass a certificate label to DFHISIC if the IPCONN actually uses a certificate.
Temporary fix
********* * HIPER * ********* FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM45556
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2011-08-11
Closed date
2011-09-22
Last modified date
2011-11-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PM46591 UK72191
Modules/Macros
DESISDM DFHISDM
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK72191
UP11/10/05 P F110
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 November 2011