IBM Support

DFHH0001E, DFHH0002E and DFHH0003E default userid can access CEDA and CECI when using CA's Top Secret

Question & Answer


Question

Recently, The z/OS health checker has been reporting messages DFHH0001E , DFHH0002E, and DFHH0003E for several of our CICS regions on test lpars. We have already successfully deployed the CICS Health Checker CHCK transaction to all of CICS regions across the enterprise, without issue.

We noticed, the DFHH001E/2E/3E messages occurred just after applying CA Top Secret to three of our test LPAR's .

Invocation of the CEDA and CECI transactions, using the default userid by not being signed on, produces the expected security failures: TSS7251E ACCESS DENIED TO OTRAN <CECI> TSS7251E ACCESS DENIED TO OTRAN <CEDA>

Is the z/OS Health Checker producing the DFHH0001E/2E/3E messages invalidly?

Answer

Apply Top Secret fix ST06885, then add the following command to your TSS.PARMLIB:

FAC(facilityname=BYPREM(TRANID=(CHCK)))

This command needs to be created for "All" the facility names for prod, test, etc..

Notify Top Secret for further assistance needed with this fix.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":""}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Document Information

Modified date:
04 April 2019

UID

dwa1500151