APAR status
Closed as suggestion for future release.
Error description
DB2DDF defect pm80827 dpm80827 DSNL045I DSNLCICF ICSF CSNERNG FUNCTION FAILED with RETCODE='0000000C'X AND RSNCODE='00002B34'X is issued every 5 minutes when ICSF (CRYPT0) hardware is not available to support CSNERNG. ************************************************************** Additional Symptoms and Keywords: DSNL045I MSGDSNL045I DSNLCICF RETCODE 0000000C RETCODE0000000C RSNCODE 00002B34 RSNCODE00002B34
Local fix
Problem summary
Problem conclusion
Temporary fix
Comments
The DB2 (DDF) Communications Data Base (CDB) is configured to use password authentication (SYSIBM.IPNAMES SECURITY_OUT = 'P') when accessing a remote server. In this case DB2 favors encrypting the authentication credentials if the remote server supports this capability. However, this encryption requires ICSF function that does not happen to be available in the user's environment and as a result, access to the remote system results in the following console message: DSNL045I -DB2A DSNLCICF ICSF CSNERNG FUNCTION FAILED WITH RETCODE='0000000C'X AND RSNCODE='00002B34'X This message essentially represents a permanent condition since ICSF crypto features are required for the function. Since the encryption fails, DB2 does utilize non encrypted authentication credentials and the connection is successfully established on behalf of the application. That is, despite the DSNL045I console message, and the inability for DB2 to utilize encrypted authentication credentials, the connection to the server is still successfully established (the application is not exposed to the encryption failure condition). However, on behalf of subsequent connections to the remote server, DB2 continues to attempt to encrypt the authentication credentials even though DB2 could already predict, based on the prior failure, that the encryption attempt will again fail. This causes an unnecessary performance impact to applications. Users can change CDB definitions to access the remote server with out a password, hence avoiding a performance impact regardless if the necessary ICSF crypto features exist or not. Corrective changes are not suitable for field releases of DB2 for z/OS so this condition is being accepted as a suggestion. A solution will be implemented in DB2 11 for z/OS.
APAR Information
APAR number
PM80827
Reported component name
DB2 ZOS SUBSYS
Reported component ID
5740XYR01
Reported release
910
Status
CLOSED SUG
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2013-01-17
Closed date
2013-05-09
Last modified date
2013-05-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DB2 OS/390 & Z/
Fixed component ID
5740XYR00
Applicable component levels
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEPEK","label":"Db2 for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.1"}]
Document Information
Modified date:
05 March 2021