PI40620: ABEND OC1/AKEA IN DFHSOSE OCCURS DURING CICS INITIALISATION

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• After applying maintenance to DFHSOSE, it is possible that
  message DFHSO0001 AN ABEND (CODE 0C1/AKEA) HAS OCCURRED AT
  OFFSET X'FFFF' IN MODULE DFHSOSE is produced with a dump. CICS
  will continue to initialise, however upon control being given to
  CICS, any SSL calls will fail.
  SSL support is made available during initialisation when DFHSIT
  parameters TCPIP=YES and KEYFILE=library.sublibrary are both
  active. SSL is only used if the customer installs TCPIPSERVICE
  resource definitions that request SSL support.
  The program check is a result of an error in the Linkage Editor
  failing to include module IPCRYPTS in the DFHSOSE phase during
  the service application. There are two reasons and
  circumventions for this:
  1. The customer does not have a permanent LIBDEF OBJ,SEARCH for
  the CSI TCP/IP sublibrary in which IPCRYPTS.OBJ exists. In this
  case, the service must be re-applied with a corrected permanent
  LIBDEF. In z/VSE 5.2, the CSI TCP/IP code was moved from
  PRD1.BASE to PRD2.TCPIPC.
  2. The customer only has the BSI TCP/IP sublibrary and there is
  no IPCRYPTS.OBJ member that can be included. In this case, the
  customer must deactivate the DFHSIT KEYFILE parameter value. BSI
  TCP/IP SSL activity is always performed externally to the CICS
  partition, and there is no reason to request CICS to enable its
  own SSL support during initialisation.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS Users                               *
  ****************************************************************
  * PROBLEM DESCRIPTION: During sockets domain initialization    *
  *                      an abend 0C1/AKEA occurs in module      *
  *                      DFHSOSE at offset X'FFFF'.              *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  When wanting to use the secure sockets layer (SSL), CICS will
  need access to module IPCRYPTS which is part of the IBM TCP/IP
  for VSE/ESA library. If this library or its equivalent is
  unavailable to CICS when running a linkedit for module DFHSOSE
  (such as when applying a PTF), the next time CICS is
  initializing the sockets domain where the system initialization
  parameters TCPIP=YES and KEYFILE=xxx.yyy have been set in the
  system initialization table (SIT) then message "DFHSO0001 An
  abend (code 0C1/AKEA) has occurred at offset X'FFFF' in module
  DFHSOSE" is issued.
  

Problem conclusion

• DFHSOSE has been altered to ensure that if IPCRYPTS is
  unavailable to CICS, then CICS will disable the SSL function and
  issue message DFHSO0104 with program name IPCRYPTS specified on
  the CICS JOBLOG.
  
  The CICS Transaction Server for VSE/ESA Messages and Codes
  Release 1, GC34-5561-08, Chapter 1. DFH messages, section
  DFHSOxxxx messages has been altered to change the description of
  the DFHSO0104 message to read as follows:
  
  DFHSO0104 applid Secure sockets program
            pgmname could not be loaded. Secure
            Sockets Layer is not available.
  
  Explanation: The program module pgmname, which is required to
  implement the secure sockets layer, could  not be loaded.
  
  System Action: System initialization continues, but support for
  the secure sockets layer is not enabled.
  
  User Response: If this message is preceded by message DFHSO0103,
  try restarting CICS with ENCRYPTION=NORMAL.
  
  If pgmname is IPCRYPTS and you are using IBM/BSI TCP/IP, you can
  either ignore the message or remove the KEYFILE parameter from
  the SIT. If you are using IBM/CSI TCP/IP, IPCRYPTS would
  normally be missing due to incorrectly applying a PTF to
  DFHSOSE. In which case, the PTF must be re-applied with a LIBDEF
  OBJ PERM that includes the IBM/CSI sublibrary.
  
  Destination: Console Routecodes 2, 9, 10 and 11
  
  Module: DFHSODM DFHSOSE
  
  XMEOUT Parameters: applid, pgmname
  

Temporary fix

• FIX AVAILABLE BY PTF ONLY
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI29611

Modules/Macros

• DFHMESOC DFHMESOE DFHMESOG DFHMESOK DFHSOSE
  

Fix information

• Fixed component name

  CICSTS FOR VSE

• Fixed component ID

  564805400

Applicable component levels

• RB0P PSY UI29611

     UP15/08/10 I 1000

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.