A fix is available
APAR status
Closed as program error.
Error description
A WEB Request comes into CICS from the Client. Due to some type of security issue, CICS returns a 403 error to the Client. As a result the connection is "HUNG" and can't be closed by CICS or the Client for several minutes. The 403 error indicates the following possibilities. . 403 - Forbidden. IIS defines a number of different 403 errors that indicate a more specific cause of the error: . ? 403.1 - Execute access forbidden. ? 403.2 - Read access forbidden. ? 403.3 - Write access forbidden. ? 403.4 - SSL required. ? 403.5 - SSL 128 required. ? 403.6 - IP address rejected. ? 403.7 - Client certificate required. ? 403.8 - Site access denied. ? 403.9 - Too many users. ? 403.10 - Invalid configuration. ? 403.11 - Password change. ? 403.12 - Mapper denied access. ? 403.13 - Client certificate revoked. ? 403.14 - Directory listing denied. ? 403.15 - Client Access Licenses exceeded. ? 403.16 - Client certificate is untrusted or invalid. ? 403.17 - Client certificate has expired or is not yet valid. ? 403.18 - Cannot execute requested URL in the current application pool. This error code is specific to IIS 6.0. ? 403.19 - Cannot execute CGIs for the client in this application pool. This error code is specific to IIS 6.0. ? 403.20 - Passport logon failed. This error code is specific to IIS 6.0. .
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All * **************************************************************** * PROBLEM DESCRIPTION: After an http 403 Not Authorized error, * * the connection remains open. * **************************************************************** * RECOMMENDATION: * **************************************************************** An http request is sent to CICS and the userid assigned to the request is not authorized to run the web alias task. An http 403 Not Authorized error is returned to the client and connection remains open. There is no facility to specify that the connection should be closed.
Problem conclusion
DFHWBA, DFHWBXM and DFHWBXN have been changed to pass a new flag, wbep_close_conn, to the URM DFHWBEP. If this flag is set to Y by DFHWBEP then the connection is closed when the response is sent to the client. The CICS Transaction Server for z/OS Version 3 Release 2 Internet Guide, SC34-6831-00 has been changed in Appendix H ('Reference information for DFHWBEP, Web error program'). Under the heading 'Parameters', the paragraph beginning "All DFHWBEP parameters are input only..." has been replaced by "All DFHWBEP parameters are input only, except wbep_response_ptr and wbep_response_len which are input and output and wbep_suppress_abend and wbep_close_conn which are output only." The following has been added to the end of the same topic: "wbep_close_conn (Output only) This is a 1 character field with a value of Y (Yes) or N (No). A value of Y means that the connection will be closed after the response is sent to the client. A value of N means that the connection will not be closed after the response is sent to the client. The default value is N." The CICS Transaction Server for z/OS Version 3 Release 1 Data Areas manual, GC34-6863-00, has been altered in section 'WBEPC Web Error Program parms' to add field WBEP_CLOSE_CONN after field WBEP_CONVERTER_REASON as follows: Offset Type Len Name (Dim) Description Hex (78) FULLWORD 4 WBEP_CONVERTER_ REASON (7C) CHARACTER 1 WBEP_CLOSE_CONN (7D) CHARACTER 79 *
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK50809
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-08-14
Closed date
2007-11-26
Last modified date
2007-12-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK31550 UK31549 UK31554 UK31555
Modules/Macros
DESWBA DESWBAP DESWBDM DESWBEPP DESWBRQ DESWBRQF DESWBSR DESWBXM DESWBXN DFHWBA DFHWBAP DFHWBAPF DFHWBDM DFHWBEPC DFHWBEPD DFHWBEPH DFHWBEPL DFHWBEPO DFHWBRQS DFHWBSR DFHWBXM DFHWBXN
| SC34683100 | GC34686300 |
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK31549
UP07/11/28 P F711
R501 PSY UK31550
UP07/11/28 P F711
R502 PSY UK31554
UP07/11/28 P F711
R503 PSY UK31555
UP07/11/28 P F711
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
03 December 2007