A fix is available
APAR status
Closed as program error.
Error description
You change the owner of the CICS default userid (DFLTUSER=CICSUSER) with RACF command : CO CICSUSER GROUP(NEWGROUP) OWNER(OWNERXX). You receive the following error message repeatedly from the CICSPlex SM CMAS: DFHUS0150 An attempt to establish security has failed for userid CICSUSER in group , no terminal, applid APPLID. Unable to initialize the transaction XDNR. SAF codes are (X'00000000',X'00000000'). ESM codes are (X'00000000',X'00000000'). The CMAS region has been started with SIT parameter SEC=NO, and DFHUS0150 should not be issued. Additional Symptom(s) search Keyword(s): KIXREVSWM CICS trace: US 0302 USAD EXIT - FUNCTION(ADD_USER_WITHOUT_PASSWORD) RESPONSE(EXCEPTION) REASON(SECURITY_INACTIVE) SAF_RESPONSE(0) SAF_REASON(0) ESM_RESPONSE(0) ESM_REASON(0) USER_TOKEN(00000000)
Local fix
Restart the region.
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: DFHUS0150 occurs repeatedly after * * changing the owner of the CICS default * * userid via RACF when the CICS SIT * * specifies SEC=NO. * **************************************************************** * RECOMMENDATION: * **************************************************************** CICS is started with SIT parameter SEC=NO. Even though security is inactive CICS stores the default userid in the User domain directory and all transactions run under this id. Whilst CICS is running, the security administrator changes the attributes of the default userid. This causes the MVS Event Notification Facility (ENF) to invoke DFHUSES (the ENF exit) for RACF_USERID_CHANGED. This in turn sets an indicator to say that the userid should be refreshed. A new transaction is STARTed under the default userid and CICS finds that the id needs to be refreshed. It therefore deletes the userid from the User domain directory and then attempts to add it back in. This fails with SECURITY_INACTIVE and message DFHUS0150 ('An attempt to establish security has failed for userid ...') is issued. All subsequent transactions will fail in the same manner and CICS has to be recycled.
Problem conclusion
DFHUSES has been changed to ignore a NOTIFY event if SEC=NO.
Temporary fix
********* * HIPER * ********* FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK99792
Reported component name
CICS TS Z/OS V4
Reported component ID
5655S9700
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2009-10-28
Closed date
2010-01-15
Last modified date
2010-02-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK53606
Modules/Macros
DESUSES DFHUSES
Fix information
Fixed component name
CICS TS Z/OS V4
Fixed component ID
5655S9700
Applicable component levels
R600 PSY UK53606
UP10/01/22 P F001
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 February 2010