A fix is available
APAR status
Closed as program error.
Error description
Customer has a ISC connection to CICS TS VSE 1.1.1 . CICS TS VSE is the AOR in this case .During normal work DFHXS1111 and DFHAC2003 comes up for the transcations started over the ISC connection/session . The first DFHXS1111 and DFHAC2003 both refer to CICSUSER. Subsequent DFHXS1111 refer to CICSUSER whereas DFHAC2003 refer to CICSPROD! DFLTUSER: On z/VSE AOR (DCIA) is CICSUSER. Region USERID: On z/VSE AOR (DCIA) is CICSPROD. Connection definition shows SECURITYNAME(CICSPROD) ATTACHSEC(LOCAL) A CEMT PERFORM SECURITY REBUILD did not solve the issue. Only a restart of CICS TS VSE solved it. CICS internal trace shows that in the failing case the wrong security token is used at the session TCTTE and therefore the DFHXS1111 comes up.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: Unexpected DFHXS1111, DFHAC2003 and * * BST120I messages when using ISC * * connection with ATTACHSEC(LOCAL). * **************************************************************** * RECOMMENDATION: * **************************************************************** When using transaction routing over ISC where CICS security is active and link security is predefined using ATTACHSEC(LOCAL), it is possible to receive VSE message BST120I ('INSUFFICIENT ACCESS AUTHORITY') followed by CICS messages DFHXS1111 and DFHAC2003, even though the security was set up correctly. The ISC connection and sessions have predefined security correctly set by ATTACHSEC(LOCAL) with a SECURITYNAME that is correctly defined to VSE security. The use of transaction routing results in the creation of a surrogate TCTTE on the AOR. The terminal sharing program DFHZTSP performs a SIGNON_SURROGATE operation to transfer the link security to the surrogate, leaving the link with only default security. When a transaction terminates normally on the AOR, DFHZTSP performs a SIGNOFF_SURROGATE to restore the APPC session security. However in this case an RTIMOUT abend caused DFHZTSP's error routine to be driven and this incorrectly freed the session without first restoring its security. The session was then reused and the signoff was never performed, leaving it with only default security. When subsequent transactions use the link they failed due to inadequate authority and CICS had to be restarted. Additional keywords: msgBST120I msgDFHXS1111 msgDFHAC2003
Problem conclusion
DFHZTSP has been changed to remove the DFHTC TYPE=FREE that frees the session. This has been moved to DFHZISP so that it is executed just before the session security is restored.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM03817
Reported component name
CICSTS FOR VSE
Reported component ID
564805400
Reported release
B0P
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-12-17
Closed date
2010-03-10
Last modified date
2010-11-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK55073
Modules/Macros
DFHZISP DFHZTSP
Fix information
Fixed component name
CICSTS FOR VSE
Fixed component ID
564805400
Applicable component levels
RB0P PSY UK55073
UP10/03/11 P E430
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
04 November 2010