IBM Support

PM17783: DFHWB0002 ISSUED BY DFHWBSR WHEN SENDING STATIC RESPONSE

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • DFHWBSR is trying to send out a static response to a request.
    Within routine Build_authorization_environment, DFHWBSR calls
    DFHUSAD for ADD_USER_WITHOUT_PASSWORD processing to add the
    userid to the US domain. Eventually the security manager is
    called for verification of the userid and in this case returned
    SAF and ESM codes of 8,0  1C,0 (respectively), meaning the group
    access has been revoked. DFHUSAD returns
    usad_group_access_revoked back to DFHWBSR. DFHWBSR treats this
    as a severe error and message DFHWB0002 code X'0506' is issued
    followed by a system dump. This action taken by DFHWBSR is too
    drastic for a security violation.
    Currently, DFHWBSR issues message DFHWB0364 only for reason
    usad_application_notauth. DFHWBSR needs to be investigated and
    likely changed to issue DFHWB0364 for all usad_reason's returned
    on this call except for two exceptions of usad_security_inactive
    and usad_purged.
    .
    The Kernal stack from the dump will look as follows:
    .
    DFHWBSR
     SEND_STATIC_RESPONSE
     BUILD_AUTHORIZATION_ENVIRONMENT
     SEVERE_ERROR
    .
    ADDITIONAL KEYWORD(s):
    KIXREVSCB
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICS users.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: MSGDFHWB0002 Severe Error X'0506' in    *
    *                      DFHWBSR for authorization               *
    *                      error and dump produced.                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    A TCPIPSERVICE is defined with Authenticate: Autoregister. The
    user at the browser submits a request and the client sends in a
    certificate to CICS.
    The CICS Web transaction CWXN makes a successful DFHXSPW
    INQUIRE_CERTIFICATE_USERID call. As a static response is being
    returned CWXN makes an ADD_USER_WITHOUT_PASSWORD call. This
    fails with reason GROUP_ACCESS_REVOKED resulting in a DFHWB0002
    message and system dump. The severe error message DFHWB0002 and
    system dump are not appropriate for this straightforward
    authorization error.
    Additional Keywords: msgDFHWB0364 WB0002 WB0364
    

Problem conclusion

  • DFHWBSR has been changed. For authorization errors which
    return usad_response=usad_exception and one of the following
    usad_reason codes, message DFHWB0364 will be issued in place of
    the previous DFHWB0002 message and system dump:
      usad_esm_inactive
      usad_invalid_password
      usad_unknown_esm_response
      usad_invalid_userid
      usad_new_password_required
      usad_userid_revoked
      usad_group_access_revoked
      usad_invalid_new_password
    

Temporary fix

  • FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PM17783

  • Reported component name

    CICS TS Z/OS V4

  • Reported component ID

    5655S9700

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-07-05

  • Closed date

    2010-08-31

  • Last modified date

    2010-10-02

  • APAR is sysrouted FROM one or more of the following:

    PM14026

  • APAR is sysrouted TO one or more of the following:

    UK60040

Modules/Macros

  •    DESWBAP  DESWBDM  DESWBRQ  DESWBRQF DESWBSR
    DESWBXM  DFHWBAP  DFHWBAPA DFHWBAPF DFHWBAPJ DFHWBAPM DFHWBAPT
    DFHWBAPV DFHWBDM  DFHWBRQD DFHWBRQS DFHWBSR  DFHWBSRA DFHWBSRM
    DFHWBSRT DFHWBXM  DFHWBXMA DFHWBXMT
    

Fix information

  • Fixed component name

    CICS TS Z/OS V4

  • Fixed component ID

    5655S9700

Applicable component levels

  • R600 PSY UK60040

       UP10/09/03 P F009

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
02 October 2010