PM60036: UNABLE TO CONNECT TO CMAS THROUGH API OR WUI, AND OTHER ERRORS.

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Your CMAS comes up and issues message
  EYUXL0010I CMAS initialization complete.
  Yet your WUI and other MASes can not connect to the CMAS. In the
  CMAS job output, you may find various DFHAC2003 messages for a
  number of different CPSM-owned transactions, such as the
  following:
  .
  DFHAC2003 Security violation has been detected term id = ????,
            trans id = XMLT, userid = xxxxxxx.
  .
  The problem is that although CPSM issued START requests for the
  transactions it needed, some may have failed at task attach time
  due to a security violation.
  The symptoms of this type of problem may vary widely, as it
  depends upon the tasks that fail to start.
  This APAR is being submitted to have CPSM check and ensure it
  has proper authority in the ESM for its transactions during
  CMAS or MAS initialization, and take action based on those
  findings.
  
  .
  Additional Symptoms/Keywords:  KIXREVSVR
  

Local fix

• Ensure that no CPSM tasks encounter security violations and are
  able to run.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICSPlex SM V4R1M0 and V4R2M0 Users      *
  ****************************************************************
  * PROBLEM DESCRIPTION:    You start a CMAS, a CPSM managed     *
  *                      CICS region (MAS), or a CICS System     *
  *                      Managed Single Server (SMSS) and        *
  *                      notice instances of message:            *
  *                      .                                       *
  *                         DFHAC2003 Security violation has     *
  *                           been detected term id = ????,      *
  *                           trans id = cccc, userid = xxxxxxx. *
  *                      .                                       *
  *                      where each cccc is a CPSM transaction   *
  *                      ID identified in CICS Transaction       *
  *                      Server for z/OS RACF Security Guide     *
  *                      and xxxxxxxx is the CICS region userid. *
  *                         Your CPSM region experiences various *
  *                      problems including, but not limited to, *
  *                      spontaneous shutdown of your CMAS or    *
  *                      the MAS agent in your MAS, failure of   *
  *                      specific functions (for example MASes   *
  *                      or API programs which fail to connect   *
  *                      to the CMAS or failure of communica-    *
  *                      tions between CMASes), or inoperative   *
  *                      CPSM services.                          *
  ****************************************************************
  * RECOMMENDATION:    After applying the PTF that resolves this *
  *                 APAR, all CMASes and MASes must be recycled  *
  *                 to pick up the new code.  Note that the      *
  *                 restarts do not need to be done at the same  *
  *                 time.                                        *
  ****************************************************************
     CPSM has a number of internal transactions which are started
  during CPSM agent initialization, or later for transient func-
  tions.  These transactions are usually started under the region
  userid.  If one or more of the transaction IDs are not defined,
  or are defined incorrectly, to the external security manager,
  START commands for affected transactions will return a normal
  response but a security exception will occur when transaction
  manager attempts to start the transaction.  Message DFHAC2003
  is issued and the function provided by the failed transaction
  will not be available, but because the START command returned
  a normal response, the task which initiated the START is not
  notified of the failure.
     In extreme cases this may result in spontaneous shutdown of
  the CMAS or the MAS agent, but symptoms vary widely depending
  upon which transactions failed and the functions that they are
  designed to provide.
  

Problem conclusion

•    The modules responsible for creating required resources in a
  CMAS (EYU9XLCD), MAS (EYU9NXLM), and SMSS region (EYU9NXRM) were
  modified to execute QUERY SECURITY RESTYPE(TRANSATTACH) for each
  internal CPSM transaction.  New messages EYUXL0158E (in a CMAS)
  or EYUNX0102E (in a MAS or SMSS) will be issued for each trans-
  action which is not defined properly to the external security
  manager.  If the region userid does not have permission to START
  one or more transactions, message EYUXL0159E (in a CMAS) or
  EYUNX0103E (in a MAS or SMSS) will be issued, and the CMAS
  region, or the MAS agent in a MAS or SMSS, will shut down.
     After correctly defining any identified transactions to the
  external security manager, the CMAS region or MAS agent may be
  restarted.
  

Temporary fix

•             *********
              * HIPER *
              *********
  FIX AVAILABLE BY PTF ONLY
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UK77139 UK77140

Modules/Macros

•    EYUTXEMS EYUUNAEQ EYUUXLEQ EYU9NXLM EYU9NXRM
  EYU9XLCD
  

Fix information

• Fixed component name

  CICS TS Z/OS V4

• Fixed component ID

  5655S9700

Applicable component levels

• R60M PSY UK77139

     UP12/03/20 P F203

• R70M PSY UK77140

     UP12/03/20 P F203

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.