CICS shutdown problem due to IPLX and ISER tasks
search cancel

CICS shutdown problem due to IPLX and ISER tasks

book

Article ID: 100600

calendar_today

Updated On:

Products

InterTest - CICS InterTest - Batch InterTest VSE - CICS

Issue/Introduction

CICS doesn't shut down.
 
DFHPLT TYPE=ENTRY,PROGRAM=IN25PLTE
has been specified in PLT, but the IPLX and ISER tasks are still suspending: 
...
KE=1 
00C1 22CFD100 Not Running 00148080 00071 IPLX 538A6080 21646200 
00C2 22CFD800 Not Running 00049680 00069 ISER 538A6200 21646200 
...
DS=1 
DS_TOKEN KE_TASK T S F P TT RESOURCE RESOURCE_NAME W TIME OF TIMEOUT DTA AD ATTACHER MD SUSPAREA XM_TXN_TOKEN TYPE SUSPEND DUE (DSTSK) TOKEN

0A000007 22CFD100 N S N N - EKCWAIT SINGLE W 11:46:02.890 - 538A6080 XM 22E5C100 QR 000D9370 22E5C1000000071C 
0A020005 22CFD800 N S N N - EKCWAIT SINGLE W 11:46:02.890 - 538A6200 XM 22E5C900 QR 22F11E64 22E5C9000000069C 

...

Environment

Release: OSINBV00200-11.0-InterTest-Batch
Component:

Resolution

Check CICS log for DFHXS1111 messages. For instance:
...
DFHXS1111 05/30/2018 07:30:39 H135QZVC CEMT Security violation by user CICSCNL at console INTERNAL for resource CSSL in class DCICSDCT. SAF codes are (X'00000004',X'00000000'). ESM codes are (X'00000004',X'00000000'). RACF request made was FASTAUTH. 
DFHXS1111 05/30/2018 07:30:39 H135QZVC CEMT Security violation by user CICSCNL at console INTERNAL for resource CNTL in class ATCICPCT. SAF codes are (X'00000004',X'00000000'). ESM codes are (X'00000004',X'00000000'). RACF request made was FASTAUTH. 
... 
And from the exception trace in TR domain:
... 
XS 070B,XSRC *EXC* CHECK-FAILED CSSL CICSCNL FUNCTION(CHECK_RESOURCE_ACCESS) RESPONSE(EXCEPTION) REASON(RESOURCE_NOT_FOUND) 
SAF_RESPONSE(4) SAF_REASON(0) ESM_RESPONSE(4) ESM_REASON(0) 
0020 *...............0....DCICSDCT... 
2-0000 *CSSL 
3-0000 *CICSCNL 

XS 070B,XSRC *EXC* CHECK-FAILED CNTL CICSCNL FUNCTION(CHECK_RESOURCE_ACCESS) RESPONSE(EXCEPTION) REASON(RESOURCE_NOT_FOUND) 
SAF_RESPONSE(4) SAF_REASON(0) ESM_RESPONSE(4) ESM_REASON(0) 
0020 *...............0....ATCICPCT... 
2-0000 *CNTL 
3-0000 *CICSCNL 



If you find such messages, ask your security team to add the required permissions.
This is an example if you're using RACF:
...
rdefine ECICSDCT INTERTST owner(syspcics) audit(failures(READ)) uacc(none) 
ralter ECICSDCT INTERTST addmem(CSSL
permit INTERTST CLASS(ECICSDCT) ID(CICSCNL) ACCESS(UPDATE) 
...
rdef BTCICPCT INTERTST owner(SYSPCICS) audit(failures(READ)) uacc(NONE) 
ralter BTCICPCT INTERTST addmem(CNTL
permit INTERTST class(BTCICPCT) id(CICSCNL) access(UPDATE) 
setropts refresh raclist(ATCICPCT)