We occasionally see security failures in the UC4 MVS agent that show message 'EDC5163I SAF/RACF extract error". The TSS OE report shows a corresponding entry of 'User ID is revoked'.
SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
initACEE <acid> OMVSDGRP 16 999 8 8 28
06/26/18 18.177 9.06.52 UC4RUN AIS1
Failed - User ID is revoked
Function: Create Attribute flags: CC800000
Userid: UC4PRD Applid: OMVSAPPL
Password: YES Passphrase: NO Certificate: NO ACEE Addr: NO
We do not see any TSSxxxxx messages in the job or system log and the Userid doesn't show that it's suspended.
These seem to be random and cannot be recreated on demand. Any idea why?