We occasionally see security failures in the UC4 MVS agent that show message 'EDC5163I SAF/RACF extract error".  The TSS OE report shows a corresponding entry of 'User ID is revoked'.  

    SERVICE      USERID    GROUP        UID         GID    SAF  RC   RSN
      DATE          TIME    JOBNAME   SOURCE   SYSID   CPU   SECLABEL

initACEE         <acid>  OMVSDGRP          16         999   8    8   28
06/26/18  18.177    9.06.52 UC4RUN                     AIS1
Failed - User ID is revoked
 Function: Create    Attribute flags: CC800000
 Userid: UC4PRD      Applid: OMVSAPPL
 Password: YES  Passphrase: NO   Certificate: NO   ACEE Addr: NO

We do not see any TSSxxxxx messages in the job or system log and the Userid doesn't show that it's suspended.

These seem to be random and cannot be recreated on demand.  Any idea why?

Release:
Component: TSSMVS

TSSUTIL shows signon failures with DRC 14 (User already signed on). This means the FACILiTY doesnt allows the user to be signed on more than once with the FACILTY.

The FTP software runs multiple FTP jobs for same user causing multiple concurrent signons of user.

FTP FACILITY is setup with SIGN(S) which doesnt allow concurrent signons..

Need to set to SIGN(M).