CAHVS0262E Problems accessing repositories OM Web Viewer 14.0
search cancel

CAHVS0262E Problems accessing repositories OM Web Viewer 14.0

book

Article ID: 122947

calendar_today

Updated On:

Products

OM View Output Management Web Viewer

Issue/Introduction

There are no RACF messages in the Tomcat task, but in the Java log (STDOUT) we see the logon fail. The View® database is set to SECURITY=INIT.
Why do I get the error, CAHVS0262E Logon (guid) failed (returnValue -1, returnCode 139, reasonCode 199753946) for user <userid>?

Environment

  • Output Management Web Viewer 14.0
  • Output Management Web Viewer™ for z/OS
  • Apache Tomcat®
  • View®
  • IBM RACF
  • Common Services for z/OS MVS 15.0

Cause

The error is indicated by the message: CAHVS0262E Logon (guid) failed (returnValue -1, returnCode 139, reasonCode 199753946) for user <userid>

Before OM Web Viewer can connect to View® it needs to make a SAF security call to logon as the user. The CAHVS0262E message reports the result of the SAF call (done via IBM service BPX1TLS). 

Here is the meaning of those values from the IBM documentation: 

- Return code 139 (x'8B') is EPERM which means the operation was not permitted. 

- Reason code 199753946 (x'0BE800DA') is JRSurrogateUndefined which means: 

The RACF SURROGAT class has not been activated or no SURROGAT class profile has been defined for the client.

Resolution

Activate the RACF SURROGAT class and perform the necessary RACF definitions for non-password clients. 

The id that CCS Apache Tomcat® is running as will need READ access to BPX.SRV.userid.  That is documented in the OM View Security Requirements section of the online documentation.

Also, even though you may have SECURITY=INIT it's still a good idea to make sure View® fix RO99032 S282-10 ABEND IN WEB VIEWER 14.0 WITH RACF SECURITY  is applied.

An Apache Tomcat® upgrade allowed more messages to be displayed, including when logging into OM Web Viewer. APF authorization was also required.

Additional Information

Some sample commands for the RACF SURROGAT class:

SETROPTS CLASSACT(SURROGAT) RACLIST(SURROGAT) GENERIC(SURROGAT)

RDEFINE SURROGAT BPX.SRV.** UACC(NONE) 

PERMIT BPX.SRV.** CLASS(SURROGAT) ACCESS(READ) ID(tomcatid)

SETROPTS GENERIC(SURROGAT) RACLIST(SURROGAT) REFRESH

Where tomcatid is the userid that the CCS Tomcat is running as. Note that the BPX.SRV.** allows all users in the sample.

Powered by Wolken Software