TSS7100E - 006 And CEMT Security Violation In CICS With Top Secret After IPL
Article ID: 191228
Updated On:
Products
Top Secret
Top Secret - LDAP
WEB ADMINISTRATOR FOR TOP SECRET
Issue/Introduction
After IPLing, CICS is experiencing the following errors with the CEMT transaction:
14:33:57 cicsname CEMT Security violation by user xxxxxxxx
for resource SYSDUMPCODE in class CCICSCMD
SAF codes are
(X'00000004',X'00000000'). ESM codes are (X'00000004',X'00000000').
Signoff at terminal CRLP has failed because the terminal has preset security
Input event rejected return code FF at term CRLP, 14.34.03
TSS7100E 006 J=CICSPRD A=acid T=N/A F=CONSOLE - Facility Not Authorized
+DFHAC2032 05/18/2020 02:50:17 cicsname CICS autoinstall for console acid
TSS7100E 006 J=CICSPRD A=acid T=N/A F=CONSOLE - Facility Not Authorized
Command level checking is not working - the interactive part is not responding.
14:33:57 cicsname CEMT Security violation by user xxxxxxxx
for resource SYSDUMPCODE in class CCICSCMD
SAF codes are
(X'00000004',X'00000000'). ESM codes are (X'00000004',X'00000000').
Signoff at terminal CRLP has failed because the terminal has preset security
Input event rejected return code FF at term CRLP, 14.34.03
TSS7100E 006 J=CICSPRD A=acid T=N/A F=CONSOLE - Facility Not Authorized
+DFHAC2032 05/18/2020 02:50:17 cicsname CICS autoinstall for console acid
TSS7100E 006 J=CICSPRD A=acid T=N/A F=CONSOLE - Facility Not Authorized
Command level checking is not working - the interactive part is not responding.
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
The problem is a timing problem. ENF and Top Secret need to be up and active before starting the CICS regions. When CICS starts, the following TSS phase messages should be received (in the CICS job output):
TSS6093I - TSS/CICS Initialization Phase 0 started.
TSS6094I - TSS/CICS Initialization Phase 0 complete.
TSS6000I - TSS/CICS Initialization Phase 1 Started.
TSS6099I - TSS/CICS Initialization Phase 1 Complete.
TSS6002I - TSS/CICS Initialization Phase 2 Started.
TSS6003I - TSS/CICS Initialization Phase 2 Complete.
The CICS region experiencing the problem did not get the phase messages at startup. Without these phase messages, security is not properly installed in the CICS region and unpredictable results can occur.
If Top Secret starts ENF, then ENF should start the CICS regions (in the ENFCMDS DD dataset). This way Top Secret and ENF will be up completely before the CICS regions are started.
In addition, Top Secret has a PLTPI program that, once active in the region, validates that the Top Secret/CICS interface is installed. If the PLTPI program finds that the Top Secret/CICS interface is missing, it issues message:
TSS6161E- CA Top Secret CICS Initialization Incomplete RSN=nn
and abends the region with a user abend code, U1800. Instructions for installing the PLTPI program can be found here :
(Optional) Modify the PLTPI Table for the TSSCPLT Initialization Check Program
Toward the bottom of the page is a section titled:
"(Optional) Modify the PLTPI Table for the TSSCPLT Initialization Check Program"
TSS6093I - TSS/CICS Initialization Phase 0 started.
TSS6094I - TSS/CICS Initialization Phase 0 complete.
TSS6000I - TSS/CICS Initialization Phase 1 Started.
TSS6099I - TSS/CICS Initialization Phase 1 Complete.
TSS6002I - TSS/CICS Initialization Phase 2 Started.
TSS6003I - TSS/CICS Initialization Phase 2 Complete.
The CICS region experiencing the problem did not get the phase messages at startup. Without these phase messages, security is not properly installed in the CICS region and unpredictable results can occur.
If Top Secret starts ENF, then ENF should start the CICS regions (in the ENFCMDS DD dataset). This way Top Secret and ENF will be up completely before the CICS regions are started.
In addition, Top Secret has a PLTPI program that, once active in the region, validates that the Top Secret/CICS interface is installed. If the PLTPI program finds that the Top Secret/CICS interface is missing, it issues message:
TSS6161E- CA Top Secret CICS Initialization Incomplete RSN=nn
and abends the region with a user abend code, U1800. Instructions for installing the PLTPI program can be found here :
(Optional) Modify the PLTPI Table for the TSSCPLT Initialization Check Program
Toward the bottom of the page is a section titled:
"(Optional) Modify the PLTPI Table for the TSSCPLT Initialization Check Program"
Feedback
Yes
No
Powered by
