TSS7100E - 006 And CEMT Security Violation In CICS With Top Secret After IPL
search cancel

TSS7100E - 006 And CEMT Security Violation In CICS With Top Secret After IPL

book

Article ID: 191228

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

After IPLing, CICS is experiencing the following errors with the CEMT transaction:

14:33:57 cicsname CEMT Security violation by user xxxxxxxx
for resource SYSDUMPCODE in class CCICSCMD
SAF codes are
(X'00000004',X'00000000'). ESM codes are (X'00000004',X'00000000').
Signoff at terminal tttt has failed because the terminal has preset security
Input event rejected return code FF at term CRLP, 14.34.03

TSS7100E 006 J=jobname A=acid T=N/A F=CONSOLE - Facility Not Authorized
+DFHAC2032 05/18/2020 02:50:17 cicsname CICS autoinstall for console acid
TSS7100E 006 J=jobname A=acid T=N/A F=CONSOLE - Facility Not Authorized

Command level checking is not working - the interactive part is not responding.

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The problem is a timing problem. ENF and Top Secret need to be up and active before starting the CICS regions. When CICS starts, the following TSS phase messages should be received (in the CICS job output):

TSS6093I - TSS/CICS Initialization Phase 0 started.
TSS6094I - TSS/CICS Initialization Phase 0 complete.
TSS6000I - TSS/CICS Initialization Phase 1 Started.
TSS6099I - TSS/CICS Initialization Phase 1 Complete.
TSS6002I - TSS/CICS Initialization Phase 2 Started.
TSS6003I - TSS/CICS Initialization Phase 2 Complete.

The CICS region experiencing the problem did not get the phase messages at startup. Without these phase messages, security is not properly installed in the CICS region and unpredictable results can occur.

If Top Secret starts ENF, then ENF should start the CICS regions (in the ENFCMDS DD dataset). This way Top Secret and ENF will be up completely before the CICS regions are started.

In addition, Top Secret has a PLTPI program that, once active in the region, validates that the Top Secret/CICS interface is installed. If the PLTPI program finds that the Top Secret/CICS interface is missing, it issues message:

TSS6161E- CA Top Secret CICS Initialization Incomplete RSN=nn

and abends the region with a user abend code, U1800. See Installing Top Secret in CICS for instructions on installing the PLTPI program. (Toward the bottom of the page is a section titled: "(Optional) Modify the PLTPI Table for the TSSCPLT Initialization Check Program".)

Powered by Wolken Software