search cancel

Getting ACF01032 on logon to DB2 DIST region. X(SGP) record setup and specified in LOGONID record SOURCE

book

Article ID: 215152

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Logon to DB2DIST region get ACF01032 message

ACF01032 LOGONID/SOURCE COMBINATION user01/TCPIP not VALID.
WHY is this failing with DB2DIST but works successfully with all other applications from this IP address

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

What is coded in the logonid SOURCE field and X(SGP) record is the restricted list of the allowed
sources from which the user can logon to the system.
The source that this logon has (TCPIP) is not included in the list and therefore the logon
is prevented.
You have three options..
1) Change the X(SGP) to include TCPIP    
2) Change the POE value set in the RACROUTE REQUEST=VERIFY that is issued by DSNVEU3
     to something other than TCPIP (there may be a parameter in dsnveu3 or it may require an enhacement or usermod).
3) Do not restrict the source at logon time.

Note: Option 2 is not recommended

SMFID= SYSD         TOD= 14:34:21.71    TRACEID= TEST       USERID= DDEEFFG
  JOBNAME= DB2ADIST   ASID= 0128          PGM= DSNVEUS3       CURR RB= DSNVEUS3
  SFR/RFR= 8/48:0     MODE= TASK          APF= AUTHORIZED     LOCKS= NONE
  SAFDEF= VERIFY   INTERNAL MODE= GLOBAL

  RACROUTE REQUEST=VERIFY,RELEASE=7760,SESSION=APPCTP,STAT=ASIS,
           SMC=YES,ACEE=00000000,APPL='APPLID13',ENVIR=CREATE,
           ENCRYPT=YES,ERROROPT=ABEND,LOC=ANY,LOG=ASIS,MSGSP=0,
           NESTED=NO,PASSCHK=YES,PASSWRD='*SUPPRESSED*',POE='TCPIP',
           TOKNOUT=,USERID='USER01',WORKA=
  TOKNOUT  DATA AREA FOLLOWS
  00013857 +000  50010000 00000000 00000000 00000000  *&...............*
  00013867 +010  00000000 00000000 00000000 00000000  *................*
  00013877 +020  00000000 00000000 00000000 00000000  *................*
  00013887 +030  00000000 00000000 00000000 00000000  *................*
  00013897 +040  00000000 00000000 00000000 00000000  *................

The return and reason code means that the user is not authorised to the POE

30 (Decimal 48)
The user is not authorized to the port of entry in the TERMINAL, JESINPUT, or CONSOLE class.
Reason Code
Meaning
00
Indicates the user is not authorized to the port of entry.
04
Indicates the user is not authorized to access the system on this day, or at this time of day.
08
Indicates the port of entry cannot be used on this day, or at this time of day.
Note: The port of entry refers to the TERMINAL class, the JESINPUT class, and the CONSOLE
class ports of entry

RACROUTE REQUEST=VERIFY from program DSNVEU3 is different to most other programs because
the POE defined in the verify request is hard coded as TCPIP and not the IP address.