XCOMN0780E with no message repeated multiple times in xcom.log file

book

Article ID: 221079

calendar_today

Updated On:

Products

CA XCOM Data Transport - Windows CA XCOM Data Transport CA XCOM Data Transport - Linux PC

Issue/Introduction

Using CA XCOM for Windows and seeing repeated XCOMN0780E messages in the xcom.log with no TXPI message after them.
XCOM secure/SSL transfers are being used and they are working to/from all partners so these messages appear not to be impacting transfers.

Environment

Release : 11.6

Component : CA XCOM Data Transport for Windows

Resolution

Looking in more detail at the xcom.log the XCOMN0780E only occurs for some remote connections.
Looking at common PID values and after removing some of the intervening lines from the actual XCOM file transfer connections, typically see these groupings of 3 messages:

+++
2021/08/02 14:25:06 TID=REMOTE PRG=xcomtcp PID=15080 IP=nnn.nnn.nnn.nnn:47797
    XCOMN0812I Remote Secure TCP/IP Connection Requested.

2021/08/02 14:25:06 TID=REMOTE PRG=xcomtcp PID=15080 IP=nnn.nnn.nnn.nnn:47797
    XCOMN0780E : 

2021/08/02 14:25:06 TID= PRG=xcomtcp PID=15080 IP=nnn.nnn.nnn.nnn:47797
    XCOMN0818I Secure TCP/IP Connection Ended.
+++
 
+++
2021/08/02 14:25:06 TID=REMOTE PRG=xcomtcp PID=15904 IP=nnn.nnn.nnn.nnn:47793
    XCOMN0812I Remote Secure TCP/IP Connection Requested.

2021/08/02 14:25:06 TID=REMOTE PRG=xcomtcp PID=15904 IP=nnn.nnn.nnn.nnn:47793
    XCOMN0780E : 

2021/08/02 14:25:06 TID= PRG=xcomtcp PID=15904 IP=nnn.nnn.nnn.nnn:47793
    XCOMN0818I Secure TCP/IP Connection Ended.
+++

Per above, there also seem to be 2 of those connections per second.
Due to the 2 per second regularity of the messages, they are likely being generated by a port scanning tool that is regularly polling the secure XCOM port 8045 on the XCOM server.
Support can also recreate the same 3 message sequence in-house by using a telnet command to port 8045 of the XCOM server i.e. "telnet xcom_server 8045"

+++
2021/08/04 00:27:35 TID=REMOTE PRG=xcomtcp PID=2300 IP=nnn.nnn.nnn.nnn:65353
    XCOMN0812I Remote Secure TCP/IP Connection Requested.

2021/08/04 00:27:39 TID=REMOTE PRG=xcomtcp PID=2300 IP=nnn.nnn.nnn.nnn:65353
    XCOMN0780E : 

2021/08/04 00:27:39 TID= PRG=xcomtcp PID=2300 IP=nnn.nnn.nnn.nnn:65353
    XCOMN0818I Secure TCP/IP Connection Ended.
+++

If instead use the telnet command to the insecure port 8044, only the Connection Established & Ended messages appear in the xcom.log and there is no XCOMN0780E message:
+++
2021/08/05 01:40:32 TID=REMOTE PRG=xcomtcp PID=9784 IP=nnn.nnn.nnn.nnn:61985
    XCOMN0793I Remote TCP/IP Connection Established.

2021/08/05 01:40:38 TID= PRG=xcomtcp PID=9784 IP=nnn.nnn.nnn.nnn:61985
    XCOMN0805I TCP/IP Connection Ended.
+++

Additional Information

CA XCOM Data Transport for Windows 11.6 Service Packs > Messages > XCOMN0780E