After applying Datacom PTF LU04806, Datacom Server failed with this error message:

DSV00155E-LOGON=NO not permitted with secured MUF. Datacom Server terminating.

Datacom Server startup options specifies LOGON=NO          

Release : 15.1

Component : DATACOM SERVER

This new feature was introduced by PTF LU04086 to fix a vulnerability in Server. It is documented in the New Features for Datacom Server:

Datacom Server Using LOGON=NO with Secured MUF (PTF LU04086) z/OS

This PTF addresses the behavior of Datacom Server started with LOGON=NO and connected to an externally secured Datacom Multi-User Facility (MUF). When a Datacom Server using input parameter LOGON=NO is is connected to a secured MUF and neither SECEXIT nor CONEXIT is specified, then Datacom Server is terminated with the message DSV00155E.
A new message for this option is:
DSV00155E - LOGON=NO not permitted with secured MUF. Datacom Server terminating

When MUF security is enabled this message will be issued at MUF startup:

DB00231I - EXTERNAL SECURITY LEVEL 03 ACTIVE
DB00220I - EXTERNAL SECURITY ACTIVE FOR MUFXX   ON SQL SERVER WITH DRTABLE

When the MUF is secured the DSV00155E error is expected with LU04086 applied. It is working as designed.

To resolve this error when MUF external security is enabled you have 2 options:

• Specify LOGON=YES in the Server options which will require users to logon to the server.
  
  or
  
  
• Specify LOGON=NO and CONEXIT=exit_name in the Server options and code a connection exit to allow access to the server. exit_name is the name of the load module of your connection exit. There is a sample connection exit in the CAYTMAC library (CAAXMAC for Datacom/AD) in member SVSXTPR. Modify the exit to supply a userid and password then assemble and link it into the CAYTLOAD library (CAAXLOAD for Datacom/AD). Use sample JCL in library CAYTMAC (CAAXMAC for Datacom/AD) member YTEXIT to do this. 

See documentation section Startup Options

LOGON=
(Optional) Specifies whether the Mainframe Server attempts to do an external security logon to validate each user.
If LOGON=YES, each user must be authorized to access data through MUF external security.
If LOGON=NO, user IDs are not validated through external security nor passed.
If LOGON=NO is connected to an externally secured MUF and no SECEXIT or CONEXIT is specified, Datacom Server is terminated.
Note: If LOGON=YES, the SVDBSPR module must reside in an authorized library.
Valid Entries: NO or YES
Default: YES

CONEXIT=
(Optional) Specifies a user-coded connection exit to replace the security that Datacom Server provides through external security. CONEXIT is called before the call to the external security interface. A sample connection exit, SVCXTPR, is provided.
Valid Entries: A valid connection exit program
Default: No default (spaces)