After applying Datacom PTF LU04806, Datacom Server failed with this error message:
DSV00155E-LOGON=NO not permitted with secured MUF. Datacom Server terminating.
Datacom Server startup options specifies LOGON=NO
Release : 15.1
Component : DATACOM SERVER
This new feature was introduced by PTF LU04086 to fix a vulnerability in Server. It is documented in the New Features for Datacom Server:
Datacom Server Using LOGON=NO with Secured MUF (PTF LU04086) z/OS
This PTF addresses the behavior of Datacom Server started with LOGON=NO and connected to an externally secured Datacom Multi-User Facility (MUF). When a Datacom Server using input parameter LOGON=NO is is connected to a secured MUF and neither SECEXIT nor CONEXIT is specified, then Datacom Server is terminated with the message DSV00155E.
A new message for this option is:
DSV00155E - LOGON=NO not permitted with secured MUF. Datacom Server terminating
When MUF security is enabled this message will be issued at MUF startup:
DB00231I - EXTERNAL SECURITY LEVEL 03 ACTIVE
DB00220I - EXTERNAL SECURITY ACTIVE FOR MUFXX ON SQL SERVER WITH DRTABLE
When the MUF is secured the DSV00155E error is expected with LU04086 applied. It is working as designed.
To resolve this error when MUF external security is enabled you have 2 options:
See documentation section Startup Options
LOGON=
(Optional) Specifies whether the Mainframe Server attempts to do an external security logon to validate each user.
If LOGON=YES, each user must be authorized to access data through MUF external security.
If LOGON=NO, user IDs are not validated through external security nor passed.
If LOGON=NO is connected to an externally secured MUF and no SECEXIT or CONEXIT is specified, Datacom Server is terminated.
Note: If LOGON=YES, the SVDBSPR module must reside in an authorized library.
Valid Entries: NO or YES
Default: YESCONEXIT=
(Optional) Specifies a user-coded connection exit to replace the security that Datacom Server provides through external security. CONEXIT is called before the call to the external security interface. A sample connection exit, SVCXTPR, is provided.
Valid Entries: A valid connection exit program
Default: No default (spaces)