There was a misconfiguration where a CPF node for production sys B was made inactive and instead, the CPF node for the test machine sys B was made active and the test system was sending commands to a production machine (sys A). After correcting the configuration, should the following from 6/18/22 thru Present be done:

1. Obtain all commands issued on production machine sysB via the recfile and re-execute them on production machine sysA.
2. Run all commands issued on testplex sysb that routed to production machine SYSA and remove them.

What is the recommended method to re-synch the files?

Release : 16.0

Component : Top Secret for z/OS

For resynching, if the misconfiguration from prod SYSB to prod SYSA has not been corrected, #2 should be done first. If you do #1 first, there is a risk of undoing something that shouldn’t be undone. For example, if the following command was issued on both prod SYSB and testplex sysB between 6/18/22 and present:

TSS PERMIT(BOB) DSN(SYS1.PARMLIB)

and you do #1 first, when you do #2, TSS REV(BOB) DSN(SYS1.PARMLIB) will also undo the permit from prod SYSB.

Here are the recommended steps:

1) Turn off CPF from testplex sysb to prod SYSA so no more commands/password changes go from testplex sysb to prod SYSA.

2) Undo all commands issued on testplex sysb that routed to prod SYSA from 6/18/22 to present. (On testplex sysb, use the CPF journal file for prod SYSA to find the commands that propagated.)

3) You won’t be able to undo password changes from testplex sysb that propagated to prod SYSA. Check prod SYSA to see if OPTIONS(3) is set. (TSS MODIFY will show all current control option settings, including OPTIONALS.) If it is not set, consider temporarily setting OPTIONS(3) in the TSS parmfile on prod SYSA. This requires a temporary shutdown and restart of TSS to pick up. (The OPTIONS option can NOT be set dynamically.) OPTIONS(3) disables inbound CPF old/new password verification. Without OPTIONS(3) set, if the password on prod SYSB doesn’t match the password on prod SYSA, the password change will not occur when propagated from prod SYSB to prod SYSA.

4) Correct the misconfiguration from prod SYSB to prod SYSA.
 
5) See if the commands in the CPF recovery file on prod SYSB propagate to prod SYSA.

6) If they don’t, then on prod SYSB, use the CPF journal file for prod SYSA to obtain all commands issued on prod SYSB (from 6/18/22 to present) that were supposed to propagate to prod SYSA and re-execute them on prod SYSA. (If the recovery file on prod SYSB has wrapped since 6/18/22, you may not have all the commands issued. The recovery file is a wrappable file, so when it fills, it starts writing new records at the beginning of the file, overlaying the old records.)

7) If, in step 3, you temporarily set OPTIONS(3) in the TSS parmfile on prod SYSA, remove OPTIONS(3) from the TSS parmfile on prod SYSA and do another temporary shutdown and restart of TSS to pick up the change.