After upgrading to z/OS 2.5 under both TSS and ACF2, users are unable to login to either lpar. The login under z/OS 2.4 is fine.

The following message is received:

To log into z/OSMF, enter a valid z/OS user ID and password. Your account might be locked after too many incorrect log-in attempts.

and in addition, IZUSVR1 log shows:

14.22.15 STC16282  IYUCM0014E: The user ID <acid> is either not defined to z/OS
   883             not permitted to z/OSMF.
   883
   883             com.ibm.zoszmf.resourcemgmt.servlet.BootstrapListener.initializeSecuri
   883             tyAdmin: Error attempting to update Resource Management for the
   883             CLOUD_SEC_ADMIN specified in parmlib.

 No errors are shown in the TSSUTIL Violation Report.

Release : 16.0

Component : Top Secret for z/OS

The problem was not with z/OSMF or z/OS. It is with enabling JSON Web Token report as per IBM instructions. Once the supporter removed the server-override.xml file, z/OSMF went back to working normally.

 JSON Web Token report as per IBM instructions for Enabling JSON Web Token support.