Running transmissions from XCOM for Linux r11.6 22110 SP01 to Windows XCOM r11.6 21110 SP03. These transmissions run in groups of up to 12, and they run sequentially. Towards the end of the transmission stream there is a transmission failure at the Windows server with error:
XCOMN0287E Error setting remote user id

The preceding 10 or 11 transmissions have worked successfully, using the same credentials, user id and encrypted password as the transmission that fails. Later when the failed transmission has rerun, the rerun is successful, again using the same credentials (user id and encrypted password) as the transmission that failed.

The Windows server is in a PAM security environment.

• XCOM™ Data Transport® for Windows
• XCOM™ Data Transport® for Linux PC
• PAM

Problem recreated on non-production environment with XTRACE=10 enabled in the XCOM for Windows xcom.glb file (xcomd restart required).

The XCOM trace file shows that a successful transfer has xcomtcp PASSWORD parameter value of 31 bytes, but the failed transfer has PASSWORD value which has been corrupted i.e. it contains all zeroes and has length >= 32 bytes, so is also interpreted as a PASSPHRASE. Therefore there appears to be some transient problem with the population of the PASSWORD field.

At the Linux end an encrypted parameter is stored in a PeopleSoft DB and then decrypted before being populated in the xcomtcp PASSWORD parameter.

Moving forward, instead of storing own encrypted password & decrypting it to use in the xcomtcp PASSWORD parameter, it was decided to use the different option of storing a password encrypted with XCOM utility xcomencr and then use that via xcomtcp parameter PASSWORD.ENCRYPTED. 

*** UPDATE September 28, 2023 ***
Further investigation by XCOM Engineering in a follow-up case has found an issue that could occur with the changes that were delivered in XCOM for Linux 11.6 PTF LU08100 (r116 SP01 22110) for problem 18884: Unable to use Encrypted Passwords on Unix platforms when encrypted on Windows using XCOMENCR.

• When XCOM processes the PASSWORD, XCOM generates a key dynamically and then it will encrypt it with XCOM proprietary encryption before sending it to the partner system. The above fix has code changes to perform a few string operations on the encrypted password before sending it to the partner system.
  
  
• The encrypted string is binary data (non-readable form) where null characters can also be included.
  
  
• Whenever the binary encrypted password begins with the null character, XCOM misinterprets it as a blank password, hence the message XCOMN0278E on the partner system when it receives a blank password from the Linux server.
  
  
• Since the key is dynamic, the encrypted password string will vary every time the same password is encrypted. The dynamic key generation depends on various factors and hence the nature of the issue is system-dependent and intermittent. The frequency at which this issue occurs will also vary because of the environmental factors involved in this. 

Official PTFs published to fix the problem:
XCOM for Linux 11.6 SP01: LU10844
XCOM for Linux 12.0: LU10848

XCOM™ Data Transport® for Windows 11.6 Service Packs > Using > Command-Line Interface > Encrypt Parameter Values in Configuration Files

The Passphrase Support enhancement was introduced in XCOM for Linux 11.6.1 PTF SO05627 (r11.6 18090 SP01)
XCOM Data Transport for UNIX/Linux 11.6.1 > Release Notes > Enhanced Features > Service Pack 11.6.01 - Passphrase Support