"Security error" code 33 (XCM7050) for no auth XCOM AS400 TCP/IP
Article ID: 270340
Updated On:
Products
Issue/Introduction
Existing file transfers to AS400 using SNA are not performing any user authentication. Initially need to convert these to use TCP/IP and want this to work in the same way i.e. no user authentication.
At the moment XCOM on the AS400 is attempting to authenticate the z/OS transfer userid that is being passed and is therefore failing with "Security error" code 33.
**********
Return code 33 Security error
Completion msg id XCM7809 Completion state Failed
Remote message text
Remote system xxx.xxx.xxx.xxx
Protocol TCP/IP Remote XCOM version 2
JES destination Intermediate system
Transfer request 366858 Restart No
Internal transfer no. 262819 Transfer identifier USER1
Transfer type Sendfile Transfer user data
Transfer direction Inbound System user data
Initiation mode Target Group name Z4XCOM
Execution mode Evoked Code Table
Exec job number 414255 Exec job user XCOM Exec job name TCP4S08044
**********
Job log shows:
**********
XCM7050 Information 00 11/07/23 15:51:20.252981 XCOMMSG3 XCOM2 0048 XCOMSCL XCOM2 0029
Message . . . . : Error while checking password for user USER1.
Error while attempting to change profile running this job. CPF2204 User
profile USER1 not found.
**********
Resolution
- Per the XCOM for AS400 documentation page: Review the Security Considerations.
Set up a new user profile TESTXCOM with authority *EXCLUDE for IBM programs QWTSETP, QSYGETPH, and QSYRLSPH to prevent any authentication of the transfer userid/password i.e. the transfer will run under the user profile TESTXCOM. - Started an XCOM IPv4 TCP/IP listener on port 8049 with user TESTXCOM.
- Verified that a loopback transfer using no transfer userid encountered no errors i.e. the transfer runs successfully under user profile TESTXCOM.
- The test from z/OS to AS400 was also then successful and the security error 33 was resolved.
Additional Information
Feedback
