Mainframe JOBF Transfer Fails via TLS Gateway in v24.4.x
search cancel

Mainframe JOBF Transfer Fails via TLS Gateway in v24.4.x

book

Article ID: 435839

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

A file transfer (JOBF) from a Mainframe source to a Windows destination, routed through Automic SaaS via a TLS Gateway, fails to complete.

  • Expected Behavior: The file transfer completes successfully.

  • Actual Behavior: The file gets stuck in the 'Transferring' status. The connection is successfully established between the agents but is immediately aborted. Logs may indicate errors such as:

    • Normal closure (1000)

    • An established connection was aborted by the software in your host machine

    • password_decode <-- (gss_AESDecrypt error(5002))

    • create_security_np_upwd <-- (error decoding password)

Note: A file transfer in the opposite direction (Windows to Mainframe) typically works successfully under these same conditions.

Environment

Mainframe Agent (Classic/C-based): 24.4.x

TLS Gateway: 24.6.0

OS Agent: 24.4.x

Cause

A known defect (DE184734) exists where the classic C-based z/OS agent silently fails to log in using the credentials provided in the login object.

Resolution

To resolve this issue, apply the following configuration changes.

Step 1: Verify that UTF-8 on the Windows Agent

Because the classic Mainframe agent cannot process UTF-8, you must disable it on the destination Windows agent.

  1. Open the INI file of the Windows agent.

  2. Change the parameter from utf8=1 to utf8=0.

  3. Restart the Windows agent.

Step 2: Resolve the Mainframe Credential Requirement

Choose one of the following options depending on your security requirements and environment (e.g., Proof of Concept vs. Production):

Option A: Provide the Password (Recommended for Production) Set the correct password for the MVS in a login object (e.g., FTPUC4) so the agent can successfully pass the askRACF credential check.

Option B: Bypass the Credential Check (As a test to confirm that this is an issue with the login credentials) If you wish to use the MVS login without a password in AWI, you must disable the strict RACF checks. 

  1. Open the Mainframe agent INI file.

  2. Enable ANONYMOUS FT in UC_HOSTCHAR_DEFAULT

  3. Set the following parameters:

    • ft_thread_level_security=no

    • askRACF=0

  4. Restart the Mainframe agent.

 

Powered by Wolken Software