When submitting Batch Job from CA ACF2 to CA Top Secret system, I am getting message TSS7102E Password Missing, what is causing this?
search cancel

When submitting Batch Job from CA ACF2 to CA Top Secret system, I am getting message TSS7102E Password Missing, what is causing this?

book

Article ID: 46635

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

When submitting Batch Job from CA ACF2 to CA Top Secret system, I am getting message TSS7102E Password Missing, what is causing this?

TSS7102E Password Missing Submitting Batch Job from CA ACF2 to CA Top Secret System.

How to resolve the TSS7102E message when submitting a job from CA ACF2 to CA Top Secret system?

 

 

 

 

Environment

CA ACF2 for Z/OS Release 15 and 16

Resolution

The Network Job Entry Validation Options (NJE) record tells CA ACF2 how to process passwords and logonid inheritance for jobs exchanged with other NJE nodes.

With CA ACF2 when the NJE job is initially submitted to your local node, the ACF2 JES2 interface determines what it will put in the JCT control block. If the NJE record associated with the remote node specifies NOENCRYPT, the logonid and password will both be put in the JCT.

If the NJE record specifies ENCRYPT, only the logonid will be put in the JCT. At an ACF2 site, the JES2 interface module, ACFJ2ITF, will look for the password first in the JCT. If it doesn't find one there, it will look for it in the ACF2 NJEHDR. Both control blocks were passed to the remote node by JES as an extension to its control blocks.

If the sending node specified ENCRYPT and had not enabled EXIT46, there would be no password in the JCT or in the ACF2 NJEHDR, resulting in the ACF01007 PASSWORD REQUIRED message.

In summary, either EXIT46 enabled, or NOENCRYPT on the NJE record would resolve the problem because either one would have resulted in a copy of the password being found in one of the control blocks.

To resolve the TSS7102E PASSWORD MISSING security violation, follow these steps:

  1. Display SHOW NJE from ACF2 command prompt and verify Send Encrypted Password Out is set to YES.

show nje

 -- NJE OPTIONS IN EFFECT --

   NODE   VALIDATE  VALIDATE  INHERIT-    SEND     DEFAULT  SYSOUT

 NAME OR  INCOMING  OUTGOING    ANCE    ENCRYPTED  LOGONID  DEFAULT

   MASK     JOBS      JOBS    ALLOWED   PASSWORD            LOGONID

  (BOTH)    (IN)      (OUT)     (IN)      (OUT)      (IN)    (IN)

 -===================================================================

 ********   YES        NO       YES        YES     SKKDFT   SKKSDFT

  1. If output is YES in step 1, then change to NOENCRYPT and refresh the record by following command:

set Control(gso) 
change nje noencrypt 
f acf2,refresh(nje) 

Additional Information:

For more information, please review following chapters from CA ACF2 for z/OS DocOps:

  1. Network Job Entry Validation Options (NJE) section under Global System Option Records (GSO).
  2.  Perform JES2 Modifications from Install CA ACF2 section

         EXIT46        ROUTINE=ACFEXT46      /* NJE Transmit Exit    */

 

 

 

Powered by Wolken Software