At the startup of CA Mainframe Software Manager Tomcat Server (MSMTC) you get the error:
SafManager - initialiseDSI() : Return code from DDSI_java_open is higher then zero. RC=13 FATAL 2009-10-08 12:19:18,361 (SystemManager.java:224): SafError Attached diagnostic text: Error during DSI java open. RC=13
And then started task ends.
There are 3 possibilities which could cause the error.
If you don't need the extra DSI security in CA Mainframe Software Manager, you can turn it OFF by defining IJO="$IJO -Dactivate.saf.manager=false" in the msm.SAMPLIB(MSMLIB) member.
However if security is required in CA Mainframe Software Manager, then see below description.
During the setup of CA Mainframe Software Manager the port number is specified at the MSMDSIPORTNO parameter and placed into the MSMSetupOptionsFile.properties.
... #-------------------------CA MSM parms-------------------------------# #Specify three unique unused port numbers for CA MSM #Recommended default value is 21120 for MSM Server Port No MSMServerPortNo=21120 #Recommended default value is 21130 for MSM DSI Server Port No MSMDSIPORTNO=21130 #Recommended default value is 21140 for MSM Redirect Port No MSMConnectorRedirectPortNo=21140 ...
The port number specified in MSMDSIPORTNO needs to be unique and cannot be shared with other DSI interfaces.
During the install the value is stored at 3 places:
ad 1. Verify Content of dsi.conf (usually in .../msmserv/rt/dsi/dsi.conf)
############################################################### ### This is the DSI Server component configuration file ############################################################### # ############################################################### host localhost <-- sometimes localhost does not work, use 127.0.0.1 ############################################################### port 22130 <-- verify that port is available via onetstat from uss console ############################################################### #TLSKeyringFile /u/users/msmqa/dsi/cert/CA_SelfSigned_Server.kdb ############################################################### #TLSKeyringStash /u/users/msmqa/dsi/cert/CA_SelfSigned_Server.sth ############################################################### #TLSKeyLabel "Cert for SelfSigned Server" ############################################################### #TLSVerifyClient ON ###############################################################
Issue manually from uss console rmtauthz -f <path to dsi.conf> -d 65535 eg.
cd .../msmserv/rt/lib rmtauthz -f .../msmserv/rt/dsi/dsi.conf -d 65535
Output of successful startup of rmtauthz:
[03:27:38.909965|3B58610000000001] @(#) $CA Distributed Security Integration for z/OS: rmtauthz 14SP1.2010.0129 $ BRUEW01@XAD1:/a/devbin/EIGProds/dsi2/branches/r14sp1/release/server [03:27:38.910119|3B58610000000001] read_config: reading config file /msmserv/rt/dsi/dsi.conf [03:27:38.910164|3B58610000000001] line 6 (host localhost) [03:27:38.910201|3B58610000000001] line 8 (port 22130) [03:27:38.923623|3B58610000000001] ==> daemon_init(localhost,22130) [03:27:39.213892|3B58610000000001] ch_calloc(1,64,SIdaemon.c,217) ==> 3AD83DE8 [03:27:39.213970|3B58610000000001] daemon_open_listener: trying to open listener 127.0.0.1:22130 [03:27:39.215013|3B58610000000001] daemon_open_listener: opened listener on 4 for 127.0.0.1:22130 [03:27:39.215050|3B58610000000001] daemon_init: 1 listener opened [03:27:39.215122|3B58610000000001] ==> connections_init [03:27:39.215152|3B58610000000001] ch_calloc(1,56,SItpool.c,242) ==> 3AD83EB0 [03:27:39.215972|3B58610000000001] ch_calloc(2048,240,SIconn.c,140) ==> 3ADC3028 [03:27:39.216031|3B58610000000001] <== connections_init - rc=0 [03:27:39.216088|3B58610000000001] daemon_init: wake_sds={5,6} [03:27:39.216384|3B58610000000001] <== daemon_init(localhost,22131) ==> 0 [03:27:39.216732|3B58610000000001] rmtauthz started. [03:27:39.216745|3B52450000000002] ==> daemon_stop(*) [03:27:39.216781|3B52450000000002] +++OPRICOMM() ==> F062D0 [03:27:39.216973|3B52450000000002] +++OPRISCNT(F062D0,8) ==> 0 [03:27:39.216996|3B693F0000000003] ==> daemon_task() [03:27:39.217011|3B52450000000002] Operator communications thread sleeping [03:27:39.217047|3B693F0000000003] daemon_task: select: readfds={4,5}
Verify content of SAMPLIB(MSMLIB)
IJO="$IJO -Ddebug.dsi.server=true" <-- enable debug messages from rmtauthz IJO="$IJO -Ddebug.saf.manager=true" <-- enable debug messages from rmtauthz IJO="$IJO -Dlogfile.saf.manager=/tmp/dsi_client.log" <--- path log file from rmtauthz, you need r/w access to /tmp folder
Turn on SAF logger via log4j.properties, file is in .../msmserv/rt/webapps/MSM/WEB-INF/classes
log4j.rootLogger=error, dd # # Appender definitions # log4j.logger.com.ca.mf20.saf=debug <-- enable debug level of SAF component in CA MSM
ad 2/3. Verify Content of database via sql:
//xxxxxxx JOB (xxxxxxxxx),'xxxxxxx', // MSGCLASS=X,CLASS=K //********************************************************************* //********************************************************************* //* * //*JOBLIB DD DSN=HLQ.CUSLIB replace HLQ by HLQ of you MSM installation* //* DSN=HLQ.CAILIB replace HLQ by HLQ of you MSM installation* //* * //********************************************************************* //********************************************************************* //B2UP OUTPUT DEST=LOCAL,JESDS=ALL,DEFAULT=Y, // PAGEDEF=32D3,CHARS=GT20,FORMDEF=P2B111 //JOBLIB DD DSN=MF20.MSM.SYS2.SMPR.CUSLIB, // DISP=SHR // DD DSN=MF20.MSM.SYS2.SMPR.CAILIB, // DISP=SHR // DD DSN=SYSDEV.CCS.LINKLIB, // DISP=SHR // DD DSN=CEE.SCEERUN,DISP=SHR // DD DSN=CEE.AIGZMOD1,DISP=SHR //* //SQLEXEC EXEC PGM=DBSQLPR, // PARM='prtWidth=1500,inputWidth=80' //SYSUDUMP DD SYSOUT=* //SYSPRINT DD SYSOUT=* //STDERR DD SYSOUT=* //STDOUT DD SYSOUT=* //OPTIONS DD * AUTHID=CASWMGT /* //SYSIN DD * SELECT * FROM USERCONFIG WHERE KEY like 'dsi%' /*
dsiHost does not have to be specified in this case, the default value "localhost" is used.
Verify that values match those vaules in dsi.conf.
To change values in the database you can use either SQL statement or DBUPDATE technique.
SQL statements:
value of port can be changed (sql for change of dsiPort to 8875) : update userconfig set value='8875' where username='$SYSTEM' and key='dsiPort' value of dsiConf can be changed (sql for change of dsiConf to /dsi.conf) : update userconfig set value='/dsi.conf ' where username='$SYSTEM' and key='dsiConf' new line can be inserted for dsiHost = 127.0.0.1 insert into userconfig values ('$SYSTEM', 'dsiHost','127.0.0.1')
DBUPDATE technique:
copy the msm.SAMPLIB member DBINIT to DBUPDATE.
Change the appropriate statements in the DBUPDATE member.
#dsiHost=localhost dsiPort=22130 #dsiConf=/u/users/msmqa/dsi/dsi.conf
to (remove the #)
dsiHost=localhost dsiPort=22130 dsiConf=/u/users/msmqa/dsi/dsi.conf
then copy the DBINIT DD statement in the MSMTC job and change the new DBINIT DD into the DBUPDATE DD.
Pointing to this new/changed DBUPDATE SAMPLIB member. And comment out the DBINIT for this first run.
The MSMTC procedure then looks like:
//*DBINIT DD DSN=CAMSM.RUN.SAMPLIB(DBINIT), //* DISP=SHR //DBUPDATE DD DSN=CAMSM.RUN.SAMPLIB(DBUPDATE), // DISP=SHR
Restart MSMTC, once you finish testing comment out DBUPDATE DD.
//DBINIT DD DSN=CAMSM.RUN.SAMPLIB(DBINIT), // DISP=SHR //*DBUPDATE DD DSN=CAMSM.RUN.SAMPLIB(DBUPDATE), //* DISP=SHR
Expected output of Tomcat
INFO (main) 2010-10-22 13:45:51,686 (DBComponent.java:80): Database connection initialized. INFO (main) 2010-10-22 13:45:55,349 (PrivilegeChecker.java:627): isSecurityEnabled) : Security enabled=true INFO (main) 2010-10-22 13:45:55,351 (PrivilegeChecker.java:627): isSecurityEnabled) : Security enabled=true DEBUG (main) 2010-10-22 13:45:55,438 (SafManager.java:111): SafManager() : instance created. DEBUG (main) 2010-10-22 13:45:55,439 (SafManager.java:390): SafManager - onSystemStartup() : start INFO (main) 2010-10-22 13:45:55,439 (SafManager.java:463): Parameters of SAF manager. INFO (main) 2010-10-22 13:45:55,440 (SafManager.java:464): Port: 22131 INFO (main) 2010-10-22 13:45:55,441 (SafManager.java:465): Host: localhost INFO (main) 2010-10-22 13:45:55,441 (SafManager.java:466): Log file: '/tmp/dsi_client.log' INFO (main) 2010-10-22 13:45:55,442 (SafManager.java:467): Is debug enabled: true INFO (main) 2010-10-22 13:45:55,495 (SafManager.java:475): Configuration file: '/u/users/msmqa/dsi/dsi.conf' INFO (main) 2010-10-22 13:45:55,496 (SafManager.java:476): Config file content: INFO (main) 2010-10-22 13:45:55,497 (SafManager.java:477): ############################################################### ### This is the DSI Server component configuration file ############################################################### # ############################################################### host localhost ############################################################### port 22131 ############################################################### #TLSKeyringFile /u/users/msmqa/dsi/cert/CA_SelfSigned_Server.kdb ############################################################### #TLSKeyringStash /u/users/msmqa/dsi/cert/CA_SelfSigned_Server.sth ############################################################### #TLSKeyLabel "Cert for SelfSigned Server" ############################################################### #TLSVerifyClient ON ############################################################### DEBUG (main) 2010-10-22 13:45:55,497 (SafManager.java:393): SafManager - onSystemStartup() : config file: /u/users/msmqa/dsi/dsi.conf
DEBUG (main) 2010-10-22 13:45:55,509 (SafManager.java:273): SafManager - initialiseDSI() : start INFO (main) 2010-10-22 13:45:55,526 (SafManager.java:289): DSI client log file set to '/tmp/dsi_client.log' INFO (main) 2010-10-22 13:45:55,529 (SafManager.java:318): SafManager - initialiseDSI() : Certificates were set. DEBUG (main) 2010-10-22 13:45:55,529 (SafManager.java:320): SafManager - initialiseDSI() : end DEBUG (main) 2010-10-22 13:45:57,554 (SafManager.java:326): openDsiConnection start. INFO (main) 2010-10-22 13:45:57,595 (SafManager.java:352): Security product: RTSS INFO (main) 2010-10-22 13:45:57,596 (SafManager.java:353): Security product version: 14.0 DEBUG (main) 2010-10-22 13:45:57,600 (SafManager.java:446): SafManager - onSystemStartup() : end