Would the use of the TSSCPLT program in CICS at initialization have caught the CICSREL ENF parm?
search cancel

Would the use of the TSSCPLT program in CICS at initialization have caught the CICSREL ENF parm?

book

Article ID: 53517

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

The client had an issue with an invalid CICSREL ENF parm in his ENFPARM member.
The ENFPARM member was incorrectly updated with the following CICSREL parm: CICSREL=(65.66) instead of: CICSREL(65.66)

Despite the invalid CICSREL ENF parm, the CICS region successfully initialized and gave the standard message:
DFHSI1517 <applid> Control is being given to CICS.

However, security errors subsequently ensued for several transactions that ran under the CICS default logonid.

We realize that the security errors were due to the invalid CICSREL ENF parm.

His question is...would the use of the TSSCPLT program in CICS at initialization have caught the CICSREL ENF parm discrepancy earlier and not allowed the CICS region to initialize by abending the region with a U1800 abend?

Solution:

To answer your question, Yes, TSSCPLT would have issued the TSS6161E message indicating that there was a problem and cancelled the CICS region with a U1800 abend.

We tested, and when we had the same situation the client had with regards to the CICSREL parm not being coded correctly, and with the TSSCPLT member in place in the CICS region, we got the TSS6161E message, with a RC=08. Which indicates the following:

The initialization in process flag in the KPGA is still on, indicating the CA Top Secret CICS initialization failed to complete.

Once we resolved the issue with the CICSREL parm for ENF and restarted the CICS region, everything initialized properly, and we got the TSS6160I message indicating Top-Secret initialization was VALID.

Environment

Release:
Component: AWAGNT
Powered by Wolken Software