How to Unsuspend the Top Secret MSCA ACID
search cancel

How to Unsuspend the Top Secret MSCA ACID

book

Article ID: 53528

calendar_today

Updated On:

Products

WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

 How can the MSCA acid in Top Secret be unsuspended?

Environment

Release: 16.0
Component: TSSMVS

Resolution

An SCA acid has scope over the MSCA, so as long as the SCA ACID has the appropriate admin authority, an SCA ACID can remove the SUSPEND, replace the password, etc.

If there is a situation where the MSCA becomes suspended and none of the SCAs can signon to remove the suspend, there are 2 options:

1) If the MSCA's previous password is known:

  • From the console, enter:
       F TSS,TSS                                                                    
  • This should result in the following prompt:
    nn TSS9273A ENTER TSS COMMAND PASSWORD(Where 'nn' is a reply number).
    Reply with:
    nn,xxxxx 
    (Where 'nn' is the reply number and 'xxxxx' is the MSCA's previous password).
  • If this is successful, the following prompt should be issued:
    nn TSS9272A ENTER <TSS COMMAND> OR <END>
    Reply with:
    nn,TSS REMOVE(msca) SUSPEND                                              
  • If necessary, continue to reply to each nn TSS9272A ENTER<TSS COMMAND> OR <END>
    with another Top Secret command.
    For example, if the MSCA was suspended for inactivity, the password can be replaced via:
    nn,TSS REPLACE(msca) PASSWORD(xxxx)

Once this is done, see if the MSCA can signon. If it can, reply nn,END to end the command session on the console. If the MSCA still cannot signon, issue whatever command(s) are necessary to give the MSCA what it needs to signon.

2)  If the MSCA's previous password is NOT known:

Format new security files (BDAM and VSAM). There is sample jcl in members VSAMDEF3 and TSSMAINS in the Top Secret 16.0 CAKOJCL0 library. There is no need to be concerned with the values specified for the required parameters (in SECPARMS member in the CAKOJCL0 library) other than SCA=MSCA/PASSWORD.

  • Change the Top Secret startup proc to point to this newly allocated security files (in the SECFILE and VSAMFILE DD statements).
  • Do a temporary shutdown of Top Secret:
  • From the console, issue P TSS.
  • You will be prompted to enter 'T' for temporary or 'Z' for end of day.
  • Reply with 'T' (r nn,T) for temporary.
  • If an ACID is defined for the console and that ACID has the CONSOLE attribute, the shutdown will occur. if not, there will be another prompt for an ACID and password and it will be necessary to reply with an ACID and password that has the CONSOLE attribute.
  • Bring Top Secret up pointing to the newly allocated security files.
  • Sign on as the MSCA (from the SCA=MSCA/PASSWORD used when allocating the new security files).
  • Change the Top Secret startup proc to point to the old security file (in the SECFILE and VSAMFILE DD statements).
  • Do another temporary shutdown of Top Secret but leave the MSCA signed on.
  • Bring Top Secret up pointing to the old security files.
  • From the MSCA account that is signed on (from step 5), remove the suspend from the MSCA. (Reset the password if necessary.) The same can be done if there are other SCA acids that are currently suspended. If they are suspended because if inactivity, remove the suspend and replace the password.
Powered by Wolken Software