Question & Answer
Question
Why can't I successfully change my expired password using CICS transaction CESN? I receive CA Top Secret message "TSS7110E Password Has Expired. New Password Missing" followed by CICS message DFHXS1201 applid The password supplied in the verification request for userid userid was invalid.' I'm typing in valid passwords but I still can't get logged onto CICS.
I started having problems after applying RSU1412 to CICS Transaction Server for z/OS (CICS TS) V5.1or V5.2. Fixing PTFs for CICS TS V5.1 (or V5.2) APARs PI21866 and PI33454 have been installed. CA Top Secret fixes RO78438. and RO78976 along with TR79619 and TR79620 have also been installed for recent problems.
In the CICS auxtrace, I can see the system authorization facility (SAF) response returned:
XS FE04 XSSB *EXC* FUNCTION(INQUIRE_PASSWORD_DATA) RESPONSE(EXCEPTION)
REASON(INVALID_PASSWORD) SAF_RESPONSE(8) SAF_REASON(0)
ESM_RESPONSE(8) ESM_REASON(0) METHOD_USED(FULL)
TASK-00199 KE_NUM-0039 TCB-RO /009FA9E8 RET-943EBDA8
This is the complete CICS message is:
DFHXS1201 applid The password supplied in the verification request for userid userid was invalid. This occurred in transaction CESN when userid userid was signed on at netname netname.
Answer
CICS APAR PI21866 adds support for the Enhanced Password Algorithm implemented in RACF. And, CICS APAR PI33454 adds code that retries a fastpath failure using a full RACROUTE VERIFYX mechanism with the APPLID parameter to validate a passticket.
In addition the PTFs for the CICS APARs, the following CA Top Secret fixes are needed:
RO78438
RO78976
TR79619
TR79620
TR81195
Once all the CA fixes are applied you should no longer receive messages TSS7110E and DFHXS1201.
Contact CA Technologies if you need additional assistance.
Related dW Answers post: SITRAN no longer running after applying RSU1412 to CICS TS 5.2
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
29 May 2015
UID
dwa1193818