Question & Answer
Question
After an IPL of an LPAR, why would I receive message DFHIS2040 reporting a security violation when acquiring an IPIC connection (IPCONN) in some of my CICS regions? These connections were running successfully before the IPL.
Here are the messages I receive:
DFHIS3030 I IPCONN xxxxxxxx installed.
DFHIS3000 IPCONN xxxxxxxx with applid autoinstalled successfully
using autoinstall user program yyyyyyyy and
template zzzzzzzz after a connection request was received
on tcpipservice aaaa from host xxx.xxx.xxx.xxx.
DFHIS2040 bbbbbbbb Unable to acquire IPCONN xxxxxxxx due to a security violation
DFHIS3030 I bbbbbbbb IPCONN xxxxxxxx deleted.
The trace shows the following exception trace entry,
IS 0530 ISCO *EXC* - SECURITY_VIOLATION - FUNCTION INITIALIZE_CONNECTION)
The development team is unable to do any work that involves broker connection.
Answer
The security violation is being reported in message DFHIS2040 because TCPIP stack did not join the sysplex. As a result, the broker or CICS is trying to make a secure connection when it should not. Note: If CICS and the broker are not in the same sysplex, the connection must be over a Secure Sockets Layer (SSL) connection.
DELAYJOIN was coded on GLOBALCONFIG in the TCPIP profile by mistake. This parameter is documented as follows: DELAYJOIN Delay joining the TCP/IP sysplex group and processing any VIPADYNAMIC block or DYNAMICXCF statements during stack initialization until OMPROUTE is started and active and you do not have OMPROUTE in your environment.
You have to change it to NODELAYJOIN (default value), rejoining the sysplex group by entering command:
V TCPIP,tcp_proc,OBEYFILE,profile_dataset_member
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
02 June 2016
UID
dwa1275761