IBM Support

DFHIS2040 Unable to acquire IPCONN due to security violation after re-IPL

Question & Answer


Question

After an IPL of an LPAR, why would I receive message DFHIS2040 reporting a security violation when acquiring an IPIC connection (IPCONN) in some of my CICS regions? These connections were running successfully before the IPL.

Here are the messages I receive:

 DFHIS3030 I IPCONN xxxxxxxx installed.                                   
 DFHIS3000   IPCONN xxxxxxxx with applid autoinstalled successfully
             using autoinstall user program yyyyyyyy and 
             template zzzzzzzz after a connection request was received 
             on tcpipservice aaaa from host xxx.xxx.xxx.xxx.                                              
                                                                         
 DFHIS2040   bbbbbbbb Unable to acquire IPCONN xxxxxxxx due to a security violation  
 DFHIS3030 I bbbbbbbb IPCONN xxxxxxxx deleted.

The trace shows the following exception trace entry,

 IS 0530 ISCO  *EXC* - SECURITY_VIOLATION - FUNCTION INITIALIZE_CONNECTION)  

The development team is unable to do any work that involves broker connection.

Answer

The security violation is being reported in message DFHIS2040 because TCPIP stack did not join the sysplex. As a result, the broker or CICS is trying to make a secure connection when it should not. Note: If CICS and the broker are not in the same sysplex, the connection must be over a Secure Sockets Layer (SSL) connection.

DELAYJOIN was coded on GLOBALCONFIG in the TCPIP profile by mistake. This parameter is documented as follows: DELAYJOIN Delay joining the TCP/IP sysplex group and processing any VIPADYNAMIC block or DYNAMICXCF statements during stack initialization until OMPROUTE is started and active and you do not have OMPROUTE in your environment.

You have to change it to NODELAYJOIN (default value), rejoining the sysplex group by entering command:
V TCPIP,tcp_proc,OBEYFILE,profile_dataset_member

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Document Information

Modified date:
02 June 2016

UID

dwa1275761