IBM Support

DFHAC2003 Security violation, TSS9406E probable site interfacing error and DFHUS0002 error 0309 after upgrading to CICS TS 5.3

Question & Answer


Question

After upgrading from CICS Transaction Server for z/OS (CICS TS) V5.1 to CICS TS V5.3, I started seeing the following errors:

 DFHAC2003 Security violation has been detected term id = TERM, 
  trans id = TRAN, userid = USERA.
 TSS9406E PROBABLE SITE INTERFACING ERROR (030)
 DFHUS0002 A severe error (code X'0309') has occurred in module DFHUSAD.
 

CA Top Secret from CA Technologies is my external security manager (ESM).

What is the cause of these errors?

Answer

When a non-terminal user gets deleted (for example, in response to USRDELAY), its access control environment element (ACEE) is deleted as well. This is normal processing. But in this case the ACEE being freed is also used by the terminal user, and this duplicate usage led to the errors.

CICS simply stores the ACEE returned to it by the ESM. In this case, the same ACEE was used for 2 separate signons. CA Technologies product Top Secret is the ESM, and they are developing 2 fixes. At the time of this writing, the ENF fix is still under development. Please contact CA Technologies for these fixes.

Top Secret RO93688:
Accumulation of TSS or ACF2 control blocks in CICS private area. The 4K KTRT control blocks are not being freed because ENF/CICS is not driving cleanup for transactions running with KTCB_TCB_TYPE=KTCB_ARBITRARY_NAME under CTS 5.3.

 SYMPTOMS: Increase in SUBPOOL xxx and over time could lead to S878 abends.
 IMPACT:   Can cause the termination of a CICS region 
 

ENF PTF TR95271 (test fix):
CTS 5.3 under TSS, CJ** transactions were not being validated under CICS but were getting routed directly to the SAF interface.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"5.3","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Document Information

Modified date:
28 May 2017

UID

dwa1377807