Hi
This Weekend we upgraded our Largest production system to 8.5.0.6, and started to see some... weird things.
We're using OPC-started jobs to load data into OD(on z/OS), and the user that are used for OPC have never been defined in OnDemand.
All the jobs are 'pointing' to an arsload.cfg file which includes the userid/pw for the load.
Now we're seeing the following messages in the ARSSOCKD-job:
"
ICH408I USER(OTTRAPP ) GROUP(CDDPUOP ) NAME(RAPP-TT.OPC-ID
LOGON/JOB INITIATION - INVALID PASSWORD
"
But the ARSLOAD-job ends with RC=0 and loads all the data.
Another strange thing is that we can ONLY see theese messages on the OnDemand-instances that are setup for SYSPLEX.
Does anybody have any clue ? Before I open an PMR.
Regards
/H Carlberg
Hi,
I'm not sure. It looks like a mix of RACF, USS and CMOD.
1.
On our system we have detected that in USS sometimes the OPCE user is not taken but another UNIX user with uid 0. In such a case we have to define this user in CMOD, because we do not supply user/pw.
2.
The message is a RACF message. It looks like that the pw of the CMOD configuration is directed to RACF.
==> you will get a RACF error message
3. CMOD uses the provided user/pw
==> The load works fine.
This could explain the strange behavior. But an IBM specialist should confirm this.
regards
Egon
Quotewe can ONLY see these messages on the OnDemand-instances that are setup for SYSPLEX.
Something to do with which JES2 in the sysplex the job goes through Converter/Interpreter as opposed to where the job gets executed?
Is it a shared or separate RACF database for each system in the plex?
Ed
Hi
It's a shared RACF
/Hakan
Do you use any security exits?
Can you reproduce on a test system without enabling a security exit?
Ed
Hi
I can reproduce on test-system.
"..security exit? .." why ?
The messages that I get are RACF, so that kind of includes a security exit... or am I missing something ?
/H Carlberg
I have nothing to add other than if CMOD is working fine I'd open the PMR against RACF to find out why it is that RACF is issuing the message.
Ed
Quote from: ewirtz on March 26, 2013, 09:08:32 AM
1.
On our system we have detected that in USS sometimes the OPCE user is not taken but another UNIX user with uid 0. In such a case we have to define this user in CMOD, because we do not supply user/pw.
Hello Egon!
I believe the explanation for this is in this thread...
http://ODUG.net/index.php?topic=944.0 (http://odug.net/index.php?topic=944.0)
...that you may be getting the last UID 0 from cache.
Ed
Hello Ed,
as stated before this might explain the behaviour. The chosen RACF user has lack of RACF rights. The user provided has the CMOD rights to do the loads
Regards
Egon
Hi
We can forget this ...
The problem was......hrm...me !! I did put on the PTGN-exit(was in my checklist), but what we didn't have was . ARSMVS_ALTERNATE_UNIFIED_LOGIN=1
Sorry !!!!!
regards
/H Carlberg