CMOD 10.5 Release Notes

Ed_Arnold · September 07, 2022, 05:18:56 PM

For everyone upgrading to 10.5 on z/OS - make sure you're referring to the z/OS 10.5 Upgrade Readme file located here:

https://www.ibm.com/support/pages/ibm-content-manager-ondemand-zos-v105-readme

This is separate from the multiplat server and client readmes which are published one-for-every-fixpack available here:

https://www.ibm.com/support/pages/ibm-content-manager-ondemand-multiplatforms-version-105-readme-files

Ed

Ed_Arnold · August 17, 2023, 06:03:23 PM

The arsmaint program has always been designed to be initiated on the server.

Prior to fixpack 10.5.0.6 this restriction was not enforced.

Starting with 10.5.0.6 this restriction is being enforced.

This can result in arsmaint failing in two different cases.

1.) If arsmaint is not being initiated on the server, the solution is to run arsmaint on the server,

2.) If arsmaint is being initiated on the server, the server may not be resolving localhost correctly. Check to ensure the domain name localhost is resolved correctly.

Ref: https://www.ibm.com/support/pages/node/7027952

Ed_Arnold · September 14, 2023, 07:57:27 PM

Had a couple reports of the 10.5.0.7 PTF not APPLYing.

Solution is to APPLY everything up to and including 10.5.0.6 first.

In other words, 10.5.0.6 is the keyhole that service application has to pass through before APPLYing 10.5.0.7.

Ed

Ed_Arnold · September 15, 2023, 09:51:20 PM

IF you're configuring ICN for Single Sign-On on z/OS

THEN you need to be at 10.5.0.6.

HOWEVER - I am told that if you're not running arsusec as shipped, right out of the can, then there are no guarantees as to whether SSO will work.

Ed

Ed_Arnold · January 02, 2024, 05:51:41 PM

Specifying an index parameter two different ways is unsupported.

Specifically, in this instance, the problem was specifying job_name index created from two different sources: (INDEX1= and -b/-B).

After upgrading from 10.1 to 10.5 the symptom was reports that failed to load, despite having loaded successfully at 10.1.

In these cases, the 88-type record simply indicates an error of RC = 6.

The desire was for -b/-B to win, overriding what ACIF (or any of the indexers) might have found in the report.

However, that is not supported.

Remove one of the specifications.

Ed_Arnold · February 08, 2024, 09:01:48 PM

At 10.5.0.7 the default TLS (SSL) level for both clients and the server flips from TLS V1.2 to TLS V1.3.

If implementing TLS for the first time, things might be easier if all of CMOD, clients and servers, are at 10.5.0.7 first.

Ed_Arnold · April 30, 2024, 06:52:55 PM

10.5.0.7 - the default IMDS switches from V1 to V2

The Instance Metadata Service Version 2 (IMDSv2) adds protections; specifically, IMDSv2 uses session-oriented authentication with the following enhancements: IMDSv2 requires the creation of a secret token in a simple HTTP PUT request to start the session, which must be used to retrieve information in IMDSv2 calls

Ed_Arnold · April 30, 2024, 06:57:54 PM

Quote from: Ed_Arnold on February 08, 2024, 09:01:48 PM
At 10.5.0.7 the default TLS (SSL) level for both clients and the server flips from TLS V1.2 to TLS V1.3.

If implementing TLS for the first time, things might be easier if all of CMOD, clients and servers, are at 10.5.0.7 first.

10.5.0.8 Release Note --- recommended for TLS V1.3

Changed in 10.5.0.8 is that if GSK_V3_CIPHER_SPECS_EXPANDED is not specified and you want TLS 1.3, development has added TLS 1.3 ciphers to the default ciphers.

If prior to 10.5.0.8, specify GSK_V3_CIPHER_SPECS_EXPANDED=130313011302C02CC02BC030C02FC024C023 to ensure the TLS 1.3 cipher pairs (1301, 1302, 1303) are available.

Ed

Ed_Arnold · May 07, 2024, 06:22:04 PM

Error is max return code allowed on linkedit is 0, but getting a return code of 4.

The fix is being developed, I'll publicize when available.

Ed

Ed_Arnold · May 10, 2024, 03:23:45 PM

CMOD comes up with a default mode of FIPS = ON.

TLS V1.3 won't work when FIPS is ON.

If you're trying to implement TLS V1.3, add the following to your arssockd.cfg:

ARSSOCK_FIPS=0

Ed

Ed_Arnold · May 13, 2024, 04:36:01 PM

Run arsxml with the following files one at a time

/usr/lpp/ars/V10R5M0/bin/xml/samples/applgroupAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/applicationAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/recipientAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/recipListAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/rptIdAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/distribAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/rptBundleAdd.xml

Run arsload with

-g "Daily sales invoices" and input file /usr/lpp/ars/V10R5M0/samples/salesinvoice

If the ODF started task is up that will kick off a distributioin.
_________________________

Here's a sample batch job that I use to run those arsxml commands one at a time:

//STEP1 EXEC PGM=BPXBATCH,REGION=0M
//*
//STEPLIB DD DISP=SHR,DSN=ARS.ARSV1050.SARSLOAD
// DD DISP=SHR,DSN=DB2.V13R1M0.SDSNEXIT
// DD DISP=SHR,DSN=DB2.V13R1M0.SDSNLOAD
//SYSPRINT DD SYSOUT=*
//SYSOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//STDOUT DD SYSOUT=*
//STDPARM DD *
PGM /usr/lpp/ars/V10R5M0/bin/arsxml
add
-h ARCH1010 -u ed -p haha -v

Ed_Arnold · May 16, 2024, 06:17:56 PM

Quote from: Ed_Arnold on May 07, 2024, 06:22:04 PM
Error is max return code allowed on linkedit is 0, but getting a return code of 4.

The fix is being developed, I'll publicize when available.

Ed

Fix is available:

https://www.ibm.com/support/pages/apar/PH61112

****************************************************************
* PROBLEM DESCRIPTION: 1.ARS0466E SSL CONNECT ERROR. A *
* gsktrace shows EDC8105I SOCKET *
* OPERATION ON NON-SOCKET *
* 2.Message IEW2454W 9203 SYMBOL *
* IEAN4RT UNRESOLVED. NO AUTOCALL (NCAL) *
* SPECIFIED when applying a PTF *
****************************************************************
1.A zero was passed to z/OS System SSL instead of a socket.
System SSL tried to use zero for socket operations leading to
connection failure.
2.A defect in a PTF building tool caused some PTFs to not
have updated JCLIN leading to SMP/E not allocating a SYSDEFSD DD
when needed, causing the IEW2454W message
Problem conclusion

1.The correct socket is passed to z/OS system SSL.
2.The PTF tool is corrected. JCLIN for affected LMODs is
being reshipped.

Ed_Arnold · September 27, 2024, 07:43:03 PM

Easy to overlook is this enhancement in PH62965 which has over time has bitten many of our users:

The 390 indexer is enhanced when the INDEXSTYLE is not AFP to
do some additional checking of some cases where a FILEFORMAT is
required. In the case where ANYEXIT is specified, a message
will be generated and the load will be allowed to proceed. If
ANYEXIT is omitted, a message will be generated and the load
will be failed. For the case where ANYEXIT is specified, a
missing FILEFORMAT for linedata documents will prevent page
counts from being calculated. The 390 indexer will also check
for a missing NEWLINE keyword.

Ed_Arnold · April 03, 2025, 04:53:15 PM

10.5.0.8 inadvertently removed the 201 message.

The 201 message has been restored in 10.5.0.9

Ed