R R S F

www.rizzuto.it

Racf Remote Sharing Facility

16.03.2001
N. Rizzuto
 SUMMARY

IMPLEMENTATION.........................................................................................................................................................3

OPERATION......................................................................................................................................................................6

RRSF SECURITY..............................................................................................................................................................8

RESOLVING PROBLEMS...............................................................................................................................................9
IMPLEMENTATION

After insuring that the prerequisites were met (MVS 4.3 or OS390, RACF 2.2, VTAM 3.4, APPC active), the
implementation started by determining the name to be given to the ACB's to be used by RACF for the
intersystem communication and having them defined in VTAM. All ACB's were called LU%%RRSF, where %
% is substituted with two characters representing the system to which the ACB relates. This is a normal
VTAM definition with APPC=YES, VERIFY=REQUIRED and SECACPT=CONV, which means respectively
that the various LU's must talk to each other exchanging a session key (password) and access security
information is supported. The system symbol &S1 is used to differentiate the various ACB's while using only
one definition, the APPL is always APPLRRSF.

The second step was to add these APPC LU's to the APPLRRSF VBUILD TYPE=APPL
APPC configuration of the various MVS images by * STATOPT='RRSF '
LU&S1.RRSF APPL APPC=YES,
specifying them in the parmlib member APPCPM00 and AUTH=(ACQ),
issuing the MVS command SET APPC=00 to activate DMINWNL=25,
them. This allows RRSF to use APPC/MVS as a vehicle DMINWNR=25,
to send and receive messages from one node to another. DSESLIM=50,
MODETAB=DLOGMOD,
This LU is not associated with a transaction scheduler VERIFY=REQUIRED,
and searches only for system-level profiles, in the data SECACPT=CONV,
set specified in TPDATA. VPACING=2

In the meantime, a new RACF profile was defined with

LUADD
the appropriate access permits for the various data sets ACBNAME(LU&S1.RRSF),
which RRSF allocates and uses to temporarily store the NOSCHED,
information to be sent across the network. This profile TPDATA(SYS1.APPC.TPDATA),
corresponds to an existing SMS-managed high level TPLEVEL(SYSTEM)
qualifier and must then be specified in the network
definition as documented later. The data set allocated as AD ('SYS2.RACF*') DATA('RRSF DS') UACC(NONE)
RRSF parmlib library containing the RRSF network OWNER(SYS1) GEN
definitions, was instead already protected by an existing PE 'SYS2.RACF*' GEN ID(RACF) ACC(ALTER)
profile (SYS1.RACF*). PE 'SYS2.RACF*' GEN ID(SYST) ACC(ALTER)
PE 'SYS2.RACF*' GEN ID(OPER) ACC(ALTER)

The RACF started task, which is effectively responsible

for the managing of the network, was already active,
although its level of authority was not yet adequate and RDEF STARTED (RACF.*) STDATA(USER(RACF)
had no parmlib allocated in its JCL. A new profile was PRIVILEGED(YES) TRACE(YES))
therefore defined in the STARTED class to allow the SETROPTS RACLIST(STARTED) REFRESH
started task RACF to run as privileged, as recommended
by IBM. At this point, having given the started task the
necessary authority, the parmlib data set to be used for
the RRSF network definition was allocated, an empty //RACF EXEC PGM=IRRSSM00,REGION=0M
//RACFPARM DD DSN=SYS1.RACF.PARMLIB,DISP=SHR
member IRROPT00 created and referenced in the
relative JCL by adding an extra DD RACFPARM.
To make the changes effective, RACF was stopped Not specifying the parameter OPT is like specifying
(RACF STOP) and started again (S RACF,SUB=MSTR). <PARM='OPT=00'> in the RACF EXEC card.

Before dealing exclusively with the definition of the actual

network, two sets of RACF definitions were still SETROPTS GENERIC(APPCLU)
necessary. The class APPCLU was activated and a
RDEF APPCLU(MYNET.LUSARRSF.LUSFRRSF)
UACC(NONE) OWN(SYS1)
SESSION(SESSKEY(...) CONVSEC(ALREADYV)
NOINTERVAL)

SETROPTS CLASSACT(APPCLU)
series of profiles were defined to indicated which primary
LU can converse with which partner-LU's . The
RRSFDATA class was activated and RACLIST'ed and it
is used by RRSF to verify whether a specific message
direction is allowed once automatic command or SETROPTS GENERIC(RRSFDATA)
SETROPTS RACLIST(RRSFDATA)
password direction is turned on. SETROPTS CLASSACT(RRSFDATA)
The profiles needed for the RRSFDATA class, having to
deal with message direction, are different for every PLEXWLB
database and include the from and to node names.
RDEF RRSFDATA (AUTODIRECT.TESTPLEX.*.*)
At this point, it was then necessary to determine the UACC(R)
names to be given to the nodes involved, which were
PRODPLEX for the SYSA, SYSB, SYSC and SYSD TESTPLEX
systems and TESTPLEX for SYSE, SYSF e SYSG, thus
RDEF RRSFDATA (AUTODIRECT.PRODPLEX.*.*)
reflecting the name already assigned to the sysplexes. UACC(R)

Once all RACF definitions were complete, the RRSF network definitions statements were added to the start-
up member IRROPT00 (default if in JCL if not otherwise specified). In view of the imminent sharing of one
RACF database in the PRODPLEX sysplex, the network has been already defined as made up of two so-
called multi-systems nodes: PRODPLEX which comprises all SYSA, SYSB, SYSC and SYSD MVS images
and TESTPLEX which includes SYSE, SYSF and SYSG. This reflects the final RACF database at the time
RRSF will be officially used for command synchronisation.
PLEXWLB

The member contains therefore the definition of two TARGET NODE(PRODPLEX)

multi-systems nodes (NODE parameter) which in turn SYSNAME(SYSA)
consist of various MVS images (SYSNAME parameter) LOCAL
MAIN
which communicate with each other via APPC LU's OPERATIVE
(PROTOCOL parameter). The name of the SMS- DESCRIPTION('SYSA RRSF NODE')
managed data sets used by RRSF to store forwarded PREFIX(SYS2.RACF)
information begins with <SYS2.RACF> (PREFIX PROTOCOL(APPC(LUNAME(LUSARRSF)))
WORKSPACE(STORCLAS(STG11)
parameter) whose SMS characteristics (WORKSPACE MGMTCLAS(MC1)
parameter, STORCLAS & MGMTCLAS) and size in FILESIZE(10000))
number of records (FILESIZE parameter) are also ...
predetermined. The SMS characteristics assigned are TARGET NODE(PRODPLEX)
SYSNAME(SYSB)
those already assigned by the ACS routines to the data LOCAL
set with high level qualifier SYS2. Because permanently OPERATIVE
in use, these data sets were excluded from those saved DESCRIPTION('SYSB RRSF NODE')
daily by the general backup jobs PREFIX(SYS2.RACF)
PROTOCOL(APPC(LUNAME(LUSBRRSF)))
WORKSPACE(STORCLAS(SG1)
Only one system in each multi-system node is assigned MGMTCLAS(MC1)
the task of communicating with the other nodes (MAIN FILESIZE(10000))
parameter) while all of them should be made active as ...
TARGET NODE(TESTPLEX)
the started-task RACF is started (OPERATIVE parameter SYSNAME(SYSF)
). The only difference between the IRROPT00 member in MAIN
one multi-systems node and the other is the attribute of OPERATIVE
LOCAL which is assigned to the SYSE/F/G systems in DESCRIPTION('SYSF RRSF NODE')
PREFIX(SYS2.RACF)
TESTPLEX and to the other systems in PRODPLEX. PROTOCOL(APPC(LUNAME(LUSFRRSF)))
In the current configuration, system SYSB and system WORKSPACE(STORCLAS(SG1)
SYSF have been defined as main systems for the MGMTCLAS(MC1)
PRODPLEX and TESTPLEX node respectively. FILESIZE(10000))
...

Finally, automatic direction was turned on only in

PRODPLEX, first , for testing purposes, specifying that all
results must be returned (OUTPUT ALWAYS parameter),
then reducing the returned output to those commands
carried out on the remote node which, for whatever
reason, fail (OUTPU FAIL parameter). The user to be
SET AUTODIRECT (OUTPUT(ALWAYS(&RACUID)) -
NOTIFY(ALWAYS(&RACUID)))
SET AUTODIRECT (OUTPUT(FAIL(&RACUID)) -
NOTIFY(FAIL(&RACUID)))
notified is, in any case, the user that issued the RACF
command (&RACUID parameter).
This, like all other RRSF commands can be issued both like normal MVS commands by prefixing them with
the default subsystem prefix RACF, by including them in the main IRROPT00 start member or by creating a
temporary member like IRROPT01 and then issuing the command < RACF SET INCLUDE(01) >.
LU SECURITY

Special care must be given to the issue of LU security which, due to the various levels of security
available and its interdependence with VTAM definitions, can be at first quite difficult to come to terms
with.

RACF VTAM SECURITY DESCRIPTION ACT PROFILE REQ

CLASS VERIFY ACC
VTAMAPPL N/A The ACBNAME used for RRSF cannot be opened Y acbname READ
without proper authority.
APPL N/A Restrict access to the RRSF LU on the local Y Local_luname READ
system.
APPCLU NONE Do not control RRSF node sessions N None N/A
APPCLU OPTIONAL Control only those RRSF sessions for which a Y Netid.local_lu.remote_lu NONE
profile was found. For sessions with a matching
profile, the session-key will be exchanged and it
must match if conversation is to continue.
APPCLU REQUIRED Control all RRSF sessions. A matching profile must Y Netid.local_lu.remote_lu NONE
be found and the session-key must be the same if
the conversation is to take place.
APPCPORT N/A Control which remote users can access the local Y Remote_luname READ
RRSF system.
APPCSERV N/A Protect APPC server access to the RRSF LU. Y Dbtoken.tpname READ

In this implementation, as described earlier, only the APPCLU option was taken into consideration
Security has been established by setting the VTAM APPC LU parameter VERIFY to REQUIRED and
defining the relative RACF APPCLU profiles. A so-called session-key has also been defined and this
must be the same for each pair of LU's wishing to communicate with each other. Before
communication can take place, the session-keys are verified and, only if they match, can RRSF
communication between those two nodes begin.

A profile - only the partner side can be generic - has been RDEFINE APPCLU (netid.local_lu.partner_lu) ...
defined in the APPCLU class for every primary LU . The RDEFINE APPCLU(MYNET.LUSBRRSF.LU%%RRSF)
netid corresponds to the NETID option in the VTAM UACC(NONE) OWN(SYS1) SESSION(SESSKEY(SKEY)
CONVSEC(ALREADYV) NOINTERVAL)
ATCSTRxx member and this format is to be used only for
non-network-qualified LU's (the NQNAME option is not
specified on the ACB).
The class need not be RACLIST'ed as this is done
automatically by VTAM. If changes are made to the
profiles, these can be refreshed by issuing the VTAM
command F NET,ID=luname,PROFILES. RLIST APPCLU profile SESSION

SESSION KEY IS ….
The session key can be any alphanumeric password, SESSION KEY INTERVAL IS UNLIMITED
up to eight characters long. The parameter UNLOCKED
CONVSEC(ALREADYV) means that RACF assumes CONVSEC= ALREADYV
that the remote userid has already been verified on
the sending system, while NOINTERVAL specifies
that this password will not automatically expire.
OPERATION

As soon as RACF-STC is started, RACF reads the member IRROPT00 in the data set
SYS1.RACF.PARMLIB and executes all the commands which it contains.

S RACF,SUB=MSTR
IRRM002I ((RACF)) RACF SUBSYSTEM TARGET COMMAND HAS COMPLETED
SUCCESSFULLY. 566
IRRM035I ((RACF)) RACF SUBSYSTEM TARGET COMMAND CANNOT MAKE NODE
PRODPLEX SYSNAME SYSA OPERATIVE BECAUSE ONLY THE
DEFINED STATE IS ALLOWED.
IRRM002I ((RACF)) RACF SUBSYSTEM TARGET COMMAND HAS COMPLETED 568
SUCCESSFULLY. 569
IRRM035I ((RACF)) RACF SUBSYSTEM TARGET COMMAND CANNOT MAKE NODE
PRODPLEX SYSNAME SYSC OPERATIVE BECAUSE ONLY THE
DEFINED STATE IS ALLOWED.
...

The warning messages for all systems not defined as MAIN are to be considered normal because in this
case the OPERATIVE parameter is necessary only on the system to which it refers but cannot be carried out
on any other system. The advantage of this approach is that only one member is then used for all the
systems involved.

Stopping the started task RACF is also possible as this terminates only the synchronisation tasks and not
RACF itself. To do that, issue the command RACF STOP from the SDF console.

RACF STOP
IRRB069I ((RACF)) RACF SUBSYSTEM STARTING SHUTDOWN PROCESSING. 437
IRRC028I ((RACF)) RACF REMOTE SHARING SERVER HAS DE-REGISTERED FROM 4
APPC/MVS.
IRRJ001I ((RACF)) RACF RACF LOCAL NODE TRANSACTION PROGRAM COMPLETED
UNDER USER ID RACF GROUP STC.

Commands can in case be executed directly, by prefixing the command with the prefix RACF, or by putting
them in a temporary member in SYS1.RACF.PARMLIB and then issuing the command RACF SET
INCLUDE(xx) where xx are the last two digits of a member IRROPTxx.

To check the status of all network nodes and members, issue the command RACF TARGET LIST.

RACF TARGET LIST

IRRM009I ((RACF)) LOCAL RRSF NODE PRODPLEX SYSNAME SYSA IS IN THE
DEFINED STATE.
IRRM009I ((RACF)) LOCAL RRSF NODE PRODPLEX SYSNAME SYSB (MAIN) IS IN
THE OPERATIVE ACTIVE STATE.
IRRM009I ((RACF)) LOCAL RRSF NODE PRODPLEX SYSNAME SYSC IS IN THE
DEFINED STATE.
...
IRRM009I ((RACF)) REMOTE RRSF NODE TESTPLEX SYSNAME SYSF (MAIN) IS IN
THE OPERATIVE PENDING CONNECTION STATE.
IRRM009I ((RACF)) REMOTE RRSF NODE TESTPLEX SYSNAME SYSG IS IN THE
OPERATIVE PENDING CONNECTION STATE.
All systems defined as MAIN (SYSB and SYSF) should also be in the OPERATIVE ACTIVE STATE, any
other state must be investigated as this means that the APPC communication is not taking place and all
commands are being temporarily store in the output message data set. Details regarding a specific system
state and its <buffer data sets> can be obtained by specifying the system of interest.

RACF TARGET LIST NODE(PRODPLEX) SYSNAME(SYSB)

IRRM010I ((RACF)) RACF SUBSYSTEM PROPERTIES OF LOCAL RRSF NODE PLEXWLB
SYSNAME SYSB (MAIN):
STATE - OPERATIVE ACTIVE
DESCRIPTION - "SYSB RRSF NODE"
PROTOCOL - APPC
LU NAME - LUSBRRSF
TP PROFILE NAME - IRRRACF
MODENAME - <NOT SPECIFIED>
TIME OF LAST TRANSMISSION TO - <NONE>
TIME OF LAST TRANSMISSION FROM - <NONE>
WORKSPACE FILE SPECIFICATION
PREFIX - "SYS2.RACF"
WDSQUAL - <NOT SPECIFIED>
FILESIZE - 10000
SMS INFORMATION
DATACLAS - <NOT SPECIFIED>
MGMTCLAS - MC1
STORCLAS - SG1
FILE USAGE
"SYS2.RACF.SYSB.INMSG"
- CONTAINS 0 RECORD(S)
- OCCUPIES 1 EXTENT(S)
"SYS2.RACF.SYSB.OUTMSG"
- CONTAINS 0 RECORD(S)
- OCCUPIES 1 EXTENT(S)
RRSF SECURITY

The generic class RRSFDATA controls all security authorisation.

The following is a summary of all available profiles, the READ access is the only one necessary to be or not be
allowed to a certain function.

AUTODIRECT.node.class.command¦ Have RACF automatically direct all commands in class class to

node node.
Note: it is better to discretely define the classes to be
syncronized, to avoid syncrhonization of special classes like
TAPEVOL or RRSFDATA.
AUTODIRECT.node.USER.PWSYNC Have RACF automatically direct all password changes to node
node.
DIRECT.node Specify the AT keyword on RACF commands to direct them to
node node.
PWSYNC Synchronize passwords with another user ID after establishing
an association with that user ID that specifies
password synchronization.
RACLINK.DEFINE.node Issue the RACLINK DEFINE command to define an association
with a user ID on node node.
RACLINK.PWSYNC.node Issue the RACLINK DEFINE command to define an association
that synchronizes passwords with a user ID on node node.

The following profiles are necessary to control RACF commands issued via console and the MVS commands necessary
to vary and display the status of the RRSF network.

PROFILE DESCRIPTION COMMAND

RACF.** All commands not explicitly identified N/A
RACF.DISPLAY Display logged on users <DISPLAY
RACF.LIST* List users or groups LU ; LG
RACF.RESTART Restart RRSF function RESTART
RACF.RLIST General resource list RLIST
RACF.SEARCH Search class SEARCH
RACF.SET.LIST List RRSF network status <SET LIST
RACF.STOP Terminate RACF address space <STOP RACF
RACF.TARGET.LIST List specific node status <TARGET LIST
RESOLVING PROBLEMS

It may be that, especially when configuring the RRSF network for the first time, not everything works as
expected. It might be because the work files cannot be allocated or there are inconsistencies in the way the
network has been defined on different nodes, a profile is missing or incorrect etc. Whatever the reason, it is
important to examine all possible reasons starting from the simple ones - the local node is not active or a
TARGET OPERATIVE command was not issued for a remote node, for example - and then work your way up to
the solution by a process of elimination. In most cases the problem appears in the form of an APPC return code,
but it is really much simpler than it looks. When you look up the APPC message you are often simply re-directed
to a VTAM open error code which can be found in the manual <VTAM Messages & Codes>. In fewer cases, the
return code comes actually from APPC and in this case it is important to note down the APPC verb and return
code combination. These codes can be found in the manual <MVS Writing TPs for APPC/MVS> although they
are unfortunately not very well organised: you usually need to look for the failing verb first and then look for an
indication of possible error codes. In 90 percent of all cases, this information together with patiently going over
all the parameters, VTAM definitions and RACF profiles, leads eventually to the solution. As a last resource, it is
possible to request an APPC trace to see what actually went on during the LU conversation. The commands
described here are based on the assumption that the library SYS1.SBLSCLI0 is not in the ISPF SYSPROC or
SYSEXEC concatenation and you do not want to add it. In every other case, you can call directly the ATBTRACE
exec and you do not obviously need to specify the library.
Start by allocating a data set for the trace, sequential and with minimum blocksize of 4096. Make sure the
primary space is big enough as APPC will not use the secondary space, all other parameters are not really
important as these will be overridden during the trace itself.

 Start the trace by issuing the following command from the TSO command line.

EXEC 'SYS1.SBLSCLI0(ATBTRACE)' 'START DSN(trace_dsname) LU(lu_name) TP(IRRRACF)'

ATB60035I ATBTRACE START WAS SUCCESSFUL

 Check that the trace is actually active.

EXEC 'SYS1.SBLSCLI0(ATBTRACE)' 'LIST'

ATB60046I LIST OF ACTIVE API TRACES FOR DATA SET

INT9493.TRACE IN USE BY INT9493
API TRACE WAS STARTED AT 03/26/2001 12:03:05.084998 FOR:
LU : DEWLB001.WN1RRSF
TP : IRRRACF
SYMDEST: N/A
USERID : *
ATB60042I ATBTRACE LIST IS COMPLETE

 Start the node with which the connection cannot be established and specify its LU as partner LU for your
trace.

 Stop the TRACE.

EXEC 'SYS1.SBLSCLI0(ATBTRACE)' 'STOP DSN(trace_dsname)'

ATB60036I ATBTRACE STOP WAS SUCCESSFUL

At this point your trace data set should contain a detailed account of the LU-LU conversation.
In the following example an obscure return code 1 from ATBALC2 turned out to be an SSCP-SSCP session not
available.
RACF TARGET NODE(PLEXWLB) SYSNAME(OSN1) OPERATIVE
IRRC024I ((RACF)) RACF REMOTE SHARING CONNECTION TO NODE PRODPLEX 615
SYSNAME SYSD DID NOT COMPLETE SUCCESSFULLY. FAILURE
OCCURRED WHEN APPC VERB ATBALC2 WAS ISSUED. RETURN
CODE = 1.

Trace data set

...
JOB NAME : RACF
LU : MYNET.LUSDRRSF
TP : IRRRACF
USERID : APPC
CONVID : 1BDB4E78000044E8
PARAMETERS:
RETURN_CODE: ALLOCATE_FAILURE_NO_RETRY
ERROR_INFO:
MESSAGE_TEXT_LENGTH: 124
MESSAGE_TEXT : ATB80100I From VTAM macro APPCCMD: Primary error return
Return code: 0000, sense code 08060036

VTAM codes
0036 No SSCP-SSCP session exists between the VRTG end
points.

VTAM Information: VTAM sets this sense code when a

CDINIT(5) cannot be sent because there is no SSCP
session between the VRTG endpoints.

In the following pages a number of real solved problems can be found for reference.
SYMPTOM

The connection is in PENDING VERIFY, everything seems to be ok, yet the connection will not go ACTIVE
and the following messages appear:

IRRI001I COMMUNICATION SUCCESSFULLY ESTABLISHED

IRRN020I APPC RECEIVE AND WAITING STARTED
IRRN009I RACF APPC RECEIVE TRANSACTION PROGRAM COMPLETED
IRRC026I RACF REMOTE SHARING REQUEST COULD NOT BE COMPLETED

PROBABLE CAUSE

There is a problem in passing the work requests onto the task that routes the work within the subsystem
address space.

RESOLUTION

If this is a newly defined network, make sure all nodes are defined as OPERATIVE and all main and sub nodes
are defined to all nodes. Correct the definitions and retry.
If that is not the case, try restarting one by one all RACF internal subtask with the restart command. If that still
fails the only way out is to stop and restart the RACF started task.
SYMPTOM

The connection is in OPERATIVE PENDING and when trying to connect APPC issues an error code 2 or 19 on
the ATBALC2 verb. When issuing the command D APPC,LU,LIST the LU which RSF is supposed to use is in a
pending state.

IRRC024I CONNECTION DID NOT COMPLETE SUCCESSFULLY RETURN CODE = 19 (APPC TP code)
APPC : A parameter specified on the call is not valid.
ATB052E LOGICAL UNIT NOT ACTIVATED ... REASON CODE = 72 (VTAM OPEN MACRO HEX)

PROBABLE CAUSE

If it is the first time you are trying to activate RRSF on this system then probably the class APPCLU is not
active or the ACB definition is missing. Be warned that the message ATB052E is only used the first time
APPC tries to activate the LU. If you want to double check you need to issue a LU DEL ACBNAME() and
then the normal command again.

RESOLUTION

Simply activate the APPCLU class, but before doing so delete any existing profiles to avoid any possible trouble
with GENERIC/NON GENERIC profiles.

REFERENCE

OS/390 MVS Writing Tps for APPC/MVS GC28-1774-00 IEA1K505

VTAM Messages & Codes SC31-8369-00 ISTM3004-3102
SYMPTOM

The connection is in OPERATIVE PENDING and the following message appears when trying to activate it.

IRRC024I CONNECTION DID NOT COMPLETE SUCCESSFULLY RETURN CODE = 10 (APPC TP code)
APPC : The partner LU cannot start the TP.

PROBABLE CAUSE

The partner node is probably not in the operative state.

RESOLUTION

Issue the TARGET NODE() OPERATIVE to put the partner RRSF in the correct state.

REFERENCE

OS/390 MVS Writing Tps for APPC/MVS GC28-1774-00 IEA1K505

SYMPTOM

The connection is in OPERATIVE PENDING CONNECTION and when trying to connect APPC issues an error
code 5 or 6 on the ATBALC2 verb. When issuing the command D APPC,LU,LIST the LU which RSF is supposed
to use is in the ACTIVE state.

IRRC024I CONNECTION DID NOT COMPLETE SUCCESSFULLY RETURN CODE = 5 (APPC TP code)
APPC : A parameter specified on the call is not valid.

PROBABLE CAUSE

There is something wrong with the security definition on the local node (RC=6) or the partner node (RC=5).

RESOLUTION

Check that the profiles for the two nodes exist, they have identical session keys and have not expired, through
the command „RLIST APPCLU profile SESSION“ .
Check also the security VTAM definitions, they should have VERIFY=REQUIRED.
If everything seems still ok, try refreshing the APPCLU class and the VTAM profiles with the command F
NET,ID=,PROFILES .

REFERENCE

OS/390 MVS Writing Tps for APPC/MVS GC28-1775-00 IEA1K505

VTAM Messages & Codes SC31-8369-00 ISTM3004-3102
SYMPTOM

The connection is in OPERATIVE PENDING CONNECTION and when trying to connect APPC issues an error
code 6 on the ATBSEND verb. When issuing the command D APPC,LU,LIST the LU which RSF is supposed to
use is in the ACTIVE state.

IRRC024I SYSNAME SYSD DID NOT COMPLETE SUCCESSFULLY. FAILURE

OCCURRED WHEN APPC VERB ATBSEND WAS ISSUED. RETURN
CODE = 6.

If Send_Error is called in Send state, possible values for Return_code

are:

6 Security_not_valid

PROBABLE CAUSE

There is something wrong with the security definition on either node .

RESOLUTION

Make sure the profile and authorisation for the class APPL are also correct, try setting them temporarily to
WARNING then retry. Specify the option NOTIFY on the RALT command to determine who lacks the
authorisation to use the profiles

REFERENCE

OS/390 MVS Writing Tps for APPC/MVS GC28-1774-00 IEA1K505

VTAM Messages & Codes SC31-8369-00 ISTM3004-3102
SYMPTOM

The connection is in OPERATIVE PENDING CONNECTION and when trying to connect APPC issues an error
code 1 on the ATBALC2 verb. When issuing the command D APPC,LU,LIST the LU which RSF is supposed to
use is in the ACTIVE state.

IRRC024I SYSNAME sysname DID NOT COMPLETE SUCCESSFULLY. FAILURE

OCCURRED WHEN APPC VERB ATBSEND WAS ISSUED. RETURN
CODE = 1.

ICH415I SESSION ATTEMPT REJECTED. REASON CODE = 05

ICH415I ENTITY: MYNET.LUSERRSF.LUSFRRSF
ICH415I PROFILE: MYNET.LUSERRSF.LU%%RRSF

PROBABLE CAUSE

The session key in the relative APPCLU profiles is missing or incorrect and the LU's are defined in VTAM as
VERIFY=REQUIRED.

RESOLUTION

Check that the profiles for the various nodes in the class APPCLU contain identical session keys and they have
not expired, through the command „RLIST APPCLU profile SESSION“ . Refresh VTAM with the command F
NET,ID=,PROFILES.

REFERENCE

OS/390 MVS Writing Tps for APPC/MVS GC28-1774-00 IEA1K505

VTAM Messages & Codes SC31-8369-00 ISTM3004-3102