IXG231I reason 80B at CICS TS startup

Problem
At startup of your CICS® Transaction Server (CICS TS) region, you receive message IXG231I IXGCONN reason 80B. This is followed by message DFHLG0508 log not defined to MVS.

Symptom
You initially set up Logger to use DUMMY logs and now you want to set up real logs. While going through the logger and policy definitions, you found the MVS group made a typo in the stream name. This was subsequently corrected.
After correcting the typo, you still receive the following at startup when attempting to connect to the log:
DFHLG0103I System log (DFHLOG) initialization has started.

IXG231I IXGCONN REQUEST=CONNECT TO LOG STREAM ISP.TST000.TEST000.DFHLOG DID NOT SUCCEED FOR JOB . RETURN CODE: 00000008 REASON CODE: 0000080B DIAG1: 00000008 DIAG2: 0000F801 DIAG3: 05030004 DIAG4: 05020010

DFHLG0508 Log stream ISP.TST000.TEST000.DFHLOG not defined to MVS because model stream SSY6.DFHLOG.MODEL does not exist.

DFHLG0731 A failure has occurred while opening the system log (DFHLOG).DFHDU0303I Transaction Dump Data set DFHDMPA closed.DFHKE1800 ABNORMAL TERMINATION OF CICS IS COMPLETE.

Cause
The STREAMNAME in CICS CEDA definition does not match the LOGSTREAM NAME in MVS definition. Here are the definitions that caused the failure:
MVS Policy using IXCMIAPU:

LOGSTREAM NAME(TST000.TEST000.DFHLOG) STRUCTNAME() LS_DATACLAS()LS_MGMTCLAS() LS_STORCLAS() HLQ(ISP) MODEL(NO)LS_SIZE(12000)STG_MGMTCLAS() STG_STORCLAS() STG_DATACLAS()STG_SIZE(3000)

LOWOFFLOAD(60) HIGHOFFLOAD(80) STG_DUPLEX(YES)

DUPLEXMODE(UNCOND)

RMNAME() DESCRIPTION() RETPD(0) AUTODELETE(NO)

DASDONLY(YES) DIAG(NO) MAXBUFSIZE(65532)
CICS Journal model using CEDA:

CEDA View Journalmodel( DFHLOG )

Journalmodel : DFHLOG

Group : LOGSCICS

Description : DEFINE SYSTEM LOG AS MVS

Journalname : DFHLOG

Type : Mvs Mvs | Smf | Dummy

Streamname : ISP.TST000.TEST000.DFHLOG

Resolving the problem
Change the logstream name in the MVS policy to match the streamname in the CEDA Journalmodel.
Once you correct the DASD ONLY CICS Journalmodel definition, the region will start up fine with the expected DFHLG0777 reason 868 message. This message is to be expected at connect time during CICS startup when the staging dataset is being allocated. You may see more than one 868 message depending on staging dataset size.

Consoles and CICS

Group DFHTERMC contains an autoinstall model definition for a console, but this is not included in DFHLIST

To ensure CICS invokes your autoinstall control program, specify system initialization parameter AICONS=YES, or use the CEMT, or EXEC CICS, SET AUTOINSTALL CONSOLES(PROGAUTO) command to specify console autoinstall dynamically.

If you decide to let CICS autoinstall consoles without invoking your autoinstall control program, specify system initialization parameter AICONS=AUTO, or use the CEMT, or EXEC CICS, SET AUTOINSTALL CONSOLES(FULLAUTO) command to specify console autoinstall dynamically. With the AUTO option, CICS allocates the termid automatically.

Common out-ot-space error codes

B37-04: insufficient space/extents on current volumeand no additional volumes available

B37-08: VTOC conversion routine failed

B37-0C: too many open datasets on device

D37-04: no secondary space specified

E37-04: no more volumes specified

E37-08: no space available on new volume

E37-0C: DADSM exit rejected extend

837-08: Tape dataset requires gt 5 volumes

IEC070I 203-204: No secondary space specified

IEC070I 104-034: Max extents or max RBA limit reached

IEC070I 104-204: VSAM – Insufficient space on current volumeand no additional volumes available, or maxextents reached

DSNT408I: Insufficient space/extents to extend a DB2

SQLCODE –904 tablespace.

Define new user to RACF via batch JCL sample

//DEFRACF EXEC PGM=IKJEFT01,DYNAMNBR=20

//SYSLBC DD DSN=SYS1.BRODCAST,DISP=SHR

//SYSEXEC DD DISP=SHR,DSN=SYS1.SBPXEXEC

//SYSPROC DD DISP=SHR,DSN=SYS1.HRFCLST

//SYSTSPRT DD SYSOUT=*

//SYSTSIN DD *

/*******************************************************************/

/* THIS MEMBER IS USED BY MAINUSER PROGRAM. */

/* */

/* CUSTOMIZE: */

/* PROC(SYSUSER): Change the PROC to your TSO logon procedure. */

/* ACCTNUM(12345678): Change it to your TSO account number. */

/* ALTUSER %USERID% NOSPECIAL NOOPERATION NOGRPACC */

/* If you need to add a highest authority user, change it t */

/* ALTUSER %USERID% SPECIAL OPERATION GRPACC */

/* */

/* SYMBOLS TO BE REPLACED BY PROGRAM: */

/* %USERID% : This is the upper case TSO userid. */

/* %LCUSERID%: This is the lower case TSO userid. */

/* %PASSWORD%: This is initial password for TSO userid. */

/* %USERNAME%: This is the user name of the TSO userid. */

/* %UID% : This is the UID of the user, */

/* It should be unique in system, however it will */

/* be maintained by MAINUSER program. */

/*******************************************************************/

ADDUSER %USERID% NAME('%USERNAME%') +

DFLTGRP(USER) UACC(READ) +

OMVS( +

UID(%UID%) +

PROGRAM('/bin/sh') +

HOME('/u/%LCUSERID%') +

) +

TSO( +

PROC(SYSUSER) +

ACCTNUM(12345678) +

SIZE(24000) +

MAXSIZE(0) +

UNIT(SYSDA) +

JOBCLASS(A) +

USERDATA(0000) +

)

ADDSD '%USERID%.**' GENERIC OWNER(SYS1) UACC(READ) +

AUDIT(FAILURES(READ)) LEVEL(00) DATA('USER DATASET GROUP')

PERMIT '%USERID%.**' GENERIC ID(%USERID%) ACCESS(ALTER)

PERMIT ** CLASS(ACCTNUM) ID(%USERID%)

SETROPTS RACLIST(ACCTNUM) REFRESH

PERMIT ACCT CLASS(TSOAUTH) ID(%USERID%)

PERMIT CONSOLE CLASS(TSOAUTH) ID(%USERID%)

PERMIT JCL CLASS(TSOAUTH) ID(%USERID%)

PERMIT MOUNT CLASS(TSOAUTH) ID(%USERID%)

PERMIT OPER CLASS(TSOAUTH) ID(%USERID%)

PERMIT PARMLIB CLASS(TSOAUTH) ID(%USERID%)

PERMIT RECOVER CLASS(TSOAUTH) ID(%USERID%)

PERMIT SUBMIT CLASS(TSOAUTH) ID(%USERID%)

PERMIT TESTAUTH CLASS(TSOAUTH) ID(%USERID%)

SETROPTS RACLIST(TSOAUTH) REFRESH

PERMIT DBAUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT IKJACCNT CLASS(TSOPROC) ID(%USERID%)

PERMIT IKJASE CLASS(TSOPROC) ID(%USERID%)

PERMIT ISPUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT PLSUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT SYSUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT TEST CLASS(TSOPROC) ID(%USERID%)

PERMIT TIVUSER CLASS(TSOPROC) ID(%USERID%)

SETROPTS RACLIST(TSOPROC) REFRESH

PERMIT ISFOPER.SYSTEM CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFATTR.OUTPUT.* CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFATTR.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFCMD.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFINIT.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFOPER.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

SETROPTS RACLIST(SDSF) REFRESH

PERMIT MVS.ROUTEMGR.OMPROUTE CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.ROUTEMGR.OROUTED CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.SERVMGR.PAGENT CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.SERVMGR.RSVPD CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT JES2.CANCEL.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT JES2.MODIFY.* CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT JES2.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.CANCEL.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.VARY.TCPIP.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

SETROPTS RACLIST(OPERCMDS) REFRESH

PERMIT BPX.SUPERUSER CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT CBD.CPC.IOCDS CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT CBD.CPC.IPLPARM CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.DISK.FULLPACK CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.DISK.INPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.DISK.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.OAM.OUTPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.OAM.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.BLP CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.DUPLICATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.INPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.MOUNT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.OUTPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.VSAM.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVSADMIN.WLM.POLICY CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.EDG.MASTER CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.EDG.VRS CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVSADMIN.XCF.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.ADR.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.EDG.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.IDC.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.IGG.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

SETROPTS RACLIST(FACILITY) REFRESH

OSHELL mkdir /u/%LCUSERID%

OSHELL chown %LCUSERID%:user /u/%LCUSERID%

ALTUSER %USERID% PASSWORD(%PASSWORD%) RESUME

ALTUSER %USERID% NOSPECIAL NOOPERATION NOGRPACC

//* END OF ADDUSER JCL

Finding the z/OS Sysname in CICS

Looking in SYS1.MACLIB(CVT), we see that z/OS has a control block called the CVT (Communications Vector Table) that contains the sysname 340 bytes into it. In the comments at the top of that member, we learn that there is a pointer to the CVT in the PSA (Prefixed Save Area) x’10′ bytes into it. The PSA is easy to find – it is at address 0. So, armed with this info, I wrote the sample code below, which you are welcome to use or incorporate into your own project. If you use this code, just define a PPT for it (if you do not use autoinstall for programs) and point a tranid to the program.

IDENTIFICATION DIVISION.
PROGRAM-ID. CVTTEST.

ENVIRONMENT DIVISION.
DATA DIVISION.
WORKING-STORAGE SECTION.

01 WS-PSA-POINTER.
10 PSA-PTR-PIC9 PIC S9(8) COMP-5 VALUE 0.
10 PSA-PTR REDEFINES PSA-PTR-PIC9 POINTER.

01 SEND-AREA.
10 FILLER PIC X(1) VALUE SPACE.
10 FILLER PIC X(11) VALUE 'CVTSNAME = '.
10 SA-CVTSNAME PIC X(8) VALUE SPACES.

LINKAGE SECTION.

01 PSA.
10 FILLER PIC X(16).
10 CVT-PTR POINTER.

01 CVT.
10 FILLER PIC X(340).
10 CVTSNAME PIC X(8).

EJECT

PROCEDURE DIVISION.

100-MAINLINE.

SET ADDRESS OF PSA TO PSA-PTR.
SET ADDRESS OF CVT TO CVT-PTR.

MOVE CVTSNAME TO SA-CVTSNAME.

EXEC CICS SEND FROM(SEND-AREA)
LENGTH(LENGTH OF SEND-AREA)
END-EXEC.

999-RETURN.

EXEC CICS RETURN
END-EXEC.

GOBACK.

CALL or LINK?

It’s an old question … In my CICS program, should I invoke a subprogram using a standard COBOL CALL, or should I use the EXEC CICS LINK API?

The traditional answer was, “LINK is easier to debug, CALL is more efficient.” However, there have been some changes in the CICS environment in recent years that blur the efficiency line and add other variables to consider.

The reason that LINK was considered easier to debug is that CALLs are “invisible” to CICS – you won’t see the transfer take place if using CEDF to debug. However, modern debug tools (e.g., Xpediter) have no problems showing CALLs, and virtually all shops use such a tool these days. So, if CALLs are more efficient and there is no debugging advantage to LINK, why use the CICS API?

The biggest advantage is probably the fact that using LINK can send control over to another CICS region. Since CICS has minimal involvement with a CALL, the processing stays in the same region; use LINK, and the program could be invoked in the same region, or it may be statically or dynamically routed to another region. If the program has special resource needs that are best served (or only served) in a particular region, statically route its execution to that region; if load balancing, let WLM route it to the least busy region. In my mind, those are huge. Other advantages include the fact that when using LINK, CICS will handle DATALOCATION (any/below) and EXECKEY (user/CICS) differences, and it will handle mode switches between THREADSAFE/QUASIRENT CONCURRENCY and OPENAPI/CICSAPI.

Another consideration that used to exist was that more than 32K could be passed in a CALL, but COMMAREA used to pass data in a LINK have that limit. However, use of CHANNELS and CONTAINERS overcome this limitation starting in CICS/TS 3.1.

My general rule of thumb is this … If invoking a subprogram that does not do “CICS stuff” (i.e., has no EXEC CICS statements), the same subprogram could easily be called from batch, so use a COBOL CALL so that the interfaces are consistent. If it does “CICS stuff”, then use LINK. But that’s just a rule of thumb – if efficiency concerns override the advantages of using LINK, then it’s perfectly fine to CALL a program that has “CICS stuff” in. If there are issues with CONCURRENCY or other items mentioned above, using LINK to invoke a program with no “CICS stuff” is perfectly fine, too. Use the tool that is best fitted for the situation.

CICS Access to RACF

CICS doesn’t supply much access directly to RACF info via the API. But there is a supported way to obtain a lot of RACF information about the current user. And it can be done in COBOL.

EXEC CICS ADDRESS ACEE will provide access to the RACF ACEE control block. (ACEE stands for Access Control Environment Element. Maybe it will come up in a trivia question some day. Probably not. The important thing to know is that it is a block of storage containing RACF information which can be addressed from application programs.) From there, it is possible to easily obtain the user’s primary RACF group and the user’s name (as it is recorded in RACF).

The layout of the ACEE control block is documented in SYS1.MACLIB(IHAACEE). Unfortunately, there is not a COBOL copybook provided, so to access this information in a COBOL program, we have to code our own storage definitions. The following are based on SYS1.MACLIB(IHAACEE):
01 ACEE.
05 FILLER PIC X(021).
05 ACEEUSRI PIC X(008).
05 FILLER PIC X(001).
05 ACEEGRPN PIC X(008).
05 FILLER PIC X(062).
05 ACEEUNAM-POINTER USAGE IS POINTER.
01 ACEE-USER-NAME.
05 FILLER PIC X(001).
05 ACEEUNAM PIC X(020).
And we need a piece of miscellaneous working storage to hold a pointer:
77 WS-ACEE-ADDR-POINTER USAGE IS POINTER.
Now, if we execute the following, we’ll have the address of the ACEE control block in that pointer:
EXEC CICS
ADDRESS ACEE (WS-ACEE-ADDR-POINTER)
END-EXEC.

And then the following commands will make the RACF information addressable by our storage definitions:
SET ADDRESS OF ACEE TO WS-ACEE-ADDR-POINTER.
SET ADDRESS OF ACEE-USER-NAME TO ACEEUNAM-POINTER.

Now we have the user’s RACF id in ACEEUSRI, the user’s primary RACF group in ACEEGRPN, and the user’s name in ACEEUNAM. Very simple – just a matter of knowing how to address the information.

In a future post, I’ll continue this and see how we can obtain all of the RACF groups to which the user’s RACF id is connected.

How to know the list of RACF profiles

(1) You can run program IRRDBU00 against the RACF database which unloads it into a sequential dataset.

Code:

//STEP010 EXEC PGM=IRRDBU00,REGION=48M,PARM=NOLOCKINPUT

//SYSPRINT DD SYSOUT=*

//INDD1 DD DISP=SHR,

// DSN=SYS1.RACFDS

//OUTDD DD DSN=IBMUSER.SYS1.RACFDS.DUMP,

// DISP=(NEW,CATLG,DELETE),

// UNIT=SYSDA,SPACE=(CYL,(20,5),RLSE),

// DCB=(RECFM=VB,LRECL=4096,BLKSIZE=20480)

(2) The output file will contain a variety of record types. The 0404 will contain dataset profiles with the RACF groups or RACF users that can reference them:

Code:

//ST0404 EXEC PGM=SORT

//SORTIN DD DSN=IBMUSER.SYS1.RACFDS.DUMP,DISP=SHR

//SORTOUT DD DSN=IBMUSER.SYS1.RACFDS.DUMP.C404DSPA,

// DISP=(NEW,CATLG,DELETE),

// UNIT=SYSDA,SPACE=(TRK,(15,15),RLSE),

// DCB=(RECFM=VB,LRECL=4096,BLKSIZE=20480)

//SYSOUT DD SYSOUT=*

//SYSIN DD *

SORT FIELDS=COPY

INCLUDE COND=(5,4,CH,EQ,C'0404')

/*

Free z/OS mainframe system on Internet

(1) The TSO userid, which also has many other access on Dechi System mainframe (CICS, DB2, MQ, etc), can be registered at following self-service page:

http://zos.efglobe.com/cgi-bin/mainframe/mainuser

(2) Connect to DeZhi Mainframe system via TN3270 clinet (fandezhi.efglobe.com 23):

(3) Logon to TSO

Some RACF command examples

Allow Access to a RACF Resource

PERMIT profile-name ACCESS(access-type) CLASS(class-name) ID(userid)
Find all DSNs for a Profile

LD DA(‘profile’) ALL DSNS
Find all Profiles for a User

LD ID(userid)
List Profile Information (even if Generic exists)

LD DA(‘dsname’) GENERIC
List Group Information

LG group-name DFP
List User attributes

LU (user1,user2,user3) DFP TSO
Change a User Password

PW PASSWORD(current new) USER(userid)
ALU userid PASSWORD(new)
Reset a User Password to Default Group

PW USER(userid)
Delete Access to a Tape Volume

PERMIT tapevolser CLASS(TAPEVOL) USER(userid) DELETE
Add a Generic Profile

ADDSD ‘hlq.qual2.*’ UACC(access-type)
Restrict use of a Storage Class

SETROPTS CLASSACT(STORCLAS) RACLIST(STORCLAS)

RDEFINE STORCLASS storclas-name UACC(NONE)

PERMIT storclas-name CLASS(STORCLAS) ID(userID) ACCESS(READ)

SETROPTS REFRESH RACLIST(STORCLAS)

List a resource e.g. for CICS

RL TCICSTRN (*) ALLUSERS

Notes on deleting orphaned VSAM components

If the data or index component of a VSAM cluster become permanently disassociated with a catalog entry one of the options available is to fool the VTOC into thinking the components are "regular" datasets so that they can be deleted or renamed.
(It may well be preferable to try by other means to get the components re-cataloged officially.)
Is the dataset in use?
D GRS,RES=(SYSDSN,TSTB.TRAN.FILE0)
Firstly we need to find the CCHHR address on the disk for each component (Note the use of 3380 or 3390 as the unit name.)
//STEP1 EXEC PGM=IEHLIST
//SYSPRINT DD SYSOUT=*
//DD1 DD UNIT=3380,VOL=SER=LRIP90,DISP=SHR
//SYSIN DD *
LISTVTOC DUMP,VOL=3380=LRIP90,DSNAME=(TSTB.TRAN.FILE0.DATA)
LISTVTOC DUMP,VOL=3380=LRIP90,DSNAME=(TSTB.TRAN.FILE1.DATA)
/*
At the bottom right of each entry is the CCHHR address e.g. 0000000104. Use this in the zap job below. The plan is to fool the system into thinking this is not a VSAM dataset.

(See DFSMSdfp Advanced Services manual (or equivalent) for details of the bit settings in the DSCBs.)
//PATCH1 EXEC PGM=AMASPZAP
//SYSPRINT DD SYSOUT=*
//SYSLIB DD DSN=FORMAT4.DSCB,UNIT=SYSDA,VOL=SER=LRIP90,DISP=SHR
//SYSIN DD *
CCHHR 0000000104
VER 53 08C08010
REP 53 00C08010
VER 5D 12
REP 5D 00
/*
Now we should be able to manipulate the dataset using IEHPROGM.
//DELETE EXEC PGM=IEHPROGM
//SYSPRINT DD SYSOUT=*
//DD1 DD UNIT=3380,VOL=SER=LRIP90,DISP=SHR
//SYSIN DD *
SCRATCH DSNAME=TSTB.TRAN.FILE0.DATA,VOL=3380=LRIP90,PURGE
/*http://knowledge.storage.ibm.com is a useful mine of VSAM dataset and catalog recovery information. There are also utilities to help in the repair of a VVDS etc.