CA Bundl logon fails when using RACF

Document ID : KB000006226
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

A site uses RACF as their external security package.

A users attempt at logging on to CA Bundl fails due to an OPEN error on the CA Bundl DPMFBSF file.

You review the logs for any RACF messages to see if RACF detected any unauthorized requests, but do not find any ICH408I messages.

The only messages that you can find that indicate an error occurred are the following CA Bundl and CA LSERV errors:

 

BND7002E DPMFBSF  I/O Funct: OPEN  Descr: NO ERROR DESCRIPTION      

BND7003E DPMFBSF  FBKWD: 00000008  Rec:              

LDM0528E FILE SERVER NOT AVAILABLE - TRY AGAIN LATER

Cause:

The CA Bundl issued BND7002E and BND7003E messages as well as the CA LSERV issued LDM0528E message can occur for a number of different reasons.

However, when a combination of the specific errors shown in this knowledge document are received as part of a failed logon attempt to CA Bundl at a site using RACF, the cause of the problem is likely either a RACF authorization problem. Or, a problem with the CA LSERV task's ability to read/ready the CA Bundl DPMFBSF VSAM file. 

 

Resolution:

The actual resolution to this problem scenario may vary depending on a clients specific circumstance for receiving these errors. However, addressing one or more of the following action items will likely resolve the problem.

 

Talk to your sites RACF Administrator and make sure that the USERID being used to access CA Bundl has been defined with "CONTROL" access authority. Control access authority is required in order for a user to be able to logon to CA Bundl.

 

Recycle the CA LSERV started task that services the CA Bundl files that you are trying to access. Ensure that upon restarting the CA LSERV task, that you receive both a "LDM0090I - ADDFILE DPMFBSF" and a "LDM0503I - DPMFBSF successfully added" message which confirms that the CA LSERV task should have access to, and be able to open the CA Bundl DPMFBSF file.

 

If you have confirmed that the appropriate CA LSERV task is active and that it has successfully added the DPMFBSF file, but you are still receiving the errors, check the SSN$ and DDN$ value specifications associated to the CA Bundl function you are trying to perform. If attempting LOGON, check your logon CLIST, CICS or VTAM configurations. The value for the SSN$ specification MUST match the 4 character active CA LSERV tasks SSNAME=nnnn value. And the value for the DDN$ specification must match the 4 character prefix of the CA Bundl VSAM files you are trying to access.