CAMASTER may receive an S913-3C at initialization when attempting to open SYS1.PARMLIB.

Document ID : KB000019279
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

With CA Common Services r14.1 on systems running CA Top Secret, the CAMASTER address space may receive a S913-3C abend at initialization during an IPL. The CA MASTER address space and Top Secret will successfully initialize but an SVC dump is taken.

You may see messages similar to the following in the SYSLOG:


CAMS100I CAMASTER INITIALIZATION IN PROGRESS
CAHC302I CA Health Checker r14.1 services are available
IEF761I MSTJCLN5 IEFPARM CAMSPLIB CAMASTE DD IS ALREADY ALLOCATED AND WILL BE USED BY THIS TASK.
IEC150I 913-3C,IFG0194E,MSTJCLN5,,IEFPARM,113E,N5LB0B,SYS1.PARMLIB
IEF170I 1 CAMASTER IEC150I 913-3C,IFG0194E,MSTJCLN5,,IEFPARM,113E,N5LB
CAMS403E Parmlib OPEN error, Return Code: X'00000028' Reason Code: X'00020010'
IEA045I AN SVC DUMP HAS STARTED AT TIME=hh.mm.ss DATE=mm/dd/yyyy FOR ASID (xxxx)  

Solution:

The failures are due to a discrete RACF protection bit being set. The RACF bit was a way of securing datasets at IPL time before an external security product initialized. The RACF bit was a requirement in the older MVS/SP levels however, this requirement was lifted with MVS/XA. CA Top Secret now has an SAF component that is started very early in the IPL, so the RACF bit is not needed. Once the external security system is up, security is operational and the RACF bit is not checked.

Use a CA-Top Secret Utility named TSSPROT to turn off the RACF bit. This utility is discussed in the TSS Report and Tracking Guide.

The following is a sample TSSPROT job stream to first check to see if the bit is on followed by a separate job to turn it off.


//TSSPROT    JOB ... ... ... ... ... ..
//******************************************************************
//*  CA TOP SECRET SECURITY(TSS) TSSPROT (UN)SECURE UTILITY.
//*
//*  CUSTOMIZE THIS JOB AS FOLLOWS:
//*
//*  .  INSERT A VALID JOBCARD(ABOVE).
//*
//*  .  TAILOR THE PROC STATEMENT AND TSSIN-DD TO MEET YOUR SITE
//*     STANDARDS.
//*
//*  REFER TO THE CA TOP SECRET REPORT & TRACKING GUIDE FOR
//*  FURTHER INFORMATION ON THE TSSPROT UTILITY PROGRAM.
//******************************************************************
//TSSPROT      PROC     PRINT='*'      /* SYSOUT O/P DESTINATION    */           
//TSSPROT      EXEC     PGM=TSSPROT          
//PROTOUT     DD        SYSOUT=&PRINT      
//PROTIN         DD        DDNAME=TSSIN
//                      PEND
//*         
//PROTECT      EXEC     TSSPROT 
//TSSIN           DD          *
PROTECT SIM DSNPRX(SYS1.PARMLIB)
/*

The 'SIM' on the input statement requests that no changes be made to the elected DSCBs and VSAM catalogs for testing or auditing purposes. When this option is specified, this operation will proceed but no processing is performed. A simulated report is generated.

If the RACF bit is set on SYS1.PARMLIB, you will see something like this in the output:


PROCESSING VOLUME: xxxxxx                             SYS1.PARMLIB  PROTECTED
where 'xxxxxx' is the volume.

If SYS1.PARMLIB found to be protected, run the same JCL as above but change the TSSIN control card to the following:


//TSSIN           DD          *
UNPROTECT DSNPRX(SYS1.PARMLIB)
/*

Afterwards it is suggested that you rerun the original JCL to ensure that the protection has been removed from SYS1.PARMLIB to eliminate the S913-3C abend at the next IPL.