Can't logon using VM/Pass-through Facility.

Document ID : KB000029514
Last Modified Date : 14/02/2018
Show Technical Document Details

Due to the addition of the node parameter to the LOGON rules for Single System Image support, it was necessary to change the logic to enforce LOGON rule comparison by terminal type as well as address.

Prior to VM:Secure 3.0, a rule such as, ACCEPT * LOGON, would allow all terminal addresses to logon to the system regardless of the type of terminal that was requesting the connection. 

Starting with VM:Secure 3.0, you must now specify the terminal type in LOGON rules. To get the same outcome as you did with prior releases with an ACCEPT * LOGON rule or a similar REJECT rule, you must define the rule for each terminal type you will have logging into your system. 

For instance, if you have the capability of all terminal types logging into your system you would specify the following rules that will be the equivalent of the ACCEPT * LOGON rule in previous releases:

 

 ACCEPT * LOGON                  * for logons from real addresses

 ACCEPT * LOGON (IPADDR     * for logons from IPV4 or IPV6 addresses

 ACCEPT * LOGON (LDEV        * for logons from logical devices

 ACCEPT * LOGON (NETID       * for logons from network IDs

 

Not specifying terminal address types for LOGON rules can result in HCPLGA050E Invalid Password errors when NORULE REJECT is configured or unexpected results regardless of the NORULE configuration setting.  Make sure all LOGON related rules are updated to include a rule for each terminal address type that can connect to your system. 

Please refer to the VM:Secure for z/VM 3.1 Rules Facility guide for more information on the LOGON rule.