When CPFing between TSS r15 and r16 using AES 256 password encryption:
If you are going to enable Control Option AESENC(256) in a phased implementation (with other LPARs) and leverage CPF, you should apply TSS r16 fix RO90186 to resolve the following:
When a user changes their password at sign-on on a remote system and CPF is leveraged to send the password change to the other system running with the AESENC(256) security file, the password change will fail with a password verification error.
An administrative CA Top Secret replace command can be issued to change the password. After the password is demonstratively updated on the AESENC(256) file, all subsequent changes from CPF will work.