SEAD, SEFD, or other SExx abend at startup of a CA IDMS Central Version (CV)

Document ID : KB000013495
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

After an install/upgrade, or a change to the IDMS SVC for any other reason,  CV may abend at startup with abend code SEAD, SEFD, or other abend in the form SExx, where xx is the hex representation of the SVC number being used by the IDMS CV. This document describes the ways to resolve that. 

Answer:

Abends in the format SExx, where xx is the hexidecimal representation of an SVC number, indicate a problem with the security for that SVC.

There are several reasons a CV Startup may get this abend.

The most common reason is related to the CVKEY parameter specified in the #SVCOPT macro which is used to specify the options for the IDMS SVC and is link edited with the SVC load module. (See INSTALLATION AND MAINTENANCE z/OS section entitled "Creating a Secured CA IDMS System on z/OS".)

Prior to IDMS version 17.0 this parameter could be omitted. The default was an "unsecured" SVC. As of 17.0 you must specify a value for CVKEY (see 17.0 RELEASE SUMMARY section "SVC Enhancements" for details). Specifying CVKEY=* results in the unsecured SVC.

If you specify a number for CVKEY then the IDMS CV job must run in that Primary Protect Key.

The Startup module must be defined to the z/OS PPT to run in the Key specified in the CVKEY parameter, AND the STEPLIB in the Startup JCL must be APF authorized. (If you include more than one loadlib in your CV Startup STEPLIB, they must ALL be APF authorized, although there is not a good reason why there should ever be more than one loadlib in STEPLIB.)

Other reasons you can get SExx during IDMS CV Startup:

  1. Another parameter of the #SVCOPT macro is AUTHREQ=YES/NO (default is NO). If AUTHREQ=YES is specified, all Central Version Startup modules must reside in an authorized library and must be linked as authorized, that is, with SETCODE AC(1).

  2. This one happens at the time of SECURITY SYSTEM INITIALIZATION. Prior to IDMS version 15.0 when you ran CAIRIM to install the IDMS CV, our GJnnINIT module would also load the CA Common Services External Security interface CAS9SEC. As of 15.0 this is no longer done.

    The PARMLIB input to CAIRIM that runs as part of the CAS9 proc at IPL time must include a statement that will init the CCS External Security interface.

    The following statement reflects the version that is current as of the writing of this document:

    PRODUCT(CA-SECURITY/INIT) VERSION(S910) INIT(S910INIT)

  3. Also during SECURITY SYSTEM INITIALIZATION, if module RHDCSSFM has not been loaded into LPA you can get this abend.

    During Install/Upgrade Configuration, an APFLIB PDS is created into which we link the SVC module (IGCnnn), GJnnINIT, RHDCSSFM and IDMSMSVA. All of these modules must be in the Authorized lib in the CAIRIM job that installs the SVC.

    NOTE: Most often, the SVC number selected for the IDMS SVC is 172, 173, 174, or a number between 200 and 255. So that this document may be found during search, here the possible abend codes:

    SEAC SEAD SEAE SEAF SEC8 SEC9 SECA SECB SECC SECD SECE SECF SED0 SED1 SED2 SED3 SED4 SED5 SED6 SED7 SED8 SED9 SEDA SEDB SEDC SEDD SEDE SEDF SEE0 SEE1 SEE2 SEE3 SEE4 SEE5 SEE6 SEE7 SEE8 SEE9 SEEA SEEB SEEC SEED SEEE SEEF SEF0 SEF1 SEF2 SEF3 SEF4 SEF5 SEF6 SEF7 SEF8 SEF9 SEFA SEFB SEFC SEFD SEFE SEFF