Signon Password Changes May Fail on Remote LPARs Running AES256 Password Encryption.

Document ID : KB000045316
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Password changes from CPF fails with the following Top Secret message:   


TSS0422E PASSWORD VERIFICATION FAILED ON REMOTE NODE  

Clients that are currently running with AES(128) set, then enable Control Option AESENC(256) in a phased implementation (with other LPARs) and leverage CPF, are susceptible to the following problem:                 
                                                                        
When a user changes their password at sign-on on a remote system and CPF is leveraged to send the password change to the other system running with the AESENC(256) security file, the password change will fail with a password verification error.                                            
                                                                        
An administrative CA Top Secret replace command can be issued to change the password. After the password is administratively updated on the AESENC(256) file, all subsequent changes from CPF will work.             
                                                                         
                                                             
Answer:

Please contact support. A solution is currently being developed.

Use the TSS REPL(u) PASSWORD(x) command to change the password can be used as a workaround until a fix is developed.