Would the use of the TSSCPLT program in CICS at initialization have caught the CICSREL ENF parm?

Document ID : KB000053517
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The client had an issue with an invalid CICSREL ENF parm in his ENFPARM member.
The ENFPARM member was incorrectly updated with the following CICSREL parm: CICSREL=(65.66) instead of: CICSREL(65.66)

Despite the invalid CICSREL ENF parm, the CICS region successfully initialized and gave the standard message:
DFHSI1517 <applid> Control is being given to CICS.

However, security errors subsequently ensued for several transactions that ran under the CICS default logonid.

We realize that the security errors were due to the invalid CICSREL ENF parm.

His question is...would the use of the TSSCPLT program in CICS at initialization have caught the CICSREL ENF parm discrepancy earlier and not allowed the CICS region to initialize by abending the region with a U1800 abend?

Solution:

To answer your question, Yes, TSSCPLT would have issued the TSS6161E message indicating that there was a problem and cancelled the CICS region with a U1800 abend.

We tested, and when we had the same situation the client had with regards to the CICSREL parm not being coded correctly, and with the TSSCPLT member in place in the CICS region, we got the TSS6161E message, with a RC=08. Which indicates the following:

The initialization in process flag in the KPGA is still on, indicating the CA Top Secret CICS initialization failed to complete.

Once we resolved the issue with the CICSREL parm for ENF and restarted the CICS region, everything initialized properly, and we got the TSS6160I message indicating Top-Secret initialization was VALID.