An abnormal end (abend) or program check has occurred in module modname. This implies that there may be an error in the CICS code. Alternatively, unexpected data has been input, or storage has been overwritten.
The code aaa/bbbb is a 3-digit hexadecimal MVS code (if applicable), followed by a 4-digit alphanumeric CICS code. The MVS code is a system completion code (for example, 0C1 or D37). If an MVS code is not applicable, this field is filled with three hyphens. The CICS code is an abend code or a number referring to a CICS message (for example, AKEA is a CICS abend code; 1310 refers to message DFHTS1310).
An exception entry is made in the trace table. A system dump is taken, unless you have specifically suppressed dumps in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate. If appropriate, an error return code is sent to the caller of this domain. In this case CICS could be terminated by the caller ( for example, the domain manager, DFHDMDM). A message is issued to this effect.
Message DFHME0116 is normally produced containing the symptom string for this problem.
Notify the system programmer. If CICS is still running, it is necessary to decide whether to terminate CICS.
Look up the MVS code, if there is one, in the relevant MVS codes manual.
Next, look up the CICS alphanumeric code. This tells you, for example, whether the error was a program check, an abend, or a runaway, and may give you some guidance concerning user response.
If module modname is not crucial to the running of your
CICS system, you may decide to continue to run and bring CICS down
at a convenient time to resolve the problem.
If you cannot run without the full use of module modname you
should bring CICS down in a controlled shutdown.
You need further assistance from IBM to resolve this problem. See CICS® Problem Determination Guide for guidance on how to proceed.
Console
DFHSOCK
XMEOUT Parameters:
applid,
aaa/bbbb,
X'
offset',
modname
An error has been detected in module modname. The code X'code' is the exception trace point ID which uniquely identifies what the error is and where the error was detected.
An exception entry (code X'code' in the message) is made in the trace table. A system dump is taken, unless you have specifically suppressed dumps in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate. If appropriate, an error return code is sent to the caller of this domain. In this case, CICS could be terminated by the caller (for example, the domain manager, DFHDMDM). A message is issued to this effect.
If the exception entry made in the trace table has
a trace ID with a value of X'0425', message DFHKE0501 was issued by
the CICS Kernel earlier during CICS initialization.
Message DFHME0116 is normally produced containing the symptom string for this problem.
This indicates a possible error in CICS code. The severity of its impact depends on the importance of the function being executed at the time of the error.
If the exception entry made in the trace table has
a trace ID with a value of X'0425', further information can be found
in message DFHKE0501 issued by the CICS Kernel earlier during CICS
initialization.
CICS may not have been terminated. If the message occurs once and module modname is not crucial to the running of your CICS system, you may decide to continue to run and bring CICS down at a convenient time to resolve the problem.
If the message recurs or if you cannot run without the full use of module modname, you should bring CICS down in a controlled shutdown.
You need further assistance from IBM to resolve this problem. See CICS Problem Determination Guide for guidance on how to proceed.
Console
DFHSODM, DFHSOL, DFHSOCK, DFHSORD, DFHSOIS.
XMEOUT Parameters:
applid,
X'
code',
modname
A CICS function is taking more time to process than CICS expects. A possible loop has been detected in module modname at offset X'offset'. This is the offset of the instruction which happened to be executing at the time when the error was detected.
An exception entry is made in the trace table.
A system dump is taken unless you have specifically suppressed the dump (by a user exit program at the XDUREQ exit, in the dump table or by global system dump suppression). CICS processing continues unless you have specified in the dump table that CICS should terminate.
Message DFHME0116 is normally produced containing the symptom string for this problem.
If CICS has not been terminated, it is necessary to decide whether the problem is serious enough to bring CICS down.
Since some CICS functions can use a lot of CPU time, this message may have been caused by a long-running function, and there may not be an error. Usually, CICS purges a CICS function which exceeds the runaway task time interval that you have specified in the ICVR system initialization parameter. This means that execution of module modname is terminated and CICS continues.
If you have specified system initialization parameter ICVR=0 and you consider that module modname is looping, you must terminate CICS in order to terminate the runaway function.
If CICS has terminated module modname, and you consider that it was not a runaway, you should increase the value of the ICVR system initialization parameter. You have to close down CICS at a suitable time to do this permanently. You can change the ICVR time interval temporarily online using the CEMT transaction.
If raising the ICVR time does not solve the problem, you may need further assistance from IBM to resolve the problem. See CICS Problem Determination Guide for guidance on how to proceed.
Console
DFHSOCK, DFHSOSE
XMEOUT Parameters:
applid,
X'offset',
modname
This is an informational message indicating that sockets domain initialization has started.
System initialization continues.
None. The message can be suppressed with the system initialization parameter MSGLVL=0.
Console
DFHSODM
XMEOUT Parameter:
applid
This is an informational message indicating that sockets domain initialization has completed successfully.
System initialization continues.
None. The message can be suppressed with the system initialization parameter MSGLVL=0.
Console
DFHSODM
XMEOUT Parameter:
applid
An error has been detected in DFHSOLS. The error has been caused by a severe return code received from TCP/IP.
An exception entry X'code' is made in the trace table. No system dump is taken, unless you have specifically requested a dump in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate.
The TCPIPSERVICE tcpipservice on port portnumber at the specified IP address will be shutdown. When this is complete then message DFHSO0108 will be issued.
This error could have been returned if TCP/IP had been shutdown, for example. The exception trace entry will tell you which service routine was called and the return values that were returned. Refer to the OS/390 OpenEdition Messages and Codes book to determine the cause of the error.
The TCPIPSERVICE tcpipservice will be closed, and after the TCP/IP region has been restarted the closed TCPIPSERVICE should be reopened. At this point normal work can resume on the TCPIPSERVICE.
Console and Transient Data Queue CSOO
DFHSOLS
XMEOUT Parameters:
date,
time,
applid,
X'
code',
tcpipservice,
portnumber,
ipaddress
The ENCRYPTION=level system initialization parameter was specified, where level may be STRONG or NORMAL, but the necessary feature to implement it was not installed on your system.
Sockets Domain initialization fails, and CICS terminates.
If you wish to use STRONG encryption with the secure sockets layer, you must order and install the North American Secure Encryption feature. This OS/390 feature is only available in the United States of America and Canada.
If the feature is unavailable, you must specify ENCRYPTION=NORMAL, which is the default.
In France, you must specify ENCRYPTION=WEAK unless you have ordered and installed the standard encryption feature for OS/390, when you may specify ENCRYPTION=NORMAL.
Console Routecodes 2, 9, 10 and 11
DFHSODM
XMEOUT Parameters:
applid,
level
The program module pgmname, which is required to implement the secure sockets layer, could not be loaded.
If pgmname is GSKCMS, GSKSSL, or GSKX509, the System SSL component of OS/390 is not available in your release of OS/390, or it has not been installed properly. (This component is only available in OS/390 Version 2 Release 7 and later releases.)
System initialization continues, but support for the secure sockets layer is not enabled.
If this message is preceded by message DFHSO0103, try restarting CICS with ENCRYPTION=NORMAL.
If pgmname is GSKCMS, GSKSSL, or GSKX509, ensure that the System SSL library is available to CICS. For z/OS releases prior to Version 1 Release 6, this library is prefix.SGSKLOAD, where prefix is defined by the installation. For z/OS Version 1 Release 6 and later, this library is prefix.SIEALNKE, where prefix is defined by the installation. You should ensure that it is installed in the system linklist or referenced in the STEPLIB concatenation in the CICS JCL. If it is included in the CICS STEPLIB the library must be APF-authorized.
Console Routecodes 2, 9, 10 and 11
DFHSODM
XMEOUT Parameters:
applid,
pgmname
The ENCRYPTION=NORMAL system initialization parameter was specified, but the necessary feature to implement it was not installed on your system, and is not available to be ordered at your level of operating system.
The lower level of encryption corresponding to ENCRYPTION=WEAK is used instead.
None. The encryption support required for ENCRYPTION=NORMAL will be available in OS/390 Version 2 Release 8. With that level of operating system, the system initialization parameter will be honored and this message will not appear.
Console Routecodes 2, 9, 10 and 11
DFHSODM
XMEOUT Parameters:
applid,
level
An error has been detected in module modname. The code X'code' is the exception trace point ID which uniquely identifies what the error is and where the error was detected.
An exception entry (code X'code' in the message) is made in the trace table. A system dump is taken, unless you have specifically suppressed dumps in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate. If appropriate, an error return code is sent to the caller of this domain. In this case, CICS could be terminated by the caller (for example, the domain manager, DFHDMDM). A message is issued to this effect.
Message DFHME0116 is normally produced containing the symptom string for this problem.
This indicates a possible error in CICS code or the called Assembler Callable Service routine. The exception trace entry will tell you which service routine was called and the return values that were returned. Refer to the OS/390 OpenEdition Messages and Codes book to determine the cause of the error. The severity of its impact depends on the importance of the function being executed at the time of the error.
CICS may not have been terminated. If the message occurs once and module modname is not crucial to the running of your CICS system, you may decide to continue to run and bring CICS down at a convenient time to resolve the problem.
If the message recurs or if you cannot run without the full use of module modname, you should bring CICS down in a controlled shutdown.
Console and Transient Data Queue CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
X'
code',
modname
The TCPIPSERVICE tcpipservice has been opened on port portnumber at the IP address specified.
CICS continues.
None.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
tcpipservice,
portnumber,
ipaddress
The TCPIPSERVICE tcpipservice on port portnumber on the specified IP address has been closed.
CICS continues.
None.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
tcpipservice,
portnumber,
ipaddress
This message is issued when the open of a TCPIPSERVICE cannot be completed. The port number specified is already in use in combination with the IP address. By default, TCP/IP only allows one server to be listening on a port at any one time.
Specifically, this message is issued when the TCP/IP bind call fails with a return code of EADDRINUSE.
The TCPIPSERVICE does not open, but remains closed. An exception trace entry is written detailing the return values from the TCP/IP bind call. An application using the EXEC API to set the TCPIPSERVICE open receives an RESP(INVREQ) RESP2(9).
Check that there are no other TCPIPSERVICES open using the same port number and IP address as the failing one. If there is another TCPIPSERVICE open using the port, it must be closed before the new one can be opened.
If no TCPIPSERVICES are using the requested port, there may be another OS/390 application acting as a TCP/IP server already listening on the port. For example, the Lotus Go for OS/390 web server may be installed and running on port 80 on the same TCP/IP stack as CICS. Attempting to open a TCPIPSERVICE on port 80 will fail. Use the TSO command NETSTAT to display TCP/IP servers on the system. Choose an unused port for the TCPIPSERVICE.
If your OS/390 system has more than one TCP/IP stack you may specify another stack's IP address on the TCPIPSERVICE definition. This will allow you to install multiple TCPIPSERVICES each using the same port number. You may also configure support in TCP/IP for virtual IP addresses on a single system. This will also allow more than one TCPIPSERVICE to share the same port.
Finally, TCP/IP for OS/390 can be configured with port sharing. This allows multiple servers (TCPIPSERVICES) to use the same port with TCP/IP using load balancing to direct incoming connections to the set of servers on the port. With this enabled, multiple TCPIPSERVICES can each be opened on the same IP address with the same port.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
tcpipservice,
portnumber,
ipaddress
Opening the TCPIPSERVICE has failed because the IP address specified on the definition is not known to TCP/IP.
This message is issued when the TCP/IP bind call fails with the return value of EADDRNOTAVAIL.
The IP address must be a valid address known to TCP/IP. It is possible
to configure multiple TCP/IP stacks for a single OS/390 system, or
to have virtual IP addresses on a single stack. If the system only
has one IP address then the IP address field of the TCPIPSERVICE definition
can be left blank, or specified as ANY. This causes the
bind to use the default IP address for the system.
To use an
alternative, a valid address must be specified.
Check that the address specified on the TCPIPSERVICE definition is known to TCPIP on the system. If it is not, then consult the OS/390 TCP/IP OpenEdition: Configuration Guide for information on defining IP address.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
tcpipservice,
ipaddress
Opening the TCPIPSERVICE has failed because the jobname of the region is not authorized to use the port number specified.
Binding to port numbers below 1024 requires TCP/IP configuration directives specifying the CICS jobname to TCP/IP and associating it with the specified port. This may also be done for ports greater than 1024, thus a CICS region may also fail to open a port greater than 1024 if the port has been associated with another job.
This message is issued when the TCP/IP bind call fails with a return value of EPERM.
The TCPIPSERVICE is not opened. If an application has used the EXEC API to open the TCPIPSERVICE, it receives RESP(INVREQ) RESP2(3) values.
The CICS region's jobname must be authorized to open the specified port. Consult the OS/390 TCP/IP OpenEdition: Configuration Guide for details on how to do this.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
tcpipservice,
portnumber
Opening the TCPIPSERVICE has failed because TCPIP is currently not open. Either TCPIP=NO has been specified in the SIT or TCPIP has been dynamically closed using CEMT or an SPI command.
The TCPIPSERVICE is not opened. If an application has used the EXEC API to open the TCPIPSERVICE, it receives RESP(INVREQ) RESP2(4) values.
Open TCPIP and re-open the TCPIPSERVICE.
CSOO
DFHSORD
XMEOUT Parameters:
date,
time,
applid,
tcpipservice
CICS has issued the TCP/IP function gethostbyaddr to resolve the IP address ip_address to a host name, but the call failed.
An exception trace entry is made. CICS will continue to attempt to access the name server for subsequent requests.
The gethostbyaddr function will usually perform a name server reverse lookup to resolve the IP address into a host name. This can fail if CICS is unable to contact a name server, or the name server does not know the correct host name to IP address mapping.
Check that the name server defined to TCP/IP in the /etc/resolv.conf file is valid and responding correctly. You can issue the TSO NSLOOKUP command to query the name server. If a SYSTCPD DD name has been defined in the CICS job, check that the file it references correctly defines the name server. If the name server is defined correctly to CICS then contact the administrator to determine why the IP address lookup has failed.
Console
DFHSOIS
Console
XMEOUT Parameters:
applid,
ip_address
The TCP/IP listener task has received a connection from a client but the attach for the transaction associated with the TCPIPSERVICE definition has failed. The associated transaction may not have been installed or the TCPIPSERVICE definition could have specified the wrong transaction.
The TCPIPSERVICE that is defined on the port that the connection arrived on is closed. The socket accepted for the client is closed.
Determine why the attach for the transaction has failed. Correct the error and re-open the TCPIPSERVICE.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
transaction,
tcpipservice
The group name has been registered with Work Load Manager for Domain Name Service (DNS) connection optimization. This occurs when a TCPIPSERVICE is opened where its name begins with the character 'D'. The new generic TCP/IP host name becomes available for clients to use to access the CICS system, and any others that have registered with the named group name.
CICS has issued the Work Load Manager macro IWMSRSRG to register the specified group name for DNS connection optimization. This only occurs when the name of the TCPIPSERVICE begins with a 'D'. Work Load manager registration only occurs once for a given group name. If multiple TCPIPSERVICES define the same group name, then registration will only occur once.
The group name registered is taken from a combination of part of the name of the TCPIPSERVICE and the transaction defined for the TCPIPSERVICE. Any characters of the name following a dot '.' are concatenated with the transaction identifier to form the group name. For example, a TCPIPSERVICE has the name D1.CICS and is defined with the transaction IIOP (the IIOP transaction being an alias of the CICS-supplied CIRR transaction). The group name generated is 'CICSIIOP'. If the TCPIPSERVICE name does not contain a dot, then only the transaction identifier is used. For example, a TCPIPSERVICE with a name of 'DYNWEB' and a transaction of WWW will generate a registration for the group 'WWW'.
The group name registered effectively becomes a new name in the sysplex TCP/IP domain. When multiple CICS systems in a sysplex each register with the same group name, the DNS server uses Work Load Manager to resolve the group name into one of the IP addresses of the associated systems. The IP address returned is that of the system that is most eligible according to Work Load Manager's load balancing rules. For example, two OS/390 systems in a sysplex are mvs1.plex.hursley.ibm.com and mvs2.plex.hursley.ibm.com; and on each system, CICS registers with the group name cicsiiop. The new name cicsiiop.plex.hursley.ibm.com is dynamically added to the DNS name server's tables. Client TCP/IP applications can use this name instead of the name of one of the specific OS/390 images. When a client resolves the name to an IP address using the DNS, it will get the IP address of the most eligible system. Since the DNS dynamically knows when systems register and deregister, additional CICS systems can be registered as required to expand the list of available IP addresses returned for a group name. If a system fails, its IP address will be removed from the DNS server's list of associated addresses for any groups with which it was registered.
No user action is necessary.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
groupname,
genericname
The group name has been deregistered from Work Load Manager. This CICS system will no longer participate in connection optimization in the group specified. This occurs when a TCPIPSERVICE is closed where its name begins with a 'D'.
The Work Load Manager IWMSRDRS call is made to deregister the group name. This will remove the IP address of the system from the DNS server's table associated with the group name.
If more than one open TCPIPSERVICE share the same group name, then the WLM deregistration only occurs when the last one is closed.
Check the availability of the name server.
CSOO
DFHSOCK
XMEOUT Parameters:
date,
time,
applid,
groupname
OpenEdition has returned a non-zero return code/reason code to a gethostname call during Listener initialization or has returned a blank hostname.
Listener initialization continues.
Determine the reason for the gethostname failure. The return code and reason code included in the message text are described in the z/OS UNIX System Services Messages and Codes manual.
Console
DFHSOLS
XMEOUT Parameters:
applid,
X'retcode',
X'
rc
'
CICS has issued the TCP/IP function gethostbyaddr to resolve the IP address ip_address to a host name. This call took greater than three seconds during which time the sockets TCB was blocked. During this time no socket IO was possible.
CICS continues.
The gethostbyaddr function will usually perform a name server reverse lookup to resolve the IP address into a host name. This call took over three seconds to complete. The gethostbyaddr function is most commonly driven by EXEC CICS EXTRACT TCPIP CLIENTNAME.
Check that the name server defined to TCP/IP in the /etc/resolv.conf file is valid and responding correctly. You can issue the TSO NSLOOKUP command to query the name server. If a SYSTCPD DD name has been defined in the CICS job, check that the file it references correctly defines the name server. If the name server is defined correctly to CICS then contact the administrator to determine why the IP address lookup failed to respond in a timely fashion. The TCP/IP RESOLVERTIMEOUT parameter can be used to control the duration of a gethostbyaddr call.
Console
DFHSOIS
XMEOUT Parameters:applid, ip_address
During activation of a TCPIPSERVICE, the Sockets Domain was unable to locate a TCP/IP hostname. Without a hostname, CICS cannot obtain the information necessary for registration with WLM DDNS.
TCPIPSERVICE activation continues, but this service is not registered with WLM DDNS.
Determine why no hostname was returned. Message DFHSO0113 may have preceded this message. Once the problem has been rectified, re-install the TCPIPSERVICE.
Console
DFHSOLS
XMEOUT Parameters:
applid,
servicename,
hostname
The specified number (numtcbs) of TCBs have been attached and initialized to perform Secure Sockets Layer processing for CICS.
CICS can handle numtcbs simultaneous SSL sessions.
None.
Console Routecodes 2 and 10
DFHSOSE
XMEOUT Parameters:
applid,
numtcbs
CICS requires at least one TCB to be successfully initialized to handle the TCP/IP Secure Sockets Layer, but it has been unable to initialize any.
CICS cannot handle any SSL sessions, so attempts to open TCPIPSERVICEs which specify SSL(YES) or SSL(CLIENTAUTH) will fail.
The REGION size of the CICS address-space is probably too small to allow CICS Secure Sockets Layer to be initialized. Restart CICS with a larger REGION size. None.
Console Routecodes 2 and 10
DFHSOSE
XMEOUT Parameter:
applid
An Secure Sockets Layer connection from a client with address ipaddr was received on TCPIPSERVICE(service), but there were no available TCBs to process the request.
The socket for the connection is closed. No message is sent to the client because the client expects the response to be encrypted by SSL, but SSL services cannot be provided.
If this message occurs frequently, consider raising the value of the MAXSSLTCBS system initialization parameter.
CSOO
DFHSOSE
XMEOUT Parameters:
date,
time,
applid,
ipaddr,
service
A non-zero return code rc was received from the specified
function of the z/OS
System SSL service. A brief
interpretation of the return code is shown. The service was processing
a connection
with a partner
at IP address clientaddr to
TCPIPSERVICE tcpipservice.
The secure sockets operation is abandoned. A sockets domain severe error message, DFHSO0002, may be produced with error code X'080C'.
If this message is not accompanied by message DFHSO0002, the error
is probably due to some unexpected action by the connected partner
,
and this message is for information only. If this message is accompanied
by message DFHSO0002, the error is probably due to some sort of configuration
error. Use the description in the message to determine what is wrong.
For descriptions of the return code rc, see the z/OS System SSL Programming Guide,
SC24-5901-03
.
For further guidance see the CICS Internet Guide.
CSOO
DFHSOSE
XMEOUT Parameters:
date,
time,
applid,
rc,
{1=gsk_initialize,
2=gsk_get_cipher_info,
3=gsk_get_dn_by_label,
4=gsk_secure_soc_init,
5=gsk_secure_soc_read,
6=gsk_secure_soc_write,
7=gsk_secure_soc_close},
{0=Unrecognized
return code,
1=Key database not found,
2=Key
database access not authorized,
3=Invalid password
for key database,
4=Expired password for key database,
5=Stashed password file not found,
6=Session
timeout value is invalid,
7=An I/O error occurred,
8=An unknown error occurred,
16=Invalid distinguished
name,
17=No common ciphers negotiated,
18=No
certificate available,
19=Server certificate rejected
by client,
20=Root certificate authority not supported,
21=Unsupported operation,
22=Invalid certificate
signature,
23=Peer system not recognized,
24=Not authorized,
25=Self-signed certificate,
26=Invalid session state,
27=Handle creation
failed,
28=No private key,
29=Untrusted
Certificate Authority,
30=Certificate date invalid,
31=Invalid cipher suite,
32=Handshake abandoned
by client,
33=Cannot open key database,
34=Host
certificate not yet valid,
35=Certificate parsing
error,
36=Certificate is revoked, 37=LDAP server
is inactive, 38=Unknown Certificate Authority, 39=Internal
error on partner, 40=Unknown alert received, 41=Client
authentication alert, 42=Incorrect key usage, 43=Server
name not recognized},
clientaddr,
tcpipservice
The value specified in the MAXSOCKETS system initialization parameter is greater than the value specified in the z/OS UNIX System Services MAXFILEPROC option.
CICS has attempted to set the MAXSOCKETS value higher than the MAXFILEPROC value, but has been unable to do so because the userid under which CICS is running does not have superuser authority.
CICS continues execution with the MAXSOCKETS value set equal to the MAXFILEPROC value.
You may:
Console
DFHSOIS
XMEOUT Parameters:
applid,
mmmmm,
nnnnn
The value of the MAXSOCKETS system initialization parameter retrieved from the catalog during a warm or emergency restart is greater than the value specified in the z/OS UNIX System Services MAXFILEPROC option.
CICS has attempted to set the MAXSOCKETS value higher than the MAXFILEPROC value, but has been unable to do so, because the userid under which CICS is running does not have superuser authority.
This situation may arise when:
CICS continues execution with the MAXSOCKETS value set equal to the MAXFILEPROC value.
You may:
Console
DFHSOIS
XMEOUT Parameters:
applid,
mmmmm,
nnnnn
An attempt to create a tcpip socket has failed as the number of open sockets in the system would exceed the current MAXSOCKETS value.
The socket is not opened and failure is reported.
If this behaviour is undesireable, use CEMT SET TCPIP
to increase the number of sockets in the system.
Console
DFHSOMG
XMEOUT Parameter: applid
The CRLPROFILE system initialization parameter has been specified, but the information required by CICS and System SSL to perform a bind to an LDAP server cannot be obtained from the profile that it identifies.
CICS has attempted to extract the following information from the PROXY segment of the profile profile in the LDAPBIND class of the external security manager's database:
Either the specified profile does not exist, or CICS does not have authority to access the profile, or one or more of the required components are missing from the profile.
The CICS SSL function cannot retrieve certificate revocation lists to determine whether certificates have been revoked. To prevent further error messages, the CRLPROFILE function has been disabled. Therefore CICS will be unable to check whether SSL certificates are revoked.
Ensure that the profile profile in the LDAPBIND class of the security manager is defined with a PROXY segment that contains all three required components. Also ensure that the CICS region userid had READ access to the profile, then restart CICS.
Console Routecodes 2, 9 and 10
DFHSOSE
XMEOUT Parameters: applid, profile
The LDAP server, whose name was obtained from the PROXY segment of the external security manager's profile specified by the CRLPROFILE system initialization parameter, cannot be accessed.
The CICS SSL function cannot retrieve certificate revocation lists to determine whether certificates have been revoked. To prevent further error messages, the CRLPROFILE function has been disabled. CICS will not make any further attempts to acquire certificate revocation lists from the LDAP server. Therefore CICS will be unable to check whether SSL certificates are revoked.
To re-enable certificate revocation list checking, the LDAP server specified within the CRLPROFILE must be restarted. All CICS systems, that specify a CRLPROFILE definition that references this server, must then also be restarted.
Console Routecodes 2, 9 and 10
DFHSOSE
XMEOUT Parameter: applid
A TCP/IP ACCEPT call has returned an error.
An exception trace entry is made in the trace table. No system dump is taken, unless you have specifically requested a dump in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate.
The TCPIPSERVICE tcpipservice on port portnumber at the specified IP address is shut down. When this shutdown is complete, message DFHSO0108 is issued.
The return value, return code, and reason code reported by UNIX System Services are displayed to aid with diagnostics.
Determine the reason for the ACCEPT failure. The return code and reason code included in the message text are described in the z/OS UNIX System Services Messages and Codes manual. A possible cause of this error is if TCP/IP has reached MAXSOCKETS. Check the system console for any messages issued by TCP/IP and take the recovery action indicated.
The TCPIPSERVICE tcpipservice is closed. After the TCP/IP problem has been resolved, you can reopen the closed TCPIPSERVCE.
Console
DFHSOLS
XMEOUT Parameter: date, time, applid, tcpipservice, portnumber, ipaddress, bpx return value, bpx return code, bpx reason code.
An attempt to switch to an S8 SSL TCB has failed because the request has timed out.
The SSL request is not performed and the task is purged.
Increase the number of S8 SSL TCBs available to the CICS sockets domain by changing the MAXSSLTCBS value, either in the SIT or via the CEMT SET DISPATCHER command.
Transient Data Queue CSOO
DFHSOSE
XMEOUT Parameter: applid.