APAR status
Closed as program error.
Error description
A new SMTP server is defined without TLS. When IBM Spectrum Protect Plus server sends notification by smtp through Report job, TOFU is wrongly triggered and a certificate is set to the SMTP server even it does not have "Use TLS" checked. As a result, this SMTP server has TLS enabled automatically. Following log entries can be seen in virgo log: INFO jobmanExecutor-5 com.syncsort.dp.xsb.executor.notify.email.EmailNotifyExecutor 1682409830082 Sending email notification. INFO jobmanExecutor-5 com.syncsort.dp.xsb.executor.notify.email.SmtpTofu 1682409830082 There isn't any concurrent smtp Tofu done, run Tofu. Versions affected: IBM Spectrum Protect Plus v10.1.13 and later Additional keywords: TS012774499 SPP
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect Plus level 10.1.13, 10.1.14 * **************************************************************** * PROBLEM DESCRIPTION: * * see error description * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in IBM Spectrum Protect Plus level * * 10.1.15. Note that this is subject to change at the * * discretion of IBM. * ****************************************************************
Problem conclusion
If user did not check the "Use TLS" check box when register the smtp server to IBM Spectrum Protect Plus, then IBM Spectrum Protect Plus server will wrongly trigger the smtp "Trust on First Use" logic (TOFU) in the reporting job. IBM Spectrum Protect Plus server will acquire the smtp certificate automatically and assigns it to the smtp record in the smtp "Trust on First Use" logic. So IBM Spectrum Protect Plus server will enable the smtp TLS in the subsequent reporting job. To fix this problem, the logic in IBM Spectrum Protect Plus server need to be corrected to avoid smtp "Trust on First Use" if user did not check the "Use TLS" check box.
Temporary fix
Comments
APAR Information
APAR number
IT43687
Reported component name
SP PLUS
Reported component ID
5737SPLUS
Reported release
A1E
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-05-03
Closed date
2023-05-08
Last modified date
2023-05-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SP PLUS
Fixed component ID
5737SPLUS
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A1E","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
01 February 2024