APAR status
Closed as program error.
Error description
In z/OS Explorer the FEKDSI module located in FEK.SFEKLPA is required to be placed in LPA. If a customer does not complete this step then they will experience issues when working with data sets and the following message is issued to the rsecomm log to indicate the module is not found via the standard z/OS search order: INFO: MVSFileSystemMiner: listds:FEKDSI COMMAND : call *(FEKDSI) 'CI.DUT.UDEV.CICSLIB DIRECTORY SMSINFO' <FEKDSI> MEMBER FEKDSI NOT FOUND WITHIN THE STANDARD SEARCH ORDER MISSING MEMBER NAME+ MISSING NAME OF PROGRAM TO BE EXECUTED </FEKDSI> RC=12 The message is labeled as INFO and does not indicate an ERROR. This needs to be clearer to help customers and support identify the issue when reviewing the logs.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: 1. All users running mvs operations with * * the server having improper FEK.SFEKLPA * * configuration. * * 2. Servers having single logon policy with * * a race condition in concurrent connection * * attempts from the same userID. * * 3. All users of server configured with * * TLSv1.3 support. * * 4. All users running a Search or Locate on * * PDS with large number of members. * **************************************************************** * PROBLEM DESCRIPTION: 1. FEK.SFEKLPA contains the modules * * required for running mvs operation * * and must be in LPA. When the * * requirement is not meet, the failure * * (here is by FEKDSI member) is * * expected, but the tracing should be * * clearly identified as error for users * * to recognize and handle. * * 2. The mvsminer is designed to * * shutdown the logger as it is the main * * user of the logger. * * In a mid of connection startup, this * * miner may not be loaded up to be * * responsible for closing up the logger * * when the connection was shutdown * * midway. * * 3. Currently, Daemon System ssl (GSK) * * can be configured and accept clients * * that are configured with TLSv1.2 or * * TLSv1.3. * * But the client connection to * * ThreadPool (Java SSL) may not work * * properly. Overall TLS support could * * be restricted to only-one protocol * * support at the server side. * * 4. Locate action on a member of a PDS * * having a large number of members may * * experience a short freeze due to * * processing of result. * **************************************************************** 1. The processing of the output of FEKDSI in listing the dataset attributes misses to detect the failure based on its return code to flag as an error for the overall result. 2. Left over thread and file descriptor are resource leak to the ThreadPool shared resource for on going and future connections. 3. Earlier Daemon's System GSK support configuration was not conveyed properly to ThreadPool. The issue has been fixed but the implementation of ThreadPool Java SSL still is too restricted using the default enabled setting of its SSL context initialization as the base. Currently, the server, especially in Java 8, could be configured to support either TLSv1.2 or TLSv1.3, not both. 4. Each Locate action on a member of a PDS when the member is not in the PDS member listing display may cause the host mvsminer to perform an all-members lockowner info batch query, which may take a long time especially when the PDS has a large number of members.
Problem conclusion
1. FEKDSI return code should be included in parsing the result flag up an error in the processing of the result output from the host component. Return code of FEKDSI's list dataset now is processed and a non-zero value is determined as an error and logged as ERROR in host user log. 2. To fix the problem, in the final step shutting down a client connection, have the DataStore to close the logger again to make sure the logger was cleaned up. Double closing of the same logger handle causes no harm. 3. The Java supported properties are safe to be used in enabling the socket ssl configuration. ThreadPool could use the java ssl support properties, instead of the restricted enabled properties from its context initialization, as the base in syncing up with Daemon GSK ssl support. RSE service as a whole can be configured to support TLSv1.2 and TLSv1.3 (when allowed by GSK and Java system configuration). 4. The batch query command by the host for the lockowner info should have been done only for the required members. The lockowner query in the attributes batch query command now is done with members filter. Note for other attributes query done by running a rexx script, it is till done for all members as rexx may not handle well with a long argument (as for the members listing). Also, for members query involved PDS with large number of members, the VSAM extended lockowner info tracker usage may also slow it down. It's best not to enable the VSAM extended lockinfo tracker when working with PDS having large number of members.
Temporary fix
Comments
APAR Information
APAR number
PH53377
Reported component name
EXP FOR Z/OS HO
Reported component ID
5655EXP23
Reported release
320
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-03-20
Closed date
2023-05-11
Last modified date
2023-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI91776
Modules/Macros
FEJENF70 FEJJCNFG FEJJJCL FEJJMON FEJTSO FEK1SMPE FEK2RCVE FEK3ALOC FEK4ZFS FEK5MKD FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR FEK@CONE FEK@CONF FEK@CUST FEK@DEB FEK@DESC FEK@FLOW FEK@GEN FEK@GENW FEK@ISPF FEK@IVP FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1 FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX FEKATTR FEKDSI FEKEESX0 FEKFASIZ FEKFATT1 FEKFBLD FEKFCIPH FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6 FEKFCORE FEKFDBG FEKFDBG6 FEKFDBGM FEKFDIR FEKFDIR6 FEKFDIVP FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI FEKFENVP FEKFENVR FEKFENVS FEKFEPL FEKFERRF FEKFGDGE FEKFICUL FEKFISPF FEKFIVP0 FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU FEKFJLIC FEKFJSON FEKFJVM FEKFLATR FEKFLDSI FEKFLDSL FEKFLEOP FEKFLOGS FEKFLPTH FEKFMAI6 FEKFMAIN FEKFMINE FEKFMNTL FEKFNTCE FEKFOMVS FEKFPATT FEKFPLUG FEKFPTC FEKFRIVP FEKFRMSG FEKFRSES FEKFRSRV FEKFSCMD FEKFSEND FEKFSSL FEKFSTUP FEKFT000 FEKFT001 FEKFT002 FEKFT003 FEKFT004 FEKFT005 FEKFT006 FEKFT007 FEKFT008 FEKFT009 FEKFT010 FEKFT011 FEKFT012 FEKFT013 FEKFT014 FEKFT015 FEKFT016 FEKFT017 FEKFT018 FEKFT019 FEKFT020 FEKFT021 FEKFT022 FEKFT023 FEKFT024 FEKFT025 FEKFT026 FEKFT027 FEKFTIVP FEKFTSO FEKFUTIL FEKFVERS FEKFXITA FEKFXITL FEKFZOS FEKHCONF FEKHCUST FEKHDEB FEKHDESC FEKHFLOW FEKHGEN FEKHISPF FEKHIVP FEKHIVPD FEKHJESJ FEKHMAIN FEKHMIGO FEKHOPTE FEKHOPTN FEKHPRIM FEKHRSE1 FEKHRSEO FEKHSTRT FEKHTAB1 FEKHTAB2 FEKINIT FEKKEYS FEKLOCKA FEKLOGR FEKLOGS FEKM00 FEKM01 FEKM02 FEKMKDIR FEKMOUNT FEKMSGC FEKMSGS FEKRACF FEKRSED FEKSAPF FEKSAPPL FEKSBPX FEKSCLAS FEKSCLOG FEKSCMD FEKSCPYM FEKSCPYU FEKSDSN FEKSENV FEKSETUP FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON FEKSLPA FEKSPROG FEKSPTKT FEKSRSED FEKSSERV FEKSSTC FEKSSU FEKSUSER FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT FEKXMAIN FEKXML HUHFCOR6 HUHFCORE
Fix information
Fixed component name
EXP FOR Z/OS HO
Fixed component ID
5655EXP23
Applicable component levels
R320 PSY UI91776
UP23/05/23 P F305
[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG19O","label":"IBM Explorer for z\/OS"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"320"}]
Document Information
Modified date:
01 June 2023