A fix is available
APAR status
Closed as program error.
Error description
After upgrading from CICS TS 5.4 to 6.1 we had an issue on one AORs with a CICS sockets connection, CICS is the client. The application had switched to an alternative destination IP for the connected server which we believe should have caused an error, a fresh call to the DNS server and then an update to the IP address after which traffic should resume. We see the messages below: DFHSO0123 31/08/2023 04:53:10 CICS1 Return code 420 received from function gsk_secure_socket_init of System SSL. Reason: Handshake abandoned by peer. Peer: nn.nn.nnn.1, TCPIPSERVICE: *NONE*. . DFHSO0399 31/08/2023 04:53:10 CICS1 Client side of TLS handshake failed: Socket closed by remote partner. Local certificate:Cert, Host: transaction¯gateway, Port: 00ppp, URIMAP: MMMMMMM, TRANSID:TTTT, USERID: UUUUUUUU, PROGRAM: DFHMIRS, z/OS System SSL return code: 420. What we don't know is whether CICS had cached the IP address and wasn't requesting a refreshed one or whether the DNS server was sending the old one repeatedly. . A dump was taken. The trace shows repeated attempts to access the original remote server. Every attempt is using a new connection because the socket pool is empty. This implies that the sockets did get closed as part of the switch over process of the remote server. The WEB OPEN is successful using the old IP address. At CICS TS 6.1 WEB OPEN URIMAP command uses the cached IP address and HTTP information. The application issues a CONNECT and that works because the original server is still operational. The WEB SEND fails immediately during the TLS handshake due to the connection being closed.
Local fix
DISABLE and ENABLE the URIMAP to clear out the cached IP address and force the next WEB OPEN to do a new DNS lookup.
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: In an active/active setup when a server * * switch occurs and the original server * * can still be connected to, CICS clients * * sending requests do not perform a DNS * * lookup to get the IP address of the new * * target server. * **************************************************************** In CICS 6.1 IP address caching was introduced. CICS only updates a cached IP address that is associated with a URIMAP when a CONNECT attempt fails, but not when a SEND attempt fails. In DFHWBCL, if a send fails CICS will attempt to reconnect to the server, but only by using the cached IP address. CICS then continues using the cached IP address and sends requests to the original server - these requests then fail as the TLS handshake will find the connection is closed. The only way to stop this is to disable and enable the URIMAP that is using the cached IP address, or to recycle CICS.
Problem conclusion
CICS has been updated so when a send, using a cached IP address, fails due to the connection being closed it will perform a DNS lookup to update the cached IP address before reconnecting.
Temporary fix
Comments
APAR Information
APAR number
PH57056
Reported component name
CICS TS Z/OS V6
Reported component ID
5655YA100
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-09-20
Closed date
2023-12-19
Last modified date
2024-01-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI94993
Modules/Macros
DFHWBCL DFHWBCLI DFHWBDUF DFHWBSO DFHWBSV DFHWBXM
Fix information
Fixed component name
CICS TS Z/OS V6
Fixed component ID
5655YA100
Applicable component levels
R400 PSY UI94993
UP23/12/20 P F312
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
02 January 2024