PH37204: ABEND AEIS ( NOTOPEN ) ON EXEC CICS WEB OPEN INTERMITTENTLY WHEN USING POOLED AT-TLS CLIENT CONNECTIONS

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• You are using AT-TLS for outbound client connections, and you
  are using connection pooling by specifying a non-zero value on
  the SOCKETCLOSE parameter of the URIMAP.  Intermittently, the
  EXEC CICS WEB OPEN will fail with NOTOPEN ( abendAEIS ) or the
  EXEC CICS WEB CONVERSE will fail with IOERR ( abendAEIQ ).  This
  happens when CICS tries to re-use a connection that had been
  sitting unused in the pool for a while, and while unused, the
  server closed the connection.
  
  CICS Trace shows that the first re-use of the connection is
  failing with
  
  ASYNCIO_EXIT RETURN_VALUE(-1) RETURN_CODE(1120)
  REASON_CODE(77F3733C)
  .
  1-0000  FFFFFFFF 00000460 77F3733C
  .
  That return code, decimal 1120 or x'0460'  is ECONNABORTED which
  means "Software caused connection abort"
  .
  The 733C (last 2 bytes of the reason code) is
  JrTtlsEncryptionFailed which means "AT-TLS was unable to encrypt
  data to be sent on a TCP connection."
  .
  At this time on the console log is this message:
  12:01:23.45 S0123456 00000090
    EZD1287I TTLS Error RC: 5017 Data Encryption 123
    123 00000090  LOCAL: 9.987.65.43..12345
    123 00000090  REMOTE: 9.123.45.678..443
    123 00000090  JOBNAME: DBDCCICS RULE: TCPIP_ABC_CompanyLocal
    123 00000090  USERID: CICSUSER GRPID: 00000009 ENVID: 000004CF
  

Local fix

• Don't use connection pooling by specifying SOCKETCLOSE(0) on
  the URIMAP
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS users                               *
  ****************************************************************
  * PROBLEM DESCRIPTION: ABEND AEIS (NOTOPEN) or ABEND AEIQ      *
  *                      (IOERR) on EXEC CICS WEB CONVERSE when  *
  *                      using AT-TLS connections.               *
  ****************************************************************
  CICS is acting as a HTTP client.  A URIMAP is defined with
  USAGE(CLIENT) and a non-zero SOCKETCLOSE value to enable the use
  of outbound connection pooling.  The connection to the target
  server has been secured using AT-TLS.
  
  An idle connection is sat in the pool when it gets closed by the
  server.  As this is an AT-TLS connection a receive call is
  needed to trigger the AT-TLS layer to handle the closure.  CICS
  does not have an outstanding receive on this connection so the
  closure goes undetected.  When the connection is selected to be
  reused by a later CICS task, CICS makes a blocking receive call
  to try and work out if the connection is still active.  This
  call indicates the connection is still active, but has the side
  effect of triggering the AT-TLS layer to handle the closure.
  
  When the CICS task tries to use this connection the attempt to
  send a request to the server fails unexpectedly with
  ECONNABORTED because the AT-TLS layer has now completed closing
  the socket.
  
  If the send was for an OPTIONS request as part of an EXEC CICS
  WEB OPEN then the command will return OK but with an invalid
  session token.  The following EXEC CICS WEB SEND or EXEC CICS
  WEB CONVERSE command will return NOTOPEN and abend AEIS if
  that is not handled.  If the send was an EXEC CICS WEB SEND or
  part of an EXEC CICS WEB CONVERSE then these commands will
  return IOERR and abend AEIQ if not handled.
  
  Additional Keywords:
  ABENDAEIS  ABENDAEIQ
  

Problem conclusion

• CICS has been changed to detect the unexpected closure of a
  socket that has just been removed from an outbound connection
  pool.  The socket connection will be automatically
  re-established and the request sent again.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI75781 UI75782 UI75783

Modules/Macros

• DFHSOAD  DFHSOCK  DFHSODM  DFHSODUF DFHSOIS  DFHSOL   DFHSOLI
  DFHSOLS  DFHSOLX  DFHSOLX6 DFHSOM01 DFHSOM02 DFHSOM03 DFHSOPL
  DFHSORD  DFHSOS00 DFHSOS01 DFHSOS02 DFHSOS03 DFHSOS04 DFHSOS05
  DFHSOS06 DFHSOS07 DFHSOS08 DFHSOS09 DFHSOS10 DFHSOS11 DFHSOS12
  DFHSOS13 DFHSOS14 DFHSOS15 DFHSOS16 DFHSOS17 DFHSOS18 DFHSOS19
  DFHSOS20 DFHSOS21 DFHSOS22 DFHSOS23 DFHSOSE  DFHSOST  DFHSOTB
  DFHSOTI  DFHSOTRI DFHSOUE  DFHSOXM  DFHWBCL  DFHWBCLI DFHWBDUF
  DFHWBSO  DFHWBSV  DFHWBXM
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R100 PSY UI75783

     UP21/06/15 P F106

• R200 PSY UI75782

     UP21/06/10 P F106

• R300 PSY UI75781

     UP21/06/10 P F106

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.