Re: Question about SSL Service

Wed, 24 Nov 2010 11:07:29 -0800 

Mike, thanks for the assistance.

In going through your instructions, I see that in my initial attempts at
this I *DID* attempt to set things up using an SSL Pool. Here's what the
output from the command you had me run says:

Directory = VMSYS:TCPMAINT.SSLPOOL_SSL
Grantee  R  W  NR NW
TCPMAINT X  X  X  X
GSKADMIN X  X  X  X
MAINT    X  X  X  X
SSLSERV  X  X  X  X
SSL00001 X  X  X  X
SSL00002 X  X  X  X
SSL00003 X  X  X  X
SSL00004 X  X  X  X
SSL00005 X  X  X  X

I know the SSL* entries are from a previous attempt.

In my own troubleshooting, I found that I can't get SSLDCSSM to start
properly if I try logging on. It tries to process TCPRUN, but fails with
the following:

DTCRUN1005E Required tag :DCSS_Parms. was not found in file(s): SYSTEM
DTCPARMS D1, IBM DTCPARMS E1
DTCRUN1099E Server not started - correct problem and retry
DTCRUN1019I Server will not be logged off because you are connected

I know for a fact that there's a :DCSS_Parms. entry in the DTCPARMS
file. 

:nick.SSLDCSSM :type.server
               :class.ssl_dcss_agent
               :stack.TCPIP
               :for.SSLSERV
               :DCSS_Parms.<DEFAULT>

I'm assuming that SSLDCSSM is getting started by TCPIP at some point and
perhaps this is the missing piece.

Dave

On Wed, 2010-11-24 at 12:38 -0500, Michael Donovan wrote:

> Dave, 
> 
> You stated you are receiving the following: 
> 
> --------------------------------------------------------------
> The issue continues to be the following error when TCPIP starts:
> 
> DMSACR1184E Directory VMSYS:TCPMAINT.SSLPOOL_SSL not found or you are
> not authorized for it
> DTCRUN1001E "VMLINK .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW>"
> failed with return code 2100
> --------------------------------------------------------------
> 
> Does that directory exist? Is your SSLSERV userid authorized for it?
> You can find out by doing the following:
> 
> 1. LOGON TCPMAINT 
> 2. IPL CMS 
> 3. DIRLIST VMSYS:.
> (note both the colon and the period after VMSYS) 
> 4. Look for "SSLPOOL_SSL" 
> 5. If it exists, issue the command QUERY AUTH against the directory
> If it does not exist, then CREATE DIR .SSLPOOL_SSL 
> 6. Ensure SSLSERV has Read/Write/NewRead/NewWrite authority to the
> directory 
> If SSLSERV is not authorized then issue the command 
> GRANT AUTH VMSYS:TCPMAINT.SSLPOOL_SSL TO SSLSERV ( READ WRITE NEWREAD
> NEWWRITE 
> 
> If you still have problems after all this, please open a problem
> record with z/VM TCP/IP. 
> 
> Mike Donovan

Reply via email to