An abnormal end (abend) or program check has occurred in module modname. This implies that there may be an error in the CICS code. Alternatively, unexpected data has been input, or storage has been overwritten.
The code aaa/bbbb is a 3-digit hexadecimal MVS code (if applicable), followed by a 4-digit alphanumeric CICS code. The MVS code is a system completion code (for example, 0C1 or D37). If an MVS code is not applicable, this field is filled with three hyphens. The CICS code is an abend code or a number referring to a CICS message (for example, AKEA is a CICS abend code; 1310 refers to message DFHTS1310).
An exception entry is made in the trace table. A system dump is taken, unless you have specifically suppressed dumps in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate. If appropriate, an error return code is sent to the caller of this domain. In this case CICS could be terminated by the caller ( for example, the domain manager, DFHDMDM). A message is issued to this effect.
Message DFHME0116 is normally produced containing the symptom string for this problem.
Notify the system programmer. If CICS is still running, it is necessary to decide whether to terminate CICS.
Look up the MVS code, if there is one, in the relevant MVS codes manual which is detailed in the book list in the front of this manual.
Next, look up the CICS alphanumeric code in this manual. This tells you, for example, whether the error was a program check, an abend, or a runaway, and may give you some guidance concerning user response.
If module modname is not crucial to the running of your CICS system, you may decide to continue to run and bring CICS down at a convenient time to resolve the problem.
If you cannot run without the full use of module modname you should bring CICS down in a controlled shutdown.
You need further assistance from IBM to resolve this problem. See CICS® Problem Determination Guide for guidance on how to proceed.
Console
DFHXSAD, DFHXSCL, DFHXSDM, DFHXSFL, DFHXSIS, DFHXSLU, DFHXSPW, DFHXSRC, DFHXSST, DFHXSXM
XMEOUT Parameters: applid, aaa/bbbb, X'offset', modname
An error has been detected in module modname. The code X'code' is the exception trace point id which uniquely identifies what the error is and where the error was detected.
An exception entry (code X'code' in the message) is made in the trace table. A system dump is taken, unless you have specifically suppressed dumps in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate. If appropriate, an error return code is sent to the caller of this domain. In this case, CICS could be terminated by the caller (for example, the domain manager, DFHDMDM). A message is issued to this effect.
Message DFHME0116 is normally produced containing the symptom string for this problem.
This indicates a possible error in CICS code. The severity of its impact depends on the importance of the function being executed at the time of the error.
CICS may not have been terminated. If the message occurs once and module modname is not crucial to the running of your CICS system, you may decide to continue to run and bring CICS down at a convenient time to resolve the problem.
If the message recurs or if you cannot run without the full use of module modname, you should bring CICS down in a controlled shutdown.
You need further assistance from IBM to resolve this problem. See CICS Problem Determination Guide for guidance on how to proceed.
Console
DFHXSAD, DFHXSCL, DFHXSDM, DFHXSFL, DFHXSIS, DFHXSLU, DFHXSPW, DFHXSRC, DFHXSST, DFHXSXM
XMEOUT Parameters: applid, X'code',modname
A CICS function is taking more time to process than CICS expects. A possible loop has been detected in module modname at offset X'offset'. This is the offset of the instruction which was executing at the time the error was detected.
An exception entry is made in the trace table. A system dump is taken, unless you have specifically suppressed dumps in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate. If appropriate, an error return code is sent to the caller of this domain. In this case CICS could be terminated by the caller ( for example, the domain manager, DFHDMDM). A message is issued to this effect.
Message DFHME0116 is normally produced containing the symptom string for this problem.
Notify the system programmer. If CICS has not been terminated, it is necessary to decide whether the problem is serious enough to bring CICS down.
Since some CICS functions can use a lot of processor time, this message may have been caused by a long-running function. So there may not be an error here. Usually, CICS purges a CICS function which exceeds the runaway task time interval which you have specified in the SIT (this is the ICVR which is measured in milliseconds). This means that module modname in the message is terminated and CICS continues.
But if you have declared ICVR=0 in the SIT and you consider that module modname has gone into a loop, you have to terminate CICS in order to terminate the runaway function.
If CICS has terminated module modname, and you consider that it was not a runaway, you should increase the ICVR time interval in the SIT. You have to bring CICS down at a suitable time to do this permanently. But you can change the ICVR time interval temporarily online, using the CEMT transaction.
If raising the ICVR time does not solve the problem, you will need further assistance from IBM. See CICS Problem Determination Guide for guidance on how to proceed.
Console
DFHXSAD, DFHXSCL, DFHXSDM, DFHXSFL, DFHXSIS, DFHXSLU, DFHXSPW, DFHXSRC, DFHXSST, DFHXSXM
XMEOUT Parameters: applid, X'offset', modname
An MVS GETMAIN was issued by module modname, but there was insufficient storage available to satisfy the request.
The code X'code' is the exception trace point ID which uniquely identifies the place where the error was detected.
The code mvscode is the MVS GETMAIN return code.
An exception entry is made in the trace table (code X'code'). A system dump is taken, unless you have specifically suppressed dumps in the dump table.
CICS continues unless you have specified in the dump table that CICS should terminate.
If appropriate, an error return code is sent to the caller of this domain. In this case, CICS could be terminated by the caller (for example, the domain manager, DFHDMDM). A message is issued to this effect.
Message DFHME0116 is normally produced containing the symptom string for this problem.
If CICS has been terminated by another module, look out for the relevant termination messages (from, for example, the domain manager), and look up the user response suggested for these messages.
If CICS is still running, the problem may be a temporary one which rights itself if more storage becomes available. If you can manage without module modname, you may decide to continue and bring CICS down at a convenient time to resolve the problem. If the message recurs or if you cannot run without the full use of all CICS modules, you should bring CICS down in a controlled shutdown.
You can get diagnostic information about the MVS return code by consulting the relevant MVS codes manual which is listed in the book list at the front of this book.
Try decreasing the size limits of the DSAs or EDSAs. Or, try increasing the size of the whole region, if it is not already at maximum size. See the CICS System Definition Guide or the CICS Performance Guide for further information on CICS storage.
Console
DFHXSAD, DFHXSCL, DFHXSDM, DFHXSFL, DFHXSIS, DFHXSLU, DFHXSPW, DFHXSRC, DFHXSST, DFHXSXM
XMEOUT Parameters: applid, X'code',modname, mvscode
An external security initialization performed on an active CICS system (via CEMT PERFORM SECURITY, or EXEC CICS SECURITY REBUILD) has been tracked to the XRF alternate system, and has completed successfully.
None.
None. You can suppress this message with the system initialization parameter, MSGLVL=0.
Console
DFHXSWM
XMEOUT Parameters: date, time,applid
An external security initialization was performed on an active CICS system by use of a CEMT PERFORM SECURITY, or EXEC CICS SECURITY REBUILD.
The external security initialization has been tracked to the XRF alternate system, but has failed with return code xx and reason code yy.
xx and yy are the values placed in registers 15 and 0 by the external security manager.
CICS provides a system dump of the XRF alternate system, and continues tracking security initializations.
Message DFHME0116 is normally produced containing the symptom string for this problem.
The security characteristics of the alternate system no longer match those of the active system. Either shut down the alternate system, perform a security rebuild at takeover, or accept the difference.
Use the return codes in the message, to determine why the security initialization failed.
If the codes are invalid, you will need further assistance from IBM. See CICS Problem Determination Guide for guidance on how to proceed.
Console
DFHXSWM
XMEOUT Parameters: date, time,applid, X'xx', X'yy'
An external security initialization was performed on an active CICS system (via CEMT PERFORM SECURITY, or EXEC CICS SECURITY REBUILD).
It has not been tracked to an alternate system because the tracking data could not be sent.
CICS provides a system dump of the active, and continues tracking security initializations.
Message DFHME0116 is normally produced containing the symptom string for this problem.
The security characteristics of the alternate will no longer match those of the active. Either shut down the alternate, perform a security rebuild at takeover, or accept the difference.
CSCS
DFHXSWM
XMEOUT Parameters: date, time,applid
An external security initialization was performed on an active CICS system (via CEMT PERFORM SECURITY, or EXEC CICS SECURITY REBUILD).
The external security initialization has not been tracked to an alternate system because the tracking data could not be received.
Message DFHME0116 is normally produced containing the symptom string for this problem.
CICS provides a system dump of the alternate system, and ceases to track the security initializations.
The security characteristics of the alternate system no longer match those of the active system. Either shut down the alternate system, perform a security rebuild at takeover, or accept the difference.
CSCS
DFHXSWM
XMEOUT Parameters: date, time,applid
An external security initialization was performed on an active CICS system (via CEMT PERFORM SECURITY, or EXEC CICS SECURITY REBUILD).
It has been tracked to an alternate system but the tracking data was corrupted in transit.
CICS provides a system dump of the alternate systems, and ceases to track the security initializations.
Message DFHME0116 is normally produced containing the symptom string for this problem.
The security characteristics of the alternate system no longer match those of the active system. Either shut down the alternate system, perform a security rebuild at takeover, or accept the difference.
CSCS
DFHXSWM
XMEOUT Parameters: date, time,applid
This is an informational message indicating that security domain initialization has started.
System initialization continues.
None.
This message can be suppressed with the system initialization parameter MSGLVL=0.
Console
DFHXSDM
XMEOUT Parameter: applid
This is an informational message indicating that security domain initialization has completed successfully.
System initialization continues.
None.
This message can be suppressed with the system initialization parameter MSGLVL=0.
Console
DFHXSDM
XMEOUT Parameter: applid
This is an informational message indicating that security is not active.
System initialization continues.
None.
This message can be suppressed with the system initialization parameter MSGLVL=0.
Console
DFHXSDM
XMEOUT Parameter: applid
CICS has established a security environment for the default userid dfltuser.
The authorities that are assigned to this userid by the external security manager will be used in CICS resource checks whenever no other userid has been established.
None.
Console Routecodes 2, 9 and 11
DFHXSDM
XMEOUT Parameters: applid, dfltuser
CICS could not establish a security environment for the default userid dfltuser. The security domain cannot continue without a default user. The response and reason codes (safresp and safreas) returned by the system authorization facility (SAF), and the response and reason codes (esmresp and esmreas) returned by the external security manager (ESM) are those issued by the RACROUTE REQUEST=VERIFY macro.
CICS terminates.
Use the external security manager codes to determine why the RACROUTE REQUEST=VERIFY operation failed. Then, either correct the errors for the failing default user and restart CICS, or restart CICS with a different default userid.
Console Routecodes 2, 9, 10 and 11
DFHXSDM
XMEOUT Parameters: applid, dfltuser, X'safresp', X'safreas', X'esmresp',X'esmreas'
The security resource profiles for the class classname have been successfully loaded into storage by the external security manager.
The profiles are used in subsequent resource checks to determine users’ authorizations to access resources in the named class.
None.
Console Routecodes 2, 9, 10 and 11
DFHXSRC
XMEOUT Parameters: applid, classname
The security resource profiles for the class classname could not be loaded into storage by the external security manager. The response and reason codes (safresp and safreas) returned by the system authorization facility (SAF), and the response and reason codes (esmresp and esmreas) returned by the external security manager (ESM) are those issued by the RACROUTE REQUEST=LIST macro.
The build of the profiles was requested by one of the following:
CICS is unable to provide reliable resource security, so it terminates.
Use the external security manager codes to determine why the RACROUTE REQUEST=LIST operation failed. Rectify the problem in the external security manager, then restart CICS.
Console Routecodes 2, 9, 10 and 11
DFHXSRC
XMEOUT Parameters: applid, classname, X'safresp', X'safreas', X'esmresp', X'esmreas'
The partner-LU profiles for the class APPCLU have been successfully loaded into storage by the external security manager.
The profiles are used in subsequent bind authorization checks for LU6.2 sessions whose CONNECTION definition specifies BINDSECURITY(YES).
None.
Console Routecodes 2, 9, 10 and 11
DFHXSRC
XMEOUT Parameter: applid
The partner-LU profiles for the class APPCLU could not be loaded into storage by the external security manager. CICS therefore has no APPCLU security profiles. The response and reason codes (safresp and safreas) returned by the system authorization facility (SAF), and the response and reason codes (esmresp and esmreas) returned by the external security manager (ESM) are those issued by the RACROUTE REQUEST=LIST macro.
The build of the profiles was requested by one of the following:
If the failure occurs during CICS initialization or PERFORM SECURITY REBUILD, CICS terminates. If the failure occurs during SET VTAM OPEN, the VTAM ACB is closed and CICS continues.
Use the external security manager codes to determine why the RACROUTE REQUEST=LIST operation failed. Rectify the problem in the external security manager, then restart CICS.
Console Routecodes 2, 9, 10 and 11
DFHXSIS, DFHXSRC
XMEOUT Parameters: applid, X'safresp', X'safreas', X'esmresp', X'esmreas'
An audit request for a partner-LU verification check has failed for profile profile.
During the start-up of an APPC session, each partner can validate the other. During this validation process, the system:
The following events are audited:
The response and reason codes (safresp and safreas) returned by the system authorization facility (SAF), and the response and reason codes (esmresp and esmreas) returned by the external security manager (ESM) are those issued by the RACROUTE REQUEST=AUDIT macro.
The CICS system is not affected by this event, and CICS continues.
Use the external security manager codes to determine why the RACROUTE REQUEST=AUDIT operation failed. Correct the problem in the external security manager, then perform a security rebuild, if appropriate.
Console Routecode 9
DFHXSSB
Security was requested for this region, but the external security manager (ESM) was found to be inactive. The SEC system initialization parameter was specified as YES or left as its default value. CICS cannot initialize its security manager unless the ESM is active.
CICS terminates.
If you have an ESM installed on your system, ensure that it is active before attempting to start CICS. Otherwise, restart CICS without security by specifying SEC=NO as a system initialization parameter. Note that the SEC parameter cannot be entered as a console override.
Console Routecodes 1, 9, 10 and 11
DFHXSIS
XMEOUT Parameter: applid
CICS has detected a security violation by user userid while performing an authority check for resource resource in resource class classname.
If the userid causing the violation is signed on at a VTAM terminal, the phrase "at netname portname" reports the netname at which the violation occurred. If the userid causing the violation is signed on at a console, the phrase "at console portname" reports the console name at which the violation occurred. If the userid causing the violation is not signed on or this is a non terminal task, the entry port does not appear in this message as it is not available.
The response and reason codes (safresp and safreas) returned by the system authorization facility (SAF), and the response and reason codes (esmresp and esmreas) returned by the external security manager (ESM) are those issued by the RACROUTE REQUEST=FASTAUTH or RACROUTE REQUEST=AUTH macros. These return codes are described in the OS/390 MVS Programming: Authorized Assembler Services Guide and in External Security Interface (RACROUTE) Macro Reference for MVS and VM .
CICS can also issue this message when you use the EXEC CICS QUERY SECURITY command with the LOGMESSAGE(LOG) option.
CICS abnormally terminates the task requesting the invalid access except under one of the following conditions:
Note the security violation.
CSCS
DFHXSRC
XMEOUT Parameters: date, time,applid, tranid, userid, {1= at netname , 2= at console }, portname, resource, classname, X'safresp', X'safreas', X'esmresp', X'esmreas'
CICS could not determine the userid and groupid for this CICS region.
The response and reason codes (safresp and safreas) returned by the system authorization facility (SAF), and the response and reason codes (esmresp and esmreas) returned by the external security manager (ESM) are those issued by the RACROUTE REQUEST=EXTRACT macro.
An exception entry is made in the trace table. A system dump is taken, unless you have specifically suppressed dumps in the dump table.
Use the external security manager codes to determine why the RACROUTE REQUEST=EXTRACT operation failed. Then, either correct the errors for the failing region userid and groupid, and restart CICS, or restart CICS with a different userid and groupid.
Console Routecodes 2, 9, 10 and 11
DFHXSIS
XMEOUT Parameters: applid, X'safresp', X'safreas', X'esmresp', X'esmreas'
The region userid for this CICS system is not authorized to attach the system transaction tranid. It is a CICS requirement that the region userid must be able to access this transaction.
The response and reason codes (safresp and safreas) returned by the system authorization facility (SAF), and the response and reason codes (esmresp and esmreas) returned by the external security manager (ESM) are those issued by the RACROUTE REQUEST=FASTAUTH or AUTH macro.
CICS terminates.
Authorize the CICS region userid to access all the required CICS system transactions, or specify a different region userid that does have the required authority. (The required transactions are documented as the ‘Category 1’ transactions in the CICS RACF® Security Guide. To authorize the region userid to use these transactions, you should execute the sample clist DFH$CAT1, as described in the CICS Transaction Server for z/OS® Installation Guide.)
Then restart CICS.
Console Routecodes 2, 9, 10 and 11
DFHXSRC
XMEOUT Parameters: applid, tranid,X'safresp', X'safreas', X'esmresp',X'esmreas'
The user is not authorized to invoke the named method. The userid is not authorized to use any of the roles specified in the <method-permission> section of the deployment descriptor for this method.
CICS does not execute the specified method. CICS also issues message DFHXS1115 to the system console, which contains further information about the roles to which access is required.
Determine whether the user userid should be authorized to execute the specified method, and if so, grant the user appropriate permission.
CSCS
DFHXSEJ
XMEOUT Parameters:
date,
time,
applid,
userid,
methodName(signature),
beanName,
corbaServer
The user userid is not authorized to invoke the method named method-name within the Enterprise Java Bean named bean_name, which is deployed in the Corbaserver named cs-name. If the optional text "FOR APPLICATION application-name" appears in the message, the JAR containing the bean is identified in the deployment descriptor by a <display-name> tag containing application-name.
The user is not authorized to invoke the method because userid does not have READ access to at least one of the roles specified in the <method-permission> section of the deployment descriptor. These roles are listed in role-name-list (which may be empty).
If the optional text "FOR METHOD(*)" appears in the message, the roles in role-name-list apply to the generic method (*), because there are no specific role definitions for method-name in the deployment descriptor.
CICS does not execute the specified method, and writes a type 80 SMF record to record the violation.
Determine whether the user userid should be authorized to execute the specified method, and if so, grant the userid READ access to one of the roles named in role-name-list, or add new roles to the deployment descriptor and re-install the DJAR.
Console Routecode 9
DFHXSSF
An invalid password was supplied for user verification.
The external security manager also issues a message on the MVS/ESA security console.
CICS continues. No dump is taken.
Supply the correct password, or contact your security administrator for assistance. If you continue to supply incorrect passwords, the userid may be revoked by the external security manager. A revoked userid can only be reinstated by a security administrator.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, userid, netname
An expired password was supplied for user verification.
CICS continues. No dump is taken.
Change the password using the CICS signon process, the EXEC CICS CHANGE PASSWORD API, or any other method available to you. Alternatively, contact your security administrator for assistance.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, userid, netname
A revoked userid was supplied for user verification.
CICS continues. No dump is taken.
Contact your security administrator for assistance.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, userid, netname
An undefined userid was supplied for user verification.
CICS continues. No dump is taken.
Contact your security administrator for assistance.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, netname
An invalid password was supplied for change password processing.
The external security manager also issues a message on the MVS security console.
CICS continues. No dump is taken.
Supply the correct password or contact your security administrator for assistance. If you continue to supply incorrect passwords, the userid may be revoked by the external security manager. A revoked userid can only be reinstated by a security administrator.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, userid, netname
A revoked userid was supplied on a password change request
CICS continues. No dump is taken.
You should have the userid reinstated before it can be used. Contact your security administrator for assistance.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, userid, netname
An invalid new password was supplied on a password change request.
CICS continues. No dump is taken.
Select a suitable new password and try again. If necessary, contact your security administrator for assistance.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, userid, netname
An undefined userid was supplied on a password change request
CICS continues. No dump is taken.
Contact your security administrator for assistance.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, netname
The userid supplied on a password change request is revoked in the ESM connection to the default group.
CICS continues. No dump is taken.
Contact your security administrator for assistance.
CSCS
DFHXSPW
XMEOUT Parameters: date, time,applid, userid, tranid, netname
A client using the client authentication protocol of Secure Sockets Layer has presented a valid X.509 client certificate and a valid userid and password. CICS has successfully registered the certificate with the specified userid userid..
The certificate is permanently associated with userid userid in the external security manager's database.
Whenever the client certificate is used again, userid userid will be assigned to it without further prompting for a userid and password.
CSCS
DFHXSPW
XMEOUT Parameters:
date,
time,
applid,
userid
The KEYRING system initialization parameter has been used to specify a key ring named keyring, but the CICS region userid (userid) does not have sufficient authority to access it.
If the PARMERR=ABEND system initialization parameter is specified, CICS initialization terminates.
If the PARMERR=IGNORE system initialization parameter is specified, CICS initialization continues without a key ring. CICS does not initialize support for secure sockets layer, is not able to install TCPIPSERVICEs that specify SSL(YES) or SSL(CLIENTAUTH), or CORBASERVERs that specify CERTIFICATE.
If the PARMERR=INTERACT system initialization parameter is specified, you are prompted to enter a new key ring name, but you can only reply with a blank name, which causes CICS to continue initialization without a key ring.
If CICS is to use the secure sockets layer, the CICS region userid must be given READ access to the IRR.DIGTCERT.LIST and IRR.DIGTCERT.LISTRING resources in the FACILITY class. For further information, see the CICS RACF Security Guide.
Console Routecodes 2, 9, 10 and 11
DFHXSIS
XMEOUT Parameters:
applid,
userid,
keyring