Understood! -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Thursday, April 5, 2018 11:37 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: UA94606
Good advice for the sandbox. However, identifying the offender is only the first step. Fixing the problem may turn out to be a long and painful journey through the whole enterprise. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Allan Staller Sent: Thursday, April 05, 2018 9:20 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: UA94606 Since it's a sandbox, set VSM ALLOWUSERKEYCSA(NO), IPL, and see what crashes! -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Thursday, April 5, 2018 11:10 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: UA94606 I've been asked off-list to elaborate on my post. Truth is I have nothing else to contribute. Health check ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM is installed by the APAR but not activated. Odd if you ask me. So I activated it just on our sandbox sysplex. *Immediately* got this: * High Severity Exception * IGVH114E Use of user key common storage detected since 03/09/2018 16:08:05 Explanation: User key common storage usage attempts were made on this system. Usage attempts can be obtaining user key CSA/ECSA storage, creating user key SCOPE=COMMON data spaces or changing the key of SQA/ESQA storage to a user key using CHANGKEY. Allowing programs to use user key common creates a security risk because common storage can then be modified by any unauthorized program. System Action: The system continues processing. Operator Response: Please report this problem to the system programmer. OK, System Programmer response: no idea what the problem is. We have run in this sysplex for many years with VSM ALLOWUSERKEYCSA(YES) /* AFOP abends B78-5C in z/OS 1.9 */ We moved from AFOP to System Automation many years ago, so that's not the culprit. The health check comes with lots of advice on how to find the offender, but at this moment, we have no idea who that is. As I posted, lots of work in the offing. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Tuesday, April 03, 2018 3:09 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: UA94606 Thanks for this heads up. We also installed OA53355 (for 2.1 RSU) recently. I totally missed this hold item. The relevant health check ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM was not activated. After reading this post, I turned it on. Ouch. We have some work to do. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of esst...@juno.com Sent: Tuesday, April 03, 2018 11:51 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):UA94606 IBM prepares for the removal of support for user key common areas I was presented with this PTF on our recent z/OS 2.2 Maintenance upgrade. . UA94606 . The allocating, obtaining, or changing common areas of virtual storage, such that the storage is in user key (8-15), will not be supported after z/OS V2R3. In addition, setting the DIAGxx parmlib statement VSM ALLOWUSERKEYCSA to YES will not be supported after z/OS V2R3. IBM strongly recommends specifying or defaulting the ALLOWUSERKEYCSA statement to NO. Paul V. D'Angelo ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ::DISCLAIMER:: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN