Hi Craig, What I do is create separate TCPMAINT userid's for each separate TCPIP stack, and of course separate TCPIP and associated userids.
Each TCPMAINT userid has it's own copy of the TCPMAINT 198 minidisk so that changes you make to one stack effect ONLY that stack. You could also give each TCPMAINT it's own 592 minidisk, but the only file your secondary TCPMAINTs and TCPIP userids really need is TCPIP DATA so I keep that on the 198 instead of the 592 minidisk. It also makes it simple to have customized FTP, SSL, SMTP, POP, etc. configurations for each stack. So for example, I have 3 stacks: Production Stack: TCPMAINT - TCPIP - FTPSERVE - SSLSERV - NAMESRV - SMTPSRV - POPSRV Stack A: TCPMAINA - TCPIPA - FTPSERVA - SSLSERVA - NAMESRVA - SMTPSRVA - POPSRVA Stack B: TCPMAINB - TCPIPB - FTPSERVB - SSLSERVB - NAMESRVB - SMTPSRVB - POPSRVB Etc. Having each stack complete isolated from each other stack helps ensure that you don't accidentally make a change intended for say Stack A to your Production stack. Whenever you want to use use commands like NETSTAT against a particular stack, just link and access the appropriate TCPMAINx 198 disk ahead of the production TCPMAINT 198 disk. It's also VERY handy to have multiple running TCPIP stacks. On those rare occasions when something has happened that takes down our production TCPIP stack, or I need to bounce the production TCPIP stack, I have 2 "back doors" that I can use to get in and diagnose the problem with via the Telnet servers on TCPIPA and TCPIPB. PS: With regards to SSLSERV keep in mind that it accesses a BFS that contains the key data. You'll need to either setup up a separate BFS tree for EACH SSLSERV userid you intend to use, OR if you want to share the key data across all of your SSLSERV's you'll need to give each SSLSERVx userid SFS access to the BFS tree (I think R/O is OK for this). Since we rarely change keys I just let all of the SSLSERVx's share the one BFS tree and maintain it with one GSKADMIN (i.e. I don't have GSKADMNA, GSKADMNB, etc.). -Mike -----Original Message----- From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of Craig Dudley Sent: Wednesday, March 25, 2009 4:06 PM To: [email protected] Subject: Question about separate TCP stacks and SSL server machines Hi, I am trying to set up a 2nd TCPIP/IP stack (TCPIPW2H) along with a 2nd SSL server (SSLSRV1). When I start up SSLSRV1 manually I get these messages: DTCSSL002I main(): calling CQadminMain()... DTCSSL126E setibmsockopt() failed; rc: -1 errno: 1123 DTCSSL095E errno detail: 1123 => EDC8123I Socket already connected. DTCSSL002I ckEPIPE(): Invoking shutdownNow() -- requested by caller DTCSSL127E Server shutdown has commenced DTCSSL103E SSLADMIN communication error: QueueReceiveBlock error; rc: 8 reason: 221 DTCSSL128E Server shutdown is complete I already have a TCP/IP stack running (TCPIP) and another SSL server (SSLSERV) running. My current guess is that SSLSRV1 is trying to use TCP stack TCPIP rather than stack TCPIPW2H. Do I need a TCPIP DATA (with TCPIPUSERID TCPIPW2H) on SSLSRV1s A-disk for SSLSRV1 to use TCPIPW2H as its stack? Thanks -- Craig Dudley Manager, Mainframe Technical Support Group Department of Information Technology State of New Hampshire 27 Hazen Drive Concord, NH 03301 603-271-1506 Fax 603-271-1516
