That's a good catch, Mike! I did fat-finger that entry... grrrr. Alas, after fixing it, the problem remains...
On Wed, 2010-11-24 at 11:01 -0600, Mike Walter wrote: > The most difficult problems to diagnose are often those that just look > *SO* correct, but contain a wee typo. > I don't run the SSL server (yet), so I can't say for sure if this is the > cause or not, but *could* it be: > > :Mixedcasparms.YES > should be > :Mixedcaseparms.YES > _ > > Potentially, that could prevent the next mixed statements from being > processed properly: > :mount. /../VMBFS:VMSYS:ROOT/ / , > /../VMBFS:VMSYS:SSLSERV/ /tmp , > /../VMBFS:VMSYS:GSKSSLDB/ /etc/gskadm > :parms.KEYfile /etc/gskadm/Database.kdb > > At least it's worth a quick test. > > Mike Walter > Aon Corporation > The opinions expressed herein are mine alone, not my employer's. > > > > "Dave Keeton" <[email protected]> > > Sent by: "The IBM z/VM Operating System" <[email protected]> > 11/24/2010 10:49 AM > Please respond to > "The IBM z/VM Operating System" <[email protected]> > > > > To > [email protected] > cc > > Subject > Re: Question about SSL Service > > > > > > > Well, I've been through the instructions in the link that Jim provided, > but I still haven't been able to get SSL to start up. I'm trying to set > things up with a single-server, as opposed to the new SSL Pool option. I'm > going provide my configuration in the hope that a mistake might stand out > to the list. > > SYSTEM DTCPARMS: > :nick.TCPIP :type.server > :class.stack > :attach.2D18-2D1A > :nick.TCPIP :type.server > :class.stack > :attach.06EC-06EE > :nick.FTP :type.class > :name.FTP daemon > :command.SRVRFTP > :runtime.PASCAL > :diskwarn.YES > :anonymous.YES > :nick.SSLSERV :type.server > :class.ssl > :stack.TCPIP > :name.SSL daemon > :command.VMSSL > :runtime.C > :diskwarn.YES > :Admin_ID_list.TCPMAINT GSKADMIN > :memory.256M > :Mixedcasparms.YES > :vmlink. .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW> > :mount. /../VMBFS:VMSYS:ROOT/ / , > /../VMBFS:VMSYS:SSLSERV/ /tmp , > /../VMBFS:VMSYS:GSKSSLDB/ /etc/gskadm > :parms.KEYfile /etc/gskadm/Database.kdb > :nick.SSLDCSSM :type.server > :class.ssl_dcss_agent > :stack.TCPIP > :for.SSLSERV > :nick.TCPIP :type.server > :class.stack > :DCSS_Parms.<DEFAULT> > > PROFILE TCPIP: > SMALLDATABUFFERPOOLSIZE 2048 > ASSORTEDPARMS > PROXYARP > ENDASSORTEDPARMS > OBEY > OPERATOR TCPMAINT MAINT MPROUTE DHCPD REXECD SNMPD SNMPQE LDAPSRV > ENDOBEY > AUTOLOG > FTPSERVE 0 ; FTP Server > SSLSERV 0 ; SSL Server > ENDAUTOLOG > INFORM > OPERATOR TCPMAINT > ENDINFORM > SSLSERVERID SSLSERV TIMEOUT 30 > SSLLIMITS MAXSESSIONS 3000 MAXPERSSLSERVER 600 > INTERNALCLIENTPARMS > TLSLABEL ENTSYSVM > PORT 23 PORT 992 > SECURECONNECTION PREFERRED > ENDINTERNALCLIENTPARMS > > USER DIRECT entries: > > USER SSLSERV SSLSERV 256M 2G G > INCLUDE TCPCMSU > POSIXINFO UID 7 GNAME security > IUCV ALLOW > OPTION ACCT MAXCONN 1024 QUICKDSP SVMSTAT APPLMON > NAMESAVE TCPIP > SHARE RELATIVE 3000 > LINK 5VMTCP40 491 491 RR > LINK 5VMTCP40 492 492 RR > LINK TCPMAINT 591 591 RR > LINK TCPMAINT 592 592 RR > LINK TCPMAINT 198 198 RR > MDISK 191 3390 9021 001 540RES MR RSSLSERV WSSLSERV MSSLSERV > > USER SSLDCSSM LBYONLY 32M 64M GE > INCLUDE TCPCMSU > OPTION QUICKDSP SVMSTAT > LOGONBY TCPMAINT GSKADMIN > NAMESAVE TCPIP > LINK 5VMTCP40 0491 0491 RR > LINK 5VMTCP40 0492 0492 RR > LINK TCPMAINT 0591 0591 RR > LINK TCPMAINT 0592 0592 RR > LINK TCPMAINT 0198 0198 RR > MDISK 0191 3390 09086 00010 540RES MR READ WRITE MULTI > > The issue continues to be the following error when TCPIP starts: > > DMSACR1184E Directory VMSYS:TCPMAINT.SSLPOOL_SSL not found or you are not > authorized for it > DTCRUN1001E "VMLINK .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW>" failed > with return code 2100 > > Thanks, > Dave > > On Tue, 2010-11-23 at 10:57 -0500, James Poirier wrote: > Dave, > > The following link describes the steps you need to do in addition to > what the SSLPOOL PLAN option describes. > > http://www.vm.ibm.com/related/tcpip/tcspeins.html > > Jim P. > > > On 11/23/10 10:46 AM, "Dave Keeton" <[email protected]> wrote: > > Thanks, Mike. I tried to restart using that option, but it complained that > a $RESTART file was not found. > > I was able to run service again like last time, just using SERVICE ALL and > it appeared to complete successfully. > > My problem now is deciphering exactly WHAT needs to be changed in SSL to > get it working again. I ran SSLPOOL with the PLAN option and got a list of > changes that needed to be made - made them, but I still get errors when > TCPIP starts: > > DTCRUN1022I Console log will be sent to default owner ID: TCPMAINT > DMSACR1184E Directory VMSYS:TCPMAINT.SSLPOOL_SSL not found or you are not > authorized for it > DTCRUN1001E "VMLINK .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW>" failed > with return code 2100 > DTCRUN1099E Server not started - correct problem and retry > > I even went so far as to roll through a refresh of the BFS filespaces > found here: http://www.vm.ibm.com/related/tcpip/tcsslini.html > > Dave > > On Mon, 2010-11-22 at 16:57 -0600, Mike Walter wrote: > > Dave, > > Issue: HELP VMSES SERVICE > then look for the "RESTART" doc and give it a try. > Trying=Learning. :-) > (Sometimes the Trying="Learning hard way", but this should not be one of > those cases) > > Mike Walter > Aon Corporation > The opinions expressed herein are mine alone, not my employer's. > > > > "Dave Keeton" <[email protected]> > > Sent by: "The IBM z/VM Operating System" <[email protected]> > 11/22/2010 04:47 PM > Please respond to > "The IBM z/VM Operating System" <[email protected]> > > > > To > [email protected] > cc > > Subject > Question about SSL Service > > > > > > > I applied the PTFs UK59535 & UM33112 (as designated in PK97437) for z/VM > 5.4 SSL today, but ran PUT2PROD before reading all the instructions as I > should have. The USER DIRECT entries were not present when I ran it (I > know, boneheaded maneuver). As a result, I believe the step for creating > the SFS entries didn't get completed. > > Can I run SERVICE again and will it create the VMSYS:TCPMAINT.SSLPOOL_SSL > filepool and subsequent enrollment, or do I need to do more research on > creating this manually? > > Thanks, > Dave Keeton > > > > > > The information contained in this e-mail and any accompanying documents > may contain information that is confidential or otherwise protected from > disclosure. If you are not the intended recipient of this message, or if > this message has been addressed to you in error, please immediately alert > the sender by reply e-mail and then delete this message, including any > attachments. Any dissemination, distribution or other use of the contents > of this message by anyone other than the intended recipient is strictly > prohibited. All messages sent to and from this e-mail address may be > monitored as permitted by applicable law and regulations to ensure > compliance with our internal policies and to protect our business. E-mails > are not secure and cannot be guaranteed to be error free as they can be > intercepted, amended, lost or destroyed, or contain viruses. You are > deemed to have accepted these risks if you communicate with us by e-mail. > > -- > Dave Keeton > Systems Programmer > Mainframe Computing Svcs > Oregon State Data Center > Office: (503) 373-0832 > > > > > > The information contained in this e-mail and any accompanying documents may > contain information that is confidential or otherwise protected from > disclosure. If you are not the intended recipient of this message, or if this > message has been addressed to you in error, please immediately alert the > sender by reply e-mail and then delete this message, including any > attachments. Any dissemination, distribution or other use of the contents of > this message by anyone other than the intended recipient is strictly > prohibited. All messages sent to and from this e-mail address may be > monitored as permitted by applicable law and regulations to ensure compliance > with our internal policies and to protect our business. E-mails are not > secure and cannot be guaranteed to be error free as they can be intercepted, > amended, lost or destroyed, or contain viruses. You are deemed to have > accepted these risks if you communicate with us by e-mail. -- Dave Keeton Systems Programmer Mainframe Computing Svcs Oregon State Data Center Office: (503) 373-0832
