Dave,
Take out the following form :nick.SSLSERV because you are not using
the pool concept you donĀ¹t need it and it is creating the problem.
:vmlink. .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW>
Jim P.
On 11/24/10 12:08 PM, "Dave Keeton" <[email protected]> wrote:
> That's a good catch, Mike! I did fat-finger that entry... grrrr.
> Alas, after fixing it, the problem remains...
>
> On Wed, 2010-11-24 at 11:01 -0600, Mike Walter wrote:
>>
>> The most difficult problems to diagnose are often those that just look
>> *SO* correct, but contain a wee typo.
>> I don't run the SSL server (yet), so I can't say for sure if this is the
>> cause or not, but *could* it be:
>>
>> :Mixedcasparms.YES
>> should be
>> :Mixedcaseparms.YES
>> _
>>
>> Potentially, that could prevent the next mixed statements from being
>> processed properly:
>> :mount. /../VMBFS:VMSYS:ROOT/ / ,
>> /../VMBFS:VMSYS:SSLSERV/ /tmp ,
>> /../VMBFS:VMSYS:GSKSSLDB/ /etc/gskadm
>> :parms.KEYfile /etc/gskadm/Database.kdb
>>
>> At least it's worth a quick test.
>>
>> Mike Walter
>> Aon Corporation
>> The opinions expressed herein are mine alone, not my employer's.
>>
>>
>>
>> "Dave Keeton" <[email protected]>
>>
>> Sent by: "The IBM z/VM Operating System" <[email protected]>
>> 11/24/2010 10:49 AM
>> Please respond to
>> "The IBM z/VM Operating System" <[email protected]>
>>
>>
>>
>> To
>> [email protected]
>> cc
>>
>> Subject
>> Re: Question about SSL Service
>>
>>
>>
>>
>>
>>
>> Well, I've been through the instructions in the link that Jim provided,
>> but I still haven't been able to get SSL to start up. I'm trying to set
>> things up with a single-server, as opposed to the new SSL Pool option. I'm
>> going provide my configuration in the hope that a mistake might stand out
>> to the list.
>>
>> SYSTEM DTCPARMS:
>> :nick.TCPIP :type.server
>> :class.stack
>> :attach.2D18-2D1A
>> :nick.TCPIP :type.server
>> :class.stack
>> :attach.06EC-06EE
>> :nick.FTP :type.class
>> :name.FTP daemon
>> :command.SRVRFTP
>> :runtime.PASCAL
>> :diskwarn.YES
>> :anonymous.YES
>> :nick.SSLSERV :type.server
>> :class.ssl
>> :stack.TCPIP
>> :name.SSL daemon
>> :command.VMSSL
>> :runtime.C
>> :diskwarn.YES
>> :Admin_ID_list.TCPMAINT GSKADMIN
>> :memory.256M
>> :Mixedcasparms.YES
>> :vmlink. .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW>
>> :mount. /../VMBFS:VMSYS:ROOT/ / ,
>> /../VMBFS:VMSYS:SSLSERV/ /tmp ,
>> /../VMBFS:VMSYS:GSKSSLDB/ /etc/gskadm
>> :parms.KEYfile /etc/gskadm/Database.kdb
>> :nick.SSLDCSSM :type.server
>> :class.ssl_dcss_agent
>> :stack.TCPIP
>> :for.SSLSERV
>> :nick.TCPIP :type.server
>> :class.stack
>> :DCSS_Parms.<DEFAULT>
>>
>> PROFILE TCPIP:
>> SMALLDATABUFFERPOOLSIZE 2048
>> ASSORTEDPARMS
>> PROXYARP
>> ENDASSORTEDPARMS
>> OBEY
>> OPERATOR TCPMAINT MAINT MPROUTE DHCPD REXECD SNMPD SNMPQE LDAPSRV
>> ENDOBEY
>> AUTOLOG
>> FTPSERVE 0 ; FTP Server
>> SSLSERV 0 ; SSL Server
>> ENDAUTOLOG
>> INFORM
>> OPERATOR TCPMAINT
>> ENDINFORM
>> SSLSERVERID SSLSERV TIMEOUT 30
>> SSLLIMITS MAXSESSIONS 3000 MAXPERSSLSERVER 600
>> INTERNALCLIENTPARMS
>> TLSLABEL ENTSYSVM
>> PORT 23 PORT 992
>> SECURECONNECTION PREFERRED
>> ENDINTERNALCLIENTPARMS
>>
>> USER DIRECT entries:
>>
>> USER SSLSERV SSLSERV 256M 2G G
>> INCLUDE TCPCMSU
>> POSIXINFO UID 7 GNAME security
>> IUCV ALLOW
>> OPTION ACCT MAXCONN 1024 QUICKDSP SVMSTAT APPLMON
>> NAMESAVE TCPIP
>> SHARE RELATIVE 3000
>> LINK 5VMTCP40 491 491 RR
>> LINK 5VMTCP40 492 492 RR
>> LINK TCPMAINT 591 591 RR
>> LINK TCPMAINT 592 592 RR
>> LINK TCPMAINT 198 198 RR
>> MDISK 191 3390 9021 001 540RES MR RSSLSERV WSSLSERV MSSLSERV
>>
>> USER SSLDCSSM LBYONLY 32M 64M GE
>> INCLUDE TCPCMSU
>> OPTION QUICKDSP SVMSTAT
>> LOGONBY TCPMAINT GSKADMIN
>> NAMESAVE TCPIP
>> LINK 5VMTCP40 0491 0491 RR
>> LINK 5VMTCP40 0492 0492 RR
>> LINK TCPMAINT 0591 0591 RR
>> LINK TCPMAINT 0592 0592 RR
>> LINK TCPMAINT 0198 0198 RR
>> MDISK 0191 3390 09086 00010 540RES MR READ WRITE MULTI
>>
>> The issue continues to be the following error when TCPIP starts:
>>
>> DMSACR1184E Directory VMSYS:TCPMAINT.SSLPOOL_SSL not found or you are not
>> authorized for it
>> DTCRUN1001E "VMLINK .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW>" failed
>> with return code 2100
>>
>> Thanks,
>> Dave
>>
>> On Tue, 2010-11-23 at 10:57 -0500, James Poirier wrote:
>> Dave,
>>
>> The following link describes the steps you need to do in addition to
>> what the SSLPOOL PLAN option describes.
>>
>> http://www.vm.ibm.com/related/tcpip/tcspeins.html
>>
>> Jim P.
>>
>>
>> On 11/23/10 10:46 AM, "Dave Keeton" <[email protected]> wrote:
>>
>> Thanks, Mike. I tried to restart using that option, but it complained that
>> a $RESTART file was not found.
>>
>> I was able to run service again like last time, just using SERVICE ALL and
>> it appeared to complete successfully.
>>
>> My problem now is deciphering exactly WHAT needs to be changed in SSL to
>> get it working again. I ran SSLPOOL with the PLAN option and got a list of
>> changes that needed to be made - made them, but I still get errors when
>> TCPIP starts:
>>
>> DTCRUN1022I Console log will be sent to default owner ID: TCPMAINT
>> DMSACR1184E Directory VMSYS:TCPMAINT.SSLPOOL_SSL not found or you are not
>> authorized for it
>> DTCRUN1001E "VMLINK .DIR VMSYS:TCPMAINT.SSLPOOL_SSL <. A FORCERW>" failed
>> with return code 2100
>> DTCRUN1099E Server not started - correct problem and retry
>>
>> I even went so far as to roll through a refresh of the BFS filespaces
>> found here: http://www.vm.ibm.com/related/tcpip/tcsslini.html
>>
>> Dave
>>
>> On Mon, 2010-11-22 at 16:57 -0600, Mike Walter wrote:
>>
>> Dave,
>>
>> Issue: HELP VMSES SERVICE
>> then look for the "RESTART" doc and give it a try.
>> Trying=Learning. :-)
>> (Sometimes the Trying="Learning hard way", but this should not be one of
>> those cases)
>>
>> Mike Walter
>> Aon Corporation
>> The opinions expressed herein are mine alone, not my employer's.
>>
>>
>>
>> "Dave Keeton" <[email protected]>
>>
>> Sent by: "The IBM z/VM Operating System" <[email protected]>
>> 11/22/2010 04:47 PM
>> Please respond to
>> "The IBM z/VM Operating System" <[email protected]>
>>
>>
>>
>> To
>> [email protected]
>> cc
>>
>> Subject
>> Question about SSL Service
>>
>>
>>
>>
>>
>>
>> I applied the PTFs UK59535 & UM33112 (as designated in PK97437) for z/VM
>> 5.4 SSL today, but ran PUT2PROD before reading all the instructions as I
>> should have. The USER DIRECT entries were not present when I ran it (I
>> know, boneheaded maneuver). As a result, I believe the step for creating
>> the SFS entries didn't get completed.
>>
>> Can I run SERVICE again and will it create the VMSYS:TCPMAINT.SSLPOOL_SSL
>> filepool and subsequent enrollment, or do I need to do more research on
>> creating this manually?
>>
>> Thanks,
>> Dave Keeton
>>
>>
>>
>>
>>
>> The information contained in this e-mail and any accompanying documents
>> may contain information that is confidential or otherwise protected from
>> disclosure. If you are not the intended recipient of this message, or if
>> this message has been addressed to you in error, please immediately alert
>> the sender by reply e-mail and then delete this message, including any
>> attachments. Any dissemination, distribution or other use of the contents
>> of this message by anyone other than the intended recipient is strictly
>> prohibited. All messages sent to and from this e-mail address may be
>> monitored as permitted by applicable law and regulations to ensure
>> compliance with our internal policies and to protect our business. E-mails
>> are not secure and cannot be guaranteed to be error free as they can be
>> intercepted, amended, lost or destroyed, or contain viruses. You are
>> deemed to have accepted these risks if you communicate with us by e-mail.
