Re: IBM FTPS connect
The instructions for debugging connection issues indicates to run with debug soc which should provide some additional information. Rob Schramm On Tue, Sep 13, 2016, 11:10 AM Mark Pacewrote: > I'll have to go check on the z/OS Security lvl 3 FMID. I didn't install > this system, so I'm not sure. > > On Tue, Sep 13, 2016 at 9:12 AM, Tim Deller wrote: > > > Perhaps the list of ciphers in the ftpdata file is too restrictive or > > maybe the z/OS Security Level 3 FMID is not installed. > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Rob Schramm -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
REASON: 3 - RECORD TYPE NOT RECOGNIZED
Hi All, While running a DIAGNOSE on a USERCAT the following error was picked up: IDC21364I ERROR DETECTED BY DIAGNOSE: ICFCAT ENTRY: 05:26:06.214 UTMOPB08: START TWRC MSGID(AFE7 (7) RECORD: 05:26:06.214 UTMOPB08: START TWRC MSGID(AFE7 /F0 OFFSET: X'0002' REASON: 3 - RECORD TYPE NOT RECOGNIZED IDC21365I ICFCAT RECORD DISPLAY: RECORD: 05:26:06.214 UTMOPB08: START TWRC MSGID(AFE7 /F0 The programmer response (I hope I read it right) says Use DELETE NOSCRATCH to remove the sphere or base record, if it exists. I have 2 questions: Since the dsn is not listed in the job output after IDC21364i message I assume that the dsn - listed on side (cols 85 to 119) - I assume that is the dsn in question. Please correct me if I am wrong. Is this problem serious or it can wait for action to be taken? The problem was detected about 10 days ago. Thanks. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
Just as an "Oh by the way". What are you running that needs so much time? Steve -Original Message- From: "Jesse 1 Robinson"Sent: Tuesday, September 13, 2016 12:35pm To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Bypassing s322 The usual circumvention for S322 is to increase the TIME= value, not play with exits. For one thing, IEFUTIL can extend the time, but even with no exit in place, the system will abend a job eventually. Be sure to increase the time value on both the job card and on the step (EXEC) card. Exceeding either one will cause S322. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, September 13, 2016 9:06 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Bypassing s322 I would compare the Run time(Clock) with CPU TIME. You may be exceeding the CPU Time limit set for that Class. We have an exit that produces a nice little map of CPU usage details. CPU TIME is one of the fields. I recently had a job running in INPUT CLASS X that kept timing out no matter what the TIME was set on the JCL. Turns out the INPUT Class X had a 60 min CPU time limit set. So even though the job ran for 3 hours - it actually used 60.01 minutes of CPU Time. Hence the failure. Always check the job while it is running with SDSF and see if the CPU Time increases quickly. Your task may be in a loop. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Peter > Sent: Tuesday, September 13, 2016 6:05 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Bypassing s322 > > Hello > > I am running which is a long running job but it keeps abending with > s322. I have used all the long running WLM initiators but still > abends. I am not sure if IEFUTL exit is restricting it. > > The error message doesn't produce much information to diagnose. > > Is there a way to bypass any EXIT which might be timing out the Jobs ? > > Peter -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
DFSORT - ICETOOL - Search for text and replace with date
Good day to all DFSORT gurus Background: I have setup an automated e-mail reporting system which grab reports from various inputs, then I use IEBGENER to build up one PS file containing data in this sequence: e-mail body - report - boundary data - next report - ... etc ... (In this way I can send out e-mails to my clients where each e-mail is containing anything from 1 to 10 attachments.) That PS file is then send over to SMTP to go out. Those boundary lines are used to define various attachments containing reports for outgoing e-mails. Now, a client asked whether it is possible to insert run date in the file names of those attachments for easy retrieval at a later stage. What I want to do is to dynamically replace a specific string into date of run in the filenames of the attachment in the e-mail. So, for example I have this FILENAME="Never Used Ids - MMDD.TXT" I wish to replace above line with today's date using ICETOOL FINDREP or a similar command. So that example line should be changed to this for today: FILENAME="Never Used Ids - 2016-09-13.TXT" I have tried out this JCL to scan whole input and replace the MMDD to rundate, but ICETOOL just shouts RC=16 saying invalid syntax found: //SELECT EXEC PGM=ICETOOL //TOOLMSG DD SYSOUT=* //DFSMSG DD SYSOUT=* //PRINTDD SYSOUT=* //INVOER DD * e-mail subject and body --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Never Used ids - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Never Used ids - MMDD.TXT" . report ... --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Revoked ids - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Revoked ids - MMDD.TXT" . report //TOOLIN DD * COPYFROM(INVOER) TO(PRINT) USING(SORT) //SORTCNTL DD * OPTION COPY OUTREC FINDREP=(IN=C'MMDD',OUT=DATE1(-)) As you can see those MMDD can be on any place in the input lines. I only want to change those boundary lines, nothing else. Otherwise I have to use some editing tools on the datasets containing the original boundary lines. Any clues please? Are any other free products available which can do that tricks? Many thanks in advance. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
While not directly related to your question, but are you family with XMITIP from Lionel B. Dyck? Real handy stuff for emailing and attachments from the mainframe. --- skol...@us.ibm.com wrote: From: Sri h KolusuTo: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: DFSORT - ICETOOL - Search for text and replace with date Date: Tue, 13 Sep 2016 08:51:01 -0700 Elardus Engelbrecht, You just need to define a symbol for the current date and you can use it in FINDREP. You do not code OPTION COPY when you use COPY verb of ICETOOL. Here is a sample //SELECT EXEC PGM=ICETOOL //TOOLMSG DD SYSOUT=* //SYMNAMES DD * CURRDATE,S'' //DFSMSG DD SYSOUT=* //PRINTDD SYSOUT=* //INVOER DD * E-MAIL SUBJECT AND BODY --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="NEVER USED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="NEVER USED IDS - MMDD.TXT" . REPORT ... --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="REVOKED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="REVOKED IDS - MMDD.TXT" . REPORT //TOOLIN DD * COPY FROM(INVOER) TO(PRINT) USING(SORT) //SORTCNTL DD * OUTREC FINDREP=(IN=C'MMDD',OUT=CURRDATE) /* btw is there a reason as to why you chose ICETOOL? Further if you have any questions please let me know Thanks, Kolusu DFSORT Development IBM Corporation IBM Mainframe Discussion List wrote on 09/13/2016 08:36:18 AM: > From: Elardus Engelbrecht > To: IBM-MAIN@LISTSERV.UA.EDU > Date: 09/13/2016 08:36 AM > Subject: DFSORT - ICETOOL - Search for text and replace with date > Sent by: IBM Mainframe Discussion List > > Good day to all DFSORT gurus > > Background: I have setup an automated e-mail reporting system which > grab reports from various inputs, then I use IEBGENER to build up > one PS file containing data in this sequence: e-mail body - report - > boundary data - next report - ... etc ... > > (In this way I can send out e-mails to my clients where each e-mail > is containing anything from 1 to 10 attachments.) > > That PS file is then send over to SMTP to go out. Those boundary > lines are used to define various attachments containing reports for > outgoing e-mails. > > Now, a client asked whether it is possible to insert run date in the > file names of those attachments for easy retrieval at a later stage. > > What I want to do is to dynamically replace a specific string into > date of run in the filenames of the attachment in the e-mail. > > So, for example I have this FILENAME="Never Used Ids - MMDD.TXT" > > I wish to replace above line with today's date using ICETOOL FINDREP > or a similar command. > > So that example line should be changed to this for today: > FILENAME="Never Used Ids - 2016-09-13.TXT" > > I have tried out this JCL to scan whole input and replace the > MMDD to rundate, but ICETOOL just shouts RC=16 saying invalid > syntax found: > > //SELECT EXEC PGM=ICETOOL > //TOOLMSG DD SYSOUT=* > //DFSMSG DD SYSOUT=* > //PRINTDD SYSOUT=* > //INVOER DD * > > e-mail subject and body > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Never Used ids - > MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Never Used ids - MMDD.TXT" > > . report ... > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Revoked ids - MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Revoked ids - MMDD.TXT" > > . report > > //TOOLIN DD * > COPYFROM(INVOER) TO(PRINT) USING(SORT) > //SORTCNTL DD * > OPTION COPY > OUTREC FINDREP=(IN=C'MMDD',OUT=DATE1(-)) > > As you can see those MMDD can be on any place in the input lines. > > I only want to change those boundary lines, nothing else. Otherwise > I have to use some editing tools on the datasets containing the > original boundary lines. > > Any clues please? Are any other free products available which can do > that tricks? > > Many thanks in advance. > > Groete / Greetings > Elardus Engelbrecht > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN _ Netscape. Just the Net You Need. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Where did java 8 hide zoneinfo?
On Tue, 13 Sep 2016 13:40:02 +0800, Timothy Sipples wrote: >Java 8 relocated timezone information to a file "usually" named tzdb.dat. >You should find that file in the .../lib directory also. > >Anticipating the next question, if you'd like to update timezone >information between SDK service updates, use the IBM Time Zone Update >Utility for Java ("JTZU"): > >https://www.ibm.com/developerworks/java/jdk/dst/jtzu.html > >JTZU is for IBM runtimes and SDKs, including those on z/OS. If you need a >comparable tool for Oracle's JREs and JDKs on other platforms then look for >Oracle's "TZUpdater." These tools (in earlier versions) debuted well before >Java 8, so they've always been important. Arguably they're now even more >important. > Thanks. Good guess. It seems up to date with a couple things I tried. Egypt? North Korea? I wonder yet why this isn't done more conventionally by PTF. o Quality Assurance rules? o Timeliness? o Intellectual Property concerns? And it's still disappointing that most UNIX-like systems incorporate this facility (redundantly) in the nucleus -- I mean kernel, but z/OS provides it only in Java. I guess I'm neglecting Emerson. Thanks again, -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
On Tue, 13 Sep 2016 09:06:28 -0700, Sri h Kolusu wrote: >>> You could consider: //SYSUT1 DD *,SYMBOLS= instead of ICETOOL and >substitute the dynamic system symbols for and , however: > >What exactly is the midnight pitfall? If you used the LOCAL system symbols >then you would get the local time. DFSORT also has several date formats >and it is based on the time the step ran. > It's probably covered, depending on how "the time the step ran" is obtained. >If you meant that a job that started at 11:59:59 PM and the SORT step ran >at 00:00:10 then we would get the next date as SORT would not have any >idea about when the Job started. > The pitfall, however narrow, is that if midnight occurs between the evaluations of and the composite value may be in error by (almost) 24 hours. Rexx covers this by guaranteeing that if a single clause contains (any number of) references to TIME() and DATE() the TOD clock will be read only once and that value used for all. The TIME macro should nave no need to read the TOD clock more than once. UNIX time() function returns a single raw RTC value and provides functions to format that. I suppose that if processors are fast enough that the gap, accumulated over the expected life of all installed z/OS systems, meets a six sigma criterion it's not worth concern. Has anyone done the calculation? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
Dave - You can't fix mishaps except thru knowledge -Original Message- From: "Jousma, David"Sent: Tuesday, September 13, 2016 1:08pm To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, the user tried to do the build index, but failed on lack of access S913 as he should have. The user *should* have then deleted his AIX, but didn’t, and left it hanging out there. I suspect that the error was unintentional, as our application dataset naming conventions here, leave a little to be desired. *.TAT.* is test, *.PAT.* is PROD for this particular business application. It is my guess, that the user forgot to change the PAT to TAT in the RELATE portion of the DEF AIX. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 11:51 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization The challenge you will have is that the user in question had authority to build the AIX and the PATH but did not do the BUILD. And he could read the PRIMARY KSDS. This is an apples and oranges discussion or a Catch-22. -Original Message- From: "Roach, Dennis" Sent: Tuesday, September 13, 2016 11:45am To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Since it can, and did, cause a production outage, I voted for it. I would think that a production outage would rate higher than a medium priority. Dennis Roach, CISSP, PMP AIG IAM Access Administration – Consumer | Identity & Access Management 2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019 Phone: 713-831-8799 dennis.ro...@aig.com | www.aig.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:09 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization I did open an RFE for this, if anyone wishes to vote on it, here is the info. -- Notification generated at: 13 Sep 2016, 10:06 AM Eastern Time (ET) ID: 94515 Headline: Add SAF check on DEF AIX for RELATE Cluster Submitted on: 13 Sep 2016, 10:06 AM Eastern Time (ET) Brand: Servers and Systems Software Product: z/OS Link: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe_ID=94515 _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:49 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, That’s what I am seeing, and IBM just confirmed it. I guess all we can do is give the contractor a slap on the hands, and move on. IBM comments: Basically, authorization checking is done against the AIX being defined (ALTER access to the AIX cluster name as shown in the table above) not the VSAM dataset the AIX relates to. Checking against the related VSAM cluster will be done when accessed by BLDINDEX. So, this is working as intended and documented. If you wish, you could open an 'enhancement request' to have this behavior changed. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 9:33 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the extract to the AIX -Original Message- From: "Jousma, David" Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: IDCAMs DEF AIX authorization All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent BLDINDEX did fail with security violation as expected. Nightly processing of that prod file failed however due to the
Re: IBM FTPS connect
Oh hell. I don't know what any of that means. I set it up using the directions from IBM on testing connectivity. The ftp.data file contains. So I assume it's AT-TLS. There must be something within TCPIP that I need to setup also. SECURE_MECHANISM TLS TLSRFCLEVEL CCCNONOTIFY TLSMECHANISM FTP SECURE_FTP REQUIRED SECURE_CTRLCONN CLEAR SECURE_DATACONN PRIVATE KEYRING MP81136/bexarftp EPSV4TRUE On Tue, Sep 13, 2016 at 11:01 AM, Rob Schrammwrote: > Is this implemented within FTPD or Policy Agent / AT-TLS? > > On Mon, Sep 12, 2016 at 12:28 PM Mark Pace wrote: > > > I'm setting up FTPS on a 1.13 system and am a little confused by this > > sequence. It logs on okay showing a secure connect. But then it won't > do > > the actual download. So I'm confused if it's the certificate or not. > > > > 220 dhebpcb01 secure FTP server > > ready. > > EZA1701I >>> AUTH > > TLS > > 234 > > TLSv1 > > > > EZA2895I Authentication negotiation > > succeeded > > EZA1701I >>> PBSZ > > 0 > > 200 > > PBSZ=0 > > > > EZA1701I >>> PROT > > P > > 200 PROT command > > successful > > EZA2906I Data connection protection is > > private > > EZA1459I NAME (deliverycb-bld.dhe.ibm.com:MP81136): > > > > > > > > > > > B000 > > > > EZA1701I >>> USER > > B000 > > 331 Password required for > > B000. > > EZA1789I > > PASSWORD: > > > > > > > > > * > > > > EZA1701I >>> > > PASS > > 230 Virtual user B000 logged > > in. > > EZA1460I > > Command: > > > > > > > > > CCC > > > > > > > > > > > BINARY > > > > EZA1701I >>> > > CCC > > 200 command channel > > cleared. > > EZA2905I Control connection protection is > > clear > > EZA1460I > > Command: > > > > > > > GET "/GIMPAF.XML" "/u/MP81136/test.content/GIMPAF.XML" > > (REPLACE > > EZA1701I >>> TYPE > > I > > 200 Type set to > > I. > > EZA1460I > > Command: > > EZA1701I >>> > > EPSV > > 229 Entering Passive Mode > > (|||65045|) > > EZA1701I >>> RETR > > /GIMPAF.XML > > 150 Opening BINARY mode SSL data connection for > > /GIMPAF.XML. > > EZA2870I TLS security mechanism negotiation failed - data connection > > closed > > 425 ftpd: (data conn) SSL_accept unspecified > > error > > EZA1735I Std Return Code = 16425, Error Code = > > 00017 > > EZA1701I >>> > > QUIT > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > -- > > Rob Schramm > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
Since it can, and did, cause a production outage, I voted for it. I would think that a production outage would rate higher than a medium priority. Dennis Roach, CISSP, PMP AIG IAM Access Administration – Consumer | Identity & Access Management 2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019 Phone: 713-831-8799 dennis.ro...@aig.com | www.aig.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:09 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization I did open an RFE for this, if anyone wishes to vote on it, here is the info. -- Notification generated at: 13 Sep 2016, 10:06 AM Eastern Time (ET) ID:94515 Headline:Add SAF check on DEF AIX for RELATE Cluster Submitted on:13 Sep 2016, 10:06 AM Eastern Time (ET) Brand: Servers and Systems Software Product: z/OS Link: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe_ID=94515 _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:49 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, That’s what I am seeing, and IBM just confirmed it. I guess all we can do is give the contractor a slap on the hands, and move on. IBM comments: Basically, authorization checking is done against the AIX being defined (ALTER access to the AIX cluster name as shown in the table above) not the VSAM dataset the AIX relates to. Checking against the related VSAM cluster will be done when accessed by BLDINDEX. So, this is working as intended and documented. If you wish, you could open an 'enhancement request' to have this behavior changed. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 9:33 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the extract to the AIX -Original Message- From: "Jousma, David"Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: IDCAMs DEF AIX authorization All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent BLDINDEX did fail with security violation as expected. Nightly processing of that prod file failed however due to the empty AIX. Seems like DEF AIX should have been disallowed if the user didn't have the appropriate access for what it was related too? Dave _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For
Re: IBM FTPS connect
For the record, there are several FMIDs that may be installed with the z/OS Security Lvl 3 and z/OS Communications Server Security lvl 3 may also be required. The FMIDs for Z/OS Security Lvl 3 at z/OS Version 1.13 are: JCRY741 JCPT3D1 JSWK3D1 JRLS3D1 The FMID for z/OS Communications Server lvl 3 at z/OS Version 1.13.is: (ask me how I know this!!!) JIP61DK You would most likely see errors in PAGENT and its associated tasks (like IKED) if you did NOT have these installed!! Since you appear to be getting a successful control connection established ad subsequently failing on the data connection, I would suspect a possible firewall issue. The error message provided: EZA1735I Std Return Code = 16425 Indicates that the "get" command failed for one of the following reasons: 425: Can't open a data connection 425: Can't open a passive connection 425: Command terminated due to server shutdown in progress 425: Unable to open data connection HTH Tony -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Rob Schramm Sent: Tuesday, September 13, 2016 11:53 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IBM FTPS connect The instructions for debugging connection issues indicates to run with debug soc which should provide some additional information. Rob Schramm On Tue, Sep 13, 2016, 11:10 AM Mark Pacewrote: > I'll have to go check on the z/OS Security lvl 3 FMID. I didn't > install this system, so I'm not sure. > > On Tue, Sep 13, 2016 at 9:12 AM, Tim Deller wrote: > > > Perhaps the list of ciphers in the ftpdata file is too restrictive > > or maybe the z/OS Security Level 3 FMID is not installed. > > > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO > > IBM-MAIN > > > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Rob Schramm -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
Actually, I misremembered how IEFUTL works, and just remembered (sorry)! IEFUTL gets control when the time limit set expires, and can extend the time allowed. It does not set lower values. John Eells wrote: For historical reasons lost in the Mists of Time, the explanations for z/OS BCP system abends are in System Codes, while those for DFSMS abends are in System Messages. (It took me years to realize why I always seemed to be looking in the wrong place!) Basically, for batch jobs, if you do not specify TIME, it will be taken from the TIME specified on the JOBCLASS statement (JES2) or its default, 30 minutes if TIME has not been specified on JOBCLASS. (There is a JES3 equivalent that I no longer recall and did not look up.) If there is an IEFUTL exit, it can modify the TIME value based on any data accessible to the exit when it runs. Because we don't know what people might be testing for to allow or disallow more time in the exit (or, for that matter, to increase the time!), your local batch job standards document or system programmer are the sources of information about how to get IEFUTL to allow more time. Although System Codes does not mention IEFUTL for some reason (I have submitted an RCF), it does cover the other reasons: 322 Explanation: One of the following occurred: O - The system took a longer time to run a job, job step, or procedure than the time specified in one of the following: – The TIME parameter of the EXEC or JOB statement – The standard time limit specified in the job entry subsystem O - For a started task under the master subsystem, the TIME parameter was not specified on the PROC statement of the catalogued procedure, and the PPT entry did not indicate a system task System action: The system abnormally ends the job, job step, or procedure. Programmer response: If the TIME parameter was not specified on the PROC statement of the catalogued procedure, add the TIME parameter or add a PPT entry for the PGM parameter. Otherwise, check for program errors. If none exist, specify a longer time in the TIME parameter. Then run the job again. Source: System Management Facilities (SMF) Peter wrote: Hello I am running which is a long running job but it keeps abending with s322. I have used all the long running WLM initiators but still abends. I am not sure if IEFUTL exit is restricting it. The error message doesn't produce much information to diagnose. Is there a way to bypass any EXIT which might be timing out the Jobs ? -- John Eells IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
The challenge you will have is that the user in question had authority to build the AIX and the PATH but did not do the BUILD. And he could read the PRIMARY KSDS. This is an apples and oranges discussion or a Catch-22. -Original Message- From: "Roach, Dennis"Sent: Tuesday, September 13, 2016 11:45am To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Since it can, and did, cause a production outage, I voted for it. I would think that a production outage would rate higher than a medium priority. Dennis Roach, CISSP, PMP AIG IAM Access Administration – Consumer | Identity & Access Management 2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019 Phone: 713-831-8799 dennis.ro...@aig.com | www.aig.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:09 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization I did open an RFE for this, if anyone wishes to vote on it, here is the info. -- Notification generated at: 13 Sep 2016, 10:06 AM Eastern Time (ET) ID:94515 Headline:Add SAF check on DEF AIX for RELATE Cluster Submitted on:13 Sep 2016, 10:06 AM Eastern Time (ET) Brand: Servers and Systems Software Product: z/OS Link: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe_ID=94515 _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:49 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, That’s what I am seeing, and IBM just confirmed it. I guess all we can do is give the contractor a slap on the hands, and move on. IBM comments: Basically, authorization checking is done against the AIX being defined (ALTER access to the AIX cluster name as shown in the table above) not the VSAM dataset the AIX relates to. Checking against the related VSAM cluster will be done when accessed by BLDINDEX. So, this is working as intended and documented. If you wish, you could open an 'enhancement request' to have this behavior changed. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 9:33 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the extract to the AIX -Original Message- From: "Jousma, David" Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: IDCAMs DEF AIX authorization All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent BLDINDEX did fail with security violation as expected. Nightly processing of that prod file failed however due to the empty AIX. Seems like DEF AIX should have been disallowed if the user didn't have the appropriate access for what it was related too? Dave _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected.
Re: DFSORT - ICETOOL - Search for text and replace with date
That should be "familar" not "family"! --- rpin...@netscape.com wrote: From: Richard PinionTo: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: DFSORT - ICETOOL - Search for text and replace with date Date: Tue, 13 Sep 2016 08:56:07 -0700 While not directly related to your question, but are you family with XMITIP from Lionel B. Dyck? Real handy stuff for emailing and attachments from the mainframe. --- skol...@us.ibm.com wrote: From: Sri h Kolusu To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: DFSORT - ICETOOL - Search for text and replace with date Date: Tue, 13 Sep 2016 08:51:01 -0700 Elardus Engelbrecht, You just need to define a symbol for the current date and you can use it in FINDREP. You do not code OPTION COPY when you use COPY verb of ICETOOL. Here is a sample //SELECT EXEC PGM=ICETOOL //TOOLMSG DD SYSOUT=* //SYMNAMES DD * CURRDATE,S'' //DFSMSG DD SYSOUT=* //PRINTDD SYSOUT=* //INVOER DD * E-MAIL SUBJECT AND BODY --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="NEVER USED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="NEVER USED IDS - MMDD.TXT" . REPORT ... --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="REVOKED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="REVOKED IDS - MMDD.TXT" . REPORT //TOOLIN DD * COPY FROM(INVOER) TO(PRINT) USING(SORT) //SORTCNTL DD * OUTREC FINDREP=(IN=C'MMDD',OUT=CURRDATE) /* btw is there a reason as to why you chose ICETOOL? Further if you have any questions please let me know Thanks, Kolusu DFSORT Development IBM Corporation IBM Mainframe Discussion List wrote on 09/13/2016 08:36:18 AM: > From: Elardus Engelbrecht > To: IBM-MAIN@LISTSERV.UA.EDU > Date: 09/13/2016 08:36 AM > Subject: DFSORT - ICETOOL - Search for text and replace with date > Sent by: IBM Mainframe Discussion List > > Good day to all DFSORT gurus > > Background: I have setup an automated e-mail reporting system which > grab reports from various inputs, then I use IEBGENER to build up > one PS file containing data in this sequence: e-mail body - report - > boundary data - next report - ... etc ... > > (In this way I can send out e-mails to my clients where each e-mail > is containing anything from 1 to 10 attachments.) > > That PS file is then send over to SMTP to go out. Those boundary > lines are used to define various attachments containing reports for > outgoing e-mails. > > Now, a client asked whether it is possible to insert run date in the > file names of those attachments for easy retrieval at a later stage. > > What I want to do is to dynamically replace a specific string into > date of run in the filenames of the attachment in the e-mail. > > So, for example I have this FILENAME="Never Used Ids - MMDD.TXT" > > I wish to replace above line with today's date using ICETOOL FINDREP > or a similar command. > > So that example line should be changed to this for today: > FILENAME="Never Used Ids - 2016-09-13.TXT" > > I have tried out this JCL to scan whole input and replace the > MMDD to rundate, but ICETOOL just shouts RC=16 saying invalid > syntax found: > > //SELECT EXEC PGM=ICETOOL > //TOOLMSG DD SYSOUT=* > //DFSMSG DD SYSOUT=* > //PRINTDD SYSOUT=* > //INVOER DD * > > e-mail subject and body > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Never Used ids - > MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Never Used ids - MMDD.TXT" > > . report ... > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Revoked ids - MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Revoked ids - MMDD.TXT" > > . report > > //TOOLIN DD * > COPYFROM(INVOER) TO(PRINT) USING(SORT) > //SORTCNTL DD * > OPTION COPY > OUTREC FINDREP=(IN=C'MMDD',OUT=DATE1(-)) > > As you can see those MMDD can be on any place in the input lines. > > I only want to change those boundary lines, nothing else. Otherwise > I have to use some editing tools on the datasets containing the > original boundary lines. > > Any clues please? Are any other free products available which can do > that tricks? > > Many thanks in advance. > > Groete / Greetings > Elardus Engelbrecht > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: REASON: 3 - RECORD TYPE NOT RECOGNIZED
> -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of willie bunter > Sent: Tuesday, September 13, 2016 9:01 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: REASON: 3 - RECORD TYPE NOT RECOGNIZED > > Hi All, > > While running a DIAGNOSE on a USERCAT the following error was picked up: > > IDC21364I ERROR DETECTED BY DIAGNOSE: > ICFCAT ENTRY: 05:26:06.214 UTMOPB08: START TWRC MSGID(AFE7 (7) > RECORD: 05:26:06.214 UTMOPB08: START TWRC MSGID(AFE7 /F0 > OFFSET: X'0002' > REASON: 3 - RECORD TYPE NOT RECOGNIZED > IDC21365I ICFCAT RECORD DISPLAY: > RECORD: 05:26:06.214 UTMOPB08: START TWRC MSGID(AFE7 /F0 > > The programmer response (I hope I read it right) says > Use DELETE NOSCRATCH to remove the sphere or base record, if it exists. > > I have 2 questions: > Since the dsn is not listed in the job output after IDC21364i message I > assume that the dsn - > listed on side (cols 85 to 119) - > I assume that is the dsn in question. Please correct me if I am wrong. > > Is this problem serious or it can wait for action to be taken? The problem > was detected > about 10 days ago. You have already waited ten days and not yet taken any action. Has there been any noticeable impact? If you run the DIAGNOSE again, do the results change? For better or worse? Were other activities that use the catalog running at the same time as your DIAGNOSE? When I was running EXAMINE jobs to confirm consistency between catalogs and VVDSs, I determined that some reported errors were transient and could be eliminated by executing the VERIFY command just prior to the EXAMINE. I don't know if the same issue could affect DIAGNOSE. If it is a permanent error, I would be more concerned with how it occurred and what to do to prevent it in the future. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
Steve, the user tried to do the build index, but failed on lack of access S913 as he should have.The user *should* have then deleted his AIX, but didn’t, and left it hanging out there. I suspect that the error was unintentional, as our application dataset naming conventions here, leave a little to be desired. *.TAT.* is test, *.PAT.* is PROD for this particular business application. It is my guess, that the user forgot to change the PAT to TAT in the RELATE portion of the DEF AIX. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 11:51 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization The challenge you will have is that the user in question had authority to build the AIX and the PATH but did not do the BUILD. And he could read the PRIMARY KSDS. This is an apples and oranges discussion or a Catch-22. -Original Message- From: "Roach, Dennis"Sent: Tuesday, September 13, 2016 11:45am To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Since it can, and did, cause a production outage, I voted for it. I would think that a production outage would rate higher than a medium priority. Dennis Roach, CISSP, PMP AIG IAM Access Administration – Consumer | Identity & Access Management 2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019 Phone: 713-831-8799 dennis.ro...@aig.com | www.aig.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:09 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization I did open an RFE for this, if anyone wishes to vote on it, here is the info. -- Notification generated at: 13 Sep 2016, 10:06 AM Eastern Time (ET) ID:94515 Headline:Add SAF check on DEF AIX for RELATE Cluster Submitted on:13 Sep 2016, 10:06 AM Eastern Time (ET) Brand: Servers and Systems Software Product: z/OS Link: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe_ID=94515 _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:49 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, That’s what I am seeing, and IBM just confirmed it. I guess all we can do is give the contractor a slap on the hands, and move on. IBM comments: Basically, authorization checking is done against the AIX being defined (ALTER access to the AIX cluster name as shown in the table above) not the VSAM dataset the AIX relates to. Checking against the related VSAM cluster will be done when accessed by BLDINDEX. So, this is working as intended and documented. If you wish, you could open an 'enhancement request' to have this behavior changed. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 9:33 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the extract to the AIX -Original Message- From: "Jousma, David" Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: IDCAMs DEF AIX authorization All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent
Re: 2FA in the Real World
For me the problem is that it is a Dell product. Previous experience with them just leave a bitter taste in the mouth and one I have no intention of repeating. Vincent On 13/09/16 17:49, Steve wrote: > Is anyone in the real not government world using this product? > > [ https://software.dell.com/products/defender-mainframe-edition/ ]( > https://software.dell.com/products/defender-mainframe-edition/ ) > > > Steve -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM FTPS connect
I'll have to go check on the z/OS Security lvl 3 FMID. I didn't install this system, so I'm not sure. On Tue, Sep 13, 2016 at 9:12 AM, Tim Dellerwrote: > Perhaps the list of ciphers in the ftpdata file is too restrictive or > maybe the z/OS Security Level 3 FMID is not installed. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM FTPS connect
Is this implemented within FTPD or Policy Agent / AT-TLS? On Mon, Sep 12, 2016 at 12:28 PM Mark Pacewrote: > I'm setting up FTPS on a 1.13 system and am a little confused by this > sequence. It logs on okay showing a secure connect. But then it won't do > the actual download. So I'm confused if it's the certificate or not. > > 220 dhebpcb01 secure FTP server > ready. > EZA1701I >>> AUTH > TLS > 234 > TLSv1 > > EZA2895I Authentication negotiation > succeeded > EZA1701I >>> PBSZ > 0 > 200 > PBSZ=0 > > EZA1701I >>> PROT > P > 200 PROT command > successful > EZA2906I Data connection protection is > private > EZA1459I NAME (deliverycb-bld.dhe.ibm.com:MP81136): > > > > > > B000 > > EZA1701I >>> USER > B000 > 331 Password required for > B000. > EZA1789I > PASSWORD: > > > > > * > > EZA1701I >>> > PASS > 230 Virtual user B000 logged > in. > EZA1460I > Command: > > > > > CCC > > > > > > BINARY > > EZA1701I >>> > CCC > 200 command channel > cleared. > EZA2905I Control connection protection is > clear > EZA1460I > Command: > > > > GET "/GIMPAF.XML" "/u/MP81136/test.content/GIMPAF.XML" > (REPLACE > EZA1701I >>> TYPE > I > 200 Type set to > I. > EZA1460I > Command: > EZA1701I >>> > EPSV > 229 Entering Passive Mode > (|||65045|) > EZA1701I >>> RETR > /GIMPAF.XML > 150 Opening BINARY mode SSL data connection for > /GIMPAF.XML. > EZA2870I TLS security mechanism negotiation failed - data connection > closed > 425 ftpd: (data conn) SSL_accept unspecified > error > EZA1735I Std Return Code = 16425, Error Code = > 00017 > EZA1701I >>> > QUIT > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Rob Schramm -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
Elardus Engelbrecht, You just need to define a symbol for the current date and you can use it in FINDREP. You do not code OPTION COPY when you use COPY verb of ICETOOL. Here is a sample //SELECT EXEC PGM=ICETOOL //TOOLMSG DD SYSOUT=* //SYMNAMES DD * CURRDATE,S'' //DFSMSG DD SYSOUT=* //PRINTDD SYSOUT=* //INVOER DD * E-MAIL SUBJECT AND BODY --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="NEVER USED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="NEVER USED IDS - MMDD.TXT" . REPORT ... --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="REVOKED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="REVOKED IDS - MMDD.TXT" . REPORT //TOOLIN DD * COPY FROM(INVOER) TO(PRINT) USING(SORT) //SORTCNTL DD * OUTREC FINDREP=(IN=C'MMDD',OUT=CURRDATE) /* btw is there a reason as to why you chose ICETOOL? Further if you have any questions please let me know Thanks, Kolusu DFSORT Development IBM Corporation IBM Mainframe Discussion Listwrote on 09/13/2016 08:36:18 AM: > From: Elardus Engelbrecht > To: IBM-MAIN@LISTSERV.UA.EDU > Date: 09/13/2016 08:36 AM > Subject: DFSORT - ICETOOL - Search for text and replace with date > Sent by: IBM Mainframe Discussion List > > Good day to all DFSORT gurus > > Background: I have setup an automated e-mail reporting system which > grab reports from various inputs, then I use IEBGENER to build up > one PS file containing data in this sequence: e-mail body - report - > boundary data - next report - ... etc ... > > (In this way I can send out e-mails to my clients where each e-mail > is containing anything from 1 to 10 attachments.) > > That PS file is then send over to SMTP to go out. Those boundary > lines are used to define various attachments containing reports for > outgoing e-mails. > > Now, a client asked whether it is possible to insert run date in the > file names of those attachments for easy retrieval at a later stage. > > What I want to do is to dynamically replace a specific string into > date of run in the filenames of the attachment in the e-mail. > > So, for example I have this FILENAME="Never Used Ids - MMDD.TXT" > > I wish to replace above line with today's date using ICETOOL FINDREP > or a similar command. > > So that example line should be changed to this for today: > FILENAME="Never Used Ids - 2016-09-13.TXT" > > I have tried out this JCL to scan whole input and replace the > MMDD to rundate, but ICETOOL just shouts RC=16 saying invalid > syntax found: > > //SELECT EXEC PGM=ICETOOL > //TOOLMSG DD SYSOUT=* > //DFSMSG DD SYSOUT=* > //PRINTDD SYSOUT=* > //INVOER DD * > > e-mail subject and body > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Never Used ids - > MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Never Used ids - MMDD.TXT" > > . report ... > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Revoked ids - MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Revoked ids - MMDD.TXT" > > . report > > //TOOLIN DD * > COPYFROM(INVOER) TO(PRINT) USING(SORT) > //SORTCNTL DD * > OPTION COPY > OUTREC FINDREP=(IN=C'MMDD',OUT=DATE1(-)) > > As you can see those MMDD can be on any place in the input lines. > > I only want to change those boundary lines, nothing else. Otherwise > I have to use some editing tools on the datasets containing the > original boundary lines. > > Any clues please? Are any other free products available which can do > that tricks? > > Many thanks in advance. > > Groete / Greetings > Elardus Engelbrecht > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
>> You could consider: //SYSUT1 DD *,SYMBOLS= instead of ICETOOL and substitute the dynamic system symbols for and , however: Paul, DFSORT has the ability to read system symbols defined here http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/iea2e2c2/2.2.2? > Does ICETOOL cover the midnight pitfall? What exactly is the midnight pitfall? If you used the LOCAL system symbols then you would get the local time. DFSORT also has several date formats and it is based on the time the step ran. If you meant that a job that started at 11:59:59 PM and the SORT step ran at 00:00:10 then we would get the next date as SORT would not have any idea about when the Job started. Thanks, Kolusu DFSORT Development IBM Corporation IBM Mainframe Discussion Listwrote on 09/13/2016 08:54:57 AM: > From: Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu> > To: IBM-MAIN@LISTSERV.UA.EDU > Date: 09/13/2016 08:55 AM > Subject: Re: DFSORT - ICETOOL - Search for text and replace with date > Sent by: IBM Mainframe Discussion List > > On Tue, 13 Sep 2016 10:36:18 -0500, Elardus Engelbrecht wrote: > > > >Now, a client asked whether it is possible to insert run date in > the file names of those attachments for easy retrieval at a later stage. > > > >//INVOER DD * > > > You could consider: //SYSUT1 DD *,SYMBOLS= instead of ICETOOL > and substitute the dynamic system symbols for and , however: > o The format isn't pretty > o IBM needs to address the midnight pitfall, however minuscule. > > Does ICETOOL cover the midnight pitfall? > > -- gil > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
I would compare the Run time(Clock) with CPU TIME. You may be exceeding the CPU Time limit set for that Class. We have an exit that produces a nice little map of CPU usage details. CPU TIME is one of the fields. I recently had a job running in INPUT CLASS X that kept timing out no matter what the TIME was set on the JCL. Turns out the INPUT Class X had a 60 min CPU time limit set. So even though the job ran for 3 hours - it actually used 60.01 minutes of CPU Time. Hence the failure. Always check the job while it is running with SDSF and see if the CPU Time increases quickly. Your task may be in a loop. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Peter > Sent: Tuesday, September 13, 2016 6:05 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Bypassing s322 > > Hello > > I am running which is a long running job but it keeps abending with s322. I > have used all the long running WLM initiators but still abends. I am not sure > if IEFUTL exit is restricting it. > > The error message doesn't produce much information to diagnose. > > Is there a way to bypass any EXIT which might be timing out the Jobs ? > > Peter > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Hillgang - Save the date
Hi, The next Hillgang meeting (DC/MD/VA Linux & z/VM User Group) will be held 28 September. The agenda should be available in the next couple of days. In brief: - From the z/VM Lab - Bill Bitner - Introduction to z/TPF - Customer experience - Building and using Docker Containers If that is enough to get you interested you can go to: http://doodle.com/poll/wh647k9i6ft8sy8x To register (free) for the event. (Registration is so we can estimate numbers for our free breakfast.) Neale -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
If there's only one thing to change per line (maximum, or limit) I always use DO=1 on the FINDREP. If there's a limit to where the data can start, end, or both, there's STARTPOS and ENDPOS. Use IFTHEN=(WHEN=(logicalexpression) to only allow the FINDREP to operate on the expected records. This can avoid "false hits" and since the condition is likely faster than looking at all the bytes for a length of eight, a bit zippier to (won't matter here, probably, but in general). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
To Dave's point, there is an exposure that can be exploited to cause denial of service with what appears to be relatively "safe" access levels for production. Rob Schramm On Tue, Sep 13, 2016, 11:50 AM Stevewrote: > The challenge you will have is that the user in question had authority to > build > the AIX and the PATH but did not do the BUILD. And he could read the > PRIMARY > KSDS. > > This is an apples and oranges discussion or a Catch-22. > > -Original Message- > From: "Roach, Dennis" > Sent: Tuesday, September 13, 2016 11:45am > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IDCAMs DEF AIX authorization > > Since it can, and did, cause a production outage, I voted for it. > > I would think that a production outage would rate higher than a medium > priority. > > Dennis Roach, CISSP, PMP > AIG > IAM Access Administration – Consumer | Identity & Access Management > > 2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019 > Phone: 713-831-8799 > > dennis.ro...@aig.com | www.aig.com > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jousma, David > Sent: Tuesday, September 13, 2016 9:09 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IDCAMs DEF AIX authorization > > I did open an RFE for this, if anyone wishes to vote on it, here is the > info. > > > -- > Notification generated at: 13 Sep 2016, 10:06 AM Eastern Time (ET) > > ID:94515 > Headline:Add SAF check on DEF AIX for > RELATE Cluster > Submitted on:13 Sep 2016, 10:06 AM Eastern > Time (ET) > Brand: Servers and Systems > Software > Product: z/OS > > Link: > http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe_ID=94515 > > _ > Dave Jousma > Manager Mainframe Engineering, Assistant Vice President > david.jou...@53.com > 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f > 616.653.2717 > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jousma, David > Sent: Tuesday, September 13, 2016 9:49 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IDCAMs DEF AIX authorization > > Steve, > > That’s what I am seeing, and IBM just confirmed it. I guess all we can > do is give the contractor a slap on the hands, and move on. > > > IBM comments: > > Basically, authorization checking is done against the AIX being defined > (ALTER access to the AIX cluster name as shown in the table above) not the > VSAM dataset the AIX relates to. Checking against the related VSAM cluster > will be done when accessed by BLDINDEX. > > So, this is working as intended and documented. If you wish, you could > open an 'enhancement request' to have this behavior changed. > > > > _ > Dave Jousma > Manager Mainframe Engineering, Assistant Vice President > david.jou...@53.com > 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f > 616.653.2717 > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Steve > Sent: Tuesday, September 13, 2016 9:33 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IDCAMs DEF AIX authorization > > AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to > the extract to the AIX > > -Original Message- > From: "Jousma, David" > Sent: Tuesday, September 13, 2016 9:19am > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: IDCAMs DEF AIX authorization > > All, > > I've got a PMR open with IBM asking the question, but thought I'd also > pass this by the brain trust on this list. We recently had an off-shore > contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a > PROD dataset name. The process was allowed surprisingly. Contractor > only had read access to prod dataset. The subsequent BLDINDEX did fail > with security violation as expected. Nightly processing of that prod file > failed however due to the empty AIX. Seems like DEF AIX should have been > disallowed if the user didn't have the appropriate access for what it was > related too? > > Dave > > _ > Dave Jousma > Manager Mainframe Engineering, Assistant Vice President > david.jou...@53.com > 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f > 616.653.2717 > > This e-mail transmission contains information that is confidential and may > be privileged. > It is intended only for the addressee(s) named above. If you receive this >
Re: DFSORT - ICETOOL - Search for text and replace with date
Sri h Kolusu wrote: >You just need to define a symbol for the current date and you can use it in >FINDREP. You do not code OPTION COPY when you use COPY verb of ICETOOL. >Here is a sample >//SYMNAMES DD * >CURRDATE,S'' >//SORTCNTL DD * > OUTREC FINDREP=(IN=C'MMDD',OUT=CURRDATE) Yes! Yes! Yes! That worked! Wow! I totaly forgot about that symbols things inside ICETOOL! Many thanks! I must humbly say thank you for your kind help! I really appreciate it much. >btw is there a reason as to why you chose ICETOOL? We standardised on that, because it is easy to build up reports from raw SMF, IRRADU00, IRRDBU00, zSecure and custom reports as produced from different products. We need to place columns in certain order. For some client it is easy to specify sort order. Some clients want it sorted by id, but another clients want to it by date/time. Some clients dont want headers, so I had to drop them. ICETOOL language is neatly understandable and teachable to dummies. ;-) Things like this made us decide on ICETOOL: DATE(4MD/) - TIME(24:) - BREAK(23,8,CH) BTITLE('IDS') - WIDTH() - With above we can standardize on date / time format and breakup of reports by ids or whatever criteria. What is more, I use Automation and CPPUPDTE to pre-fill in some data or just insert dynamic sort input. Then it is off to ICETOOL, then IEBGENER to SMTP. Oh, I use ICETOOL when I just grab some raw SMF data in a hurry to produce some reports. Nothing else beat these ICETOOL statements to translate date/time in SMF into readable format: HEADER('SMFTYP') ON(6,1,BI) - HEADER('DATE')ON(11,4,DT1,E'/99/99') - HEADER('TIME')ON(7,4,TM1,E'99:99:99') - You can always write Assembler or other language programs to directly translate those fields into something readable, but why re-invent the wheel? ;-) But the most important reason why we use ICETOOL is - Instead having our clients writing own COBOL programs to do reporting, they can do some ICETOOL reporting with some of the summarization commands to produce totals. Paul Gilmartin wrote: >You could consider: //SYSUT1 DD *,SYMBOLS= instead of ICETOOL and >substitute the dynamic system symbols for and , however: Thanks. I have tried that out, but as you said the format is not pretty. Richard Pinion wrote: >While not directly related to your question, but are you family with XMITIP >from Lionel B. Dyck? Real handy stuff for emailing and attachments from the >mainframe. I know about that and have played years ago with that when a colleague gave me a copy from a SHARE session on a CD. Yep, CD. That is ancient computing... ;-) But we need to send out attachments in text format unlike XMITIP which can use PDF/ZIP/RTF/HTML formats. Simply because more than half of our clients (due to regulations) can only accept txt format. Whats more, IBM Communication Server SMTP can simply blank out the TO field of the e-mails. The clients really don't need who else are also receiving our audit e-mails. >That should be "FAMILIAR" not "FAMILAR"! Hahaha. I forgive you. I always read your and other's e-mail because I want to learn! Many thanks to all. My problem is solved! And I have been SORTed out ! ;-) Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
>> Rexx covers this by guaranteeing that if a single clause contains (any number of) references to TIME() and DATE() the TOD clock will be read only once and that value used for all. The TIME macro should nave no need to read the TOD clock more than once. Paul, If that is the definition of the midnight pitfall, then DFSORT already covers that. If you used DFSORT date formats (Date1 thru Date5 ), DFSORT reads the TIME macro once and stores the value. It is not changed in between despite how many times you have the references of Date parm in your control cards. Thanks, Kolusu DFSORT Development IBM Corporation From: Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu> To: IBM-MAIN@LISTSERV.UA.EDU Date: 09/13/2016 09:26 AM Subject:Re: DFSORT - ICETOOL - Search for text and replace with date Sent by:IBM Mainframe Discussion ListOn Tue, 13 Sep 2016 09:06:28 -0700, Sri h Kolusu wrote: >>> You could consider: //SYSUT1 DD *,SYMBOLS= instead of ICETOOL and >substitute the dynamic system symbols for and , however: > >What exactly is the midnight pitfall? If you used the LOCAL system symbols >then you would get the local time. DFSORT also has several date formats >and it is based on the time the step ran. > It's probably covered, depending on how "the time the step ran" is obtained. >If you meant that a job that started at 11:59:59 PM and the SORT step ran >at 00:00:10 then we would get the next date as SORT would not have any >idea about when the Job started. > The pitfall, however narrow, is that if midnight occurs between the evaluations of and the composite value may be in error by (almost) 24 hours. Rexx covers this by guaranteeing that if a single clause contains (any number of) references to TIME() and DATE() the TOD clock will be read only once and that value used for all. The TIME macro should nave no need to read the TOD clock more than once. UNIX time() function returns a single raw RTC value and provides functions to format that. I suppose that if processors are fast enough that the gap, accumulated over the expected life of all installed z/OS systems, meets a six sigma criterion it's not worth concern. Has anyone done the calculation? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
2FA in the Real World
Is anyone in the real not government world using this product? [ https://software.dell.com/products/defender-mainframe-edition/ ]( https://software.dell.com/products/defender-mainframe-edition/ ) Steve -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
On Tue, 13 Sep 2016 10:36:18 -0500, Elardus Engelbrecht wrote: > >Now, a client asked whether it is possible to insert run date in the file >names of those attachments for easy retrieval at a later stage. > >//INVOER DD * > You could consider: //SYSUT1 DD *,SYMBOLS= instead of ICETOOL and substitute the dynamic system symbols for and , however: o The format isn't pretty o IBM needs to address the midnight pitfall, however minuscule. Does ICETOOL cover the midnight pitfall? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
That should be "FAMILIAR" not "FAMILAR"! --- rpin...@netscape.com wrote: From: Richard PinionTo: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: DFSORT - ICETOOL - Search for text and replace with date Date: Tue, 13 Sep 2016 08:57:22 -0700 That should be "familar" not "family"! --- rpin...@netscape.com wrote: From: Richard Pinion To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: DFSORT - ICETOOL - Search for text and replace with date Date: Tue, 13 Sep 2016 08:56:07 -0700 While not directly related to your question, but are you family with XMITIP from Lionel B. Dyck? Real handy stuff for emailing and attachments from the mainframe. --- skol...@us.ibm.com wrote: From: Sri h Kolusu To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: DFSORT - ICETOOL - Search for text and replace with date Date: Tue, 13 Sep 2016 08:51:01 -0700 Elardus Engelbrecht, You just need to define a symbol for the current date and you can use it in FINDREP. You do not code OPTION COPY when you use COPY verb of ICETOOL. Here is a sample //SELECT EXEC PGM=ICETOOL //TOOLMSG DD SYSOUT=* //SYMNAMES DD * CURRDATE,S'' //DFSMSG DD SYSOUT=* //PRINTDD SYSOUT=* //INVOER DD * E-MAIL SUBJECT AND BODY --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="NEVER USED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="NEVER USED IDS - MMDD.TXT" . REPORT ... --1234567890 CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="REVOKED IDS - MMDD.TXT" CONTENT-DISPOSITION: ATTACHMENT; FILENAME="REVOKED IDS - MMDD.TXT" . REPORT //TOOLIN DD * COPY FROM(INVOER) TO(PRINT) USING(SORT) //SORTCNTL DD * OUTREC FINDREP=(IN=C'MMDD',OUT=CURRDATE) /* btw is there a reason as to why you chose ICETOOL? Further if you have any questions please let me know Thanks, Kolusu DFSORT Development IBM Corporation IBM Mainframe Discussion List wrote on 09/13/2016 08:36:18 AM: > From: Elardus Engelbrecht > To: IBM-MAIN@LISTSERV.UA.EDU > Date: 09/13/2016 08:36 AM > Subject: DFSORT - ICETOOL - Search for text and replace with date > Sent by: IBM Mainframe Discussion List > > Good day to all DFSORT gurus > > Background: I have setup an automated e-mail reporting system which > grab reports from various inputs, then I use IEBGENER to build up > one PS file containing data in this sequence: e-mail body - report - > boundary data - next report - ... etc ... > > (In this way I can send out e-mails to my clients where each e-mail > is containing anything from 1 to 10 attachments.) > > That PS file is then send over to SMTP to go out. Those boundary > lines are used to define various attachments containing reports for > outgoing e-mails. > > Now, a client asked whether it is possible to insert run date in the > file names of those attachments for easy retrieval at a later stage. > > What I want to do is to dynamically replace a specific string into > date of run in the filenames of the attachment in the e-mail. > > So, for example I have this FILENAME="Never Used Ids - MMDD.TXT" > > I wish to replace above line with today's date using ICETOOL FINDREP > or a similar command. > > So that example line should be changed to this for today: > FILENAME="Never Used Ids - 2016-09-13.TXT" > > I have tried out this JCL to scan whole input and replace the > MMDD to rundate, but ICETOOL just shouts RC=16 saying invalid > syntax found: > > //SELECT EXEC PGM=ICETOOL > //TOOLMSG DD SYSOUT=* > //DFSMSG DD SYSOUT=* > //PRINTDD SYSOUT=* > //INVOER DD * > > e-mail subject and body > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Never Used ids - > MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Never Used ids - MMDD.TXT" > > . report ... > > --1234567890 > CONTENT-TYPE: TEXT/PLAIN; CHARSET=US-ASCII; NAME="Revoked ids - MMDD.TXT" > CONTENT-DISPOSITION: ATTACHMENT; FILENAME="Revoked ids - MMDD.TXT" > > . report > > //TOOLIN DD * > COPYFROM(INVOER) TO(PRINT) USING(SORT) > //SORTCNTL DD * > OPTION COPY > OUTREC FINDREP=(IN=C'MMDD',OUT=DATE1(-)) > > As you can see those MMDD can be on any place in the input lines. > > I only want to change those boundary lines, nothing else. Otherwise > I have to use some editing tools on the datasets containing the > original boundary lines. > > Any clues please? Are any other free products available which can do > that tricks? > > Many thanks in advance. > > Groete / Greetings > Elardus Engelbrecht > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the
Re: Bypassing s322
The usual circumvention for S322 is to increase the TIME= value, not play with exits. For one thing, IEFUTIL can extend the time, but even with no exit in place, the system will abend a job eventually. Be sure to increase the time value on both the job card and on the step (EXEC) card. Exceeding either one will cause S322. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, September 13, 2016 9:06 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Bypassing s322 I would compare the Run time(Clock) with CPU TIME. You may be exceeding the CPU Time limit set for that Class. We have an exit that produces a nice little map of CPU usage details. CPU TIME is one of the fields. I recently had a job running in INPUT CLASS X that kept timing out no matter what the TIME was set on the JCL. Turns out the INPUT Class X had a 60 min CPU time limit set. So even though the job ran for 3 hours - it actually used 60.01 minutes of CPU Time. Hence the failure. Always check the job while it is running with SDSF and see if the CPU Time increases quickly. Your task may be in a loop. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Peter > Sent: Tuesday, September 13, 2016 6:05 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Bypassing s322 > > Hello > > I am running which is a long running job but it keeps abending with > s322. I have used all the long running WLM initiators but still > abends. I am not sure if IEFUTL exit is restricting it. > > The error message doesn't produce much information to diagnose. > > Is there a way to bypass any EXIT which might be timing out the Jobs ? > > Peter -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DFSORT - ICETOOL - Search for text and replace with date
Bill Woodger wrote: >It would be ironic if Elardus followed your advice, only to find that his >IEBGENER is an alias of ICEGENER and that DFSORT will be used for operations >without any IEBGENER control cards. I'm aware of ICEGENER and such. In fact, CustomPac includes some IVP checks to verify ICEGENER. >Have a date file. Use DFSORT (or anything else) to generate a DFSORT Sort >Symbol file with a name for the date. Use the symbol. I have some such date files. I have written REXX programs to get different dates (yesterday, last month, today, etc) and place them in datasets so they can be used later as input for reportings. But I could not easily transfer those date files contents to the lines I described earlier. Thanks for your posts! I appreciate it! Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Internals of Catalog
Hi Can some one please explain the Catalog internals with respect to the VVDS and VTOC. I am basically trying to understand the relationship from the catalog internals point of view. Any documents or URL that might help ? Jake -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM FTPS connect
Just a thought. Kurt Q. has been helpful to folks offlist to resolve their FTP IBM issues. You may wish to see if he will assist. He really wants to be a smooth process and easy transition. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Mark Pace > Sent: Tuesday, September 13, 2016 11:32 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IBM FTPS connect > > That was a big help, thank you. I was able to confirm that all the correct > FMIDs were installed. So I know it "should" work. > I also tried FWFRIENDLY TRUE that didn't seem to make any difference. > Turned on DEBUG SOC. So now I'll have to research the output. > > > GET "/GIMPAF.XML" "/u/MP81136/test.content/GIMPAF.XML" > (REPLACE > >>> TYPE > I > 200 Type set to > I. > Command: > > SC1344 initDsConnection: > entered > >>> > EPSV > > 229 Entering Passive Mode > (|||65321|) > >>> RETR > /GIMPAF.XML > SC1981 connDsConnection: > entered > SC2075 connDsConnectionIPv4: > entered > GU4945 ftpSetApplData: > entered > 150 Opening BINARY mode SSL data connection for /GIMPAF.XML. > FU0388 protDataConn: secure_socket_init() failed with rc = 406 (Error while > read ing or writing > data) > CG1959 SETCEC code = > 17 > TLS security mechanism negotiation failed - data connection closed > SC2637 dataClose: > entered > 425 ftpd: (data conn) SSL_accept unspecified error > CG4118 rcvFile: rc -1 rc_write 0 rc_close > 0 > PC0921 setClientRC: > entered > PC0991 setClientRC: std_rc=16425, rc_type=STD, > rc=16425 > Std Return Code = 16425, Error Code = > 00017 > >>> > QUIT > > : Connection reset by > peer. > SC3358 endSession: entered > (sn=0F9EE7C8) > SC2637 dataClose: > entered > > > > > QUIT > > > > On Tue, Sep 13, 2016 at 12:50 PM, Cieri, Anthonywrote: > > > > > For the record, there are several FMIDs that may be installed > > with the z/OS Security Lvl 3 and z/OS Communications Server Security > > lvl 3 may also be required. The FMIDs for Z/OS Security Lvl 3 at z/OS > > Version 1.13 > > are: > > > > JCRY741 > > JCPT3D1 > > JSWK3D1 > > JRLS3D1 > > > > The FMID for z/OS Communications Server lvl 3 at z/OS Version > > 1.13.is: (ask me how I know this!!!) > > > > JIP61DK > > > > You would most likely see errors in PAGENT and its associated > > tasks (like IKED) if you did NOT have these installed!! > > > > Since you appear to be getting a successful control connection > > established ad subsequently failing on the data connection, I would > > suspect a possible firewall issue. The error message provided: > > > > EZA1735I Std Return Code = 16425 > > > > Indicates that the "get" command failed for one of the > > following > > reasons: > > > > 425: Can't open a data connection > > 425: Can't open a passive connection > > 425: Command terminated due to server shutdown in progress > > 425: Unable to open data connection > > > > HTH > > Tony > > > > > > > > -Original Message- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > > On Behalf Of Rob Schramm > > Sent: Tuesday, September 13, 2016 11:53 AM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: IBM FTPS connect > > > > The instructions for debugging connection issues indicates to run with > > debug soc which should provide some additional information. > > > > Rob Schramm > > > > On Tue, Sep 13, 2016, 11:10 AM Mark Pace wrote: > > > > > I'll have to go check on the z/OS Security lvl 3 FMID. I didn't > > > install this system, so I'm not sure. > > > > > > On Tue, Sep 13, 2016 at 9:12 AM, Tim Deller wrote: > > > > > > > Perhaps the list of ciphers in the ftpdata file is too restrictive > > > > or maybe the z/OS Security Level 3 FMID is not installed. > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: 2FA in the Real World
NC-Pass was purchased some time ago by Dell, and I don't remember who wrote itt Steve -Original Message- From: "Vince Coen"Sent: Tuesday, September 13, 2016 1:23pm To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: 2FA in the Real World For me the problem is that it is a Dell product. Previous experience with them just leave a bitter taste in the mouth and one I have no intention of repeating. Vincent On 13/09/16 17:49, Steve wrote: > Is anyone in the real not government world using this product? > > [ https://software.dell.com/products/defender-mainframe-edition/ ]( > https://software.dell.com/products/defender-mainframe-edition/ ) > > > Steve -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Internals of Catalog
Most of that is propriety by IBM. Not much you are going to find unless you can ask a very specific question. Search REDBOOKS for info on CATALOG and SMS and DATASET and VSAM. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jake Anderson > Sent: Tuesday, September 13, 2016 9:56 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Internals of Catalog > > Hi > > Can some one please explain the Catalog internals with respect to the VVDS and > VTOC. > > I am basically trying to understand the relationship from the catalog > internals point of view. > > Any documents or URL that might help ? > > Jake > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM FTPS connect
That was a big help, thank you. I was able to confirm that all the correct FMIDs were installed. So I know it "should" work. I also tried FWFRIENDLY TRUE that didn't seem to make any difference. Turned on DEBUG SOC. So now I'll have to research the output. > GET "/GIMPAF.XML" "/u/MP81136/test.content/GIMPAF.XML" (REPLACE >>> TYPE I 200 Type set to I. Command: SC1344 initDsConnection: entered >>> EPSV 229 Entering Passive Mode (|||65321|) >>> RETR /GIMPAF.XML SC1981 connDsConnection: entered SC2075 connDsConnectionIPv4: entered GU4945 ftpSetApplData: entered 150 Opening BINARY mode SSL data connection for /GIMPAF.XML. FU0388 protDataConn: secure_socket_init() failed with rc = 406 (Error while read ing or writing data) CG1959 SETCEC code = 17 TLS security mechanism negotiation failed - data connection closed SC2637 dataClose: entered 425 ftpd: (data conn) SSL_accept unspecified error CG4118 rcvFile: rc -1 rc_write 0 rc_close 0 PC0921 setClientRC: entered PC0991 setClientRC: std_rc=16425, rc_type=STD, rc=16425 Std Return Code = 16425, Error Code = 00017 >>> QUIT : Connection reset by peer. SC3358 endSession: entered (sn=0F9EE7C8) SC2637 dataClose: entered > QUIT On Tue, Sep 13, 2016 at 12:50 PM, Cieri, Anthonywrote: > > For the record, there are several FMIDs that may be installed with > the z/OS Security Lvl 3 and z/OS Communications Server Security lvl 3 may > also be required. The FMIDs for Z/OS Security Lvl 3 at z/OS Version 1.13 > are: > > JCRY741 > JCPT3D1 > JSWK3D1 > JRLS3D1 > > The FMID for z/OS Communications Server lvl 3 at z/OS Version > 1.13.is: (ask me how I know this!!!) > > JIP61DK > > You would most likely see errors in PAGENT and its associated > tasks (like IKED) if you did NOT have these installed!! > > Since you appear to be getting a successful control connection > established ad subsequently failing on the data connection, I would suspect > a possible firewall issue. The error message provided: > > EZA1735I Std Return Code = 16425 > > Indicates that the "get" command failed for one of the following > reasons: > > 425: Can't open a data connection > 425: Can't open a passive connection > 425: Command terminated due to server shutdown in progress > 425: Unable to open data connection > > HTH > Tony > > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Rob Schramm > Sent: Tuesday, September 13, 2016 11:53 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IBM FTPS connect > > The instructions for debugging connection issues indicates to run with > debug soc which should provide some additional information. > > Rob Schramm > > On Tue, Sep 13, 2016, 11:10 AM Mark Pace wrote: > > > I'll have to go check on the z/OS Security lvl 3 FMID. I didn't > > install this system, so I'm not sure. > > > > On Tue, Sep 13, 2016 at 9:12 AM, Tim Deller wrote: > > > > > Perhaps the list of ciphers in the ftpdata file is too restrictive > > > or maybe the z/OS Security Level 3 FMID is not installed. > > > > > > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to lists...@listserv.ua.edu with the message: INFO > > > IBM-MAIN > > > > > > > > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > -- > > Rob Schramm > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM FTPS connect
I'm sure it's worth fixing FTPS--whatever that takes--but you might find HTTPS easier to manage. I use the latter because I have to: my proxy appliance does not understand TLS syntax. For the record, FTPS and SFTP are entirely different animals. SFTP is an open source protocol that evolved independently of FTP. FTPS is an extension of FTP with security added to it. Like I said, you may have better luck with HTTPS. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Pace Sent: Tuesday, September 13, 2016 8:08 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: IBM FTPS connect Oh hell. I don't know what any of that means. I set it up using the directions from IBM on testing connectivity. The ftp.data file contains. So I assume it's AT-TLS. There must be something within TCPIP that I need to setup also. SECURE_MECHANISM TLS TLSRFCLEVEL CCCNONOTIFY TLSMECHANISM FTP SECURE_FTP REQUIRED SECURE_CTRLCONN CLEAR SECURE_DATACONN PRIVATE KEYRING MP81136/bexarftp EPSV4TRUE On Tue, Sep 13, 2016 at 11:01 AM, Rob Schrammwrote: > Is this implemented within FTPD or Policy Agent / AT-TLS? > > On Mon, Sep 12, 2016 at 12:28 PM Mark Pace wrote: > > > I'm setting up FTPS on a 1.13 system and am a little confused by > > this sequence. It logs on okay showing a secure connect. But then > > it won't > do > > the actual download. So I'm confused if it's the certificate or not. > > > > 220 dhebpcb01 secure FTP server > > ready. > > EZA1701I >>> AUTH > > TLS > > 234 > > TLSv1 > > > > EZA2895I Authentication negotiation > > succeeded > > EZA1701I >>> PBSZ > > 0 > > 200 > > PBSZ=0 > > > > EZA1701I >>> PROT > > P > > 200 PROT command > > successful > > EZA2906I Data connection protection is private EZA1459I NAME > > (deliverycb-bld.dhe.ibm.com:MP81136): > > > > > > > > > > > B000 > > > > EZA1701I >>> USER > > B000 > > 331 Password required for > > B000. > > EZA1789I > > PASSWORD: > > > > > > > > > * > > > > EZA1701I >>> > > PASS > > 230 Virtual user B000 logged > > in. > > EZA1460I > > Command: > > > > > > > > > CCC > > > > > > > > > > > BINARY > > > > EZA1701I >>> > > CCC > > 200 command channel > > cleared. > > EZA2905I Control connection protection is clear EZA1460I > > Command: > > > > > > > GET "/GIMPAF.XML" "/u/MP81136/test.content/GIMPAF.XML" > > (REPLACE > > EZA1701I >>> TYPE > > I > > 200 Type set to > > I. > > EZA1460I > > Command: > > EZA1701I >>> > > EPSV > > 229 Entering Passive Mode > > (|||65045|) > > EZA1701I >>> RETR > > /GIMPAF.XML > > 150 Opening BINARY mode SSL data connection for /GIMPAF.XML. > > EZA2870I TLS security mechanism negotiation failed - data connection > > closed > > 425 ftpd: (data conn) SSL_accept unspecified error EZA1735I Std > > Return Code = 16425, Error Code = > > 00017 > > EZA1701I >>> > > QUIT > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: z/OS and code pages
Isn't there some Japanese code page (Katakana) support in z/OS? Some z/OS fields will take any bit value -- for example, the JOB statement Programmer Name field. For reasons unnecessary to this thread I have gone into Hex mode in ISPF and stored various unprintable values there, and everything works just fine. They show up in SMF 30 as entered. So you could put Étienne there. You *might* be able to have ÉTIENNE as your RACF name (not userid, name) -- I have not tried. z/OS DB2 -- I know, not what you asked -- has I believe excellent and full code page support including Unicode. z/OS Unicode Services is all about code pages and so forth. The C compiler I think has some varying code page support. z/OS FTP supports code page specification. How about USS? Where is @Gil when you need him? Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Harminc Sent: Tuesday, September 13, 2016 4:20 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: z/OS and code pages On 13 September 2016 at 19:09, zManwrote: > This is probably a dumb question, but that's never stopped me before: :-) > If my name were "*Étienne*", would I be able to have that as a TSO userid? No. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
z/OS and code pages
This is probably a dumb question, but that's never stopped me before: If my name were "*Étienne*", would I be able to have that as a TSO userid? Or would I have to suffer through just "*Etienne*", sans accent aigu? Does the MVS side of z/OS "do" code pages in any meaningful way? I don't mean in DB2 or some other application. I think I read that WTO really only does code page 037, which suggests that the answer is "no". Any pointers to doc welcome; of course "z/os" and "code page" (or "codepage") gets a zillion hits, too many to be particularly useful. -- zMan -- "I've got a mainframe and I'm not afraid to use it" -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: z/OS and code pages
On 13 September 2016 at 19:09, zManwrote: > This is probably a dumb question, but that's never stopped me before: :-) > If my name were "*Étienne*", would I be able to have that as a TSO userid? No. > Or would I have to suffer through just "*Etienne*", sans accent aigu? Yes. Or of course some other id entirely, since there is nothing in place to reliably translate Étienne into Etienne if you are sending userids between other systems (e.g. Windows) that do support "fancier" characters, and z/OS. > Does the MVS side of z/OS "do" code pages in any meaningful way? I don't > mean in DB2 or some other application. I think I read that WTO really only > does code page 037, which suggests that the answer is "no". No, not really. RACF, in particular, effectively supports a small subset of CP 037 only. There are specific and quite restrictive rules for what byte values are allowed in userids, passwords, and password phrases. (I say byte values rather then characters, because RACF specifies the allowed characters this way, rather than in terms of e.g. Unicode u+ or IBM GCGIDs.) There are also implicit restrictions on other fields such as the user name. While an authorized application program may well be able to write unsupported byte values into the database, there is no real support in the RACF commands for them, and results may get strange if you write an app that does this. > Any pointers to doc welcome; of course "z/os" and "code page" (or > "codepage") gets a zillion hits, too many to be particularly useful. The doc updates for RACF APAR OA43999 (in the z/OS 2.2 base doc) do contain the allowable characters in passwords, and their hex values. But I don't think there is really much, since z/OS, as you say, doesn't really support code pages. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM FTPS connect
To add my $0.02 of useless knowledge; In your FTP.DATA file did you also code? SECURE_MECHANISM TLS TLSRFCLEVELRFC4217 Just my $0.02 worth. I am no expert when it comes to IBM's FTP, but I recently had to add those two to make a connection work. Al Nims University of Florida. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, September 13, 2016 3:36 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IBM FTPS connect Just a thought. Kurt Q. has been helpful to folks offlist to resolve their FTP IBM issues. You may wish to see if he will assist. He really wants to be a smooth process and easy transition. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Mark Pace > Sent: Tuesday, September 13, 2016 11:32 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IBM FTPS connect > > That was a big help, thank you. I was able to confirm that all the > correct FMIDs were installed. So I know it "should" work. > I also tried FWFRIENDLY TRUE that didn't seem to make any difference. > Turned on DEBUG SOC. So now I'll have to research the output. > > > GET "/GIMPAF.XML" "/u/MP81136/test.content/GIMPAF.XML" > (REPLACE > >>> TYPE > I > 200 Type set to > I. > Command: > > SC1344 initDsConnection: > entered > >>> > EPSV > > 229 Entering Passive Mode > (|||65321|) > >>> RETR > /GIMPAF.XML > SC1981 connDsConnection: > entered > SC2075 connDsConnectionIPv4: > entered > GU4945 ftpSetApplData: > entered > 150 Opening BINARY mode SSL data connection for /GIMPAF.XML. > FU0388 protDataConn: secure_socket_init() failed with rc = 406 (Error > while read ing or writing > data) > CG1959 SETCEC code = > 17 > TLS security mechanism negotiation failed - data connection closed > SC2637 dataClose: > entered > 425 ftpd: (data conn) SSL_accept unspecified error > CG4118 rcvFile: rc -1 rc_write 0 rc_close > 0 > PC0921 setClientRC: > entered > PC0991 setClientRC: std_rc=16425, rc_type=STD, > rc=16425 > Std Return Code = 16425, Error Code = > 00017 > >>> > QUIT > > : Connection reset by > peer. > SC3358 endSession: entered > (sn=0F9EE7C8) > SC2637 dataClose: > entered > > > > > QUIT > > > > On Tue, Sep 13, 2016 at 12:50 PM, Cieri, Anthonywrote: > > > > > For the record, there are several FMIDs that may be > > installed with the z/OS Security Lvl 3 and z/OS Communications > > Server Security lvl 3 may also be required. The FMIDs for Z/OS > > Security Lvl 3 at z/OS Version 1.13 > > are: > > > > JCRY741 > > JCPT3D1 > > JSWK3D1 > > JRLS3D1 > > > > The FMID for z/OS Communications Server lvl 3 at z/OS Version > > 1.13.is: (ask me how I know this!!!) > > > > JIP61DK > > > > You would most likely see errors in PAGENT and its > > associated tasks (like IKED) if you did NOT have these installed!! > > > > Since you appear to be getting a successful control > > connection established ad subsequently failing on the data > > connection, I would suspect a possible firewall issue. The error message > > provided: > > > > EZA1735I Std Return Code = 16425 > > > > Indicates that the "get" command failed for one of the > > following > > reasons: > > > > 425: Can't open a data connection > > 425: Can't open a passive connection > > 425: Command terminated due to server shutdown in progress > > 425: Unable to open data connection > > > > HTH > > Tony > > > > > > > > -Original Message- > > From: IBM Mainframe Discussion List > > [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Rob Schramm > > Sent: Tuesday, September 13, 2016 11:53 AM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: IBM FTPS connect > > > > The instructions for debugging connection issues indicates to run > > with debug soc which should provide some additional information. > > > > Rob Schramm > > > > On Tue, Sep 13, 2016, 11:10 AM Mark Pace wrote: > > > > > I'll have to go check on the z/OS Security lvl 3 FMID. I didn't > > > install this system, so I'm not sure. > > > > > > On Tue, Sep 13, 2016 at 9:12 AM, Tim Deller wrote: > > > > > > > Perhaps the list of ciphers in the ftpdata file is too > > > > restrictive or maybe the z/OS Security Level 3 FMID is not installed. > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: z/OS and code pages
EBCDIC code page 930 supports Japanese kanji and single byte katakana Sent from my iPhone > On Sep 13, 2016, at 7:47 PM, Charles Millswrote: > > Isn't there some Japanese code page (Katakana) support in z/OS? > > Some z/OS fields will take any bit value -- for example, the JOB statement > Programmer Name field. For reasons unnecessary to this thread I have gone > into Hex mode in ISPF and stored various unprintable values there, and > everything works just fine. They show up in SMF 30 as entered. So you could > put Étienne there. > > You *might* be able to have ÉTIENNE as your RACF name (not userid, name) -- I > have not tried. > > z/OS DB2 -- I know, not what you asked -- has I believe excellent and full > code page support including Unicode. > > z/OS Unicode Services is all about code pages and so forth. The C compiler I > think has some varying code page support. z/OS FTP supports code page > specification. > > How about USS? Where is @Gil when you need him? > > Charles > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Tony Harminc > Sent: Tuesday, September 13, 2016 4:20 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: z/OS and code pages > >> On 13 September 2016 at 19:09, zMan wrote: >> This is probably a dumb question, but that's never stopped me before: > > :-) > >> If my name were "*Étienne*", would I be able to have that as a TSO userid? > > No. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: 2FA in the Real World
Quest. Seem to recall some other m/f products as well. Toad ? Vince On 13/09/16 18:31, Steve wrote: > NC-Pass was purchased some time ago by Dell, and I don't remember who wrote > itt > > > Steve > -Original Message- > From: "Vince Coen"> Sent: Tuesday, September 13, 2016 1:23pm > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: 2FA in the Real World > > > > For me the problem is that it is a Dell product. > > Previous experience with them just leave a bitter taste in the mouth and > one I have no intention of repeating. > > Vincent > > > On 13/09/16 17:49, Steve wrote: >> Is anyone in the real not government world using this product? >> >> [ https://software.dell.com/products/defender-mainframe-edition/ ]( >> https://software.dell.com/products/defender-mainframe-edition/ ) >> >> >> Steve -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Internals of Catalog
On 9/13/2016 11:55 AM, Jake Anderson wrote: Can some one please explain the Catalog internals with respect to the VVDS and VTOC. At the 10,000 ft level... The catalog is a VSAM KSDS dataset that (mostly) points to the volume containing the dataset. The VTOC contains where on the volume, by cylinder and track, any datasets live, be they VSAM or non-VSAM. The VVDS contains VSAM unique information for any VSAM datasets that are contained in the VTOC. A VSAM catalog entry is actually a composite of the catalog, the VTOC, and the VVDS information merged together. Regards, Greg -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Internals of Catalog
> -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Greg Dyck > Sent: Tuesday, September 13, 2016 1:14 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Internals of Catalog > > On 9/13/2016 11:55 AM, Jake Anderson wrote: > > Can some one please explain the Catalog internals with respect to the > > VVDS and VTOC. > > At the 10,000 ft level... > > The catalog is a VSAM KSDS dataset that (mostly) points to the volume > containing the dataset. > > The VTOC contains where on the volume, by cylinder and track, any datasets > live, be they VSAM or non-VSAM. > > The VVDS contains VSAM unique information for any VSAM datasets that are > contained in the VTOC. For SMS datasets, the VVDS also contains some of the SMS related data for non-VSAM > > A VSAM catalog entry is actually a composite of the catalog, the VTOC, and > the VVDS information merged together. > > Regards, > Greg > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
Dave, First of all, I agree with you that the programmer shouldn't have been able to relate the AIX to the base cluster with only having read access to the base. But that being said, since they could relate them, why couldn't they run the BUILDIX command? The BUILDIX doesn't update the base cluster, does it? Wouldn't read access to the base also have allowed the job to use that data to build the AIX? Or does the BUILDIX somehow update the base? Rex -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 12:08 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, the user tried to do the build index, but failed on lack of access S913 as he should have.The user *should* have then deleted his AIX, but didn’t, and left it hanging out there. I suspect that the error was unintentional, as our application dataset naming conventions here, leave a little to be desired. *.TAT.* is test, *.PAT.* is PROD for this particular business application. It is my guess, that the user forgot to change the PAT to TAT in the RELATE portion of the DEF AIX. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 11:51 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization The challenge you will have is that the user in question had authority to build the AIX and the PATH but did not do the BUILD. And he could read the PRIMARY KSDS. This is an apples and oranges discussion or a Catch-22. -Original Message- From: "Roach, Dennis"Sent: Tuesday, September 13, 2016 11:45am To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Since it can, and did, cause a production outage, I voted for it. I would think that a production outage would rate higher than a medium priority. Dennis Roach, CISSP, PMP AIG IAM Access Administration – Consumer | Identity & Access Management 2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019 Phone: 713-831-8799 dennis.ro...@aig.com | www.aig.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:09 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization I did open an RFE for this, if anyone wishes to vote on it, here is the info. -- Notification generated at: 13 Sep 2016, 10:06 AM Eastern Time (ET) ID:94515 Headline:Add SAF check on DEF AIX for RELATE Cluster Submitted on:13 Sep 2016, 10:06 AM Eastern Time (ET) Brand: Servers and Systems Software Product: z/OS Link: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe_ID=94515 _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:49 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, That’s what I am seeing, and IBM just confirmed it. I guess all we can do is give the contractor a slap on the hands, and move on. IBM comments: Basically, authorization checking is done against the AIX being defined (ALTER access to the AIX cluster name as shown in the table above) not the VSAM dataset the AIX relates to. Checking against the related VSAM cluster will be done when accessed by BLDINDEX. So, this is working as intended and documented. If you wish, you could open an 'enhancement request' to have this behavior changed. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 9:33 AM To:
Re: SHARE Atlanta proceedings
On Sun, 14 Aug 2016 11:49:42 -0600, Mark Postwrote: On 8/14/2016 at 06:17 AM, Art Gutowski wrote: >> I went to San Antonio in March, and not a word about a DVD or an ISO image >> or >> anything. Remember the Alamo? Guess not. > >I made a query to SHARE Operations, and they said that the San Antonio >proceedings would also be an ISO image, but still needed a few touches to >be complete. As of 9/2, the SHARE San Antonio proceedings ISO image is available. I am downloading it now. Self-extracting ZIP is 969MB. For my part, much easier to d/l the whole kit and kaboodle than hunt and peck for "just" the session folks at my shop would be interested in. I apologize if this is old news, but I didn't find a follow up post to this thread as of this writing. I am, however, getting to the point where reading glasses are in my near, rather than distant future... Regards, Art Gutowski General Motors, LLC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Internals of Catalog
The VVDS contains VVR and NVR records. VVR's describe VSAM data sets, while NVR's describe non-VSAM data sets. --- gregd...@pobox.com wrote: From: Greg DyckTo: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Internals of Catalog Date: Tue, 13 Sep 2016 15:13:37 -0500 On 9/13/2016 11:55 AM, Jake Anderson wrote: > Can some one please explain the Catalog internals with respect to the VVDS > and VTOC. At the 10,000 ft level... The catalog is a VSAM KSDS dataset that (mostly) points to the volume containing the dataset. The VTOC contains where on the volume, by cylinder and track, any datasets live, be they VSAM or non-VSAM. The VVDS contains VSAM unique information for any VSAM datasets that are contained in the VTOC. A VSAM catalog entry is actually a composite of the catalog, the VTOC, and the VVDS information merged together. Regards, Greg -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN _ Netscape. Just the Net You Need. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: z/OS and code pages
On 2016-09-13 17:47, Charles Mills wrote: > > z/OS Unicode Services is all about code pages and so forth. The C compiler I > think has some varying code page support. z/OS FTP supports code page > specification. > > How about USS? Where is @Gil when you need him? > Sounds kinda like "Where's a cop when you need one?" ISPF 3.17, like Samuel Johnson's politically incorrect dog, does surprisingly well within the limits of the terminal code page. Attaching a .pax which LISTSERV will discard, but you might get it offlist. Extract it on a desktop and view the members with a capable editor such as TextWrangler, gedit, or notepad++. (LISTSERV entirely rejected it.) Now extract it on z/OS 2.2 being sure to preserve the extended attributes. It should look like: user@OS/390.25.00: ls -alTHE pages total 96 drwxr-xr-x 2 User Group 8192 Sep 13 19:07 . drwxr-xr-x 29 User Group 8192 Sep 13 19:07 .. t UTF-8 T=on -rw-r--r-- --s- lf 1 User Group 1434 Sep 13 19:05 from_IBM-037 t UTF-8 T=on -rw-r--r-- --s- lf 1 User Group 1435 Sep 13 19:05 from_IBM-1047 t UTF-8 T=on -rw-r--r-- --s- lf 1 User Group 1437 Sep 13 19:05 from_IBM-1154 t UTF-8 T=on -rw-r--r-- --s- lf 1 User Group 1434 Sep 13 19:05 from_IBM-500 t UTF-8 T=on -rw-r--r-- --s- lf 1 User Group 1436 Sep 13 19:04 from_ISO8859-1 t UTF-8 T=on -rw-r--r-- --s- lf 1 User Group 1437 Sep 13 19:05 from_ISO8859-5 - untaggedT=off -rw-r--r-- --s- 1 User Group 1340 Sep 13 19:05 raw_ASCII - untaggedT=off -rw-r--r-- --s- 1 User Group 1339 Sep 13 19:05 raw_EBCDIC The payload is UTF-8; ISPF 3.17 should show all the characters your terminal supports. If you can switch your terminal to a different code page, try that. (xterm may have an option for 1154.) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM-MAIN Digest - 11 Sep 2016 to 12 Sep 2016 (#2016-255)
There's a standard Lsoft web page at listserv.ua.edu/archives/ibm-main.html or follow directions at bottom of every posting. In a message dated 9/13/2016 10:31:14 P.M. Central Daylight Time, zos.elliott.pic...@gmail.com writes: > Help -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: z/OS and code pages
Sure, but does z/OS tolerate it? Can you use Katakana characters in passwords and userids? Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Cameron Conacher Sent: Tuesday, September 13, 2016 4:56 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: z/OS and code pages EBCDIC code page 930 supports Japanese kanji and single byte katakana -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM-MAIN Digest - 11 Sep 2016 to 12 Sep 2016 (#2016-255)
> > Help -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Internals of Catalog
The IBM manual z/OS DFSMS Managing Catalogs documents this very well. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Internals of Catalog
You may also want to look at Chapter 6 of the Redbook "ABCs of z/OS System Programming Volume 3": http://www.redbooks.ibm.com/abstracts/sg246983.html?Open HTH Klaus Stanislawiak -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Internals of Catalog
Thanks Basically I was looking how IBM catalog programes makes call with respect to the VVDS and VTOC. Just trying to understand internally how they synchronize and logics. I am not trying to resolve anything but just curious if IBM has documented anywhere. On Sep 14, 2016 1:50 AM, "Richard Pinion"wrote: > The VVDS contains VVR and NVR records. VVR's describe VSAM data sets, > while NVR's describe non-VSAM data sets. > > > > --- gregd...@pobox.com wrote: > > From: Greg Dyck > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Internals of Catalog > Date: Tue, 13 Sep 2016 15:13:37 -0500 > > On 9/13/2016 11:55 AM, Jake Anderson wrote: > > Can some one please explain the Catalog internals with respect to the > VVDS > > and VTOC. > > At the 10,000 ft level... > > The catalog is a VSAM KSDS dataset that (mostly) points to the volume > containing the dataset. > > The VTOC contains where on the volume, by cylinder and track, any > datasets live, be they VSAM or non-VSAM. > > The VVDS contains VSAM unique information for any VSAM datasets that are > contained in the VTOC. > > A VSAM catalog entry is actually a composite of the catalog, the VTOC, > and the VVDS information merged together. > > Regards, > Greg > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > _ > Netscape. Just the Net You Need. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
Peter wrote: You've got good replies. Please check all of them! >I am running which is a long running job but it keeps abending with s322. How long? What is your TIME on JOB and/or EXEC statements? Do you have any IEFUTL exit active? (D PROG,EXIT,EX=SYSSTC.IEFUTL,DIAG can help) What is your JES2 JOBCLASS time definition? Perhaps there are SMF and/or JES2 exits which enforce the time limit despite what you wrote on the JCL. Oh, some JES2 exits may scan your JCL and modify TIME= at will if those exits are written to do that. >I have used all the long running WLM initiators but still abends. I'm not sure WLM can influence that TIME, but I could be wrong. >I am not sure if IEFUTL exit is restricting it. Only if IEFUTL is active as per your SMFPRMxx and you have coded TIME= as others said. >The error message doesn't produce much information to diagnose. This is WAD. >Is there a way to bypass any EXIT which might be timing out the Jobs ? Yes, but if your datacenter enforced the installation of IEFUTL and JES2 JOBCLASS and setup of SMFPRMxx, you may be SOL. If I'm in charge, I would be a BOFH in no TIME= ... ;-) Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Converson of hex value to character
Bernd Oppolzer's answer is the best, although I'd prefer to define the fields so length overrides weren't needed: ONEBYTE DS XL2 TWOBYTE DS CL3 Not that I'd likely use it for small fields, but the TROT instruction is great at this. It requires a 512-byte translate table though: TROTTAB DC C'000102030405060708090A0B0C0D0E0F' DC C'101112... ... Rob Scott posted this with more detail on the Assembler List a while back. sas On Tue, Sep 13, 2016 at 7:55 AM, don isenstadtwrote: > I was interested in seeing a complete example.. here is one.. > http://www.z390.org/contest/p3/P3MM1.TXT > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- sas -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Converson of hex value to character
I was interested in seeing a complete example.. here is one.. http://www.z390.org/contest/p3/P3MM1.TXT -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
I did open an RFE for this, if anyone wishes to vote on it, here is the info. -- Notification generated at: 13 Sep 2016, 10:06 AM Eastern Time (ET) ID:94515 Headline:Add SAF check on DEF AIX for RELATE Cluster Submitted on:13 Sep 2016, 10:06 AM Eastern Time (ET) Brand: Servers and Systems Software Product: z/OS Link: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe_ID=94515 _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Tuesday, September 13, 2016 9:49 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization Steve, That’s what I am seeing, and IBM just confirmed it. I guess all we can do is give the contractor a slap on the hands, and move on. IBM comments: Basically, authorization checking is done against the AIX being defined (ALTER access to the AIX cluster name as shown in the table above) not the VSAM dataset the AIX relates to. Checking against the related VSAM cluster will be done when accessed by BLDINDEX. So, this is working as intended and documented. If you wish, you could open an 'enhancement request' to have this behavior changed. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 9:33 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the extract to the AIX -Original Message- From: "Jousma, David"Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: IDCAMs DEF AIX authorization All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent BLDINDEX did fail with security violation as expected. Nightly processing of that prod file failed however due to the empty AIX. Seems like DEF AIX should have been disallowed if the user didn't have the appropriate access for what it was related too? Dave _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After
Re: Converson of hex value to character
Thank you for all these great suggestions. My needs are very simple in only having to translate two different 1-byte fields, so Bernd's solution worked out to be the easiest and quickest to use. I will be saving these other ones, and like the macro idea as well as a quick print using DFSORT (Thanks Kolusu!). If I get some time one day, I will play with these other options to make sure I know how to use them when it is necessary. Thanks again! Billy On Tue, Sep 13, 2016 at 8:41 AM, Steve Smithwrote: > Bernd Oppolzer's answer is the best, although I'd prefer to define the > fields so length overrides weren't needed: > ONEBYTE DS XL2 > TWOBYTE DS CL3 > > Not that I'd likely use it for small fields, but the TROT instruction is > great at this. It requires a 512-byte translate table though: > > TROTTAB DC C'000102030405060708090A0B0C0D0E0F' >DC C'101112... > ... > > Rob Scott posted this with more detail on the Assembler List a while back. > > sas > > On Tue, Sep 13, 2016 at 7:55 AM, don isenstadt > wrote: > > > I was interested in seeing a complete example.. here is one.. > > http://www.z390.org/contest/p3/P3MM1.TXT > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > > -- > sas > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Thank you and best regards, *Billy Ashton* -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
Steve, That’s what I am seeing, and IBM just confirmed it. I guess all we can do is give the contractor a slap on the hands, and move on. IBM comments: Basically, authorization checking is done against the AIX being defined (ALTER access to the AIX cluster name as shown in the table above) not the VSAM dataset the AIX relates to. Checking against the related VSAM cluster will be done when accessed by BLDINDEX. So, this is working as intended and documented. If you wish, you could open an 'enhancement request' to have this behavior changed. _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: Tuesday, September 13, 2016 9:33 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IDCAMs DEF AIX authorization AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the extract to the AIX -Original Message- From: "Jousma, David"Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: IDCAMs DEF AIX authorization All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent BLDINDEX did fail with security violation as expected. Nightly processing of that prod file failed however due to the empty AIX. Seems like DEF AIX should have been disallowed if the user didn't have the appropriate access for what it was related too? Dave _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
For historical reasons lost in the Mists of Time, the explanations for z/OS BCP system abends are in System Codes, while those for DFSMS abends are in System Messages. (It took me years to realize why I always seemed to be looking in the wrong place!) Basically, for batch jobs, if you do not specify TIME, it will be taken from the TIME specified on the JOBCLASS statement (JES2) or its default, 30 minutes if TIME has not been specified on JOBCLASS. (There is a JES3 equivalent that I no longer recall and did not look up.) If there is an IEFUTL exit, it can modify the TIME value based on any data accessible to the exit when it runs. Because we don't know what people might be testing for to allow or disallow more time in the exit (or, for that matter, to increase the time!), your local batch job standards document or system programmer are the sources of information about how to get IEFUTL to allow more time. Although System Codes does not mention IEFUTL for some reason (I have submitted an RCF), it does cover the other reasons: 322 Explanation: One of the following occurred: O - The system took a longer time to run a job, job step, or procedure than the time specified in one of the following: – The TIME parameter of the EXEC or JOB statement – The standard time limit specified in the job entry subsystem O - For a started task under the master subsystem, the TIME parameter was not specified on the PROC statement of the catalogued procedure, and the PPT entry did not indicate a system task System action: The system abnormally ends the job, job step, or procedure. Programmer response: If the TIME parameter was not specified on the PROC statement of the catalogued procedure, add the TIME parameter or add a PPT entry for the PGM parameter. Otherwise, check for program errors. If none exist, specify a longer time in the TIME parameter. Then run the job again. Source: System Management Facilities (SMF) Peter wrote: Hello I am running which is a long running job but it keeps abending with s322. I have used all the long running WLM initiators but still abends. I am not sure if IEFUTL exit is restricting it. The error message doesn't produce much information to diagnose. Is there a way to bypass any EXIT which might be timing out the Jobs ? -- John Eells IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
IEFUTL only acts when you exceed the TIME= value supplied to your job. Did you try to overrule the default value with either a reasonable value or NOLIMIT? Kees. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Sent: 13 September, 2016 15:23 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Bypassing s322 About the only way is to pull out the exit or add a FASTAUTH for some widget Steve -Original Message- From: "John McKown"Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Bypassing s322 Have you tried TIME=1440 on the job card? Or, if you like the more recent way, TIME=NOLIMIT . As Kees said, this may be disallowed at your shop. You might need to ask your sysprog, if you are not one yourself. There is not a way for a job to say the equivalent of "this job should not be controlled by the ... system exit". That would be just silly because I know a lot of people who'd use it in all their jobs and say "nasty" things if anyone called them out about it. One programmer learned, the hard way, not to piss off a BOFH type sysprog (me). On Tue, Sep 13, 2016 at 8:05 AM, Peter wrote: > Hello > > I am running which is a long running job but it keeps abending with s322. I > have used all the long running WLM initiators but still abends. I am not > sure if IEFUTL exit is restricting it. > > The error message doesn't produce much information to diagnose. > > Is there a way to bypass any EXIT which might be timing out the Jobs ? > > Peter > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Unix: Some say the learning curve is steep, but you only have to climb it once. -- Karl Lehenbauer Unicode: http://xkcd.com/1726/ Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
On Tue, Sep 13, 2016 at 8:50 AM, John Eellswrote: > For historical reasons lost in the Mists of Time, Oh, good one :-) but wouldn't that be Mists of TIME=? > the explanations for z/OS BCP system abends are in System Codes, while > those for DFSMS abends are in System Messages. (It took me years to > realize why I always seemed to be looking in the wrong place!) > > > -- Unix: Some say the learning curve is steep, but you only have to climb it once. -- Karl Lehenbauer Unicode: http://xkcd.com/1726/ Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Bypassing s322
Hello I am running which is a long running job but it keeps abending with s322. I have used all the long running WLM initiators but still abends. I am not sure if IEFUTL exit is restricting it. The error message doesn't produce much information to diagnose. Is there a way to bypass any EXIT which might be timing out the Jobs ? Peter -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
IDCAMs DEF AIX authorization
All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent BLDINDEX did fail with security violation as expected. Nightly processing of that prod file failed however due to the empty AIX. Seems like DEF AIX should have been disallowed if the user didn't have the appropriate access for what it was related too? Dave _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Two running job program name discovery questions
Thanks, Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Peter Relson Sent: Tuesday, September 13, 2016 5:54 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Two running job program name discovery questions SMF30PGM: the source is not a programming interface field. It is not the RB's CDE's CDNAME field. SMF30_Highest_Task_CPU_Program: The CDNAME field from the CDE from the oldest RB for the particular task if there is a CDE for that RB. If there is no CDE for that RB, then 8 question-marks or blanks; the code suggests that the case of "blanks" should never happen, but is there "just in case". -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
About the only way is to pull out the exit or add a FASTAUTH for some widget Steve -Original Message- From: "John McKown"Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Bypassing s322 Have you tried TIME=1440 on the job card? Or, if you like the more recent way, TIME=NOLIMIT . As Kees said, this may be disallowed at your shop. You might need to ask your sysprog, if you are not one yourself. There is not a way for a job to say the equivalent of "this job should not be controlled by the ... system exit". That would be just silly because I know a lot of people who'd use it in all their jobs and say "nasty" things if anyone called them out about it. One programmer learned, the hard way, not to piss off a BOFH type sysprog (me). On Tue, Sep 13, 2016 at 8:05 AM, Peter wrote: > Hello > > I am running which is a long running job but it keeps abending with s322. I > have used all the long running WLM initiators but still abends. I am not > sure if IEFUTL exit is restricting it. > > The error message doesn't produce much information to diagnose. > > Is there a way to bypass any EXIT which might be timing out the Jobs ? > > Peter > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Unix: Some say the learning curve is steep, but you only have to climb it once. -- Karl Lehenbauer Unicode: http://xkcd.com/1726/ Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IDCAMs DEF AIX authorization
AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the extract to the AIX -Original Message- From: "Jousma, David"Sent: Tuesday, September 13, 2016 9:19am To: IBM-MAIN@LISTSERV.UA.EDU Subject: IDCAMs DEF AIX authorization All, I've got a PMR open with IBM asking the question, but thought I'd also pass this by the brain trust on this list. We recently had an off-shore contractor do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name. The process was allowed surprisingly. Contractor only had read access to prod dataset. The subsequent BLDINDEX did fail with security violation as expected. Nightly processing of that prod file failed however due to the empty AIX. Seems like DEF AIX should have been disallowed if the user didn't have the appropriate access for what it was related too? Dave _ Dave Jousma Manager Mainframe Engineering, Assistant Vice President david.jou...@53.com 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: What is the STCB?
That seems like an understandable confusion, considering how many TCB pointers there are in a TCB. btw, the OTCB is not a TCB, either. sas On Mon, Sep 12, 2016 at 11:29 AM, Charles Millswrote: > Thanks all. Thanks @John for the link. Duh -- I did not realize it was its > own named control block -- I was thinking of it as "another TCB" analogous > to JSTCB -- the same layout as a TCB DSECT, but with some special > significance. > > Charles > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Tony Harminc > Sent: Monday, September 12, 2016 8:17 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: What is the STCB? > > On 12 September 2016 at 10:16, Charles Mills wrote: > > What is the STCB? For example, > > > > 312 (138) ADDRESS 4 TCBSTCB ADDRESS OF STCB > > General purpose above-the-line extension of the TCB, conforming to more > modern standards (eyecatcher, 31-bit clean pointers, etc.) > > It's been around long anough that I find a number of fields routinely > useful for debugging. And a couple even during normal operation, e.g. > STCBOTCB. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- sas -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Two running job program name discovery questions
SMF30PGM: the source is not a programming interface field. It is not the RB's CDE's CDNAME field. SMF30_Highest_Task_CPU_Program: The CDNAME field from the CDE from the oldest RB for the particular task if there is a CDE for that RB. If there is no CDE for that RB, then 8 question-marks or blanks; the code suggests that the case of "blanks" should never happen, but is there "just in case". Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM FTPS connect
Perhaps the list of ciphers in the ftpdata file is too restrictive or maybe the z/OS Security Level 3 FMID is not installed. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
The S322 abend occurs when the TIME= on the JOB or EXEC statement is exceeded. So the job does have one and you must be able to find out where it originates from, possibly from JES2PARM JOBCLASS statement. You can override the time with the TIME=nnn or TIME=NOLIMIT parameter (if exits allow this). Kees. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Peter Sent: 13 September, 2016 15:05 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Bypassing s322 Hello I am running which is a long running job but it keeps abending with s322. I have used all the long running WLM initiators but still abends. I am not sure if IEFUTL exit is restricting it. The error message doesn't produce much information to diagnose. Is there a way to bypass any EXIT which might be timing out the Jobs ? Peter -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
FW: FTP_NEEDS_CONNECTION return From EZAFTPKS interface
Hi I originally posted on the TCP/IP list but saw FTP issues on IBMMAIN From: Joe Reichman [mailto:reichman...@gmail.com] Sent: Tuesday, September 13, 2016 8:21 AM To: 'ibmtc...@vm.marist.edu'Subject: FTP_NEEDS_CONNECTION return From EZAFTPKS interface Hi I got the above error from EZAFTPKS interface I get a successful return code from INIT Open User name Password But I Fail on PUT with the above error code I have a batch FTP job which successfully transferred a file to my windows PC Thanks -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Bypassing s322
Have you tried TIME=1440 on the job card? Or, if you like the more recent way, TIME=NOLIMIT . As Kees said, this may be disallowed at your shop. You might need to ask your sysprog, if you are not one yourself. There is not a way for a job to say the equivalent of "this job should not be controlled by the ... system exit". That would be just silly because I know a lot of people who'd use it in all their jobs and say "nasty" things if anyone called them out about it. One programmer learned, the hard way, not to piss off a BOFH type sysprog (me). On Tue, Sep 13, 2016 at 8:05 AM, Peterwrote: > Hello > > I am running which is a long running job but it keeps abending with s322. I > have used all the long running WLM initiators but still abends. I am not > sure if IEFUTL exit is restricting it. > > The error message doesn't produce much information to diagnose. > > Is there a way to bypass any EXIT which might be timing out the Jobs ? > > Peter > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Unix: Some say the learning curve is steep, but you only have to climb it once. -- Karl Lehenbauer Unicode: http://xkcd.com/1726/ Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN