PQ75949: BBOCR2FA AND BBOCR2FD CUSTOMIZATION JOBS/INSTRUCTIONS NEED TO HANDLE SEPARATE INSTALLATION OF ND/BASE SECURITY CUSTOMIZATION

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Changes for setting up the base application server:

1.For the base application server the generated instructions
  should say to run BBOMCFG2 job after BBOCR2FA, and not before.

2.BBOCR2FA job needs RACF special authority in addition to the
  UID=0 because it issues RACDCERT commands

3.For the base application server the generated instructions
  as shipped by PTF UQ77804 (service level W500101)
  indicates the job BBOCR2FA should be run even if the user
  user said "No" to "Generate RACF commands for Above" in
  security section 2.4 in the Customization Dialogs.

  However, users should not run BBOCR2FA if they answered "No"
  to "Generate RACF commands for Above" in security section 2.4
  in the Customization Dialogs.

4.Step INST1 of job BBOCR2FA the issues the following error:

  IRRD102I The user ID specified is not defined to RACF

  The extraneaous RACDCERT command:

  RACDCERT ID(DMCR1) EXPORT(LABEL('BBODMGR'))
  DSN(DEPMGR.CERTBIN) FORMAT(CERTDER)

  does not need to be run when setting up the base application
  server, and should be removed from BBOCR2FA

5.Step INST2 job BBOCR2FA produces the following error message
  when executed:

  keytool error: java.lang.Exception: Keystore password must be
  at least 6 characters.

  This message should be ignored.

6.Step INST2 job BBOCR2FA terminates with RC=12 error message:

  keytool: /u/WAS500/Servers/AppServer/bin/bbowr2fa.sh 22:
  FSUM7351 not found

  JAVA_HOME/bin needs to be on the PATH in order to execute
  the keytool application.

  While level W500104 provides, the solution to the above
  problem, it might still be necessary to modify the following
  line in <WASRoot>/AppServer/bin/bbowr2fa.sh:
       binDir=`dirname $0`
       . $binDir/setupCmdLine.sh

  Note: You need a '.' at the beginning of the second line.

  This will not be a problem at W502000 level and later.

-------------------------------------------------------------

Changes for setting up the Network Deployment server:

1.For the base application server the generated instructions
  should say to run BBODCFG2 job after BBOCR2FD, and not before

2.BBOCR2FD job needs RACF special authority in addition to
  UID=0 because it issues RACDCERT commands

3.For the Network deployment server the generated instructions
  as shipped by PTF UQ77804 (service level W500101)
  indicate the job BBOCR2FD should be run even if the user
  user said "No" to "Generate RACF commands for Above" in
  security section 2.4 in the Customization Dialogs.

  However, users should not run BBOCR2FD if they answered "No"
  to "Generate RACF commands for Above" in security section 2.4
  in the Customization Dialogs.

4.Step INST2 job BBOCR2FD produces the following error message
  when executed:

  keytool error: java.lang.Exception: Keystore password must be
  at least 6 characters.

  This message should be ignored.

5.Step INST2 job BBOCR2FD terminates with RC=12 error message:

  keytool: /u/WAS500/Servers/AppServer/bin/bbowr2fa.sh 22:
  FSUM7351 not found

  The JAVA_HOME/bin needs be on the PATH in
  order to execute the keytool application.

  While level W500104 provides, the solution to the above
  problem, it might still be necessary to modify the following
  line in <WASRoot>/DeploymentManager/bin/bbowr2fd.sh:
     binDir=`dirname $0`
     . $binDir/setupCmdLine.sh
  Note: You need a '.' at the beginning of the second line.

  This will not be a problem at W502000 level and later.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: BBOCR2FA and BBOCR2FD customization     *
*                      jobs do not set up the WAS environment. *
*                      BBOCR2FA job attempts to export a       *
*                      non-existant certificate BBODMGR.       *
*                      BBOCR2FA and BBOCR2FD do not delete     *
*                      temporary certificate files.            *
*                      The instructions for BBOCR2FA and       *
*                      BBOCR2FD do not state that the jobs     *
*                      should not be run if the user answered  *
*                      NO to the Generate RACF Commands for    *
*                      Above in security section 2.4 of the    *
*                      Customization dialogs.                  *
*                      Instructions for BBOCR2FA and BBOCR2FD  *
*                      jobs do not state that they need RACF   *
*                      SPECIAL authority and do not state that *
*                      BBOCR2FA and BBOCR2FD need to be run    *
*                      before the BBOMCFG2 and BBODCFG2 jobs,  *
*                      respectively.                           *
*                      The instructions for BBOCR2FA and       *
*                      BBOCR2FD do not explain that the        *
*                      error message keytool error:            *
*                      java.lang.Exception: Keystore password  *
*                      must be at least 6 characters           *
*                      can be ignored.                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
For the base application server the generated instructions
should say to run BBOMCFG2 job after BBOCR2FA, and not before.

BBOCR2FA job needs RACF special authority in addition to the
UID=0 because it issues RACDCERT commands.

Users should not run BBOCR2FA if they answered "No"
to "Generate RACF commands for Above" in security section 2.4
in the Customization Dialogs.

Step INST1 of job BBOCR2FA the issues the following error:

IRRD102I The user ID specified is not defined to RACF

Step INST2 job BBOCR2FA produces the following error message.
when executed:

keytool error: java.lang.Exception: Keystore password must be
at least 6 characters.

This message should be ignored.

Step INST2 job BBOCR2FA terminates with RC=12 error message:

keytool: /u/WAS500/Servers/AppServer/bin/bbowr2fa.sh 22:
FSUM7351 not found
Problem conclusion
Changes for setting up the base application server:
The instructions in BBOSSINS were changed to tell the user not
to run BBOCR2FA if they answered "NO" to
"Generate RACF commands for Above" in security section 2.4
in the Customization Dialogs.
The generated instructions in BBOSSINS were changed by moving
the instructions for BBOCR2FA before the instructions for
BBOMCFG2.  The instructions in BBOSSINS were changed to show
that BBOCR2FA needed to run with RACF SPECIAL authority,
and that the error message
keytool error: java.lang.Exception: Keystore password must be
at least 6 characters.
could be ignored.
A call to setupCmdLine.sh in <WAS_HOME>/bin was added to
bbowr2fa.sh to setup the java enviroment so that the keytool not
found message would not occur.
The RACDCERT export of the certificate labeled BBODMGR and the
OPUT of BBODMGR.CERTBIN were removed from BBOCR2FA.
The import of bbodmgr.cert was removed from bbowr2fa.sh.
bbowr2fa.sh was changed to delete the temporary certificate
files that were created by the OPUT command in BBOCR2FA.

Changes for Network Deployment
The instructions in BBOCCINS were changed to tell the user NOT
to run BBOCR2FD if they answered "NO" to
"Generate RACF commands for Above" in security section 2.4
in the Customization Dialogs.
The generated instructions in BBOCCINS were changed by moving
the instructions for BBOCR2FD before the instructions for
BBODCFG2.  The instructions in BBOCCINS were changed to show
that BBOCR2FD needed to run with RACF SPECIAL authority,
and that the error message:
keytool error: java.lang.Exception: Keystore password must be
at least 6 characters.
could be ignored.
A call to setupCmdLine.sh in <WAS_HOME>/bin was added to
bbowr2fd.sh to setup the java enviroment so that the keytool not
found message would not occur.
bbowr2fd.sh was changed to delete the temporary certificate
files that were created by the OPUT command in BBOCR2FD.

APAR PQ75949 is associated with SERVICE LEVEL W500104 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ75949
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-07-02
Closed date 2003-08-30
Last modified date 2003-11-19

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ79825    UP03/09/10 P F309

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ75949.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ75949
IBM Group: Software Group
Modified date: Nov 19, 2003