PQ75949: BBOCR2FA AND BBOCR2FD CUSTOMIZATION JOBS/INSTRUCTIONS NEED TO HANDLE SEPARATE INSTALLATION OF ND/BASE SECURITY CUSTOMIZATION | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Changes for setting up the base application server: 1.For the base application server the generated instructions should say to run BBOMCFG2 job after BBOCR2FA, and not before. 2.BBOCR2FA job needs RACF special authority in addition to the UID=0 because it issues RACDCERT commands 3.For the base application server the generated instructions as shipped by PTF UQ77804 (service level W500101) indicates the job BBOCR2FA should be run even if the user user said "No" to "Generate RACF commands for Above" in security section 2.4 in the Customization Dialogs. However, users should not run BBOCR2FA if they answered "No" to "Generate RACF commands for Above" in security section 2.4 in the Customization Dialogs. 4.Step INST1 of job BBOCR2FA the issues the following error: IRRD102I The user ID specified is not defined to RACF The extraneaous RACDCERT command: RACDCERT ID(DMCR1) EXPORT(LABEL('BBODMGR')) DSN(DEPMGR.CERTBIN) FORMAT(CERTDER) does not need to be run when setting up the base application server, and should be removed from BBOCR2FA 5.Step INST2 job BBOCR2FA produces the following error message when executed: keytool error: java.lang.Exception: Keystore password must be at least 6 characters. This message should be ignored. 6.Step INST2 job BBOCR2FA terminates with RC=12 error message: keytool: /u/WAS500/Servers/AppServer/bin/bbowr2fa.sh 22: FSUM7351 not found JAVA_HOME/bin needs to be on the PATH in order to execute the keytool application. While level W500104 provides, the solution to the above problem, it might still be necessary to modify the following line in <WASRoot>/AppServer/bin/bbowr2fa.sh: binDir=`dirname $0` . $binDir/setupCmdLine.sh Note: You need a '.' at the beginning of the second line. This will not be a problem at W502000 level and later. ------------------------------------------------------------- Changes for setting up the Network Deployment server: 1.For the base application server the generated instructions should say to run BBODCFG2 job after BBOCR2FD, and not before 2.BBOCR2FD job needs RACF special authority in addition to UID=0 because it issues RACDCERT commands 3.For the Network deployment server the generated instructions as shipped by PTF UQ77804 (service level W500101) indicate the job BBOCR2FD should be run even if the user user said "No" to "Generate RACF commands for Above" in security section 2.4 in the Customization Dialogs. However, users should not run BBOCR2FD if they answered "No" to "Generate RACF commands for Above" in security section 2.4 in the Customization Dialogs. 4.Step INST2 job BBOCR2FD produces the following error message when executed: keytool error: java.lang.Exception: Keystore password must be at least 6 characters. This message should be ignored. 5.Step INST2 job BBOCR2FD terminates with RC=12 error message: keytool: /u/WAS500/Servers/AppServer/bin/bbowr2fa.sh 22: FSUM7351 not found The JAVA_HOME/bin needs be on the PATH in order to execute the keytool application. While level W500104 provides, the solution to the above problem, it might still be necessary to modify the following line in <WASRoot>/DeploymentManager/bin/bbowr2fd.sh: binDir=`dirname $0` . $binDir/setupCmdLine.sh Note: You need a '.' at the beginning of the second line. This will not be a problem at W502000 level and later.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: BBOCR2FA and BBOCR2FD customization * * jobs do not set up the WAS environment. * * BBOCR2FA job attempts to export a * * non-existant certificate BBODMGR. * * BBOCR2FA and BBOCR2FD do not delete * * temporary certificate files. * * The instructions for BBOCR2FA and * * BBOCR2FD do not state that the jobs * * should not be run if the user answered * * NO to the Generate RACF Commands for * * Above in security section 2.4 of the * * Customization dialogs. * * Instructions for BBOCR2FA and BBOCR2FD * * jobs do not state that they need RACF * * SPECIAL authority and do not state that * * BBOCR2FA and BBOCR2FD need to be run * * before the BBOMCFG2 and BBODCFG2 jobs, * * respectively. * * The instructions for BBOCR2FA and * * BBOCR2FD do not explain that the * * error message keytool error: * * java.lang.Exception: Keystore password * * must be at least 6 characters * * can be ignored. * **************************************************************** * RECOMMENDATION: * **************************************************************** For the base application server the generated instructions should say to run BBOMCFG2 job after BBOCR2FA, and not before. BBOCR2FA job needs RACF special authority in addition to the UID=0 because it issues RACDCERT commands. Users should not run BBOCR2FA if they answered "No" to "Generate RACF commands for Above" in security section 2.4 in the Customization Dialogs. Step INST1 of job BBOCR2FA the issues the following error: IRRD102I The user ID specified is not defined to RACF Step INST2 job BBOCR2FA produces the following error message. when executed: keytool error: java.lang.Exception: Keystore password must be at least 6 characters. This message should be ignored. Step INST2 job BBOCR2FA terminates with RC=12 error message: keytool: /u/WAS500/Servers/AppServer/bin/bbowr2fa.sh 22: FSUM7351 not foundProblem conclusion Changes for setting up the base application server: The instructions in BBOSSINS were changed to tell the user not to run BBOCR2FA if they answered "NO" to "Generate RACF commands for Above" in security section 2.4 in the Customization Dialogs. The generated instructions in BBOSSINS were changed by moving the instructions for BBOCR2FA before the instructions for BBOMCFG2. The instructions in BBOSSINS were changed to show that BBOCR2FA needed to run with RACF SPECIAL authority, and that the error message keytool error: java.lang.Exception: Keystore password must be at least 6 characters. could be ignored. A call to setupCmdLine.sh in <WAS_HOME>/bin was added to bbowr2fa.sh to setup the java enviroment so that the keytool not found message would not occur. The RACDCERT export of the certificate labeled BBODMGR and the OPUT of BBODMGR.CERTBIN were removed from BBOCR2FA. The import of bbodmgr.cert was removed from bbowr2fa.sh. bbowr2fa.sh was changed to delete the temporary certificate files that were created by the OPUT command in BBOCR2FA. Changes for Network Deployment The instructions in BBOCCINS were changed to tell the user NOT to run BBOCR2FD if they answered "NO" to "Generate RACF commands for Above" in security section 2.4 in the Customization Dialogs. The generated instructions in BBOCCINS were changed by moving the instructions for BBOCR2FD before the instructions for BBODCFG2. The instructions in BBOCCINS were changed to show that BBOCR2FD needed to run with RACF SPECIAL authority, and that the error message: keytool error: java.lang.Exception: Keystore password must be at least 6 characters. could be ignored. A call to setupCmdLine.sh in <WAS_HOME>/bin was added to bbowr2fd.sh to setup the java enviroment so that the keytool not found message would not occur. bbowr2fd.sh was changed to delete the temporary certificate files that were created by the OPUT command in BBOCR2FD. APAR PQ75949 is associated with SERVICE LEVEL W500104 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ75949.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ75949
IBM Group: Software Group
Modified date: Nov 19, 2003
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.