MSG 500: Unauthorized Program Loaded
 Technote (FAQ)
 
Problem
When the BPX.DAEMON FACILITY class is defined and an address space loads a module that is not defined to Program Control, a “Dirty Environment” condition will occur with a Unix System Services™(USS) Reason Code of 02AF for Unix processes.

An HTTP request was received by the HTTP Web server and the server loaded a module (GWAPI program) that was not program controlled. The resultant Dirty Environment causes the message "Unauthorized Program Loaded" to be displayed at the browser. You will see the following errors:

Error 500: Access Denied - Unauthorized Program Loaded

In the SYSOUT of the IBM HTTP Web server you may see one or more of the following messages:

ERRNO:139 0be802af, ERROR:edc5139i Operation not permitted.

OR

HTAA_ACtl.... Failed access as Surrogate: <Userid>, Errno: 139, Errno2: 0be802af,
Error: EDC5139I Operation not permitted.

In the SYSLOG you will see the following errors:

STC04726 +BBOU0025I ERRORS WILL BE WRITTEN TO CERR FOR JOB IMWEBSRV.
STC04726 ICH420I PROGRAM ATRADCT FROM LIBRARY SYS1.CSSLIB
CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.

BPXP015I HFS PROGRAM <directory and file> IS NOT MARKED PROGRAM CONTROLLED."
 
 
Solution
This problem can occur when either an MVS data set is not program controlled, or an HFS program file that is loaded is not program controlled. the MVS dataset issues when you first . You may have this problem if you recently installed or applied service for the Local Redirector Plug-in code or the JAVA run time environment (JRE) and you did not program control the DLLs. Look on the system console for a message indicating the offending module.
How to Program Control MVS data sets or HFS files:

HFS files:

Issue the OMVS command extattr +p <filename> to set the Program Control extended attribute:

cd <directory_name>
extattr +p *
where <directory_name> is each of the following:
/usr/lpp/WebSphere/lib
/usr/lpp/WebSphere//WebServerPlugIn/bin/
/usr/lpp/java/IBM/J1.3/bin
/usr/lpp/internet/bin
/usr/lpp/internet/sbin
Repeat for each directory


MVS Datasets:

Issue the RACF commands RALTER to define the dataset to Program Control:

RALTER PROGRAM * ADDMEM('<DSN>') UACC(READ)
SETROPTS WHEN(PROGRAM) REFRESH

where <DSN> could be:

SYS1.LINKLIB
BBO.SBBOLD2


Note: If you added SBBOLOAD to LPA, you must define the SBBOLOAD PDS Program Control, and then refresh the LPA.


Related information
  • IBM HTTP Server Planning, Installing, and Using , SC34-4826
  • UNIX System Services Planning, GA22-7800
  • WebSphere® Application Server Troubleshooter website:
www-3.ibm.com/software/webservers/httpservers/doc/v51/2tabcont.htm
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS > Security
Operating system(s): z/OS
Software version: 4.0.1
Software edition:
Reference #: 1165295
IBM Group: Software Group
Modified date: Apr 5, 2004