PQ50858: EXPLANATION OF BBOU0507E IS NOT SUFFICIENT

APAR status
Closed as fixed if next.

Error description
Customer is running in a sysplex environment. The have the
WebSphere servers running on only one system and invoke a
client from another system.  The security configuration
for his application server has userid and password enabled
and allows unauthenticated clients.  When the client program
runs, BBOU0507E is issued, but the client runs successfully.
The message text and explanation is as follows.
BBOU0507E Security manager: pass ticket create failed
Explanation: Security Manager - Security Manager hash table
             creation failure.
User response:  contact your next level of support or the IBM
                Support Center
.
The real reason for the messagge is that the client sends a
request to BBONM which is configured at bootstrap installation
with userid/passticket.  Therefore, the response back to the
client is an IOR that contains a security contex with
userid/passticket.  This causes the client side to attempt to
initialize the userid/passticket enablement, but since there
is no daemon running on the client system, BBOU0507E is
issued.  It then continues to look for other security
protocols and finds one, that's why the client ran successfully.
So the first issue is, the message should probably be a
warning, definitely not an error.  Also the text should be
updated to indicate the problem is the daemon is not running,
and that a returned IOR has userid/passticket support.
Local fix
To stop getting the BBOU0507E message, make sure the daemon
is running on all systems where the client is running.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0 for z/OS and OS/390.                    *
****************************************************************
* PROBLEM DESCRIPTION: Message BBOU0507E is incorrectly routed *
*                      to error log. The message type code of  *
*                      E (Error) is incorrect since nature of  *
*                      this message is an I (Informational)    *
*                      message type. Also, the explanation of  *
*                      the message in the WebSphere            *
*                      Application Server V4.0 for z/OS and    *
*                      OS/390 Messages and Diagnosis           *
*                      publication needs to be revised to      *
*                      correctly explain the message issuance. *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Customer was running in a sysplex environment. They have the
WebSphere servers running on only one system and invoke a
client from another system.  The security configuration
for their application server has userid and password enabled
and allows unauthenticated clients.  When the client program
runs, BBOU0507E is issued, but the client runs successfully.
The message text and explanation is as follows:

BBOU0507E Security manager: pass ticket create failed
Explanation: Security Manager - Security Manager hash table
             creation failure.
User response:  contact your next level of support or the IBM
                Support Center

The real reason for the message is that the client sends a
request to BBONM which is configured at bootstrap installation
with userid/passticket.  Therefore, the response back to the
client is an IOR that contains a security context with
userid/passticket.  This causes the client side to attempt to
initialize the userid/passticket enablement, but since there
is no daemon running on the client system, BBOU0507E is
issued.  It then continues to look for other security
protocols and finds one, that's why the client ran successfully.
So the first issue is, the message should be a informational,
definitely not an error.  Also the text should be
updated to indicate the problem is the daemon is not running,
and that a returned IOR has userid/passticket support.

The message code type for message BBOU0507E needs to be changed
from code type E (Error) to code type I (Informational).

This message is incorrectly routed to the server error log.
Message processing for BBOU0507I should be modified such that
the messages is only routed to the JOBLOG associated with the
client process.

The WebSphere Application Server V4.0 for z/OS and OS/390
Messages and Diagnosis publications needs updated as a result
of this APAR. Using the GA22-7837-01 version of the publication
as an example, the following message change needs to be done:
________________________________________________________________
Chapter 12, pg. 273 (changed message)
BBOU0507I  Security was not able to create a passticket
Explanation: This process was attempting to initialize
userid/passticket security, and was not able to generate a
passticket.  The process continues, and attempts to use the
next available security method.
User Response: The most likely reasons for this are, that the
WebSphere Daemon was not active on the system, or the SAF
security manager was not configured to support passtickets.
It is a requirement for using userid/passticket security that
the WebSphere Daemon process be active on the system where
passtickets are generated.  Further you must activate the
resource class PTKTDATA, and define the CBS390 profile in this
class.  All users or groups that intend to use this resource
must be given read access to this profile.
________________________________________________________________
Problem conclusion Temporary fix Comments
This APAR is being closed FIN with concurrence from the
submitting customer. A solution to this problem will be
delivered in a WebSphere Application Server for z/OS
and OS/390 release within the next 18 months.
A fix for the problem reported by this APAR has been
provided in PTF UQ58507 of WebSphere Application Server
V4.0.1 for z/OS and OS/390.
APAR information
APAR number PQ50858
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 400
Status CLOSED FIN
PE NoPE
HIPER NoHIPER
Submitted date 2001-07-24
Closed date 2001-08-30
Last modified date 2002-07-24

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Applicable component levels
R400 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ50858
IBM Group: Software Group
Modified date: Jul 24, 2002