A fix is available
APAR status
Closed as unreproducible in next release.
Error description
An abend can occur when multiple proposal payloads are received. These messages will be seen: CEE3204S The system detected a protection exception (System Completion Code=0C4). CODE S0C4 CommonDomainOfInterpretation::getHisSPI(int,int&,char(&) 8 ) +0X000000A8 KEYWORDS: IKE IKED NEGOTIATION SPI ESP ABEND
Local fix
Configure the remote partner to send a single proposal payload.
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 11, and * * 12 IP : IPSEC * **************************************************************** * PROBLEM DESCRIPTION: During IKE set up, the peer's proposal * * is rejected because the peer sent his * * SPI multiple times. * **************************************************************** * RECOMMENDATION: * **************************************************************** During an IKE peer negotiation, proposals with different SPIs from a peer were added to a hash table. Later, when both peers agreed on a proposal, the SPIs from the rejected proposals were not removed from the hash table and that can cause unpredictable results. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
Temporary fix
Comments
EZAIKPOL has been changed to correctly handle peer's SPI during proposal negotiation. EZAIKFIN has been added for serviceability
APAR Information
APAR number
PM24827
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1B0
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2010-10-19
Closed date
2010-11-16
Last modified date
2011-02-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK62303 UK62304
Modules/Macros
EZAIKFIN EZAIKPOL
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1B0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1B0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 February 2011