A fix is available
APAR status
Closed as unreproducible in next release.
Error description
IKED is not freeing storage. LE Heap storage will continue to grow. Eventually, a load of the GSKSSL DLL will fail with messages: IEW4000I FETCH FOR MODULE GSKSSL FROM DDNAME -LNKLST- FAILED BECAUSE INSUFFICIENT STORAGE WAS AVAILABLE. CSV031I LIBRARY ACCESS FAILED FOR MODULE GSKSSL , RETURN CODE 14, REASON CODE 26110021, DDNAME *LNKLST* . IKED will issue an abend: DUMP Title=IKED Code UCEE3503 Cert390::Cert390 . CEE3503S indicates a load request was unsuccessful. A review of the dump will show large amounts of storage allocated in subpool 2 key 8. The eyecatchers will be HANC, indicating the storage was obtained by LE for heap storage. . Running IP VERBX LEDATA 'HEAP' will show the allocated heap segments. The heap will have large number of CN=xxxx where xxx is the name from the certificates used by IKED. There will also be copies of the certificate allocated but with ASCII characters. . ADDITIONAL KEYWORDS: SP2K8
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 12, and 13 * * IP: IPSecurity * **************************************************************** * PROBLEM DESCRIPTION: Storage leak causes IKE to issue * * abend106. The storage leak was due to * * certification ID storage was not being * * released. * **************************************************************** * RECOMMENDATION: * **************************************************************** During security association (SA) negotiation between two IKE partners, storage that was obtained for a certificate ID was not being released after the SA failed. The certificate ID was X500DN and the object that was instantiated to perform ID authentication was never deleted leading to the storage leak. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
Temporary fix
********* * HIPER * *********
Comments
EZAIKPKI has been changed to delete storage allocated for certificate ID. PKIBASE class has been changed and all dependency parts have been included for recompile. Fix is a rollback from D153905.
APAR Information
APAR number
PM58292
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1C0
Status
CLOSED UR1
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2012-02-15
Closed date
2012-03-13
Last modified date
2012-05-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK77142 UK77143
Modules/Macros
EZAIKA@U EZAIKABL EZAIKALF EZAIKAMF EZAIKANC EZAIKCCA EZAIKDOI EZAIKE@L EZAIKE@M EZAIKENV EZAIKFIN EZAIKGEN EZAIKGNK EZAIKIDO EZAIKIKL EZAIKIMA EZAIKINF EZAIKISB EZAIKLAY EZAIKMAT EZAIKMSG EZAIKOKI EZAIKOKK EZAIKOKL EZAIKOKM EZAIKOKP EZAIKPAR EZAIKPII EZAIKPKI EZAIKPKR EZAIKPKS EZAIKPOL EZAIKPRE EZAIKPRK EZAIKPUB EZAIKP1 EZAIKREG EZAIKRET EZAIKSA EZAIKSKM EZAIKSMD EZAIKSMH PKIBASE
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 May 2012