IC81733: (CD) CSP900E LOGGED EXCEPTION DUE TO LONG PCRT VALUE IN C:D FMH70
Closed as program error.
Error Description￘ Error: CSP900E Logged Exception : Did not get buffer in 90000 ms
Local Fix￘ Fix sent to user.
Users Affected: All Customers running Connect:Direct Secure Plus sessions through Sterling Secure Proxy Problem Description: A Connect:Direct Secure Plus session through SSP failed during the initial FMH exchange because the PCRT field added to the FMH70 record caused the zOS SNODE to mis-handle the record and drop the session. The SSP CD Adapter inserts "breadcrumbs" into the FMH records to let each side of the transmission know that SSP is in the middle. The breadcrumbs consist of 2 extra fields, the "PRXY" field which provides IP address information of the SSP and the "PCRT" field, which presumably contains the originating PNODE certificate during a Secure Plus session. The "PRXY" field is added to all FMHs and assists in C:D problem analysis, while the PCRT field is only inserted in the FMH70 record flowing to the SNODE during a Secure Plus session. When the PCRT field is large, it can cause problems if the SNODE cannot handle the larger FMH70 RU. Study showed that the certificate passed in the PCRT field was not the PNODE certificate at all, which makes it of little value. Platforms Affected: All
Resolution Summary: Turned off the "PCRT" breadcrumb in the C:D FMH70 unless the behavior is specifically turned on at the adapter level. The following properties are now the default in the C:D adapter: "CDSP|*|BreadCrumbAddress" = "granted" (allows "PRXY" breadcrumbs to be inserted) "CDSP|*|BreadCrumbAddressTransparentContent" = "granted" (allows more detail in "PRXY" field) "CDSP|*|BreadCrumbAddressPCRT" = "denied" (Do not insert the "PCRT" field) To continue to send the "PCRT" field, you must add the following property to the C:D adapter Properties tab of the CM GUI: "CDSP|*|BreadCrumbAddressPCRT" = "granted" Delivered In: 22.214.171.124,126.96.36.199,188.8.131.52,184.108.40.206
Reported component name
STR SECURE PROX
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
STR SECURE PROX
Fixed component ID
Applicable component levels