Troubleshooting
Problem
WRKPRB entry with symptom string: 5770 SP/QRWXDLL RCFFFFFFC0 RIDS/GSSL generated.
Symptom
QRWTSRVR job log contains:
CPD3E34 Diagnostic 40 11/05/16 11:05:02.680926 QRWXDLL QSYS *STMT QRWXDLL QSYS *STMT
From module . . . . . . . . : QRWXDLL
From procedure . . . . . . : SndCPD3E3x__FiT1
Statement . . . . . . . . . : 23
To module . . . . . . . . . : QRWXDLL
To procedure . . . . . . . : SndCPD3E3x__FiT1
Statement . . . . . . . . . : 23
Message . . . . : DDM TCP/IP communications error occurred on gsk_secure_soc_read - SSL.
Cause . . . . . : Error code (errno) 0 was received while processing the gsk_secure_soc_read - SSL function for DRDA/DDM TCP/IP communications.
Recovery . . . : See any previously listed message(s) to determine the cause of the error; if necessary, correct the error and issue the request again.
Cause
Symptom string: 5770 SP/QRWXDLL RCFFFFFFC0 RIDS/GSSL is related to using SSL for a DDM/DRDA connection.
This symptom string indicates that an SSL connection attempt was made on DDM/DRDA port 448, but DDM/DRDA is not configured to use SSL, I.E. there is no certificate associated with the DDM and DRDA server.
A port scanner can also cause this WRKPRB entry to be generated when it hits port 448 and does not complete the SSL handshake.
Resolving The Problem
The corrective PTFs are required only when the defective PTF listed is applied.
Release | Corrective PTF | Defective PTF | Included with cumulative PTF number |
---|---|---|---|
R720 | MF67576 | MF67510 | 0296 |
R730 | MF67575 | MF67511 | 0310 |
R740 | MF67574 | MF67498 | 0303 |
IBM APAR SE71489 was created to describe this issue. Application of PTFs prevents the WRKPRB entry from being generated by SSL port scanners.
IBM i administrators do not need to be concerned about this WRKPRB entry unless there is an application or user that experiences a DDM connection problem.
If further diagnosis is needed, collect a TRCCNN (communications) trace filtered for local port 448:
To start the trace on the IBM i:
===> TRCCNN SET(*ON) TRCTYPE(*IP) TRCTBL(trcddmssl) SIZE(360 *MB) TCPDTA(*N (448) ())
*** Allow another instance of the same WRKPRB entry to be generated ***
Note: The trace buffer is wrapped over. It can run for as much time as needed to capture the failure. On busy systems, it must be ended soon after failure so the buffer is not overwritten with useless data.
To end the trace on the IBM i:
===> TRCCNN SET(*OFF) TRCTBL(trcddmssl) OUTPUT(*STMF) TOSTMF('/tmp/trcddmssl_out.pcap' *YES)
That trace generates a file in .pcap format, which can be reviewed with the open source Wireshark network tool:
https://www.wireshark.org/
It shows the IP address of the client attempting to communicate with the IBM i DDM/DRDA server on port 448.
Was this topic helpful?
Document Information
Modified date:
21 June 2021
UID
ibm10725511