IBM Support

Symptom string : 5770 SP/QRWXDLL RCFFFFFFC0 RIDS/GSSL

Troubleshooting


Problem

WRKPRB entry with symptom string: 5770 SP/QRWXDLL RCFFFFFFC0 RIDS/GSSL generated.

Symptom

QRWTSRVR job log contains:

CPD3E34    Diagnostic              40   11/05/16  11:05:02.680926  QRWXDLL      QSYS        *STMT    QRWXDLL     QSYS        *STMT 
From module . . . . . . . . :  QRWXDLL 
From procedure  . . . . . . :  SndCPD3E3x__FiT1 
Statement . . . . . . . . . :  23 
To module . . . . . . . . . :  QRWXDLL 
To procedure  . . . . . . . :  SndCPD3E3x__FiT1 
Statement . . . . . . . . . :   23 
Message . . . . :   DDM TCP/IP communications error occurred on gsk_secure_soc_read - SSL. 
Cause . . . . . :   Error code (errno) 0 was received while processing the gsk_secure_soc_read - SSL function for DRDA/DDM TCP/IP communications. 
Recovery  . . . :   See any previously listed message(s) to determine the cause of the error; if necessary, correct the error and issue the request again.

Cause

Symptom string: 5770 SP/QRWXDLL RCFFFFFFC0 RIDS/GSSL is related to using SSL for a DDM/DRDA connection.

This symptom string indicates that an SSL connection attempt was made on DDM/DRDA port 448, but DDM/DRDA is not configured to use SSL, I.E. there is no certificate associated with the DDM and DRDA server.

A port scanner can also cause this WRKPRB entry to be generated when it hits port 448 and does not complete the SSL handshake.

Resolving The Problem

IMPORTANT:  Before you start a TRCCNN or TRCINT command, ensure that you have the corrective PTFs for APAR MA48477 applied to your system.
The corrective PTFs are required only when the defective PTF listed is applied.
Release  Corrective PTF  Defective PTF  Included with cumulative PTF number 
R720   MF67576 MF67510 0296
R730   MF67575 MF67511 0310
R740   MF67574 MF67498 0303

IBM APAR SE71489 was created to describe this issue. Application of PTFs prevents the WRKPRB entry from being generated by SSL port scanners.

IBM i administrators do not need to be concerned about this WRKPRB entry unless there is an application or user that experiences a DDM connection problem.

If further diagnosis is needed, collect a TRCCNN (communications) trace filtered for local port 448:

To start the trace on the IBM i:

===> TRCCNN SET(*ON) TRCTYPE(*IP) TRCTBL(trcddmssl) SIZE(360 *MB) TCPDTA(*N (448) ())

*** Allow another instance of the same WRKPRB entry to be generated ***

Note: The trace buffer is wrapped over. It can run for as much time as needed to capture the failure. On busy systems, it must be ended soon after failure so the buffer is not overwritten with useless data.

To end the trace on the IBM i:

===> TRCCNN SET(*OFF) TRCTBL(trcddmssl) OUTPUT(*STMF) TOSTMF('/tmp/trcddmssl_out.pcap' *YES)

That trace generates a file in .pcap format, which can be reviewed with the open source Wireshark network tool:
https://www.wireshark.org/

It shows the IP address of the client attempting to communicate with the IBM i DDM/DRDA server on port 448.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
21 June 2021

UID

ibm10725511

Page Feedback