Discussion:
RACF Special User Revoked System
(too old to reply)
saurabh khandelwal
2018-08-04 11:19:51 UTC
Permalink
Raw Message
Hello Group,

We are facing issue that someone by mistake used wrong password on special
user and this end up revoking anybody to login to our system .

RACF is not allowing anybody to login. But strange part is, we dont see any
outstanding message on console related to this special user. But when this
yser try to login to system we get below message,

IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF

Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we can
use from console to make the system available for rest of users.

Please suggest.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Joe Monk
2018-08-04 11:37:27 UTC
Permalink
Raw Message
You can try to RVARY INACTIVE. Then, failsoft processing will be in effect.

Joe

On Sat, Aug 4, 2018 at 7:19 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on special
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see any
outstanding message on console related to this special user. But when this
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we can
use from console to make the system available for rest of users.
Please suggest.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
saurabh khandelwal
2018-08-04 11:46:23 UTC
Permalink
Raw Message
Hello Joe,

How RVARY INACTIVE command will solve this issue. Can you please explain
Post by Joe Monk
You can try to RVARY INACTIVE. Then, failsoft processing will be in effect.
Joe
On Sat, Aug 4, 2018 at 7:19 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by saurabh khandelwal
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see
any
Post by saurabh khandelwal
outstanding message on console related to this special user. But when
this
Post by saurabh khandelwal
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we can
use from console to make the system available for rest of users.
Please suggest.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
saurabh khandelwal
2018-08-04 11:49:32 UTC
Permalink
Raw Message
Is there any way to resume that special user from console or get the WTOR
message on console for this user and let this user be in revoked status
and other users should be able to login to system

On Sat, Aug 4, 2018 at 2:46 PM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Joe,
How RVARY INACTIVE command will solve this issue. Can you please explain
Post by Joe Monk
You can try to RVARY INACTIVE. Then, failsoft processing will be in effect.
Joe
On Sat, Aug 4, 2018 at 7:19 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by saurabh khandelwal
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see
any
Post by saurabh khandelwal
outstanding message on console related to this special user. But when
this
Post by saurabh khandelwal
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we
can
Post by saurabh khandelwal
use from console to make the system available for rest of users.
Please suggest.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Joe Monk
2018-08-04 11:56:09 UTC
Permalink
Raw Message
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.icha200/nut.htm#nut

Joe

On Sat, Aug 4, 2018 at 7:46 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Joe,
How RVARY INACTIVE command will solve this issue. Can you please explain
Post by Joe Monk
You can try to RVARY INACTIVE. Then, failsoft processing will be in
effect.
Post by Joe Monk
Joe
On Sat, Aug 4, 2018 at 7:19 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by saurabh khandelwal
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see
any
Post by saurabh khandelwal
outstanding message on console related to this special user. But when
this
Post by saurabh khandelwal
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of
older
Post by Joe Monk
Post by saurabh khandelwal
RACF dataset disk . Is there any resume command or some thing else we
can
Post by Joe Monk
Post by saurabh khandelwal
use from console to make the system available for rest of users.
Please suggest.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
saurabh khandelwal
2018-08-04 12:28:03 UTC
Permalink
Raw Message
Joe,
So, using rvary inactive, will I be able to use same racf password to login
all users.

Also, once we login how can we solve that special user racf password issue
and let system to again use racf for security
Post by Joe Monk
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.icha200/nut.htm#nut
Joe
On Sat, Aug 4, 2018 at 7:46 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Joe,
How RVARY INACTIVE command will solve this issue. Can you please explain
Post by Joe Monk
You can try to RVARY INACTIVE. Then, failsoft processing will be in
effect.
Post by Joe Monk
Joe
On Sat, Aug 4, 2018 at 7:19 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by saurabh khandelwal
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont
see
Post by saurabh khandelwal
Post by Joe Monk
any
Post by saurabh khandelwal
outstanding message on console related to this special user. But when
this
Post by saurabh khandelwal
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of
older
Post by Joe Monk
Post by saurabh khandelwal
RACF dataset disk . Is there any resume command or some thing else we
can
Post by Joe Monk
Post by saurabh khandelwal
use from console to make the system available for rest of users.
Please suggest.
----------------------------------------------------------------------
Post by saurabh khandelwal
Post by Joe Monk
Post by saurabh khandelwal
For IBM-MAIN subscribe / signoff / archive access instructions,
IBM-MAIN
Post by saurabh khandelwal
Post by Joe Monk
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Mark Regan
2018-08-04 12:48:31 UTC
Permalink
Raw Message
For future reference, there is a RACF related mailing list, RACF-L.

List name: RACF-L
Host name: LISTSERV.UGA.EDU
<http://www.lsoft.com/scripts/wl.exe?SS1=LISTSERV.UGA.EDU> (UGA)
Subscribers: 1,794
Features:

- Virus protection (F-Secure Anti-Virus 10.20)
<http://www.lsoft.com/products/default.asp?item=secured-by-FS&host=LISTSERV.UGA.EDU&wa=https://LISTSERV.UGA.EDU/cgi-bin/wa>
43,467 viruses suppressed monthly (July 2018)
- Spam filter
- Archives
- Web archive interface <https://LISTSERV.UGA.EDU/cgi-bin/wa?LIST=RACF-L>
- Digests (with MIME support)
- Indexes
- Database functions
- High Performance version


------------------------------

To subscribe, send mail to ***@LISTSERV.UGA.EDU with the command
(paste it!) in the e-mail message body:

SUBSCRIBE RACF-L



On Sat, Aug 4, 2018 at 8:28 AM saurabh khandelwal <
Post by saurabh khandelwal
Joe,
So, using rvary inactive, will I be able to use same racf password to login
all users.
Also, once we login how can we solve that special user racf password issue
and let system to again use racf for security
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.icha200/nut.htm#nut
Post by Joe Monk
Joe
On Sat, Aug 4, 2018 at 7:46 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Joe,
How RVARY INACTIVE command will solve this issue. Can you please
explain
Post by Joe Monk
Post by saurabh khandelwal
Post by Joe Monk
You can try to RVARY INACTIVE. Then, failsoft processing will be in
effect.
Post by Joe Monk
Joe
On Sat, Aug 4, 2018 at 7:19 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by saurabh khandelwal
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont
see
Post by saurabh khandelwal
Post by Joe Monk
any
Post by saurabh khandelwal
outstanding message on console related to this special user. But
when
Post by Joe Monk
Post by saurabh khandelwal
Post by Joe Monk
this
Post by saurabh khandelwal
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of
older
Post by Joe Monk
Post by saurabh khandelwal
RACF dataset disk . Is there any resume command or some thing else
we
Post by Joe Monk
Post by saurabh khandelwal
can
Post by Joe Monk
Post by saurabh khandelwal
use from console to make the system available for rest of users.
Please suggest.
----------------------------------------------------------------------
Post by saurabh khandelwal
Post by Joe Monk
Post by saurabh khandelwal
For IBM-MAIN subscribe / signoff / archive access instructions,
IBM-MAIN
----------------------------------------------------------------------
Post by Joe Monk
Post by saurabh khandelwal
Post by Joe Monk
For IBM-MAIN subscribe / signoff / archive access instructions,
IBM-MAIN
Post by Joe Monk
Post by saurabh khandelwal
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Regards,

Mark T. Regan

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Joe Monk
2018-08-04 13:40:36 UTC
Permalink
Raw Message
RVARY INACTIVE turns off RACF. Then you can fix your problem and be on your
way.

Joe

On Sat, Aug 4, 2018 at 8:27 AM, saurabh khandelwal <
Post by saurabh khandelwal
Joe,
So, using rvary inactive, will I be able to use same racf password to login
all users.
Also, once we login how can we solve that special user racf password issue
and let system to again use racf for security
Post by Joe Monk
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.
0/com.ibm.zos.v2r1.icha200/nut.htm#nut
Post by Joe Monk
Joe
On Sat, Aug 4, 2018 at 7:46 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Joe,
How RVARY INACTIVE command will solve this issue. Can you please
explain
Post by Joe Monk
Post by saurabh khandelwal
Post by Joe Monk
You can try to RVARY INACTIVE. Then, failsoft processing will be in
effect.
Post by Joe Monk
Joe
On Sat, Aug 4, 2018 at 7:19 AM, saurabh khandelwal <
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by saurabh khandelwal
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont
see
Post by saurabh khandelwal
Post by Joe Monk
any
Post by saurabh khandelwal
outstanding message on console related to this special user. But
when
Post by Joe Monk
Post by saurabh khandelwal
Post by Joe Monk
this
Post by saurabh khandelwal
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of
older
Post by Joe Monk
Post by saurabh khandelwal
RACF dataset disk . Is there any resume command or some thing else
we
Post by Joe Monk
Post by saurabh khandelwal
can
Post by Joe Monk
Post by saurabh khandelwal
use from console to make the system available for rest of users.
Please suggest.
----------------------------------------------------------------------
Post by saurabh khandelwal
Post by Joe Monk
Post by saurabh khandelwal
For IBM-MAIN subscribe / signoff / archive access instructions,
IBM-MAIN
Post by saurabh khandelwal
Post by Joe Monk
------------------------------------------------------------
----------
Post by Joe Monk
Post by saurabh khandelwal
Post by Joe Monk
For IBM-MAIN subscribe / signoff / archive access instructions,
IBM-MAIN
Post by Joe Monk
Post by saurabh khandelwal
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Charles Mills
2018-08-04 13:37:19 UTC
Permalink
Raw Message
I am not a RACF expert but IMHO you have a problem that is bigger than a post on a mailing list.

You should get IBM involved, or someone like Vanguard, or a serious RACF expert like RSM, Stu Henderson, Tom Conley or Bob Hansel (and apologies to anyone I failed to mention).

Charles


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of saurabh khandelwal
Sent: Saturday, August 4, 2018 4:20 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: RACF Special User Revoked System

Hello Group,

We are facing issue that someone by mistake used wrong password on special
user and this end up revoking anybody to login to our system .

RACF is not allowing anybody to login. But strange part is, we dont see any
outstanding message on console related to this special user. But when this
yser try to login to system we get below message,

IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF

Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we can
use from console to make the system available for rest of users.

Please suggest.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
retired mainframer
2018-08-04 15:45:08 UTC
Permalink
Raw Message
When an incorrect password is entered the requisite number of times for a user with SYSTEM SPECIAL, a WTOR is presented to the operator. The user is not revoked unless the operator responds to that WTOR specifying the user should be revoked. If that is indeed what happened, the operator needs some additional training.

The fact that one user has been revoked should not prevent any other user from logging on. What happens when a different user tries? If all user logons fail, it is a different issue. What updates were made to the system when this started happening?

The message is a TSO message (specifically from the logon command processor), not a RACF one. My manual says the message number should be 56443, not 6644. Which version of TSO are you running? The message addresses a reconnect issue. What happens when the user logs on without specifying reconnect?

Does your system have only one user with SYSTEM SPECIAL? Another user with proper authority should be able to resume the revoked user.

Are batch jobs being affected? If not, the problem may be limited to TSO. A batch job may be able to resume the user
Post by Charles Mills
-----Original Message-----
Behalf Of saurabh khandelwal
Sent: Saturday, August 04, 2018 4:20 AM
Subject: RACF Special User Revoked System
Hello Group,
We are facing issue that someone by mistake used wrong password on special
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see any
outstanding message on console related to this special user. But when this
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY
RACF
Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we can
use from console to make the system available for rest of users.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
saurabh khandelwal
2018-08-04 16:41:13 UTC
Permalink
Raw Message
Thanks for reply.

Special user is getting below message

IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF

and any other TSO user getting

IKJ56425I LOGON REJECTED, RACF TEMPORARILY REVOKING USER access
IKJ56418I CONTACT YOUR TSO ADMINISTRATOR

I dont see any WTOR message for revoking or any such message for speical
user and notbody else replied on any such WTOR.

What i remember is, until this speical user is able to login or we get WTOR
and reply , nobody else will be able to login to system even any other
special user also .

Please correct, if my understanding is wrong and suggest.
Post by retired mainframer
When an incorrect password is entered the requisite number of times for a
user with SYSTEM SPECIAL, a WTOR is presented to the operator. The user is
not revoked unless the operator responds to that WTOR specifying the user
should be revoked. If that is indeed what happened, the operator needs
some additional training.
The fact that one user has been revoked should not prevent any other user
from logging on. What happens when a different user tries? If all user
logons fail, it is a different issue. What updates were made to the system
when this started happening?
The message is a TSO message (specifically from the logon command
processor), not a RACF one. My manual says the message number should be
56443, not 6644. Which version of TSO are you running? The message
addresses a reconnect issue. What happens when the user logs on without
specifying reconnect?
Does your system have only one user with SYSTEM SPECIAL? Another user
with proper authority should be able to resume the revoked user.
Are batch jobs being affected? If not, the problem may be limited to
TSO. A batch job may be able to resume the user
Post by Charles Mills
-----Original Message-----
Behalf Of saurabh khandelwal
Sent: Saturday, August 04, 2018 4:20 AM
Subject: RACF Special User Revoked System
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by Charles Mills
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see
any
Post by Charles Mills
outstanding message on console related to this special user. But when
this
Post by Charles Mills
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY
RACF
Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we can
use from console to make the system available for rest of users.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Wayne Bickerdike
2018-08-04 22:27:36 UTC
Permalink
Raw Message
You may need to respond to 30-40 WTORs to get into TSO after RVARY INACT.

Once you have access to TSO, you'll have to issue RVARY ACT command and
reply to any WTOR.

After that :

ALU userid RESUME PASSWORD(XXXXXXX) NOEXPIRE





On Sun, Aug 5, 2018 at 2:41 AM, saurabh khandelwal <
Post by saurabh khandelwal
Thanks for reply.
Special user is getting below message
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
and any other TSO user getting
IKJ56425I LOGON REJECTED, RACF TEMPORARILY REVOKING USER access
IKJ56418I CONTACT YOUR TSO ADMINISTRATOR
I dont see any WTOR message for revoking or any such message for speical
user and notbody else replied on any such WTOR.
What i remember is, until this speical user is able to login or we get WTOR
and reply , nobody else will be able to login to system even any other
special user also .
Please correct, if my understanding is wrong and suggest.
On Sat, Aug 4, 2018 at 6:45 PM, retired mainframer <
Post by retired mainframer
When an incorrect password is entered the requisite number of times for a
user with SYSTEM SPECIAL, a WTOR is presented to the operator. The user
is
Post by retired mainframer
not revoked unless the operator responds to that WTOR specifying the user
should be revoked. If that is indeed what happened, the operator needs
some additional training.
The fact that one user has been revoked should not prevent any other user
from logging on. What happens when a different user tries? If all user
logons fail, it is a different issue. What updates were made to the
system
Post by retired mainframer
when this started happening?
The message is a TSO message (specifically from the logon command
processor), not a RACF one. My manual says the message number should be
56443, not 6644. Which version of TSO are you running? The message
addresses a reconnect issue. What happens when the user logs on without
specifying reconnect?
Does your system have only one user with SYSTEM SPECIAL? Another user
with proper authority should be able to resume the revoked user.
Are batch jobs being affected? If not, the problem may be limited to
TSO. A batch job may be able to resume the user
Post by Charles Mills
-----Original Message-----
Behalf Of saurabh khandelwal
Sent: Saturday, August 04, 2018 4:20 AM
Subject: RACF Special User Revoked System
Hello Group,
We are facing issue that someone by mistake used wrong password on
special
Post by Charles Mills
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see
any
Post by Charles Mills
outstanding message on console related to this special user. But when
this
Post by Charles Mills
yser try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
Now, is there any way to solve this issue apart from flash copy of
older
Post by retired mainframer
Post by Charles Mills
RACF dataset disk . Is there any resume command or some thing else we
can
Post by retired mainframer
Post by Charles Mills
use from console to make the system available for rest of users.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Wayne V. Bickerdike

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Walt Farrell
2018-08-05 01:57:34 UTC
Permalink
Raw Message
Post by saurabh khandelwal
Thanks for reply.
Special user is getting below message
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
and any other TSO user getting
IKJ56425I LOGON REJECTED, RACF TEMPORARILY REVOKING USER access
IKJ56418I CONTACT YOUR TSO ADMINISTRATOR
If _all_ other TSO users are getting that message, the most common cause I can think of is that you set your system time/date incorrectly, probably far into the future.
Post by saurabh khandelwal
I dont see any WTOR message for revoking or any such message for speical
user and notbody else replied on any such WTOR.
What i remember is, until this speical user is able to login or we get WTOR
and reply , nobody else will be able to login to system even any other
special user also .
In general that is not true. There are specific cases where it might be true. For example, if a SPECIAL user entered too many incorrect passwords while logging onto CICS then all logons to that CICS region might be affected. But all logons to TSO should not be affected _unless_ all logons go through some kind of terminal manager application which single-threads logons. In that case the solution is to logon some other SPECIAL user without using that terminal manager.

As others have recommended you should contact the IBM for assistance.
--
Walt

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Steve Beaver
2018-08-08 13:39:33 UTC
Permalink
Raw Message
If you are NOT seeing the WTOR's, I would suggest bringing anything down that has the possibility of responding to console prompts.
And see if you see the prompts. You need basically a bare bones system with nothing running except TSO.

Then see if you can get in

-----Original Message-----
From: RACF Discussion List [mailto:RACF-***@LISTSERV.UGA.EDU] On Behalf Of Bogdan Belciu
Sent: Wednesday, August 8, 2018 2:20 AM
To: RACF-***@LISTSERV.UGA.EDU
Subject: Re: RACF Special User Revoked System

So in this case like any other case Google and RTFM works fine. For me, at
least.

https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.icha600/gk00567.htm
Here the last note is important.
So who stops someone to logon directly to TSO to an lpar from that RACFplex
or to that lpar using the emergency ID? Who said only CICS or IMS or ISM
should be used if they're locked by wtor? Or the thread opener has no idea
that tso logon exists aside from whatever they use there and it's locked.

Another link:
http://www-01.ibm.com/support/docview.wss?uid=swg21217240

And probably saurabh khandelwal who uses email
***@gmail.com (probably
his name from another life) asked the group without even trying to use the
emergency ID.
As I said, once the special user he mentioned was revoked whatever block
was in place for CICS or IMS or Session manager was long gone, as the
special user can't be revoked at logon without someone replying to WTOR.
End of story.
Post by saurabh khandelwal
Hello Group,
We are facing issue that someone by mistake used wrong password on special
user and this end up revoking anybody to login to our system .
RACF is not allowing anybody to login. But strange part is, we dont see any
outstanding message on console related to this special user.
But when this special user try to login to system we get below message,
IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
and any other TSO user getting
IKJ56425I LOGON REJECTED, RACF TEMPORARILY REVOKING USER access
IKJ56418I CONTACT YOUR TSO ADMINISTRATOR
Now, is there any way to solve this issue apart from flash copy of older
RACF dataset disk . Is there any resume command or some thing else we can
use from console to make the system available for rest of users.
I dont see any WTOR message for revoking or any such message for special
user and nobody else replied on any such WTOR.
What i remember is, until this special user is able to login or we get WTOR
and reply , nobody else will be able to login to system even any other
special user also .
Please correct, if my understanding is wrong and suggest.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Loading...