AFAIK, there is no shutting off SYSTEM SSL.
Years ago, and a few generations of Crypto adapters ago, we IPL’d before Crypto
adapters were fully initialized (there is a time factor when installing MCL’s),
and System SSL was “broken” from a TCPIP perspective. The fix was to recycle
TCPIP, we el
Reboot?
How???
Method 1: Logon to HMC and select Reboot. However no user can log on.
Method 2: unplug power from both power supplies. This is the thing I
described already and I don't want to perform. Note: SE (Primary or
Alternate) is a guest virtual machine of HMC.
Method 3: please advice.
L
Classification: Confidential
Reboot the hmc.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Radoslaw Skorupka
Sent: Monday, April 14, 2025 2:55 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: HMC hang up (z16)
[CAUTION: This Email is from outside the Organization. Unless
I misread the thread of conversation. Yeah, what we call a "long burn" (very
long MCL apply) can take as much as 15 minutes, so it is very well worth
waiting until MCL is fully applied and the cards are back to operational before
attempting to IPL.
That said, most of the crypto MCLs are concurr
I have observed the following problem:
HMC is hanging up.
I connect to HMC using web browser. So far so good.
Then I click "logon", type user and password and... nothing happens. For
hours.
The same problem occurs when I try to logon using local console.
The console is working, I can logon to SE
If I had access to that log, I'd look at it. Long gone, I'm afraid...not my
system. And I don't think they'd just IPLed when it went bad, though it's
possible.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Jousma, David
Sent: Monday, April 14, 2025 3:20 PM
To: IBM
That code won't work if the search string contains an ampersand.
Here's my riff on your macro:
/* REXX */
address ISREDIT
"MACRO (sstring)"
"(mylrecl) = LRECL"
istring = copies('=',mylrecl)
"SCAN OFF"
"FIND '&SSTRING' LAST"
do while rc = 0
do 3
"LINE_BEFORE .ZCSR = (istring)"
end
Eric, What I cut/pasted were “good” messages. I was only pointing out to Phil
where to go look in the TCPIP STC.When the issue occurred years ago, was
when ICSF was still on the customer to start, not autostarted by the OS. Our
usual MCL procedure, is to have everything installed, and the
From all of the appends, it's obvious that there are multiple solutions.
Looking at the broader topic, the NIST Cybersecurity Framework is an excellent
way to create and manage a resilient data framework. IBM offers many tools to
support the 5 phases - Identify, Protect, Detect, Respond, Recov
I haven't tried it, but it looks good. It could be tightened up, but probably
not worth it.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
From: IBM Mainframe Discussion List on behalf of
looks like an ICSF (CSF) issue.
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon *
nbsp; *|*
On Mon, Apr 14, 2025 at 9:24 PM Jousma, David <
01a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote:
> Loo
Look at the pre-IPL TCPIP STC output, and compare to current.
It was the messages in and around here that were bad
System SSL: SHA-1 crypto assist is available
System SSL: SHA-224 crypto assist is available
System SSL: SHA-256 crypto assist is available
System SSL: SHA-384 crypto assist is availa
Thanks. This might be the answer, though I may not be able to tell.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Jousma, David
Sent: Monday, April 14, 2025 2:11 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: GSK question
AFAIK, there is no shutting off SYSTEM SSL.
Autocorrect munging "TLS" repeatedly? No AT-TLS here.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
ITschak Mugzach
Sent: Monday, April 14, 2025 2:12 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: GSK question
It depends on how you implement told. If you use at-told,
It depends on how you implement told. If you use at-told, write a rule to
exclude the source, target, or port and refresh at-Tal.
If you are using the web enablement, you can use a par to ignore Tal's
setup. We use the enablement toolkit and have parm to control the protocol.
*| **Itschak Mugzach
Is there a way to turn off GSK (System SSL)? We have a customer who had a
problem where our STC suddenly wouldn't start: it would try to connect (to a
server off z/OS) and that would fail. Connectivity SEEMED ok otherwise, and of
course "nothing has changed". A gsktrace produced nothing. After s
I'm looking for an ISREDIT macro that will search for a specific string within
a member.
Whenever the string is found, the macro should insert three lines containing
only a series of === immediately before the matched line.
The macro should continue searching through the entire member
Keith,
Consolidating always brings to mind performance related questions. Need to
look at data usage patters of what is being consolidated (is it mainly system /
database / etc. related?). Be careful combining too much active data on single
/ few volumes ("spindles":-) and ensure active data
Boy, has this topic gotten a LOT of feedback.
First, WORM (or LWORM) is NOT the same as immutable. Since you can still append
more data to the tape file OR add additional tape files to the same volume.
Now, adding additional files to a tape is not as critical (if the file is not
open'ed; the d
Colin,
Visit https://www.cbttape.org/contribute.htm
Regards,
Mark Regan
On Mon, Apr 14, 2025 at 11:42 AM Colin Paice <
059d4daca697-dmarc-requ...@listserv.ua.edu> wrote:
> Mark,
>
> If someone can tell me how.. I can put it on the cbttape - I was hoping IBM
> would implement it themselves
Plan b) use https://colinpaice.blog/category/wireshark/zwireshark/ on z/OS
You can specify an IP address or port, and it produces a wireshark format
file which should have the info you need
Colin
On Mon, 14 Apr 2025 at 11:53, Lindy Mayfield <
05a2ba9c925b-dmarc-requ...@listserv.ua.edu> wrote:
Mark,
If someone can tell me how.. I can put it on the cbttape - I was hoping IBM
would implement it themselves!
Colin
On Mon, 14 Apr 2025 at 16:35, Mark Regan <
058035dd6b20-dmarc-requ...@listserv.ua.edu> wrote:
> Colin,
>
> Do you plan to submit zWireshark so it can be available at cbtta
Colin,
Do you plan to submit zWireshark so it can be available at cbttape.org?
Where I work, CBT Tape is considered a trusted source.
Regards,
Mark Regan
On Mon, Apr 14, 2025 at 8:07 AM Colin Paice <
059d4daca697-dmarc-requ...@listserv.ua.edu> wrote:
> Plan b) use https://colinpaice.blog
We have a client consolidating DS8000 hardware from many devices to a single
device. Changing from a 128base/128alias model to a 224base/32 alias model
along the way as well. Have defined 160 LSS's to receive 10K-15K volumes.
Is there value to spreading out the volume defines across many LSS's or
Thank you Kirk, and to all who answered me. I think I understand it now.
Some tcp/ip process I have appears to be opening a listen port, but only
briefly I think, so I cannot catch it with a netstat. That leaves me, I think,
with two other options, a ctrace, and for me they are a bit of a pita
25 matches
Mail list logo
