IBM Communications Server for Windows
Version 6.4.0.8 (FIXPACK 8)
Readme


© Copyright International Business Machines Corp. 2018
All Rights Reserved
Licensed Material - Property of IBM
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Table of Contents
1 About this release
New in this release, fix history, compatibility
2 Installation information
Hardware and Software requirements, installation
3 Uninstall information
4 Web site information
5 Release information
Features and capabilities for IBM Communications Server version 6.4.0.8, SNA API client and Remote Administration client
6 Limitations
7 Notices and trademarks


1 About this release
Communications Server for Windows provides SNA connectivity for Windows systems, allowing them to connect to IBM z/OS Communications Server and other SNA implementations that support LLC2, SDLC, X.25, and Enterprise Extender connections. Communications Server for Windows also provides an open adapter interface for OEM adapters.

IBM Communications Server for Windows Version 6.4.0.8 is an upgrade version of Version 6.4.0 through version 6.4.0.7, which provides the new functionality mentioned under section 1.1.

This document contains information supplementary to the online help and the publications. It describes the features such as newly-added functions, hints, tips, restrictions, and corrections.

Thank you for choosing IBM Communications Server!

[Return to top] [Table of Contents]


1.1 New in this release
IBM Communications Server for Windows Version 6.4.0.8 includes latest GSK support for


1.2 Product fix history

The following list of APARS are included in this release that have been provided as fixes since the distributed Communications Server v6.4.0 release:

Check the web sites listed in section 4 for the latest information about this product.

[Return to top] [Table of Contents]


1.3 Product compatibility
If you are using EE (HPR/IP) to z/OS v1r8, v1r9 or v1r10, you should have the fix for z/OS APAR OA26490 applied to the z/OS system. You can find the PTF level for this APAR in:

[Return to top] [Table of Contents]


2 Installation information
The Communications Server for Windows version 6.4.0.8 as a downloadable package. Please refer to the section below for Hardware, Software requirements and Installation information.

[Return to top] [Table of Contents]


2.1 Hardware requirements
Communications Server for Windows, SNA API Client, and Remote Administration client runs on any 32 bit operating system listed in section 2.2. Depending on the network environment and Windows platform used (workstation vs. server), a faster processor and larger memory may be necessary.

The SNA API Client will run in 32-bit compatibility mode on Windows 64-bit operating systems.

Communications Server require 5MB of disk space on a boot drive and 175 MB on any hard disk drive for permanent use.

SNA API client require 25 MB on any hard disk drive for permanent use.

[Return to top] [Table of Contents]


2.2 Software requirements
Microsoft operating systems:

Additionally:

One of the following browsers is required to install Communications Server using the launchpad:

Note :

[Return to top] [Table of Contents]


2.3 Installation
Subsection Table of Contents:
2.3.1 Installing the product
2.3.2 Installation considerations
2.3.3 Post-install cleanup
2.3.4 Product maintenance
2.3.5 Enabling Windows Installer logging

[Return to top of document] [Table of Contents]


2.3.1 Installing the product

Installation instructions are located in the Quick Beginnings book at http://www.ibm.com/software/network/commserver/windows/library/index.html

You can also view the Quick Beginnings documentation from the installation package.

[Return to top of subsection] [Return to top of document] [Table of Contents]

2.3.2 Installation considerations

Close other applications
Because Communications Server interacts with several products that might be installed on your system and requires a reboot, you must close other applications before you install Communications Server.
CD Autorun
Windows can invoke the LaunchPad automatically to install Communications Server for Windows if the Autorun feature is enabled for Windows Server 2003 (Standard Edition or Enterprise Edition) or Windows Server 2008. This function can also be used to install the SNA API client on Windows Server 2003 (Standard Edition or Enterprise Edition), Windows Server 2008, Windows Vista, Windows 7 and Windows 8.
Communications Server and Microsoft Host Integration Server
Communications Server and Microsoft Host Integration Server cannot be installed on the same primary partition. Many of the common services that overlap between the products are not cross-product compatible.
Required administrative user rights
A Communications Server administrative user should have the Load and unload device drivers advanced user right, as specified in the Windows User Manager. See the Policies > User Rights menu, with Show Advanced User Rights checked. You can explicitly add this right for each user. You can also add this user right to the IBMCSADMIN user group.
Domain controller installation
When installing Communications Server on a primary or backup domain controller, the user defined in the Domain controller should be part of IBMCSADMIN and IBMCSAPI groups.

[Return to top of subsection] [Return to top of document] [Table of Contents]

2.3.3 Post-install cleanup

Reboot is required after server installations.

[Return to top of subsection] [Return to top of document] [Table of Contents]

2.3.4 Product maintenance

This Communications Server for Windows 6.4.0.8 release is available as a full media product refresh or as a fixpack download. If you are planning to install for the first time or replace an existing CS Windows, then the no previous version of the product is required. To install the full product, remove any CS Windows already installed prior to installing this V6.4.0.8 release.
If you plan to install only the fixpack download package, a version V6.4.0, V6.4.0.1, ..., V6.4.0.7 is required to already be installed. Only fixpacks greater than FixPack 8 should be installed after this installation.

IBM provides corrective maintenance through:

APAR and CSD availability

APAR Fix:

Communications Server ships individual APAR fixes to resolve product defects. An APAR fix against a specific component will supersede previous APARs in that component. APAR fixes also require that the latest CSD be installed.

CSD:

A CSD is a product refresh with all cumulative APARs. It is a full install but installs the refresh CSD in the same directory with the same features as the prior level after uninstalling the prior level.

Refer to Section 1.2 above for the list of APARs that are provided in the release found on this CD.

You can find the latest fixpacks and CSDs for Communications Server for Windows under the Product Group "Other Software" located at Fix Central : http://www.ibm.com/support/fixcentral/

NOTE:

CS/Windows does NOT support in place migration. You are required to un-install the CS/Windows prior to installing higher version of the product. This is applicable to full product installation and not applicable to traditional fixpack installation.

[Return to top of subsection] [Return to top of document] [Table of Contents]

2.3.5 Enabling Windows Installer logging
Logging the installation of Communications Server products is specified when the install is invoked, either from the Launchpad or from the command line with logging explicitly specified.

For Windows Installer 4.0 on Windows Vista and greater, Communications Server products have verbose logging of the install/uninstall enabled by default. However, for Windows systems prior to Vista, by default, uninstalls initiated from "Add or Remove Programs" will not be logged.

Earlier systems need the following entry added to the machine's registry in order to log uninstalls from "Add or Remove Programs":

See Microsoft's How to enable Windows Installer logging website for more details: http://support.microsoft.com/kb/223300

In order to log an uninstall, before uninstalling for any of the three Communications Server products, run msilogging_add.reg which is installed under Tools under the main Communications Server install directory to update the registry.

Note: Since Windows Installer logging applies to all products which are installed/uninstalled on the system, leaving this logging enabled can affect performance and disk space.

After uninstalling, run msilogging_remove.reg to remove the entry. Even though the product has been uninstalled, the msilogging files will still be under Tools under the main Communications Server install directory. These files are not uninstalled with the product.

The install logs will be in the log directory specified when installing the product. When the product is uninstalled using "Add or Remove Programs", the uninstall log will be under the machine's TEMP directory. The log file name will have the format MSI***.log where *** is some number. Use the datestamp to determine which file corresponds to the Communications Server uninstall.

[Return to top of subsection] [Return to top of document] [Table of Contents]


3 Uninstall information

Removing previous versions of Communications Server

Communications Server version 6.1.2 APAR JR21546 provides a cleanup package that removes 6.1.2 and prior level Communications Server code and registry information. To ensure a complete un-installation of prior Communications Server product, you can download the cleanup package (JR21546) from http://www.ibm.com/support/docview.wss?rs=2262&uid=swg24009834

Un-installation instructions are located in the Quick Beginnings book at http://www.ibm.com/software/network/commserver/windows/library/index.html

You can also view the Quick Beginnings from the installation media.

If Personal Communications is installed on the same machine as Communications Server, you must uninstall Personal Communications before uninstalling Communications Server.

If Personal Communications cannot be successfully uninstalled, go to the following Communications Server support page and search Technotes for additional information:
http://www.ibm.com/support/search.wss?tc=SSHQNF&rs=2262&rank=8&dc=DB520+D800+D900+DA900+DA800+DB560&dtm

All applications using Communications Server should be terminated before you attempt to uninstall the product. Attempting to uninstall Communications Server while an application (such as APING or Personal Communications) is running will cause the uninstall to hang until the application is terminated.

[Return to top] [Table of Contents]


4 Web site information
Product information
For the latest information about the IBM Communications Server family of products, visit the Communications Server Web site at http://www.ibm.com/software/network/commserver.

This Web site provides information and links to headline information, specification sheets, frequently asked questions, education, and much more.

Product support
For the latest support information, visit the Communications Server Support Web site at http://www.ibm.com/software/network/commserver/support.

This Web site provides information and links to code fixes, tips, newsgroups, maintenance, and much more.

Technical notes
Search Technotes in the IBM Support database at http://www.ibm.com/support/search.wss?tc=SSHQNF&rs=2262&rank=8&dc=DB520+D800+D900+DA900+DA800+DB560&dtm

FixCentral
For the latest Fixpack, CSD or update release information for Communications Server for Windows, look under the Websphere brand located at Fix Central:
http://www.ibm.com/support/fixcentral/

[Return to top] [Table of Contents]


5 Release information

Subsection Table of Contents:
5.1 Features and capabilities of version 6.4.0.8
5.2 SNA API Client
5.3 Remote administration
5.4 APINGD Configuration

[Return to top] [Table of Contents]


5.1 Features and capabilities of version 6.4.0.8

Subsection for features and capabilities of version 6.4.0.8

5.1.1 Support for GSKit v8 maintenance stream 8.0.50.86 and Intrusion Detection Service
Subsection for features and capabilities of version 6.4.0.7

5.1.2 Support for GSKit v8 maintenance stream 8.0.50.57
Subsection for features and capabilities of version 6.4.0.6

5.1.3 Support for GSKit v8 maintenance stream 8.0.50.31

Subsection for features and capabilities of version 6.4.0.5
5.1.4 Support for GSKit v8 maintenance stream 8.0.50.5

Subsection for features and capabilities of version 6.4.0.4
5.1.5 RTP_TUNING Parameter changes

Subsection for features and capabilities of version 6.4.0.3
5.1.6 Support for GSKIT 8 and TLS 1.2

Subsection for features and capabilities of version 6.4.0.2
5.1.7 LU62 INIT SELF ENQUEUE Option.
5.1.8 Support for GSKIT TLS Renegotiation weak security

Subsection for features and capabilities of version 6.4.0.1 and 6.4.0
5.1.9 IPv6 support for TN3270E and SNA API Client
5.1.10 APPC Cancel Conversation support
5.1.11 Transaction Program Synchronization enhancement
5.1.12 Add support for suppressing PU name on ACTPU
5.1.13 Progressive ARB
5.1.14 Path Switch Delay
5.1.15 Disable remote activation support for the link
5.1.16 Active LUs display

5.1.1 Support for GSKit v8 maintenance level 8.0.50.86 and Intrusion Detection Service
The Communications Server for Windows v6.4.0.8 media pack contains the full release level of the product that supports GSKit 8 level 8.0.50.86. This level includes a fix for the "Sweet 32" vulnerability for TDES cipher (CVE-2016-2183). Also, the APAR JR57984 fixes an initialization problem when TLS 1.2 is used for TN3270E secure connections where not all the cipher options were made available.

The GSKit package for CS Windows is included in the full package refresh image found on Fix Central and in the entitled APAR JR57874, also found on Fix Central. The Fixpack package that provides the partial fix installation to bring an existing Communications Server for Windows install to the 6.4.0.8 level does not include the JR57874, or GSKit 8.0.50.86 level. If the Fixpack installation package is installed, the JR57874 will also need to be installed to set the TN3270 Server SSL level to 8.0.50.86.

APAR JR58742 - SUPPORT FOR 3270 INTRUSION DETECTION SERVICE:

The Communications Server for Windows V6.4.0.8 can support z/OS APARS for 3270 Intrusion Detection Service. The z/OS Communications Server that the Communications Server for Windows TN3270 Server connects to must support one of the pairs of APARs listed below or z/OS level:


    - OA49911 and OA50623
    - OA48802 and OA50623
    - z/OS 2.3

The 3270 IDS for the Communications Server for Windows TN3270 Server will prohibit TN3270 clients from queuing responses and data to the host. This function may change the behavior of some existing client/server flows. Be aware that the change may be needed to detect 3270 data intrusion violations. To set the 3270 IDS support for a Communications Server for Windows TN3270 Server implementation, set the following environment variable:


set TN_INTRUSION_DETECTION=TRUE

After setting this variable in the environment file, the communications server must be stopped and restarted. This will configure the TN3270 Server to prevent clients from queuing responses and data to the host that could cause z/OS Communications Server 3270 IDS to flag a violation.

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.2 Support for GSKit v8 maintenance level 8.0.50.57
The Communications Server for Windows v6.4.0.7 media pack contains the full release level of the product that supports GSKit 8 level 8.0.50.57. This level fixes a problem where TLS 1.2 clients may be allowed ciphers that are not specified correctly. This fix makes sure that only TLS 1.2 allowed ciphers are available for negotiations. The Communications Server for Windows 6.4.0.7 also include other APARs that remove less secure ciphers such as RC4, and specifies more higher secure ciphers.

The GSKit package for CS Windows is included in the full package refresh image found on Fix Central and in the entitled APAR JR55055, also found on Fix Central. The Fixpack package that provides the partial fix installation to bring an existing Communications Server for Windows install to the 6.4.0.7 level does not include the JR55055, or GSKit 8.0.50.57 level. If the Fixpack installation package is installed, the JR55055 will also need to be installed to set the TN3270 Server SSL level to 8.0.50.57.

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.3 Support for GSKit v8 maintenance level 8.0.50.31
The Communications Server for Windows v6.4.0.6 media pack contains the full release level of the product that supports GSKit 8 level 8.0.50.31. This GSKit update addresses multiple issues, including: a crash in TN3270 Server function with a large number >1500 of SSL sessions under stress. In order to use GSKit 8 level 8.0.50.31, you will need to order this media pack and install the product. The Fixpack 6.4.0.6 (Fixpack 6) does not contain the GSKit 8 release package.Hence, the product upgrade with fixpack will maintain at the GSK level, where the IBM Communications Server installed with media pack.

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.4 Support for GSKit v8 maintenance level 8.0.50.5
The Communications Server for Windows v6.4.0.5 media pack contains the full release level of the product that supports GSKit 8 level 8.0.50.5 . In addition to this support, GSKit 8 provides the ability to negotiate higher ciphers for SSL communinications with TN3270 clients. In order to use GSKit 8 level 8.0.50.5, you will need to order this media pack and install the product. The Fixpack 6.4.0.5 (Fixpack 5) does not contain the GSKit 8 release package.Hence, the product upgrade with fixpack will maintain at the GSK level, where the IBM Communications Server installed with media pack.

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.5 RTP_TUNING Parameter Changes
Communications Server for Windows v6.4.0.4 provides lower upper limits of two APPN protocol timers detailed below.

MAX_SHORT_REQ_TIME:
Required
Keyword Type       Unsigned Number
Default            8000
Range              5-24000
Multiples Allowed? No
The RTP protocol uses a timer called the Short Request Timer. The value of the timer is calculated as part of the protocol, but MAX_SHORT_REQ_TIME specifies a maximum value in milliseconds, beyond which the timer cannot increase. In some situations, setting this maximum value can improve performance. Setting a value of 0 means that the timer is not limited and can take any value calculated by the protocol. The minimum value is 5 milliseconds, with a default value of 8000 milliseconds. If the specified value is 1-4 milliseconds, a value of 5 milliseconds is used.

MAX_REFIFO_TIME:
Required
Keyword Type       Unsigned Number
Default            4000
Range              5-12000
Multiples Allowed? No
The RTP protocol uses a timer called the Re-FIFO Timer. The value of the timer is calculated as part of the protocol, but MAX_REFIFO_TIME specifies a maximum value in milliseconds, beyond which the timer cannot increase. In some situations, setting this maximum value can improve performance. Setting a value of 0 means that the timer is not limited and can take any value calculated by the protocol. The minimum value is 5 milliseconds, with a default value of 4000 milliseconds. If the specified value is 1-4 milliseconds, a value of 5 milliseconds is used.

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.6 Support for GSKIT 8 and TLS 1.2
The Communications Server for Windows v6.4.0.3 media pack contains the full release level of the product that supports GSKit 8 and TLS 1.2. In addition to this support, GSKit 8 provides the ability to negotiate higher ciphers for SSL communications with TN3270 clients. In order to use GSKit 8 with TLS 1.2, you will need to order this media pack and install the product. The Fixpack 6.4.0.3 (Fixpack 3) does not contain the GSKit 8 release package. The fixpack will support the GSKit update mentioned in section 5.1.6. The additional parameters mentioned for the GSKit update in section 5.1.6 also apply to GSKit 8 and TLS 1.2 support.

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.7 LU62 INIT SELF ENQUEUE Option
When dependent LU6.2 sessions are activated from CS/Windows, an INIT-SELF message is sent to VTAM. In CS/Windows 6.4.0.2, the format of the INIT-SELF message was altered to not queue multiple INIT_SELF. If this LU62_INIT_SELF_ENQUEUE flag is set(LU62_INIT_SELF_ENQUEUE=1) then CS/Windows will use the Old format of the INIT-SELF which included the ENQUEUE parameter. The LU62_INIT_SELF_ENQUEUE in the .ACG file is part of the NODE definition.

The following example shows the .ACG file entry.

     NODE=(
ANYNET_SUPPORT=NONE
CP_ALIAS=A
DEFAULT_PREFERENCE=NATIVE
DISCOVERY_SUPPORT=NO
DLUR_SUPPORT=MULTI_SUBNET
FQ_CP_NAME=A.A
ARB_SUPPORT=ANY
LU62_INIT_SELF_ENQUEUE=1
GVRN_SUPPORT=0
SUPPRESS_LUWID=0
NO_PUNAME_TO_HOST=0
DLUR_REX_PACING_SUPPORT=0
MAX_LOCATES=150
MAX_LS_EXCEPTION_EVENTS=200
NODE_ID=05D00000
NODE_STYLE TYPE=END_NODE
REGISTER_WITH_CDS=1
REGISTER_WITH_NN=ALL
SEND_TERM_SELF=0
SLI_CLOSE_SYNC_SUPPORT=0
TP_SECURITY_BEHAVIOR=VERIFY_EVEN_IF_NOT_DEFINED
)
[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.8 Support for GSKIT TLS Renegotiation weak security
In Fixpack 6.4.0.2, the GSKIT package used for handling SSL secure sessions has a vulnerability update also included in the refresh image. If the CS/Windows product is using TN3270 Server with SSL support enabled, then the GSKIT APAR should be applied or required to install CS/Windows freshly using the Fixpack2 refresh image.

After installing CS/Windows Fixpack level 6.4.0.2, or later, and gskbas-7.0.4.27, you can override the new default by setting appropriate value to the RENEGOTIATION key in the TN3270_PORT_DEF section in the config file. RENEGOTIATION takes the value NONE (default), ABBREVIATED, FULL.

There are 3 possible functions of the gskit library.
(a) NONE                  : No renegotiation permitted  
(b) ABBREVIATED  : Abbreviated renegotiation permitted
(c) FULL                   : Full (or abbreviated) renegotiation permitted.

The default is NONE.

TN3270_PORT_DEF=(
     PORT=800
     SECURITY=1
     CLIENT_AUTHENTICATION=1
     SECURITY_LEVEL=HIGH
     RENEGOTIATION=NONE
)

The Communications Server for Windows provides secure encryption and authentication for TN3270 Server clients by using Secure Socket Layer(SSL). The SSL support is provided by the GSKIT common component from IBM (package name gskta). Refer to the document, JR36023_TLS_SSLv3_Update_CS.pdf, provided with this APAR on Fix Central or on the CS/Windows media provided through Fix Central or Passport Advantage. The JR36023 APAR can be found on the Communications Server for Windows product under the brand "WebSphere" on Fix Central at: http://www.ibm.com/support/docview.wss?rs=2262&uid=swg1JR36023

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.9 IPv6 support for TN3270E and SNA API Client
TN3270E server supports both IPv4 and IPv6 client, provide IPv6 protocol installed on the server machine. IPv6 protocol can be installed on Windows XP and later release of Windows operating system. IBM SNA API Client also enabled IPv6 support.

NOTE: AnyNet SNA over IP does not support IPV6 addressing. The AnyNet function in the Communications Server for Windows is being sunset in the next release. You should plan to replace this function with Enterprise Extender or the use of a SNA API Client implementation.

[Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.10 APPC Cancel Conversation support
The CANCEL_CONVERSATION verb is a control verb that will cancel a connection between a local LU and partner LU using a specific transaction program (tp_id) and a conversation (conv_id).

The definition of the VCB structure for the CANCEL_CONVERSATION verb is as follows:

typedef struct cancel_conversation{
         unsigned short opcode;      /* verb operation code */
         unsigned char opext;        /* verb extension code */
         unsigned char format;       /* format */
         unsigned short primary_rc;  /* primary return code */
         unsigned long secondary_rc; /* secondary return code */
         unsigned char tp_id[8];     /* TP identifier */
         unsigned long conv_id;      /* conversation identifier */
       } CANCEL_CONVERSATION;

    Please refer the Client/Server programming guide for usage of this verb.
 [Return to top of subsection] [Return to top of document] [Table of Contents]

5.1.11 Transaction Program Synchronization enhancement
Previous versions of Communications Server for Windows supports only three (Any, None & Confirm ) synchronization level. Added two more synchronization (SYNCPT Negotiable and SYNCPT Required ) to the transaction program definition.
  • SYNCPT Negotiable : The transaction program supports a synchronization level of None, Confirm, or Sync-point.
  • SYNCPT Required    : The transaction program supports a synchronization level of Sync-point.

    The required synchronization level can be selected, when defining the Transaction Program from the basic panel of Node configuration application.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

  • 5.1.12 Add support for suppressing PU name on ACTPU
    In general, Communications Server for Windows identifies the PU name in the REQACTPU message when activating DLUR PUs. Set the NO_PUNAME_TO_HOST keyword to suppress sending this identification. The NO_PUNAME_TO_HOST in the .ACG file is part of NODE definition.

    This parameter can set/unset in the Configuration GUI under the Node definition Advanced panel, as well as in the .ACG file.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.1.13 Progressive ARB
    IBM Communications Server for Windows normally advertises support on RTP connections for all available ARB algorithms: standard, responsive mode, and progressive mode. To use normal RTP processing, so that Communications Server for Windows will use the best available RTP mechanism according to the capability of the remote system, set this parameter to ANY.

    To customize RTP operation, specify one of the following values for the above ARB_SUPPORT keyword in NODE section:

  • FORCE_STANDARD_ARB:  If this value is set, Communications Server for Windows will only advertise support for the standard ARB algorithm, and not the responsive mode or progressive mode algorithm.
  • NO_PROGRESSIVE_ARB:  If this value is set, Communications Server for Windows will advertise support for the standard and responsive mode ARB algorithms but not for the progressive mode algorithm.
  • [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.1.14 Path Switch Delay
    Minimum delay in seconds before a path switch occurs in RTP connections. Specifying a delay avoids unnecessary path switch attempts caused by temporary resource shortages at the remote system, in particular when there is no other route available.

    The default value for this parameter is zero, indicating that a path switch attempt can occur as soon as the protocol indicates it is required.

    Please refer chapter 23. RTP_TUNNING section in Configuration File Reference manual for more information.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.1.15 Disable remote activation support for the link
    A new parameter, DISABLE_REMOTE_ACT, has been added to the Link definition record. It prevents activation of the Link Station by the remote node. Possible values are:

    The DISABLE_REMOTE_ACT in the .ACG file is part of LINK_STATION definition. This parameter can be set/unset in the Link Station definition under reactivation panel.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.1.16 Active LUs Display
    Now, csdisplay can display all the LUs used by the LUA application or by the TN3270 Sessions with the new option of ALU. To check the active LUA & TN3270E session, type "csdisplay ALU" from the Windows command prompt.

    Example output of the "csdisplay ALU" as follows:

    a) When there is one LUA SSCP-LU and one LUA LU-LU Session active.
    csdisplay ALU

    LU Name LUNAME05
    PU Name PUNAME
    NAU Address 5
    Session Type LU-LU

    LU Name LUNAME09
    PU Name PUNAME
    NAU Address 9
    Session Type SSCP-LU

    Configured LUs 15
    Active LUs 9
    LUA(SSCP) 1
    LUA(LU-LU) 1
    TN3270(SSCP) 0
    TN3270(LU-LU) 0

    b) When there is one SSCP-LU TN3270 and one LU-LU TN3270 Session type.
    csdisplay ALU

    LU Name BASELU02
    PU Name PUNAME
    NAU Address 2
    Session Type TN3270E SSCP-LU, 9.122.19.106

    LU Name BASELU03
    PU Name PUNAME
    NAU Address 3
    Session Type TN3270E LU-LU, 9.122.19.106

    Configured LUs 15
    Active LUs 9
    LUA(SSCP) 0
    LUA(LU-LU) 0
    TN3270(SSCP) 1
    TN3270(LU-LU) 1

    c) When there is no SSCP Connected LUs or active LUA Application Sessions or active TN3270 Session.
    csdisplay ALU

    Configured LUs 15
    Active LUs 9
    LUA(SSCP) 0
    LUA(LU-LU) 0
    TN3270(SSCP) 0
    TN3270(LU-LU) 0

    [Return to top of subsection] [Return to top of document] [Table of Contents]


    5.2 SNA API Client
    Subsection Table of Contents:
    5.2.1 Application does not restart
    5.2.2 Multi-user support
    5.2.3 Configuration on Windows Terminal Client (WTC)
    5.2.4 Tracing and Message logging notes for SNA API Client
    5.2.5 LDAP Directory Server modifications
    5.2.6 SNA API Client Authentication variables support

    5.2.1 Application does not restart

    If your application does not restart correctly after a SNA API Client connection to the server is lost, then the SNA API Client DLLs may not have been unloaded correctly from memory and/or application may not be terminated. In this case, the application might not restart even after the connection is re-established. If this occurs, either you should manually terminate the SNA API Client applications or use the command line utility resetapi.exe, which terminates the SNA API Client applications, without requiring a reboot of the client.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.2.2 Multi-user support

    Systems running in Windows Terminal Server (WTS) environment with SNA API client can support multiple users. The following is a scenario for using a Windows Terminal server Clients such as Remote Desktop with a connection to a WTS with Personal Communications with SNA API Client in a multi-user environment.

    Remote Desktop Clients <====> WTS with Personal Communications and SNA API Client <====> CS/Windows <====> z/OS host

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.2.3 Configuration on Windows Terminal Client (WTC)

    No special configuration is required on the WTC. Log on to WTS using the Remote Desktop client or any other WTC software. Use the configured Personal Communications session defined on the WTS.

    Configuration on WTS is as follows:

    1. Configure SNA API client for LUA sessions. This configuration can be done for each user.
      1. Choose Local INI configuration.
      2. Configure global data such as User ID, Password, and so on. For additional details, refer to the Quick Beginnings document.
      3. Create an LUA definition which includes LUA session name, server IP address, and so on. For additional details, refer to the Quick Beginnings document.
      4. Save the configuration.
        • If you want to save this configuration for a particular user, create a directory in that user's name (for example, user1) and store the configuration file in the name of that user (for example, user1.ini). To complete the configuration, see item 3 below, "To configure a different .INI file for each user."
        • If you want the configuration to be same for all users, store the file in the default location under the default name. The only change is the support of multiple user configuration.
    2. Configure Personal Communications to use SNA API client. The procedure is same as before, with or without WTS support.
      1. Choose the API client interface.
      2. Choose the LUA0,1,2,3 via WINRUI attachment.
      3. Click Link parameters and choose the name of the session configured in SNA API client.
      4. Maintain the default values for other settings.
    3. To configure a different .INI file for each user, do the following:
      1. Log on to the system as the user for which the .INI file needs to be configured.
      2. Go to the System Properties > Advanced panel and click Environment variables.
      3. Click User Variables > New.
      4. Type CSNTAPI for the variable value and enter the path of the .INI file.

        For example, if the user 1 configuration is located in the file C:\user1\user1.ini and the user 2 configuration is located in C:\user2\user2.ini, the configuration is as follows:

        • For user 1, type CSNTAPI for the variable value and C:\user1\user1.ini for the path
        • For user 2, type CSNTAPI for the variable value and C:\user2\user2.ini" for the path

    There is no other change to the configuration procedure. The configuration of LUA sessions, transaction programs, and so on remain unchanged. The Personal Communications configuration does not need to be changed. The steps for configuring Personal Communications or any LU application remain the same.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.2.4 Tracing and Message logging notes for SNA API Client

    • If the Trace Facility All API Traces option is chosen, the debug traces also get logged in the pcatrace.dat file. When collecting debug traces, select the All API Traces option. Click Start to begin the trace. The debug trace will stop once the tracing is stopped or the user exits from the Trace Facility GUI.
    • Message logs are always stored in the MsgLog.dat file. Message log files (MsgLog.dat) will be collected in 2 files of size 131 KB each. This is to reduce the size of each Message log file and hence make it easy to manage. Infobundler will collect both the Message Log files.
    • Trace can be started by administrator as well as non-administrators.
    • The detailed trace (pcatrace.dat) will be collected in multiple files. By default each file is of size 100K, and the maximum number of files is 999.
    • The default values (file size and maximum number of files) can be changed with the command tracedg /s FileSize /n MaxNum. This value is global. The value set by one user will affect all the users.

      For example, tracedg /s 92160 /n 20 will create each pcatrace file of size 90k, and the maximum number of files that will be created is 20. After 20 files, the first file will be over-written.

    • The default location for Msglog.dat and pcatrace.dat is the directory specified by "APPDATA" (this will be collected separately for each user). This can be changed by setting the CSNTAPITRCLOG environment variable.
    • Infobundler is provided with this version to capture key client files required for problem diagnoses. It should be run and output sent whenever pursuing a problem with IBM. To run the infobundler, go to the SNA API Client installation directory (eg: C:\CSNTAPI) from command line. Run INFOB.exe from command line. For example:

      C:\>INFOB

      It will go through a series of 13 steps and finally collect the information (11 documents mentioned below) in cspd.exe. cspd.exe will be located in the installation directory ( default C:\Program Files\IBM\CS SNA API Client).

      For any problem reported, please run infobundler and send IBM support cspd.exe file.

      The summary of features of the Infobundler for SNA API Client is as follows:

      1. Bundle MsgLog.dat (error message log file(s))
      2. Bundle pcatrace.dat (debug trace data file(s))
      3. Bundle CSNTAPI.TRC (unformatted trace data file)
      4. Bundle CSNTAPI.FMT (formatted trace data file)
      5. Bundle APIERROR.LOG (api error log file)
      6. Bundle Eventlogs
      7. Bundle Dr.Watson Log
      8. Bundle CSNTAPI.INI
      9. Bundle all the Registry Keys. Note that the user environment variables and system environment variables are part of the Registry settings. The user environment variables will correspond to the user running the Infobundler.
      10. Bundle CSNTAPI directory listing
      11. Bundle Windows\system32 directory listing. This will be helpful in determining if the application is using the WINRUI32.DLL, WINAPPC32.DLL etc. from SNA API Client installation or Microsoft Windows installation. We have observed that if these APIs are used from Microsoft Windows installation, the application does not work.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.2.5 LDAP Directory Server modifications

    SNA API client configuration information can be kept in an LDAP directory. The supported directory servers for this release are Netscape Directory Server Version 4.0, IBM Directory Server Version 3.1.1, and Lotus Domino Version 5.0.

    Schema extensions are provided for Netscape Directory Server and must be added to the server configuration before configuring the SNA API clients. The other supported directory servers already contain the necessary schema definitions. Access control for entries and attributes must be controlled using the directory server's administration utility.

    The SNA API LDAP configuration utility allows you to modify the extended entries. The user ID used with this utility must have access to write entries into the directory. You can use the directory administrator ID (which has these permissions) when executing the client configuration utility.

    To add the schema extensions to the Netscape server, add the following lines to the slapd.conf file, which is located in the \config directory of the Netscape directory server.

    include ibmcs-oc-ns.conf
    include ibmcs-at-ns.conf

    The exact path name of this directory is dependent on where the directory server is installed and the name of the directory server. See the following example:

    drive_letter:\netscape\suitespot\slapd-hostname\config

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.2.6 SNA API Client Authentication variables support
    The SNA API Client design is to assume authentication has previously occurred, so the SNA API Client only passes the userid and no password to the server. If this fails, then the SNA API Client tries to authenticate again, this time passing both the userid and password to the server.

    When the SNA API Client is configured to use userid and password to authenticate to the CSWIN Server, authentication failures for that userid may be seen in the Windows security event log. This behavior is very old, and changing it could risk breaking existing environments that are working. An option to change this behavior has been introduced:

  • If the system environment variable CS_CLIENT_AUTHENTICATE_KEY is give the value "TRUE", both the userid and password will be sent on the initial authentication attempt. A reboot may be required for this environment variable setting to take effect.
  • To restore the original behavior, remove this environment variable, then reboot.
  • [Return to top of subsection] [Return to top of document] [Table of Contents]


    5.3 Remote administration

    5.3.1 Accessing the message log file

    You can review the message log file on a remote machine where Communications Server is installed. Map the drive where Communications Server is installed. Then open the Communications Server Log Viewer application and open the remote log file pcwmsg.mlg.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    5.3.2 Administering different server versions

    Remote configuration can only configure a Communications Server of the same version level. For example, Version 6.4 remote configuration can only configure a Version 6.4 Communications Server node.

    [Return to top of subsection] [Return to top of document] [Table of Contents]


    5.4 APINGD Configuration
    In order to do an APING to a SNA node, APINGD TP (Transaction Program) must be defined correctly in the configuration file. When a new configuration file is created, an APINGD TP is defined in the directory that Communications Server is installed. If a configuration file is copied from another machine or another release and the current installation directory is not same as prior install, then the pathname for APINGD needs to be updated. For example, if a version 6.1.3 configuration file with default install path C:\IBMCS is going to be used by 6.4 with default install path C:\Program Files\IBM\Communications Server, then change:
    PATHNAME=C:\IBMCS\apingd.exe
    to
    PATHNAME=C:\Program Files\IBM\Communications Server\apingd.exe

    This can be changed by either editing the .acg configuration file or from the configuration GUI under "CPIC and APPC -> Transaction Programs."

    [Return to top of subsection] [Return to top of document] [Table of Contents]


    6 Limitations

    6.1 SLP and different encryption levels

    A client session that targets a High Security TN3270 port with an SLP query might be connected to an Authenticate Only TN3270 port, or vice versa, if both are configured on the same server.

    Communications Server for Windows allows you to configure various levels of encryption (High, Medium, Authenticate Only) for a TN3270(E) or TN5250 port definition. These encryption levels are found in the Security panel of the Define TN3270 Port Definitions dialog.

    Some TN3270 or TN5250 clients (such as Host On-Demand Version 5) do not make full use of the SSLv3 information that Communications Server advertises in an SLP packet. These clients connect to the first port with the SSL level, scope, pool, and load that they requested, without regard to the encryption level. The resulting connection might result in a session connecting to a port with a different encryption level than intended.

    To avoid this situation, use only one encryption level (High, Medium, or Authenticate Only) for each machine or scope. Ports on a given server can be uniquely targeted by enabling and disabling Security and Client Authentication.

    [Return to top of subsection] [Return to top of document] [Table of Contents]

    6.2 SNA API Client Usage

    SNA API Clients are suitable for branch environments where there are low numbers of users connecting through the SNA API Client. If you are consolidating multiple branches to a data center, or using a web server application, it is recommended that you use a server rather than a SNA API Client.

    [Return to top of subsection] [Return to top of document] [Table of Contents]


    7 Notices and trademarks
    AnyNet, IBM, S/390, WebSphere, and z/OS are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both.

    Tivoli, and Tivoli License Management are trademarks of Tivoli Systems Inc. or International Business Machines Corporation in the United States, other countries, or both.

    Lotus and Domino are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both.

    Microsoft, Windows, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 are trademarks or registered trademarks of Microsoft Corporation in the United States, other countries, or both.

    VMware is a registered trademark of VMware, inc.

    [Return to top] [Table of Contents]