Microsoft KB Archive/904703

= FIX: Error message when a user tries to log on to TSO on an IBM mainframe computer after you use Host Access Management Agent for Identity Integration Server 2003 to provision the IBM RACF user account: &quot;User is not defined to any procedure names&quot; =

Article ID: 904703

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Host Access Management Agent for Microsoft Identity Integration Server 2003

-



SYMPTOMS
Consider the following scenario. You use Host Access Management Agent for Microsoft Identity Integration Server 2003 to provision an IBM Resource Access Control Facility (RACF) user account. The user tries to log on to Time Sharing Option (TSO) on an IBM mainframe computer. In this scenario, the user receives the following error message:

LOGON TERMINATED. USER IS NOT DEFINED TO ANY PROCEDURE NAMES



CAUSE
This problem occurs because Host Access Management Agent version 1 does not issue the following RACF commands when you provision an account:
 * PERMIT
 * REFRESH

Users cannot log on to TSO on an IBM mainframe unless these commands are issued. These commands grant the user account correct access to the TSO procedure.



Software update information
A supported feature that modifies the default behavior of the product is now available from Microsoft, but it is only intended to modify the behavior that this article describes. Apply it only to systems that specifically require it. This feature may receive additional testing. Therefore, if you are not severely affected by the lack of this feature, we recommend that you wait for the next Host Access Management Agent release that contains this feature.

To obtain this feature immediately, download the feature by following the instructions later in this article or contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

File information
The English version of this software update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Note Because of file dependencies, the most recent fix that contains these files may also contain additional files.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
After you apply this software update, you can configure Host Access Management Agent to issue the PERMIT command and the REFRESH command when you provision an IBM RACF user account. To do this, follow these steps:
 * 1) Start Microsoft Identity Integration Server 2003 Identity Manager.
 * 2) If the IBM RACF management agent (MA) has not been created in Identity Manager, you must create this management agent. For more information about how to do this, see the &quot;Add the RACF MA to MIIS&quot; section in the Host Access Management Agent documentation.
 * 3) Follow the steps in the Management Agent Designer until the Configure Additional Parameters dialog box appears.
 * 4) In the Configure Additional Parameters dialog box, click New, and then add the following parameter:
 * 5) * Parameter name: IssuePermitCommand
 * 6) * Value: True
 * 7) Click OK to add the new parameter.
 * 8) In the Configure Additional Parameters dialog box, click New, and then add the following parameter:
 * 9) * Parameter name: IssueRefreshCommand
 * 10) * Value: True
 * 11) Click OK to add the new parameter.
 * 12) Follow the remaining steps in the Management Agent Designer as documented in the Host Access Management Agent documentation to finish creating the management agent.

If the IBM RACF management agent (Host Access Management Agent) was previously created in the Identity Integration Server 2003 Identity Manager, you must re-create the Hostconfig.xml file. To do this, run the Host Access Management Agent Configuration Tool (Hostconfig.exe).

Note Before you re-create the Hostconfig.xml file, we recommend that you back up the original Hostconfig.xml file. By default, the Hostconfig.xml file is located in the C:\Program Files\Microsoft Identity Integration Server\Extensions folder.

After you re-create the Hostconfig.xml file, follow these steps to update the IBM RACF management agent to use the PERMIT command and the REFRESH command:
 * 1) Start Microsoft Identity Integration Server 2003 Identity Manager.
 * 2) Click Management Agents, click the IBM RACF MA management agent, and then click Properties under Actions.
 * 3) In the Properties dialog box, click Configure Additional Parameters.
 * 4) In the Configure Additional Parameters dialog box, click New, and then add the following parameter:
 * 5) * Parameter name: IssuePermitCommand
 * 6) * Value: True
 * 7) Click OK to add the new parameter.
 * 8) In the Configure Additional Parameters dialog box, click New, and then add the following parameter:
 * 9) * Parameter name: IssueRefreshCommand
 * 10) * Value: True
 * 11) Click OK to add the new parameter.
 * 12) Click OK to exit the Properties dialog box.

After you apply this software update, the following PERMIT command is supported by Host Access Management Agent version 1:

PERMIT @ * CLASS(TSOPROC) ACCESS ID;

Notes
 * In this command, @ * represents the value that flows in for the TSO.PROC procedure.

Note TSO.PROC is specific to the mainframe environment to which you want to connect. You can obtain the TSO.PROC information from the IBM mainframe support personnel.
 * In this command,   represents the user ID of the object.
 * Host Access Management Agent version 1 does not support other variations of the PERMIT command.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Keywords: kbbug kbfix kbhotfixserver kbqfe kbpubtypekc KB904703

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.