Loading ...
Sorry, an error occurred while loading the content.

CGIDEV2 and DDM files

Expand Messages
  • gibknits2
    Hello all, I ve had great success with CGIDEV2 until a recent project. I ve got my CGI program residing on a remote iSeries (our webserver), using DDM files to
    Message 1 of 12 , Dec 4, 2007
    View Source
    • 0 Attachment
      Hello all,

      I've had great success with CGIDEV2 until a recent project.

      I've got my CGI program residing on a remote iSeries (our webserver),
      using DDM files to communicate with our production iSeries. As soon
      as I try to open or read a DDM file the job ends abnormally, and I'm
      getting this error message (CPF5395) in the job log:

      Message . . . . : Target program not available. Not allowed to try
      again.
      Cause . . . . . : The target program requested by the evoke
      function
      for file QCNDDMF in library QSYS for device DDMDEVICE is not
      available.
      Either the program is not currently permitted to run, or the
      resources
      to run it are not available. Recovery . . . : Do not try the
      request
      again. The condition is not temporary. Contact the remote system
      operator to determine why the program is not available. Technical
      description . . . . . . . . : A function management header type 7
      (FMH7) with error code 084C0000 was received from the remote
      system.

      Ideas, anyone?

      Thanks so much,

      Kim Gibson
    • Kevin Schreur
      Have you tried using the DDM file without CGI? ... From: gibknits2 To: Sent: Tuesday, December 04, 2007
      Message 2 of 12 , Dec 4, 2007
      View Source
      • 0 Attachment
        Have you tried using the DDM file without CGI?
        ----- Original Message -----
        From: "gibknits2" <gibknits2@...>
        To: <Easy400Group@yahoogroups.com>
        Sent: Tuesday, December 04, 2007 4:47 PM
        Subject: [Easy400Group] CGIDEV2 and DDM files


        > Hello all,
        >
        > I've had great success with CGIDEV2 until a recent project.
        >
        > I've got my CGI program residing on a remote iSeries (our webserver),
        > using DDM files to communicate with our production iSeries. As soon
        > as I try to open or read a DDM file the job ends abnormally, and I'm
        > getting this error message (CPF5395) in the job log:
        >
        > Message . . . . : Target program not available. Not allowed to try
        > again.
        > Cause . . . . . : The target program requested by the evoke
        > function
        > for file QCNDDMF in library QSYS for device DDMDEVICE is not
        > available.
        > Either the program is not currently permitted to run, or the
        > resources
        > to run it are not available. Recovery . . . : Do not try the
        > request
        > again. The condition is not temporary. Contact the remote system
        > operator to determine why the program is not available. Technical
        > description . . . . . . . . : A function management header type 7
        > (FMH7) with error code 084C0000 was received from the remote
        > system.
        >
        > Ideas, anyone?
        >
        > Thanks so much,
        >
        > Kim Gibson
        >
        >
        >
        >
        > Yahoo! Groups Links
        >
        >
        >
        >
      • gibknits2
        I have used the DDM file--we re using DDM files in several of our calls to CL programs via Net.Data. ... webserver), ... soon ... I m ... try ... 7
        Message 3 of 12 , Dec 4, 2007
        View Source
        • 0 Attachment
          I have used the DDM file--we're using DDM files in several of our
          calls to CL programs via Net.Data.

          --- In Easy400Group@yahoogroups.com, Kevin Schreur <schreur@...>
          wrote:
          >
          > Have you tried using the DDM file without CGI?
          > ----- Original Message -----
          > From: "gibknits2" <gibknits2@...>
          > To: <Easy400Group@yahoogroups.com>
          > Sent: Tuesday, December 04, 2007 4:47 PM
          > Subject: [Easy400Group] CGIDEV2 and DDM files
          >
          >
          > > Hello all,
          > >
          > > I've had great success with CGIDEV2 until a recent project.
          > >
          > > I've got my CGI program residing on a remote iSeries (our
          webserver),
          > > using DDM files to communicate with our production iSeries. As
          soon
          > > as I try to open or read a DDM file the job ends abnormally, and
          I'm
          > > getting this error message (CPF5395) in the job log:
          > >
          > > Message . . . . : Target program not available. Not allowed to
          try
          > > again.
          > > Cause . . . . . : The target program requested by the evoke
          > > function
          > > for file QCNDDMF in library QSYS for device DDMDEVICE is not
          > > available.
          > > Either the program is not currently permitted to run, or the
          > > resources
          > > to run it are not available. Recovery . . . : Do not try the
          > > request
          > > again. The condition is not temporary. Contact the remote system
          > > operator to determine why the program is not available. Technical
          > > description . . . . . . . . : A function management header type
          7
          > > (FMH7) with error code 084C0000 was received from the remote
          > > system.
          > >
          > > Ideas, anyone?
          > >
          > > Thanks so much,
          > >
          > > Kim Gibson
          > >
          > >
          > >
          > >
          > > Yahoo! Groups Links
          > >
          > >
          > >
          > >
          >
        • gibknits2
          I ve just noticed something... In our CGIDEV2 server instance the user profile is QTMHHTP1, and the user profile for our regular HTTP server job is QSECOFR.
          Message 4 of 12 , Dec 4, 2007
          View Source
          • 0 Attachment
            I've just noticed something...

            In our CGIDEV2 server instance the user profile is QTMHHTP1, and the
            user profile for our regular HTTP server job is QSECOFR. Perhaps it's
            an authority issue?


            --- In Easy400Group@yahoogroups.com, "gibknits2" <gibknits2@...>
            wrote:
            >
            > I have used the DDM file--we're using DDM files in several of our
            > calls to CL programs via Net.Data.
            >
            > --- In Easy400Group@yahoogroups.com, Kevin Schreur <schreur@>
            > wrote:
            > >
            > > Have you tried using the DDM file without CGI?
            > > ----- Original Message -----
            > > From: "gibknits2" <gibknits2@>
            > > To: <Easy400Group@yahoogroups.com>
            > > Sent: Tuesday, December 04, 2007 4:47 PM
            > > Subject: [Easy400Group] CGIDEV2 and DDM files
            > >
            > >
            > > > Hello all,
            > > >
            > > > I've had great success with CGIDEV2 until a recent project.
            > > >
            > > > I've got my CGI program residing on a remote iSeries (our
            > webserver),
            > > > using DDM files to communicate with our production iSeries. As
            > soon
            > > > as I try to open or read a DDM file the job ends abnormally,
            and
            > I'm
            > > > getting this error message (CPF5395) in the job log:
            > > >
            > > > Message . . . . : Target program not available. Not allowed
            to
            > try
            > > > again.
            > > > Cause . . . . . : The target program requested by the evoke
            > > > function
            > > > for file QCNDDMF in library QSYS for device DDMDEVICE is not
            > > > available.
            > > > Either the program is not currently permitted to run, or the
            > > > resources
            > > > to run it are not available. Recovery . . . : Do not try the
            > > > request
            > > > again. The condition is not temporary. Contact the remote
            system
            > > > operator to determine why the program is not available.
            Technical
            > > > description . . . . . . . . : A function management header
            type
            > 7
            > > > (FMH7) with error code 084C0000 was received from the remote
            > > > system.
            > > >
            > > > Ideas, anyone?
            > > >
            > > > Thanks so much,
            > > >
            > > > Kim Gibson
            > > >
            > > >
            > > >
            > > >
            > > > Yahoo! Groups Links
            > > >
            > > >
            > > >
            > > >
            > >
            >
          • Kevin Schreur
            If the remote system QTMHHTTP1 is not authorized properly that will be a problem. ... From: gibknits2 To:
            Message 5 of 12 , Dec 4, 2007
            View Source
            • 0 Attachment
              If the remote system QTMHHTTP1 is not authorized properly that will be a
              problem.
              ----- Original Message -----
              From: "gibknits2" <gibknits2@...>
              To: <Easy400Group@yahoogroups.com>
              Sent: Tuesday, December 04, 2007 5:57 PM
              Subject: [Easy400Group] Re: CGIDEV2 and DDM files


              > I've just noticed something...
              >
              > In our CGIDEV2 server instance the user profile is QTMHHTP1, and the
              > user profile for our regular HTTP server job is QSECOFR. Perhaps it's
              > an authority issue?
              >
              >
              > --- In Easy400Group@yahoogroups.com, "gibknits2" <gibknits2@...>
              > wrote:
              >>
              >> I have used the DDM file--we're using DDM files in several of our
              >> calls to CL programs via Net.Data.
              >>
              >> --- In Easy400Group@yahoogroups.com, Kevin Schreur <schreur@>
              >> wrote:
              >> >
              >> > Have you tried using the DDM file without CGI?
              >> > ----- Original Message -----
              >> > From: "gibknits2" <gibknits2@>
              >> > To: <Easy400Group@yahoogroups.com>
              >> > Sent: Tuesday, December 04, 2007 4:47 PM
              >> > Subject: [Easy400Group] CGIDEV2 and DDM files
              >> >
              >> >
              >> > > Hello all,
              >> > >
              >> > > I've had great success with CGIDEV2 until a recent project.
              >> > >
              >> > > I've got my CGI program residing on a remote iSeries (our
              >> webserver),
              >> > > using DDM files to communicate with our production iSeries. As
              >> soon
              >> > > as I try to open or read a DDM file the job ends abnormally,
              > and
              >> I'm
              >> > > getting this error message (CPF5395) in the job log:
              >> > >
              >> > > Message . . . . : Target program not available. Not allowed
              > to
              >> try
              >> > > again.
              >> > > Cause . . . . . : The target program requested by the evoke
              >> > > function
              >> > > for file QCNDDMF in library QSYS for device DDMDEVICE is not
              >> > > available.
              >> > > Either the program is not currently permitted to run, or the
              >> > > resources
              >> > > to run it are not available. Recovery . . . : Do not try the
              >> > > request
              >> > > again. The condition is not temporary. Contact the remote
              > system
              >> > > operator to determine why the program is not available.
              > Technical
              >> > > description . . . . . . . . : A function management header
              > type
              >> 7
              >> > > (FMH7) with error code 084C0000 was received from the remote
              >> > > system.
              >> > >
              >> > > Ideas, anyone?
              >> > >
              >> > > Thanks so much,
              >> > >
              >> > > Kim Gibson
              >> > >
              >> > >
              >> > >
              >> > >
              >> > > Yahoo! Groups Links
              >> > >
              >> > >
              >> > >
              >> > >
              >> >
              >>
              >
              >
              >
              >
              >
              > Yahoo! Groups Links
              >
              >
              >
              >
            • gibknits2
              That s something I ll have to have our security officer take a look at, when he s back from vacation in a WEEK. Argh. Thanks for your response, Kevin. ... be a
              Message 6 of 12 , Dec 4, 2007
              View Source
              • 0 Attachment
                That's something I'll have to have our security officer take a look
                at, when he's back from vacation in a WEEK. Argh.

                Thanks for your response, Kevin.

                --- In Easy400Group@yahoogroups.com, Kevin Schreur <schreur@...>
                wrote:
                >
                > If the remote system QTMHHTTP1 is not authorized properly that will
                be a
                > problem.
                > ----- Original Message -----
                > From: "gibknits2" <gibknits2@...>
                > To: <Easy400Group@yahoogroups.com>
                > Sent: Tuesday, December 04, 2007 5:57 PM
                > Subject: [Easy400Group] Re: CGIDEV2 and DDM files
                >
                >
                > > I've just noticed something...
                > >
                > > In our CGIDEV2 server instance the user profile is QTMHHTP1, and
                the
                > > user profile for our regular HTTP server job is QSECOFR. Perhaps
                it's
                > > an authority issue?
                > >
                > >
                > > --- In Easy400Group@yahoogroups.com, "gibknits2" <gibknits2@>
                > > wrote:
                > >>
                > >> I have used the DDM file--we're using DDM files in several of our
                > >> calls to CL programs via Net.Data.
                > >>
                > >> --- In Easy400Group@yahoogroups.com, Kevin Schreur <schreur@>
                > >> wrote:
                > >> >
                > >> > Have you tried using the DDM file without CGI?
                > >> > ----- Original Message -----
                > >> > From: "gibknits2" <gibknits2@>
                > >> > To: <Easy400Group@yahoogroups.com>
                > >> > Sent: Tuesday, December 04, 2007 4:47 PM
                > >> > Subject: [Easy400Group] CGIDEV2 and DDM files
                > >> >
                > >> >
                > >> > > Hello all,
                > >> > >
                > >> > > I've had great success with CGIDEV2 until a recent project.
                > >> > >
                > >> > > I've got my CGI program residing on a remote iSeries (our
                > >> webserver),
                > >> > > using DDM files to communicate with our production iSeries.
                As
                > >> soon
                > >> > > as I try to open or read a DDM file the job ends abnormally,
                > > and
                > >> I'm
                > >> > > getting this error message (CPF5395) in the job log:
                > >> > >
                > >> > > Message . . . . : Target program not available. Not allowed
                > > to
                > >> try
                > >> > > again.
                > >> > > Cause . . . . . : The target program requested by the evoke
                > >> > > function
                > >> > > for file QCNDDMF in library QSYS for device DDMDEVICE is not
                > >> > > available.
                > >> > > Either the program is not currently permitted to run, or the
                > >> > > resources
                > >> > > to run it are not available. Recovery . . . : Do not try
                the
                > >> > > request
                > >> > > again. The condition is not temporary. Contact the remote
                > > system
                > >> > > operator to determine why the program is not available.
                > > Technical
                > >> > > description . . . . . . . . : A function management header
                > > type
                > >> 7
                > >> > > (FMH7) with error code 084C0000 was received from the remote
                > >> > > system.
                > >> > >
                > >> > > Ideas, anyone?
                > >> > >
                > >> > > Thanks so much,
                > >> > >
                > >> > > Kim Gibson
                > >> > >
                > >> > >
                > >> > >
                > >> > >
                > >> > > Yahoo! Groups Links
                > >> > >
                > >> > >
                > >> > >
                > >> > >
                > >> >
                > >>
                > >
                > >
                > >
                > >
                > >
                > > Yahoo! Groups Links
                > >
                > >
                > >
                > >
                >
              • Jon Paris
                ... Am I the only one here who finds the notion that the HTTP runs under QSECOFR is a truly terrifying thought? That really sounds like a _very_ nasty accident
                Message 7 of 12 , Dec 4, 2007
                View Source
                • 0 Attachment
                  On 4-Dec-07, at 6:11 PM, gibknits2 wrote:

                  > That's something I'll have to have our security officer take a look
                  > at, when he's back from vacation in a WEEK. Argh.
                  >
                  > Thanks for your response, Kevin.
                  >
                  > --- In Easy400Group@yahoogroups.com, Kevin Schreur <schreur@...>

                  Am I the only one here who finds the notion that the HTTP runs under
                  QSECOFR is a truly terrifying thought?

                  That really sounds like a _very_ nasty accident waiting to happen.

                  www.Partner400.com
                  www.SystemiDeveloper.com
                • gibknits2
                  I was wondering about that, Jon. I m sure he has his reasons for how it s set up---I m not part of that process. Any recommendations? ... look ... under
                  Message 8 of 12 , Dec 5, 2007
                  View Source
                  • 0 Attachment
                    I was wondering about that, Jon. I'm sure he has his reasons for how
                    it's set up---I'm not part of that process.

                    Any recommendations?


                    --- In Easy400Group@yahoogroups.com, Jon Paris <Jon.Paris@...> wrote:
                    >
                    >
                    > On 4-Dec-07, at 6:11 PM, gibknits2 wrote:
                    >
                    > > That's something I'll have to have our security officer take a
                    look
                    > > at, when he's back from vacation in a WEEK. Argh.
                    > >
                    > > Thanks for your response, Kevin.
                    > >
                    > > --- In Easy400Group@yahoogroups.com, Kevin Schreur <schreur@>
                    >
                    > Am I the only one here who finds the notion that the HTTP runs
                    under
                    > QSECOFR is a truly terrifying thought?
                    >
                    > That really sounds like a _very_ nasty accident waiting to happen.
                    >
                    > www.Partner400.com
                    > www.SystemiDeveloper.com
                    >
                  • Jon Paris
                    I believe Giovanni has some ideas in the security tutorials on easy400 - but as a general rule nobody and nothing that doesn t absolutely need SECOFR should
                    Message 9 of 12 , Dec 5, 2007
                    View Source
                    • 0 Attachment
                      I believe Giovanni has some ideas in the security tutorials on
                      easy400 - but as a general rule nobody and nothing that doesn't
                      absolutely need SECOFR should have it.

                      The norm is to switch to a specific User Id as and when necessary.
                      Otherwise run under the limited HTTP user as much as possible.

                      I'll ask one of my security expert friends if they have any
                      recommendations.


                      On 5-Dec-07, at 10:34 AM, gibknits2 wrote:

                      > I was wondering about that, Jon. I'm sure he has his reasons for how
                      > it's set up---I'm not part of that process.
                      >
                      > Any recommendations?
                      >
                      >
                      >

                      Jon Paris

                      www.Partner400.com
                      www.SystemiDeveloper.com
                    • jbperotti
                      How come that my name gets associated to the idea of running HTTP server jobs under user profile QSECOFR? Did I suggest that to anyone? If so, where and when
                      Message 10 of 12 , Dec 5, 2007
                      View Source
                      • 0 Attachment
                        How come that my name gets associated to the idea of running HTTP
                        server jobs under user profile QSECOFR?
                        Did I suggest that to anyone?
                        If so, where and when did that happen?

                        Giovanni

                        --- In Easy400Group@yahoogroups.com, Jon Paris <Jon.Paris@...> wrote:
                        >
                        > I believe Giovanni has some ideas in the security tutorials on
                        > easy400 - but as a general rule nobody and nothing that doesn't
                        > absolutely need SECOFR should have it.
                        >
                        > The norm is to switch to a specific User Id as and when
                        necessary.
                        > Otherwise run under the limited HTTP user as much as possible.
                        >
                        > I'll ask one of my security expert friends if they have any
                        > recommendations.
                        >
                        >
                        > On 5-Dec-07, at 10:34 AM, gibknits2 wrote:
                        >
                        > > I was wondering about that, Jon. I'm sure he has his reasons for
                        how
                        > > it's set up---I'm not part of that process.
                        > >
                        > > Any recommendations?
                        > >
                        > >
                        > >
                        >
                        > Jon Paris
                        >
                        > www.Partner400.com
                        > www.SystemiDeveloper.com
                        >
                      • Jon Paris
                        Read the post again Giovanni - nobody suggested anything of the sort. The OP mentioned that they used SECOFR for all HTTP apps. I said I thought that was
                        Message 11 of 12 , Dec 5, 2007
                        View Source
                        • 0 Attachment
                          Read the post again Giovanni - nobody suggested anything of the sort.

                          The OP mentioned that they used SECOFR for all HTTP apps. I said I
                          thought that was dangerous and suggested he read your security
                          tutorial for better ideas.


                          On 5-Dec-07, at 1:16 PM, jbperotti wrote:

                          > How come that my name gets associated to the idea of running HTTP
                          > server jobs under user profile QSECOFR?
                          > Did I suggest that to anyone?
                          > If so, where and when did that happen?
                          >
                          > Giovanni
                          >
                          > --- In Easy400Group@yahoogroups.com, Jon Paris <Jon.Paris@...> wrote:
                          >>
                          >> I believe Giovanni has some ideas in the security tutorials on
                          >> easy400 - but as a general rule nobody and nothing that doesn't
                          >> absolutely need SECOFR should have it.
                          >>
                          >> The norm is to switch to a specific User Id as and when
                          > necessary.
                          >> Otherwise run under the limited HTTP user as much as possible.
                          >>
                          >> I'll ask one of my security expert friends if they have any
                          >> recommendations.
                          >>
                          >>
                          >> On 5-Dec-07, at 10:34 AM, gibknits2 wrote:
                          >>
                          >>> I was wondering about that, Jon. I'm sure he has his reasons for
                          > how
                          >>> it's set up---I'm not part of that process.
                          >>>
                          >>> Any recommendations?
                          >>>
                          >>>
                          >>>
                          >>
                          >> Jon Paris
                          >>
                          >> www.Partner400.com
                          >> www.SystemiDeveloper.com
                          >>
                          >
                          >
                          >
                          >
                          >
                          > Yahoo! Groups Links
                          >
                          >
                          >
                          >

                          Jon Paris

                          www.Partner400.com
                          www.SystemiDeveloper.com
                        • Giovanni B. Perotti
                          Ach so! The usual misunderstanding. Giovanni ... From: Jon Paris To: Easy400Group@yahoogroups.com Sent: Wednesday, December 05, 2007 7:33 PM Subject: Re:
                          Message 12 of 12 , Dec 5, 2007
                          View Source
                          • 0 Attachment
                            Ach so!
                            The usual misunderstanding.
                             
                            Giovanni
                            ----- Original Message -----
                            From: Jon Paris
                            Sent: Wednesday, December 05, 2007 7:33 PM
                            Subject: Re: [Easy400Group] Re: CGIDEV2 and DDM files

                            Read the post again Giovanni - nobody suggested anything of the sort.

                            The OP mentioned that they used SECOFR for all HTTP apps. I said I
                            thought that was dangerous and suggested he read your security
                            tutorial for better ideas.

                            On 5-Dec-07, at 1:16 PM, jbperotti wrote:

                            > How come that my name gets associated to the idea of running HTTP
                            > server jobs under user profile QSECOFR?
                            > Did I suggest that to anyone?
                            > If so, where and when did that happen?
                            >
                            > Giovanni
                            >
                            > --- In Easy400Group@ yahoogroups. com, Jon Paris <Jon.Paris@. ..> wrote:
                            >>
                            >> I believe Giovanni has some ideas in the security tutorials on
                            >> easy400 - but as a general rule nobody and nothing that doesn't
                            >> absolutely need SECOFR should have it.
                            >>
                            >> The norm is to switch to a specific User Id as and when
                            > necessary.
                            >> Otherwise run under the limited HTTP user as much as possible.
                            >>
                            >> I'll ask one of my security expert friends if they have any
                            >> recommendations.
                            >>
                            >>
                            >> On 5-Dec-07, at 10:34 AM, gibknits2 wrote:
                            >>
                            >>> I was wondering about that, Jon. I'm sure he has his reasons for
                            > how
                            >>> it's set up---I'm not part of that process.
                            >>>
                            >>> Any recommendations?
                            >>>
                            >>>
                            >>>
                            >>
                            >> Jon Paris
                            >>
                            >> www.Partner400. com
                            >> www.SystemiDevelope r.com
                            >>
                            >
                            >
                            >
                            >
                            >
                            > Yahoo! Groups Links
                            >
                            >
                            >
                            >

                            Jon Paris

                            www.Partner400. com
                            www.SystemiDevelope r.com

                          Your message has been successfully submitted and would be delivered to recipients shortly.