59168 - You cannot specify multiple values for the NETENCRYPTALGORITHM= system option for a SAS/CONNECT® spawner in a SAS® metadata environment

Problem Note 59168: You cannot specify multiple values for the NETENCRYPTALGORITHM= system option for a SAS/CONNECT® spawner in a SAS® metadata environment

When a remote SAS/CONNECT spawner and the SAS/CONNECT client use different network encryption algorithms, the sign-on fails with the following error:

ERROR: Cannot negotiate encryption algorithm.

The SAS/CONNECT spawner can be configured to use multiple network encryption algorithms to allow SAS/CONNECT clients using different algorithms to sign on. See the "NETENCRYPTALGORITHM System Option" section in Encryption in SAS^® 9.4, Sixth Edition for details about the NETENCRYPTALGORITHM option syntax and the "Options for Starting and Managing the SAS/CONNECT Spawner" section in the Communications Access Methods for SAS/CONNECT^® 9.4 and SAS/SHARE^® 9.4, Second Edition for SAS/CONNECT spawner options.

However, for a SAS/CONNECT server that is part of a SAS metadata environment, you cannot specify multiple values for the NETENCRYPTALGORITHM= system option. This system option is set via SAS^® Management Console in the SAS/CONNECT server properties, and only one value is allowed.

If you need to support multiple network encryption algorithms for a SAS/CONNECT server that is part of a SAS metadata environment, use the following temporary workaround:

Edit the ConnectSpawner_usermods.sh file in the following way:
- Set the NETENCRALG value to the multiple network encryption algorithms that you need.
- Add the -SERVICE PARM to a TCP port that has not been used already.
- Add the -SASCMD PARM (copy it from the current launch command in the metadata).
Here is an example:
USERMODS_OPTIONS="-netencralg '(AES,SASPROPRIETARY)' -service <different tcp port>
-sascmd <launch command copied from ConnectServer specified in metadata> "
Stop and restart the SAS/CONNECT spawner.
Sign on using the new port.

Operating System and Release Information

Product Family	Product	System	SAS Release
Product Family	Product	System	Reported	Fixed*
SAS System	BI Server Tier	z/OS	9.2 TS2M0
		Microsoft® Windows® for x64	9.2 TS2M0
		Microsoft Windows Server 2003 Datacenter Edition	9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise Edition	9.2 TS2M0
		Microsoft Windows Server 2003 Standard Edition	9.2 TS2M0
		Microsoft Windows Server 2003 for x64	9.2 TS2M0
		Microsoft Windows Server 2008 R2	9.2 TS2M0
		Microsoft Windows Server 2008 for x64	9.2 TS2M0
		Microsoft Windows XP Professional	9.2 TS2M0
		Windows Vista	9.2 TS2M0
		Windows Vista for x64	9.2 TS2M0
		64-bit Enabled AIX	9.2 TS2M0
		64-bit Enabled Solaris	9.2 TS2M0
		HP-UX IPF	9.2 TS2M0
		Linux for x64	9.2 TS2M0
		Solaris for x64	9.2 TS2M0

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	high

Date Modified:	2016-10-21 11:21:17
Date Created:	2016-10-17 16:00:57

Support

Problem Note 59168: You cannot specify multiple values for the NETENCRYPTALGORITHM= system option for a SAS/CONNECT® spawner in a SAS® metadata environment

Operating System and Release Information