BBOS0006E:DOWN-LEVEL SECURITY PRODUCT FOUND.
Explanation: | A Security Product at the 2.6.0 level is needed for some internal initACEE (IRRSIA00) calls.
|
Action: | Upgrade Security Product.
|
BBOS0007E: | RACROUTE REQUEST=EXtrACT for string failed with SAF Return Code=hstring, RACF Return Code=hstring, RACF Reason Code=hstring.
Explanation: | A call to RACROUTE REQUEST=EXtrACT failed with the indicated hexadecimal return and reason codes.
|
Action: | See the accompanying return/reason codes in the OS/390 Security Server RACROUTE Macro Reference.
|
BBOS0008E | RACAUTH of class, string, failed with SAF Return Code=hstring, RACF Return Code=hstring, RACF Reason Code=hstring.
Explanation: | RACROUTE REQUEST=AUTH or REQUEST=FASTAUTH failed.
|
Action: | Look in the OS/390 Security Server RACROUTE Macro Reference for the reason. Issue the appropriate SEtrOPTS command to correct the situation.
|
BBOS0009E | The requested PassTicket was not produced properly.
Explanation: | The creation of a PassTicket failed.
|
Action: | Refer to the OS/390 Security Server (RACF) Macros and Interfaces document, Secured Signon (PassTicket) function for an explanation
|
BBOS0010E | THE REQUESTED PASSTICKET SUPPORT IS NOT AVAILABLE FOR USE. THE SECURED SIGNON CALLABLE SERVICE COULD NOT BE LOCATED.
Explanation: | The secured signon callable service required to build a PassTicket is not available on the system.
|
Action: | Check that the required level of Security Server is properly installed on the system.
|
BBOS0011I | Unable to load the DCE DLL EUVSDLL, the C/C++ library function dllload failed with errno dstring.
Explanation: | The WebSphere control region was not able to load the DCE dynamic load library "EUVSDLL". This DLL must be available on the system if DCE security is desired. The control region will continue but DCE security will not be used.
|
Action: | The most likely reason for this is that DCE has not been installed on the system. If DCE security is desired, DCE must be installed and a DCE security server (SECD) must be active on the system.
|
BBOS0012I | The C/C++ library function string failed to locate the pointer to string in the DCE DLL. The errno returned was dstring.
Explanation: | The WebSphere control region was not able to find the pointer to the entry in the DCE DLL "EUVSDLL". This entry must be available on the system if DCE security is desired. The control region will continue but DCE security will not be used.
|
Action: | Respond to the message as appropriate.
|
BBOS0013E | The DCE mutual authentication request failed with a string exception, with a minor code of hstring.
Explanation: | A CB client was unable to complete a DCE mutual authentication sequence with a server.
| Action: | Take appropriate actions based on the exception reported in the message and try the operation again.
|
BBOS0014E | MSG_BBOSENUS_SEC_PARAM_LIST_ERR: RACF - Parameter list error occurred during init_acee create
Explanation: | RACF - Parameter list error occurred
|
Action: | Look for additional WebSphere for z/OS messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0015E | MSG_BBOSENUS_SEC_RACF_INTERNAL_ERR: RACF - An internal error occurred during init_acee create
Explanation: | RACF - An internal error occurred during RACF processing
|
Action: | Look for additional WebSphere for z/OS messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0016E | MSG_BBOSENUS_SEC_RECOV_ENV_ERR: RACF - Recovery environment could not be established during init_acee create
Explanation: | RACF - Recovery environment could not be established
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0017E | MSG_BBOSENUS_SEC_UNDEF_USERID: RACF - User ID is not defined to RACF during init_acee create
Explanation: | RACF - User ID is not defined to RACF
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0018E | MSG_BBOSENUS_SEC_INV_PW_PTK: RACF - Password or PassTicket is not valid during init_acee create
Explanation: | RACF - Password or PassTicket is not valid
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0019E | MSG_BBOSENUS_SEC_PW_EXPIRED: RACF - Password is expired during init_acee create
Explanation: | RACF - Password is expired
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0020E | MSG_BBOSENUS_SEC_USERID_OR_PW_REVOKED: RACF - User ID is revoked during init_acee create
Explanation: | RACF - User ID or Password is revoked
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0021E | MSG_BBOSENUS_SEC_UNAUTH_USER: RACF - User ID is not authorized during init_acee create
Explanation: | RACF - User is not authorized
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0022E | MSG_BBOSENUS_SEC_INVALID_CERTIF: RACF - Certificate is not valid during init_acee create
Explanation: | RACF - Certificate is not valid
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0023E | MSG_BBOSENUS_SEC_CERTIF_NOtrUST: RACF - Either no user ID is defined for this certificate or the certificate status is NOtrUST during init_acee create
Explanation: | RACF - Either no user ID is defined for this certificate or the certificate status is NOtrUST
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0024E | MSG_BBOSENUS_SEC_NO_REM_USERID: No remote user ID is defined
Explanation: | Security Manager - no remote user ID is defined
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0025E | MSG_BBOSENUS_SEC_NO_REM_PASSWORD: No remote password or a blank password is defined as an environmental variable for Userid string
Explanation: | Security Manager - no remote PASSWORD is defined
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0026E | MSG_BBOSENUS_SEC_PTKT_HASHTABLE_FAILED: Security manager: hash table was not created
Explanation: | Security Manager - Security Manager hash table creation failure
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0027I | Security was not able to create a passticket.
Explanation: | This process was attempting to initialize userid/passticket security, and was not able to generate a passticket. The process continues, and attempts to use the next available security method.
|
Action: | The most likely reasons for this are that the Websphere Daemon was not active on the system or the SAF security manager was not configured to support passtickets. It is a requirement for using userid/passticket security that the Websphere Daemon process be active on the system where passtickets are generated. Further you must activate the resource class PTKtdATA, and define the CBS390 profile in this class. All users or groups that intend to use this resource must be given read access to this profile.
|
BBOS0028E | MSG_BBOSENUS_SEC_NULL_SESSIONID: Null session ID in NatSecCtx_Auth
Explanation: | Security Manager - Security Manager NatSecCtx_Auth has null sessionid
|
Action: | Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
|
BBOS0029W | Failed attempt to use SessionID, retrying alternate security
Explanation: | Security type offered included User ID and SessionID, but that type was unavailable. The next available security type will be tried
|
Action: | None, this is a warning message that another security type will be tried.
|
BBOS0030E | MSG_BBOSENUS_SEC_UNABLE_TO_PERFORM_CBIND: SAF Ret Code (hex): hstring The requested CBIND(RACROUTE) function could not be performed
Explanation: | SAF Return Code reported by Security Manager - The requested CBIND (RACROUTE) function could not be performed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. This SAF Return Code can have several different associated RACF Return Codes that further define the problem.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0031E | MSG_BBOSENUS_SEC_NO_RACF_SECURITY_DECISION_MADE: RACF Return Code (hex) : hstring (RACROUTE)- No security decision could be made
Explanation: | RACF Return Code reported by Security Manager No security decision could be made. The RACF router was not loaded; the request, resource, subsystem combination could not be found in the RACF ROUTER table; no successful exit processing can take place.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0032E | MSG_BBOSENUS_SEC_UNKNOWN_TO_RACF: RACF Return Code (hex) : hstring (RACROUTE) - No security decision could be made
Explanation: | RACF Return Code reported by Security Manager The resource or class name is not defined to RACF or the class has not been raclisted.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0033E | MSG_BBOSENUS_SEC_RACF_NOT_ACTIVE: RACF Return Code (hex) : hstring (RACROUTE) - RACF not active
Explanation: | RACF Return Code reported by Security Manager RACF not active
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0034E | MSG_BBOSENUS_SEC_RACF_CLASS_DATA_SPACE_DELETED: RACF Return Code (hex) : hstring (RACROUTE) - RACF data space has been deleted
Explanation: | RACF Return Code reported by Security Manager The class was raclisted by RACROUTE REQUEST=LIST, GLOBAL=YES, or SEtrOPTS RACLIST, but the data space has been deleted.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0035E | MSG_BBOSENUS_SEC_DATA_SPACE_ACCESS_ALESERV_FAILURE: RACF Return Code(hex): hstring (RACROUTE) - No data space access, ALESERV failure
Explanation: | RACF Return Code reported by Security Manager The class was raclisted by RACROUTE REQUEST=LIST, GLOBAL=YES, or SEtrOPTS RACLIST, but the data space cannot be accessed due to an ALESERV failure.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0036E | MSG_BBOSENUS_SEC_REQUESTED_CBIND_FUNCTION_FAILED: SAF Return
Code (hex) : hstring The requested CBIND function failed
Explanation: | SAF Return Code reported by Security Manager - The requested CBIND (RACROUTE) function failed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. Some RACF Return Codes can have several different associated RACF Reason Codes that further define the problem. Use the SAF Return Code in conjunction with the reported RACF Return Code and RACF Reason Code to determine the cause of the problem.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0037E | MSG_BBOSENUS_SEC_USER_OR_GROUP_NOT_AUTHORIZED: RACF Return Code (hex): hstring (RACROUTE) - The user or group is not authorized
Explanation: | RACF Return Code reported by Security Manager The user or group is not authorized to use the resource
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0038E | MSG_BBOSENUS_SEC_FASTAUTH_INSTALL_EXIT_ERROR: RACF Return Code(hex): hstring (RACROUTE) - FASTAUTH install exit error occurred.
Explanation: | RACF Return Code reported by Security Manager A RACROUTE REQUEST=FASTAUTH installation exit error occurred.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0039E | MSG_BBOSENUS_SEC_BLANK_PORT_OF_ENtrY_IN_SECURITY_TOKEN: RACF Return Code(hex): hstring (RACROUTE) - Blank port-of-entry in security token
Explanation: | RACF Return Code reported by Security Manager Indicates the profile has a conditional access list, the port-of-entry field in the security token is blank-filled, and the port-of-entry class is active.
|
Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
|
BBOS0040E | MSG_BBOSENUS_SEC_PARAMETER_LIST_ERROR: RACF Return Code (hex)
: hstring (RACROUTE) - Parameter list error.
Explanation: | RACF Return Code reported by Security Manager Parameter list error.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0041E | MSG_BBOSENUS_SEC_ACEEALET_KEYWORD_AND_NOT_IN_SPVSOR_STATE:
RACF Reason Code(hex : hstring (RACROUTE)-Calling program not
in Supervisor State
Explanation: | RACF Reason Code reported by Security Manager The ACEEALET= keyword was
specified, but the calling program is not running in Supervisor State or
System Key.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0042E | MSG_BBOSENUS_SEC_ACEE_KEYWORD_NOT_SPECIFIED: RACF Reason Code
(hex) : hstring (RACROUTE) - ACEE= keyword was not specified
Explanation: | RACF Reason Code reported by Security Manager The ACEEALET= keyword was
specified, but the ACEE= keyword was not specified
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0043E | MSG_BBOSENUS_SEC_ENVRIN_KEYWORD_AND_NOT_IN_SPVSOR_STATE: RACF
Reason Code(hex): hstring (RACROUTE) -Calling program not in
Supervisor State
Explanation: | RACF Reason Code reported by Security Manager The ENVRIN keyword was
specified, but the calling program is not running in Supervisor State or
System Key.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0044E | MSG_BBOSENUS_SEC_ENVRIN_AND_ACEE_KEYWORD_BOTH_SPECIFIED: RACF
Reason Code (hex) : hstring (RACROUTE) -ENVRIN and ACEE were
both specified
Explanation: | RACF Reason Code reported by Security Manager ENVRIN and ACEE were both
specified (they are mutually exclusive keywords).
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0045E | MSG_BBOSENUS_SEC_CBIND_RELEASE_PARAMETER_ERROR: SAF Return
Code (hex) : hstring CBIND Release parameter error
Explanation: | SAF Return Code reported by Security Manager This error indicates that the
CHECK subparameter of the RELEASE keyword was specified on the execute form of
the RACROUTE REQUEST=FASTAUTH macro, however, the list form of the macro does
not have the same RELEASE parameter. Macro processing
terminates.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0046E | MethAuthCheck was issued in an address space without a BACB.
Explanation: | MethAuth was invoked, but initialization of the environment was incomplete or
the call was made outside of the WebSphere for z/OS environment.
Suggest waiting for environment initialization completion, or if the call was
made outside of WebSphere for z/OS, remove the call.
| Action: | Ensure that the WebSphere for z/OS regions are initialized
| BBOS0047E | MSG_BBOSENUS_SEC_UNABLE_TO_PERFORM_METHAUTHCHECK: SAF Ret Code
(hex) : hstring The requested METHAUTHCHECK(RACROUTE) function
could not be performed for Method Name string and Class Name
string
Explanation: | SAF Return Code reported by Security Manager - The requested METHAUTHCHECK
(RACROUTE) function could not be performed. Use the SAF Return Code in
conjunction with the reported RACF Return Code to determine the cause of the
problem. This SAF Return Code can have several different associated
RACF Return Codes that further define the problem.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0048E | MSG_BBOSENUS_SEC_REQUESTED_METHAUTHCHECK_FUNCTION_FAILED: SAF
Return Code (hex) : hstring The requested METHAUTHCHECK
function
failed and could not be performed for Method Name string and Class
Name string
Explanation: | SAF Return Code reported by Security Manager - The requested METHAUTHCHECK
(RACROUTE) function failed. Use the SAF Return Code in conjunction with
the reported RACF Return Code to determine the cause of the problem.
Some RACF Return Codes can have several different associated RACF Reason Codes
that further define the problem. Use the SAF Return Code in conjunction
with the reported RACF Return Code and RACF Reason Code to determine the cause
of the problem.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0049E | MSG_BBOSENUS_SEC_METHAUTHCHECK_RELEASE_PARAMETER_ERROR: SAF
Return Code (hex) : hstring METHAUTHCHECK Release parameter
error for Method Name string and Class Name string
Explanation: | SAF Return Code reported by Security Manager This error indicates that the
CHECK subparameter of the RELEASE keyword was specified on the execute form of
the RACROUTE REQUEST=FASTAUTH macro, however, the list form of the macro does
not have the same RELEASE parameter. Macro processing
terminates.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0050I | DCE/SAF The server control region could not delete an ACEE created
for user string. API: string. SAF code =
dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | A WebSphere server control region was unable to delete an ACEE, accessor
environment element (MVS control block), that was used to temporarily
impersonate a client.
| Action: | Take appropriate actions based on the return codes reported in the message and
try the operation again. The SAF and RACF codes are documented in the
OS/390 Security Server Callable Services book.
| BBOS0051I | DCE/SAF The server control region could not create an ACEE for user
string. API: string. SAF code =
dstring, RACF
ret code = dstring, RACF rsn code = dstring.
Explanation: | A WebSphere server control region was unable to create an ACEE, accessor
environment element (MVS control block), that was to be used to temporarily
impersonate a client.
| Action: | Take appropriate actions based on the return codes reported in the message and
try the operation again. The SAF and RACF codes are documented in the
OS/390 Security Server Callable Services book.
| BBOS0052E | SSL security was specified but could not be initialized.
Explanation: | The OS/390 Cryptographic Services System Secure Sockets Layer could not be
initialized.
| Action: | See return codes for gsk_initialize in the OS/390 System SSL Programming Guide
& Reference.
| BBOS0053E | SSL security was specified but System SSL routine module GSKSSL not
available.
Explanation: | The OS/390 Cryptographic Services System Secure Sockets Layer routine could
not be loaded during server initialization. SSL security will not be
used.
| Action: | Consult your systems programmer to install OS/390 Cryptographic Services
System SSL.
| BBOS0054E | SSL security was specified but the gsk_user_set function could not
be loaded.
Explanation: | The OS/390 Cryptographic Services System Secure Sockets Layer routine
gsk_user_set could not be loaded. The version of System SSL installed
at your location cannot support this function. SSL security will not be
used.
| Action: | Consult your systems programmer to install the correct version of System
SSL.
| BBOS0055E | Delete ACEE (IRRSIA00) failed with SAF Return Code=dstring,
RACF Return Code=dstring, RACF Reason Code=dstring.
Explanation: | The delete ACEE callable security service failed with the indicated decimal
return and reason codes.
| Action: | See return codes for IRRSIA00 in the Security Server (RACF) Callable Services
or equivalent reference for other security products. Ref: OS/390
V2R6.0 Security Server (RACF) Callable Services Document Number:
GC28-1921-0x
| BBOS0056E | initACEE (IRRSIA00) failed to convert SSL certificate with SAF Return
Code=dstring, RACF Return Code=dstring, RACF Reason
Code=dstring.
Explanation: | The initACEE callable security service failed to convert an SSL Client
Certificate with the indicated decimal return and reason codes.
| Action: | See return codes for initACEE (IRRSIA00) in the Security Server (RACF)
Callable Services or equivalent reference for other security products.
Security Server reference documentation for initACEE include: OS/390
Security Server (RACF) Security Administrator's Guide and OS/390 Security
Server (RACF) Callable Services for initACEE service call return and reason
codes. Ref: OS/390 V2R6.0 Security Server (RACF) Callable
Services Document Number: GC28-1921-05
| BBOS0057E | A DCE IOR component tag is too small to contain all its required
information.
Explanation: | WebSphere for z/OS was not able to interpret a DCE IOR component tag.
Its size was too small to hold all the required fields that are defined for
this tag.
| Action: | This message indicates that a client process can not interpret a security
component tag. This will cause the client to skip this security method
and may cause the client to fail when connecting to the server.
| BBOS0058E | There is no DCE principal name in a DCE IOR component tag.
Explanation: | WebSphere for z/OS was not able to interpret a DCE IOR component tag because
it did not contain a server's principal name.
| Action: | This message indicates that a client process can not interpret a security
component tag. This will cause the client to skip this security method
and may cause the client to fail when connecting to the server.
| BBOS0059E | The DCE principal name contained in a DCE IOR component tag has a
invalid length of dstring.
Explanation: | WebSphere for z/OS was not able to interpret a DCE IOR component tag because
the length of the DCE server principal field was invalid.
| Action: | This message indicates that a client process can not interpret a security
component tag. This will cause the client to skip this security method
and may cause the client to fail when connecting to the server.
| BBOS0060E | A DCE IOR component tag does not contain a required field and can
not be interpreted.
Explanation: | WebSphere for z/OS was not able to interpret a DCE IOR component tag because
it was not large enough to hold all its required fields.
| Action: | This message indicates that a client process can not interpret a security
component tag. This will cause the client to skip this security method
and may cause the client to fail when connecting to the server.
| BBOS0061E | An SSL IOR component tag is too small to contain all its required
information.
Explanation: | WebSphere for z/OS was not able to interpret an SSL IOR component tag.
Its size was too small to hold all the required fields that are defined for
this tag.
| Action: | This message indicates that a client process can not interpret a security
component tag. This will cause the client to skip this security method
and may cause the client to fail when connecting to the server.
| BBOS0062E | A Basic Authentication IOR component tag is too small to contain
all its required information.
Explanation: | WebSphere for z/OS was not able to interpret a basic authentication IOR
component tag. Its size was too small to hold all the required fields
that are defined for this tag.
| Action: | This message indicates that a client process can not interpret a security
component tag. This will cause the client to skip this security method
and may cause the client to fail when connecting to the server.
| BBOS0063E | A Basic Authentication IOR component tag has an invalid length for
its realm or principal field.
Explanation: | WebSphere for z/OS was not able to interpret a basic authentication IOR
component tag because it was not large enough to hold all its required
fields.
| Action: | This message indicates that a client process can not interpret a security
component tag. This will cause the client to skip this security method
and may cause the client to fail when connecting to the server.
| BBOS0064W | The RACF EJBROLES class has been found to be inactive during security
method Authorization check. Contact your system administrator.
SAF Ret Code
(hex) : hstring RACF Ret Code (hex) : hstring
RACF
Reason Code (hex) : hstring
Explanation: | WebSphere for z/OS was not able to complete a security methAuth check because
the RACF EJBROLES class is inactive. Contact your system administrator
or the IBM Support Center.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0065I | Authentication failed.
Explanation: | There was a failure to complete the authentication process. The client
request will continue but will fail later with a no permission
exception.
| Action: | Examine the logs for the reason(s) that the authentication failed, and take
the appropriate action. try the operation again.
| BBOS0066I | An SSL Kerberos GSS_API authentication request failed with a
string exception, and a minor code of hstring.
Explanation: | A WebSphere client was unable to complete an SSL Kerberos GSS_API
authentication sequence with a server.
| Action: | Take appropriate actions based on the exception reported in the message and
try the operation again.
| BBOS0067I | The length dstring of a Kerberos principal name returned
from a SAF R_kerbinfo call for the user string exceeds the maximum
allowable length.
Explanation: | WebSphere for z/OS was not able to interpret the length of the principal name
from the buffer that was returned from a R_kerbinfo call.
| Action: | This message indicates that a client process can not interpret the results
from a R_kerbinfo call. This will cause the client to skip the SSL
Kerberos GSS_API method of authentication and may cause the client to fail
when connecting to the server.
| BBOS0068I | CB Series was unable to find the Kerberos principal associated with
the user string.
Explanation: | WebSphere for z/OS was not able to find the Kerberos principal name that was
returned from a call to R_kerbinfo.
| Action: | This message indicates that the process can not interpret the results from a
R_kerbinfo call. This will cause the process to skip the SSL Kerberos
GSS_API method of authentication.
| BBOS0069I | SSL/Kerberos initialization failed for user string, because
RACF is not installed. API: string. SAF code =
dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user profile because RACF is not
installed.
| Action: | RACF must be installed before WebSphere can use Kerberos security.
Install RACF and define KERB segments for those users that will be using
Kerberos security. The SAF and RACF codes are documented in the OS/390
Security Server Callable services book.
| BBOS0070I | SSL/Kerberos initialization failed for user string, because
it has been revoked. API: string. SAF code =
dstring,
RACF ret code = dstring, RACF rsn code = dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user profile because the user has
been revoked.
| Action: | Contact your security administrator and have the user reinstated. The
SAF and RACF codes are documented in the OS/390 Security Server Callable
services book.
| BBOS0071I | SSL/Kerberos initialization failed for user string, because
it has been revoked by this call. API: string.
SAF code = dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user profile because the user has
been revoked by the call.
| Action: | Contact your security administrator and have the user reinstated. The
SAF and RACF codes are documented in the OS/390 Security Server Callable
services book.
| BBOS0072I | SSL/Kerberos initialization failed for user string, because
of an internal error. API: string. SAF code =
dstring,
RACF ret code = dstring, RACF rsn code = dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user.
| Action: | This is a internal error. Reference the SAF and RACF codes documented
in the OS/390 Security Server Callable services book.
| BBOS0073I | SSL/Kerberos initialization failed for user string, because
of an internal error. API: string. SAF code =
dstring,
RACF ret code = dstring, RACF rsn code = dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user.
| Action: | This is a internal error. Reference the SAF and RACF codes documented
in the OS/390 Security Server Callable services book.
| BBOS0074I | SSL/Kerberos initialization failed for user string, because
of an internal SAF error. API: string. SAF code =
dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user due to an internal SAF
error.
| Action: | This is a internal error. Reference the SAF and RACF codes documented
in the OS/390 Security Server Callable services book.
| BBOS0075I | SSL/Kerberos initialization failed for user string, because
of an internal SAF error. API: string. SAF code =
dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user due to an internal SAF
error.
| Action: | This is a internal error. Reference the SAF and RACF codes documented
in the OS/390 Security Server Callable services book.
| BBOS0076I | SSL/Kerberos initialization failed for user string, because
the user does not have a KERB segment. API:
string. SAF code
= dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user profile because the user is not
defined to Kerberos.
| Action: | The user must have a SAF KERB segment defined to use Kerberos security.
Have your security administrator define the user to Kerberos. The SAF
and RACF codes are documented in the OS/390 Security Server callable services
book.
| BBOS0077I | SSL/Kerberos initialization failed for user string, because
of an internal error. API: string. SAF code =
dstring,
RACF ret code = dstring, RACF rsn code = dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user.
| Action: | This is a internal error. Reference the SAF and RACF codes documented
in the OS/390 Security Server Callable services book.
| BBOS0078I | SSL/Kerberos initialization failed for user string, because
the user is not defined. API: string. SAF code =
dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user profile because the user is not
defined to SAF
| Action: | The user must have a SAF KERB segment defined to use Kerberos security.
Have your security administrator define the user to SAF then have him add a
Kerberos segment to the user. The SAF and RACF codes are documented in
the OS/390 Security Server callable services book.
| BBOS0079I | SSL/Kerberos initialization failed for user string, because
of an internal SAF error. API: string. SAF code =
dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user due to an internal SAF
error.
| Action: | This is a internal error. Reference the SAF and RACF codes documented
in the OS/390 Security Server Callable services book.
| BBOS0080I | SSL/Kerberos initialization failed for user string, because
of an internal SAF error. API: string. SAF code =
dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During initialization, WebSphere was unable to extract the Kerberos
information from the KERB segment of the user due to an internal SAF
error.
| Action: | This is a internal error. Reference the SAF and RACF codes documented
in the OS/390 Security Server Callable services book.
| BBOS0081I | SSL/Kerberos initialization failed because the Kerberos API
string failed with a status code of hstring -
string.
Explanation: | During initialization, a call to the indicated Kerberos API failed with the
stated status code.
| Action: | Take appropriate actions based on the status reported in the message and try
the operation again. The Kerberos status codes are documented in the
OS/390 Network Authentication Administration book.
| BBOS0082I | SSL/Kerberos initialization failed because the Kerberos GSS_API
string failed. major status: hstring -
string minor
code: hstring - string
Explanation: | During initialization, a call to the indicated Kerberos GSS_API failed with
the stated status codes.
| Action: | Take appropriate actions based on the status reported in the message and try
the operation again. The Kerberos status codes are documented in the
OS/390 Network Authentication Administration book.
| BBOS0083I | SSL/Kerberos initialization failed because the API SETENV failed
with errno dstring.
Explanation: | During initialization, the server control region was not able to set the
environment variable KRB5_SERVER_KEYTAB to "1". In order for a
server to participate in Kerberos security this environment variable must be
set. The server will continue with its initialization but Kerberos
security will not be used.
| Action: | Take appropriate actions based on the errno in the message and try the
operation again.
| BBOS0084I | SSL/Kerberos initialization failed because the server could not find
its associated Kerberos principal name.
Explanation: | During initialization, the server control region was not able to determine
what its associated Kerberos principal name is. The server will
continue with its initialization but Kerberos security will not be
used.
| Action: | Check the server's log for messages that may relate to the problem.
Take appropriate actions based on the messages found and try the operation
again.
| BBOS0085I | SSL/Kerberos initialization failed because the server could not find
its associated Default Kerberos realm.
Explanation: | During initialization, the server control region was not able to determine
what its associated Kerberos realm name is. The server will continue
with its initialization but Kerberos security will not be used.
| Action: | Check the server's log for messages that may relate to problem.
Take appropriate actions based on the messages found and try the operation
again.
| BBOS0086I | SSL/Kerberos initialization failed because the Kerberos GSS_API
string failed. major status: hstring -
string minor
code: hstring - string
Explanation: | During initialization, a call to the indicated Kerberos GSS_API failed with
the stated status codes. The server will continue with its
initialization but Kerberos security will not be used.
| Action: | Take appropriate actions based on the status reported in the message and try
the operation again. The Kerberos status codes are documented in the
OS/390 Network Authentication Administration book.
| BBOS0087I | SSL/Kerberos server failed to authenticate this request because the
Kerberos GSS_API string failed. major status:
hstring - string minor code: hstring -
string
Explanation: | During the processing of a request the Kerberos GSS_API failed with the stated
status codes. The server will not use Kerberos security for this
request.
| Action: | Take appropriate actions based on the status reported in the message and try
the operation again. The Kerberos status codes are documented in the
OS/390 Network Authentication Administration book.
| BBOS0088I | The Kerberos principal name obtained from the authentication token
has an invalid length of dstring.
Explanation: | WebSphere for z/OS was not able to authenticate the client request because the
length of the Kerberos principal name was larger than allowable.
| Action: | This message indicates that a server process can not interpret a Kerberos
principal that is associated with this request. Kerberos security will
not be used for this request.
| BBOS0089I | The Kerberos principal name obtained from the authentication token
can not be understood by the server.
Explanation: | WebSphere for z/OS was not able to authenticate the client request because the
Kerberos principal name was not understood by the server.
| Action: | This message indicates that a server process can not interpret a Kerberos
principal that is associated with this request. Kerberos security will
not be used for this request.
| BBOS0090I | SSL/Kerberos authentication failed for the principal string,
because RACF is not installed. API: string. SAF
code = dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During Kerberos authentication, WebSphere was unable to obtain the SAF user
associated with the Kerberos principal because RACF is not installed.
| Action: | RACF must be installed before WebSphere can use Kerberos security.
Install RACF and define KERB segments for those users that will be using
Kerberos security. The SAF and RACF codes are documented in the OS/390
Security Server Callable services book.
| BBOS0091I | SSL/Kerberos authentication failed for the principal string,
because of an invalid parameter. API: string. SAF
code = dstring, RACF ret code = dstring, RACF rsn code =
dstring.
Explanation: | During Kerberos authentication, WebSphere was unable to obtain the SAF user
associated with the Kerberos principal because of an internal error.
| Action: | Reference the SAF and RACF codes documented in the OS/390 Security Server
Callable services book.
| BBOS0092I | SSL/Kerberos authentication failed for the principal string,
because there is no mapping between the Kerberos principal and a RACF
userid.
API: string. SAF code = dstring, RACF ret code
= dstring, RACF rsn code = dstring.
Explanation: | During Kerberos authentication, WebSphere was unable to obtain the SAF user
associated with the Kerberos principal because there is no mapping the
Kerberos principal and a RACF userid.
| Action: | Contact your security administrator and have the principal mapped to a RACF
userid. The SAF and RACF codes are documented in the OS/390 Security
Server Callable services book.
| BBOS0093I | SSL/Kerberos authentication failed for the principal string,
because this server is not authorized to use the IRRSIM00 SAF service.
API: string. SAF code = dstring, RACF ret code
= dstring,
RACF rsn code = dstring.
Explanation: | During Kerberos authentication, WebSphere was unable to obtain the SAF user
associated with the Kerberos principal because this server is not authorized
to use the IRRSIM00 service.
| Action: | Based on the return codes take corrective action and retry the request.
Reference the SAF and RACF codes documented in the OS/390 Security Server
Callable services book.
| BBOS0094I | SSL/Kerberos authentication failed for the principal string,
because this server could not map the princpal to a SAF user.
API: string. SAF code = dstring, RACF ret code
= dstring,
RACF rsn code = dstring.
Explanation: | During Kerberos authentication, WebSphere was unable to obtain the SAF user
associated with the Kerberos principal.
| Action: | Contact your security administrator and have the server authorized to the
IRR.RUSERMAP FACILITY class. The SAF and RACF codes are
documented in the OS/390 Security Server Callable services book.
| BBOS0095I | SSL/Kerberos the IOR tagged component for SSL Kerberos security was
skipped because of an invalid length for the server realm name.
Explanation: | During the processing of an IOR the length of the server's realm name in
an SSL Kerberos GSS_API tag could not be determined. The process
continues but this form of security will not be used.
| Action: | This is an internal programming error. For further information on
resolving this error, consult the IBM WebSphere Application Server for z/OS
Support website at:
http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html
This site provides searchable databases of technotes, solutions, and
e-fixes. Information on contacting the WebSphere Support team is also
provided.
| BBOS0096I | SSL/Kerberos the IOR tagged component for SSL Kerberos security was
skipped because of an invalid realm name.
Explanation: | During the processing of an IOR the the server's realm name in an SSL
Kerberos GSS_API tag could not be determined. The process continues but
this form of security will not be used.
| Action: | This is an internal programming error. For further information on
resolving this error, consult the IBM WebSphere Application Server for z/OS
Support website at:
http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html
This site provides searchable databases of technotes, solutions, and
e-fixes. Information on contacting the WebSphere Support team is also
provided.
| BBOS0097I | SSL/Kerberos the IOR tagged component for SSL Kerberos security was
skipped because of an invalid length for the server principal name.
Explanation: | During the processing of an IOR the length of the server's principal name
in an SSL Kerberos GSS_API tag could not be determined. The process
continues but this form of security will not be used.
| Action: | This is an internal programming error. For further information on
resolving this error, consult the IBM WebSphere Application Server for z/OS
Support website at:
http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html
This site provides searchable databases of technotes, solutions, and
e-fixes. Information on contacting the WebSphere Support team is also
provided.
| BBOS0098I | SSL/Kerberos the IOR tagged component for SSL Kerberos security was
skipped because of an invalid server principal name.
Explanation: | During the processing of an IOR the the server's principal name in an SSL
Kerberos GSS_API tag could not be determined. The process continues but
this form of security will not be used.
| Action: | This is an internal programming error. For further information on
resolving this error, consult the IBM WebSphere Application Server for z/OS
Support website at:
http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html
This site provides searchable databases of technotes, solutions, and
e-fixes. Information on contacting the WebSphere Support team is also
provided.
| BBOS0099I | Unable to load the Kerberos DLL EUVFKDLL. The Kerberos API
krb5_dll_load
failed with errno dstring.
Explanation: | The WebSphere program was not able to load the Kerberos dynamic load library
"EUVFKDLL". This DLL must be available on the system if
Kerberos security is desired. The program will continue but Kerberos
security will not be used.
| Action: | The most likely reason for this is that Kerberos has not been installed on the
system. If Kerberos security is desired, Kerberos must be installed and
a Kerberos security server (SKRBKDC) must be active on the system.
Ensure that Kerberos contains any service specified in the installation
documentation for this level of WebSphere.
| BBOS0100W | An SSL certificate failed an internal conversion.
Explanation: | An internal conversion routine failed to convert an SSL Client Certificate to
be handled by RACF.
| Action: | The most likely reason for this code is that the incoming SSL certificate is
malformed. Check the SSL certificate from the client to make sure it is
valid.
| BBOS0101W | Invalid or missing REM_USERID or REM_PASSWORD in the environmental
file. If server allows it, client will run unauthenticated
Explanation: | Client security code is connecting to a server which prefers UserID/Password
but there is no REM_USERID or REM_PASSWORD in the client's environmental
file. If permited, client will run unauthenticated.
| Action: | Check the environmental file for these variables
| BBOS0102W | A verify for a MVS userid/password pair failed for userid string
SAF code = dstring, RACF ret code = dstring, RACF
rsn code = dstring.
Explanation: | A customer Application needed to verify a MVS user password
combination. Their call to SAF failed because the ID or password was
invalid.
| Action: | Find return code and reason codes defined in OS/390 V2R4 Security Server
(RACF) Callable Services or later documentation.
| BBOS0103E | MSG_BBOSENUS_SEC_EJBROLES_CHECK_FAILED: The requested
EJBROLESAUTHCHECK(RACROUTE)
function User string not permitted to method string via
Allowed roles (string.)
Explanation: | EJB container called isClientInRole. The ID on the current thread did
not have read access to any of the EJB Roles listed.
| Action: | If this ID should have access change the SAF permisions. Otherwise,
this is a normal denial of service.
| BBOS0104E | MSG_BBOSENUS_SEC_UNABLE_TO_PERFORM_EJBROLES_CHECK: SAF Ret
Code (hex) : hstring The requested FASTAUTHCHECK(RACROUTE)
function could not be performed for Role Name string and Class Name
string
Explanation: | SAF Return Code reported by Security Manager - The requested METHAUTHCHECK
(RACROUTE) function could not be . performed. Use the SAF Return
Code in conjunction with the reported RACF Return Code to determine the cause
of the problem. This SAF Return Code can have several different
associated RACF Return Codes that further define the problem.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0105E | MSG_BBOSENUS_SEC_REQUESTED_EJBROLES_CHECK_FUNCTION_FAILED:
SAF Return Code (hex) : hstring The requested FASTAUTHCHECK
function failed and could not be performed for UserID string using
Role Name string and Class Name string
Explanation: | SAF Return Code reported by Security Manager - the requested METHAUTHCHECK
(RACROUTE) function failed. Use the SAF Return Code in conjunction with
the reported RACF Return Code to determine the cause of the problem.
Some RACF Return Codes can have several different associated RACF Reason Codes
that further define the problem. Use the SAF Return Code in conjunction
with the reported RACF Return Code and RACF Reason Code to determine the cause
of the problem.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0106E | MSG_BBOSENUS_SEC_EJBROLES_CHECK_RELEASE_PARAMETER_ERRO: SAF
Return Code (hex) : hstring FASTAUTHCHECK Release parameter
error for Role Name string and Class Name string
Explanation: | SAF Return Code reported by Security Manager. This error indicates that
the CHECK subparameter of the RELEASE keyword was specified on the execute
form of the RACROUTE REQUEST=FASTAUTH macro, however, the list form of the
macro does not have the same RELEASE parameter. Macro processing
terminates.
| Action: | Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference
Document Number: GC28-1922-0y
| BBOS0107E | Credential handling function string failed.
Explanation: | An attempt to get or set a user credential failed.
| Action: | For further information on resolving this error, consult the IBM WebSphere
Application Server for z/OS Support website at:
http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html
This site provides searchable databases of technotes, solutions, and
e-fixes. Information on contacting the WebSphere Support team is also
provided.
| BBOS0108E | Credential handling function string failed in Routine
string with SAF Return Code (hex): hstring, RACF
Return
Code (hex): hstring, and RACF Reason Code (hex):
hstring.
Explanation: | SAF Return Code reported by Security Manager - The requested function
failed. Use the routine name and SAF Return Code in conjunction with
the reported RACF Return Code to determine the cause of the problem.
Some RACF Return Codes can have several different associated RACF Reason Codes
that further define the problem. Use the SAF Return Code in conjunction
with the reported RACF Return Code and RACF Reason Code to determine the cause
of the problem.
| Action: | Correct any problems with the definitions of users or EJBROLE profiles.
Ensure the EJBROLE class is active. Reference the OS/390 V2Rx.0
Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
| BBOS0109E | Credential handling function string failed in Routine
string with returnCode (hex): hstring, SAF Return Code
(hex): hstring, RACF Return Code (hex): hstring,
and RACF Reason Code (hex): hstring. Check that class
EJBROLE
has defined a valid APPLDATA.
Explanation: | The requested function failed. Use the routine name and SAF Return Code
in conjunction with the reported RACF Return Code to determine the cause of
the problem. Some RACF Return Codes can have several different
associated RACF Reason Codes that further define the problem. Use the
SAF Return Code in conjunction with the reported RACF Return Code and RACF
Reason Code to determine the cause of the problem.
| Action: | If the return code is 8 and all the other ones are 0's, ensure that the
EJBROLE class has defined a valid APPLDATA. Reference the OS/390
V2Rx.0 Security Server RACROUTE Macro Reference Document Number:
GC28-1922-0y
| BBOS0110W | MSGINDEX_BBOUENUS_ROLE_IS_NOT_DEFINED_TO_CLASS_EJBROLE: SAF
Ret Code (hex) : hstring and returnCode: hstring
indicate that Role Name string is not defined to Class Name
string, which is active
Explanation: | SAF Return Code reported by Security Manager - the requested STATUS check on
class EJBROLE returned true but it indicates that the role name provided is
not defined to this class.
| Action: | Make sure that the role name is RDEFINE to this class. Reference the
OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document
Number: GC28-1922-0y
| BBOS0111E | UTOKEN handling function string failed in request
string with SAF Return Code (hex): hstring, RACF
Return Code
(hex): hstring, and RACF Reason Code (hex):
hstring.
Explanation: | The SAF Return Code was reported by Security Manager - the requested RACROUTE
request failed. Use the request name and SAF Return Code in conjunction
with the reported RACF Return Code to determine the cause of the
problem. Some RACF Return Codes can have several different associated
RACF Reason Codes that further define the problem.
| Action: | If a RACROUTE request regarding UTOKENs fails, there is probably a problem
with the Security Manager. Contact your next level of support or the
IBM Support Center. Reference the OS/390 V2Rx.0 Security Server
RACROUTE Macro Reference Document Number: GC28-1922-0y
| BBOS0112E | Credential handling function string failed in USS callable
service string with Return Value (hex): hstring,
Return
Code (hex): hstring, and Reason Code (hex):
hstring.
Explanation: | USS Return Value reported by Security Manager - the requested function
failed. Use the routine name and USS Return Value in conjunction with
the reported USS Return Code to determine the cause of the problem.
Some USS Return Codes can have several different associated USS Reason Codes
that further define the problem. Use the USS Return Value in
conjunction with the reported USS Return Code and USS Reason Code to determine
the cause of the problem.
| Action: | Find return value, return code, and reason codes defined in OS/390 USS
Callable Services or later documentation.
| BBOS0113W | MSGINDEX_BBOUENUS_CTXRDTA_RRS_GET_IDENTITY_ERROR: CTXRDTA Return
Code (hex) : hstring indicates that an error was encountered
when attempting to obtain the current identity on the current RRS
context.
Explanation: | CTXRDTA Return Code reported by Security Manager - the request to obtain the
current identity on the RRS context encountered an error.
| Action: | Reference the OS/390 V2R10 of OS/390 (5647-A01) or later MVS
Programming: Resource Recovery Document Number: GC28-1739-08 or
later
| BBOS0114I | Principal or service name is too long for audit.
Explanation: | Either the service name or principal name for a user is too long for audit by
the external security manager. The limit is 255 characters.
Processing continues, but the principal name from the original registry is not
included in audit records.
| Action: | None.
| BBOS0115I | WebSphere security has detected that the default RACF realm has not
been defined to RACF.
Explanation: | The server was not able to obtain the RACF default realm name. This
definition is required for this version of z/OS WebSphere. The Daemon
IP Name will be used instead.
| Action: | In this case the profile for the default realm has been defined but the
appldata has been omitted. Contact your system security administrator
to define the default realm using the RACF command RALTER REALM SAFDFLT
APPLDATA('racf.realm.name')
.
| BBOS0116I | WebSphere security has detected that the default RACF realm could
not be obtained from RACF.
Explanation: | The server was not able to obtain the RACF default realm name. This
definition is required for this version of z/OS WebSphere. The Daemon
IP Name will be used instead.
| Action: | Contact your system security administrator to define the default realm using
the RACF command RALTER REALM SAFDFLT
APPLDATA('racf.realm.name')
.
| BBOS0117I | WebSphere security has detected that the default RACF realm could
not be obtained from RACF. A RACF call to obtain the system default
realm
failed with RETURN CODE=hstring,
Explanation: | The server was not able to obtain the RACF default realm name. This
definition is required for this version of z/OS WebSphere. The Daemon
IP Name will be used instead.
| Action: | Examine the error codes that were returned and take the appropriate corrective
actions. The server must be stopped and restarted to pick up any
changes. The meanings for the return codes contained in the message can
be found in the z/OS SecureWay Security Server RACF External Security
Interface (RACROUTE) Macro Reference under the RACROUTE REQUEST=EXtrACT
section.
| BBOS0118E | A CSI GSSUP authentication request failed with a string
exception,
and a minor code of hstring.
Explanation: | A WebSphere client was unable to complete a CSI GSSUP authentication sequence
with a server.
| Action: | Take appropriate actions based on the exception reported in the message and
try the operation again.
| BBOS0119E | A CSI GSSUP authentication request failed with a Context Error.
Major
Status: dstring Minor Status: dstring Context
Error: string
Explanation: | A WebSphere client was unable to complete a CSI GSSUP authentication sequence
with a server. The server returned an error on the request.
| Action: | Verify the userid and password configured on the client is valid at the target
system.
| BBOS0120I | CSIv2 z/OS GSSUP security has been configured but will not be used
because SSL services are not available.
Explanation: | The server was not able to support the configured security method because it
required SSL services which were not available. The server continues to
operate but CSIv2 z/OS GSSUP security will not be supported.
| Action: | Examine the logs for the reason(s) that SSL was not available, and take the
appropriate corrective actions. The server must be stopped and
restarted to pick up any changes.
| BBOS0121I | CSIv2 Kerberos GSSAPI security has been configured but will not be
used because SSL services are not available.
Explanation: | The server was not able to support the configured security method because it
required SSL services which were not available. The server continues to
operate but CSIv2 Kerberos GSSAPI security will not be supported.
| Action: | Examine the logs for the reason(s) that SSL was not available, and take the
appropriate corrective actions. The server must be stopped and
restarted to pick up any changes.
| BBOS0122I | CSIv2 z/OS GSSUP security has been configured but will not be used
because the default RACF realm could not be converted to UTF8. An
iconv_open
failed with errno dstring.
Explanation: | The server was not able to support the configured security method because it
could not convert the RACF default realm name to its UTF8
representation. A call to iconv_open failed with the returned
errno. The server continues to operate but CSIv2 z/OS GSSUP security
will not be supported.
| Action: | Examine the errno that was returned and take the appropriate corrective
actions. The server must be stopped and restarted to pick up any
changes.
| BBOS0123I | CSIv2 z/OS GSSUP security has been configured but will not be used
because the default RACF realm could not be converted to UTF8. An iconv
failed
with errno dstring.
Explanation: | The server was not able to support the configured security method because it
could not convert the RACF default realm name to its UTF8
representation. A call to iconv failed with the returned errno.
The server continues to operate but CSIv2 z/OS GSSUP security will not be
supported.
| Action: | Examine the errno that was returned and take the appropriate corrective
actions. The server must be stopped and restarted to pick up any
changes.
| BBOS0124I | CSIv2 Kerberos GSSAPI security has been configured but will not be
used because the default Kerberos realm exceeds its maximum length. The
default
realm is string, with a length of dstring .
Explanation: | The server was not able to support the configured security method because the
default Kerberos realm name exceeds its maximum length. The server
continues to operate but CSIv2 Kerberos security will not be supported.
| Action: | Examine the realm name and length that were returned and take the appropriate
corrective actions. The maximum length of the realm is 255. The
server must be stopped and restarted to pick up any changes.
| BBOS0125I | CSIv2 Kerberos GSSAPI security has been configured but will not be
used because the server's Kerberos principal name exceeds its maximum
length.
Explanation: | The server was not able to support the configured security method because the
server's Kerberos principal name exceeds its maximum length. The
server continues to operate but CSIv2 Kerberos security will not be
supported.
| Action: | The maximum length of a server's Kerberos principal name is 1024.
The server must be stopped and restarted to pick up any changes.
MSGINDEX_BBOUENUS_CSIV2_KRBGSS_CONF_NO_REQ_KRB
| BBOS0126I | CSIv2 Kerberos GSSAPI security has been configured but will not be
used because Kerberos services are not available.
Explanation: | The server was not able to support the configured security method because it
required Kerberos services which were not available. The server
continues to operate but CSIv2 Kerberos GSSAPI security will not be
supported.
| Action: | Examine the logs for the reason(s) that Kerberos was not available, and take
the appropriate corrective actions. The server must be stopped and
restarted to pick up any changes.
| BBOS0127I | CSIv2 GSSUP security has been configured but will not be used because
the security realm name is not available.
Explanation: | The server was not able to support the configured security method because it
requires the default RACF realm to be defined. The server continues to
operate but CSIv2 GSSUP security will not be supported.
| Action: | Examine the logs for the reason(s) that the default RACF realm could not be
found, and take the appropriate corrective actions. The server must be
stopped and restarted to pick up any changes.
| BBOS0128W | Multiple SSL keyring names were specified. Keyring string
was
chosen
Explanation: | System SSL supports only a single keyring. Multiple keyring names were
specified during configuration, specifically for com_ibm_HTTP_claimKeyringName
and com_ibm_CSI_claimKeyringName and com_ibm_CSI_performKeyringName.
The system has chosen the keyring named in the message and continues.
Websphere tries to use them in the order listed above, looking for the first
none-null value
| Action: | Examine the SSL keyring names specified during configuration and make them all
the same
| BBOS0129E | SSL is required, but no keyring names have been specified
Explanation: | Websphere has determined that SSL is needed, but the keyring configuration
variables are all null. The variables that are used are
com_ibm_HTTP_claimKeyringName and com_ibm_CSI_claimKeyringName and
com_ibm_CSI_performKeyringName. At least one of these must contain a
valid keyring name.
| Action: | set a keyring variable to a valid keyring name.
MSGINDEX_BBOUENUS_RUNAS_ENABLE_trUSTED_APPS_NOT_SET 7704A
| BBOS0130E | Credential handling function string failed because
EnabletrustedApplications
is set to false.
Explanation: | The requested function failed because global security is enabled and
EnabletrustedApplications is set to false.
| Action: | This message occurs if global security is enabled and the registry is LocalOS
(SAF), and option EnabletrustedApplications is set to false. To correct
this, disable security, reconfigure security with EnabletrustedApplications
set to true, then enable security. EnabletrustedApplications is found
in the admin. console under Global Security -> Custom
Properties.
|
|
|