BBOS0001E | DCE/SAF initialization failed. API: string. SAF
code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the DCE information from the RACF user profile DCE segment.
User Response: Look for additional WebSphere messages for more information. The codes are documented in the OS/390 Security Server Callable Services reference.
BBOS0002E | CBIND CHECK FAILED WITH SAF RETURN CODE=hstring, RACF
RETURN CODE=hstring, RACF REASON CODE=hstring. |
Explanation: A RACF Check against the CBIND class was performed and failed.
User Response: See SAF and RACF return and reason codes and update the RACF database accordingly. Information pertaining to the CBIND class can be found in the following documentation: RACF Messages and Codes, OS/390 Security Server (RACF) Macros and Interfaces, OS/390 Security Server (RACF) System Programmer's Guide. Ref: OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0003E | initACEE (IRRSIA00) failed for MVS Userid: string,
with APPLID: string, with SAF Return Code=dstring, RACF Return Code=dstring, RACF Reason Code=dstring. |
Explanation: The initACEE callable security service failed for the indicated MVS Userid and with the indicated decimal return and reason codes.
User Response: See return codes for initACEE (IRRSIA00) in the Security Server (RACF) Callable Services or equivalent reference for other security products. Security Server reference documentation for initACEE include: OS/390 Security Server (RACF) Security Administrator's Guide and OS/390 Security Server (RACF) Callable Services for initACEE service call return and reason codes. Ref: OS/390 V2R6.0 Security Server (RACF) Callable Services Document Number: GC28-1921-05
BBOS0004W | Deletion of a RACO failed. |
Explanation: The release of the storage for the RACO failed.
User Response: For further information on resolving this error, consult the IBM WebSphere Application Server for z/OS Support website at: http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html This site provides searchable databases of technotes, solutions, and e-fixes. Information on contacting the WebSphere Support team is also provided.
BBOS0005E | RACLIST of class, string, failed with SAF Return
Code=hstring, RACF Return Code=hstring, RACF Reason Code=hstring. |
Explanation: RACROUTE REQUEST=LIST failed.
User Response: Look in Security Server RACROUTE Macro Reference for the reason. Issue appropriate SETROPTS commands to resolve the situation.
BBOS0006E | DOWN-LEVEL SECURITY PRODUCT FOUND. |
Explanation: A Security Product at the 2.6.0 level is needed for some internal initACEE (IRRSIA00) calls.
User Response: Upgrade Security Product.
BBOS0007E | RACROUTE REQUEST=EXTRACT for string failed with SAF
Return Code=hstring, RACF Return Code=hstring, RACF Reason Code=hstring. |
Explanation: A call to RACROUTE REQUEST=EXTRACT failed with the indicated hexadecimal return and reason codes.
User Response: See the accompanying return/reason codes in the OS/390 Security Server RACROUTE Macro Reference.
BBOS0008E | RACAUTH of class, string, failed with SAF Return
Code=hstring, RACF Return Code=hstring, RACF Reason Code=hstring. |
Explanation: RACROUTE REQUEST=AUTH or REQUEST=FASTAUTH failed.
User Response: Look in the OS/390 Security Server RACROUTE Macro Reference for the reason. Issue the appropriate SETROPTS command to correct the situation.
BBOS0009E | The requested PassTicket was not produced properly. |
Explanation: The creation of a PassTicket failed.
User Response: Refer to the OS/390 Security Server (RACF) Macros and Interfaces document, Secured Signon (PassTicket) function for an explanation.
BBOS0010E | THE REQUESTED PASSTICKET SUPPORT IS NOT AVAILABLE FOR USE. THE
SECURED SIGNON CALLABLE SERVICE COULD NOT BE LOCATED. |
Explanation: The secured signon callable service required to build a PassTicket is not available on the system.
User Response: Check that the required level of Security Server is properly installed on the system.
BBOS0011I | Unable to load the DCE DLL EUVSDLL, the C/C++ library function
dllload failed with errno dstring. |
Explanation: The WebSphere control region was not able to load the DCE dynamic load library "EUVSDLL". This DLL must be available on the system if DCE security is desired. The control region will continue but DCE security will not be used.
User Response: The most likely reason for this is that DCE has not been installed on the system. If DCE security is desired, DCE must be installed and a DCE security server (SECD) must be active on the system.
BBOS0012I | The C/C++ library function string failed to locate the
pointer to string in the DCE DLL. The errno returned was dstring. |
Explanation: The WebSphere control region was not able to find the pointer to the entry in the DCE DLL "EUVSDLL". This entry must be available on the system if DCE security is desired. The control region will continue but DCE security will not be used.
User Response: Respond to the message as appropriate.
BBOS0013E | The DCE mutual authentication request failed with a
string exception, with a minor code of hstring. |
Explanation: A CB client was unable to complete a DCE mutual authentication sequence with a server.
User Response: Take appropriate actions based on the exception reported in the message and try the operation again.
BBOS0014E | MSG_BBOSENUS_SEC_PARAM_LIST_ERR: RACF - Parameter list error
occurred during init_acee create |
Explanation: RACF - Parameter list error occurred
User Response: Look for additional WebSphere for z/OS messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0015E | MSG_BBOSENUS_SEC_RACF_INTERNAL_ERR: RACF - An internal error
occurred during init_acee create |
Explanation: RACF - An internal error occurred during RACF processing
User Response: Look for additional WebSphere for z/OS messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0016E | MSG_BBOSENUS_SEC_RECOV_ENV_ERR: RACF - Recovery environment
could not be established during init_acee create |
Explanation: RACF - Recovery environment could not be established
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0017E | MSG_BBOSENUS_SEC_UNDEF_USERID: RACF - User ID is not defined
to RACF during init_acee create |
Explanation: RACF - User ID is not defined to RACF
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0018E | MSG_BBOSENUS_SEC_INV_PW_PTK: RACF - Password or PassTicket
is not valid during init_acee create |
Explanation: RACF - Password or PassTicket is not valid
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0019E | MSG_BBOSENUS_SEC_PW_EXPIRED: RACF - Password is expired
during init_acee create |
Explanation: RACF - Password is expired
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0020E | MSG_BBOSENUS_SEC_USERID_OR_PW_REVOKED: RACF - User ID is
revoked during init_acee create |
Explanation: RACF - User ID or Password is revoked
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0021E | MSG_BBOSENUS_SEC_UNAUTH_USER: RACF - User ID is not
authorized during init_acee create |
Explanation: RACF - User is not authorized
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0022E | MSG_BBOSENUS_SEC_INVALID_CERTIF: RACF - Certificate is not
valid during init_acee create |
Explanation: RACF - Certificate is not valid
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0023E | MSG_BBOSENUS_SEC_CERTIF_NOTRUST: RACF - Either no user ID is
defined for this certificate or the certificate status is NOTRUST during init_acee create |
Explanation: RACF - Either no user ID is defined for this certificate or the certificate status is NOTRUST
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0024E | MSG_BBOSENUS_SEC_NO_REM_USERID: No remote user ID is
defined |
Explanation: Security Manager - no remote user ID is defined
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0025E | MSG_BBOSENUS_SEC_NO_REM_PASSWORD: No remote password or a
blank password is defined as an environmental variable for Userid string |
Explanation: Security Manager - no remote PASSWORD is defined
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0026E | MSG_BBOSENUS_SEC_PTKT_HASHTABLE_FAILED: Security
manager: hash table was not created |
Explanation: Security Manager - Security Manager hash table creation failure
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0027I | Security was not able to create a passticket. |
Explanation: This process was attempting to initialize userid/passticket security, and was not able to generate a passticket. The process continues, and attempts to use the next available security method.
User Response: The most likely reasons for this are that the Websphere Daemon was not active on the system or the SAF security manager was not configured to support passtickets. It is a requirement for using userid/passticket security that the Websphere Daemon process be active on the system where passtickets are generated. Further you must activate the resource class PTKTDATA, and define the CBS390 profile in this class. All users or groups that intend to use this resource must be given read access to this profile.
BBOS0028E | MSG_BBOSENUS_SEC_NULL_SESSIONID: Null session ID in
NatSecCtx_Auth |
Explanation: Security Manager - Security Manager NatSecCtx_Auth has null sessionid
User Response: Look for additional WebSphere messages for more information. The RACF codes are documented in the OS/390 Security Server (RACF) Callable Services reference, Return and Reason Codes, for IRRSIA00.
BBOS0029W | Failed attempt to use SessionID, retrying alternate
security |
Explanation: Security type offered included User ID and SessionID, but that type was unavailable. The next available security type will be tried
User Response: None, this is a warning message that another security type will be tried.
BBOS0030E | MSG_BBOSENUS_SEC_UNABLE_TO_PERFORM_CBIND: SAF Ret Code (hex)
: hstring The requested CBIND(RACROUTE) function could not be performed |
Explanation: SAF Return Code reported by Security Manager - The requested CBIND (RACROUTE) function could not be performed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. This SAF Return Code can have several different associated RACF Return Codes that further define the problem.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0031E | MSG_BBOSENUS_SEC_NO_RACF_SECURITY_DECISION_MADE: RACF Return
Code (hex) : hstring (RACROUTE)- No security decision could be made |
Explanation: RACF Return Code reported by Security Manager No security decision could be made. The RACF router was not loaded; the request, resource, subsystem combination could not be found in the RACF ROUTER table; no successful exit processing can take place.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0032E | MSG_BBOSENUS_SEC_UNKNOWN_TO_RACF: RACF Return Code (hex)
: hstring (RACROUTE) - No security decision could be made |
Explanation: RACF Return Code reported by Security Manager The resource or class name is not defined to RACF or the class has not been raclisted.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0033E | MSG_BBOSENUS_SEC_RACF_NOT_ACTIVE: RACF Return Code (hex)
: hstring (RACROUTE) - RACF not active |
Explanation: RACF Return Code reported by Security Manager RACF not active
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0034E | MSG_BBOSENUS_SEC_RACF_CLASS_DATA_SPACE_DELETED: RACF Return
Code (hex) : hstring (RACROUTE) - RACF data space has been deleted |
Explanation: RACF Return Code reported by Security Manager The class was raclisted by RACROUTE REQUEST=LIST, GLOBAL=YES, or SETROPTS RACLIST, but the data space has been deleted.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0035E | MSG_BBOSENUS_SEC_DATA_SPACE_ACCESS_ALESERV_FAILURE: RACF
Return Code(hex): hstring (RACROUTE) - No data space access, ALESERV failure |
Explanation: RACF Return Code reported by Security Manager The class was raclisted by RACROUTE REQUEST=LIST, GLOBAL=YES, or SETROPTS RACLIST, but the data space cannot be accessed due to an ALESERV failure.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0036E | MSG_BBOSENUS_SEC_REQUESTED_CBIND_FUNCTION_FAILED: SAF Return
Code (hex) : hstring The requested CBIND function failed |
Explanation: SAF Return Code reported by Security Manager - The requested CBIND (RACROUTE) function failed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. Some RACF Return Codes can have several different associated RACF Reason Codes that further define the problem. Use the SAF Return Code in conjunction with the reported RACF Return Code and RACF Reason Code to determine the cause of the problem.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0037E | MSG_BBOSENUS_SEC_USER_OR_GROUP_NOT_AUTHORIZED: RACF Return
Code (hex): hstring (RACROUTE) - The user or group is not authorized |
Explanation: RACF Return Code reported by Security Manager The user or group is not authorized to use the resource
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0038E | MSG_BBOSENUS_SEC_FASTAUTH_INSTALL_EXIT_ERROR: RACF Return
Code(hex): hstring (RACROUTE) - FASTAUTH install exit error occurred. |
Explanation: RACF Return Code reported by Security Manager A RACROUTE REQUEST=FASTAUTH installation exit error occurred.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0039E | MSG_BBOSENUS_SEC_BLANK_PORT_OF_ENTRY_IN_SECURITY_TOKEN: RACF
Return Code(hex): hstring (RACROUTE) - Blank port-of-entry in security token |
Explanation: RACF Return Code reported by Security Manager Indicates the profile has a conditional access list, the port-of-entry field in the security token is blank-filled, and the port-of-entry class is active.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0040E | MSG_BBOSENUS_SEC_PARAMETER_LIST_ERROR: RACF Return Code
(hex) : hstring (RACROUTE) - Parameter list error. |
Explanation: RACF Return Code reported by Security Manager Parameter list error.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0041E | MSG_BBOSENUS_SEC_ACEEALET_KEYWORD_AND_NOT_IN_SPVSOR_STATE:
RACF Reason Code(hex : hstring (RACROUTE)-Calling program not in Supervisor State |
Explanation: RACF Reason Code reported by Security Manager The ACEEALET= keyword was specified, but the calling program is not running in Supervisor State or System Key.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0042E | MSG_BBOSENUS_SEC_ACEE_KEYWORD_NOT_SPECIFIED: RACF Reason
Code (hex) : hstring (RACROUTE) - ACEE= keyword was not specified |
Explanation: RACF Reason Code reported by Security Manager The ACEEALET= keyword was specified, but the ACEE= keyword was not specified
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0043E | MSG_BBOSENUS_SEC_ENVRIN_KEYWORD_AND_NOT_IN_SPVSOR_STATE:
RACF Reason Code(hex): hstring (RACROUTE) -Calling program not in Supervisor State |
Explanation: RACF Reason Code reported by Security Manager The ENVRIN keyword was specified, but the calling program is not running in Supervisor State or System Key.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0044E | MSG_BBOSENUS_SEC_ENVRIN_AND_ACEE_KEYWORD_BOTH_SPECIFIED:
RACF Reason Code (hex) : hstring (RACROUTE) -ENVRIN and ACEE were both specified |
Explanation: RACF Reason Code reported by Security Manager ENVRIN and ACEE were both specified (they are mutually exclusive keywords).
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0045E | MSG_BBOSENUS_SEC_CBIND_RELEASE_PARAMETER_ERROR: SAF Return
Code (hex) : hstring CBIND Release parameter error |
Explanation: SAF Return Code reported by Security Manager This error indicates that the CHECK subparameter of the RELEASE keyword was specified on the execute form of the RACROUTE REQUEST=FASTAUTH macro, however, the list form of the macro does not have the same RELEASE parameter. Macro processing terminates.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0046E | MethAuthCheck was issued in an address space without a
BACB. |
Explanation: MethAuth was invoked, but initialization of the environment was incomplete or the call was made outside of the WebSphere for z/OS environment. Suggest waiting for environment initialization completion, or if the call was made outside of WebSphere for z/OS, remove the call.
User Response: Ensure that the WebSphere for z/OS regions are initialized
BBOS0047E | MSG_BBOSENUS_SEC_UNABLE_TO_PERFORM_METHAUTHCHECK: SAF Ret
Code (hex) : hstring The requested METHAUTHCHECK(RACROUTE) function could not be performed for Method Name string and Class Name string |
Explanation: SAF Return Code reported by Security Manager - The requested METHAUTHCHECK (RACROUTE) function could not be performed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. This SAF Return Code can have several different associated RACF Return Codes that further define the problem.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0048E | MSG_BBOSENUS_SEC_REQUESTED_METHAUTHCHECK_FUNCTION_FAILED:
SAF Return Code (hex) : hstring The requested METHAUTHCHECK function failed and could not be performed for Method Name string and Class Name string |
Explanation: SAF Return Code reported by Security Manager - The requested METHAUTHCHECK (RACROUTE) function failed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. Some RACF Return Codes can have several different associated RACF Reason Codes that further define the problem. Use the SAF Return Code in conjunction with the reported RACF Return Code and RACF Reason Code to determine the cause of the problem.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0049E | MSG_BBOSENUS_SEC_METHAUTHCHECK_RELEASE_PARAMETER_ERROR: SAF
Return Code (hex) : hstring METHAUTHCHECK Release parameter error for Method Name string and Class Name string |
Explanation: SAF Return Code reported by Security Manager This error indicates that the CHECK subparameter of the RELEASE keyword was specified on the execute form of the RACROUTE REQUEST=FASTAUTH macro, however, the list form of the macro does not have the same RELEASE parameter. Macro processing terminates.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0050I | DCE/SAF The server control region could not delete an ACEE created
for user string. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: A WebSphere server control region was unable to delete an ACEE, accessor environment element (MVS control block), that was used to temporarily impersonate a client.
User Response: Take appropriate actions based on the return codes reported in the message and try the operation again. The SAF and RACF codes are documented in the OS/390 Security Server Callable Services book.
BBOS0051I | DCE/SAF The server control region could not create an ACEE for
user string. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: A WebSphere server control region was unable to create an ACEE, accessor environment element (MVS control block), that was to be used to temporarily impersonate a client.
User Response: Take appropriate actions based on the return codes reported in the message and try the operation again. The SAF and RACF codes are documented in the OS/390 Security Server Callable Services book.
BBOS0052E | SSL security was specified but could not be initialized. |
Explanation: The OS/390 Cryptographic Services System Secure Sockets Layer could not be initialized.
User Response: See return codes for gsk_initialize in the OS/390 System SSL Programming Guide & Reference.
BBOS0053E | SSL security was specified but System SSL routine module GSKSSL
not available. |
Explanation: The OS/390 Cryptographic Services System Secure Sockets Layer routine could not be loaded during server initialization. SSL security will not be used.
User Response: Consult your systems programmer to install OS/390 Cryptographic Services System SSL.
BBOS0054E | SSL security was specified but the gsk_user_set function could
not be loaded. |
Explanation: The OS/390 Cryptographic Services System Secure Sockets Layer routine gsk_user_set could not be loaded. The version of System SSL installed at your location cannot support this function. SSL security will not be used.
User Response: Consult your systems programmer to install the correct version of System SSL.
BBOS0055E | Delete ACEE (IRRSIA00) failed with SAF Return
Code=dstring, RACF Return Code=dstring, RACF Reason Code=dstring. |
Explanation: The delete ACEE callable security service failed with the indicated decimal return and reason codes.
User Response: See return codes for IRRSIA00 in the Security Server (RACF) Callable Services or equivalent reference for other security products. Ref: OS/390 V2R6.0 Security Server (RACF) Callable Services Document Number: GC28-1921-0x
BBOS0056E | initACEE (IRRSIA00) failed to convert SSL certificate with SAF
Return Code=dstring, RACF Return Code=dstring, RACF Reason Code=dstring. |
Explanation: The initACEE callable security service failed to convert an SSL Client Certificate with the indicated decimal return and reason codes.
User Response: See return codes for initACEE (IRRSIA00) in the Security Server (RACF) Callable Services or equivalent reference for other security products. Security Server reference documentation for initACEE include: OS/390 Security Server (RACF) Security Administrator's Guide and OS/390 Security Server (RACF) Callable Services for initACEE service call return and reason codes. Ref: OS/390 V2R6.0 Security Server (RACF) Callable Services Document Number: GC28-1921-05
BBOS0057E | A DCE IOR component tag is too small to contain all its required
information. |
Explanation: WebSphere for z/OS was not able to interpret a DCE IOR component tag. Its size was too small to hold all the required fields that are defined for this tag.
User Response: This message indicates that a client process can not interpret a security component tag. This will cause the client to skip this security method and may cause the client to fail when connecting to the server.
BBOS0058E | There is no DCE principal name in a DCE IOR component
tag. |
Explanation: WebSphere for z/OS was not able to interpret a DCE IOR component tag because it did not contain a server's principal name.
User Response: This message indicates that a client process can not interpret a security component tag. This will cause the client to skip this security method and may cause the client to fail when connecting to the server.
BBOS0059E | The DCE principal name contained in a DCE IOR component tag has
a invalid length of dstring. |
Explanation: WebSphere for z/OS was not able to interpret a DCE IOR component tag because the length of the DCE server principal field was invalid.
User Response: This message indicates that a client process can not interpret a security component tag. This will cause the client to skip this security method and may cause the client to fail when connecting to the server.
BBOS0060E | A DCE IOR component tag does not contain a required field and
can not be interpreted. |
Explanation: WebSphere for z/OS was not able to interpret a DCE IOR component tag because it was not large enough to hold all its required fields.
User Response: This message indicates that a client process can not interpret a security component tag. This will cause the client to skip this security method and may cause the client to fail when connecting to the server.
BBOS0061E | An SSL IOR component tag is too small to contain all its required
information. |
Explanation: WebSphere for z/OS was not able to interpret an SSL IOR component tag. Its size was too small to hold all the required fields that are defined for this tag.
User Response: This message indicates that a client process can not interpret a security component tag. This will cause the client to skip this security method and may cause the client to fail when connecting to the server.
BBOS0062E | A Basic Authentication IOR component tag is too small to contain
all its required information. |
Explanation: WebSphere for z/OS was not able to interpret a basic authentication IOR component tag. Its size was too small to hold all the required fields that are defined for this tag.
User Response: This message indicates that a client process can not interpret a security component tag. This will cause the client to skip this security method and may cause the client to fail when connecting to the server.
BBOS0063E | A Basic Authentication IOR component tag has an invalid length
for its realm or principal field. |
Explanation: WebSphere for z/OS was not able to interpret a basic authentication IOR component tag because it was not large enough to hold all its required fields.
User Response: This message indicates that a client process can not interpret a security component tag. This will cause the client to skip this security method and may cause the client to fail when connecting to the server.
BBOS0064W | The RACF SOMDOBJS class has been found to be inactive during
security method Authorization check. Contact your system administrator. SAF Ret Code (hex) : hstring RACF Ret Code (hex) : hstring RACF Reason Code (hex) : hstring |
Explanation: WebSphere for z/OS was not able to complete a security methAuth check because the RACF SOMDOBJS class is inactive. Contact your system administrator or the IBM Support Center.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0065I | Authentication failed. |
Explanation: There was a failure to complete the authentication process. The client request will continue but will fail later with a no permission exception.
User Response: Examine the logs for the reason(s) that the authentication failed, and take the appropriate action. Try the operation again.
BBOS0066I | An SSL Kerberos GSS_API authentication request failed with a
string exception, and a minor code of hstring. |
Explanation: A WebSphere client was unable to complete an SSL Kerberos GSS_API authentication sequence with a server.
User Response: Take appropriate actions based on the exception reported in the message and try the operation again.
BBOS0067I | The length dstring of a Kerberos principal name returned
from a SAF R_kerbinfo call for the user string exceeds the maximum allowable length. |
Explanation: WebSphere for z/OS was not able to interpret the length of the principal name from the buffer that was returned from a R_kerbinfo call.
User Response: This message indicates that a client process can not interpret the results from a R_kerbinfo call. This will cause the client to skip the SSL Kerberos GSS_API method of authentication and may cause the client to fail when connecting to the server.
BBOS0068I | CB Series was unable to find the Kerberos principal associated
with the user string. |
Explanation: WebSphere for z/OS was not able to find the Kerberos principal name that was returned from a call to R_kerbinfo.
User Response: This message indicates that the process can not interpret the results from a R_kerbinfo call. This will cause the process to skip the SSL Kerberos GSS_API method of authentication.
BBOS0069I | SSL/Kerberos initialization failed for user string,
because RACF is not installed. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user profile because RACF is not installed.
User Response: RACF must be installed before WebSphere can use Kerberos security. Install RACF and define KERB segments for those users that will be using Kerberos security. The SAF and RACF codes are documented in the OS/390 Security Server Callable services book.
BBOS0070I | SSL/Kerberos initialization failed for user string,
because it has been revoked. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user profile because the user has been revoked.
User Response: Contact your security administrator and have the user reinstated. The SAF and RACF codes are documented in the OS/390 Security Server Callable services book.
BBOS0071I | SSL/Kerberos initialization failed for user string,
because it has been revoked by this call. API: string. SAF code = dstring , RACF ret code = dstring, RACF rsn code = dstring . |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user profile because the user has been revoked by the call.
User Response: Contact your security administrator and have the user reinstated. The SAF and RACF codes are documented in the OS/390 Security Server Callable services book.
BBOS0072I | SSL/Kerberos initialization failed for user string,
because of an internal error. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user.
User Response: This is a internal error. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0073I | SSL/Kerberos initialization failed for user string,
because of an internal error. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user.
User Response: This is a internal error. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0074I | SSL/Kerberos initialization failed for user string,
because of an internal SAF error. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user due to an internal SAF error.
User Response: This is a internal error. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0075I | SSL/Kerberos initialization failed for user string,
because of an internal SAF error. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user due to an internal SAF error.
User Response: This is a internal error. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0076I | SSL/Kerberos initialization failed for user string,
because the user does not have a KERB segment. API: string . SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user profile because the user is not defined to Kerberos.
User Response: The user must have a SAF KERB segment defined to use Kerberos security. Have your security administrator define the user to Kerberos. The SAF and RACF codes are documented in the OS/390 Security Server callable services book.
BBOS0077I | SSL/Kerberos initialization failed for user string,
because of an internal error. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user.
User Response: This is a internal error. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0078I | SSL/Kerberos initialization failed for user string,
because the user is not defined. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user profile because the user is not defined to SAF
User Response: The user must have a SAF KERB segment defined to use Kerberos security. Have your security administrator define the user to SAF then have him add a Kerberos segment to the user. The SAF and RACF codes are documented in the OS/390 Security Server callable services book.
BBOS0079I | SSL/Kerberos initialization failed for user string,
because of an internal SAF error. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user due to an internal SAF error.
User Response: This is a internal error. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0080I | SSL/Kerberos initialization failed for user string,
because of an internal SAF error. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During initialization, WebSphere was unable to extract the Kerberos information from the KERB segment of the user due to an internal SAF error.
User Response: This is a internal error. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0081I | SSL/Kerberos initialization failed because the Kerberos API
string failed with a status code of hstring - string. |
Explanation: During initialization, a call to the indicated Kerberos API failed with the stated status code.
User Response: Take appropriate actions based on the status reported in the message and try the operation again. The Kerberos status codes are documented in the OS/390 Network Authentication Administration book.
BBOS0082I | SSL/Kerberos initialization failed because the Kerberos GSS_API
string failed. major status: hstring - string minor code: hstring - string |
Explanation: During initialization, a call to the indicated Kerberos GSS_API failed with the stated status codes.
User Response: Take appropriate actions based on the status reported in the message and try the operation again. The Kerberos status codes are documented in the OS/390 Network Authentication Administration book.
BBOS0083I | SSL/Kerberos initialization failed because the API SETENV failed
with errno dstring. |
Explanation: During initialization, the server control region was not able to set the environment variable KRB5_SERVER_KEYTAB to "1". In order for a server to participate in Kerberos security this environment variable must be set. The server will continue with its initialization but Kerberos security will not be used.
User Response: Take appropriate actions based on the errno in the message and try the operation again.
BBOS0084I | SSL/Kerberos initialization failed because the server could not
find its associated Kerberos principal name. |
Explanation: During initialization, the server control region was not able to determine what its associated Kerberos principal name is. The server will continue with its initialization but Kerberos security will not be used.
User Response: Check the server's log for messages that may relate to the problem. Take appropriate actions based on the messages found and try the operation again.
BBOS0085I | SSL/Kerberos initialization failed because the server could not
find its associated Default Kerberos realm. |
Explanation: During initialization, the server control region was not able to determine what its associated Kerberos realm name is. The server will continue with its initialization but Kerberos security will not be used.
User Response: Check the server's log for messages that may relate to problem. Take appropriate actions based on the messages found and try the operation again.
BBOS0086I | SSL/Kerberos initialization failed because the Kerberos GSS_API
string failed. major status: hstring - string minor code: hstring - string |
Explanation: During initialization, a call to the indicated Kerberos GSS_API failed with the stated status codes. The server will continue with its initialization but Kerberos security will not be used.
User Response: Take appropriate actions based on the status reported in the message and try the operation again. The Kerberos status codes are documented in the OS/390 Network Authentication Administration book.
BBOS0087I | SSL/Kerberos server failed to authenticate this request because
the Kerberos GSS_API string failed. major status: hstring - string minor code: hstring - string |
Explanation: During the processing of a request the Kerberos GSS_API failed with the stated status codes. The server will not use Kerberos security for this request.
User Response: Take appropriate actions based on the status reported in the message and try the operation again. The Kerberos status codes are documented in the OS/390 Network Authentication Administration book.
BBOS0088I | The Kerberos principal name obtained from the authentication token
has an invalid length of dstring. |
Explanation: WebSphere for z/OS was not able to authenticate the client request because the length of the Kerberos principal name was larger than allowable.
User Response: This message indicates that a server process can not interpret a Kerberos principal that is associated with this request. Kerberos security will not be used for this request.
BBOS0089I | The Kerberos principal name obtained from the authentication token
can not be understood by the server. |
Explanation: WebSphere for z/OS was not able to authenticate the client request because the Kerberos principal name was not understood by the server.
User Response: This message indicates that a server process can not interpret a Kerberos principal that is associated with this request. Kerberos security will not be used for this request.
BBOS0090I | SSL/Kerberos authentication failed for the principal
string, because RACF is not installed. API: string . SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During Kerberos authentication, WebSphere was unable to obtain the SAF user associated with the Kerberos principal because RACF is not installed.
User Response: RACF must be installed before WebSphere can use Kerberos security. Install RACF and define KERB segments for those users that will be using Kerberos security. The SAF and RACF codes are documented in the OS/390 Security Server Callable services book.
BBOS0091I | SSL/Kerberos authentication failed for the principal
string, because of an invalid parameter. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During Kerberos authentication, WebSphere was unable to obtain the SAF user associated with the Kerberos principal because of an internal error.
User Response: Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0092I | SSL/Kerberos authentication failed for the principal
string, because there is no mapping between the Kerberos principal and a RACF userid. API: string. SAF code = dstring , RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During Kerberos authentication, WebSphere was unable to obtain the SAF user associated with the Kerberos principal because there is no mapping the Kerberos principal and a RACF userid.
User Response: Contact your security administrator and have the principal mapped to a RACF userid. The SAF and RACF codes are documented in the OS/390 Security Server Callable services book.
BBOS0093I | SSL/Kerberos authentication failed for the principal
string, because this server is not authorized to use the IRRSIM00 SAF service. API: string. SAF code = dstring , RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During Kerberos authentication, WebSphere was unable to obtain the SAF user associated with the Kerberos principal because this server is not authorized to use the IRRSIM00 service.
User Response: Based on the return codes take corrective action and retry the request. Reference the SAF and RACF codes documented in the OS/390 Security Server Callable services book.
BBOS0094I | SSL/Kerberos authentication failed for the principal
string, because this server could not map the princpal to a SAF user. API: string. SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: During Kerberos authentication, WebSphere was unable to obtain the SAF user associated with the Kerberos principal.
User Response: Contact your security administrator and have the server authorized to the IRR.RUSERMAP FACILITY class. The SAF and RACF codes are documented in the OS/390 Security Server Callable services book.
BBOS0095I | SSL/Kerberos the IOR tagged component for SSL Kerberos security
was skipped because of an invalid length for the server realm name. |
Explanation: During the processing of an IOR the length of the server's realm name in an SSL Kerberos GSS_API tag could not be determined. The process continues but this form of security will not be used.
User Response: This is an internal programming error. For further information on resolving this error, consult the IBM WebSphere Application Server for z/OS Support website at: http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html This site provides searchable databases of technotes, solutions, and e-fixes. Information on contacting the WebSphere Support team is also provided.
BBOS0096I | SSL/Kerberos the IOR tagged component for SSL Kerberos security
was skipped because of an invalid realm name. |
Explanation: During the processing of an IOR the the server's realm name in an SSL Kerberos GSS_API tag could not be determined. The process continues but this form of security will not be used.
User Response: This is an internal programming error. For further information on resolving this error, consult the IBM WebSphere Application Server for z/OS Support website at: http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html This site provides searchable databases of technotes, solutions, and e-fixes. Information on contacting the WebSphere Support team is also provided.
BBOS0097I | SSL/Kerberos the IOR tagged component for SSL Kerberos security
was skipped because of an invalid length for the server principal name. |
Explanation: During the processing of an IOR the length of the server's principal name in an SSL Kerberos GSS_API tag could not be determined. The process continues but this form of security will not be used.
User Response: This is an internal programming error. For further information on resolving this error, consult the IBM WebSphere Application Server for z/OS Support website at: http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html This site provides searchable databases of technotes, solutions, and e-fixes. Information on contacting the WebSphere Support team is also provided.
BBOS0098I | SSL/Kerberos the IOR tagged component for SSL Kerberos security
was skipped because of an invalid server principal name. |
Explanation: During the processing of an IOR the the server's principal name in an SSL Kerberos GSS_API tag could not be determined. The process continues but this form of security will not be used.
User Response: This is an internal programming error. For further information on resolving this error, consult the IBM WebSphere Application Server for z/OS Support website at: http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html This site provides searchable databases of technotes, solutions, and e-fixes. Information on contacting the WebSphere Support team is also provided.
BBOS0099I | Unable to load the Kerberos DLL EUVFKDLL. The Kerberos API
krb5_dll_load failed with errno dstring. |
Explanation: The WebSphere program was not able to load the Kerberos dynamic load library "EUVFKDLL". This DLL must be available on the system if Kerberos security is desired. The program will continue but Kerberos security will not be used.
User Response: The most likely reason for this is that Kerberos has not been installed on the system. If Kerberos security is desired, Kerberos must be installed and a Kerberos security server (SKRBKDC) must be active on the system. Ensure that Kerberos contains any service specified in the installation documentation for this level of WebSphere.
BBOS0100W | An SSL certificate failed an internal conversion. |
Explanation: An internal conversion routine failed to convert an SSL Client Certificate to be handled by RACF.
User Response: The most likely reason for this code is that the incoming SSL certificate is malformed. Check the SSL certificate from the client to make sure it is valid.
BBOS0101W | Invalid or missing REM_USERID or REM_PASSWORD in the environmental
file. If server allows it, client will run unauthenticated |
Explanation: Client security code is connecting to a server which prefers UserID/Password but there is no REM_USERID or REM_PASSWORD in the client's environmental file. If permited, client will run unauthenticated.
User Response: Check the environmental file for these variables
BBOS0102W | A verify for a MVS userid/password pair failed for userid
string SAF code = dstring, RACF ret code = dstring, RACF rsn code = dstring. |
Explanation: A customer Application needed to verify a MVS user password combination. Their call to SAF failed because the ID or password was invalid.
User Response: Find return code and reason codes defined in OS/390 V2R4 Security Server (RACF) Callable Services or later documentation.
BBOS0103E | MSG_BBOSENUS_SEC_EJBROLES_CHECK_FAILED: The requested
EJBROLESAUTHCHECK(RACROUTE) function User string not permitted to method string via Allowed roles (string.) |
Explanation: EJB container called isClientInRole. The ID on the current thread did not have read access to any of the EJB Roles listed.
User Response: If this ID should have access change the SAF permisions. Otherwise, this is a normal denial of service.
BBOS0104E | MSG_BBOSENUS_SEC_UNABLE_TO_PERFORM_EJBROLES_CHECK: SAF Ret
Code (hex) : hstring The requested FASTAUTHCHECK(RACROUTE) function could not be performed for Role Name string and Class Name string |
Explanation: SAF Return Code reported by Security Manager - The requested METHAUTHCHECK (RACROUTE) function could not be . performed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. This SAF Return Code can have several different associated RACF Return Codes that further define the problem.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0105E | MSG_BBOSENUS_SEC_REQUESTED_EJBROLES_CHECK_FUNCTION_FAILED:
SAF Return Code (hex) : hstring The requested FASTAUTHCHECK function failed and could not be performed for UserID string using Role Name string and Class Name string |
Explanation: SAF Return Code reported by Security Manager - the requested METHAUTHCHECK (RACROUTE) function failed. Use the SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. Some RACF Return Codes can have several different associated RACF Reason Codes that further define the problem. Use the SAF Return Code in conjunction with the reported RACF Return Code and RACF Reason Code to determine the cause of the problem.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0106E | MSG_BBOSENUS_SEC_EJBROLES_CHECK_RELEASE_PARAMETER_ERRO: SAF
Return Code (hex) : hstring FASTAUTHCHECK Release parameter error for Role Name string and Class Name string |
Explanation: SAF Return Code reported by Security Manager. This error indicates that the CHECK subparameter of the RELEASE keyword was specified on the execute form of the RACROUTE REQUEST=FASTAUTH macro, however, the list form of the macro does not have the same RELEASE parameter. Macro processing terminates.
User Response: Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0107E | Credential handling function string failed. |
Explanation: An attempt to get or set a user credential failed.
User Response: For further information on resolving this error, consult the IBM WebSphere Application Server for z/OS Support website at: http:www-3.ibm.com/software/webservers/appserv/zos_os390/support.html This site provides searchable databases of technotes, solutions, and e-fixes. Information on contacting the WebSphere Support team is also provided.
BBOS0108E | Credential handling function string failed in Routine
string with SAF Return Code (hex): hstring, RACF Return Code (hex): hstring, and RACF Reason Code (hex): hstring. |
Explanation: SAF Return Code reported by Security Manager - The requested function failed. Use the routine name and SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. Some RACF Return Codes can have several different associated RACF Reason Codes that further define the problem. Use the SAF Return Code in conjunction with the reported RACF Return Code and RACF Reason Code to determine the cause of the problem.
User Response: Correct any problems with the definitions of users or EJBROLE profiles. Ensure the EJBROLE class is active. Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0109E | Credential handling function string failed in Routine
string with returnCode (hex): hstring, SAF Return Code (hex): hstring, RACF Return Code (hex): hstring, and RACF Reason Code (hex): hstring. Check that class EJBROLE has defined a valid APPLDATA. |
Explanation: The requested function failed. Use the routine name and SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. Some RACF Return Codes can have several different associated RACF Reason Codes that further define the problem. Use the SAF Return Code in conjunction with the reported RACF Return Code and RACF Reason Code to determine the cause of the problem.
User Response: If the return code is 8 and all the other ones are 0's, ensure that the EJBROLE class has defined a valid APPLDATA. Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0110W | MSGINDEX_BBOUENUS_ROLE_IS_NOT_DEFINED_TO_CLASS_EJBROLE: SAF
Ret Code (hex) : hstring and returnCode: hstring indicate that Role Name string is not defined to Class Name string, which is active |
Explanation: SAF Return Code reported by Security Manager - the requested STATUS check on class EJBROLE returned true but it indicates that the role name provided is not defined to this class.
User Response: Make sure that the role name is RDEFINE to this class. Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0111E | UTOKEN handling function string failed in request
string with SAF Return Code (hex): hstring, RACF Return Code (hex): hstring, and RACF Reason Code (hex): hstring. |
Explanation: The SAF Return Code was reported by Security Manager - the requested RACROUTE request failed. Use the request name and SAF Return Code in conjunction with the reported RACF Return Code to determine the cause of the problem. Some RACF Return Codes can have several different associated RACF Reason Codes that further define the problem.
User Response: If a RACROUTE request regarding UTOKENs fails, there is probably a problem with the Security Manager. Contact your next level of support or the IBM Support Center. Reference the OS/390 V2Rx.0 Security Server RACROUTE Macro Reference Document Number: GC28-1922-0y
BBOS0112E | Credential handling function string failed in USS
callable service string with Return Value (hex): hstring, Return Code (hex): hstring, and Reason Code (hex): hstring. |
Explanation: USS Return Value reported by Security Manager - the requested function failed. Use the routine name and USS Return Value in conjunction with the reported USS Return Code to determine the cause of the problem. Some USS Return Codes can have several different associated USS Reason Codes that further define the problem. Use the USS Return Value in conjunction with the reported USS Return Code and USS Reason Code to determine the cause of the problem.
User Response: Find return value, return code, and reason codes defined in OS/390 USS Callable Services or later documentation.
BBOS0113W | MSGINDEX_BBOUENUS_CTXRDTA_RRS_GET_IDENTITY_ERROR: CTXRDTA
Return Code (hex) : hstring indicates that an error was encountered when attempting to obtain the current identity on the current RRS context. |
Explanation: CTXRDTA Return Code reported by Security Manager - the request to obtain the current identity on the RRS context encountered an error.
User Response: Reference the OS/390 V2R10 of OS/390 (5647-A01) or later MVS Programming: Resource Recovery Document Number: GC28-1739-08 or later
BBOS0114I | Principal or service name is too long for audit. |
Explanation: Either the service name or principal name for a user is too long for audit by the external security manager. The limit is 255 characters. Processing continues, but the principal name from the original registry is not included in audit records.
User Response: None.
BBOS0115I | WebSphere security has detected that the default RACF realm has
not been defined to RACF. |
Explanation: The server was not able to obtain the RACF default realm name. This definition is required for this version of z/OS WebSphere. The Daemon IP Name will be used instead.
User Response: In this case the profile for the default realm has been defined but the appldata has been omitted. Contact your system security administrator to define the default realm using the RACF command RALTER REALM SAFDFLT APPLDATA('racf.realm.name') .
BBOS0116I | WebSphere security has detected that the default RACF realm could
not be obtained from RACF. |
Explanation: The server was not able to obtain the RACF default realm name. This definition is required for this version of z/OS WebSphere. The Daemon IP Name will be used instead.
User Response: Contact your system security administrator to define the default realm using the RACF command RALTER REALM SAFDFLT APPLDATA('racf.realm.name') .
BBOS0117I | WebSphere security has detected that the default RACF realm could
not be obtained from RACF. A RACF call to obtain the system default realm failed with RETURN CODE=hstring, |
Explanation: The server was not able to obtain the RACF default realm name. This definition is required for this version of z/OS WebSphere. The Daemon IP Name will be used instead.
User Response: Examine the error codes that were returned and take the appropriate corrective actions. The server must be stopped and restarted to pick up any changes. The meanings for the return codes contained in the message can be found in the z/OS SecureWay Security Server RACF External Security Interface (RACROUTE) Macro Reference under the RACROUTE REQUEST=EXTRACT section.
BBOS0118E | A CSI GSSUP authentication request failed with a string
exception, and a minor code of hstring. |
Explanation: A WebSphere client was unable to complete a CSI GSSUP authentication sequence with a server.
User Response: Take appropriate actions based on the exception reported in the message and try the operation again.
BBOS0119E | A CSI GSSUP authentication request failed with a Context Error.
Major Status: dstring Minor Status: dstring Context Error: string |
Explanation: A WebSphere client was unable to complete a CSI GSSUP authentication sequence with a server. The server returned an error on the request.
User Response: Verify the userid and password configured on the client is valid at the target system.
BBOS0120I | CSIv2 z/OS GSSUP security has been configured but will not be
used because SSL services are not available. |
Explanation: The server was not able to support the configured security method because it required SSL services which were not available. The server continues to operate but CSIv2 z/OS GSSUP security will not be supported.
User Response: Examine the logs for the reason(s) that SSL was not available, and take the appropriate corrective actions. The server must be stopped and restarted to pick up any changes.
BBOS0121I | CSIv2 Kerberos GSSAPI security has been configured but will not
be used because SSL services are not available. |
Explanation: The server was not able to support the configured security method because it required SSL services which were not available. The server continues to operate but CSIv2 Kerberos GSSAPI security will not be supported.
User Response: Examine the logs for the reason(s) that SSL was not available, and take the appropriate corrective actions. The server must be stopped and restarted to pick up any changes.
BBOS0122I | CSIv2 z/OS GSSUP security has been configured but will not be
used because the default RACF realm could not be converted to UTF8. An iconv_open failed with errno dstring. |
Explanation: The server was not able to support the configured security method because it could not convert the RACF default realm name to its UTF8 representation. A call to iconv_open failed with the returned errno. The server continues to operate but CSIv2 z/OS GSSUP security will not be supported.
User Response: Examine the errno that was returned and take the appropriate corrective actions. The server must be stopped and restarted to pick up any changes.
BBOS0123I | CSIv2 z/OS GSSUP security has been configured but will not be
used because the default RACF realm could not be converted to UTF8. An iconv failed with errno dstring. |
Explanation: The server was not able to support the configured security method because it could not convert the RACF default realm name to its UTF8 representation. A call to iconv failed with the returned errno. The server continues to operate but CSIv2 z/OS GSSUP security will not be supported.
User Response: Examine the errno that was returned and take the appropriate corrective actions. The server must be stopped and restarted to pick up any changes.
BBOS0124I | CSIv2 Kerberos GSSAPI security has been configured but will not
be used because the default Kerberos realm exceeds its maximum length. The default realm is string, with a length of dstring . |
Explanation: The server was not able to support the configured security method because the default Kerberos realm name exceeds its maximum length. The server continues to operate but CSIv2 Kerberos security will not be supported.
User Response: Examine the realm name and length that were returned and take the appropriate corrective actions. The maximum length of the realm is 255. The server must be stopped and restarted to pick up any changes.
BBOS0125I | CSIv2 Kerberos GSSAPI security has been configured but will not
be used because the server's Kerberos principal name exceeds its maximum length. |
Explanation: The server was not able to support the configured security method because the server's Kerberos principal name exceeds its maximum length. The server continues to operate but CSIv2 Kerberos security will not be supported.
User Response: The maximum length of a server's Kerberos principal name is 1024. The server must be stopped and restarted to pick up any changes. MSGINDEX_BBOUENUS_CSIV2_KRBGSS_CONF_NO_REQ_KRB
BBOS0126I | CSIv2 Kerberos GSSAPI security has been configured but will not
be used because Kerberos services are not available. |
Explanation: The server was not able to support the configured security method because it required Kerberos services which were not available. The server continues to operate but CSIv2 Kerberos GSSAPI security will not be supported.
User Response: Examine the logs for the reason(s) that Kerberos was not available, and take the appropriate corrective actions. The server must be stopped and restarted to pick up any changes.
BBOS0127I | CSIv2 GSSUP security has been configured but will not be used
because the security realm name is not available. |
Explanation: The server was not able to support the configured security method because it requires the default RACF realm to be defined. The server continues to operate but CSIv2 GSSUP security will not be supported.
User Response: Examine the logs for the reason(s) that the default RACF realm could not be found, and take the appropriate corrective actions. The server must be stopped and restarted to pick up any changes.
BBOS0128W | Multiple SSL keyring names were specified. Keyring string was chosen |
Explanation: System SSL supports only a single keyring. Multiple keyring names were specified during configuration, specifically for com_ibm_HTTP_claimKeyringName and com_ibm_CSI_claimKeyringName and com_ibm_CSI_performKeyringName. The system has chosen the keyring named in the message and continues. Websphere tries to use them in the order listed above, looking for the first none-null value
User Response: Examine the SSL keyring names specified during configuration and make them all the same
BBOS0129E | SSL is required, but no keyring names have been specified |
Explanation: Websphere has determined that SSL is needed, but the keyring configuration variables are all null. The variables that are used are com_ibm_HTTP_claimKeyringName and com_ibm_CSI_claimKeyringName and com_ibm_CSI_performKeyringName. At least one of these must contain a valid keyring name.
User Response: set a keyring variable to a valid keyring name. MSGINDEX_BBOUENUS_RUNAS_ENABLE_TRUSTED_APPS_NOT_SET 7704A
BBOS0130E | Credential handling function string failed because
EnableTrustedApplications is set to false. |
Explanation: The requested function failed because global security is enabled and EnableTrustedApplications is set to false.
User Response: This message occurs if global security is enabled and the registry is LocalOS (SAF), and option EnableTrustedApplications is set to false. To correct this, disable security, reconfigure security with EnableTrustedApplications set to true, then enable security. EnableTrustedApplications is found in the admin. console under Global Security -> Custom Properties.
BBOS1001W | Current Java 2 Security policy reported a potential
violation of Java 2 Security Permission. Please refer to the Information Center for more information. |
Explanation: The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This may not be a problem if the caller properly handles this exception.
User Response: Verify the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions may be required, a doPrivileged API may be needed in some code on the call stack, or the Security Manager properly prevented access to a resource the caller does not have permission to access.
BBOS1002W | CAUGHT Java Security EXCEPTION in z/OS. A potential violation
of Java 2 Security Permission. Please refer to the Information Center for more information. |
Explanation: The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This may not be a problem if the caller properly handles this exception.
User Response: Verify the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions may be required, a doPrivileged API may be needed in some code on the call stack, or the Security Manager properly prevented access to a resource the caller does not have permission to access.