Message Class 0008 - EntireX ACI - Security Error

The following messages are returned by EntireX Broker after a security violation is detected by EntireX Security or a user-defined security exit. This message class indicates that the security system rejected the intended action. The specific error is given as the message number in the last four bytes of the message code. The messages have the format:

0008nnnn

where 0008 is the message class, and
nnnn is the message number in the range 0000 - 9999.

This document covers the following topics:


EntireX Security Messages

Overview of Messages

00080001 | 00080002 | 00080003 | 00080004 | 00080005 | 00080006 | 00080007 | 00080008 | 00080009 | 00080010 | 00080011 | 00080012 | 00080013 | 00080024 | 00080043 | 00080044 | 00080045 | 00080048 | 00080049 | 00080254 | 00080255 | 00080350 | 00080351 | 00080352 | 00080353 | 00080400 | 00080401 | 00080402 | 00080404 | 00080405 | 00080406 | 00080407 | 00080408 | 00080409 | 00080604
00080001 Access denied ext. security not active
Explanation

Security system not active: no authorization could be determined. Access denied.

Action

Contact administrator of SAF security system.


00080002 Access denied user profile not defined
Explanation

User profile not defined to security system: access denied.


00080003 Access denied password not authorized
Explanation

User has supplied incorrect password: access denied.


00080004 Access denied password expired
Explanation

User's password has expired.

Action

Supply existing and new password. Successful access will result in password change.


00080005 Access denied, new password invalid
Explanation

User has supplied an invalid new password: access denied.

Action

Consult your site-specific rules governing passwords.


00080006 Access denied, rejected by inst. exit
Explanation

User access rejected by installation exit: access denied.

Action

Determine whether your site specifies security rules.


00080007 Access denied, user ID revoked
Explanation

User's access has been revoked - possibly because of too many unsuccessful attempts: access denied.

Action

Request user ID to be reset.


00080008 Access denied at this time date
Explanation

User is denied access at this time/date: access denied.

Action

Contact security administrator to ensure that correct privileges are defined.


00080009 Access denied resource not allowed
Explanation

User is not permitted access to this resource: access denied.

Action

Contact security administrator to ensure that correct privileges are defined.


00080010 Access denied resource not defined
Explanation

Resource not defined to security system: access denied.

Action

Contact security administrator to ensure that correct privileges are defined.


00080011 Access denied, IP address not allowed
Explanation

Users are not permitted to execute the application at the IP address where they is currently located. This applies only where IP address authorization is enabled.

Action

Contact security administrator to ensure that correct privileges are defined.


00080012 Access denied, IP address not defined
Explanation

The IP address where the user is currently located is not defined to the security system. This applies only where IP address authorization is enabled.

Action

Contact security administrator to ensure that correct privileges are defined.


00080013 Access Denied to application (APPL)
Explanation

The user is not authorized to use the application that was defined with security-specific broker attribute APPLICATION‑NAME. See APPLICATION-NAME under Security-specific Broker Attributes.

Action

Ask your security administrator for permission to access the broker.


00080024 ETBUPRE: Unresolved V-CON
Explanation

The security function in the Broker stub was unable to locate the SAFCFG module for processing security settings.

Action

Assemble and link the SAFCFG module as described in the z/OS installation documentation. See Installing EntireX Security for Applications using Broker Stubs.


00080043 Unable to initialize
Explanation

Internal error occurred.

Action

Contact Software AG Support.


00080044 Invalid ENCRYPTION-LEVEL value
Explanation

Application must supply values 0 | 1 | 2 in ACI field ENCRYPTION-LEVEL.

Action

Correct the application.

Note:
For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol. See SSL/TLS, HTTP(S), and Certificates with EntireX.


00080045 Invalid CREDENTIALS-TYPE value
Explanation

The application has supplied an incorrect value in ACI field CREDENTIALS-TYPE.

Action

Correct the application.


00080048 Access denied, invalid credentials
Explanation

User credentials are invalid.

Action

Correct the user credentials.


00080049 Invalid SECURITY-SYSTEM value
Explanation

The value of this parameter supplied in the Broker attribute file is incorrect. Valid values are OS (authentication is performed agains local operating system) and ldapUrl (authentication is performed against LDAP repository).

Action

Correct the attribute file parameter SECURITY-SYSTEM under Security-specific Broker Attributes. (This attribute was called AUTHENTICATION-TYPE in EntireX version 9.10 and below.)


00080254 Access denied SAF returns: :1:
Explanation

SAF returns RACROUTE error codes: SSSSSSSS.

Action

Determine cause of error using information listed below.


00080255 Access denied SAF interface error xx(yy)
Explanation

Security returns error code xx(yy).

Action

Contact Software AG Support


00080350 Bad user ID detected, access denied
Explanation

Either the user has not been defined, or the password does not match.

Action

Verify the specified user ID/password for the LOGON command


00080351 Access Denied RPC lib/pgm not converted
Explanation

Internal error occurred performing client RPC authorization.

Action

Contact Software AG Support.


00080352 Access Denied Reconnect requires UID/PWD
Explanation

Application has attempted to transfer control to a different thread, or process, without correctly transferring the necessary values of USER-ID, TOKEN and STOKEN.

Action

The application transferring control must make values of USER-ID, TOKEN and STOKEN available to the application which is delegated to continue thread of execution.


00080353 Access Denied Bad STOKEN: UID/PWD needed
Explanation

Application has not correctly maintained the value of security token (STOKEN) in the EntireX Broker control block structure.

Action

The application must maintain the value of STOKEN in order to securely communicate with Broker kernel without sending PASSWORD with each command.


00080400 Unable to load library exxauthr
Explanation

If EntireX Security is enabled and the default user exit library usrsec is used, the additional library exxauthr must also be enabled.

Action

Check your installation.


00080401 Service not defined, access denied
Explanation

The resource is not defined. Access to service is rejected.

Action

See information provided under Request Authorization under Configuration Options for Broker in the EntireX Security documentation for z/OS.


00080402 User not authorized for this service
Explanation

The user is not authorized to send a request to the specified service.

Action

Check the list of defined users for this service (mainframe: EntireX SAF-based Security; Linux/Windows: see Authorization Rules).


00080404 Broker Security Server not running
Explanation

The Broker Security Server for BS2000 is not started.

Action

Start the Broker Security Server.


00080405 Broker Security Server not ready
Explanation

EntireX Broker could connect to the EntireX BS2000 Security Server, but found the Server in status inactive.

Action

Verify whether the Security Server task started correctly.


00080406 Broker Security Server timeout
Explanation

The Broker Security Server did not respond.

Action

Verify whether the Security Server task started correctly. A Security Server trace may help to identify the problem.


00080407 Authentication failed
Explanation

Either the user ID is not defined or the password does not match.

Action

Supply a valid user ID and password. A Security Server trace may be turned on to identify the exact reason why the authentication failed.


00080408 Access denied, invalid credentials
Explanation

User credentials are invalid.

Action

Correct the user credentials.


00080409 Invalid AUTHENTICATION-TYPE value
Explanation

The value of this parameter supplied in the Broker attribute file is incorrect.

Action

Correct the attribute file parameter AUTHENTICATION-TYPE.


00080604 STUB: Snd length too long for encryption
Explanation

The Assembler-written stubs support encryption only where the send buffer is less than approximately 32 KB of data. If encryption is requested and the send length is greater than 32 KB, the command cannot be processed by the stub and a response is given.

Action

Do not specify encryption where the length of the send buffer is greater than 32 KB.

Note:
For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol. See SSL/TLS, HTTP(S), and Certificates with EntireX.


Security Return Code

ACI error code 00080254 returned to the application indicates an unexpected response from SAF. This information is also shown in the Broker kernel trace when the appropriate trace level settings are applied. This message will contain the following bytes. SSSSSSSS in the documentation.

The hexadecimal return/reason code structure contains the following information:

Position within Message Code Information Content
Byte: 1 SAF return code
Byte: 2 Not used
Byte: 3 Return code from security system, for example RACF
Byte: 4 Reason code from security system, for example RACF