The following messages are returned by EntireX Broker after a security violation is detected by EntireX Security; Lightweight USRSEC; or the sample - that is, user-defined - security module USRSEC. This message class indicates that the security system rejected the intended action. The specific error is given as the message number in the last four bytes of the message code. The messages have the format:
0008nnnn
| where | 0008 | is the message class, and |
| nnnn | are the message numbers grouped as follows: 0001-0999: EntireX Security 1000-1999: Lightweight USRSEC 2000-2999: Sample security module USRSEC |
This document covers the following topics:
00080001 | 00080002 | 00080003 | 00080004 | 00080005 | 00080006 | 00080007 | 00080008 | 00080009 | 00080010 | 00080011 | 00080012 | 00080013 | 00080024 | 00080043 | 00080044 | 00080045 | 00080048 | 00080049 | 00080254 | 00080255 | 00080350 | 00080351 | 00080352 | 00080353 | 00080400 | 00080401 | 00080402 | 00080404 | 00080405 | 00080406 | 00080407 | 00080408 | 00080409 | 00080604| 00080001 | Access denied ext. security not active |
| Explanation |
Security system not active: no authorization could be determined. Access denied. |
| Action |
Contact administrator of SAF security system. |
| 00080002 | Access denied user profile not defined |
| Explanation |
User profile not defined to security system: access denied. |
| 00080003 | Access denied password not authorized |
| Explanation |
User has supplied incorrect password: access denied. |
| 00080004 | Access denied password expired |
| Explanation |
User's password has expired. |
| Action |
Supply existing and new password. Successful access will result in password change. |
| 00080005 | Access denied, new password invalid |
| Explanation |
User has supplied an invalid new password: access denied. |
| Action |
Consult your site-specific rules governing passwords. |
| 00080006 | Access denied, rejected by inst. exit |
| Explanation |
User access rejected by installation exit: access denied. |
| Action |
Determine whether your site specifies security rules. |
| 00080007 | Access denied, user ID revoked |
| Explanation |
User's access has been revoked - possible because of too many unsuccessful attempts: access denied. |
| Action |
Request user ID to be reset. |
| 00080008 | Access denied at this time date |
| Explanation |
User is denied access at this time/date: access denied. |
| Action |
Contact security administrator to ensure that correct privileges are defined. |
| 00080009 | Access denied resource not allowed |
| Explanation |
User is not permitted access to this resource: access denied. |
| Action |
Contact security administrator to ensure that correct privileges are defined. |
| 00080010 | Access denied resource not defined |
| Explanation |
Resource not defined to security system: access denied. |
| Action |
Contact security administrator to ensure that correct privileges are defined. |
| 00080011 | Access denied, IP address not allowed |
| Explanation |
Users are not permitted to execute the application at the IP address where they is currently located. This applies only where IP address authorization is enabled. |
| Action |
Contact security administrator to ensure that correct privileges are defined. |
| 00080012 | Access denied, IP address not defined |
| Explanation |
The IP address where the user is currently located is not defined to the security system. This applies only where IP address authorization is enabled. |
| Action |
Contact security administrator to ensure that correct privileges are defined. |
| 00080013 | Access Denied to application (APPL) |
| Explanation |
The user is not authorized to use the application that was defined with security-specific broker attribute |
| Action |
Ask your security administrator for permission to access the broker. |
| 00080024 | ETBUPRE: Unresolved V-CON |
| Explanation |
The security function in the Broker stub was unable to locate the SAFCFG module for processing security settings. |
| Action |
Assemble and link the SAFCFG module as described in the z/OS installation documentation. See Installing EntireX Security for Applications using Broker Stubs. |
| 00080043 | Unable to initialize |
| Explanation |
Internal error occurred. |
| Action |
Contact Software AG support. |
| 00080044 | Invalid ENCRYPTION-LEVEL value |
| Explanation |
Application must supply values 0 | 1 | 2 in ACI field |
| Action |
Correct the application. |
| 00080045 | Invalid CREDENTIALS-TYPE value |
| Explanation |
The application has supplied an incorrect value in ACI field |
| Action |
Correct the application. |
| 00080048 | Access denied, invalid credentials |
| Explanation |
User credentials are invalid. |
| Action |
Correct user credentials. |
| 00080049 | Invalid AUTHENTICATION-TYPE value |
| Explanation |
The value of this parameter supplied in the Broker attribute file is incorrect. |
| Action |
Correct attribute file parameter |
| 00080254 | Access denied SAF returns: xxxxxxxx |
| Explanation |
SAF returns RACROUTE error codes: SSSSSSSS. |
| Action |
Determine cause of error using information listed below. |
| 00080255 | Access denied SAF interface error xx(yy) |
| Explanation |
Security returns error code xx(yy). |
| Action |
Inform Software AG support. |
| 00080350 | Bad user ID detected, access denied |
| Explanation |
Either the user has not been defined, or the password does not match. |
| Action |
Verify the specified user ID / password for the |
| 00080351 | Access Denied RPC lib/pgm not converted |
| Explanation |
Internal error occurred performing Client RPC Authorization. |
| Action |
Contact Software AG support. |
| 00080352 | Access Denied Reconnect requires UID/PWD |
| Explanation |
Application has attempted to transfer control to a different thread, or
process, without correctly transferring the necessary values of |
| Action |
The application transferring control must make values of |
| 00080353 | Access Denied Bad STOKEN: UID/PWD needed |
| Explanation |
Application has not correctly maintained the value of security token
( |
| Action |
The application must maintain the value of |
| 00080400 | Unable to load library exxauthr |
| Explanation |
If EntireX Security is enabled and the default user exit library |
| Action |
Check your installation. |
| 00080401 | Service not defined, access denied |
| Explanation |
Access denied by broker attribute setting |
| Action |
Check the broker attribute files and amend the entries for
|
| 00080402 | User not authorized for this service |
| Explanation |
The user is not authorized to send a request to the specified service. |
| Action |
Check the list of defined users for this service (mainframe: EntireX SAF-based Security; UNIX/Windows: System Management Hub Agent "Authorization Rules". |
| 00080404 | Broker Security Server not running |
| Explanation |
The Broker Security Server for BS2000/OSD is not started. |
| Action |
Start the Broker Security Server. |
| 00080405 | Broker Security Server not ready |
| Explanation |
EntireX Broker could connect to the EntireX BS2000/OSD Security Server, but found the Server in status inactive. |
| Action |
Verify whether the Security Server task started correctly. |
| 00080406 | Broker Security Server timeout |
| Explanation |
The Broker Security Server did not respond. |
| Action |
Verify whether the Security Server task started correctly. A Security Server trace may help to identify the problem. |
| 00080407 | Authentication failed |
| Explanation |
Either the user ID is not defined or the password does not match. |
| Action |
Supply a valid user ID and password. A Security Server trace may be turned on to identify the exact reason why the authentication failed. |
| 00080408 | Access denied, invalid credentials |
| Explanation |
User credentials are invalid. |
| Action |
Correct user credentials. |
| 00080409 | Invalid AUTHENTICATION-TYPE value |
| Explanation |
The value of this parameter supplied in the Broker attribute file is incorrect. |
| Action |
Correct attribute file parameter |
| 00080604 | STUB: Snd length too long for encryption |
| Explanation |
The Assembler-written stubs support encryption only where the send buffer is less than approximately 32 KB of data. If encryption is requested and the send length is greater than 32 KB, the command cannot be processed by the stub and a response is given. |
| Action |
Do not specify encryption where the length of the send buffer is greater than 32 KB. |
ACI error code 00080254 returned to the application indicates an unexpected response from SAF. This information is also shown in the Broker kernel trace when the appropriate trace level settings are applied. This message will contain the following bytes. SSSSSSSS in the documentation.
The hexadecimal return/reason code structure contains the following information:
| Position within message code | Information content |
|---|---|
| Byte: 1 | SAF return code |
| Byte: 2 | Not used |
| Byte: 3 | Return code from security system, for example RACF |
| Byte: 4 | Reason code from security system, for example RACF |
00082004 | 00082008 | 00082012 | 00082016 | 00082020 | 00082024 | 00082028 | 00082032 | 00082036 | 00082052 | 00082300 | 00082301 | 00082352 | 00082353 | 00082999| 00082004 | Invalid Userid/Password combination |
| Explanation |
Either the user has not been defined, or the password does not match. |
| Action |
Verify the specified user ID / password for the |
| 00082008 | Invalid Userid/Password combination |
| Explanation |
Either the user has not been defined, or the password does not match. |
| Action |
Verify the specified user ID / password for the |
| 00082012 | Password expired and no new password |
| Explanation |
User's password has expired. |
| Action |
Supply previous and new password. |
| 00082016 | Invalid new Password |
| Explanation |
User has supplied an invalid new password: access denied. |
| Action |
Consult your site-specific rules governing passwords. |
| 00082020 | Userid not defined to specified group |
| Explanation |
User is not permitted access to this resource: access denied. |
| Action |
Contact security administrator to ensure that correct privileges are defined. |
| 00082024 | Access failed by installation exit |
| Explanation |
User access rejected by installation exit: access denied. |
| Action |
Determine whether your site specifies security rules. |
| 00082028 | System access has been revoked |
| Explanation |
User's access has been revoked - possibly because of too many unsuccessful attempts. |
| Action |
Request user ID to be reset. |
| 00082032 | RACF is not active |
| Explanation |
Security system not active: no authorization could be determined. Access denied. |
| Action |
Contact administrator of SAF security system. |
| 00082036 | Default group access has been revoked |
| Explanation |
User's group access has been revoked. |
| Action |
Contact administrator of SAF security system. |
| 00082052 | Application access is not authorized |
| Explanation |
User does not have authorization to access this application. |
| Action |
Contact administrator of SAF security system. |
| 00082300 | Invalid interface version |
| Explanation |
An invalid version of the security interface was detected. |
| Action |
Contact Software AG support. |
| 00082301 | Invalid interface type |
| Explanation |
An invalid security interface type was detected. |
| Action |
Contact Software AG support. |
| 00082352 | Reconnection rejected |
| Explanation |
An invalid security token was detected during a reconnect attempt. |
| Action |
Reconnection is not possible for this session. Log off and log on again. |
| 00082353 | STOKEN mismatch, LOGOFF/LOGON needed |
| Explanation |
An invalid security token was detected. |
| Action |
Log off and log on again. |
| 00082999 | Work area too small |
| Explanation |
Unable to obtain required storage for security work area. |
| Action |
Check for system storage problems. |