| 0 (0) | ICSF is not available.
One of the following situations is possible:
- ICSF is not started
- ICSF is started, but does not have access to any cryptographic
units.
- ICSF is started, but the DES-MK, AES-MK, or ECC-MK is
not defined.
- ICSF is started, but the requested function is not available.
For instance, an ECC operation was requested but the required hardware
is not installed.
User action: Check the availability
of ICSF with your ICSF administrator. |
| 4 (4) | The CKDS or PKDS management
service you called is not available because it has been disallowed
by the ICSF User Control Functions panel.
User
action: Contact the security administrator or system programmer
to determine why the CKDS or PKDS management services have been disallowed. |
| 8 (8) | The service or algorithm
is not available on current hardware. Your request cannot be processed.
User action: Correct the calling program or run
on applicable hardware. |
| C (12) | The service that you
called is unavailable because the installation exit for that service
had previously failed.
User action: Contact
your ICSF administrator or system programmer. |
| 10 (16) | A requested installation
service routine could not be found. Your request was not processed.
User action: Contact your ICSF administrator or
system programmer. |
| 1C (28) | Cryptographic asynchronous
processor failed.
User action: Contact your
IBM support center. |
| 20 (32) | Cryptographic asynchronous
instruction was not executed.
User action:
Ensure cryptographic services are enabled. |
| 28 (40) | The callable service
that you called is unsupported for AMODE(64) applications. Your request
cannot be processed. |
| 2C (44) | The callable service
that you called was linked with the AMODE(64) stub. The application
is not running AMODE(64). Your request cannot be processed.
User action: Link your application with the service
stub with the appropriate addressing mode. |
| 0C5 (197) | I/O error reading or writing to the DASD copy
of the CKDS or PKDS in use by ICSF.
User action:
Contact your ICSF security administrator or system programmer. The
RPL feedback code will be placed in the high-order halfword of the
reason code field. |
| 144 (324) | There was insufficient coprocessor memory available
to process your request. This could include the Flash EPROM used
to store keys, profiles and other application data.
User
action: Contact your system programmer or the IBM Support Center. |
| 2FC (764) | The master key is not in a valid state.
User action: Contact your ICSF administrator.
REASONCODES: ICSF 2B08 (11016) |
| 7D6 (2006) | TKE: PCB service error. |
| 7D7 (2007) | TKE: Change type in
PCB is not recognized. |
| 7DF (2015) | Domain in CPRB not
enabled by EMB mask. |
| 7E1 (2017) | MKVP mismatch on Set
MK. |
| 7E5 (2021) | PCI Cryptographic Coprocessor , PCI X Cryptographic Coprocessor, Crypto Express2 Coprocessor,
or Crypto Express3 Coprocessor adapter disabled. |
| 7E9 (2025) | Enforcement mask error. |
| 7F3 (2035) | Intrusion latch has
been tripped. Services disabled. |
| 7F5 (2037) | The domain specified
is not valid. |
| 7FB (2043) | OA certificate not
found. |
| 819 (2073) | The PCIXCC, CEX2C,
or CEX3C has been disabled on the Support Element. It must be
enabled on the Support Element prior to TKE accessing it.
User action: Permit the selected PCIXCC, CEX2C,
or CEX3C for TKE Commands on the Support Element and then re-open
the Host on TKE. |
| 835 (2101) | AES flags in the function
control vector are not valid. |
| BBD (3005) | The CKDS I/O subtask
timed out waiting for an exclusive ENQ on the SYSZCKDS.CKDSdsn resource.
A timeout will occur if one or more members of the ICSF sysplex group
has not relinquished its ENQ on the resource. The CKDS update operation
has failed.
User action: Issue D GRS,RES=(nnnnn),
where nnnnn is the CKDS resource name from message CSFM302A, to determine
which system or systems hold the resource. Determine if action should
be taken to cause the holding system to release its ENQ on the CKDS
resource. |
| BBE (3006) | Failure after exhausting
retry attempts. IXCMSGO issued from CSFMIOST.
User
action: Contact your system programmer or the IBM Support Center. |
| BBF (3007) | The CKDS service failed
due to unexpected termination of the ICSF Cross-System Services environment.
The termination of the ICSF Cross-System Services environment was
caused by a failure when ICSF issued the IXCMSGI macro. Message CSFM603
has been issued.
User action: Report the
occurrence of this error to your ICSF system programmer. |
| BC0 (3008) | The TKDS I/O subtask
timed out waiting for an exclusive ENQ on the SYSZTKDS.TKDSdsn resource.
A timeout will occur if one or more members of the ICSF sysplex group
has not reliquished its ENQ on the resource. The TKDS update operation
has failed. The operator should issue D GRS,RES=(nnnnn) (where nnnnn
is the TKDS resource name from message CSFM305A) to determine which
system or systems hold the resource. Then the operator should determine
if action should be taken to cause the holding system to release its
ENQ on the TKDS resource.
User action: Report
the occurrence of this error to your ICSF system programmer. |
| BC6 (3014) | There is an I/O error
reading or writing to the DASD copy of the TKDS in use by ICSF.
User action: Report the occurrence of this error
to your ICSF system programmer. |
| BC7 (3015) | A bad header record
is detected for the TKDS in CSFMTDSL.
User action:
Report the occurrence of this error to your ICSF system programmer. |
| BCF (3023) | The PKCS #11 TKDS
is not available for processing.
User action:
Report the occurrence of this error to your ICSF system programmer. |
| BE6 (3046) | An RSA retained key
can no longer be generated with its key-usage flag set to allow
key unwrapping (KM-ONLY or KEY-MGMT). Key usage must
be SIG-ONLY.
User action: None required. |
| BE8 (3048) | The services using
encrypted AES keys, encrypted DES, or encrypted ECC keys are
not available because the master key is required but not loaded or
there is no access to any cryptographic units. Your request cannot
be processed.
User action: Check the availability
of ICSF with your ICSF administrator |
| BF2 (3058) | A PKDS sysplex operation
has been waiting unsuccessfully to obtain an enqueue. A failure to
obtain either the SYSZPKDS or SYSZPKUP resource will result in the
timeout. |
| C00 (3072) | The serialization subtask terminated for an
unexpected reason prior to completing the request. No dynamic CKDS
or PKDS update services are possible at this point.
User
action: Contact your system programmer who can investigate the
problem and restart the I/O subtask by stopping and restarting ICSF. |
| C01 (3073) | An error occurred attempting to obtain the system
ENQ for a key data set update.
User action: If
the error is common and persistent, contact your system programmer
or the IBM Support Center. |
| C03 (3075) | A symmetric key token was supplied in a key
identifier parameter which is wrapped using the enhanced X9.24 key
wrapping method. The cryptographic coprocessors available to process
the request don't support the enhanced key wrapping.
User action: Contact system personnel to get coprocessors
installed on your system which will support the enhanced X9.24 key
wrapping. |
| C06 (3078) | The CKDS was created with an unsupported LRECL. |
| C09 (3081) | An attempt was made to load a PKDS that only
uses the ECC master key on a pre-HCR7780 release of ICSF. Pre-HCR7780
systems do not support the ECC master key and use of an ECC MK-only
PKDS is not allowed.
User Action: Change the
PKDS selected. Specify a PKDS that is empty, uses an RSA master key,
or uses both RSA and ECC master keys. |
| C0A (3082) | A callable service generated or updated a symmetric
key token and the X9.24 enhanced wrapping method was used to wrap
the key. This key token is not usable on your system and ICSF will
not allow the key to be generated. The key was wrapped with the enhanced
wrapping method because a CEX3C coprocessor has the default wrapping
configuration set to enhanced. This was most likely done by TKE changing
the configuration.
User Action: Have the ICSF
administrator set the default wrapping configuration to original for
the LPAR that this system is running in. |
| C17 (3095) | The sysplex KDS cluster members’ new AES
master key registers were loaded with different values during a coordinated
KDS change master key. All sysplex KDS cluster members’ (same
active KDS) new AES master key registers must be loaded with the same
value or all must be empty when performing a coordinated KDS change
master key.
User action: Ensure all sysplex
KDS cluster members’ new AES master key registers are loaded
with the same value or all are empty and retry the function. |
| C18 (3096) | One or more sysplex KDS cluster members’
new DES master key registers were loaded and others were empty during
a coordinated KDS change master key. All sysplex KDS cluster members’
(same active KDS) new DES master key registers must be loaded with
the same value or all must be empty when performing a coordinated
KDS change master key.
User action: Ensure
all sysplex KDS cluster members’ new DES master key registers
are loaded with the same value or all are empty and retry the function. |
| C19 (3097) | The sysplex KDS cluster members’ new DES
master key registers were loaded with different values during a coordinated
KDS change master key. All sysplex KDS cluster members’ (same
active KDS) new DES master key registers must be loaded with the same
value or all must be empty when performing a coordinated KDS change
master key.
User action: Ensure all sysplex
KDS cluster members’ new DES master key registers are loaded
with the same value or all are empty and retry the function. |
| C1A (3098) | A coordinated KDS change master key was attempted
with empty DES new master key registers and empty AES new master key
registers. At least one of the new master key registers must be loaded
with a value to perform a coordinated KDS change master key.
User action: Load at least one of the DES new master
key registers or AES new master key registers on all sysplex KDS cluster
members with the same value and retry the function. |
| C1B (3099) | An ICSF subtask terminated during coordinated
KDS refresh or coordinated KDS change master key processing.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the
error is common and persistent, contact your system programmer or
the IBM Support Center. |
| C1C (3100) | An error occurred attempting to obtain an ENQ
for performing either a coordinated KDS refresh or coordinated KDS
change master key.
User action: The function
can be retried. If the error is common and persistent, contact your
system programmer or the IBM Support Center. |
| C1D (3101) | A target system (member of the sysplex KDS cluster)
was unable to open the new KDS for either a coordinated KDS refresh
or coordinated KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the
error is common and persistent, contact your system programmer or
the IBM Support Center. |
| C1E (3102) | One or more sysplex KDS cluster members’
new AES master key registers were loaded and others were empty during
a coordinated KDS change master key. All sysplex KDS cluster members’
(same active KDS) new AES master key registers must be loaded with
the same value or all must be empty when performing a coordinated
KDS change master key.
User action: Ensure
all sysplex KDS cluster members new AES master key registers are loaded
with the same value or all are empty and retry the function. |
| C2B (3115) | Either a coordinated KDS refresh or coordinated
KDS change master key was cancelled.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the
error is common and persistent, contact your system programmer or
the IBM Support Center. |
| C2C (3116) | A catalog problem occurred during either a coordinated
KDS refresh or coordinated KDS change master key. The problem occurred
when looking up either the active KDS or new KDS in the catalog.
User action: Ensure both the active KDS and new
KDS are cataloged and retry the function. |
| C2D (3117) | A coordinated KDS refresh or coordinated KDS
change master key was attempted on a system with a level of hardware
that is not supported by the function. This reason code is also used
if the licensed internal code (LIC) level on the originating system
is lower then the licensed internal code (LIC) level on 1 or more
of the other sysplex KDS cluster members.
User
action: Refer to Coordinated KDS Administration (CSFCRC and CSFCRC6) for a list of supported
hardware levels. Perform the coordinated KDS function from the system
running the highest level of licensed internal code (LIC). |
| C2E (3118) | A coordinated KDS change master key was attempted
with the DES new master key register loaded but with no current DES
master key set. In order to perform a coordinated KDS change master
key to a new DES master key, a valid DES master key must have previously
been set.
User action: Set a valid DES master
key and then use the coordinated KDS change master key to change the
DES master key. |
| C2F (3119) | A coordinated KDS change master key was attempted
with the AES new master key register loaded but with no current AES
master key set. In order to perform a coordinated KDS change master
key to a new AES master key, a valid AES master key must have previously
been set.
User action: Set a valid AES master
key and then use the coordinated KDS change master key to change the
AES master key. |
| C32 (3122) | A sysplex communication failure occurred during
either coordinated KDS refresh or coordinated KDS change master key.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C33 (3123) | A failure occurred processing KDS updates during
a coordinated KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the
error is common and persistent, contact your system programmer or
the IBM Support Center. |
| C34 (3124) | An internal failure occurred in a coordinated
KDS subtask while performing either a coordinated KDS refresh or a
coordinated KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the
error is common and persistent, contact your system programmer or
the IBM Support Center. |
| C35 (3125) | An internal failure occurred in a coordinated
KDS subtask while performing either a coordinated KDS refresh or a
coordinated KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C36 (3126) | An internal failure occurred in the sysplex
subtask while performing either a coordinated KDS refresh or coordinated
KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C37 (3127) | An internal failure occurred in the serialization
subtask while performing either a coordinated KDS refresh or coordinated
KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C38 (3128) | An internal failure occurred in the I/O subtask
while performing a coordinated KDS change master key.
User
action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function may be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C3A (3130) | A target system (member of the sysplex KDS cluster)
is not being responsive to a system that is originating either a coordinated
KDS refresh or coordinated KDS change master key.
User
action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C3B (3131) | The active KDS could not be reenciphered to
the new KDS during a coordinated KDS change master key.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C3E (3134) | A failure occurred either renaming the active
KDS to the archive KDS or renaming the new KDS to the active KDS during
a coordinated KDS refresh or coordinated KDS change master key.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C40 (3136) | A coordinated KDS refresh or coordinated KDS
change master key was originated from a system at a lower ICSF FMID
release level than one or more of the target systems (sysplex KDS
cluster members). The coordinated KDS functions must be originated
from a system running the highest ICSF FMID level.
User
action: Retry the function from a sysplex KDS cluster member
running the highest ICSF FMID level. |
| C41 (3137) | An internal failure occurred during the set
master key step of a coordinated KDS change master key.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C42 (3138) | A failure occurred trying to back out from a
failed rename of the active KDS to the archive KDS or a failed rename
of the new KDS to the active KDS during a coordinated KDS refresh
or coordinated KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the
error is common and persistent, contact your system programmer or
the IBM Support Center. |
| C43 (3139) | A failure occurred switching the new KDS to
the active KDS during either a coordinated KDS refresh or a coordinated
KDS change master key.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| C44 (3140) | A coordinated KDS refresh or a coordinated KDS
change master key failed because one of the target systems (sysplex
KDS cluster members) had not finished ICSF initialization.
User action: Allow all sysplex KDS cluster members
to finish ICSF initialization and retry the function. |
| 1779 (6009) | One or more target systems (sysplex KDS cluster
members) did not successfully load the new KDS during a coordinated
KDS refresh or coordinated KDS change master key. This a common result
of an unresponsive target system.
User action: Refer
to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. If the error is common and persistent,
contact your system programmer or the IBM Support Center. |
| 1780 (6016) | A DASD IO error was encountered during access
of the CKDS, PKDS, or TKDS.
User action: Contact
your ICSF security administrator or system programmer. The SVC 99
error code will be placed in the high-order halfword of the reason
code field. |
| 178C (6028) | ESTAE could not be
established in common I/O routines.
User action:
Contact your system programmer or the IBM Support Center. |
| 1790 (6032) | The dynamic allocation
of the DASD copy of the CKDS, PKDS, or TKDS in use by ICSF failed.
User action: Contact your ICSF security administrator
or system programmer. The SVC 99 error code will be placed in the
high-order halfword of the reason code field. |
| 1794 (6036) | A dynamic deallocation
error occurred when closing and deallocating a CKDS, PKDS, or
TKDS.
User action: Contact your security
administrator or system programmer. The SVC 99 error code will be
placed in the high-order halfword of the reason code field. |
| 1795 (6037) | A failure occurred routing KDS updates to the
originating system of a coordinated KDS change master key.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| 1796 (6038) | The I/O subtask became out of sync with the
sysplex KDS cluster during a coordinated KDS change master key. The
I/O subtask will be restarted to get back in sync with the sysplex
KDS cluster.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| 1797 (6039) | ICSF was unable to attach a coordinated KDS
subtask for either a coordinated KDS refresh or coordinated KDS change
master key.
User action: Refer to the z/OS Cryptographic Services ICSF Administrator’s Guide for information on recovering from a coordinated
CKDS administration failure. The function can be retried. If the error
is common and persistent, contact your system programmer or the IBM
Support Center. |
| 2724 (10020) | A key retrieved from
the in-storage CKDS failed the MAC verification (MACVER) check and
is unusable.
User action: Contact your ICSF administrator. |
| 2728 (10024) | A key retrieved from
the in-storage CKDS or a key to be written to the PKDS was rejected
for use by the installation exit.
User action:
Contact your ICSF administrator or system programmer. |
| 272C (10028) | You cannot use the
secure key import or multiple secure key import callable
services because the cryptographic unit is not enabled for processing.
The cryptographic unit is not in special secure mode or is disabled
in the environment control mask (ECM).
User action:
Contact your ICSF administrator (your administrator can enable the
processing mode or the ECM). |
| 2734 (10036) | More than one key
with the same label was found in the CKDS or PKDS. This function requires
a unique key per label. The probable cause may be the use of an incorrect
label pointing to a key type that allows multiple keys per label.
User action: Make sure the application specifies
the correct label. If the label is correct, contact your ICSF security
administrator or system programmer to verify the contents of the CKDS
or PKDS. |
| 273C (10044) | OPEN of the PKDS in
use by ICSF failed.
User action: Contact
your ICSF security administrator or system programmer. |
| 2740 (10048) | I/O error reading
or writing to the DASD copy of the CKDS or PKDS in use by ICSF.
User action: Contact your ICSF security administrator
or system programmer. The RPL feedback code will be placed in the
high-order halfword of the reason code field.
REASONCODES:
TSS 0C5 (197) |
| 2744 (10052) | Automatic REFRESH
to free storage in the linear section of the CKT failed.
User action: Contact your ICSF security administrator
or system programmer and request that a REFRESH be done. |
| 274C (10060) | The I/O subtask terminated
for an unexpected reason prior to completing the request. No dynamic
CKDS or PKDS update services are possible at this point.
User action: Contact your system programmer who
can investigate the problem and restart the I/O subtask by stopping
and restarting ICSF. |
| 2B04 (11012) | This function is disabled
in the environment control mask (ECM).
User action:
Contact your ICSF administrator. |
| 2B08 (11016) | The master key is
not in a valid state.
User action: Contact
your ICSF administrator.
REASONCODES:
TSS 2FC (764) |
| 2B0C (11020) | The modulus of the
public or private key is larger than allowed and configured in the
CCC or FCV. You cannot use this key on this system.
User
action: Regenerate the key with a smaller modulus size. |
| 2B10 (11024) | The system administrator
has used the ICSF User Control Functions panel to disable the RSA functions.
User action: Wait until administrator functions
are complete and the RSA functions are again enabled. |
| 2B18 (11032) | A CAMQ is valid for
PKSC but not for PKA.
User action: Contact
your ICSF administrator. |
| 2B1C (11036) | A PKDS is not available
for processing.
User action: Contact your ICSF administrator. |
| 2B20 (11040) | The PKDS Control Record
hash pattern is not valid.
User action: Contact
your ICSF administrator. |
| 2B24 (11044) | The PKDS could not
be accessed.
User action: Contact your ICSF administrator. |
| 2B28 (11048) | The PCICC, PCIXCC,
CEX2C, or CEX3C failed.
User action:
Contact your IBM support center. |
| 2B2C (11052) | The specific PCICC,
PCIXCC, CEX2C, or CEX3C requested for service is temporarily
unavailable. PKDS could not be accessed. The specific PCICC, PCIXCC,
CEX2C, or CEX3C may be attempting some recovery action. If recovery
action is successful, the PCICC, PCIXCC, CEX2C, or CEX3C will
be made available. If the recovery action fails, the PCICC, PCIXCC,
CEX2C, or CEX3C will be made permanently unavailable.
User action: Retry the function. |
| 2B30 (11056) | The PCICC, PCIXCC,
CEX2C, or CEX3C failed. The response from the processor was incomplete.
User action: Contact your IBM support center. |
| 2B34 (11060) | The service could
not be performed because the required PCICC, PCIXCC, CEX2C, or
CEX3C was not active, or did not have a master key set.
User action: If the service required a specific PCICC,
PCIXCC, CEX2C, or CEX3C, verify that the value specified is correct.
Reissue the request when the required PCICC, PCIXCC, CEX2C, or
CEX3C is available, and has the master key set. |
| 2B38 (11064) | Service could not
be performed because of a hardware error on the PCICC, PCIXCC,
CEX2C, or CEX3C. |
| 2B40 (11072) | CEX2C has been reconfigured
to a CEX2A, or CEX3C has been reconfigured to a CEX3A. TKE will not
recognize the coprocessor until it is reconfigured back to a CEX2C
or CEX3C. |
| 2EDC (11996) | The Cryptographic
Coprocessor Feature is not available for CKDS initialization because
the cryptographic unit is not in special secure mode.
User
action: Contact your ICSF administrator. |
| 2EE0 (12000) | You cannot use the
Clear PIN generate callable service because the cryptographic unit
is not enabled for processing. The cryptographic unit is not in special
secure mode.
User action: Contact your ICSF administrator
who can enable the processing mode. |
| 8CA2 (36002) | CSFPCI was called to set the RSA master key
in a PCIXCC, CEX2C or CEX3C. This function is disabled because dynamic
RSA master key change is enabled and the RSA master key can only be
changed from the ICSF TSO Change asymmetric master key utility. |
| 8CB4 (36020) | A refresh of the CKDS
failed because the DASD copy of the CKDS is enciphered under the wrong
master key. This may have resulted from an automatic refresh during
processing of the CKDS key record create callable
service.
User action: Contact your ICSF administrator. |
| 8D14 (36116) | The PKDS specified
for refresh, reencipher or activate has an incorrect dataset attribute.
User action: Create a larger PKDS. See z/OS Cryptographic Services ICSF System Programmer’s Guide. |
| 8D3C (36156) | A PKCS #11 service is being requested. The service
is disabled due to an ICSF FIPS self test failure. The request is
not processed.
User action: Report the problem
to your IBM support center |
| 8D40 (36160) | The attempt to reencipher the CKDS failed because
there is an enhanced wrapped token in the CKDS.
User
Action: Reencipher the CKDS on a system that supports the enhanced
wrapping method. |
| 8D5A (36186) | A request was made to reencipher a CKDS. The
CKDS specified cannot be reenciphered on this release of ICSF because
the CKDS contains Variable-length Symmetric key tokens with an unrecognized
algorithm or key type in the associated data section. Only key tokens
with a recognized algorithm or key type can be managed on this release
of ICSF.
User action: Perform the reencipher
operation on a release of ICSF which recognizes the algorithm and
key type of all tokens in the specified CKDS. |
| 8D56 (36182) | A coprocessor failure was detected during initialization.
User action: The error is accompanied by the CSFM540I
message. Follow instructions associated with that message. |
z/OS Cryptographic Services ICSF Application Programmer's Guide
Copyright IBM Corporation 1990, 2014