EZD1914I

Explanation
 An IKE version 2.0 Security Association (SA) activation
attempt failed because  the remote security endpoint sent a signing
certificate that contained encoding that is not allowed by locally
defined IPSec policy.  The signing certificate appears in the first
certificate payload. 
 In the message text:  remote_ip
The remote security endpoint IP specification.
remote_port
The port of the remote security endpoint.
encoding
The encoding of the received signing certificate payload.

System action
 The IKE SA negotiation fails; IKE daemon processing
continues.

Operator response
 None.

System programmer response
 Notify the administrator of the remote
security endpoint that it must not send certificate payloads that
contain the disallowed encoding.  Alternatively, the  administrator
of the z/OS® security endpoint
can change local IPSec policy to allow such certificate payload encodings.

 See the information about Policy Agent
and policy applications in z/OS Communications Server: IP Configuration
Reference for information about the  CertificateURLLookupPreference
keyword of the KeyExchangePolicy or  KeyExchangeAction statement.

User response
 Not applicable.

Problem determination
 None.

Source
 z/OS Communications
Server TCP/IP: IKE daemon

Module
 IKEv2AuthRequest.cpp, IKEv2AuthResponse.cpp

Routing code
 11

Descriptor code
 7

Automation
 This message is output to syslog.

Example
  EZD1914I Remote security endpoint at 1.2.3.4 port 500 sent a signing certificate with encoding 12 
         that is not allowed