2063 (080F) (RC2063): MQRC_SECURITY_ERROR

Explanation

An MQCONN, MQCONNX, MQOPEN, MQSUB, MQPUT1, or MQCLOSE call was issued, but it failed because a security error occurred.
  • [z/OS]On z/OS®, there are two possible reasons for this:
    • An MQCONN or MQCONNX call was issued to connect to the queue manager using the BINDINGS transport from a JMS application running inside a WebSphere® Application Server, or WebSphere Liberty Profile environment, passing in a username or password, or both, that were longer than 8 characters.
    • The security error was returned by the External Security Manager.
  • If you are using Advanced Message Security (AMS), this might be a set up issue.

    [z/OS]An IBM® MQ API call was issued while AMS was enabled, but the call failed because a security error occurred during AMS processing.

    [z/OS]An MQOPEN call might fail if a valid certificate does not exist, for example.

    [z/OS]An MQGET call might fail due to certificates or policies being configured incorrectly, for example. For a failing MQGET call, messages might be delivered to the SYSTEM.PROTECTION.ERROR.QUEUE.

  • If you are using connection authentication with an LDAP server, this might be as a result of connectivity failure to the LDAP server, or an error from the LDAP server.
  • [MQ 9.4.0 Jun 2024]If the application supplied an authentication token on an MQCONNX call, there might be an error in the queue manager authentication token configuration.

Completion code

MQCC_FAILED

Programmer response

Note the error from the security manager, and contact your system programmer or security administrator.
  • If you are using Advanced Message Security, check the queue manager error logs.
  • [z/OS]On z/OS, ensure that the username specified has a maximum length of 8 characters, and the password specified has a maximum length of 100 characters.
    Ask your system programmer or security administrator to:
    • Check the queue manager and AMS job logs for additional messages
    • Verify that certificates are valid and have been correctly configured
    • Confirm that policies are valid and also correctly configured
    • Check for any messages on the SYSTEM.PROTECTION.ERROR.QUEUE.
  • [IBM i]On IBM i, the FFST log will contain the error information.
  • If you are using LDAP, use the DISPLAY QMSTATUS command to check the status of the connection to the LDAP server, and check the queue manager error logs for any error messages.
  • [MQ 9.4.0 Jun 2024]If the application supplied an authentication token on an MQCONNX call, ask your system programmer or security administrator to check the queue manager error logs for messages that provide additional information. Error messages that relate to authentication token problems might contain an error code that describes the cause of the error. For more information, see Token authentication error codes.