Synchronization security configuration error AQT10503E

You specified a route hostname (namespace server) for a Data Gate instance, and receive an error message.

Symptoms

You tried to create a Data Gate instance. In the Host field of the Route section, you provided a route hostname that identifies the namespace server. After submitting the details of the instance, you receive the following error message:

Error [AQT10503E] Unable to configure security for synchronization. Verify that 
hostname dg2.apps.xyz.cp.abc.def.com of the data gate server route is valid.

Causes

The route hostname you provided cannot be resolved to an IP address.

Resolving the problem

Provide a mapping of the correct IP address to the route host name in one of the available configuration data sets or configuration files. In the following example, such a mapping has been added to the ETC.IPNODES data set on the z/OS side:

;  IBM z/OS Communications Server                                   
;  SMP/E distribution name  XYZINST(ABCDN1)                      
;                                                                   
;                                                                   
;  Entries in the hosts file have the following format              
;                                                                   
;  Address HostName                                                 
; add ip v6 addresses  - ky 7/16/12                                 
;                                                                   
9.30.79.25 perf11 perf11.apps.abcperf.cp.fyre.ibm.com

where:

9.30.79.25: Is the IP address.
perf11: Is a short name. A short name is optional, but has the advantage that it can be successfully pinged from within the network. Hence you need not specify the full route host name to check its availability.
perf11.apps.abcperf.cp.fyre.ibm.com: Is the route host name.

Assign RACF ACCESS(READ) on data set high-level-qualifier.ETC.IPNODES to the privileged user (for Data Gate administration and load tasks). When you rely on a DNS server instead of mappings in ETC.IPNODES, ETC.IPNODES might still be checked based on some resolver search order. Hence the privileged user still needs RACF ACCESS(READ) on ETC.IPNODES. You can check if message ICH408I exists in the SYSLOG.

If you do not want to use the ETC.IPNODES data set for some reason, you can easily create the mapping in one of the other configuration data sets or files. For more information, see Resolver configuration files.