DSNL061I csect-name DDF AUTHENTICATION FAILURE FOR LUWID=luw-id REASON=reason-code THREAD-INFO=thread-information OCCURRED number TIME(S)
Explanation
A requesting conversation was terminated because of DDF authentication processing failure.
- csect-name
- The name of the control section that issued the message. The control section name might be followed by an internal ID.
- luw-id
- The logical unit of work ID of the requesting agent, if that information is available, or a description of the logical unit that made the request in one of the following formats:
.Connection type Format TCP/IP IP.port.00000000 SNA netid.luname.000000000000 - reason-code
- A numeric value that describes the nature of the DDF processing failure.
- thread-information
-
Information about the thread in a colon delimited list, depending on the reason-code value. An asterisk (*) in any segment indicates that the information is not available.
thread-information contains the following segments:
- The user ID that is associated with the thread.
- Security mechanism in use, if the EXTSEC subsystem parameter value is YES:
- USRIDPWD
- User ID and password
- USRIDONL
- User ID only
- USRIDNWPWD
- User ID, password, and new password
- USRENCPWD
- Unencrypted user ID and encrypted password
- EUSRIDPWD
- Encrypted user ID and encrypted password
- EUSRIDNWPWD
- Encrypted user ID, encrypted password, and encrypted new password
- KERSEC
- Kerberos security
- EUSRIDDTA
- Encrypted user ID and encrypted security-sensitive data
- EUSRPWDDTA
- Encrypted user ID, encrypted password, and encrypted security-sensitive data
- EUSRNPWDDTA
- Encrypted user ID, encrypted password, encrypted new password, and encrypted security-sensitive data
- EUSRIDONL
- Encrypted user ID only
- TLSCCASEC
- TLS client certificate authentication security
-
An alphanumeric string that identifies the product.
The product identifier (PRDID) value is an 8-byte character value in pppvvrrm format, where: ppp is a 3-letter product code; vv is the version;rr is the release; and m is the modification level.For Db2 13 for z/OS®, the modification level (0–9 or A–Z) indicates a specific function level. For example:- DSN13012 for V13R1M501.
- DSN13011 for V13R1M500.
- DSN13010 for V13R1M100.
For more information, see Product identifier (PRDID) values in Db2 for z/OS. - The client IP address of the end user.
- The gateway IP address of any intermediate server that routes requests and responses between the client and Db2 Server
- number
- The number of times that the authentication failure occurred since the last DSNL061I message was issued for the same user ID, IP address, product ID, and reason code.
System action
This message is issued at most one time per 5-minute interval for a specific user ID, IP address, product ID, and reason code.
Any related RACF ICH408I message is also suppressed during the same 5-minute interval. Db2 buffers RACF ICH messages to allow Db2 to suppress the ICH messages. Db2 issues the WTO for ICH messages when appropriate. In case of authentication failure, system terminates the thread then closes the connection. In other cases, processing continues but the system will eventually abend the database access agent, but the system will eventually abend the database access agent.
Operator response
Notify the system programmer for analysis.
System programmer response
If you suspect an error in Db2, you might need to report the problem. For information about identifying and reporting the problem, see Collecting diagnostic data for problems in Db2 for z/OS.
Problem determination
- Console output from the system on which the job was run, and a listing of the SYSLOG data set for the period of time that spans the failure.
- Dynamic dump, taken to SYS1.DUMPxx data set, by Db2 (04E and 04F abends).
- A listing of the SYS1.LOGREC data set, obtained by executing IFCEREP1.