2063 (080F) (RC2063): MQRC_SECURITY_ERROR

Explanation

An MQCONN, MQCONNX, MQOPEN, MQSUB, MQPUT1, or MQCLOSE call was issued, but it failed because a security error occurred.
  • [z/OS]On z/OS®, there are two possible reasons for this:
    • An MQCONN or MQCONNX call was issued to connect to the queue manager using the BINDINGS transport from a JMS application running inside a WebSphere® Application Server, or WebSphere Liberty Profile environment, passing in a username or password, or both, that were longer than 8 characters.
    • The security error was returned by the External Security Manager.
  • If you are using Advanced Message Security (AMS), this could be a set up issue.

    [z/OS][V9.1.3 Jul 2019]An MQ API call was issued while AMS was enabled, but the call failed because a security error occurred during AMS processing.

    [z/OS][V9.1.3 Jul 2019]An MQOPEN call might fail if a valid certificate does not exist, for example.

    [z/OS][V9.1.3 Jul 2019]An MQGET call might fail due to certificates or policies being configured incorrectly, for example. For a failing MQGET call, messages might be delivered to the SYSTEM.PROTECTION.ERROR.QUEUE.

  • If you are using connection authentication with an LDAP server, this could be as a result of connectivity failure to the LDAP server, or an error from the LDAP server.

Completion code

MQCC_FAILED

Programmer response

Note the error from the security manager, and contact your system programmer or security administrator.
  • If you are using Advanced Message Security, you should check the queue manager error logs.
  • [z/OS]On z/OS, ensure that both the username and password specified, when connecting to the queue manager, have a maximum length of 8 characters.
    [V9.1.3 Jul 2019]Ask your system programmer or security administrator to:
    • Check the queue manager and AMS job logs for additional messages
    • Verify that certificates are valid and have been correctly configured
    • Confirm that policies are valid and also correctly configured
    • Check for any messages on the SYSTEM.PROTECTION.ERROR.QUEUE.
  • [IBM i]On IBM® i, the FFST log will contain the error information.
  • If you are using LDAP, use DISPLAY QMSTATUS to check the status of the connection to the LDAP server, and check the queue manager error logs for any error messages.