SE.W communication problems
- C2RELSI.userid.LST
- The official response file. This file usually contains the install password generated. The
password is normally just one line containing ten hexadecimal digits, as shown in the following
example:
8337F93AD5
- C2RELSI.userid.ERR
- The line mode output file, which usually contains only the userid and passwords prompts:
userid:password:
- C2RELSI.userid.LSI
- The input file with commands for the server. For a P command, the input file would
contain:
minigenerateinstallpassword(12.1.100) echo(!R:)
- C2RELSI.userid.LOG
- The software log file, which normally contains only the software level and open/close messages
as illustrated in the following example:
<20010427 08:11:27 utc> P399M1V0.0L309A5S0E10:Opened C2RELSI.MYUSER.LOG. Product: racfwin.product.server.app. Version: 1.4. Builddate: 2001/04/23/13:02. Local time: Fri Apr 27 08:11:27 2001. <20010427 08:11:28 utc> P399M1V0.0L164A2S0E20:Forced close of C2RELSI.MYUSER.LOG <20010427 08:11:28 utc> P399M1V0.0L461A5S0E15:Closed C2RELSI.MYUSER.LOG
- Failure to execute
-
If the REXX C2RELSI cannot find the program lsi, or the current user is not allowed to execute it, the message Failure to execute is displayed in the upper right corner of the screen. If you press PF1 (Help), the long message explaining the cause of the error is displayed as shown in the following example:
/u/C2RSERVE/c2rserve/bin/lsi -t C2RELSI.MYUSER.LOG A:10.0.1.20:8011 C2RELSI.MYUSER.LSI - errno=81 53B006C
The long message specifies an error number (errno) that provides information about the problem. The possible error messages and associated explanations are as follows:
- errno=81 594003D
- This error occurs when one of the directories in the path to the lsi executable is not found. The path is specified by the C2RWIN parameter in the zSecure configuration. To correct the problem, make sure that the path exists in the z/OS® UNIX System Services zFS file system and that the path was used in job C2RZWUNP.Note: The C2RWIN parameter is case-sensitive.
- errno=81 53B006C
-
This error occurs when the location of one the zSecure Visual programs is not found. To correct the problem, make sure that the path exists in the z/OS UNIX System Services zFS file system and that the path was used in job C2RZWUNP.
- errno=6F 5B400002
- This error occurs when the current user has no search access on a directory in the path to the
lsi executable. This problem also shows up in the SYSLOG as an access violation:
ICH408I USER(MYUSER ) GROUP(MYGROUP ) NAME(VISUAL RACF ADMIN ) /usr/lpp/c2r/V2R3M1/lsi CL(DIRSRCH ) FID(01E2D4E2F0F0F833F409000000000003) INSUFFICIENT AUTHORITY TO LOOKUP ACCESS INTENT(--X) ACCESS ALLOWED(OTHER ---)
To fix the problem, grant the user who is to run SE.W access to the directory where the zSecure Visual server code resides. In job C2RZWUNP, ownership of this directory was established as user C2RUSER and group C2RGROUP (which you might have customized). CONNECT the userid who is to run SE.W to the owning group. Note that SE.W is only required to configure the first workstation. This workstation can then be used to configure subsequent workstations.
- Cannot browse an empty file
-
This ISPF error message can hide the original error message reporting on a failure to execute lsi. This message might display if the zSecure Visual server is not running yet.
- an error has occurred
- If the password generation fails, this message is displayed in
the upper right corner of the screen and is accompanied by one of
the following more descriptive error messages.
- couldn't open session with bluebook adapter
- This descriptive message indicates that the server has not been
started, or it has been started but it is not yet ready to accept
a password generation request.
If the server has just been started, it is usually ready to generate a password after about 10 seconds on a lightly loaded 30 MIPS machine. If the same error message is displayed after a delay of a few minutes, the server might be unreachable or the IP number might be incorrect.
- logon failed
- This message is displayed when the server accepts the password
generation request but is still not ready to generate a password.
To resolve this problem, wait a few seconds (on a 30 MIPS machine)
after the failure message displays before attempting another password
generation request. When the server is ready to generate a password,
the following message displays in the server log:
If the server runs in trace mode, it is ready to generate a password when the following trace message is printed twice:E5:Dispatch: Started adapter 'RACF'
E0: IpcSetState:setting state ( 6 -> 1 )
- Must be numeric
- This message displays when the entered agent ID is not of the form 12.1.<NN>, where <NN> is a sequence of decimal digits. To fix this problem, enter an agent ID in the correct form (for example, 12.1.100).
- Userid and password messages
-
- Unknown userid <userid>.
- Userid <userid> is revoked.
- Invalid password.
- The password has expired.
- Resource C2R.SERVER.ADMIN in the <class> class is not covered by a RACF profile.
- If this error occurs, you can see the following message in the
JES SYSLOG:
ICH13003I C2R.SERVER.ADMIN NOT FOUND
- EDC5139I Operation not permitted. Reason code: 00d8.
- This message and reason code indicate that the
server userid has no READ access to the FACILITY resource BPX.SERVER.
If this error occurs, you can see the following message in the JES
SYSLOG:
ICH408I USER(C2RSERVE) BPX.SERVER CL(FACILITY) INSUFFICIENT ACCESS AUTHORITY ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
- EDC5139I Operation not permitted. Reason code: 02af.
- This message and reason code indicate that one of the modules that is run under control of the Visual Server cannot be loaded because it does not meet the Program Control requirements. See Installation requirements on how to set up Program Control for the Visual Server.
- C2RW018I The resource class for zSecure security checks cannot be determined
- The CKRSITE module does not contain a valid security class. Such a class is required to determine the access of users to various resources. For information about the CKRSITE module, see Site module.
- <userid> has no READ access to C2R.SERVER.ADMIN resource in the <class> class.
- This message indicates that the userid does not have at least
READ access to the C2R.SERVER.ADMIN resource. In the JES SYSLOG, you
can see the following message:
ICH408I USER(ABCDEFG) C2R.SERVER.ADMIN CL(FACILITY) INSUFFICIENT ACCESS AUTHORITY ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
- The environment does not satisfy the requirements for program control.
- A required module is not program controlled. All load modules (and program objects) that are loaded in the Visual Server address space must be program controlled. Also, the file system that contains the Visual Server software must be mounted with the SECURITY and SETUID attributes. You can identify the uncontrolled module from message CSV0421I in the MVS™ syslog. See Installation requirements and Owner and location preparation for the software. After establishing program control, you must restart the server.
- The agent has not been added with A or AP.
- This message indicates an attempt to generate a password for an unconfigured client. No password has been generated. Add the client as described in Configuring the Visual Client.