Remote auditing response codes
Use the following table to understand the response codes generated from the remote auditing processing. The ResponseCode represents the greatest error encountered. You may experience situations in which a request item generates an error that is not reflected in the ResponseCode, because that value is overridden by a higher-severity error.
| ResponseCode (decimal) | Meaning |
|---|---|
| 0 | All request items were processed successfully. |
| 28 | Empty item list. No items are found within the ItemList sequence of the extended operation request, so no response items are returned. |
| 61-70 | The specified RequestVersion is not supported. Subtract 60 from the value to determine the highest RequestVersion that the server supports. ResponseCode 61 indicates the server supports version 1 requests only. |
| other | Errors or warnings encountered while processing one or more request items. The value represents the highest MajorCode in the set of all response items. Verify the major and minor codes returned for each item. |
| MajorCode (decimal) | Meaning | Comment |
|---|---|---|
| 0 | Success | The event is logged successfully. |
| 2 | Warning mode | The event is is logged, and warning mode is
set for the specified resource. Warning mode is a feature of RACF
that allows installations to try out security policies. Installations
can define a profile with the WARNING attribute. When RACF performs
an authorization check using the profile, it will log the event (if
there are audit settings) and allow the authorization check to pass
successfully. The log records can be monitored to ensure the new policy
is operating as expected before putting the policy into production
by turning off the WARNING attribute. A remote client resource manager using the remote audit service may simulate RACF warning mode logic after submitting an audit request for a failing authorization event. If the MajorCode in the response item indicates the matching resource profile has the warning mode set, the remote client resource manager may allow the check to pass successfully. |
| 3 | Logging not required | The event is not logged because no audit controls are set to require it. |
| 4 | Undetermined | The event is not logged. The conditions suggested
by the following MinorCode combinations may or may not be intentional
administrator settings:
|
| 8 | Unauthorized | The user does not have authority the R_auditx service. The userid associated with the LDAP server must have at least READ access to the FACILITY class profile IRR.RAUDITX. |
| 12 | R_auditx error | The R_auditx service returned an unexpected error. Compare the returned minor codes with the SAF & RACF codes documented in z/OS Security Server RACF Callable Services. |
| 16 | Request value error | A value specified in the extended operation request is incorrect or unsupported. Check the returned minor codes to narrow the reason. |
| 20 | Request encoding error | A decoding error was encountered indicating the extended operation request contains non-compliant DER encoding, or does not match the documented ASN.1 syntax. |
| 24 | Insufficient authority | The requestor does not have sufficient authority for the requested function. The userid associated with the LDAP bind user must have at least READ access to the FACILITY class profile IRR.LDAP.REMOTE.AUDIT. |
| 100 | Internal error | An internal error was encountered within the ICTX component. |
| MinorCode (decimal) | MinorCode Meaning |
|---|---|
| 0-12 | MinorCode1- the SAF return code MinorCode2 - the RACF return code MinorCode3 - the RACF reason code |
| 16-20 | MinorCode1 is the extended operation request
parameter number within the item.
|
MinorCode2 value indicates one of the following:
|
|
| MinorCode3 has no defined meaning. | |
| 24-100 | MinorCodes1-3 have no defined meaning. |