Import requestor connection problems
The import requestor connects to a Policy Agent. The IBM® Configuration Assistant for z/OS® Communications Server can be an import requestor. See z/OS Communications Server: IP Configuration Guide for information about the import services.
If the import requestor does not connect successfully, run Policy Agent with the -d 128 startup option, and check the log files for error conditions. Connection problems are indicated by message EZD1578I in the log. Check the log files for the specific error encountered.
Table 1 describes common import requestor connection problems.
Problem | Cause/action | Symptom |
---|---|---|
Incorrect configuration on Policy Agent | You must configure the Policy Agent with the ServicesConnection statement
specifying the port and TCP/IP stack name to which the import requestor will connect. See z/OS Communications Server: IP Configuration Guide , import service, for details about setting up the correct configuration. |
Message EZD1578I, along with messages in the log files, indicating the particular connection problem details. |
Incorrect SSL configuration on the Policy Agent or import requestor |
See z/OS Communications Server: IP Configuration Guide , import service, for details about setting up the correct configuration. |
Message EZD1578I, along with messages in the log files, indicating the particular connection problem details. |
The Policy Agent did not issue message EZD1576I indicating it is ready for services connection requests. | If you are using secured connections for
import requestors, and have AT-TLS policies configured on a policy
server, the Policy Agent waits for the remote AT-TLS policies to be
retrieved and installed before installing the generated AT-TLS policy
for the port specified on the ServicesConnection statement. If the
policy server is down or cannot be contacted immediately, the generated
AT-TLS policy cannot be installed and the Policy Agent does not listen
for import requestor connections.
|
Message EZD1576I is not issued, and
import requestors cannot connect to the Policy Agent. Message EZD1578I, along with messages in the log files, indicating the particular connection problem details. |
The Policy Agent did not issue message EZD1576I indicating it is ready for services connection requests. | If you are using secured connections for
import requestors, and have local or remote AT-TLS policies configured
that contain errors, Policy Agent waits for the local or remote AT-TLS
policies to be installed.
|
Message EZZ8438I, indicating errors
in the local or remote AT-TLS policies for a TCP/IP image, where the
secured connections for import requestor is requested. Message EZD1578I, along with messages in the log files indicating the particular connection problem details. Message EZD1576I is not issued, and import requestors cannot connect to the Policy Agent. |
Import requestor does not successfully connect to the Policy Agent. | If you are using secured connections for
import requestors and the SAF keyring is correct but the connection
from the import requestor fails, (indicating key ring problems) check
the following:
|
Message EZD1576I is issued, but import requestors cannot connect to the Policy Agent. |
The Policy Agent is not listening on the port defined on the ServicesConnection statement. | If the ServicesConnection statement is configured,
the port specified on this statement may need to be reserved using
the PORT statement in the TCP/IP profile. See z/OS Communications Server: IP Configuration Guide for details on setting up the correct configuration. |
Message EZD1578I, along with messages in the log files, indicating the particular connection problem details. |
Import requestor not authorized to access Policy Agent system | The Policy Agent system must be configured
with one or more user IDs and credentials for the set of import requestors
that are authorized to connect. Rule: If you use a password for credentials, the password must match the
password configured on the import requestor. If you use the IBM Configuration Assistant for z/OS Communications Server as the
import requestor, the user ID and password are configured on the Import
Policy Data panel or request panels for discovery import (for example
Discover Stack Local Addresses panel).
See z/OS Communications Server: IP Configuration Guide for details on setting up the correct configuration. |
Message EZD1578I, along with messages in the log files, indicating the particular connection problem details. |