Policy client retrieval problems
When acting as a policy client, Policy Agent retrieves policies for one or more policy types, on behalf of one or more stacks, from a policy server. The choice of local or remote policy retrieval can be made separately for each policy type, and for each configured stack. See z/OS Communications Server: IP Configuration Guide, Policy Agent and policy applications for more information about policy client retrieval of remote policies.
If the policy client does not successfully retrieve policies, run Policy Agent on the policy client and policy server with the -d 128 startup option, and check the log files for error conditions. Retrieval problems are indicated by message EZZ8438I. Check the log files for the specific error encountered.
Table 1 describes common policy client retrieval problems.
Problem | Cause/action | Symptom |
---|---|---|
Incorrect configuration on the policy client or policy server |
See z/OS Communications Server: IP Configuration Guide , Policy Agent and policy applications, and z/OS Communications Server: IP Configuration Reference, general configuration file statements topic for more information. |
Incorrect or no policies retrieved from the policy server. |
Incorrect regular expressions coded on the DynamicConfigPolicyLoad statement | The DynamicConfigPolicyLoad statements can
be configured with regular expressions to match against policy client
names. Regular expressions are very powerful, but also can be complex,
and might not produce results that are intuitive. For example, the
expression [a-z] matches any lower case alphabetic character, which
means that any string containing at least one such character will
match. As another example, the expression [^abc] means any character
except a, b, or c matches. So the only strings that won't match are
those containing ONLY the characters a, b, or c. See z/OS Communications Server: IP Configuration Guide , Policy Agent and policy applications, and z/OS Communications Server: IP Configuration Reference, DynamicConfigPolicyLoad statement for more information. |
Incorrect or no policies retrieved from the policy server. |
Policy client not authorized to access policies on the policy server | The policy server must be configured with
SERVAUTH profiles that allow the policy clients to access policies.
The format of the SERVAUTH profiles is: EZB.PAGENT.sysname.image.ptype where:
|
Incorrect or no policies retrieved from the policy server. |