Status codes
This chapter lists the status codes for z/OS Network Authentication Service. The status codes are listed in numerical order.
- Major status values
- Kerberos administration database (numbers 01B79C00 - 01B79CFF)
- 01B79C01
Principal or policy already exists. - 01B79C02
Principal or policy does not exist. - 01B79C03
Database is not initialized. - 01B79C04
Policy name is not valid. - 01B79C05
Principal name is not valid. - 01B79C06
Database inconsistency detected. - 01B79C07
XDR encoding error. - 01B79C08
Database operation failed. - 01B79C09
Database lock mode is not valid. - 01B79C0A
Unable to lock database. - 01B79C0B
Database is not locked. - 01B79C0C
Administration database lock file is missing. - 01B79C0D
Insufficient permission to lock file. - GSS-API Kerberos mechanism codes (numbers 025EA100 - 025EA1FF)
- 025EA100
Principal is not found in credentials cache. - 025EA101
Principal is not found in key table. - 025EA102
Ticket-granting ticket is not found in credentials cache. - 025EA104
Context already established. - 025EA105
Signature algorithm is not supported. - 025EA106
Length value is not correct. - 025EA107
Context is not established. - 025EA108
Context identifier is not valid. - 025EA109
Credential identifier is not valid. - 025EA10B
Token sequence number is not valid. - 025EA140
Token pad characters are not valid. - 025EA141
Data privacy service is not available. - 025EA142
Seal algorithm is not supported. - 025EA143
Token length is not correct. - 025EA144
Encryption type is not supported. - 025EA145
No key is available to accept a security context. - 025EA146
Bindings in token do not match supplied bindings. - 025EA147
Checksum in token is not valid. - 025EA148
Context is not in the correct state. - 025EA149
Locking error is detected. - 025EA14A
No mechanism credentials available. - 025EA14B
No internal name provided for requested mechanism. - GSS-API LIPKEY/SPKM mechanism codes (numbers 025EA160-025EA18F)
- 025EA160
Certificate management services are not available. - 025EA161
Unable to decode X.509 certificate. - 025EA162
Unable to decode X.509 certificate revocation list. - 025EA163
Unable to convert a distinguished name to an X.509 name. - 025EA164
Unable to convert an X.509 name to a distinguished name. - 025EA165
Unable to decode X.509 name. - 025EA166
Unable to encode X.509 object. - 025EA167
Unable to obtain certificate. - 025EA168
Certificate is not found. - 025EA169
Certificate is not usable. - 025EA16A
More than one matching certificate. - 025EA16B
Certificate database is not open. - 025EA16C
Target name is not valid. - 025EA16D
Certificate is not valid. - 025EA16E
Certificate is not trusted. - 025EA16F
Unexpected certificate management error. - 025EA170
Incomplete certification chain. - 025EA171
Unable to generate Diffie-Hellman key pair. - 025EA172
Unable to generate Diffie-Hellman secret. - 025EA173
Diffie-Hellman parameters are not valid. - 025EA174
Unable to sign token data. - 025EA175
Unable to verify token data signature. - 025EA176
Token signature is not correct. - 025EA177
Protocol version is not supported. - 025EA178
Protocol error is detected. - 025EA179
Target name is incorrect. - 025EA17A
Bindings in token do not match supplied bindings. - 025EA17B
Algorithm is not supported. - 025EA17C
Diffie-Hellman modulus is too small. - 025EA17D
Unable to decode private key. - 025EA17E
Password prompt canceled by user. - 025EA17F
User authentication rejected by target. - Kerberos administration codes (numbers 029C2500 - 029C25FF)
- 029C2500
Operation failed. - 029C2501
Operation requires ’get’ privilege. - 029C2502
Operation requires ’add’ privilege. - 029C2503
Operation requires ’modify’ privilege. - 029C2504
Operation requires ’delete’ privilege. - 029C2505
Insufficient authorization for operation. - 029C2506
Database inconsistency detected. - 029C2507
Principal or policy already exists. - 029C2508
Communication failure with administration server. - 029C2509
No administration server available. - 029C250A
Key version mismatch for password history principal. - 029C250B
Administration server connection is not initialized. - 029C250C
Principal does not exist. - 029C250D
Policy does not exist. - 029C250E
Field mask is not valid for operation. - 029C250F
Character class count is not valid. - 029C2510
Password length is not valid. - 029C2511
Policy name is not valid. - 029C2512
Principal name is not valid. - 029C2513
Auxillary attributes are not valid. - 029C2514
Password history count is not valid. - 029C2515
Minimum password lifetime is not valid. - 029C2516
Password is too short. - 029C2517
Password does not contain enough character classes. - 029C2518
Password is in the password dictionary. - 029C2519
Password cannot be reused. - 029C251A
Password minimum lifetime has not expired. - 029C251B
Policy is in use. - 029C251C
Connection to server is already initialized. - 029C251D
Password is not correct. - 029C251E
Protected principal cannot be modified. - 029C251F
Administration server handle is not valid. - 029C2520
Structure version is not valid. - 029C2521
Old structure version is not supported. - 029C2522
New structure version is not supported. - 029C2523
API version is not valid. - 029C2524
Old API version is not supprted by the administration library. - 029C2525
Old API version is not supprted by the administration server. - 029C2526
New API version is not supprted by the administration library. - 029C2527
New API version is not supported by the administration server. - 029C2528
Required administration principal is not found. - 029C2529
Principal cannot be renamed. - 029C252A
Administration client configuration parameters are not valid. - 029C252B
Administration server configuration parameters are not valid. - 029C252C
Operation requires ’list’ privilege. - 029C252D
Operation requires ’change-password’ privilege. - 029C252E
GSS-API error. - 029C252F
Tagged data list type is not valid. - 029C2530
Required configuration parameter is missing. - 029C2531
Administration server host name is not valid. - 029C2532
Operation requires 'set-key' privilege. - 029C2533
Duplicate encryption types specified. - 029C2535
Encryption type mismatch. - 029C25F0
Too many matching database records. - 029C25F1
Database record is too big. - 029C25F2
Password change rejected. - 029C25F3
Unsupported encryption type. - 029C25F4
Unsupported salt type. - 029C25F5
Function not supported. - 029C25F6
Function disabled. - 029C25F7
Target is not a Kerberos object. - ASN.1 operations codes (numbers 6EDA3600 - 6EDA36FF)
- 6EDA3600
ASN.1 is unable to obtain the system time. - 6EDA3601
An ASN.1 structure is missing a required field. - 6EDA3602
ASN.1 encounters an unexpected field number. - 6EDA3603
ASN.1 type number is not correct. - 6EDA3604
ASN.1 value is too large. - 6EDA3605
ASN.1 endecoding operation fails at end of data. - 6EDA3606
ASN.1 identifier does not match expected value. - 6EDA3607
ASN.1 length is not correct. - 6EDA3608
ASN.1 encoded byte stream is not valid. - 6EDA3609
ASN.1 is unable to parse the request. - 6EDA360A
ASN.1 object identifier element count is not valid. - 6EDA360B
First object identifier element value is not valid. - 6EDA360C
Second object identifier element value is not valid. - GSS-API codes (numbers 861B6D00 - 861B6DFF)
- 861B6D00
Service name is not valid. - 861B6D01
UID string is not valid. - 861B6D02
UID does not resolve to a user. - 861B6D03
Control block validation fails. - 861B6D04
Unable to allocate memory. - 861B6D05
Message context is not valid. - 861B6D06
Buffer length is not correct. - 861B6D07
Credential usage type is not valid. - 861B6D08
Quality of protection is not valid. - 861B6D0A
Security mechanism is not correct. - 861B6D0B
Token header is not correct. - 861B6D0C
Packet replayed in the wrong direction. - 861B6D51
Message is not within the current window. - 861B6D52
Message is after the next message in the sequence. - 861B6D53
Message has already been received. - 861B6D54
Message is before the next message in the sequence. - 861B6D55
Token signature is not correct. - 861B6D56
Credential already contains a mechanism element. - 861B6D57
Context is expired. - 861B6D58
Token type is not correct. - 861B6D59
Credential is expired. - 861B6D5A
Required parameter is missing. - 861B6D5B
Name is not a valid GSS-API name. - 861B6D5C
No name is specified. - 861B6D5D
No mechanism is specified. - 861B6D5E
Name type is not valid. - 861B6D5F
Name is not valid. - 861B6D60
Security mechanism is not valid. - 861B6D61
Status type is not valid. - 861B6D62
Status value is not valid. - 861B6D63
Object identifier encoding is not valid. - Kerberos database (numbers 95E73A00 - 95E73AFF)
- 95E73A01
Entry already exists in database. - 95E73A02
Unable to store entry in database. - 95E73A03
Unable to read entry from database. - 95E73A04
Not authorized to perform requested operation. - 95E73A05
Entry not found in database. - 95E73A06
Incorrect use of wildcard character. - 95E73A07
Database is in use by another process. - 95E73A08
Database modified during read operation. - 95E73A09
Database record incomplete or corrupted. - 95E73A0A
Recursive database lock request. - 95E73A0B
Database is not locked. - 95E73A0C
Incorrect database lock mode. - 95E73A0D
Database is not initialized. - 95E73A0E
Database is already initialized. - 95E73A0F
Incorrect direction for key conversion. - 95E73A10
No master key for database. - 95E73A11
Incorrect master key for database. - 95E73A12
Key size is not valid. - 95E73A13
Unable to read stored master key. - 95E73A14
Stored master key is corrupted. - 95E73A15
Unable to lock database. - 95E73A16
Database corrupted. - 95E73A17
Unsupported database version. - 95E73A18
Unsupported salt type. - 95E73A19
Unsupported encryption type. - 95E73A1A
Incorrect database creation flags. - 95E73AF0
Database record is too big. - 95E73AF1
Too many matching database records. - 95E73AF2
Duplicate database entry. - 95E73AF3
Database entry is still referenced. - 95E73AF4
Database function is not supported. - 95E73AF5
Unknown security server. - Kerberos runtime codes (numbers 96C73A00 - 96C73CFF)
- 96C73A01
Client entry in security registry has expired. - 96C73A02
Server entry in security registry has expired. - 96C73A03
Requested protocol version is not supported. - 96C73A04
Client key is encrypted using an old master key. - 96C73A05
Server key is encrypted using an old master key. - 96C73A06
Client principal is not found in security registry. - 96C73A07
Server principal is not found in security registry. - 96C73A08
Server principal is not unique. - 96C73A09
Key in security registry is not valid. - 96C73A0A
Ticket is ineligible for postdating. - 96C73A0B
Effective ticket lifetime is too short. - 96C73A0C
Ticket request violates account administrative policy. - 96C73A0D
Ticket cannot be granted with requested properties. - 96C73A0E
Encryption type is not supported. - 96C73A0F
Checksum type is not supported. - 96C73A10
Preauthentication type is not supported. - 96C73A11
Transited ticket not supported. - 96C73A12
Client account is revoked. - 96C73A13
Server account is revoked. - 96C73A14
Ticket-granting ticket is expired. - 96C73A15
Client account is not yet valid. - 96C73A16
Server account is not yet valid. - 96C73A17
Password is expired. - 96C73A18
Preauthentication failed. - 96C73A19
Preauthentication required. - 96C73A1A
Ticket is not for the requested server. - 96C73A1B
Server requires ticket encrypted with session key. - 96C73A1C
Transited path rejected. - 96C73A1D
Service is not available. - 96C73A1F
Integrity check fails. - 96C73A20
Ticket is expired. - 96C73A21
Ticket is not yet valid. - 96C73A22
Replay attempt detected. - 96C73A23
Server name is not correct. - 96C73A24
Client name is not correct. - 96C73A25
Time differential exceeds maximum clock skew. - 96C73A26
Network address is not correct. - 96C73A27
Message protocol version is not correct. - 96C73A28
Message type is not correct. - 96C73A29
Message stream is modified. - 96C73A2A
Security message received in incorrect order. - 96C73A2B
Illegal cross-realm ticket. - 96C73A2C
Service key version is not correct. - 96C73A2D
Service key is not available. - 96C73A2E
Mutual authentication fails. - 96C73A2F
Message direction is incorrect. - 96C73A30
Alternative authentication method required. - 96C73A31
Message sequence number is incorrect. - 96C73A32
Checksum type is not appropriate. - 96C73A33
Transited path rejected. - 96C73A34
Response too large for datagram. - 96C73A3C
Generic error occurs. - 96C73A3D
Message field is too long. - 96C73A3E
Client certificate is not acceptable. - 96C73A3F
KDC certificate is not acceptable. - 96C73A40
Client certificate signature not valid. - 96C73A41
Client Diffie-Hellman key parameters not accepted. - 96C73A46
Client certificate could not be verified. - 96C73A47
Client certificate chain validation error occurred. - 96C73A48
Client certificate chain contains a revoked certificate. - 96C73A49
Revocation status for the client certificate chain could not be determined. - 96C73A4B
Kerberos client name does not match name bound to the client certificate. - 96C73A4C
Kerberos KDC name does not match name bound to the KDC certificate. - 96C73A4D
Key purpose restricts client certificate usage. - 96C73A4E
Client certificate signature digest algorithm is not supported. - 96C73A4F
PKAuthenticator is missing the required paChecksum. - 96C73A50
The signedData digest algorithm is not supported. - 96C73A51
The Public Key encryption delivery method is not supported. - 96C73A81
Lock request is not valid. - 96C73A82
Unable to read password. - 96C73A83
Password does not match expected value. - 96C73A84
Password read is interrupted. - 96C73A85
Illegal character in component name. - 96C73A86
Principal name is not valid. - 96C73A87
Unable to open Kerberos configuration file. - 96C73A88
Kerberos configuration file format is not valid. - 96C73A89
Buffer is too small. - 96C73A8A
Message type is not valid. - 96C73A8B
Credentials cache name is not valid. - 96C73A8C
Credentials cache type is not valid. - 96C73A8D
Matching credential is not found. - 96C73A8E
End of credentials cache is reached. - 96C73A8F
Required ticket is not supplied. - 96C73A90
Application server principal is not correct. - 96C73A91
Application ticket is not valid. - 96C73A92
Principals do not match. - 96C73A93
Security server reply is modified. - 96C73A94
Clock skew in reply exceeds maximum value. - 96C73A95
Realm mismatch in initial ticket request. - 96C73A96
Encryption type is not valid. - 96C73A97
Key type is not valid. - 96C73A98
Encryption type is not correct. - 96C73A99
Checksum type is not valid. - 96C73A9A
Unable to locate security server. - 96C73A9B
Kerberos service is not defined. - 96C73A9C
Unable to contact security server. - 96C73A9D
No local name found for principal. - 96C73A9E
Mutual authentication fails. - 96C73A9F
Replay cache type is already registered. - 96C73AA0
Replay cache operation is unable to allocate memory. - 96C73AA1
Replay cache type is not valid. - 96C73AA2
Replay cache operation detects an unexpected error. - 96C73AA3
Message is a replay. - 96C73AA4
Replay cache operation fails. - 96C73AA7
Replay cache file is truncated. - 96C73AA8
Replay cache file operation is unable to allocate memory. - 96C73AA9
Replay cache operation is unable to access file. - 96C73AAA
Replay cache file system request fails. - 96C73AAB
Replay cache operation fails. - 96C73AAC
Replay cache operation fails due to insufficient space. - 96C73AB2
Cryptographic system detects an unexpected error. - 96C73AB3
Key table name is not valid. - 96C73AB4
Key table type is not valid. - 96C73AB5
Key table entry is not found. - 96C73AB6
End of key table is reached. - 96C73AB7
Key table does not support write operations. - 96C73AB8
Key table operation fails due to file system error. - 96C73AB9
No ticket is found for ticket-granting service. - 96C73ABA
Key parity is not correct. - 96C73ABB
Key does not provide adequate security. - 96C73ABC
Encryption or checksum type is not supported. - 96C73ABD
Key size is not valid. - 96C73ABE
Encrypted message is too small. - 96C73ABF
Credentials cache type is already registered. - 96C73AC0
Key table type is already registered. - 96C73AC1
Credentials cache file operation fails. - 96C73AC2
Credentials cache file cannot be accessed. - 96C73AC3
Credentials cache file does not exist. - 96C73AC4
Credentials cache operation detects an unexpected error. - 96C73AC5
Credentials cache write operation fails. - 96C73AC6
Credentials cache operation is unable to allocate memory. - 96C73AC7
Credentials cache format is not valid. - 96C73AC8
Credentials request specifies incorrect options. - 96C73AC9
Credentials request does not contain second ticket. - 96C73ACA
No credentials are available. - 96C73ACB
Incorrect authentication protocol version. - 96C73ACC
Incorrect application version identifier. - 96C73ACD
Unrecognized response received from remote application - 96C73ACE
Authentication rejected by application server. - 96C73ACF
Preauthentication type is not valid. - 96C73AD0
No preauthentication key is provided. - 96C73AD1
Preauthentication fails. - 96C73AD2
Replay cache version number is not valid. - 96C73AD3
Credentials cache version number is not valid. - 96C73AD4
Key table version number is not valid. - 96C73AD5
Address type is not valid. - 96C73AD6
Replay detection requires a replay cache. - 96C73AD7
Host name is not defined. - 96C73AD8
Host realm is not defined. - 96C73AD9
Name cannot be converted to service principal. - 96C73ADA
Initial ticket response generated by Kerberos Version 4. - 96C73ADB
Security server is not defined for requested realm. - 96C73ADC
Ticket-granting ticket does not allow ticket forwarding. - 96C73ADD
Principal name is not correct for forwarding credentials. - 96C73ADE
Request loop is detected while obtaining initial ticket. - 96C73ADF
No default realm is specified in the configuration file. - 96C73AE1
Key table name is too long. - 96C73C00
Unable to load code page table. - 96C73C01
Unable to convert text string. - 96C73C02
Unable to allocate memory. - 96C73C03
Unable to obtain the current time. - 96C73C04
Key table file specification is not valid. - 96C73C05
Key table operation encounters unexpected error. - 96C73C06
Unable to create socket. - 96C73C07
Unable to obtain local address information. - 96C73C08
Control block validation fails. - 96C73C09
Invalid parameter specified on function call. - 96C73C0A
Unsupported Kerberos function requested. - 96C73C0B
Replay cache file does not exist. - 96C73C0C
Not authorized to access credentials cache. - 96C73C0D
Not authorized to access replay cache. - 96C73C0E
Not authorized to access key table. - 96C73C0F
Data privacy service is not available. - 96C73C10
Unable to retrieve message msg-identifier from the message catalog. - 96C73C11
Unable to contact server. - 96C73C12
Key version value is not supported by the key table format. - 96C73C13
Unable to send data to remote application. - 96C73C14
Unable to receive data from remote application. - 96C73C15
Connection closed by remote application. - 96C73C16
Password is too long. - 96C73C17
Response too large. - 96C73C1B
PKINIT context is not initialized. - 96C73C1C
Unable to open key ring, key token, or key database. - 96C73C1D
Error reading certificate record. - 96C73C1E
Key ring, key token, or key database configuration error. - 96C73C1F
No certificate records found. - 96C73C20
The default certificate does not have an associated private key. - 96C73C21
The default certificate is self signed. - 96C73C22
The default certificate is not an RSA key certificate. - 96C73C23
The default certificate is expired. - 96C73C24
Issuer certificate is not a CA. - 96C73C25
No signing certificates found. - 96C73C26
No root CA certificates found. - 96C73C27
Error copying a certificate or private key. - 96C73C28
Error determining if a certificate is a CA certificate. - 96C73C29
Diffie-Hellman minimum bits configuration error. - 96C73C2A
Revocation checking configuration error. - 96C73C2B
LDAP server configuration error. - 96C73C2C
Missing LDAP server configuration. - 96C73C2D
RSA protocol configuration error. - Profile operations codes (numbers AACA6000 - AACA60FF)
- AACA6002
Profile section is not found. - AACA6003
Profile relation is not found. - AACA6004
Profile node is not a section node. - AACA6005
Profile section node has a value. - AACA6009
Profile section does not have a parent. - AACA600A
Profile section is not correct. - AACA600B
Profile relation is not correct. - AACA600C
Extra closing brace is specified. - AACA600D
Opening brace is missing. - AACA6013
Profile name set is not correct. - AACA6014
No profile is available.
Parent topic: Reference