Analysis
Use the following checklist to determine whether AES encryption
or decryption failures are occurring, based on the SNMP function that
you use. For failures other than ICSF not being active, contact the IBM® Software Support Center with
the documentation.
- Is ICSF active? For the SNMP agent, the z/OS® UNIX snmp command, and the SNMP manager API, check
the syslog trace output or traces for the following entries to see
whether ICSF is active. If the return code is 12 and the reason code
is 0, ICSF was not active when you attempted to encrypt or decrypt
by using the function.
- Encrypting AESCFB128 completed return=12 reason=0
- Decrypting AESCFB128 completed return=12 reason=0
- SNMP agent. AES encryption or decryption errors in the SNMP agent
result in one of the following situations:
- Timeout messages are issued by the manager because the agent did not respond to a request.
- The manager does not receive notifications.
- Encrypting AESCFB128 completed return=nn reason=nn
- Decrypting AESCFB128 completed return=nn reason=nn
- z/OS snmp command.
- AES encryption errors result in the command issuing the following
message:
EZZ3301I Error return from SnmpSendMsg() - AES decryption errors result in a timeout message.
- Encrypting AESCFB128 completed return=nn reason=nn
- Decrypting AESCFB128 completed return=nn reason=nn
- AES encryption errors result in the command issuing the following
message:
- SNMP manager API.
- AES encryption errors result in the snmpSendRequest failing with a return code of SNMP_MGR_RC_ENCODE_ERROR (-13).
- AES decryption errors result in the snmpSendRequest failing with a return code of SNMP_MGR_RC_USM_DECRYPTION_ERROR (-68).
- Encrypting AESCFB128 completed return=nn reason=nn
- Decrypting AESCFB128 completed return=nn reason=nn