Session activations can fail due to a variety of session-level
verification related reasons. For example, the two LUs may have incompatible
VERIFY parameters coded on their APPL statements, the LUs may have
different session keys defined in their LU-LU pair profiles, or a
session key might be changed in the middle of a session activation.
When a session activation fails due to a session-level
verification error, VTAM® deactivates
the session using a sense code of X'080F6051' on either an
UNBIND or a negative BIND response, as needed.
VTAM also creates
an SMF Type 80 record in the external security management product,
which causes the security product to issue messages to the network
security administrator. (For more information on the security product,
see the
Resource Access Control Facility (RACF®) Security Administrator's Quick Reference.) VTAM sets the following reason
codes in this log record:
- Hex Code
- Description
- 00
- Partner LU successfully verified.
- 01
- Partner LU not verified (but session activated).
- 02
- Session key expiration warning.
- 03
- The security manager locked the profile.
- 04
- The profile contains a session key that is not valid.
- 05
- Partner LU rejected the session due to a security related error.
- 06
- Local LU was defined with VERIFY=REQUIRED session-level LU-LU
verification, but no session key exists for the local LU; or no random
data field was in the BIND; or the partner LU is the PLU requesting
the session but is not using session-level LU-LU verification.
- 07
- Session-level LU-LU verification data for the session between
the local LU and the partner LU matched the data for an outstanding
session activation.
- 08
- Local LU was defined with optional verification, and a session
key was defined for the profile, indicating that session-level LU-LU
verification is necessary. Partner LU requested a session without
verification.
- 09
- Local LU was defined with optional verification, and no session
key was defined for the profile, indicating that session-level LU-LU
verification should not be used. Partner LU requested a session with
verification.
- 0A
- Protocol violation.
- 0B
- Profile was changed during session activation.
- 0C
- Session key for the profile expired.
- 0D
- Local LU was defined to use only the Level 2 protocol (SECLVL=LEVEL2
is specified on the APPL definition statement). Partner LU does not
support the Level 2 protocol.