IRRI030I

system-identifier

Explanation
RACF® remote
sharing requires its connections to be covered by an AT-TLS rule.
 It is AT-TLS that provides the authentication of RRSF nodes to one
another, and encryption of traffic across the network.  RRSF uses
the select() service (BPX1SEL) to force the underlying TLS handshake
to occur so that the AT-TLS policy for this connection can be verified.
 The select() service timed out.   
The value for direction
can be TO, when the message is issued by the system that initiated
the connection, or FROM, when the message is issued by the
system that received the connection request. 
When the value
of direction is TO, system-identifier is expressed as NODE node-name,
followed by SYSNAME system-name if the target is a multisystem
node.
When the value of direction is FROM, the communication
failed before RRSF identified the peer RRSF node and system name,
or even determine if the peer is a valid RRSF system.  Therefore, system-identifier is
expressed as PEER followed by an IP address and a port number,
separated by a colon.  If necessary, you can use the z/OS® UNIX host command
to map the IP address to a host name.  For example, if the peer information
displayed is 1.2.3.4:1026, issue the following command:$ host 1.2.3.4                                     
EZZ8321I zossys1.xyz.com 1.2.3.4

System action
The connection is rejected.  RRSF places the connection
into the OPERATIVE-PENDING-VERIFICATION state.

System programmer response
After the condition is fixed, try
the connection again with the TARGET OPERATIVE command for the failed
node and system.

Routing code
2 and 9

Descriptor code
4

RACF Security
Administrator Response
Look for AT-TLS trace records to
see if the problem is related to AT-TLS policy setup.  If so, fix
the issue.  If you are unable to determine the cause, contact IBM® service.

Explanation

System action

System programmer response

Routing code

Descriptor code

RACF Security Administrator Response