FTP client fails with "EZA2897I Authentication negotiation failed" when trying to negotiate a secure FTP session.
The FTP client is trying to establish a secure session with an FTP server. The connection ends with message
EZA2897I Authentication negotiation failed .
Enabling a client trace by issuing subcommand DEBUG SEC will show message
ftpAuth: no keyring
before the EZA2897I message. This indicates that the FTP client did not find a key ring file specified in its FTP.DATA file.
Diagnosing The Problem
The FTP client trace should be enabled with option SEC. This can be done by adding DEBUG SEC to the FTP.DATA file or as a command.
Resolving The Problem
The FTP client must be configured with a key ring file in FTP.DATA to negotiate a secure FTP session. See the IP Configuration Reference manual for information on the KEYRING statement. To add a key ring,
- Use message EZY2640I to determine the FTP.DATA file being used by the ftp client.
- Add the KEYRING statement to FTP.DATA. The KEYRING statement must specify a valid key ring database.
15 June 2018