IBM Support

When using AT-TLS, why are we getting the error message EZD1287I with return code 5018 ?

Question & Answer


Question

We are getting the following error message:

EZD1287I TTLS Error RC: 5018 Policy Mapping
LOCAL: loc_ip..loc_port
REMOTE: rem_ip..rem_port
JOBNAME: TN3270 RULE: rule USERID: TN3270 GRPID: 00000001 ENVID: 00000000 CONNID: 000001EF

According to IBM's documentation: 5018 An internal error occurred processing a TTLSGroupAction. Save the syslogd output and contact IBM.

We are also seeing these messages:

EZD1290I TCPIP ICSF SERVICES ARE CURRENTLY UNAVAILABLE FOR AT-TLS GROUP group_name

EZD1288I TCPIP AT-TLS GROUP group_name INITIALIZATION FAILED - ICSF UNAVAILABLE FOR FIPS140 MODE GROUP

Answer

The key to understanding the code 5018 in message EZD1287I is the subsequent EZD1288I message you saw:

EZD1288I TCPIP AT-TLS GROUP group_name INITIALIZATION FAILED - ICSF UNAVAILABLE FOR FIPS140 MODE GROUP

As explained in the description of EZD1288I, this message indicates that ICSF was not active when TCPIP initialized the AT-TLS group group_name, which is configured with FIPS140 On. ICSF is required for FIPS140 support. The explanation of EZD1288I goes on to say that, because group_name is marked as failed, AT-TLS sets an error code of 5018 for any connection attempting to use that AT-TLS group.

If the AT-TLS group needs to be FIPS140 enabled, start ICSF before installing the AT-TLS policy. To attempt starting the AT-TLS group again after ICSF is active, refresh the AT-TLS policy.


[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Document Information

More support for:
z/OS Communications Server

Operating system(s):
z/OS

Document number:
6135861

Modified date:
12 August 2015

UID

dwa1207836

Page Feedback