This section lists error messages issued during security checking, along with possible causes and corrective actions to take in error situations.
Reason:
This message indicates that Security processing has terminated, and access to the resource has been denied.
Action:
None.
Reason:
This message indicates that Security processing has terminated and access to the resource has been denied.
Action:
None.
Reason:
The security look aside table is allocated, beginning at storage address, beginaddr and ending at storage address, endaddr. Processing continues.
Action:
None.
Reason:
The page count for the security lookaside table, specified in the C1DEFLTS, parameter LATSIZE, exceeds the maximum value allowed (524287). The security look aside table is disabled. Security processing continues without the look aside table.
Action:
Recode the LATSIZE parameter specifying a smaller value in the range 0-524287.
Reason:
The security look aside table (SLAT) is bypassed for one of the following reasons:
The length of the table is given, along with the C1DEFLTS table address (dfltaddr). Code identifies the flag within the C1DEFLTS table used by ESI to indicate the use of the look aside table. This message is only issued when ESI is in debugging mode and (ddname EN$DBESI) is allocated.
Action:
This is probably not an error. If you want to use the look aside table, do one of the following:
Reason:
The address of the name equates table does not point to a valid table. Either the address is zero or it does not point to a name equates table. The table name is the value found in the name equates table.
This is an internal error. ESI SMF exception records are not written.
Action:
None.
Reason:
The log option in the name equates table contained a value outside the allowable range. ESI security is bypassed and access is denied.
Action:
Make sure that a valid name equate table is available to CA Endevor SCM. Correct the log parameter and regenerate the name equates table. For more information about the name equates log option, see the SCL Reference Guide.
Reason:
ESI could not create an ESI SMF exception record. This is possibly due to a storage deficiency. Processing continues and one or more SMF records may be missing.
Action:
Increase the region size and retry the request.
Reason:
The CA Endevor SCM External Security Interface could not locate a control block necessary to determine the correct attributes of the trace DD EN$TRESI. This may occur when EN$TRESI is allocated to DUMMY or the DA(*) in TSO/E. ESI may not write records to the trace file when this message is issued.
Action:
Allocate the EN$TRESI DD to a data set or to SYSOUT file. The trace will proceed to be written correctly.
Reason:
An attempt to write an SMF exception record failed with return code rtcd. This message is displayed only when ESI is in warning mode. One or more SMF records are not written and processing continues.
Action:
Action depends upon meaning of return code rtcd.
Reason:
An error was detected in the format of the SMF exception record generated by ESI. This is an internal error. This message is only displayed when in debugging mode. The SMF record is not written and processing continues.
Action:
None.
Reason:
During initialization, security check processing detected that the security table name table-name is valid for ESI, but the ESI security interface was not specified in the C1DEFLTS table. (Native security is implied in this case.)
Action:
Enable ESI by specifying a correct password for ESSI=keyword of the C1DEFLTS TYPE=MAIN macro, or specify the name of a security table that is configured to be used with Native Security. Next, reassemble and relink the C1DEFLTS table and rerun CA Endevor SCM.
Reason:
The PGSER macro request returned a non-zero return code to protect the look aside table (LAT) storage. ndvrrtcd is the internal return code and pgrtcd is the PGSER return code. The security look aside table must be in protected storage. CA Endevor SCM disables the look aside table and processing continues.
Action:
The action depends on the meaning of the pgrtcd return code.
Reason:
An attempt to remove protection from the storage associated with the look aside table failed. rtcd is the internal CA Endevor SCM return code. pgrtcd is the return code from the PGSER protect request. The security look aside table is disabled. Security processing continues without the look aside table.
Action:
Action is dependent upon the meaning associated with pgrtcd.
Reason:
Unable to append the SMF record to the message.
Action:
Contact your administrator.
Reason:
This is the ESI trace message and the following fields are traced:
Action:
None.
Reason:
The name associated with the name equates table (BC1TNEQU) load module does not match the name specified in the C1DEFLTS table.
Action:
Check the name specified with the ACCSTBL parameter on the C1DEFLTS table to make sure it is correct. Check the name specified within the ESIDFLTS macro on the BC1TNEQU to make sure it is correct. Make sure the tables are loaded from the correct library.
Reason:
A conflict exists between the ACCSTBL and ESSI parameters within the C1DEFLTS table. The ESSI parameter is set to a value of Y and the ACCSTBL is blank or the ESSI parameter is set to a value of N and the ACCSTBL parameter is not blank.
Action:
Correct the conflict in the C1DEFLTS table.
Reason:
Some modules and table in the CA Endevor SCM runtime Environment must reside in APF authorized libraries. These include ENUXISTE and C1DEFLTS, and depending on the setting of the AUTHTBLS= operand in the C1DEFLTS TYPE=MAIN macro, may include exit tables security tables (for both Native Security and the External Security Interface). CA Endevor SCM verifies modules which must be loaded from authorized libraries and issues this message if they are not.
ENCS301C is issued if AUTHTBLS=ALLOW was coded in C1DEFLTS. ENCS301S is issued if AUTHTBLS=REQUIRED was coded, and will be followed by a S306 abend.
Action:
Check the allocations for the load libraries for STEPLIB, if one exists, or for the link list allocations defined at your site. The libraries in use must be named in the IEAAPFxx or PROGxx members of SYS1.PARMLIB in order to be authorized. If they are not, ask your Systems programmer to authorize them by adding them to the appropriate SYS1.PARMLIB member. Your System must be IPL’d for the new APF authorizations to take effect.
Reason:
This load module was not found in any of the libraries specified in the STEPLIB, LINKLST, or LPA.
Action:
Make sure that the load library containing this module is included in the concatenation. CA Endevor SCM modules are generally located in iprfx.iqual.CSIQAUTH or iprfx.iqual.CSIQLOAD. User-defined tables are generally located in iprfx.iqual.CSIQAUTU.
Reason:
This load module was not found. If a ddname appears in the message, then the load module was not found in the any of the libraries associated with that ddname. If STEPLIB/LNKLIST appears in the message, it implies that the load module was not found in any of the libraries specified in the STEPLIB, LINKLST, or LPA.
Action:
Make sure that the load library containing this module is included in the concatenation. CA Endevor SCM modules are generally located in iprfx.iqual.CSIQAUTH or iprfx.iqual.CSIQLOAD. User-defined tables are generally located in iprfx.iqual.CSIQAUTU.
Reason:
A look aside table entry was found for the entity name called name. This message is only produced when in debugging mode. Processing continues.
Action:
None.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|