Version 7.0: Error Message Reference

Version 7.0: Error Message Reference
IBM Security Access Manager for Web
Version 7.0
Error Message Reference
GI11-8157-02
IBM Security Access Manager for Web
Version 7.0
Error Message Reference
GI11-8157-02
Note
Before using this information and the product it supports, read the information in “Notices” on page 299.
Edition notice
Note: This edition applies to version 7, release 0, modification 0 of IBM Security Access Manager (product
number 5724-C87) and to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 2001, 2012.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Figures . . . . . . . . . . . . . . . v
Chapter 4. Security Access Manager
Plug-in for Web Servers Messages . . 169
About this publication . . . . . . . . vii
Intended audience . . . . . . .
Access to publications and terminology
Related publications . . . . .
Accessibility . . . . . . . . .
Technical training . . . . . . .
Support information . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
. vii
. ix
. xi
. xi
. xi
.
.
.
.
Chapter 5. Security Access Manager
Session Management Server
Messages . . . . . . . . . . . . . 181
Chapter 6. Security Access Manager
Web Runtime Messages . . . . . . . 215
Chapter 1. Message overview . . . . . 1
. 1
. 1
Chapter 7. Common Auditing and
Reporting Service messages. . . . . 271
Chapter 2. Security Access Manager
Base Messages . . . . . . . . . . . 5
Notices . . . . . . . . . . . . . . 299
Message types . .
Message format .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Chapter 3. Security Access Manager
WebSEAL Messages . . . . . . . . 145
© Copyright IBM Corp. 2001, 2012
iii
iv
Version 7.0: Error Message Reference
Figures
1.
Message ID format
.
.
© Copyright IBM Corp. 2001, 2012
.
.
.
.
.
.
.
. 2
v
vi
Version 7.0: Error Message Reference
About this publication
IBM Security Access Manager for Web, formerly called IBM Tivoli Access Manager
for e-business, is a user authentication, authorization, and web single sign-on
solution for enforcing security policies over a wide range of web and application
resources.
The IBM Security Access Manager for Web Error Message Reference provides a list
of all informational, warning, and error messages associated with IBM Security
Access Manager for Web.
Intended audience
This book is intended for system administrators who are responsible for
maintaining and troubleshooting IBM Security Access Manager for Web.
Access to publications and terminology
This section provides:
v A list of publications in the “IBM Security Access Manager for Web library.”
v Links to “Online publications” on page ix.
v A link to the “IBM Terminology website” on page ix.
IBM Security Access Manager for Web library
The following documents are in the IBM Security Access Manager for Web library:
v IBM Security Access Manager for Web Quick Start Guide, GI11-9333-01
Provides steps that summarize major installation and configuration tasks.
v IBM® Security Web Gateway Appliance Quick Start Guide – Hardware Offering
Guides users through the process of connecting and completing the initial
configuration of the WebSEAL Hardware Appliance, SC22-5434-00
v IBM Security Web Gateway Appliance Quick Start Guide – Virtual Offering
Guides users through the process of connecting and completing the initial
configuration of the WebSEAL Virtual Appliance.
v IBM Security Access Manager for Web Installation Guide, GC23-6502-02
Explains how to install and configure Security Access Manager.
v IBM Security Access Manager for Web Upgrade Guide, SC23-6503-02
Provides information for users to upgrade from version 6.0, or 6.1.x to version
7.0.
v IBM Security Access Manager for Web Administration Guide, SC23-6504-02
Describes the concepts and procedures for using Security Access Manager.
Provides instructions for performing tasks from the Web Portal Manager
interface and by using the pdadmin utility.
v IBM Security Access Manager for Web WebSEAL Administration Guide, SC23-6505-02
Provides background material, administrative procedures, and reference
information for using WebSEAL to manage the resources of your secure Web
domain.
© Copyright IBM Corp. 2001, 2012
vii
v IBM Security Access Manager for Web Plug-in for Web Servers Administration Guide,
SC23-6507-02
Provides procedures and reference information for securing your Web domain
by using a Web server plug-in.
v IBM Security Access Manager for Web Shared Session Management Administration
Guide, SC23-6509-02
v
v
v
v
Provides administrative considerations and operational instructions for the
session management server.
IBM Security Access Manager for Web Shared Session Management Deployment Guide,
SC22-5431-00
Provides deployment considerations for the session management server.
IBM Security Web Gateway Appliance Administration Guide, SC22-5432-00
Provides administrative procedures and technical reference information for the
WebSEAL Appliance.
IBM Security Web Gateway Appliance Configuration Guide for Web Reverse Proxy,
SC22-5433-00
Provides configuration procedures and technical reference information for the
WebSEAL Appliance.
IBM Security Web Gateway Appliance Web Reverse Proxy Stanza Reference,
SC27-4442-00
Provides a complete stanza reference for the IBM Security Web Gateway
Appliance Web Reverse Proxy.
v IBM Security Access Manager for Web WebSEAL Configuration Stanza Reference,
SC27-4443-00
Provides a complete stanza reference for the WebSEAL Appliance.
v IBM Global Security Kit: CapiCmd Users Guide, SC22-5459-00
Provides instructions on creating key databases, public-private key pairs, and
certificate requests.
v IBM Security Access Manager for Web Auditing Guide, SC23-6511-02
Provides information about configuring and managing audit events by using the
native Security Access Manager approach and the Common Auditing and
Reporting Service. You can also find information about installing and
configuring the Common Auditing and Reporting Service. Use this service for
generating and viewing operational reports.
v IBM Security Access Manager for Web Command Reference, SC23-6512-02
Provides reference information about the commands, utilities, and scripts that
are provided with Security Access Manager.
v IBM Security Access Manager for Web Administration C API Developer Reference,
SC23-6513-02
Provides reference information about using the C language implementation of
the administration API to enable an application to perform Security Access
Manager administration tasks.
v IBM Security Access Manager for Web Administration Java Classes Developer
Reference, SC23-6514-02
Provides reference information about using the Java™ language implementation
of the administration API to enable an application to perform Security Access
Manager administration tasks.
v IBM Security Access Manager for Web Authorization C API Developer Reference,
SC23-6515-02
viii
Version 7.0: Error Message Reference
Provides reference information about using the C language implementation of
the authorization API to enable an application to use Security Access Manager
security.
v IBM Security Access Manager for Web Authorization Java Classes Developer Reference,
SC23-6516-02
Provides reference information about using the Java language implementation of
the authorization API to enable an application to use Security Access Manager
security.
v IBM Security Access Manager for Web Web Security Developer Reference,
SC23-6517-02
Provides programming and reference information for developing authentication
modules.
v IBM Security Access Manager for Web Error Message Reference, GI11-8157-02
Provides explanations and corrective actions for the messages and return code.
v IBM Security Access Manager for Web Troubleshooting Guide, GC27-2717-01
Provides problem determination information.
v IBM Security Access Manager for Web Performance Tuning Guide, SC23-6518-02
Provides performance tuning information for an environment that consists of
Security Access Manager with the IBM Tivoli Directory Server as the user
registry.
Online publications
IBM posts product publications when the product is released and when the
publications are updated at the following locations:
IBM Security Access Manager for Web Information Center
The http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/
com.ibm.isam.doc_70/welcome.html site displays the information center
welcome page for this product.
IBM Publications Center
The http://www-05.ibm.com/e-business/linkweb/publications/servlet/
pbi.wss site offers customized search functions to help you find all the IBM
publications that you need.
IBM Terminology website
The IBM Terminology website consolidates terminology for product libraries in one
location. You can access the Terminology website at http://www.ibm.com/
software/globalization/terminology.
Related publications
This section lists the IBM products that are related to and included with the
Security Access Manager solution.
IBM Global Security Kit
Security Access Manager provides data encryption by using Global Security Kit
(GSKit) version 8.0.x. GSKit is included on the IBM Security Access Manager for Web
Version 7.0 product image or DVD for your particular platform.
GSKit version 8 includes the command-line tool for key management,
GSKCapiCmd (gsk8capicmd_64).
About this publication
ix
GSKit version 8 no longer includes the key management utility, iKeyman
(gskikm.jar). iKeyman is packaged with IBM Java version 6 or later and is now a
pure Java application with no dependency on the native GSKit runtime. Do not
move or remove the bundled java/jre/lib/gskikm.jar library.
The IBM Developer Kit and Runtime Environment, Java Technology Edition, Version 6
and 7, iKeyman User's Guide for version 8.0 is available on the Security Access
Manager Information Center. You can also find this document directly at:
http://download.boulder.ibm.com/ibmdl/pub/software/dw/jdk/security/
60/iKeyman.8.User.Guide.pdf
Note:
GSKit version 8 includes important changes made to the implementation of
Transport Layer Security required to remediate security issues.
The GSKit version 8 changes comply with the Internet Engineering Task Force
(IETF) Request for Comments (RFC) requirements. However, it is not compatible
with earlier versions (1.1 or 1.2) of Transport Layer Security. Any component that
communicates with Security Access Manager that uses GSKit must be upgraded to
use GSKit version 7.0.4.42, or 8.0.14.26 or later. Otherwise, communication
problems might occur.
IBM Tivoli Directory Server
IBM Tivoli Directory Server version 6.3 FP17 (6.3.0.17-ISS-ITDS-FP0017) is included
on the IBM Security Access Manager for Web Version 7.0 product image or DVD for
your particular platform.
|
|
|
You can find more information about Tivoli Directory Server at:
http://www.ibm.com/software/tivoli/products/directory-server/
IBM Tivoli Directory Integrator
IBM Tivoli Directory Integrator version 7.1.1 is included on the IBM Tivoli Directory
Integrator Identity Edition V 7.1.1 for Multiplatform product image or DVD for your
particular platform.
|
|
|
You can find more information about IBM Tivoli Directory Integrator at:
http://www.ibm.com/software/tivoli/products/directory-integrator/
IBM DB2 Universal Database™
IBM DB2 Universal Database Enterprise Server Edition, version 9.7 FP4 is provided
on the IBM Security Access Manager for Web Version 7.0 product image or DVD for
your particular platform. You can install DB2® with the Tivoli Directory Server
software, or as a stand-alone product. DB2 is required when you use Tivoli
Directory Server or z/OS® LDAP servers as the user registry for Security Access
Manager. For z/OS LDAP servers, you must separately purchase DB2.
You can find more information about DB2 at:
http://www.ibm.com/software/data/db2
x
Version 7.0: Error Message Reference
IBM WebSphere® products
The installation packages for WebSphere Application Server Network Deployment,
version 8.0, and WebSphere eXtreme Scale, version 8.5, are included with Security
Access Manager version 7.0. WebSphere eXtreme Scale is required only when you
use the Session Management Server (SMS) component.
WebSphere Application Server enables the support of the following applications:
v Web Portal Manager interface, which administers Security Access Manager.
v Web Administration Tool, which administers Tivoli Directory Server.
v Common Auditing and Reporting Service, which processes and reports on audit
events.
v Session Management Server, which manages shared session in a Web security
server environment.
v Attribute Retrieval Service.
You can find more information about WebSphere Application Server at:
http://www.ibm.com/software/webservers/appserv/was/library/
Accessibility
Accessibility features help users with a physical disability, such as restricted
mobility or limited vision, to use software products successfully. With this product,
you can use assistive technologies to hear and navigate the interface. You can also
use the keyboard instead of the mouse to operate all features of the graphical user
interface.
Visit the IBM Accessibility Center for more information about IBM's commitment
to accessibility.
Technical training
For technical training information, see the following IBM Education website at
http://www.ibm.com/software/tivoli/education.
Support information
IBM Support provides assistance with code-related problems and routine, short
duration installation or usage questions. You can directly access the IBM Software
Support site at http://www.ibm.com/software/support/probsub.html.
The IBM Security Access Manager for Web Troubleshooting Guide provides details
about:
v What information to collect before you contact IBM Support.
v The various methods for contacting IBM Support.
v How to use IBM Support Assistant.
v Instructions and problem-determination resources to isolate and fix the problem
yourself.
Note: The Community and Support tab on the product information center can
provide more support resources.
About this publication
xi
xii
Version 7.0: Error Message Reference
Chapter 1. Message overview
Messages indicate events that occur during the operation of the system.
Depending on their purpose, messages might be displayed on the screen. By
default, all informational, warning, and error messages are written to the message
logs. The logs can be reviewed later to determine what events occurred, to see
what corrective actions were taken, and to audit all the actions performed. For
more information about message logs, see the IBM Security Access Manager
Troubleshooting Guide.
Message types
IBM Security Access Manager for Web uses messages of specific types.
The following types of messages are used:
Informational messages
Indicate conditions that are worthy of noting but that do not require you to
take any precautions or perform an action.
Warning messages
Indicate that a condition has been detected that you should be aware of,
but does not necessarily require that you take any action.
Error messages
Indicates that a condition has occurred that requires you to take action.
Message format
Messages logged by IBM Security Access Manager for Web adhere to the Tivoli®
Message Standard. Each message consists of a message identifier (ID) and
accompanying message text.
Message ID format
A message ID consists of 10 alphanumeric characters that uniquely identify the
message.
A message ID in Security Access Manager for Web is composed of:
v three-character product identifier (HPD for Security Access Manager Base and
CBA and CFG for Common Auditing and Reporting Service)
v two-character or three-character component or subsystem identifier
v three-digit or four-digit serial or message number
v one-character type code indicating the severity of the message
The figure that follows shows a graphical representation of a possible message ID
and identifies its different parts. (Some messages might use 2 characters for the
component ID and 4 digits for the serial number.)
© Copyright IBM Corp. 2001, 2012
1
FBT
RTE
033
I
Severity
I - Informational
W - Warning
E - Error
Message number (3 digits)
Component or subsystem identifier (3 characters)
IBM product prefix (3 characters)
Figure 1. Message ID format
Component identifiers
The component identifier indicates which component or subsystem produced the
message.
ADM Administration commands
AUD
Audit
CC
Common Auditing and Reporting Service disk cache
CDS
InfoCard messages
CE
Common Auditing and Reporting Service emitter
CFG
Configuration properties
CLI
Command-line interface
CO
Common Audit Service Configuration Console
CON
Security Access Manager console
FMS
Management service
IDS
Identity service
IN
Common Auditing and Reporting Service installation
ISJ
Alias service JDBC component
ISL
Alias service LDAP component
IVT
Installation verification test
KES
Key service keystore management
KJK
Key service keystore management
LIB
Liberty single sign-on protocol
LOG
Logging
MB
Common Audit Service Configuration MBean
MGT
Management
MET
Metadata handling
MOD Module
OID
2
OpenID messages
Version 7.0: Error Message Reference
PWD
Password handling
RPT
Report messages
RTE
Runtime environment component configuration
SML
SAML single sign-on protocol
SOC
SOAP client
SPS
Single sign-on protocol service
STM
Secure token service
STS
Secure token service modules
STZ
RACF® PassTicket tokens
SU
Common Audit Staging Utility
TAC
Tivoli Access Manager configuration as point-of-contact server
TRC
Trust client
USC
User self care
WS
Common Auditing and Reporting Service Web service
WSF
WS-Federation single sign-on protocol
WSP
Provisioning service
WSS
Web services security management
XS
Common Audit Service XML data store
XU
Common Audit Service XML store utilities
Severity
Associated with each message is a severity level that indicates whether corrective
action must be taken.
Table 1. Severity level
Severity
Description
I (Informational)
Provides information or feedback about normal events that occur. In
general, no action needs to be performed in response to an
informational message.
FBTRTE033I The domain default was successfully created.
FBTSTM066I The Trust Service has been disabled.
W (Warning)
Indicates that a potentially undesirable condition has occurred, but
processing can continue. Intervention or corrective action might be
necessary in response to a warning message.
FBTLOG002W An integer was expected.
FBTTRC004W The returned RequestSecurityTokenResponse
did not have a wsu:Id
Chapter 1. Message overview
3
Table 1. Severity level (continued)
Severity
Description
E (Error)
Indicates that a problem has occurred that requires intervention or
correction before processing can continue. An error message might be
accompanied by one or more warning or informational messages that
provide additional details about the problem.
FBTCON013E The federation with ID insert could not be
retrieved from the single sign-on protocol service.
Explanation:
This error can occur if the console is unable to
communicate with the single sign-on protocol service.
FBTSML260E The binding value value for attribute attr
is not valid for profile profile.
Message text
The text of the message, in the system locale, also is recorded in the log file. If the
message text is not available in the desired language, the English language text is
used.
4
Version 7.0: Error Message Reference
Chapter 2. Security Access Manager Base Messages
These messages are provided by the Security Access Manager Base component.
Explanation: An ACL entry failed the validity check.
The Security Access Manager policy server's error log
file will contain an error status message indicating the
reason for the failure.
policy server, then stop the policy server, restore a
known good version of the master policy database, and
then start the Security Access Manager servers again. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Review the Security Access
Manager policy server's error log to determine the
reason that the ACL failed the validity check.
HPDAC0451E A protected object should have only
one attached ACL (%s).
HPDAC0153E Could not build ACL with the
supplied ACL entries.
Explanation: See message.
HPDAC0178E
Could not obtain local host name.
Explanation: The system library call to get the local
host name failed.
Administrator response: Ensure that the machine has
a valid hostname.
HPDAC0179E
Unexpected exception caught.
Explanation: An unexpected exception was caught
while registering an azn administration service with the
Security Access Manager policy server.
Administrator response: Ensure that the Security
Access Manager policy server is running and that the
client and server versions are compatible with each
other.
HPDAC0180E The Security Access Manager
authorization server could not be started
(0x%8.8lx).
Explanation: The Security Access Manager
authorization server encountered an error during
initialization.
Administrator response: See the accompanying status
code, which gives more information about the failure.
HPDAC0450E There is no root ACL in the
authorization policy database.
Explanation: See message.
Administrator response: This is a severe error
indicating integrity problems with the policy database.
If the problem occurs with the Security Access Manager
authorization server or with a Security Access Manager
resource manager application, then stop the resource
manager, remove the resource manager's policy
database, and start the resource manager again. If the
problem occurs with the Security Access Manager
© Copyright IBM Corp. 2001, 2012
Administrator response: This is a severe error
indicating integrity problems with the policy database.
If the problem occurs with the Security Access Manager
authorization server or with a Security Access Manager
resource manager application, then stop the resource
manager, remove the resource manager's policy
database, and start the resource manager again. If the
problem occurs with the Security Access Manager
policy server, then stop the policy server, restore a
known good version of the master policy database, and
then start the Security Access Manager servers again. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDAC0452E An ACL that is attached to a
protected object cannot be found in the
policy database (%s,%s).
Explanation: See message.
Administrator response: This is a severe error
indicating integrity problems with the policy database.
If the problem occurs with the Security Access Manager
authorization server or with a Security Access Manager
resource manager application, then stop the resource
manager, remove the resource manager's policy
database, and start the resource manager again. If the
problem occurs with the Security Access Manager
policy server, then stop the policy server, restore a
known good version of the master policy database, and
then start the Security Access Manager servers again. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
5
HPDAC0453E • HPDAC0464E
HPDAC0453E Authorization policy database version
is incompatible with the server version
(%ld,%ld) and will be automatically
replaced.
Explanation: The authorization client application has
detected an incompatible version of the policy
database. The database is replaced automatically.
Administrator response: No action is required.
HPDAC0454E Could not initialize the authorization
policy database (0x%8.8lx).
Explanation: An error occurred while attempting to
access the authorization policy database. The
authorization engine client was not initialized correctly.
Administrator response: See the accompanying status
code, which gives more information about failure.
HPDAC0455E The authorization policy database has
not been initialized.
Explanation: An error occurred during application
initialization and the authorization policy database was
not initialized correctly.
Administrator response: Review the Security Access
Manager base error log and look for error messages
during initialization that might account for problems
with the authorization policy database.
HPDAC0456E The ACL name specified was not
found in the authorization policy
database.
Explanation: See message.
Administrator response: Review the ACL name and
ensure that the name is a valid ACL name and that it
matches an ACL that exists in the authorization policy
database.
HPDAC0457E
The protected object name is invalid.
Explanation: The protected object name is invalid. The
name must begin with the '/' character. The name
cannot contain carriage return or line-feed characters
and it cannot contain two '/' characters in sequence.
Administrator response: Review the protected object
name and ensure that it adheres to the restrictions
outlined in the message explanation.
HPDAC0458E The protected object name specified
was not found in the authorization
policy database.
Explanation: See message.
Administrator response: Review the protected object
name and ensure that the name is a valid protected
6
Version 7.0: Error Message Reference
object name and that it matches an object that exists in
the authorization policy database.
HPDAC0459E The protected object space specified
was not found in the authorization
policy database.
Explanation: See message.
Administrator response: Review the protected object
space name and ensure that the name is a valid
protected object space name and that it matches an
object space that exists in the authorization policy
database.
HPDAC0460E The protected object space specified
already exists in the authorization policy
database.
Explanation: See message.
Administrator response: Each protected object space
name must be unique so choose a different name for
the new protected object space.
HPDAC0461E The extended attribute specified was
not found.
Explanation: See message.
Administrator response: Review the extended
attributes on the target object and ensure that the
extended attribute requested actually exists in the
extended attribute list for this object.
HPDAC0462E The extended attribute name
specified is invalid.
Explanation: See message.
Administrator response: Review the extended
attribute name to ensure that it is valid.
HPDAC0463E There are no extended attributes
associated with the specified protected
object or authorization policy object.
Explanation: See message.
Administrator response: Define extended attributes
for specified object or parent object if you want to
perform extended attributes associated with the object.
HPDAC0464E A POP that is attached to a protected
object cannot be found in the policy
database (%s,%s).
Explanation: See message.
Administrator response: This is a severe error
indicating integrity problems with the policy database.
If the problem occurs with the Security Access Manager
authorization server or with a Security Access Manager
HPDAC0465E • HPDAC0474E
resource manager application, then stop the resource
manager, remove the resource manager's policy
database, and start the resource manager again. If the
problem occurs with the Security Access Manager
policy server, then stop the policy server, restore a
known good version of the master policy database, and
then start the Security Access Manager servers again. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDAC0465E A new action group could not be
created because the count of action
groups has reached the maximum
permitted.
Explanation: See message.
Administrator response: If you want to create another
action group, then you must first reduce the count of
defined action groups. Review the list of defined action
groups and remove those that are no longer required.
HPDAC0466E A new action could not be created
because the count of actions has reached
the maximum permitted.
Explanation: See message.
Administrator response: Before creating another
action you must first reduce the count of defined
actions. Review the list of defined actions and remove
those that are no longer required.
HPDAC0470E Unable to create the new action
because an action exists with the same
name.
Explanation: See message.
Administrator response: You must choose a unique
action name for the new action.
HPDAC0471E Action name contains invalid
characters or too many characters.
Explanation: The action name specified is invalid. The
name must not be NULL and can contain only one
character from the set [a-zA-Z].
Administrator response: Review the action name and
ensure that it conforms to the criteria specified in the
Security Access Manager Base Administrator's Guide.
HPDAC0472E Action group name contains invalid
characters.
Explanation: The action group name specified is
invalid. The name must not be NULL and can contain
only characters from the set [a-zA-Z0-9 +-_:].
Administrator response: Review the action group
name and ensure that it conforms to the criteria
specified in the Security Access Manager Base
Administrator's Guide.
HPDAC0473E The primary action group cannot be
deleted.
Explanation: See message.
HPDAC0467E Unable to create the new action
because the bitmask supplied is invalid.
Administrator response: No action is required.
Explanation: The bitmask must have only one of bits
0 to 31 set to be a valid action bitmask. Having
multiple bits set or no bits at all is invalid.
HPDAC0474E A protected object should have only
one rule attached (%s).
Administrator response: Review the specified action
bitmask to ensure that at least one and only one action
bit is set in the mask.
HPDAC0468E Unable to create new action group
because an action group exists with the
same name.
Explanation: See message.
Administrator response: You must choose a unique
name for the new action group.
HPDAC0469E Unable to locate an action group with
the name supplied.
Explanation: See message.
Explanation: See message.
Administrator response: This is a severe error
indicating integrity problems with the policy database.
If the problem occurs with the Security Access Manager
authorization server or with a Security Access Manager
resource manager application, then stop the resource
manager, remove the resource manager's policy
database, and start the resource manager again. If the
problem occurs with the Security Access Manager
policy server, then stop the policy server, restore a
known good version of the master policy database, and
then start the Security Access Manager servers again. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Review the action group
name specified and ensure that it is a valid action
group name and that the group exists.
Chapter 2. Security Access Manager Base Messages
7
HPDAC0475E • HPDAC0757E
HPDAC0475E A rule that is attached to a protected
object cannot be found in the policy
database (%s,%s).
Explanation: See message.
Administrator response: This is a severe error
indicating integrity problems with the policy database.
If the problem occurs with the Security Access Manager
authorization server or with a Security Access Manager
resource manager application, then stop the resource
manager, remove the resource manager's policy
database, and start the resource manager again. If the
problem occurs with the Security Access Manager
policy server, then stop the policy server, restore a
known good version of the master policy database, and
then start the Security Access Manager servers again. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDAC0476E A protected object should have only
one POP attached (%s).
Explanation: See message.
Administrator response: This is a severe error
indicating integrity problems with the policy database.
If the problem occurs with the Security Access Manager
authorization server or with a Security Access Manager
resource manager application, then stop the resource
manager, remove the policy database of the resource
manager, and start the resource manager again. If the
problem occurs with the Security Access Manager
policy server, then stop the policy server, restore a
known good version of the master policy database, and
then start the Security Access Manager servers again. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDAC0752E
The requested object was not found.
Explanation: See message.
Administrator response: Review the object name and
ensure that it is valid and that it actually exists.
HPDAC0753E The ACL action specified could not
be mapped.
Explanation: There is no mapping for this ACL action
in the policy database.
Administrator response: Review the ACL name and
ensure that it is valid and refers to an existing ACL
action in the policy database.
HPDAC0754E Privacy or data integrity quality of
protection cannot be specified in the
unauthenticated entry.
Explanation: Quality of protection cannot be enforced
by the authorization client runtime for unauthenticated
users.
Administrator response: No action is required.
HPDAC0755E The ACL has an unauthenticated
entry but there is no any-other entry.
The any-other entry must be at least as
permissive as unauthenticated.
Explanation: See message.
Administrator response: Add an any-other entry to
the ACL with permissions at least equal to those of the
unauthenticated user.
HPDAC0756E The any-other entry is missing
actions from the unauthenticated entry.
The any-other entry must be at least as
permissive as unauthenticated.
Explanation: See message.
HPDAC0750E
Invalid ACL name.
Explanation: The ACL name received was invalid. The
ACL name contained illegal characters or was NULL.
Administrator response: Review the ACL name and
ensure that it conforms to the criteria specified in the
Security Access Manager Base Administrator's Guide.
HPDAC0751E
Invalid protected object name.
Explanation: The protected object name received was
invalid. The protected object name contained illegal
characters or was NULL.
Administrator response: Review the protected object
name and ensure that it conforms to the criteria
specified in the Security Access Manager Base
Administrator's Guide.
8
Version 7.0: Error Message Reference
Administrator response: Ensure that the permissions
in the ACL for the any-other entry are at least equal to
those of the unauthenticated entry.
HPDAC0757E An entry in the ACL is missing some
actions granted by the unauthenticated
entry. Users can bypass an explicit
action revocation if allowed by the
unauthenticated entry.
Explanation: See message.
Administrator response: Review the ACL and ensure
that the unauthenticated entry does not have the
permission to perform actions that other authenticated
entries cannot. The permissions of the unauthenticated
entry should be the most restrictive in the secure
domain.
HPDAC0758E • HPDAC0776E
HPDAC0758E An entry in the ACL that grants
control does not also grant traverse.
HPDAC0769E Too many ACL actions are already
defined.
Explanation: To have the control permission the user
must also be able to traverse.
Explanation: Only 32 actions bits can be defined and
this limit has been reached.
Administrator response: Ensure that entries with the
control permission also have the traverse permission.
Administrator response: An ACL action must be
deleted before a new action can be created.
HPDAC0759E No entry in the ACL grants control
permission.
HPDAC0771E The user registry client is
unavailable.
Explanation: At least one entry in the ACL must have
the control permission. Otherwise the ACL cannot be
modified or deleted.
Explanation: The authorization client was unable to
contact the user registry. The user registry client may
not be configured correctly.
Administrator response: Add the control permission
to at least one of the ACL entries. An administrative
user is the most suitable candidate because control
permission will authorize the user to modify and delete
the ACL.
Administrator response: Refer to the Installation
Guide for your chosen platform and ensure that the
correct user registry has been specified and that the
configuration steps succeeded. Also ensure that the
user registry is running and can be contacted from the
client machine. The IBM Security Access Manager for
Web Troubleshooting Guide contains instructions on
how to ensure that the user registry is configured
correctly and is operational.
HPDAC0760E The user is revoking the control
permission for itself on this ACL.
Explanation: If the current user removes the control
permission from its own ACL entry, that user can no
longer modify or delete the object. If the user were the
only user with control permission then the ACL can no
longer be modified or deleted. To avoid losing control
over the ACL, it is more prudent to have another user
who has control permission remove the control
permission on behalf of the current user.
Administrator response: Login as another user who
has the control permission for this ACL and have that
user remove the control permission on behalf of the
current user.
HPDAC0766E The ACL cannot be detached from
the root protected object. Try replacing
the attached ACL instead.
Explanation: See message.
Administrator response: Modify or even replace the
root ACL with an ACL of the desired configuration.
HPDAC0767E
Core ACL actions cannot be deleted.
Explanation: See message.
Administrator response: No action is required.
HPDAC0768E
The ACL action name already exists.
Explanation: See message.
Administrator response: Choose a unique action name
for the new action.
HPDAC0772E The LDAP user registry client
returned an error status for the specified
DN.
Explanation: The LDAP client returned an error status
because the DN was invalid or there are multiples of
the same DN.
Administrator response: Ensure that the specified DN
exists in the user registry and is valid and that the DN
is unique.
HPDAC0773E The LDAP user registry client
returned an unexpected failure status.
Explanation: The LDAP user registry client returned
an error code that was unexpected or unknown to
Security Access Manager.
Administrator response: Ensure that the LDAP
registry server and local registry client runtime are
correctly installed and operational then try the
procedure again. The IBM Security Access Manager for
Web Troubleshooting Guide contains instructions on
how to ensure that the user registry is configured
correctly and is operational. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDAC0776E The DN specified was not found in
the registry.
Explanation: The specified DN was not found in the
user registry.
Chapter 2. Security Access Manager Base Messages
9
HPDAC0777E • HPDAC0910E
Administrator response: Ensure that the DN specified
exists in the user registry and is valid.
HPDAC0777E LDAP Registry client returned a
memory error.
Explanation: The LDAP registry client encountered a
memory error.
Administrator response: Ensure that the affected
process has been configured with sufficient virtual
memory for its requirements. The IBM Security Access
Manager for Web Performance Tuning Guide contains
instructions on how to ensure that the application is
configured with the correct amount of virtual memory.
Stop and restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDAC0778E The specified user's account is set to
invalid.
Explanation: When an account is created in the user
registry, the user account must also be marked as valid.
Administrator response: Start the administration
console or command-line administration tool and set
the user account to be valid with the 'user modify'
command.
HPDAC0779E
HPDAC0902E There was no authorization client
listener port specified.
Explanation: The authorization client requires a TCP
port to listen for authorization policy updates and azn
admin service requests.
Administrator response: Ensure that you have
specified a listening port for the authorization client in
the aznAPI client configuration file or by using
programmatic aznAPI initialization attributes.
HPDAC0906E An invalid parameter was supplied to
the API function.
Explanation: A parameter supplied to the API
function was NULL or outside the range of valid
values.
Administrator response: Ensure that the API function
call parameters supplied meet the criteria defined for
the API interface in the IBM Security Access Manager for
Web Authorization C API Developer's Reference. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
The LDAP registry server is down.
Explanation: The LDAP registry server is not running.
Administrator response: Ensure that the LDAP
registry server is running and that the LDAP client has
been correctly configured to communicate with the
server. The IBM Security Access Manager for Web
Troubleshooting Guide contains instructions on how to
ensure that the user registry is configured correctly and
is operational.
HPDAC0780E A valid action group is specified, but
no action is specified.
Explanation: The permission string contains a valid
action group, but no action within this group is
specified. Therefore, an authorization check cannot be
performed.
Administrator response: Ensure that a valid action for
the specified action group was provided.
HPDAC0901E The Authorization service is already
initialized.
Explanation: You cannot reinitialize the authorization
service once it has been initialized. The azn_shutdown()
interface must be called before the aznAPI client can be
initialized again.
10
Administrator response: Review your aznAPI
application and ensure that the azn_initialize() interface
is called only once during the execution of the
program.
Version 7.0: Error Message Reference
HPDAC0909E An unspecified implementation
dependent error has occurred.
Explanation: A minor error could not be mapped to a
known message catalog category. The minor error
might be returned by an authorization service plug-in
without first being encoded using azn_util_errcode().
Another reason this occurs is that an authorization
client's message catalogs might not be synchronized
with those of the Security Access Manager
authorization server.
Administrator response: If you have loaded a custom
authorization service plug-in then ensure that the
plug-in returns the appropriate azn_status_t error codes
from its exported interfaces. If this is not the case, then
the authorization client's message catalogs might not be
synchronized with those of the server. Upgrade the
Security Access Manager Runtime package to the same
level as the server.
HPDAC0910E An invalid policy cache mode value
was specified.
Explanation: See message.
Administrator response: Ensure that the specified
policy cache mode is a valid mode from the set of
modes defined in the Security Access Manager
Authorization C API Developer's Reference.
HPDAC0912E • HPDAC0930E
HPDAC0912E An invalid database file path value
was specified.
HPDAC0925E An invalid LDAP server SSL keyfile
password was specified.
Explanation: See message.
Explanation: See message.
Administrator response: Ensure that the specified
database file path is valid.
Administrator response: Ensure that the specified
password for the LDAP server SSL keyfile is correct.
HPDAC0914E An invalid policy cache refresh
interval value was specified.
HPDAC0926E One or more of the LDAP server
values was not specified.
Explanation: See message.
Explanation: To configure an LDAP registry server
you must at least specify the server host name, the port
on which to connect to the server, the DN with which
to bind to the server and the password for that DN.
One of these values was not specified in the
configuration settings.
Administrator response: Ensure that the policy cache
refresh interval specified is within the range of valid
values specified in the Security Access Manager
Authorization C API Developer's Reference.
HPDAC0915E An invalid listen flags value was
specified.
Explanation: The listen flags can be set to either
'enable' or 'disable'.
Administrator response: Ensure that the listen flags
configuration parameter is set to either 'enable' or
'disable'.
HPDAC0919E An invalid LDAP host name was
specified.
Explanation: See message.
Administrator response: Ensure that the LDAP host
name specified is valid.
HPDAC0920E An invalid LDAP host port was
specified.
Explanation: See message.
Administrator response: Ensure that the LDAP server
port specified is valid.
HPDAC0923E An invalid LDAP server SSL keyfile
was specified.
Explanation: The SSL keyfile could not be found, is
invalid or has inappropriate access permissions.
Administrator response: Ensure that the path to the
LDAP server SSL keyfile is correct that the file exists, is
valid and has the appropriate access permissions.
HPDAC0924E An invalid LDAP server SSL keyfile
DN was specified.
Explanation: See message.
Administrator response: Ensure that the specified DN
for the LDAP server SSL keyfile is correct.
Administrator response: Ensure that you have
specified the LDAP registry server name, request port,
bind DN, and bind DN password in the aznAPI client
configuration settings.
HPDAC0928E The attempt to initialize the LDAP
registry failed.
Explanation: This failure can occur when the LDAP
registry server configuration settings are incorrect or
when the Security Access Manager runtime is
incorrectly configured for a registry type other than
LDAP.
Administrator response: Ensure that you have
correctly configured the Security Access Manager
Runtime package to use an LDAP user registry. The
current user registry setting can be determined by
looking at the 'user-reg-type' entry in the [pdrte] stanza
of the 'etc/pd.conf' file in the Security Access Manager
install directory. If the runtime is configured incorrectly,
you will need to unconfigure all packages and
reconfigure the machine again. If the runtime has been
correctly configured, then ensure that the configuration
parameters specified for the LDAP registry server are
correct.
HPDAC0930E
A memory allocation call failed.
Explanation: In most cases this error due to the
aznAPI application program running out of memory.
Administrator response: Ensure that the application
has been configured with sufficient virtual memory for
its requirements. The IBM Security Access Manager for
Web Performance Tuning Guide contains instructions on
how to ensure that the application is configured with
the correct amount of virtual memory. Stop and restart
the process. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
11
HPDAC0931E • HPDAC0944E
HPDAC0931E Unable to configure LDAP replica
server.
HPDAC0937E An invalid maximum search size was
specified.
Explanation: The replica is either misconfigured or
there are too many replicas configured.
Explanation: The specified maximum search size
could not be converted to an integer number or is zero.
Administrator response: Ensure that the replica LDAP
server configuration settings are valid and refer to an
operational replica of the master LDAP server. Also
ensure that you have not registered more LDAP
replicas than that allowed by the LDAP registry
implementation.
Administrator response: Ensure that the value
specified for maximum search size is a valid integer
value in the range specified in the LDAP registry server
documentation and is not zero.
HPDAC0932E An invalid LDAP bind user DN was
specified.
Explanation: See message.
Administrator response: Ensure that the LDAP bind
user DN specified is valid.
HPDAC0933E The password for the LDAP bind
user was invalid.
Explanation: See message.
Administrator response: Ensure that the LDAP bind
user password specified is valid.
HPDAC0934E An invalid configuration file path
was specified.
Explanation: See message.
Administrator response: Ensure that the path to the
configuration file that was specified is valid.
HPDAC0935E An error occurred loading the aznAPI
configuration file.
Explanation: See message.
Administrator response: Review the aznAPI
configuration file used to initialize the application and
ensure that it is a valid stanza format file and that the
entries conform to stanza format syntax.
HPDAC0936E An error occurred loading the
configuration file specified as the
parameter to 'ldap-server-config' in the
aznAPI config file.
Explanation: See message.
Administrator response: Review the respective
aznAPI configuration file and ensure that it is a valid
stanza format file and that the entries conform to
stanza format syntax.
HPDAC0940E An invalid attribute value was
specified for the
azn_init_set_perminfo_attrs attribute.
Explanation: See message.
Administrator response: Ensure that the value
specified for the azn_init_set_perminfo_attrs
initialization attribute is a text string consisting of one
or more valid aznAPI attribute names separated by
spaces.
HPDAC0941E Too many permission information
attributes were specified with the
azn_init_set_perminfo_attrs attribute.
Explanation: The maximum number of permission
info attributes that can be returned from an
azn_decision_access_allowed_ext() call is 32.
Administrator response: Review the list of permission
information attributes that you have specified in the
azn_init_set_perminfo_attrs attribute and ensure that
the count of attributes is no greater than 32.
HPDAC0943E An invalid trace configuration
parameter was specified: %s.
Explanation: Either the application configuration file
contains an invalid 'trace' configuration item in the
[aznapi-configuration] stanza or the application is
passing an invalid value for the azn_init_trace
programmatic initialization attribute. The value
considered invalid is shown in the error message.
Administrator response: Correct the value of the trace
configuration parameter in the configuration file or the
application as appropriate.
HPDAC0944E An invalid statistics configuration
parameter was specified: %s.
Explanation: Either the application configuration file
contains an invalid 'stats' configuration item in the
[aznapi-configuration] stanza or the application is
passing an invalid value for the azn_init_stats
azn_initialize parameter. The value considered invalid
is shown in the error message.
Administrator response: Correct the value of the
'stats' configuration parameter in the configuration file
or the application as appropriate.
12
Version 7.0: Error Message Reference
HPDAC0945E • HPDAC0953E
HPDAC0945E The value specified for the 'timeout'
parameter in the [ldap] stanza is invalid:
%s.
Explanation: Either the application configuration file
contains an invalid 'timeout' configuration value in the
[ldap] stanza or the application is passing an invalid
value for the azn_init_ldap_timeout azn_initialize
parameter. The value considered invalid is shown in
the error message.
Administrator response: Correct the value of the
'timeout' parameter in the [ldap] stanza. It must be a
non-negative integer.
Administrator response: Review the rule text for the
rule policy named in the error log and correct any
errors.
HPDAC0950E An ADI container name was found in
multiple places in the input from the
application. Refer to the error log for
more information about the failure.
Explanation: The same piece of access decision
information cannot be provided to the rules evaluator
from two different sources as this indicates that one
piece of data may not be valid or is incorrectly named.
Container names must be unique across data sources.
HPDAC0946E The value specified for the
'authn-timeout' parameter in the [ldap]
stanza is invalid: %s.
Administrator response: Review your system
configuration to ensure that only one of either the
application context or user credentials is the source for
the piece of ADI named in the error log.
Explanation: Either the application configuration file
contains an invalid 'authn-timeout' configuration value
in the [ldap] stanza or the application is passing an
invalid value for the azn_init_ldap_authn_timeout
azn_initialize parameter. The value considered invalid
is shown in the error message.
HPDAC0951E The ADI container name %s was
found in multiple places in the input
from the application.
Administrator response: Correct the value of the
'authn-timeout' parameter in the [ldap] stanza. It must
be a non-negative integer.
Explanation: The same piece of access decision
information cannot be provided to the rules evaluator
from two different sources as this indicates that one
piece of data may not be valid or is incorrectly named.
Container names must be unique across data sources.
HPDAC0947E The value specified for the
'search-timeout' parameter in the [ldap]
stanza is invalid: %s.
Administrator response: Review your system
configuration to ensure that only one of either the
application context or user credentials is the source for
the piece of ADI named in the error log.
Explanation: Either the application configuration file
contains an invalid 'search-timeout' configuration item
in the [ldap] stanza or the application is passing an
invalid value for the azn_init_ldap_search_timeout
azn_initialize parameter. The value considered invalid
is shown in the error message.
HPDAC0952E The XSL processor failed to evaluate
the rule object. Refer to the error log for
more information about the failure.
Administrator response: Correct the value of the
'search-timeout' parameter in the [ldap] stanza. It must
be a non-negative integer.
HPDAC0948E Validation of the rule text for the rule
object failed. Refer to the error log for
more information about the failure.
Explanation: The rule text of the rule policy is not
valid.
Administrator response: Review the rule text for the
rule policy named in the error log and correct any
errors.
HPDAC0949E Validation of the rule text for rule
object %s failed. Error code 0x%x was
returned along with error message %s.
Explanation: The rule text of the rule policy named in
the error log is not valid and caused an error condition
in the XSL processor.
Administrator response: Review the rule text for the
rule policy object named in the error log and correct
any errors.
HPDAC0953E The XSL processor failed to evaluate
the rule object %s. Error code 0x%x was
returned along with error message %s.
Explanation: The rule text of the rule policy named in
the error log is not valid and caused an error condition
in the XSL processor.
Administrator response: Review the rule text for the
rule policy object named in the error log and correct
any errors.
Explanation: The rule text of the rule policy is not
valid.
Chapter 2. Security Access Manager Base Messages
13
HPDAC0954E • HPDAC0962E
HPDAC0954E The rule object was not evaluated
because there was insufficient access
decision information provided in the
application context and credential
attributes.
Explanation: To evaluate a rule, the authorization
engine must have all of the ADI referenced in the rule
text available at evaluation time. If any items of data
are missing then the rule cannot be evaluated.
Administrator response: Review the rule text for the
rule policy object named in the error log and ensure
that all of the items of data listed in the error message
are provided to the access decision call.
HPDAC0955E Rule object %s was not evaluated
because there was insufficient access
decision information provided to the
access decision call. Missing ADI items
include: %s.
Explanation: To evaluate a rule the authorization
engine must have all of the ADI referenced in the rule
text available at evaluation time. If any items of data
are missing then the rule cannot be evaluated.
Administrator response: Review the rule text for the
rule policy object named in the error log and ensure
that all of the items of data listed in the error message
are provided to the access decision call.
HPDAC0956E The rule text is invalid because the
template match statement does not
match one of the minimum required
paths of /XMLADI or XMLADI.
Explanation: Input data is supplied to the rules
evaluator within a top-level element XMLADI. To
match any data item within the XML document the
template match statement must match either the XPath
/XMLADI or XMLADI. Matching paths above this
point in the path is not valid.
Administrator response: Review the rule text for the
rule policy object and change the template match
statement to include one of /XMLADI or XMLADI.
the template match statement to include one of
/XMLADI or XMLADI.
HPDAC0958E The rule was found to have no
identifiable ADI to use when evaluating
the rule.
Explanation: The validation of the rule text of the rule
policy named in the error log failed because there was
no ADI identified in the rule text. ADI consists of the
variables used in a rule to make comparisons against. A
rule with no variables, for example a rule that is
comparing static data, is invalid.
Administrator response: Review the rule text for the
rule policy and correct any errors.
HPDAC0959E Rule %s was found to have no
identifiable ADI to use when evaluating
the rule.
Explanation: The validation of the rule text of the rule
policy named in the error log failed because there was
no ADI identified in the rule text. ADI consists of the
variables used in a rule to make comparisons against. A
rule with no variables, for example a rule that is
comparing static data, is invalid.
Administrator response: Review the rule text for the
rule policy named in the error log and correct any
errors.
HPDAC0960E The rule has a null entry in the
compiled rules cache.
Explanation: The validation of the rule text of the rule
policy named in the error log failed and the rule could
not be cached in the local client.
Administrator response: Review the rule text for the
rule policy and correct any errors.
HPDAC0961E Rule %s has a null entry in the
compiled rules cache.
Explanation: The validation of the rule text of the rule
policy named in the error log failed and the rule could
not be cached in the local client.
HPDAC0957E The rule %s is invalid because the
template match statement does not
match one of the minimum required
paths of /XMLADI or XMLADI.
Administrator response: Review the rule text for the
rule policy named in the error log and correct any
errors.
Explanation: Input data is supplied to the rules
evaluator witin a top-level element XMLADI. To match
any data item within the XML document the template
match statement must match either the XPath
/XMLADI or XMLADI. Matching paths above this
point in the path is not valid.
HPDAC0962E The XSL prolog entry specifies an
XSL output method other than 'text',
which is an invalid processor setting for
rules evaluation.
Administrator response: Review the rule text for the
rule policy object named in the error log and change
14
Version 7.0: Error Message Reference
Explanation: The output of any rule evaluation must
be plain text so setting any other output method in the
XSL prolog entry for the rules evaluator is invalid.
Administrator response: Review the XSL prolog entry
HPDAC0963E • HPDAC0971E
in the application's configuration file and ensure that
the output method is 'text'.
valid XSL and conforms to Security Access Manager
requirements.
HPDAC0963E The XSL prolog asks the XSL
processor to generate an XML
declaration in the output from a rule
evaluation. This setting is invalid.
HPDAC0968E The rule does not return a valid
result tag to the authorization engine.
Explanation: The output of any rule evaluation must
be minimal plain text so including an XML declaration
in the text output is invalid.
Administrator response: This is an invalid processor
setting for rules evaluation. Review the XSL prolog
entry in the application's configuration file and ensure
that the 'omit-xml-declaration' setting in the output
method is 'yes'.
HPDAC0964E The method of output encoding
specified for the XSL processor is
invalid for the purposes of rule
evaluation.
Explanation: The encoding for XSL output specified in
the XSL prolog configuration entry must be UTF-8.
Administrator response: Review the XSL prolog entry
in the application's configuration file and ensure that
the output encoding is UTF-8.
HPDAC0965E The parsing of the compiled XSL rule
returned an invalid element pointer.
Explanation: An internal XSL rule parsing error has
occurred.
Administrator response: Review the rule text for the
rule attached to the target object and ensure that it is
valid XSL and conforms to Security Access Manager
requirements.
HPDAC0966E The parsing of the compiled XSL rule
returned an invalid template match
string pointer.
Explanation: An internal XSL rule parsing error has
occurred.
Administrator response: Review the rule text for the
rule attached to the target object and ensure that it is
valid XSL and conforms to Security Access Manager
'template match' statement requirements.
HPDAC0967E An invalid XSL operation was
encountered while parsing the compiled
XSL rule.
Explanation: A Security Access Manager authorization
rule must return one of the values listed in the message
explanation to indicate the success, failure, or
indifference of the rule evaluation.
Administrator response: Review the rule text for the
rule and ensure that it will return one of the result tags
!TRUE!, !FALSE!, or !INDIFFERENT! in the XSL output
document to the authorization engine.
HPDAC0969E Rule %s does not return a valid result
tag to the authorization engine.
Explanation: A Security Access Manager authorization
rule must return one of the values listed in the message
explanation to indicate the success, failure, or
indifference of the rule evaluation.
Administrator response: Review the rule text for the
rule named in the error log and ensure that it will
return one of the result tags !TRUE!, !FALSE!, or
!INDIFFERENT! in the XSL output document to the
authorization engine.
HPDAC0970E The rule contains an absolute XPath
that doesn't include the top-level
document element /XMLADI.
Explanation: Security Access Manager authorization
rules are restricted to referencing ADI elements within
an XML document with the top-level element
<XMLADI>. Absolute XPaths that attempt to reference
other top-level document elements are invalid.
Administrator response: Review the rule text for the
rule and ensure that all absolute XPaths to rule ADI
start from the top-level document element /XMLADI.
HPDAC0971E The XSL prolog contains an XML
namespace declaration for the default
namespace. The default namespace is
reserved for use by Security Access
Manager.
Explanation: The default XML/XSL namespace, which
has no prefix, is reserved for use by Security Access
Manager.
Administrator response: Review the XSL prolog
statement and remove any default namespace
declaration.
Explanation: An internal XSL rule parsing error has
occurred.
Administrator response: Review the rule text for the
rule attached to the target object and ensure that it is
Chapter 2. Security Access Manager Base Messages
15
HPDAC0972E • HPDAC0980E
HPDAC0972E The XSL prolog contains a namespace
declaration that has an invalid URI.
Explanation: The authorization engine failed to parse
a URI from the XSL prolog statement.
Administrator response: Review the XSL prolog
statement and ensure that the URIs in the XML
namespace declarations have been correctly defined
and delimited with quotation marks.
HPDAC0973E The XSL prolog contains a namespace
declaration that has no prefix to URI
assignment.
Explanation: The authorization engine failed to find
an '=' sign to denote assignment of a URI to a
namespace prefix in the XSL prolog statement.
Administrator response: Review the XSL prolog
statement and ensure that a URI has been specified for
each namespace prefix declared.
HPDAC0974E The XSL prolog contains a duplicate
namespace prefix or URI declaration.
Explanation: The authorization engine requires that
the mapping of namespace prefix to URI is unique so
that target ADI can be properly identified.
HPDAC0977E An unexpected Xalan processor
exception was caught during rule
processing. Error message %s was
returned with the exception.
Explanation: Xalan returned an exception condition to
the authorization engine that was not handled and not
expected.
Administrator response: Refer to the error log to
determine if an error message accompanied the
exception.
HPDAC0978E A predicate expression using the
/XMLADI top-level document element
cannot be used in an authorization rule.
Explanation: Security Access Manager authorization
rules are restricted to referencing ADI elements within
an XML document with the top-level element
<XMLADI>. Predicate expressions that use /XMLADI
are invalid for use in authorization rules because the
target ADI of the predicate expression cannot be
determined with certainty before evaluation.
Administrator response: Review the rule text for the
rule and remove the predicate expression that uses the
top-level document element /XMLADI.
Administrator response: Review the XSL prolog
statement and ensure that the mapping of namespace
prefix to URI is unique.
HPDAC0979E The result string returned from the
rule evaluation is greater than the
maximum result buffer size of 1023
bytes.
HPDAC0975E The XSL prolog contains a namespace
declaration for the prefix 'xsl'. This
prefix is reserved for the XSLT language
namespace.
Explanation: The buffer used to store the text output
of a rule evaluation is 1023 bytes in length. The result
text string returned by the rule must have a length less
than this in order to fit into the result buffer. If the
result string token is surrounded by a lot of white
space then this error might occur. To determine the
result string text that will be returned as output from
the rule evaluation, count the number of characters
between the last closing '>' character and the first
opening '<' character after that in the line containing
the result string token.
Explanation: The authorization engine requires that
the mapping of namespace prefix to URI is unique so
that target ADI can be properly identified.
Administrator response: Review the XSL prolog
statement and remove any namespace declaration for
the prefix 'xsl' that is not mapped to the XSLT standard
URI.
HPDAC0976E An unexpected Xalan processor
exception was caught during rule
processing. Refer to the error log for
more information about the exception.
Explanation: Xalan returned an exception condition to
the authorization engine that was not handled and not
expected.
Administrator response: Refer to the error log to
determine if an error message accompanied the
exception.
Administrator response: Review the rule text for the
rule and ensure that the rule returns one of the
required result string tokens as outlined in the IBM
Security Access Manager for Web Administrator's
Guide. Also ensure that the white space surrounding
the result string token is kept to a minimum so that
total count of output characters is less than 1023.
HPDAC0980E A value added to the
azn_cred_groups attribute is not a string
value.
Explanation: The type of all values of the
azn_cred_groups attribute must be of type string. Other
attribute types are not permitted.
Administrator response: Review the values of the
16
Version 7.0: Error Message Reference
HPDAC0981E • HPDAC1064E
azn_cred_groups attribute returned in the entitlements
attribute list and ensure that each attribute value is a
string.
HPDAC1053E Traverse permission was denied.
Request permitted by Warning Mode.
Explanation: See message.
HPDAC0981E The request to add group
memberships to the user credential from
an entitlement service was denied.
Administrator response: An authorization decision
result. No action is required.
Explanation: To ensure that the resource manager
cannot modify the group memberships of a credential
without explicit approval the resource manager must
have loaded the credential group modification service
supplied with Security Access Manager. If this service
is not loaded or is unavailable then the resource
manager cannot modify the group memberships of the
credentials with an entitlement service called by
azn_id_get_creds().
HPDAC1056E Delegate principal is unauthorized to
perform delegation.
Administrator response: If the resource manager is
permitted to add group memberships to the user
credential built by azn_id_get_creds() then the system
administrator must also configure the resource manager
to load the credential group modification service
supplied with Security Access Manager.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1057E Delegate principal is unauthorized to
perform delegation. Request permitted
by Warning Mode.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1058E
HPDAC0982E The code set parameter specified is
not one of the valid code set name
constants expected by the aznAPI
runtime.
Explanation: The aznAPI runtime requires that the
code set name parameter specified be one of the valid
code set name constants. The constants include
'azn_code_set_utf8' and 'azn_code_set_local'.
Administrator response: Review the specified
parameter and ensure that the value for the code set
name is one of the string constants 'azn_code_set_utf8'
or 'azn_code_set_local'.
HPDAC1050E
Operation is not authorized.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1051E Operation is not authorized. Request
permitted by Warning Mode.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1052E
External authorization failed.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1059E ACL evaluation algorithm failure
(0x%8.8lx).
Explanation: The ACL evaluation algorithm failed to
obtain the permission set from the effective ACL.
Administrator response: See the accompanying status
code, which gives more information about the failure.
HPDAC1060E Access to the protected object is not
allowed during this time of day.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1063E Authentication step up is required to
access the protected object.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
No traverse permission.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1064E Access to the protected object is not
allowed during this time of day.
Request permitted by Warning Mode.
Explanation: See message.
Administrator response: An authorization decision
Chapter 2. Security Access Manager Base Messages
17
HPDAC1065E • HPDAC1352E
result. No action is required.
HPDAC1072E The step-up authorization policy on
the protected object has denied access.
HPDAC1065E Access to the protected object was
permitted by EAS override.
Explanation: See message.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
Administrator response: An authorization decision
result. No action is required.
HPDAC1066E Access to the protected object was
denied by EAS.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1067E Access to the protected object was
denied by EAS. Request permitted by
Warning Mode.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1068E Access to the protected object was
denied by EAS override.
HPDAC1073E The step-up authorization policy on
the protected object has denied access.
Request permitted by Warning Mode.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1074W The protected object's effective
authorization rule policy has not been
enforced.
Explanation: Authorization rule policies are not
enforced with this version of the product.
Administrator response: No action is required.
However if authorization rules are mandatory to
enforcing your security policy, you should use a
version of the product that supports this feature.
Explanation: See message.
HPDAC1350E aznAPI -- Internal error: see minor
code.
Administrator response: An authorization decision
result. No action is required.
Explanation: An internal error has occurred.
HPDAC1069E Access to the protected object was
denied by EAS override. Request
permitted by Warning Mode.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: See message.
HPDAC1351E
Administrator response: An authorization decision
result. No action is required.
Explanation: The aznAPI runtime was unable to
authenticate to the DCE authentication service. This
message is obsolete as DCE is no longer supported by
Security Access Manager. The message code must
remain to ensure synchronicity between the aznAPI
major utility function status codes and the message
catalogs.
HPDAC1070E The authorization rule policy attached
to the protected object denied access to
the object.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDAC1071E The authorization rule policy attached
to the protected object denied access to
the object. Request permitted by
Warning Mode.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
18
Version 7.0: Error Message Reference
aznAPI -- DCE authentication failed.
Administrator response: No action is required.
HPDAC1352E
aznAPI -- LDAP authentication failed.
Explanation: The aznAPI runtime was unable to
authenticate to the LDAP user registry.
Administrator response: Ensure that the LDAP server
is configured correctly, that it is operational and that
the authentication parameters supplied are valid.
HPDAC1353E • HPDAC1366E
HPDAC1353E aznAPI -- Already authenticated (API
caller may already be logged in).
Explanation: The aznAPI client runtime has attempted
to authenticate the server principal again.
Administrator response: If you are calling
azn_initialize() twice within the same aznAPI
application ensure that the second call is preceded by a
call to azn_shutdown().
HPDAC1354E aznAPI -- User's password has
expired.
Explanation: See message.
Administrator response: The user must change the
password.
HPDAC1355E aznAPI -- The user information is
invalid.
HPDAC1359E
aznAPI -- Invalid Principal Name.
Explanation: See message.
Administrator response: Specify the name of an
existing user in the user registry.
HPDAC1360E
aznAPI -- Invalid Password.
Explanation: See message.
Administrator response: The password supplied must
match the password in the user registry.
HPDAC1361E aznAPI -- Invalid Mechanism ID
Reference.
Explanation: See message.
Administrator response: Ensure that the pointer
reference specified references a valid mechanism ID
structure.
Explanation: See message.
Administrator response: Ensure that the user
specified exists in the user registry and is a valid user.
HPDAC1356E
aznAPI -- The user registry is offline.
HPDAC1362E
aznAPI -- Invalid keyfile path.
Explanation: See message.
Administrator response: Ensure that the keyfile path
is valid.
Explanation: See message.
Administrator response: Ensure that the user registry
is operational.
HPDAC1357E
aznAPI -- Invalid Calling Parameters.
Explanation: The aznAPI function was called with an
invalid parameter.
Administrator response: Ensure that the respective
parameters are valid.
HPDAC1358E
aznAPI -- Error from pthread call.
Explanation: A thread-related error condition was
returned.
Administrator response: Ensure that the applications
have enough system resources and worker threads to
perform their tasks. The IBM Security Access Manager for
Web Performance Tuning Guide contains instructions on
how to ensure that the application is configured with
the correct amount of system resources and worker
threads. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1364E
aznAPI -- Account Login Disabled.
Explanation: The account is disabled in the user
registry. Logins will not succeed until the account is
enabled.
Administrator response: Contact your Security Access
Manager network administrator to enable the account.
HPDAC1365E aznAPI -- Time of Day Access
Denied.
Explanation: See message.
Administrator response: The caller must perform the
desired operation within the time of day constraints set
for the protected object. Contact your Security Access
Manager network administrator for details on the time
of day access restrictions that apply to the resource.
HPDAC1366E aznAPI -- The user account has been
locked out.
Explanation: The Security Access Manager network
administrator has set a lock out time interval for this
account and it has expired causing logins to be
disabled for this account.
Administrator response: Contact your Security Access
Manager network administrator to unlock and enable
login to the account.
Chapter 2. Security Access Manager Base Messages
19
HPDAC1367E • HPDAC1501E
HPDAC1367E
aznAPI -- New password is too short.
appropriate privileges before the required operation
will be permitted.
Explanation: See message.
Administrator response: Review the password
resitrictions that apply to your account and specify a
password that meets the minimum length
requirements.
HPDAC1368E aznAPI -- New password has illegal
spaces.
Explanation: The password must meet the specified
requirements for your account. Spaces within the
password are not permitted.
Administrator response: Specify a password that
doesn't contain spaces.
HPDAC1373E aznAPI -- User registry authenticate
failed.
Explanation: The aznAPI runtime was unable to
authenticate to the user registry.
Administrator response: Ensure that the user registry
is configured correctly, that it is operational and that
the authentication parameters supplied are valid.
HPDAC1374W aznAPI -- This account has been
disabled due to too many failed login
attempts.
Explanation: See message.
HPDAC1369E aznAPI -- New password has too
many repeated characters.
Administrator response: Contact your Security Access
Manager network administrator to revalidate the
account.
Explanation: The password must meet the specified
requirements for your account. There is a maximum
limit on the number of times a character can be
repeated within the password.
HPDAC1375E
Administrator response: Review the password
restrictions for your account and specify a password
that adheres to the limitations on repeated characters.
HPDAC1370E aznAPI -- New password has too few
alphabetical characters.
Explanation: The password must meet the specified
requirements for your account. There is a minimum
limit on the number of alphabetical characters within
the password.
aznAPI -- User's account has expired
Explanation: This user account's expiration date has
passed and it can no longer be used.
Administrator response: Contact your Security Access
Manager network administrator to revalidate the
account.
HPDAC1376E aznAPI -- User registry authentication
failed, and user account has been locked
out due to too many failed login
attempts.
Explanation: See message.
Administrator response: Review the password
restrictions for your account and specify a password
that contains the minimum number of alphabetical
characters.
Administrator response: Check your password and
wait until disable-time-interval has elapsed, or contact
your Security Access Manager administrator to unlock
and enable login to the account.
HPDAC1371E aznAPI -- New password has too few
non-alphabetical characters.
HPDAC1377E aznAPI -- User registry authentication
failed, and user account has been
disabled due to too many failed login
attempts.
Explanation: The password must meet the specified
requirements for your account. There is a minimum
limit on the number of non-alphabetical characters
within the password.
Administrator response: Review the password
restrictions for your account and specify a password
that contains the minimum number of non-alphabetical
characters.
HPDAC1372E aznAPI -- Caller does not have the
rights to perform requested operation.
Explanation: See message.
Administrator response: The caller must gain the
20
Version 7.0: Error Message Reference
Explanation: See message.
Administrator response: Check your password and
contact your Security Access Manager administrator to
enable this account.
HPDAC1501E
aznAPI -- Failure.
Explanation: The aznAPI failed due to an error.
Administrator response: Review the minor error
status and application logs for more details about the
failure.
HPDAC1502E • HPDAC1515E
HPDAC1502E
aznAPI -- Authorization Failure.
Explanation: The aznAPI failed because the aznAPI
application server principal was not authorized to
perform a paticular task.
Administrator response: Review the minor error
status and application logs for more details about the
failure.
HPDAC1503E
mechanism ID matches one of the IDs supported by
Security Access Manager.
HPDAC1509E
aznAPI -- Invalid String Value.
Explanation: A string value passed to the aznAPI
interface is invalid.
Administrator response: Ensure that all strings passed
to the interface are not NULL.
aznAPI -- Invalid Credentials Handle.
Explanation: See message.
Administrator response: Ensure that the credentials
handle input parameters passed to the aznAPI interface
are valid.
HPDAC1510E
aznAPI -- Unknown Label.
Explanation: The labelling authorization policy model
is not implemented in the Security Access Manager
authorization model.
Administrator response: No action is required.
HPDAC1504E aznAPI -- Invalid New Credentials
Handle.
Explanation: See message.
Administrator response: Ensure that the credentials
handle output parameters passed to the aznAPI
interface are valid.
HPDAC1505E aznAPI -- Invalid Entitlements
Service.
Explanation: An entitlement service with the specified
service ID was not found in the list of services
registered with the aznAPI service dispatcher.
Administrator response: Ensure that the specified
entitlement service ID refers to a valid entitlement
service that has been loaded into the current aznAPI
application.
HPDAC1506E aznAPI -- Invalid Combined
Credentials Handle.
Explanation: See message.
Administrator response: Ensure that the combined
credentials handle output parameter passed to the
aznAPI interface is valid.
HPDAC1511E aznAPI -- Invalid Added Credentials
Handle.
Explanation: See message.
Administrator response: Ensure that the 'creds to add'
credentials handle output parameter passed to the
aznAPI interface is valid.
HPDAC1512E
aznAPI -- Invalid Protected Resource.
Explanation: The specified protected resource is
invalid.
Administrator response: Ensure that the protected
resource is valid and the resource name meets the
criteria set by Security Access Manager.
HPDAC1513E
aznAPI -- Invalid Operation.
Explanation: The operation string specified is invalid.
Administrator response: Ensure that the operation
string supplied meets the criteria set by Security Access
Manager.
HPDAC1514E
aznAPI -- Invalid PAC.
Explanation: The supplied PAC is invalid.
HPDAC1507E
aznAPI -- Invalid Mechanism Info.
Explanation: See message.
Administrator response: Ensure that the mechanism
info input parameter passed to the aznAPI interface is
valid.
HPDAC1508E
aznAPI -- Invalid Mechanism.
Explanation: The mechanism ID specified does not
match a mechanism supported by the Security Access
Manager aznAPI runtime.
Administrator response: Ensure that the PAC
parameter meets the criteria set by Security Access
Manager.
HPDAC1515E
aznAPI -- Invalid PAC Service.
Explanation: A PAC service with the specified service
ID was not found in the list of services registered with
the aznAPI service dispatcher.
Administrator response: Ensure that the specified
PAC service ID refers to a valid PAC service that has
been loaded into the current aznAPI application.
Administrator response: Ensure that the specified
Chapter 2. Security Access Manager Base Messages
21
HPDAC1516E • HPDAC1530E
HPDAC1516E aznAPI -- Invalid Permission
Information Reference.
Explanation: See message.
Administrator response: Ensure that the permission
info credentials handle output parameter passed to the
aznAPI interface is valid.
HPDAC1523E
Explanation: The buffer pointer parameter passed in is
NULL.
Administrator response: Ensure that the buffer
pointer parameter is valid.
HPDAC1524E
HPDAC1517E aznAPI -- Invalid Credentials
Modification Function.
Explanation: A credentials modification service with
the specified service ID was not found in the list of
services registered with the aznAPI service dispatcher.
Administrator response: Ensure that the specified
credentials modification service ID refers to a valid
credentials modification service that has been loaded
into the current aznAPI application.
HPDAC1518E
aznAPI -- Invalid Subject Index.
Explanation: The specified index is out of range with
respect to the number of subjects in the target
credential.
Administrator response: Ensure that the index
specified is within range for the target credential.
HPDAC1519E
aznAPI -- Unimplemented Function.
Explanation: This function is not implemented in the
Security Access Manager authorization model.
Administrator response: No action is required.
HPDAC1520E aznAPI -- Invalid Attribute List
Handle.
Explanation: See message.
Administrator response: Ensure that the attribute list
handle parameter is valid.
aznAPI -- Invalid Buffer Reference.
aznAPI -- Invalid String Reference.
Explanation: The string pointer parameter passed in is
NULL.
Administrator response: Ensure that the string pointer
parameter is valid.
HPDAC1525E aznAPI -- Attribute Value is not of
type string.
Explanation: The function interface requires a string
typed attribute value.
Administrator response: Ensure that the attribute
value is of type string.
HPDAC1526E aznAPI -- Attribute's index value is
invalid.
Explanation: The attribute value index is out of range.
Administrator response: Specify an attribute value
index within the range of available values for the
attribute.
HPDAC1527E
aznAPI -- Invalid Integer Reference.
Explanation: The integer pointer parameter passed in
is NULL.
Administrator response: Ensure that the integer
pointer parameter is valid.
HPDAC1528E aznAPI -- Invalid Permission
Reference.
aznAPI -- Invalid Attribute Name.
Explanation: The permission code pointer parameter
passed in is NULL.
Explanation: An attribute name passed as an input
parameter is NULL or does not exist in the target
attribute list.
Administrator response: Ensure that the permission
code pointer parameter is valid.
HPDAC1521E
Administrator response: Ensure that the attribute
name supplied is non-NULL and exists in the target
attribute list.
HPDAC1522E
aznAPI -- Invalid Buffer.
HPDAC1529E
aznAPI -- Invalid Domain Specified.
Explanation: The domain specified is not valid.
Administrator response: Specify a valid Security
Access Manager domain.
Explanation: The buffer parameter passed in is NULL.
Administrator response: Ensure that the buffer
parameter is valid.
HPDAC1530E aznAPI -- Invalid Application Context
Handle.
Explanation: See message.
Administrator response: Ensure that the application
22
Version 7.0: Error Message Reference
HPDAC1531E • HPDAC1542E
context attribute list handle parameter is valid.
HPDAC1531E aznAPI -- Invalid Entitlements
Handle.
HPDAC1538E aznAPI -- Error in plugin service
definition.
Explanation: See message.
Administrator response: Ensure that the entitlements
attribute list handle parameter is valid.
Administrator response: Ensure that the service
definition meets the criteria defined in the IBM Security
Access Manager for Web Authorization C API Developer's
Reference.
HPDAC1532E
HPDAC1539E
Explanation: See message.
aznAPI -- Invalid Labeling Scheme.
Explanation: The labelling authorization policy model
is not implemented in the Security Access Manager
authorization model.
Administrator response: No action is required.
HPDAC1533E
aznAPI -- Plugin service not found.
Explanation: The service ID specified was not found
by the service dispatcher.
Administrator response: Ensure that the service ID
specified refers to a valid service that has been loaded
by the current aznAPI application.
aznAPI -- Invalid Init Data Handle.
Explanation: See message.
HPDAC1540E aznAPI -- Error while initializing
plugin service.
Administrator response: Ensure that the initialization
data attribute list handle parameter is valid.
Explanation: See message.
Administrator response: Ensure that the initialization
information attribute list handle reference is not NULL.
Administrator response: Refer to the application error
logs and to the minor status code returned from
azn_initialize() for more information about the reason
for the service failure. Some services might also return
attributes in the intialization information attribute list
returned from azn_initialize(). The attributes can
contain further information about the failure.
HPDAC1535E aznAPI -- Attribute's value is not of
type buffer.
HPDAC1541E aznAPI -- Error while shutting down
plugin service.
Explanation: The function interface requires a buffer
typed attribute value.
Explanation: The plugin returned an error while
shutting down.
Administrator response: Ensure that the attribute
value is of type buffer.
Explanation: An aznAPI interface was called before
azn_initialize() was called. Only aznAPI attribute list
interfaces can be called before azn_initialize().
Administrator response: Refer to the application error
logs and to the minor status code returned from
azn_shutdown() for more information about the the
service failure. Some services might also return
attributes in the intialization information attribute list
returned from azn_shutdown(). The attributes can
contain further information about the reason the service
shutdown failed.
Administrator response: Ensure that the application
calls only aznAPI attribute list interfaces before calling
azn_initialize().
HPDAC1542E aznAPI -- Error while authorizing
plugin service.
HPDAC1534E
aznAPI -- Invalid Init Info Handle.
Explanation: See message.
HPDAC1536E
HPDAC1537E
aznAPI -- API is Uninitialized.
aznAPI -- API is Already Initialized.
Explanation: azn_initialize() has been called when the
authorization runtime has already been initialized. To
reinitialize the authorization runtime the application
must call azn_shutdown() before calling azn_initialize()
again.
Administrator response: Ensure that the application
does not attempt to reinitialize the authorization
runtime without first calling azn_shutdown().
Explanation: The plugin was not authorized to
perform a task. This might also be due to insufficient
privilege of the application server principal. It might
also be due to incorrect service configuration.
Administrator response: Ensure that the aznAPI
application server principal has the appropriate
permissions to enable the aznAPI service to perform
the required task. This error might also occur if the
parameters supplied to the service plugin were not
sufficient and should be reviewed.
Chapter 2. Security Access Manager Base Messages
23
HPDAC1543E • HPDAC1552E
HPDAC1543E aznAPI -- Error while loading plugin
service's shared library.
Explanation: The service dispatcher encountered an
error while loading the aznAPI service plugin shared
library.
Administrator response: Refer to the application error
logs and to the minor status code returned from
azn_initialize() for more information about the failure.
The service dispatcher will also return an attribute in
the intialization information attribute list returned from
azn_initialize() if the information is available. The
attribute will contain further information about the
failure to load.
HPDAC1544E aznAPI -- azn_svc_initialize() function
not found in the shared library of the
plug-in service.
Explanation: The shared library of the aznAPI service
does not export an azn_svc_initialize() interface.
Administrator response: Review the service source
code and build process to ensure that the shared library
of the plug-in service exports an azn_svc_initialize()
interface to applications.
HPDAC1545E aznAPI -- azn_svc_shutdown()
function not found in the shared library
of the plug-in service.
Explanation: The shared library of the aznAPI service
does not export an azn_svc_shutdown() interface.
Administrator response: Review the service source
code and build process to ensure that the shared library
of the plug-in service exports an azn_svc_shutdown()
interface to applications.
code and build process to ensure that the shared library
of the plug-in service exports both the
azn_svc_creds_get_pac() and the
azn_svc_pac_get_creds() interface to applications.
HPDAC1548E aznAPI -- EAS function not found in
the shared library of the plug-in service.
Explanation: The aznAPI service shared library does
not export an azn_svc_decision_access_allowed_ext()
interface.
Administrator response: Review the service source
code and build process to ensure that the shared library
of the plug-in service exports an
azn_svc_decision_access_allowed_ext() interface to
applications.
HPDAC1549E aznAPI -- Credentials modification
function not found in the shared library
of the plug-in service.
Explanation: The aznAPI service shared library does
not export an azn_svc_creds_modify() interface.
Administrator response: Review the service source
code and build process to ensure that the shared library
of the plug-in service exports an
azn_svc_creds_modify() interface to applications.
HPDAC1550E aznAPI -- Another plugin has already
been registered with the same service
ID.
Explanation: See message.
Administrator response: Ensure that you have a
unique service ID for the azn service loaded by the
aznAPI application.
HPDAC1546E aznAPI -azn_svc_entitlements_get_entitlements()
function not found in the shared library
of the plug-in service.
HPDAC1551E aznAPI -- Failure in the aznAPI
Service Dispatcher.
Explanation: The aznAPI service shared library does
not export an azn_svc_entitlement_get_entitlements()
interface.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Review the service source
code and build process to ensure that the shared library
of the plug-in service exports an
azn_svc_entitlement_get_entitlements() interface to
applications.
HPDAC1552E aznAPI -- Message for the minor code
is not found.
HPDAC1547E aznAPI -- PAC function not found in
the shared library of the plug-in service.
Explanation: The aznAPI service shared library does
not export both an azn_svc_creds_get_pac() and an
azn_svc_pac_get_creds() interface.
Administrator response: Review the service source
24
Version 7.0: Error Message Reference
Explanation: An internal error has occurred.
Explanation: A message string for this minor code
was not found in the message catalogs.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1553E • HPDAC1563E
HPDAC1553E aznAPI -- Invalid EAS ACL Action
Trigger.
Explanation: The ACL actions/operations trigger
specified was not valid.
Administrator response: Ensure that the trigger
conforms to the criteria outlined in the Authorization C
API Developer's Reference.
HPDAC1554E
aznAPI -- Invalid EAS POP Trigger.
Explanation: The POP-based EAS trigger attribute
specified was not valid.
Administrator response: Ensure that the trigger
conforms to the criteria outlined in the IBM Security
Access Manager for Web Authorization C API Developer's
Reference.
HPDAC1555E
aznAPI -- Invalid EAS Weighting.
Explanation: The weighting value specified was
negative or zero or the string could not be converted to
an unsigned integer.
Administrator response: Ensure that the weighting is
a positive non-zero integer value that is no greater than
MAXULONG.
HPDAC1556E aznAPI -- Unknown parameter
specified in EAS plugin service
definition.
Explanation: The EAS service definition is incorrectly
formatted.
Administrator response: Ensure that the EAS service
definitions conform to the criteria outlined in the IBM
Security Access Manager for WebAuthorization C API
Developer's Reference.
HPDAC1557E aznAPI -- One or more protected
Object functions not implemented in
the Administration Service plugin's
shared library.
Explanation: The aznAPI administration service
shared library does not export both an
azn_admin_get_object() and an
azn_admin_get_objectlist() interface.
Administrator response: Review the service source
code and build process to ensure that the service
plugin shared library exports both the
azn_admin_get_object() and the
azn_admin_get_objectlist() functions to applications.
HPDAC1558E
aznAPI -- Invalid Protected Object.
Explanation: The protected object structure passed as
a parameter is invalid.
Administrator response: Ensure that the protected
object structure parameter is valid.
HPDAC1559E aznAPI -- Invalid Protected Object
Reference.
Explanation: The protected object structure reference
passed as a parameter is invalid.
Administrator response: Ensure that the protected
object structure reference parameter is not NULL.
HPDAC1560E aznAPI -- Attribute Value is not of
type pobj.
Explanation: The function interface requires an
azn_pobj_t typed attribute value.
Administrator response: Ensure that the attribute
value is of type azn_pobj_t.
HPDAC1561E aznAPI -- Unknown parameter
specified in Administration service
plugin's definition.
Explanation: The Administration Service plugin
definition has a parameter that is invalid.
Administrator response: Ensure that you have
specified the correct parameter in the AZN
Administration Service plugin definition. Refer to the
publications for information about supported
parameters.
HPDAC1562E aznAPI -- Protected Object path is not
specified in Administration service
plugin's definition.
Explanation: The Administration Service plugin
definition specifies the -pobj parameter without a
protected object hierarchy name following it.
Administrator response: Ensure that you have
specified the correct protected object hierarchy name
following the -pobj parameter in the Administration
Service plugin definition.
HPDAC1563E aznAPI -- One of the task functions is
not found in the Administration service
plugin's shared library.
Explanation: The aznAPI administration service
shared library does not export both an
azn_admin_get_tasklist() and an azn_admin_get_task()
interface.
Administrator response: Review the service source
code and build process to ensure that the service
Chapter 2. Security Access Manager Base Messages
25
HPDAC1564E • HPDAC1575E
plugin shared library exports both the
azn_admin_get_tasklist() and the azn_admin_get_task()
functions to applications.
HPDAC1564E aznAPI -- Protected Object hierarchy
name has already been registered by
another Administration service
definition.
Explanation: Another Administration Service
definition has already registered the protected object
hierarchy name being registered by the current
Administration Service definition.
Administrator response: Specify another protected
object hierarchy name for this Administration Service
definition or modify the definition that uses this
protected object hierarchy name.
HPDAC1565E aznAPI -- Invalid Message ID
Reference.
Explanation: The message ID pointer parameter is
NULL.
Administrator response: Ensure that the message ID
pointer parameter is not NULL
HPDAC1566E aznAPI -- Message for the major code
is not found.
Explanation: A message string for this major code was
not found in the message catalogs.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1567E aznAPI -- Attribute Value is not of
type unsigned long.
Explanation: The function interface requires an
unsigned long attribute value.
Administrator response: Ensure that the attribute
value is of type unsigned long.
HPDAC1568E aznAPI -- Administration Service -Invalid Service Info Handle passed to
plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
26
Version 7.0: Error Message Reference
HPDAC1569E aznAPI -- Administration Service -Invalid Argument Count passed to
plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1570E aznAPI -- Administration Service -Invalid Argument Array passed to
plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1571E aznAPI -- Administration Service -Plugin's shared library received an
out-of-memory error.
Explanation: In most cases this error due to the
aznAPI application program running out of memory.
Administrator response: Ensure that the application
has been configured with sufficient virtual memory for
its requirements. The IBM Security Access Manager for
Web Performance Tuning Guide contains instructions
on how to ensure that the application is configured
with the correct amount of virtual memory. Stop and
restart the process. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1574E aznAPI -- Entitlements Service -Invalid Service Info Handle passed to
plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1575E aznAPI -- Entitlements Service -Invalid Argument Count passed to
plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1576E • HPDAC1587E
HPDAC1576E aznAPI -- Entitlements Service -Invalid Argument Array passed to
plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1577E aznAPI -- Entitlements Service -Plugin's shared library received an
out-of-memory error.
Explanation: In most cases this error due to the
aznAPI application program running out of memory.
Administrator response: Ensure that the application
has been configured with sufficient virtual memory for
its requirements. The IBM Security Access Manager for
Web Performance Tuning Guide contains instructions
on how to ensure that the application is configured
with the correct amount of virtual memory. Stop and
restart the process. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1579E aznAPI -- EAS -- Invalid Service Info
Handle passed to plugin's shared
library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1582E aznAPI -- EAS -- Plugin's shared
library received an out-of-memory error.
Explanation: In most cases this error due to the
aznAPI application program running out of memory.
Administrator response: Ensure that the application
has been configured with sufficient virtual memory for
its requirements. The IBM Security Access Manager for
Web Performance Tuning Guide contains instructions
on how to ensure that the application is configured
with the correct amount of virtual memory. Stop and
restart the process. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1584E aznAPI -- Credential Modification
Service -- Invalid Service Info Handle
passed to plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1585E aznAPI -- Credential Modification
Service -- Invalid Argument Count
passed to plugin's shared library.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1580E aznAPI -- EAS -- Invalid Argument
Count passed to plugin's shared library.
HPDAC1586E aznAPI -- Credential Modification
Service -- Invalid Argument Array
passed to plugin's shared library.
Explanation: An internal error has occurred.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1581E aznAPI -- EAS -- Invalid Argument
Array passed to plugin's shared library.
HPDAC1587E aznAPI -- Credential Modification
Service -- Plugin's shared library
received an out-of-memory error.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: In most cases this error due to the
aznAPI application program running out of memory.
Administrator response: Ensure that the application
has been configured with sufficient virtual memory for
its requirements. The IBM Security Access Manager for
Web Performance Tuning Guide contains instructions on
how to ensure that the application is configured with
the correct amount of virtual memory. Stop and restart
Chapter 2. Security Access Manager Base Messages
27
HPDAC1589E • HPDAC1598E
the process. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1589E aznAPI -- PAC Service -- Invalid
Service Info Handle passed to plugin's
shared library.
SSL-listening port is needed either because an AZN
Administration Service is registered OR local mode has
been configured and listen-flags have been set to
enable.
Administrator response: Use svrsslcfg or edit the
aznAPI configuration file to specify a non-zero
SSL-listening port
Explanation: An internal error has occurred.
HPDAC1595E
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: The major code portion of the aznAPI
status is invalid. So, the error string corresponding to it
cannot be retrieved by this API.
HPDAC1590E aznAPI -- PAC Service -- Invalid
Argument Count passed to plugin's
shared library.
Explanation: An internal error has occurred.
aznAPI -- Major code is invalid.
Administrator response: Make sure you enter a valid
aznAPI major code. Look in the ogauthzn.h header file
for valid values for aznAPI major code.
HPDAC1596E aznAPI -- Modification of the
attribute is prohibited.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: The specified attribute is read-only.
Modification of the attribute is prohibited. This is
because the attribute is an important attribute for the
purposes of authorization that will affect the user's
access permissions if it is changed.
HPDAC1591E aznAPI -- PAC Service -- Invalid
Argument Array passed to plugin's
shared library.
Administrator response: Specify the name of an
attribute that is not a read-only attribute. If you want to
add group memberships to the credential then refer to
the IBM Security Access Manager for Web Authorization C
API Developer's Reference for information about the
supplied credentials modification service that can be
used to add groups to a credential.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1592E aznAPI -- PAC Service -- Plugin's
shared library received an
out-of-memory error.
Explanation: In most cases this error due to the
aznAPI application program running out of memory.
Administrator response: Ensure that the application
has been configured with sufficient virtual memory for
its requirements. The IBM Security Access Manager for
Web Performance Tuning Guide contains instructions
on how to ensure that the application is configured
with the correct amount of virtual memory. Stop and
restart the process. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1597E aznAPI -- azn_init_ssl_local_domain
cannot override the SSL-local-domain
entry in the aznAPI client configuration
file.
Explanation: The azn_init_ssl_local_domain
initialization attribute cannot override ssl-local-domain
entry that is specified in the aznAPI client
configuration file. These two entries must always match
because a client can be configured to run in only one
domain.
Administrator response: The simplest action is to
accept the configured default for the authzn_authority
parameter by specifying NULL.
HPDAC1598E aznAPI -- Uninitialized Mechanism
Info structure.
Explanation: See message.
HPDAC1594E aznAPI -- Initialization failed because
a non-zero SSL-listening port is not
specified.
Explanation: aznAPI could not be initialized because a
non-zero SSL-listening port has not been specified. This
28
Version 7.0: Error Message Reference
Administrator response: Ensure that the mechanism
info structure is initialized to 0 for those un-used fields.
HPDAC1650E • HPDAC1660W
HPDAC1650E AZN Entitlements Extended
Attributes Service - app_context does
not contain any attribute names.
Explanation: No entitlements can be returned by this
API because the provided app_context does not specify
the object for which attributes are needed.
Administrator response: Ensure that the app_context
contains one of the following valid attribute names OBJ, ACL, or POP.
HPDAC1651E AZN Entitlements Extended
Attributes Service - app_context contains
more than one attribute name.
Explanation: No entitlements can be returned by this
API because the provided app_context contains more
than one object name for which attributes are needed.
Administrator response: Ensure that the app_context
contains only one of the following valid attribute
names - OBJ, ACL, POP
HPDAC1652E AZN Entitlements Extended
Attributes Service - app_context contains
an invalid attribute name.
Explanation: No entitlements can be returned by this
API because the provided app_context contains an
invalid object name for which attributes are needed.
Administrator response: Ensure that the app_context
contains only one of the following valid attribute
names - OBJ, ACL, POP
HPDAC1653E AZN service plug-in %s failed to
shutdown (0x%x/0x%x).
Explanation: A plug-in failed to shutdown correctly
and returned an error code to the service dispatcher.
Administrator response: Check the returned error
status for more detail.
HPDAC1654E The SOAP client of the AMWebARS
entitlement service returned an error.
Explanation: The SOAP request failed, and the gSOAP
client returned an error code which is printed in the
error log.
Administrator response: Consult gSOAP
documentation for the meaning of the error code that
accompanies this message in the error log.
HPDAC1655E The SOAP client of the AMWebARS
entitlement service returned the error
code: %d.
Administrator response: Consult gSOAP
documentation for the meaning of the error code that
accompanies this message in the error log.
HPDAC1656E The AMWebARS entitlement service
returned the internal error: %s.
Explanation: The SOAP request succeeded, but the
AMWebARS Web Service returned an error message
which was printed to the error log.
Administrator response: Review the accompanying
error message and ensure that the AMWebARS service
is configured correctly.
HPDAC1657E The AMWebARS entitlement service
URL is NULL.
Explanation: See message.
Administrator response: Review the Security Access
Manager authorization client configuration file and
ensure that the AMWebARS service URL has been
specified correctly.
HPDAC1658E An error occurred loading the aznAPI
configuration file.
Explanation: See message.
Administrator response: Review the aznAPI
configuration file used to initialize the AMWebARS
service and ensure that it exists and is a valid stanza
format file and that the entries conform to stanza
format syntax.
HPDAC1659W No configuration file specified for
the credential attributes entitlement
service %s.
Explanation: This service might not function correctly
without proper configuration either from a file or API
input.
Administrator response: If a configuration file was
intended, check that it is passed to the service either as
an attribute or argument to the service library.
HPDAC1660W No service configuration information
was found in the specified file %s.
Explanation: Service and attribute configuration was
not found in the configuration file. This causes the
servce to return withoout any entitlements.
Administrator response: Check that the service and
attributes are configured correctly in the configuration
file.
Explanation: The SOAP request failed, and the gSOAP
client returned the error code which is printed in the
error log.
Chapter 2. Security Access Manager Base Messages
29
HPDAC1661W • HPDAC1954E
HPDAC1661W The registry operations for source %s
failed.
Explanation: A registry operation failed for the
specified source. This source is skipped.
Administrator response: No action needed.
HPDAC1667E The AXIS client of the AMWebARS
entitlement service returned the error :
%s.
Explanation: The AXIS request failed, and the AXIS
C++ client returned the error wh ich is printed in the
error log.
Administrator response: Consult AXIS documentation
for the meaning of the error.
HPDAC1668E The AXIS client of the AMWebARS
entitlement service returned the unkno
wn error.
Explanation: See message.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1669E An unexpected AXIS exception was
caught during the call to AMWebArs we
b service. Refer to the error log for more
information about the exception.
Administrator response: Ensure that you have
correctly configured the Security Access Manager
Runtime package for the desired user registry. The
current user registry setting can be determined by
looking at the 'user-reg-type' entry in the [pdrte] stanza
of the 'etc/pd.conf' file in the Security Access Manager
install directory. If the runtime is configured incorrectly,
you will need to unconfigure all packages and
reconfigure the machine again. If the runtime has been
correctly configured, then ensure that the configuration
parameters specified for the user registry server are
correct.
HPDAC1951E Registry client returned a memory
error.
Explanation: The registry client encountered a
memory error.
Administrator response: Ensure that the affected
process has been configured with sufficient virtual
memory for its requirements. Stop and restart the
process. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1952E Registry configuration file has invalid
contents.
Explanation: The user registry configuration file is
invalid.
Explanation: AXIS C++ client returned an exception
condition to AMWebArs entitlemen t service that was
not handled and not expected.
Administrator response: Review the registry
configuration file in the Security Access Manager 'etc'
directory and ensure that the entries are valid. If the
problems persists then reconfigure the Security Access
Manager runtime package.
Administrator response: Refer to the error log to
determine if an error message accompanied th e e
xception.
HPDAC1953E Registry failed opening or closing a
database file.
HPDAC1670E An unexpected AXIS exception was
caught during the call to AMWebArs we
b service. Error message %s was
returned with the exception.
Explanation: AXIS returned an exception condition to
the AMWebARS entitlement servi ce that was not
handled and not expected.
Administrator response: Refer to the error log to
determine if an error message accompanied th e e
xception.
HPDAC1950E
Registry client unavailable.
Explanation: This failure can occur when the registry
server configuration settings are incorrect, or when the
Security Access Manager runtime is incorrectly
configured for a registry type other than that required.
30
Version 7.0: Error Message Reference
Explanation: See message.
Administrator response: Shutdown and restart the
registry server. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1954E SSL communications with the registry
returned an error.
Explanation: See message.
Administrator response: Shutdown and restart the
registry server. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1955E • HPDAC1967E
HPDAC1955E Non-SSL registry communications
returned an error.
Explanation: See message.
Administrator response: Shutdown and restart the
registry server. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1956E
Registry client initialization failed.
Explanation: A registry API call was made with an
invalid parameter, or the registry type could not be
determined or the registry is not configured correctly.
Administrator response: Shutdown and restart the
registry server. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1957E Registry server is down or cannot be
contacted.
Explanation: The user registry server is not running.
Administrator response: Ensure that the user registry
server is running and that the registry client has been
correctly configured to communicate with the server.
HPDAC1958E Authentication data was incorrectly
specified or it is missing.
Explanation: The aznAPI runtime was unable to
authenticate to the user registry.
Administrator response: Ensure that the user registry
is configured correctly, that it is operational and that
the authentication parameters supplied are valid.
HPDAC1959E Specified member was not found in
the registry group.
Explanation: The group has no members or the
specified member was not found in the group.
Administrator response: Verify that the group name
and member name is spelled correctly and that they
both exist in the registry database for the domain to
which you are logged in.
HPDAC1961E Multiple registry routing is not
supported.
Explanation: An attempt was made to use multiple
registry routing, which is not a supported function.
Administrator response: Disable multiple registry
routing in the client and your applications. Check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1962W The end of the registry list has been
reached.
Explanation: An internal error has occurred. A
program processing a list of registry entries has tried to
get an entry beyond the end of the list.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1963E Unable to locate a group in the
registry with the name supplied.
Explanation: The specified group name was not found
in the registry database.
Administrator response: Verify that the group name is
spelled correctly and that it exists in the registry
database for the domain to which you are logged in.
HPDAC1965E
Invalid user type specified.
Explanation: An internal error has occurred. When the
calling program requested a list of users from the
registry it did not specify one of the 3 permitted user
types.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1966E
Invalid group type specified.
Explanation: An internal error has occurred. When the
calling program requested a list of groups from the
registry it did not specify one of the 3 permitted group
types.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1967E Group name is invalid or not found
in the registry.
Explanation: A group operation was attempted for the
wrong domain or the group's registry GID value (also
known as the DN) was invalid. The DN entered might
contain invalid characters or be in an invalid format.
Administrator response: Correct the registry group
name (or DN) that you specified and retry the
operation.
Chapter 2. Security Access Manager Base Messages
31
HPDAC1968E • HPDAC1979E
HPDAC1968E Policy name is invalid or not found
in the registry.
Explanation: An internal error has occurred. A user
specific policy that was expected to be in the registry
was not found.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1969E Resource name is invalid or not
found in the registry.
Explanation: An internal error has occurred. A
resource that was expected to be in the registry was not
found.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1970E Resource group name is invalid or
not found in the registry.
Explanation: An internal error has occurred. A
resource group that was expected to be in the registry
was not found.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1971E User's Resource Credentials are
invalid or not found in the registry.
Explanation: An internal error has occurred. A
resource credential that was expected to be in the
registry was not found.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1972E The specified user is already in the
registry.
Explanation: A user with the specified name is
already in the registry.
Administrator response: Select another name or a
variation for this user.
HPDAC1973E The specified group is already in the
registry.
Explanation: A group with the specified name is
already in the registry.
32
Version 7.0: Error Message Reference
Administrator response: Select another name or a
variation for this group.
HPDAC1974E The specified policy is already in the
registry.
Explanation: A policy object already exists for the
specified user.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAC1975E The specified resource is already in
the registry.
Explanation: A resource object already exists with the
specified name.
Administrator response: Select another name for the
new resource object.
HPDAC1976E The specified resource group is
already in the registry.
Explanation: A resource group object with the
specified name already exists in the registry.
Administrator response: Select another name for the
new resource group object.
HPDAC1977E The specified resource credentials are
already in the registry.
Explanation: A resource credential object with the
specified name already exists.
Administrator response: Select another name for
which to create a resource credential object.
HPDAC1978E Multiple users found in the registry
using the specified search criteria.
Explanation: More than one user in the registry shares
the specified name.
Administrator response: Select another user name or
modify the users to have unique names.
HPDAC1979E Multiple groups found in the registry
using the specified search criteria.
Explanation: More than one group in the registry
shares the specified name.
Administrator response: Select another group name or
modify the groups to have unique names.
HPDAC1980E • HPDAU0114E
HPDAC1980E Registry client returned a failure
status.
Explanation: The user registry client returned an error
code that was unexpected or unknown to Security
Access Manager.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAU0100E
Invalid config URL
Explanation: A Non null config URL should be passed
for AMAuditServer constructor
Administrator response: Ensure that the properties
exists and is valid.
HPDAU0107E Acceptor wait failed; no connection
was created
Explanation: Acceptor wait failed; no connection was
created
Administrator response: Acceptor wait failed; no
connection was created
HPDAU0108E AMAudit component is already
inited.
Explanation: AMAudit component is already inited.
Administrator response: Ensure that a non null
configURL is passed to the AMAuditServer constructor
Administrator response: AMAudit component is
already inited.
HPDAU0101E
HPDAU0109E
Invalid listen port:
AMAudit component is not inited.
Explanation: Ensure that a non null port is specified,
and the AMAuditServer is not already running.
Explanation: AMAudit shutdown called before calling
AMAudit init.
Administrator response: Either the port is not
specified or the port is already in use
Administrator response: AMAudit component should
be inited before calling shutdown.
HPDAU0102E
HPDAU0110E AMAudit component is not
shutdown.
Socket listen error
Explanation: Error Listening to the socket
Administrator response: Error listening to the socket
HPDAU0103E
Invalid command line argument list
Explanation: Invalid arguments, Make sure the
command line arguments are correct
Administrator response: Make sure the command line
arguments are correct
HPDAU0104E
Config file properties not found %s .
Explanation: Make sure the config file exists and it is
valid
Administrator response: A valid config file should be
specified.
HPDAU0105E
Properties file %s not found.
Explanation: AMAudit component is not shutdown.
Administrator response: AMAudit component is not
shutdown.
HPDAU0111E
No acceptor class.
Explanation: No acceptor class specified.
Administrator response: Specify a valid acceptor
HPDAU0112E
Bad acceptor class : %s.
Explanation: Bad acceptor class specified.
Administrator response: Specify a valid acceptor
HPDAU0113E Could not initialize acceptor : %s on
on attempt # %s
Explanation: Bad or no acceptor class.
Explanation: Make sure the properties file exists and
it is valid
Administrator response: Specify a valid acceptor
Administrator response: Ensure that the properties
file exists and is valid.
HPDAU0114E
HPDAU0106E
Explanation: A nonnull PDMessages object is required
to hold any return messages that might be generated
during the operation. Typically, this object contains no
messages on input.
Properties not found.
Explanation: Make sure the properties exists and it is
valid
Invalid argument: Null messages.
Administrator response: Ensure that the messages
argument is nonnull.
Chapter 2. Security Access Manager Base Messages
33
HPDAU0116E • HPDAU0136E
HPDAU0116E
Wild char not in template.
Explanation: Wild char required in the template.
Administrator response: Ensure that the wild char is
in the template.
HPDAU0117E
Invalid Archive file prefix.
Explanation: Archive file names cannot be a directory.
Administrator response: Ensure that the Archive file
name is not a directory.
HPDAU0118E
Archive file create error.
Explanation: No write permission on the archive
directory
Administrator response: Ensure that you have write
permission on the directory where the archive file is
created.
HPDAU0119E Unable to execute archive program
%s.
Explanation: Archive cmdFile should exist.
Administrator response: Ensure that executable file
exists.
HPDAU0124E Archive and signing was successful
for file %s.
Explanation: Archive and signing was successful.
Administrator response: No action required.
HPDAU0125E Archive and signing failed for file
%s.
Explanation: Archive and signing failed.
Administrator response: No action required.
HPDAU0126E
Signing key could not be unlocked
Explanation: Signing key should be accessible.
Administrator response: Ensure that the signing key
is accesible.
HPDAU0127E
Unable to write to the signature file.
Explanation: Unable to write to signature file.
Administrator response: Ensure that you have valid
signature file.
HPDAU0128E
Unable to sign data.
Explanation: Unable to sign data.
HPDAU0120E A database error occured while
exporting the table
Explanation: A database error occured while exporting
the table.
Administrator response: No action required.
Administrator response: Ensure that you can sign the
data.
HPDAU0134E Unable to send audit event to server,
%s :
Explanation: AuditServer should be up and running.
HPDAU0121E Archive program was interrupted by
user
Administrator response: Ensure that the AuditServer
is running
Explanation: Archive program was interrupted by
user.
HPDAU0135E
Unknown host : %s, port : %s
Administrator response: No action required.
Explanation: Valid host and port where AuditServer is
running, is required.
HPDAU0122E Invalid command line option was
specified
Administrator response: Ensure that the host and port
are valid
Explanation: Valid command line options are
required.
Administrator response: Ensure that the command
line options are valid.
HPDAU0123E
Unable to purge audit record.
Explanation: Unable to purge audit record.
Administrator response: No action required.
34
Version 7.0: Error Message Reference
HPDAU0136E Connection exception, connecting to
host : %s, port : %s
Explanation: Valid host and port where AuditServer is
running, is required.
Administrator response: Ensure that the host and port
are valid
HPDAU0137E • HPDAU0152E
HPDAU0137E IOException connecting to audit
server : %s, port : %s
Explanation: Valid host and port where AuditServer is
running, is required.
Administrator response: Ensure that the host and port
are valid
HPDAU0138E
HPDAU0146E
Couldn't get delivery policy
Explanation: Delivery policy should be present in the
client properties file.
Administrator response: Ensure that the client
properties file contains delivery policy.
Bad properties file %s.
Explanation: Make sure the properties file exists and
it is valid
Administrator response: A valid properties file should
be specified.
HPDAU0139E Could not check if there are more
record from audit_log query
Explanation: Make sure that there is no problem,
while reading the log.
Administrator response: Ensure that there is no
problem while querying the log.
HPDAU0140E
properties file contains doAudit string.
HPDAU0147E Error initializing client delivery
policy
Explanation: A valid client properties file required.
Administrator response: Ensure that the client
properties file is valid.
HPDAU0148E AMAuditServer connection is not
initialized
Explanation: AMAuditServer should be running so
client can connect to it.
Administrator response: Ensure that the
AMAuditServer is running.
Audit record access failed.
Explanation: Make sure that there is no problem
accessing the audit records.
HPDAU0149E
Invalid driver manager: %s
Explanation: Driver manager should be valid.
Administrator response: Ensure that there is no
problem accessing the audit records.
Administrator response: Ensure that the driver
manager is valid.
HPDAU0142E
HPDAU0150E Could not connect to database, url =
%s
Couldn't get client source
Explanation: Client source should be present in the
client properties file.
Explanation: A valid database url is required.
Administrator response: Ensure that the client
properties file contains client source.
Administrator response: Ensure that the database url
is valid.
HPDAU0143E
HPDAU0151E Failed to Initialize
AMAuditLogWriter
Couldn't get server port
Explanation: Server port should be present in the
client properties file.
Administrator response: Ensure that the client
properties file contains server port.
HPDAU0144E
Couldn't get server host
Explanation: Server host should be present in the
client properties file.
Administrator response: Ensure that the client
properties file contains server host.
HPDAU0145E
Explanation: Ensure that AMAuditLogWriter can be
initialized without any errors.
Administrator response: Ensure that
AMAuditLogWriter can be initialized without any
errors.
HPDAU0152E
Audit record insertion failed :
Explanation: Ensure that there is no SQL error.
Administrator response: Ensure that there is no SQL
error.
Couldn't get doAudit string
Explanation: doAudit string should be present in the
client properties file.
Administrator response: Ensure that the client
Chapter 2. Security Access Manager Base Messages
35
HPDAU0153E • HPDAU0220E
HPDAU0153E Config file is already specified in
command args
Explanation: Config file is already specified in
command args.
Administrator response: Config file is already
specified in command args.
HPDAU0213E
Explanation: A valid Input and output stream
required.
Administrator response: Ensure that the input stream
or output stream is not null..
HPDAU0214E
HPDAU0158E
Audit database is not initialized
Explanation: Audit database should be initialized.
Administrator response: Ensure that the Audit
database is initialized.
No Services configured : %s
Explanation: Services should be configured.
Administrator response: Ensure that at least one
service is configured.
Error reading configuration file
Explanation: A valid configuration required.
Administrator response: Ensure that the configuration
is valid.
HPDAU0215E
HPDAU0159E
Input stream or output stream is null.
Configuration file not found: %s
Explanation: A valid configuration required.
Administrator response: Ensure that the configuration
exists and is valid.
HPDAU0216E
Configuration file not found:
HPDAU0208E Error Reading input stream;
abandoning Connection.
Explanation: A valid configuration required.
Explanation: A valid message input stream required.
Administrator response: Ensure that the configuration
exists and is valid.
Administrator response: Ensure that the message
InputStream valid
HPDAU0209E Error Reading input stream end of
file ; aborting Connection.
Explanation: A valid End of File for input stream
required.
Administrator response: Ensure that the input stream
has a valid End of File.
HPDAU0210E
Unexpected connection termination.
Explanation: A valid connection required.
Administrator response: Ensure that there is no
Unexpected connection termination.
HPDAU0217E
Event config filename cannot be null
Explanation: A Non null config file required.
Administrator response: Ensure that the config file is
not null.
HPDAU0218E
Bad event stream format : %s
Explanation: Event stream should contain 'true' or
'false'.
Administrator response: Expecting 'true' or 'false' in
event stream.
HPDAU0219E
Bad event stream format : %s
Explanation: Event stream should contain numbers.
HPDAU0211E
Bad configuration file: %s
Explanation: A valid configuration required.
Administrator response: Ensure that the configuration
is valid.
HPDAU0212E
Bad configuration, cannot continue.
Explanation: A valid configuration required.
Administrator response: Ensure that the configuration
is valid.
36
Version 7.0: Error Message Reference
Administrator response: Expecting number in event
stream.
HPDAU0220E Bad event stream format, type value
= : %s
Explanation: Event config stream should contain
string.
Administrator response: Expecting string in event
config stream.
HPDAU0221E • HPDAU0401E
HPDAU0221E Bad event stream format, type value
= : %s
Explanation: Event stream should contain character.
Administrator response: Expecting character in event
config stream.
HPDAU0300E
Invalid service name
Explanation: A Non null eventName is required.
Administrator response: Ensure that a non null
eventName is specified
HPDAU0301E
Invalid service count
HPDAU0222E Daemon configuration error, config
file = : %s
Explanation: A valid service count is required.
Explanation: Error configuring daemon.
Administrator response: Ensure that a valid service
count is specified
Administrator response: Error configuring daemon.
HPDAU0302E
Invalid event count
HPDAU0224E SQL error : Daemon could not access
System table
Explanation: A valid event count is required.
Explanation: The system table should be accessible.
Administrator response: Ensure that a valid event
count is specified
Administrator response: Ensure that the system table
is accessible.
HPDAU0225E SQL error : Could not insert event to
database
Explanation: Could not insert the event into the
database.
Administrator response: Ensure that the database is
accessible.
HPDAU0226E SQL error : Could not insert element
to database: %s
HPDAU0303E
Error reading event table
Explanation: A valid event table is required.
Administrator response: Ensure that the event table is
valid.
HPDAU0304E
Error reading event config table: %s
Explanation: A valid event config table is required.
Administrator response: Ensure that the event config
table is valid.
Explanation: Could not insert the element into the
database.
HPDAU0305E Event could not be found in config
table: %s
Administrator response: Ensure that the database is
accessible.
Explanation: Config table should contain the event.
HPDAU0227E SQL error : Could not insert attribute
to database: %s
Explanation: Could not insert the attribute into the
database.
Administrator response: Ensure that the database is
accessible.
HPDAU0228E Can't find
COM.ibm.db2.jdbc.app.DB2Driver
Explanation: COM.ibm.db2.jdbc.app.DB2Driver
should be in the classpath.
Administrator response: Ensure that the class
COM.ibm.db2.jdbc.app.DB2Driver is in path
Administrator response: Ensure that the event exists
in the config table.
HPDAU0400E Could not find msg class name in
msg header
Explanation: A valid message class required in
message header.
Administrator response: Ensure that the message
header has message class.
HPDAU0401E
Message class could not be found
Explanation: A valid message class required in input
stream.
Administrator response: Ensure that input stream has
valid message class.
Chapter 2. Security Access Manager Base Messages
37
HPDAU0402E • HPDAZ0201E
HPDAU0402E Message class could not be
instantiated
Explanation: A valid message class that can be
instantiated is required.
Administrator response: Ensure that message class
can be instantiated.
HPDAU0403E
'End-of-msg' char not found in stream
Explanation: A valid 'End-of-msg' character required
in message input stream.
Administrator response: Ensure that message input
strean has 'End-of-msg' character.
HPDAU0404E
Unexpected end of msg stream : %s
Explanation: A valid 'End-of-msg' character required
in message input stream.
Administrator response: Ensure that message input
strean has 'End-of-msg' character.
HPDAU0405E
Failed closing service : %s
Explanation: Service could not be closed.
Administrator response: Failed closing service.
HPDAU0406E Control object %s has no bound
service.
HPDAU0505E
Problem decoding audit event
Explanation: Problem decoding audit event
Administrator response: Problem decoding audit
event
HPDAZ0100E
Unknown message code: %s.
Explanation: The text for the message code could not
be found in the message catalogs installed on the local
system. This typically means that the policy server is at
a more recent level than the client and has returned a
code undefined in the client runtime. The
documentation associated with the policy server
installation should include the message code.
Administrator response: Consult the Error Message
Reference to obtain the message text, explanation, and
suggested actions for the message code.
HPDAZ0101E
The specified configuration or
keystore file already exists.
Explanation: The 'create' configuration action is
designed to check for existing files and fail if they are
found in order not to overwrite them accidentally.
Administrator response: To preserve existing files,
specify new configuration and keystore file names. To
overwrite existing files, specify the 'replace'
configuration action.
Explanation: Control object should be bound to a
service.
HPDAZ0102E
Administrator response: Control object is not bound
to a service.
Administrator response: See the error log for more
information. Check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman.
HPDAU0500E Cannot bind service %s to control
object
Explanation: A valid control service name is required.
Administrator response: Ensure that a valid control
service name is specified
HPDAU0501E Service could not be initialized.
Service name = %s
Explanation: A valid service is required.
Administrator response: Ensure that a valid service
name is specified
HPDAU0502E Deleivery policy initialization failed.
Service name = %s
Explanation: A valid delivery policy service is
required.
Administrator response: Ensure that a valid delivery
policy is specified
38
Version 7.0: Error Message Reference
An unexpected error has occurred.
Explanation: See message.
HPDAZ0200E
Invalid argument: Null name.
Explanation: A nonnull name object is required when
adding to a PDAttrs object.
Administrator response: Ensure that the name
argument is nonnull.
HPDAZ0201E
Invalid argument: Null collection.
Explanation: A nonnull Collection object is required
when adding to a PDAttrs object.
Administrator response: Ensure that the collection
argument is nonnull.
HPDAZ0202E • HPDAZ0214E
HPDAZ0202E
Invalid argument: Null value.
Explanation: A nonnull value object is required when
adding to a PDAttrs object.
Administrator response: Ensure that the value
argument is nonnull.
HPDAZ0209E
Server error: Unexpected number of
values in data: %d.
Explanation: Unexpected data was returned by the
server. This usually indicates a client/server mismatch.
Explanation: A nonnull PDAttrs object is required
when adding to a PDAttrs object.
Administrator response: Ensure that the Java client is
current with (within two releases of) the Security
Access Manager server. If so, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Ensure that the PDAttrs
argument is nonnull.
HPDAZ0210E
HPDAZ0203E
HPDAZ0204E
Invalid argument: Null PDAttrs.
Invalid argument: Null or invalid
QOP value.
Server error: Unexpected type of
attrlist: %d.
Explanation: Unexpected data was returned by the
server. This usually indicates a client/server mismatch.
Administrator response: Ensure that the QOP
argument is nonnull and is one of the QOP_* constants
defined in the PDStatics class.
Administrator response: Ensure that the Java client is
current with (within two releases of) the Security
Access Manager server. If so, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAZ0205E
HPDAZ0211E
Explanation: A valid, nonnull Quality Of Protection
value is required.
Server error: No data was returned.
Explanation: No data was returned by the server. This
usually indicates a server crash. If this reoccurs, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Ensure that the
Authorization server is up and rerun this operation.
Explanation: The constructor only permits
PDAttrValue objects in the Collection.
Administrator response: Ensure that the input
Collection only contains PDAttrValue.
HPDAZ0212E
HPDAZ0206E
Server error: Unexpected tag in data.
Explanation: Unexpected data was returned by the
server. This usually indicates a client/server mismatch.
Administrator response: Ensure that the Java client is
current with (within two releases of) the Security
Access Manager server. If so, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAZ0207E
Invalid argument: Null name.
Explanation: A nonnull name object is required when
constructing a PDAttr object.
Administrator response: Ensure that the name
argument is nonnull.
HPDAZ0208E
Invalid argument: Null value.
Invalid argument: Collection contains
objects other than PDAttrValue.
Invalid argument: Only PDAttrValue
objects can be in this PDAttrValueList.
Explanation: A PDAttrValueList is only for
PDAttrValue objects.
Administrator response: Ensure that the input is a
PDAttrValue.
HPDAZ0213E
Invalid argument: Null Collection.
Explanation: A nonnull Collection object is required
when adding to a PDAttrValueList object.
Administrator response: Ensure that the Collection
argument is nonnull.
HPDAZ0214E
Invalid argument: Null bytes.
Explanation: A nonnull bytes object is required when
constructing a PDBufferAttrValue object.
Administrator response: Ensure that the bytes
argument is nonnull.
Explanation: A nonnull value object is required when
constructing a PDAttr object.
Administrator response: Ensure that the value
argument is nonnull.
Chapter 2. Security Access Manager Base Messages
39
HPDAZ0215E • HPDAZ0265W
HPDAZ0215E
Invalid argument: Null
PDAdmSvcPobj.
HPDAZ0260E
Explanation: A nonnull PDAdmSvcPobj object is
required when constructing a PDPobjAttrValue object.
Explanation:
Administrator response: Ensure that the
PDAdmSvcPobj argument is nonnull.
HPDAZ0216E
Invalid argument: Null string.
Explanation: A nonnull string object is required when
constructing a PDStringAttrValue object.
Administrator response: Ensure that the string
argument is nonnull.
HPDAZ0256E
Zero or more than one base entry is
configured for the custom repository [
%s ]. Only one base entry is allowed.
Explanation: This repository only allows one base
entry.
Administrator response: Check the base entry that is
configured with the custom repository in WebSphere
Virtual member manager (VMM). Fix the VMM
configuration for this repository and retry.
HPDAZ0257E
The custom configuration property [
%s ] and its value [ %s ] is either invalid
or incorrect.
Explanation: Either the custom configuration property
is not supported or its value is incorrect.
Administrator response: Check WebSphere Virtual
member manager (VMM) custom repository
configuration for the property. Fix the VMM
configuration for this repository and retry.
HPDAZ0258E
Cannot modify the entity property [
%s ]. The Security Access Manager
custom registry adapter for WebSphere
Virtual member manager does not
support renaming an entity.
Explanation: The Security Access Manager custom
registry adapter for WebSphere Virtual member
manager does not support renaming an entity.
Administrator response:
HPDAZ0259E
The specified JRE (%s) does not exist.
Explanation: The path does not contain a valid JRE
Administrator response: Try again with a valid JRE
path
40
Version 7.0: Error Message Reference
The \'full\' or \'standalone\' are the
only options for configuration type.
Administrator response:
HPDAZ0261E
'yes' or 'no' are the only acceptable
values.
Explanation: The value supplied was not 'yes' or 'no'.
Administrator response: Try again with an acceptable
value of 'yes' or 'no'.
HPDAZ0262E
Unable to query information from
pd.conf file.
Explanation: See message.
Administrator response: Check the file permissions
and path. Ensure the file is not locked by another
process.
HPDAZ0263E
Unable to query local host name.
Explanation: See message.
Administrator response: Ensure the machine has a
valid host name.
HPDAZ0264E
The %s entry for the entity with DN:
%s in the domain is missing the %s
attribute.
Explanation: The secUser or secGroup entry for the
user or group in the domain is missing the required
attribute that contains the entities ID.
Administrator response: Fix the inconsistency in the
registry for the domain.
HPDAZ0265W The entity with DN: %s was not
removed as others are still using it.
Explanation: The secUser or secGroup entry for the
user or group has been removed, however, it was also
requested that the Native registry entry also be
removed, and that was not possible. This is likely due
to the entry being used by other applications or is a
member of another Security Access Manager domain.
Administrator response: This warning can be ignored
if it is acceptable that the Native registry entry was not
removed. The entity has been removed from Security
Access Manager domain so the entity will no longer be
accessable through that domain.
HPDAZ0266E • HPDAZ0278E
HPDAZ0266E
The Security Access Manager domain
%s does not exist.
HPDAZ0272E
The supplied DN, %s, to create the
entity with has characters that are not
valid.
Explanation: The Security Access Manager domain
name provided was not found in the registry.
Explanation: Some characters can not be used in DNs.
Administrator response: Provide a domain name to
an existing domain.
Administrator response: Ensure the DN has valid
characters.
HPDAZ0267E
HPDAZ0273E
There is no Security Access Manager
entity in the domain with ID %s.
Explanation: The Security Access Manager user or
group with the specified ID does not exist in the
domain.
Administrator response: Verify the correct user or
group ID was provided.
Explanation: Some characters can not be used in IDs.
Administrator response: Ensure the ID has valid
characters.
HPDAZ0274E
HPDAZ0268E
Unable to modify membership of the
group %s, it is likely a dynamic group.
Explanation: It is likely that the user is a member of
the group through a dynamic technique for which this
API is not capable of modifying.
Administrator response: Use other methods to
exclude or remove the user from the group
membership.
HPDAZ0269E
The entity DN %s is already a
member of the Security Access Manager
domain.
Explanation: The user/group DN is already a member
of the Security Access Manager domain and it is not
valid to have more than one Security Access Manager
entity for a DN in the domain.
Administrator response: Either delete the existing
Security Access Manager entity associated with the DN
or do not attempt the import/create.
HPDAZ0270E
The entity ID %s is already in use for
the Security Access Manager domain.
Explanation: The user/group ID is used by another
user/group within the domain. The ID must be unique.
Administrator response: Choose another user/group
ID that is unique within the domain.
HPDAZ0271E
The entity ID %s is missing it's
registry entry.
Explanation: The user/group ID has Security Access
Manager domain information but is missing the
underlying registry user/group entry. This situation
should not be encountered in normal operation.
Administrator response: Fix the inconsistency in the
registry for the domain.
The supplied entity ID, %s, to create
the entity with has characters that are
not valid.
The %s attribute value %s contains
characters that are not valid.
Explanation: Some or all of the characters in the
attribute value are not valid.
Administrator response: Remove the invalid
characters from the attribute and retry.
HPDAZ0275E
The %s attribute must be provided
when creating the entity.
Explanation: The attribute must be supplied for the
creation of the entity.
Administrator response: Include the missing attribute
and retry the operation.
HPDAZ0276E
The entity DN %s can not be created
as it already exists.
Explanation: The user/group DN already exists, but
the API failed as it was asked to create it.
Administrator response: Consider importing the
entity rather than attempting to create it.
HPDAZ0277E
Failed to add entity DN %s to ADAM
registry, the DN is likely invalid.
Explanation: ADAM returns operations error when
the DN provided is not valid. This error has been
mapped by the API to a more appropriate exception so
that the caller of the API is presented with a more
consistent interface.
Administrator response: Ensure the DN is valid for
the ADAM registry and retry.
HPDAZ0278E
None of the configured LDAP servers
of the appropriate type for the operation
can be contacted.
Explanation: Communication to all LDAP servers that
are of the appropriate type, 'readwrite' for modification
Chapter 2. Security Access Manager Base Messages
41
HPDAZ0279E • HPDAZ0289E
operation, 'readwrite' or 'readonly' for read operations,
have failed, so the operation cannot be completed and
has reported this failure.
Administrator response: Examine the log files for
additional information about the server connection
failures. Ensure at least one LDAP is operational and
retry the operation..
HPDAZ0279E
The password must contain at least
one character.
Explanation: The API will not permit empty
passwords to be used. This is done to emulate the same
behavior of other Security Access Manager components.
The use of empty passwords with LDAP can cause
authentications to succeed even if the account
password is not empty, causing a security issue.
Administrator response: Retry with a longer
password.
HPDAZ0280E
There are more matching entries but
the limit to return has been exceeded.
Explanation: Either a supplied limit or an LDAP
server configured limit on the number of matching
entries to return has been exceeded. There are more
matching entries, but they will not be returned.
Administrator response: If the additional entries are
required, increase the limites and retry.
HPDAZ0281E
The old password supplied was
rejected by the LDAP server.
Explanation: Some LDAP servers return
NoSuchAttribute errors when the old password, in a
password change operation, is bad. The error has been
remapped to a more appropriate InvalidOldPassword
error.
Administrator response: Retry with the correct old
password.
does not contain repeated characters.
HPDAZ0284E
Explanation: The password policy for the user
specifies a minimum length and the password supplied
is less that the minimum.
Administrator response: Retry with a longer
password that conforms to policy.
HPDAZ0285E
The password contains spaces and the
policy does not permit this.
Explanation: The password policy for the user does
not permit password containing spaces.
Administrator response: Retry with a password that
does not contain spaces.
HPDAZ0283E
The password contains the same
character repeated consecutively more
than is permitted by policy: %s.
The password does not contain
enough alphabetic characters, the policy
minimum is %s.
Explanation: The password policy for the user
specifies a minimum number of alphabetic characters
that must be present in the password.
Administrator response: Retry with enough alphabetic
characters in the password to conform to policy.
HPDAZ0286E
The password does not contain
enough non-alphabetic characters, the
policy minimum is %s.
Explanation: The password policy for the user
specifies a minimum number of non-alphabetic
characters that must be present in the password.
Administrator response: Retry with enough
non-alphabetic characters in the password to conform
to policy.
HPDAZ0287E
The password must not begin with
the %s character.
Explanation: The LDAP server does not permit
password beginning with the specified character.
Administrator response: Retry with a password that
begins with a different character.
HPDAZ0288E
HPDAZ0282E
The password is too short, the policy
minimum is %s.
A date value, %s, fetched from an
LDAP value is not of form expected.
Explanation: This API expects the date value to be of
the form 'YYYYMMDDhhmmss.0Z'. The value fetched
was not of this form so the operation cannot be
completed.
Administrator response: The value must be corrected
in the registry, before the operation will succeed.
HPDAZ0289E
The account has been disabled.
Explanation: The password policy for the user does
not permit password containing repetitions of the same
characters.
Explanation: The account was previously temporarily
locked out due to many authentication attempts which
are not valid. However, policy changed to require
account disablement instead.
Administrator response: Retry with a password that
Administrator response: Contact the account
42
Version 7.0: Error Message Reference
HPDAZ0290E • HPDAZ0301E
administrator to determine what can be done.
HPDAZ0290E
The account has been locked out.
Explanation: The account was previously disabled due
to many authentication attempts which are not valid,
however, policy has changed since to only require
temporary lockout instead.
Administrator response: Wait for the lockout period
and retry. You can also contact the account
administrator to determine what can be done.
HPDAZ0291E
HPDAZ0296E
The account is disabled.
The time-of-day policy value, %s,
fetched from an LDAP value is not of
form expected.
Explanation: This API expects the date value to be of
the form 'days:start:end:zone' where: days - is a
decimal number representing a bit mask of days of the
week. start - is a decimal number representing the start
minute of the day of allowed access. end - is a decimal
number representing the end minute of the day of
allowed access. zone - if set to 1 indicates that GMT
time of day should be used, else server local time. The
value fetched was not of this form so the operation
cannot be completed.
Explanation: The account is disabled and can not be
used.
Administrator response: The value must be corrected
in the registry, before the operation will succeed.
Administrator response: Contact the account
administrator to determine what can be done.
HPDAZ0297E
HPDAZ0292E
The account has been temporarily
locked.
Explanation: The account has been temporarily locked
and cannot be used for a preset wait period.
Administrator response: Wait for the lockout period
and retry. You can also contact the account
administrator to determine what can be done.
HPDAZ0293E
The account cannot be used at this
time due to time-of-day policy
restrictions.
Explanation: The account has a Time-Of-Day policy
associated with it that restricts access to specific times
on specific days.
Administrator response: Retry at a time when account
policy permits access.
HPDAZ0294E
The account is set invalid.
The required configuration property
%s was not found.
Explanation: The API can not be used without the
missing property being provided in the configuration
file.
Administrator response: Add the required property to
the configuration file.
HPDAZ0298E
The configuration property %s has an
invalid value %s.
Explanation: The value assigned to the configuration
property is not of the expected form.
Administrator response: Correct the property value in
the configuration file.
HPDAZ0299E
The configuration property %s value
%s is not in the range %s to %s.
Explanation: The value assigned to the configuration
property is not within the acceptable range for that
property.
Explanation: The account valid flag on the account is
set to false.
Administrator response: Correct the property value in
the configuration file.
Administrator response: The account cannot be used,
Contact the account administrator to determine what
can be done.
HPDAZ0300E
HPDAZ0295E
The account password is flagged as
not valid.
Explanation: The password valid flag on the account
is set to false. This can be done by the account
administrator to force a password change, or policy can
automatically trigger it.
Administrator response: The account password valid
flag is false must be changed to true before login can
occur. Typically flag can be reset by changing the
password on the account.
The configuration property %s has an
invalid server entry %s.
Explanation: The server entry is not of the expected
form 'host:port:type:rank'.
Administrator response: Correct the server entry in
the configuration file.
HPDAZ0301E
The configuration property %s has an
invalid server entry %s port %s.
Explanation: The server entry port must be a decimal
integer in the range 1 to 65535.
Chapter 2. Security Access Manager Base Messages
43
HPDAZ0302E • HPDAZ0312E
Administrator response: Correct the server entry port
in the configuration file.
HPDAZ0302E
The configuration property %s has a
server entry %s type %s which is not
valid.
Explanation: The server entry type must be either
'readwrite' or 'readonly'.
Administrator response: Correct the server entry type
in the configuration file.
HPDAZ0303E
The configuration property %s has a
server entry %s rank %s which is not
valid.
Explanation: The server entry ranking must be a
decimal integer in the range 0 to 10.
Administrator response: Correct the server entry
ranking in the configuration file.
HPDAZ0304E
The Relative Distinquished Name,
%s, is of an unexpected form.
Explanation: The first RDN of the DN provided is not
of the expected form..
Administrator response: This condition might be
cleared by updating the password.
HPDAZ0308E
Explanation: The underlying registry reported that the
password can not be be changed. This is not due to any
Security Access Manager policy, rather the policy of the
underlying registry.
Administrator response: Contact the underlying
registry administrator for a solution.
HPDAZ0309E
The registry reported the password
has expired.
Explanation: The underlying registry reported the
password has expired. This is not due to any Security
Access Manager policy, rather the policy of the
underlying registry.
Administrator response: This condition might be
cleared by updating the password.
HPDAZ0306E
The registry reported the account is
locked.
Explanation: The underlying registry reported the
account is locked. This is not due to any Security
Access Manager policy, rather the policy of the
underlying registry.
Administrator response: Contact the underlying
registry administrator for a solution.
HPDAZ0307E
The registry reported the password
must be changed after reset.
Explanation: The underlying registry reported the
password needs changing as the password was reset
and no other other actions can take place for this
account until then. This is not due to any Security
Access Manager policy, rather the policy of the
underlying registry.
44
Version 7.0: Error Message Reference
The registry reported the password
old password must be supplied during
the change.
Explanation: The underlying registry reported that the
password cannot be be changed without supplying the
existing password as well as the new password. This is
not due to any Security Access Manager policy, rather
the policy of the underlying registry.
Administrator response: Contact the underlying
registry administrator for a solution.
HPDAZ0310E
Administrator response: Resubmit the request with a
valid Distinquished Name.
HPDAZ0305E
The registry reported the password
can not be changed.
The registry reported the new
password does not pass its policy syntax
rules.
Explanation: The underlying registry reported that the
new password supplied does not have the correct mix
of character types in it. This is not due to any Security
Access Manager policy, rather the policy of the
underlying registry.
Administrator response: Change the content of the
password and resubmit.
HPDAZ0311E
The registry reported the new
password is too short.
Explanation: The underlying registry reported that the
new password supplied is not long enough. This is not
due to any Security Access Manager policy, rather the
policy of the underlying registry.
Administrator response: Increase the length of the
new password and resubmit
HPDAZ0312E
The registry reported that more time
is required before the password can be
changed again.
Explanation: The underlying registry reported that it
will not allow changes to the passwod until a preset
amount of time has passed since the last change. This is
not due to any Security Access Manager policy, rather
the policy of the underlying registry.
Administrator response: Resubmit at a later time.
HPDAZ0313E • HPDAZ0325E
HPDAZ0313E
The registry reported the password
has been recently used and can not be
reused.
Explanation: The underlying registry reported that it
will not allow changes to the passwod until a preset
amount of time has passed since the last change. This is
not due to any Security Access Manager policy, rather
the policy of the underlying registry.
HPDAZ0319E
The operation failed due to
insufficient access rights.
Explanation: Access Controls set in the LDAP registry
server do not permit this APIs account to invoke the
operation.
Administrator response: Contact the LDAP registry
administrator to gain the necessary access rights.
Administrator response: Create a new password not
previously used and resubmit.
HPDAZ0320E
HPDAZ0314E
Explanation: An invalidly formated DN was
provided.
The registry reported an unexpected
password policy error %s.
Explanation: The underlying registry reported a
password policy error that was not expected, and as a
security precaution the account will be considered
locked.
The Distinguished Name provided
has incorrect syntax.
Administrator response: Correct the DN provided to
adhear to the rules for LDAP DN string representation.
HPDAZ0321E
The Distinguished Name does not
map to an existing entry in the registry.
Administrator response: Contact the underlying
registry administrator to help determine why.
Explanation: The object was not found in the registry.
HPDAZ0315E
Administrator response: Ensure the DN provided is
correct.
Unable to communicate to the registry
server.
Explanation: The API failed to connect to the LDAP
registry server. Additional information may be available
in the attached Naming Exception.
Administrator response: Ensure the registry server is
operating and a clear communications path exists to it.
HPDAZ0316E
The entry already exists in the
registry.
Explanation: An attempt to create a new entry in the
LDAP registry failed because the entry already exists.
Administrator response: Choose a new DN and retry
the operation.
HPDAZ0317E
The registry is too busy and has
rejected the operation.
Explanation: The LDAP registry server reported that it
was too busy to process the request.
Administrator response: Retry when the registry is
less busy.
HPDAZ0318E
The operation took longer than the
registry time limit and was aborted.
Explanation: The LDAP registry server aborted the
operation as it was taking too long to process.
Administrator response: Retry with a simpler
operation, increase the registry time limit, improve the
registry performance, or if the registry is under heavy
load, wait for a better time.
HPDAZ0322E
An attribute with the given value
does not exist for the entry.
Explanation: The object does not contain the attribute
with the specified value so the operation failed.
Administrator response: Ensure the attribute name
and value is correct for the operation.
HPDAZ0323E
The operation violates the schema
rules for the registry.
Explanation: The operation requested would violate
the schema rules of the registry.
Administrator response: Do not attempt to violate
schema rules.
HPDAZ0324E
The attribute type specified is not
valid.
Explanation: The attribute type specified is not valid.
This should not occur during normal operation.
Administrator response: Reconsider how this API is
being used.
HPDAZ0325E
Partial results were returned due to a
referral not being followed.
Explanation: This error results from LDAP referrals
not being followed. If they were followed all the results
could be obtained.
Administrator response: This should not occur, as the
API is configured to follow referrals.
Chapter 2. Security Access Manager Base Messages
45
HPDAZ0326E • HPDAZ0337E
HPDAZ0326E
The request to the registry included
an extension that is not supported by
the registry.
Explanation: The request to the registry included an
extension that is not supported by the registry.
Administrator response: Examine the configuration of
the registry to ensure the required extension is enabled.
HPDAZ0332E
Explanation: Opening and reading in the contents of
the configuration properties file failed.
Administrator response: Ensure the configuration file
specified is correct.
HPDAZ0333E
HPDAZ0327E
The value specified for the attribute
violates the attributes schema definition.
Explanation: The value specified for the attribute
would violate the attributes schema definition.
Administrator response: Ensure the attribute value
and name are correct.
HPDAZ0328E
The non-leaf entry can not be deleted.
Explanation: Other entries in the registry have been
created below this one and the registry will not permit
its removal while the other entries exist.
Administrator response: If the entry was specified
correctly, remove the entries under it so it becomes a
leaf entry and can be removed.
HPDAZ0329E
The credentials provided can not be
authenticated by the registry.
Explanation: The DN provided does not match any
existing user in the registry or the password provided
is not correct for the user.
Administrator response: Provide correct credentials
and retry.
HPDAZ0330E
An attribute type or attribute value
specified already exists in the entry.
Explanation: An attribute type or attribute value
specified already exists in the entry.
Administrator response: Ensure the correct attribute
and value was provided.
HPDAZ0331E
An unexpected error was reported by
the registry.
Explanation: An unexpected error was reported by the
registry.
Administrator response: Ensure the registry and this
API are configured correctly, and that the registry is an
offically supported one.
Unable to read in the configuration
URL: %s.
Unable to determine the registry
server type. Error message %s.
Explanation: The API will attempt to determine the
type of LDAP registry it is configured to use. This
operation will test some of the essential basic
configuration options are correct when the registry
instance is provisioned.
Administrator response: Examine the error message
take corrective action, and retry.
HPDAZ0334E
Many instances of the registry API
are open. The maximum is %s.
Explanation: There is a maximum number of registry
instances that can be instanciated at the same time and
this limit has been reached.
Administrator response: Reduce the number of
simultaneously open registry instances.
HPDAZ0335E
The cryptographic algorithm %s need
for SSL to the registry is not available.
Explanation: To ensure the SSL certificate recieved
from the LDAP server is trusted this algorithm is used
and must be available.
Administrator response: Ensure the correct
com.ibm.crypto.provider.IBMJCE is in the Java class
path.
HPDAZ0336E
The configured trust key store, %s
does not exist. This is needed for SSL to
the registry.
Explanation: If the trust key store is configured, it
must exists.
Administrator response: Ensure trust key store is
configured correctly and exists.
HPDAZ0337E
The configured trust key store, %s of
type %s from provider %s can not be
loaded. This is needed for SSL to the
registry.
Explanation: The configured trust key store cannot be
loaded.
Administrator response: Ensure trust key store is
configured correctly, exists and if of the correct type.
46
Version 7.0: Error Message Reference
HPDAZ0338E • HPDAZ0348W
HPDAZ0338E
The configured trust key store, %s
cannot be initialized by the trust store
factory. This is needed for SSL to the
registry.
HPDAZ0343E
The registry reported an error to
indicate the account is locked.
Explanation: The configured trust key store could not
be initilized by the trust store factory.
Explanation: The underlying registry reported the
account is locked. This is not due to any Security
Access Manager policy, rather the policy of the
underlying registry.
Administrator response: Ensure trust key store is
configured correctly, and has the correct type.
Administrator response: Contact the underlying
registry administrator for a solution.
HPDAZ0339E
HPDAZ0344E
Unexpected error using the
configured trust key store, %s. This is
needed for SSL to the registry.
Explanation: Unexpected error using the configured
trust key store.
Administrator response: Ensure trust key store is
configured correctly, is of the correct type.
HPDAZ0340E
Unexpected error setting up SSL to
the registry.
Explanation: Unexpected error setting up SSL to the
registry.
Administrator response:
HPDAZ0341E
The registry returned a generic error
that indicates the registries password
policy was violated.
Explanation: An attribute value exception, which is
not valid, can be returned by various LDAP registries if
the password supplied does not conform to the LDAP
registries password policy. This is not caused by
Security Access Manager password policy.
Administrator response: Ensure the password
complies to the underlying LDAP registries password
policy.
HPDAZ0342E
No avaliable method for verifying the
password is available.
Explanation: Two methods of verifying the password
are used by the API. Either by binding to the LDAP
server using the credentials, or by using the LDAP to
directly compare the password to the password
attribute of the account. Neither of these two methods
are available, possibly due to a combination of the
limitations of the LDAP server and the
ldap.auth-using-compare setting.
Administrator response: Ensure the
ldap.auth-using-compare configuration setting is
appropriate.
The password is not correct.
Explanation: The password does not match the
password of the account.
Administrator response: Retry with the correct
password
HPDAZ0345E
The entity is not a Security Access
Manager entity, so the attribute, %s, is
not appropriate.
Explanation: The attribute being modified is only
applicable to Security Access Manager entites, and the
entity in this operation is not one.
Administrator response: Ensure the attribute is
appropriate for the entity being modified.
HPDAZ0346E
The operation is not valid for
attribute, %s.
Explanation: The operation is not valid for attribute.
Administrator response: Ensure the attribute name is
correct.
HPDAZ0347E
GSO enabled user accounts can not
be deleted.
Explanation: The API does not support deleting user
accounts that are GSO enabled.
Administrator response: Remove GSO enablement
from the user account before deleting.
HPDAZ0348W The registry reported the password
will expire soon.
Explanation: The underlying registry reported the
password will expire soon. This is not due to any
Security Access Manager policy, rather the policy of the
underlying registry.
Administrator response: This condition can be
ignored, and might be cleared by updating the
password.
Chapter 2. Security Access Manager Base Messages
47
HPDAZ0349E • HPDAZ0360E
HPDAZ0349E
The suffix %s configured to be
ignored cannot be parsed.
Explanation: The suffix string provided is not a
correctly formatted DN.
Administrator response: Ensure the suffix syntax is
correct.
HPDAZ0350E
The suffix %s used internally cannot
be parsed.
Explanation: The suffix string set internally in the
program cannot be parsed by the Java API, which is
unexpected.
Administrator response: Internal error, check for
updates to this program.
HPDAZ0351W Authentication failed. The account is
not activated.
Explanation: The LDAP registry failed the
authentication and reported that the account is not
activated.
Administrator response: Contact the administrator for
the LDAP registry to activate the account.
HPDAZ0352E
An LDAP operations error occurred.
Explanation: An unexpected error was returned from
the LDAP server while attempting the operation. This
error can be returned from a search of the suffix:
cn=schema.
Administrator response: Make sure that special LDAP
suffixes are excluded from searches.
HPDAZ0353E
Unable to setup Audit logger for file
pattern %s
Explanation: An error occured when setting up the
Audit Java Logger to output to the specified file.
Administrator response: Ensure the file pattern
provided is valid, and that the operating system user
running this applicaton has permission to update these
audit files. Also examine the cause exception for
additional details.
HPDAZ0354E
Failed to convert attribute/value
information into PDAdmin PDAttrs in
preparation for authorization checks.
Explanation: An error occured when creating
PDAdmin attribute class instances.
Administrator response: This error is not expected.
Examine the cause exception for possible solution.
HPDAZ0355E
Failed to get obtain PDAdmin
credentials for user %s.
Explanation: An error occured when determinig the
credentials for the user that is to be used in
authorization decisions when using the administration
methods.
Administrator response: Ensure the administrator
user name is valid. Ensure that the Authorization
Server is running. Examine the cause exception for
addition information.
HPDAZ0356E
Unable to generate PDPermission
objects.
Explanation: An error occured when creating
PDPermission objects used for authorizing
administration methods.
Administrator response: Examine the cause exception
for addition information.
HPDAZ0357E
Unable to determine if the user is
permitted access.
Explanation: An error occured when checking if the
user has permission to invoke the administration
method.
Administrator response: Ensure the Authorization
Server is running. Examine the cause exception for
addition information.
HPDAZ0358E
The user '%s' is not authorized for
'%s' action on '%s'.
Explanation: The administration user is not permitted
access to the method.
Administrator response: Use a different user, or
update the ACL on the object to permit the action.
HPDAZ0359E
Domain '%s' is not valid, only
domain '%s' can be used.
Explanation: The permitted domains is restricted
when running the application as it is configured.
Administrator response: Use the correct domain. Note
that when authorization is enabled, the only domain
permitted is the one configured for the PDAdmin API.
HPDAZ0360E
The user '%s' is not permitted to
invoke this operation on their own
account.
Explanation: Some operations are not permitted when
a user is manipulating their own account.
Administrator response: Use a different user to
invoke this operation.
48
Version 7.0: Error Message Reference
HPDAZ0361E • HPDAZ0500E
HPDAZ0361E
Unable to create a PDAdmin
PDAuthorizationContext for
authorization evaluation.
Explanation: This API attempted to create a PDAdmin
PDAuthorizationContext, required when authorization
is enabled.
Administrator response: Ensure the configuration is
correct. Examine the cause exception for additional
details.
HPDAZ0362E
Attribute '%s' can only have one
value, %s values were provided.
Explanation: An update was attempted on an
attribute which would result in more than one value
for the attribute when the attribute only allows one
value.
Administrator response: Retry the operation with just
one value.
HPDAZ0363E
Attribute '%s' must be of String type.
Explanation: The attribute only accepts String type
values.
Administrator response: Retry the operation with a
String value, not a byte[] value.
HPDAZ0364E
The value '%s' is not valid for
attribute '%s'.
Explanation: The attribute only accepts String type
values.
Administrator response: Retry the operation with a
String value, not a byte[] value.
HPDAZ0365E
The condensed resource credential
value '%s' can not be parsed.
Explanation: The value provided was likely not
produced from the API and is not formatted correctly.
Administrator response: Correct the value and retry
the operation.
HPDAZ0366E
%s resource credential values are
required, %s was provided.
Explanation: A resource credential is made of of four
values: the resoure name, type, user and password.
Administrator response: Provide the correct number
of values and retry the operation.
HPDAZ0400E
Invalid argument: Null PDConfig.
Explanation: A nonnull PDConfig object is required to
construct an AuthNCertCmd.
Administrator response: Ensure that the config
argument is nonnull.
HPDAZ0401E
Invalid argument: Null accountName
or passphrase or domainName.
Explanation: A nonnull input is required to construct
an AuthNPasswordCmd.
Administrator response: Ensure that the
accountName, passphrase and domainName arguments
are nonnull.
HPDAZ0402E
Invalid argument: Some nonnull
input needs to be provided.
Explanation: Nonnull input is required to construct an
AuthSignCertificateCmd.
Administrator response: Ensure that some input is
nonnull.
HPDAZ0403E
Transmission error: Parameters could
not be encoded.
Explanation: I/O error occurred even before the
request could be transmitted.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAZ0404E
Invalid argument: Null accountname
or passphrase.
Explanation: Nonnull input is required to construct a
ProxyAuthenticateCmd.
Administrator response: Ensure that the input is
nonnull.
HPDAZ0405E
Invalid argument: Null userName.
Explanation: A userName is required to construct a
ProxyGetCredsCmd.
Administrator response: Ensure that the userName
argument contains meaningful input.
HPDAZ0500E
Configuration error: This application
server's account is marked invalid.
Explanation: The Security Access Manager server
indicates that this server's account is invalid.
Administrator response: Ensure that the correct config
file is being used. If it is, ensure that this application
server's account has not been marked invalid.
Chapter 2. Security Access Manager Base Messages
49
HPDAZ0501E • HPDAZ0602E
HPDAZ0501E
Configuration error: This application
server's account is unknown.
Explanation: The Security Access Manager server
indicates that this server's account is unknown.
Administrator response: Ensure that the correct config
file is being used. If it is, ensure that this application
server's account exists. If it does not, re-run SvrSslCfg.
HPDAZ0502E
Transmission error: No response from
server at %s, port %d.
Explanation: The Security Access Manager server did
not respond to this request.
Administrator response: Ensure that the correct config
file is being used, and that the desired server is
operational. If all was correct, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAZ0503E
Transmission error: Could not connect
to the server, and no alternative servers
are configured.
Explanation: No communication is possible to this
Security Access Manager server.
Administrator response: Ensure that the correct config
file is being used, and that the desired server is
operational. If all was correct, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAZ0513W
Explanation: An LDAP server that previously failed
has been detected as funtioning again. It will be added
back into the pool of available servers.
Administrator response: No action required.
HPDAZ0514W The LDAP server is an IBM Tivoli
Directory Server and is running in
configuration only mode. Security
Access Manager will not be able to
operate normally with the LDAP server
in this mode.
Explanation: The LDAP server is an IBM Tivoli
Directory Server and the server is currently running in
configuration only mode. In this mode, most normal
LDAP operations (such as update) cannot be
performed. Since many LDAP operations which
Security Access Manager performs are not possible,
Security Access Manager will not be able to operate
normally until the LDAP server is configured properly
and restarted in normal mode.
Administrator response: View the IBM Tivoli
Directory Server error logs and correct any identified
errors which prevent the LDAP server from starting in
normal mode. See the IBM Tivoli Directory Server
documentation for the location of the error log and
information for configuring the server properly. Once
the conditions have been corrected, restart the LDAP
server in normal mode and restart Security Access
Manager.
HPDAZ0600E
HPDAZ0504E
Failover error: cannot contact a
configured server.
Explanation: No communication could be made to
any of the configured servers.
Administrator response: Ensure that network
connectivity exists between the client and server
machines and verify that the server process is running
on the configured port.
HPDAZ0512E
The Security Access Manager custom
registry adapter for WebSphere Virtual
member manager (VMM) cannot update
group membership for group [ %s ] .
Security Access Manager does not
support nested groups.
Explanation: The Security Access Manager does not
support nested groups; therefore, the Security Access
Manager custom registry adapter for WebSphere Virtual
member manager does not allow nested group
membership update.
Administrator response: Remove the group
membership update for nested group.
50
Version 7.0: Error Message Reference
Server %s has recovered.
Invalid argument: Null URL on
constructor.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDAZ0601E
Invalid argument: Could not convert
port number to an integer.
Explanation: The supplied value was not a valid
integer.
Administrator response: Supply a valid integer value
for the server port number.
HPDAZ0602E
Corrupted file: Insufficient
information to contact a Policy Server.
Explanation: The configuration file did not correctly
specify a Policy Server servername and port.
Administrator response: Re-run SvrSslCfg to generate
a valid configuration file.
HPDAZ0603E • HPDAZ0776E
HPDAZ0603E
Corrupted file: Insufficient
information to contact an Authorization
Server.
Explanation: The configuration file did not correctly
specify a Authorization Server servername and port.
Administrator response: Re-run SvrSslCfg to generate
a valid configuration file.
HPDAZ0771E
Explanation: Password must be at least one character
in length.
Administrator response: Retry the command
providing a correct value for the option.
HPDAZ0772E
HPDAZ0604E
Invalid argument: Duplicate server
specified.
Explanation: When trying to add a server to the
configuration file, it was discoverd that the server was
already in the list of servers. Retry without the
duplicate entry.
Administrator response: Only supply a server once.
HPDAZ0605E
Corrupted configuration: Cannot use
keystore.
Explanation: The keystore file supposed to be used in
client-server SSL communication could not be opened
with the derived password, or the certificate does not
have the correct alias, or the encrypted password has
been tampered with.
Administrator response: Re-run SvrSslCfg.
HPDAZ0768E
Value '%s' is not valid for option '%s'.
It must be one of 'true' or 'false'
Explanation: The option can only be set to either 'true'
or 'false'. Neither of these values were provided.
Administrator response: Retry the command
providing a correct value for the option.
Invalid value '%s' for option '%s'. It
must be an integer in the range %s to
%s
Explanation: The option value must be an integer in
the range noted in the error text.
Administrator response: Retry the command
providing a correct value for the option.
Administrator response: Retry the command
providing a correct value for the option.
HPDAZ0773E
Invalid value '%s' for option '%s'. The
value must be a non-empty list of
values separated by '%s' characters.
Explanation: The option value must be a non-empty
list of values separated by the separator characted
noted in the error text.
Administrator response: Retry the command
providing a correct value for the option.
Option '%s' has an LDAP server entry
'%s' which is not valid. It must be of the
form 'host:port:type:rank'
Explanation: The command was not able to find four
values separated by ':' characters for the LDAP server
entry.
Administrator response: Retry the command
providing a correct value for the option.
HPDAZ0774E
Option '%s' has entry '%s' with a port
value '%s' that is not valid. It must be
an integer in the range 1 to 65535.
Explanation: The value for the LDAP server port in
either not in the range 1 to 65535, or is not an integer.
Administrator response: Retry the command
providing a correct value for the option.
Option '%s' has entry '%s' with a
server type '%s' that is not valid. Use
one of 'readwrite' or 'readonly'
Explanation: The server type can only be one of
'readwrite' or 'readonly'.
Administrator response: Retry the command
providing a correct value for the option.
HPDAZ0776E
HPDAZ0770E
At least one LDAP server must be
specified for option '%s'.
Explanation: The option requires at least one LDAP
server to be specified.
HPDAZ0775E
HPDAZ0769E
The password for '%s' can not be zero
characters in length.
Option '%s' has entry '%s' with a
server rank '%s' that is not valid. The
rank must be an integer in the range 1
to 10.
Explanation: The value for rank is in either not in the
range 1 to 10, or is not an integer.
Administrator response: Retry the command
providing a correct value for the option.
Chapter 2. Security Access Manager Base Messages
51
HPDAZ0777E • HPDBA0100E
HPDAZ0777E
For option '%s' the '%s' must be a
valid file that exists.
Explanation: The file must exist and be accessable to
the user running this command.
Administrator response: Retry the command
providing a correct value for the option.
HPDAZ0779E
The configuration properties file '%s'
already exists.
HPDAZ0784E
Explanation: The program is unable to open the the
configuration properties file to read the properties.
Administrator response: Ensure permissions on the
file allow the action.
HPDAZ0785E
Explanation: The create command will not overwrite
existing files.
Administrator response: Retry the command
providing the name of a file that does not exist.
HPDAZ0780E
An unknown configuration property
name '%s' was provided. Use one of: %s.
Explanation: An unknown configuration property
name was given.
Administrator response: Retry the command
providing one of the valid property names.
HPDAZ0781E
The option '%s' is required and can
not be removed.
Explanation: The property can not be removed as it
must be present in the configuration properties file.
Unable to create the configuration
property file '%s', error '%s'.
Explanation: The configuration properties file can not
be created (either for the first time, or due to an
update). If this is an update, the original configuration
propertes file is renamed with the extention .bkp, and a
new file is written in it's place. If the write fails, the
original file is restored.
Administrator response: Ensure there is sufficent disk
space. Ensure file system permissions permit the create.
HPDAZ0783E
Unable to write to configuration
properties file '%s', error '%s'.
Explanation: The program is unable to write the
properties to the configuration properties file.
Administrator response: Ensure there is sufficent disk
space and retry.
52
Version 7.0: Error Message Reference
Unable to read propertes from
configuration properties file '%s'. Error
'%s'
Explanation: The program is unable to read the
properties from the configuration properties file.
Administrator response: Ensure file is a correctly
formated properties file.
HPDAZ0786E
The input properties file is missing
the required 'ldap.ssl-truststore'
property.
Explanation: 'ldap.ssl-enable' property was set to 'true'
which requires 'ldap.ssl-truststore' property.
Administrator response: Either set ldap.ssl-enable to
'false' or add the propery 'ldap.ssl-truststore' in the
input properties file.
HPDAZ0787E
Administrator response: Do not attempt to remove
the option from the configuration properties file.
HPDAZ0782E
Unable to open configuration
properties file '%s' for reading. Error
'%s'.
The input properties file is missing
the required 'ldap.ssl-truststore-pwd'
property.
Explanation: 'ldap.ssl-enable' property was set to 'true'
which requires 'ldap.ssl-truststore-pwd' property.
Administrator response: Either set ldap.ssl-enable to
'false' or add the propery 'ldap.ssl-truststore-pwd' in
the input properties file.
HPDAZ0788E
The input properties file is missing
the required '%s' property.
Explanation: The property is required and must be
supplied in the input properties file.
Administrator response: Add the missing propery to
the input properties file.
HPDBA0100E
No data accompanied the server
response to the request.
Explanation: See message.
Administrator response: Verify the status of the
server.
HPDBA0101E • HPDBA0206E
HPDBA0101E
Memory allocate request failed.
HPDBA0200E
Explanation: A request to allocate memory failed.
Administrator response: Check the amount of system
paging and swap space available as well as the amount
of available memory. You might also consider rebooting
the system. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0107E
Unable to map file %s, error (rc=%d).
The server Distinguished Name (DN)
specified in the configuration file does
not match the DN in the certificate
received from the server.
Explanation: The DN specified in the "master-dn"
attribute of the "manager" stanza of the configuration
file does not match the DN in the certificate received
from the server.
Administrator response: Verify that the server's
hostname, port number, and Distinguished Name are
correct and that the correct server certificate is being
used.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0108E
Unable to unmap file %s, error
(rc=%d).
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0111E
The Tivoli Common Directory
configuration file cannot be read.
Explanation: Security Access Manager was configured
to use the Tivoli Common Directory serviceability
scheme; but the Tivoli Common Directory configuration
file cannot be read.
Administrator response: Verify that the Tivoli
Common Directory configuration file is located in the
correct directory and that its has proper file access
permissions.
HPDBA0202E
The keyfile is not configured or it
could not be opened or accessed.
Explanation: The keyfile does not exist or permissions
prevent the application from reading the keyfile.
Administrator response: Ensure that the keyfile
specified by the "ssl-keyfile" attribute in the "ssl" stanza
of the configuration file exists and that the permissions
permit reading. Verify that it can be viewed using a
keyfile management program.
HPDBA0203E
The keyfile password is incorrect.
Explanation: The password stash file does not exist or
its permissions prevent the application from reading it.
Administrator response: Ensure that the file specified
by the "ssl-keyfile-stash" attribute in the "ssl" stanza of
the configuration file exists and is readable.
HPDBA0204E
The specified certificate could not be
used because it does not exist or is
otherwise invalid.
Explanation: The certificate in the keyfile has expired
or the keyfile is invalid.
Administrator response: Ensure that the correct
certificate is specified and that it has not expired.
HPDBA0112W Serviceability messages will not be
recorded in the Tivoli Common
Directory.
HPDBA0205E
Explanation: Security Access Manager was configured
to use the Tivoli Common Directory serviceability
scheme; but the Tivoli Common Directory has been
relocated since the configuration was performed.
Explanation: The certificate presented by the
application is invalid.
Administrator response: The location of the Tivoli
Common Directory has been relocated since Security
Access Manager was configured. Move the Security
Access Manager serviceability files into the new
location and update the Security Access Manager
configuration to use the correct directory.
The certificate presented by the SSL
partner could not be successfully
validated.
Administrator response: Ensure that the correct
configuration file is being used by the application.
HPDBA0206E
The specified SSL V3 session
time-out value is invalid.
Explanation: The configuration file contains an invalid
value.
Administrator response: Specify a valid value (an
Chapter 2. Security Access Manager Base Messages
53
HPDBA0207E • HPDBA0217E
integer in the range: 10-86400) in the appropriate
configuration file for the attribute (ssl-v3-timeout) or
initialization parameter (azn_init_ssl_timeout). Security
Access Manager components do not operate correctly
with small time-out values in some network
environments.
HPDBA0207E
A communication error occurred
while initializing the SSL connection.
Explanation: An internal error has occurred. It might
be caused by a TCP/IP connection problem.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0208E
The requested action cannot be
performed because the SSL environment
is not initialized.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0209E
The requested action cannot be
performed because the SSL environment
is already initialized.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0210E
The SSL environment could not be
closed.
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0212E
The SSL environment could not be
initialized. Ensure all required SSL
configuration parameters are correct.
Explanation: The configuration might be corrupted.
Administrator response: Retry the command. If the
problem persists, unconfigure and reconfigure the
application.
HPDBA0213E
The WinSock library could not be
loaded.
Explanation: An internal error has occurred.
Administrator response: Ensure that WinSock support
is installed and the library directory is in the PATH
then retry the command. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0214E
The SSL socket could not be
initialized. Ensure all required SSL
configuration parameters are correct.
Explanation: The configuration might be corrupted.
Administrator response: Retry the command. If the
problem persists, unconfigure and reconfigure the
application.
HPDBA0215E
Information about the SSL session
could not be determined.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal error has occurred.
HPDBA0216E
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal error has occurred.
HPDBA0211E
The SSL attribute could not be set
because the value is invalid.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
54
Version 7.0: Error Message Reference
The SSL session could not be reset.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0217E
The SSL session type cannot be set to
client on a server.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
HPDBA0218E • HPDBA0230E
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0223E
The SSL communication cannot be
performed because the socket is invalid.
Explanation: An internal error has occurred.
HPDBA0218E
An error occurred writing data to an
SSL connection.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0219E
An error occurred reading data from
an SSL connection.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0220E
The partner's SSL certificate
information could not be determined.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0221E
The requested action could not be
performed because the SSL client is
already bound to the server.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0222E
The TCP/IP host information could
not be determined from the server
hostname. Ensure that the server
hostname is correct.
Explanation: An internal error has occurred.
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Retry the command. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0224E
The specified authentication method
is invalid. Ensure that the specified
authentication method is a supported
value.
Explanation: The configuration file contains an invalid
value.
Administrator response: Correct the authentication
method specified in the configuration file, or
unconfigure and reconfigure the application.
HPDBA0225E
A configuration action could not be
performed because the SSL server is
already initialized and running.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0228E
The data could not be sent over SSL
because the buffer size was insufficient.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0229E
The certificate or keyfile password is
expired.
Explanation: The certificate or the keyfile password is
expired and auto-refresh is not enabled.
Administrator response: Refresh the password or
enable auto-refresh in the configuration file.
HPDBA0230E
The certificate label or DN is invalid.
Explanation: An internal error has occurred.
Administrator response: Reconfigure the application.
If the problem persists, check IBM Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
55
HPDBA0231E • HPDBA0274E
HPDBA0231E
The date for the partner certificate is
invalid.
Explanation: An internal error has occurred.
Administrator response: Reconfigure the application.
If the problem persists, check IBM Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0242W The server could not find a handler
for the command: (0x%x).
Explanation: This might indicate that the client or
server should be upgraded.
Administrator response: Ensure that the client and
server software are at a compatible level. Update the
client or server software if necessary.
HPDBA0245E
HPDBA0232E
The type of the partner certificate is
unsupported.
Explanation: An internal error has occurred.
Administrator response: Reconfigure the application.
If the problem persists, check IBM Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
GSKKM API failed. %s return (%d).
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0263E
Accept failed, errno: (0x%x).
Explanation: An internal error has occurred.
HPDBA0233E
No certificate was presented by the
SSL partner.
Explanation: An internal error has occurred.
Administrator response: Reconfigure the application.
If the problem persists, check IBM Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0234E
The SSL communications could not
be completed. The socket was closed.
Explanation: An internal error has occurred.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0236W The server could not locate the
session for the client.
Explanation: The client disconnected before the
operation completed.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0269E
Explanation: This is an internal error.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0272E
The client is not bound. The client
must be bound to perform this
operation.
The SSL keyfile name is invalid.
Explanation: The configuration file is corrupted or
contains invalid data.
Administrator response: Unconfigure and reconfigure
the application.
HPDBA0273E
Administrator response: No action is required.
HPDBA0237E
The session performing the operation
lost its credentials.
The SSL version is invalid. The
specified version is incorrect or
unsupported.
Explanation: The configuration file is corrupted or
contains invalid data.
Administrator response: Unconfigure and reconfigure
the application.
Explanation: An internal error has occurred.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0274E
The SSL keyfile stash file name are
invalid.
Explanation: The configuration file is corrupted or
contains invalid data.
Administrator response: Unconfigure and reconfigure
the application.
56
Version 7.0: Error Message Reference
HPDBA0275E • HPDBA0292E
HPDBA0275E
The client is not configured properly
for this call. No replicas have been
specified.
HPDBA0285E
Automatic refresh could not be
performed because of a GSKKM API
error.
Explanation: The configuration is incomplete.
Explanation: An internal error has occurred.
Administrator response: Use the svrsslcfg
-add_replica command to add appropriate replica
authorization servers.
Administrator response: Verify that there is enough
disk space on the machine. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0276E
The server name is invalid.
Explanation: The configuration file is corrupted or
contains invalid data.
Administrator response: Unconfigure and reconfigure
the application.
HPDBA0277E
The server port is invalid.
Explanation: The configuration file is corrupted or
contains invalid data.
Administrator response: Unconfigure and reconfigure
the application.
HPDBA0279E
A domain must be specified for
authentication.
Explanation: A domain has not been specified before
contacting the server.
Administrator response: Ensure a domain is specified
in the configuration file.
HPDBA0280E
An invalid Privilege Attribute
Certificate (PAC) was specified.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0281E
An unexpected exception was caught.
Explanation: See message.
Administrator response: See the error log for more
information. Check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0286W An invalid data packet was received
and discarded.
Explanation: Incoming data is unrecognized.
Administrator response: No action is required.
HPDBA0287E
Automatic refresh could not be
performed because the certificate has
expired.
Explanation: The certificate has expired and must be
manually refreshed.
Administrator response: Refresh the certificate in the
keyfile. For C applications, use the svrsslcfg command
with the -chgcert option to attempt a manual refresh of
the certificate. For Java applications, use
com.tivoli.pd.jcfg.SvrSslCfg -action replcert.
HPDBA0288W Automatic refresh of the certificate
could not be performed because of error
(0x%8.8x).
Explanation: An internal error has occurred.
Administrator response: The operation will be
automatically retried. No action is required.
HPDBA0289W Automatic refresh of the certificate
could not be performed because of error
(0x%8.8x).
Explanation: An internal error has occurred.
Administrator response: The operation will be
automatically retried. No action is required.
HPDBA0292E
The certificate has expired or the date
is invalid.
Explanation: The date in the certificate is not valid.
HPDBA0282E
An unknown exception was caught.
No exception information is available.
Explanation: See message.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Renew the certificate. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
57
HPDBA0293E • HPDBA0306E
ICC API failed. %s returns %d, %s
HPDBA0293E
platform in a subsequent version of GSKit.
Explanation: An internal error has occurred.
Administrator response: When available, upgrade to
the FIPS certified version of GSKit for this platform.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0300E
HPDBA0294W
Could not get ICC context.
Explanation: This is an informational message. An
error occurred while attempting to get icc context.
Invalid protected object policy name.
Explanation: The protected object policy (POP) name
that was specified is not valid.
Administrator response: Specify a valid POP name.
Valid characters are a-z, A-Z, 0-9, underscore (_),
hyphen (-), and backslash (\) or any character from a
double-byte character set.
Administrator response: No action is required.
HPDBA0301E
HPDBA0295W
Could not get ICC random number
Explanation: This is an informational message. An
error occurred while attempting to get icc random
number.
The protected object policy specified
was not found.
Explanation: See message.
Administrator response: Retry the command with a
valid protected object policy name.
Administrator response: No action is required.
HPDBA0302E
HPDBA0296E
The SSL communications could not
be completed. An incorrectly formatted
SSL message was received from the
partner.
Explanation: The FIPS setting might not be the same.
All machines in a secure Security Access Manager
environment must be configured with the same
"ssl-enable-fips" value.
Administrator response: Ensure that the value for the
"ssl-enable-fips" entry in the "[ssl]" stanza of pd.conf is
the same on both the local machine and the machine
where communication is attempted. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: See message.
Administrator response: Detach the policy from all
protected objects and retry the command.
HPDBA0303E
Administrator response: Determine if this conflict
needs to be resolved and take action accordingly.
Timeout expired. The timeout period
elapsed before obtaining a connection
from the client to the server.
Explanation: See Message.
Administrator response: Increase the value of the
'ssl-client-connection-timeout' entry in the [ssl] stanza
of the 'etc/ivmgrd.conf' file in the Security Access
Manager install directory. And ensure server is running
and listening.
HPDBA0298W Certified FIPS mode is not available
on this platform because the underlying
FIPS provider is not currently certified.
Security Access Manager will run in
non-certified FIPS mode.
Explanation: See Message. This is a usually a
temporary condition, and should be aleviated on this
58
Version 7.0: Error Message Reference
A protected object policy with this
name already exists.
Explanation: An attempt was made to create a new
protected object policy. A protected object policy by the
same name already exists.
HPDBA0305E
HPDBA0297E
Policy is attached to one or more
protected objects. A policy cannot be
deleted while it is still attached.
The protected object policy cannot be
attached to the specified protected
object. The protected object has been
marked to not accept the protected
object policy.
Explanation: The creator or administrator of the
specified protected object has set the attributes of the
protected object such that no policy can be attached.
Administrator response: The administator of the
specified protected object must change the attributes of
the protected object before a policy can be attached.
HPDBA0306E
The ACL cannot be attached to the
specified protected object. The protected
object has been marked to not accept
the ACL policy.
Explanation: The creator or administrator of the
specified protected object has set the attributes of the
HPDBA0308E • HPDBA0409E
protected object such that no policy can be attached.
HPDBA0313E
Administrator response: The administator of the
specified protected object must change the attributes of
the protected object before a policy can be attached.
The authorization rule is attached to
one or more protected objects. The
authorization rule cannot be deleted
while it is still attached
Explanation: See message.
HPDBA0308E
Invalid authorization rule name.
Explanation: The rule name that was specified is not
valid.
Administrator response: Specify a valid authorization
rule name. Valid characters are a-z, A-Z, 0-9,
underscore (_), hyphen (-), and backslash (\) or any
character from a double-byte character set.
HPDBA0309E
Invalid authorization rule text string.
Explanation: The rule text string that was specified is
not valid.
Administrator response: Specify a valid authorization
rule test string. Valid characters are a-z, A-Z, 0-9,
underscore (_), hyphen (-), and backslash (\) or any
character from a double-byte character set.
HPDBA0310E
The authorization rule specified was
not found.
Explanation: See message.
Administrator response: Specify the correct rule and
retry the command.
HPDBA0311E
An authorization rule with this name
already exists.
Explanation: An attempt was made to create a new
authorization rule. An authorization rule by the same
name already exists.
Administrator response: Determine if this conflict
needs to be resolved and take action accordingly.
HPDBA0312E
The authorization rule cannot be
attached to the specified protected
object. The protected object has been
marked to not accept protected object
policies.
Explanation: The creator or administrator of the
specified protected object has set the attributes of the
protected object so that no authorization rule can be
attached.
Administrator response: The administator of the
specified protected object must change the attributes of
the protected object such that authorization rule will be
accepted.
Administrator response: Use the authzrule find
command to get a list of the protected objects that are
attached to the rule. Detach all protected objects from
the authorization rule then retry the command.
HPDBA0401E
ASN.1 encoding error (0x%8.8lx).
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0406E
ASN.1 decoding error. The version of
ASN.1 encoded data was
unexpected.The most likely cause is that
the sender is at different version.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0407E
ASN.1 general error. Unsupported
operation.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0408E
The ASN.1 data stream ended
prematurely.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0409E
An ASN.1 integer value is too large.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
59
HPDBA0410E • HPDBA0421E
HPDBA0410E
ASN.1 data length is invalid. The
data buffer is invalid.
HPDBA0416E
An ASN.1 data value is not set. The
data buffer contains unexpected data.
Explanation: An internal error has occurred.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0411E
HPDBA0417E
ASN.1 data invalid encoding. The
data buffer contains unexpected data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0412E
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
ASN.1 indefinite data type is not
allowed. The data buffer contains
unexpected data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0414E
The ASN.1 data type must be
primitive. The data buffer contains
unexpected data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0415E
The ASN.1 type must be constructed.
The data buffer contains unexpected
data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
60
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
ASN.1 data invalid parameter.
Explanation: An internal error has occurred.
HPDBA0413E
The ASN.1 indefinite data type is not
supported. The data buffer contains
unexpected data.
Version 7.0: Error Message Reference
HPDBA0418E
The unused bitcount is invalid for the
ASN.1 bitstream type. The data buffer
contains unexpected data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0419E
The segmented bitcount is invalid for
the ASN.1 bitstream type. The data
buffer contains unexpected data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0420E
An unexpected ASN.1 data type was
found. The data buffer contains
unexpected data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0421E
The ASN.1 data buffer is too long.
The data buffer contains unexpected
data.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
HPDBA0422E • HPDBA0603E
support/index.html?ibmprd=tivman
HPDBA0422E
The ASN.1 data stream is missing
members of a sorted set. The data buffer
contains unexpected data.
http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0428E
The specified codeset is not permitted
for this ASN.1 data type.
Explanation: An internal error has occurred.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0423E
HPDBA0600E
The ASN.1 choice index is out of
range.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0424E
The ASN.1 choice data type is not
initialized.
Explanation: An internal error has occurred. An
attempt was made to set a value to an unselected
choice.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0425E
The ASN.1 asn_any data type has
specific syntax.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0426E
The ASN.1 utc/gmt time type has an
invalid value.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBA0427E
The ASN.1 UTF-8 string could not
convert the string to or from the local
code page.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information -
Keyfile password change failed. File:
%s. Error: %d
Explanation: An unexpected error occurred while
changing the password for the specified key file.
Administrator response: Change the password
manually using the -chgpwd option. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBA0601E
Keyfile password change failed
because GSKit could not resolve the
stash file. File: %s. Error: %d
Explanation: An error occurred while changing the
password for the specified key file. The key stash file is
missing.
Administrator response: The stash file may be
missing or corrupted. Attempt to locate the stash file
for the specified key file.
HPDBA0602E
Keyfile password change failed
because permissions on the file are not
correct. File: %s.
Explanation: An error occurred while changing the
password for the specified key file. The file permissions
are incorrect, or the owner is incorrect.
Administrator response: Ensure that the owner of the
file matches the identity of the application. Ensure that
the identity has permission to create and write the file.
Then change the password manually using the
-chgpwd option.
HPDBA0603E
Keyfile password change failed
because GSKit could not change the
password. File: %s. Error: %d
Explanation: An unexpected error occurred while
changing the password for the specified key file. GSKit
change key password returned an error.
Administrator response: The key file or stash file may
be corrupted.
Chapter 2. Security Access Manager Base Messages
61
HPDBA0604E • HPDBF0030W
HPDBA0604E
Keyfile password change rollback
failed. GSKit reports an error. File: %s.
Error: %d
Explanation: An error occurred while attempting to
restore the password for the specified key file.
Administrator response: The key file or stash file may
be missing or corrupted.
HPDBA0605W Warning mode is enabled for this
protected object policy (POP). Complete
access to the protected object using this
POP is permitted regardless of other
restrictions in the POP.
Explanation: When the warning mode attribute for the
POP is set to yes, any user can perform any action on
the object where the POP is attached. Any access to the
object is permitted even if the security policy attached
to the object is set to deny this access. This message is a
precautionary warning to safeguard that this is the
desired behavior.
Administrator response: If unrestricted access is
desired to the object where the POP is attached, no
action is required. To enable restrictions in the POP,
modify the POP by setting the value of the warning
mode attribute to no.
HPDBA0608E
Unable to map interface name '%s' to
address. getaddrinfo returned error %d:
%s.
Explanation: The interface name (IP address) provided
was not accepted by the operating system.
Administrator response: Change the name of the
interface (IP address) and retry.
HPDBF0020E
The specified JRE (%s) version (%s)
does not meet supported JRE version
requirement.Consult the manual for a
list of supported JREs.
Explanation: See message.
Administrator response: Install a supported JRE and
retry the command.
HPDBF0021E
This Java Runtime Environment (%s)
has already been configured.
Unconfigure first then retry the
command.
Explanation: The specified JRE is already configured
and cannot be configured twice.
Administrator response: Unconfigure JRE if you
would like to configure again.
62
Version 7.0: Error Message Reference
HPDBF0022E
This Java Runtime Environment (%s)
has already been configured.
Unconfigure first or specify a different
JRE path then retry the command.
Explanation: The specified JRE is already configured
and cannot be configured twice.
Administrator response: Unconfigure JRE if you
would like to configure again or specify a different JRE
path.
HPDBF0025E
Unable to create the PD.properties file
in the specified JRE.Ensure you have
the correct permissions to do so.
Explanation: Unable to create PD.properties file in
PolicyDirector directory of the JRE being configured.
Administrator response: Ensure that the user has the
necessary permissions to create the PolicyDirector
directory and the PD.properties file in the
<JRE_HOME>/PolicyDirector directory.
HPDBF0026W Unable to rename the PD.properties
file.
Explanation: See message.
Administrator response: Ensure the permissions on
the file allow this process to modify it.
HPDBF0027E
An error occurred while creating
PD.properties file.
Explanation: Unable to create PD.properties file in
PolicyDirector directory of the JRE being configured.
Administrator response: Ensure that the user has the
necessary permissions to create the PolicyDirector
directory and the PD.properties file in the
<JRE_HOME>/PolicyDirector directory.
HPDBF0029E
No JRE has been configured. Unable
to unconfigure %s.
Explanation: pdjrte_paths file does not exist. As such,
no JREs have been configured already.
Administrator response: Configure a JRE. Or, if a JRE
is already configured and this message is still
displayed, create the <PDHOME>/etc/pdjrte_paths file
w/ the JRE path listed.
HPDBF0030W The JRE (%s) is notconfigured for the
Security Access Manager Runtime for
Java.
Explanation: See message.
Administrator response: Configure the JRE for the
Security Access Manager Runtime for Java.
HPDBF0031E • HPDBF0089E
HPDBF0031E
This Java Runtime Environment has
already been configured.
Explanation: The JRE specified is already listed in the
pdjrte_paths file.
Administrator response: Unconfigure this JRE before
trying to configure.
HPDBF0032E
There was an internal error during
initialization.
HPDBF0084E
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0085E
Explanation: See message.
Administrator response: Make sure the CLASSPATH
is set correctly.
HPDBF0073W Unable to stop IBM WebSphere
Application Server.
Explanation: The server could not be stopped.
Perhaps it was not running.
Explanation: The plugin configuration could not be
regenerated. Perhaps the server name is not the default
server1
Administrator response: From the command line, run
the command GenPluginCfg -server.name
<servername> where servername is the name of your
IBM WebSphere Application Server.
Unable to find the iscwpm.war
directory. Make sure that the WPM
application is deployed in the
WebSphere systemApps directory.
Explanation: See message.
Administrator response: See message
HPDBF0086E
Administrator response: No action required.
HPDBF0075W Unable to Regenerate IBM
WebSphere Application Server Plugin
Configuration.
Unable to perform SvrSslCfg
configuration forSecurity Access
Manager Web Portal Manager.
The WebSphere server installation full
path is not valid.Possible causes are:
Make sure you have installed a
supported version of WebSphere. Make
sure you have configured Security
Access Manager Runtime for Java to this
WebSphere Java path.
Explanation: The path specified for WebSphere is not
valid.
Administrator response: Install a supported version of
WebSphere.
HPDBF0087E
The Security Access Manager Web
Portal Manager has already been
configured.
Explanation: See message.
HPDBF0078W Unable to start IBM WebSphere
Application Server.
Explanation: The command to start the server failed.
Perhaps it is already running.
Administrator response: No action is required.
HPDBF0080E
Unable to deploy Security Access
Manager Web Portal Manager.
Administrator response: Unconfigure the Security
Access Manager Web Portal Manager first, then retry
the command.
HPDBF0088E
The Security Access Manager Web
Portal Manager has already been
unconfigured.
Explanation: See message.
Explanation: An error occurred during the installation
of the product.
Administrator response: No action required.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0089E
Unable to configure Security Access
Manager Runtime for Java into the IBM
WebSphere Application Server.
Explanation: An internal error has occurred.
HPDBF0083E
The Security Access Manager runtime
must be configured first.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
Administrator response: Configure the Security
Access Manager rutime before configuring Web Portal
Manager.
Chapter 2. Security Access Manager Base Messages
63
HPDBF0091E • HPDBF0120E
HPDBF0091E
Security Access Manager Web Portal
Manager could not be removedfrom
WebSphere. Continuing with the
unconfig operation.
Explanation: An internal error occurred during the
uninstall process.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command. Use the
WebSphere Admin Console to remove the Security
Access Manager Web Portal Manager.
HPDBF0094E
Unable to unconfigure Security Access
Manager Runtime for Javafrom IBM
WebSphere Application Server.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0095E
The SvrSslCfg unconfiguration
command cannot be performedfor
Security Access Manager Web Portal
Manager.
supported operating system. Refer to previous
messages that have appeared on the screen for more
details. Fix the problem and then retry the command.
HPDBF0100E
The IBM HTTP server installation
path could not be obtained.
Explanation: See message.
Administrator response: Ensure that IBM HTTP
server is properly installed.
HPDBF0101E
The httpd.conf file could not be
modified. SSL is not available for
connecting toSecurity Access Manager
Web Portal Manager.
Explanation: Unable to access the configuration file
for the IBM HTTP server. SSL will not function
properly.
Administrator response: Check the file permissions
and path. Ensure the file is not locked by another
process.
HPDBF0102E
The pdwpm.conf file could not be
modified.
Explanation: See message.
Explanation: Unable to access the configuration file
for Security Access Manager Web Portal Manager.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
Administrator response: Check the file permissions
and path. Ensure the file is not locked by another
process.
HPDBF0097E
HPDBF0116E
IBM WebSphere Application Server
plug-in configuration could not be
regenerated.
The port number is not valid. The
port must be an integer greater than or
equal to zero.
Explanation: An internal error occurred.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
Administrator response: Retry the command with a
valid port number.
HPDBF0119E
HPDBF0098E
The Windows registry could not be
opened.
Explanation: The API that is used to manipulate the
registry failed.
Administrator response: Ensure you are using a
supported operating system. Refer to previous
messages that have appeared on the screen for more
details. Fix the problem and then retry the command.
HPDBF0099E
The registry key value could not be
set.
Explanation: The API that is used to manipulate the
registry failed.
Administrator response: Ensure you are using a
64
Version 7.0: Error Message Reference
The local host name cannot be
obtained. Specify the host name using
the - policysvr option.
Explanation: See message.
Administrator response: Specify a value for -policysvr
option, and retry the command.
HPDBF0120E
Could not contact the Security Access
Manager policy server. Possible causes
are:The Policy server is not running.The
Policy server host name or port number
is incorrect.
Explanation: See message.
Administrator response: Make sure the policy server
is running and specify a correct value for host name
HPDBF0122E • HPDBF0172E
and port number, and retry the command.
the problem and then retry the command.
HPDBF0122E
HPDBF0159E
The value specified for -action option
(%s) was not valid. The value must be
one of the following:
config|unconfig|status|name
Explanation: See message.
Administrator response: Specify a correct value for
the -action option. Retry the command.
Could not copy %s to %s.
Explanation: An error occurred copying the file.
Administrator response: Check the paths and
permissions of the directories.
HPDBF0160E
Could not open file: %s
Explanation: The specified file could not be opened.
HPDBF0153E
An error occurred backing up the
data.
Administrator response: Check the path, name, and
permissions of the file and retry the command.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0154E
An error occurred restoring the
archive.
Explanation: An error occurred during the restoration
process.
HPDBF0161E
Could not access list: %s
Explanation: The backup list could not be accessed.
Administrator response: Check the path, name, and
permissions of the file and retry the command.
HPDBF0162E
The drive %s is not a fixed drive.
Explanation: The drive specified must be a fixed drive
for the restore to occur.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
Administrator response: Specify the correct drive
letter and retry the command.
HPDBF0155E
HPDBF0163E
Could not resolve path for Security
Access Manager runtime.
Could not access the path: %s
Explanation: The path specified does not exist.
Explanation: The Security Access Manager runtime
path could not be obtained from the registry.
Administrator response: Check the path and retry the
command.
Administrator response: Ensure Security Access
Manager runtime is installed on the system.
HPDBF0169E
HPDBF0156E
Could not parse the line: %s.
Could not open file: %s
Explanation: The specified file could not be opened.
Explanation: The line in the backup list is misformed.
Administrator response: Check the path, name, and
permissions of the file and retry the command.
Administrator response: Correct the line and retry the
command.
HPDBF0171E
HPDBF0157E
Could not backup the registry subkey:
%s.
Explanation: The registry subkey could not be saved.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0158E
Could not restore the registry subkey:
%s.
Explanation: The registry subkey could not be
restored.
Could not resolve path for Security
Access Manager runtime.
Explanation: The Security Access Manager runtime
path could not be obtained from the registry.
Administrator response: Ensure Security Access
Manager runtime is installed on the system.
HPDBF0172E
The file, %s, could not be read.
Explanation: See message.
Administrator response: Check the file's permissions
and path and retry the command.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
Chapter 2. Security Access Manager Base Messages
65
HPDBF0178E • HPDBF0248W
HPDBF0178E
Error opening or reading the response
file %s. Ensure the file exists and that it
contains the correct stanza name, %s.
Explanation: The response file could not be accessed
or the stanza name is invalid.
Administrator response: Check the path and
permissions of the file, make sure it has a valid stanza
name, then retry the command.
HPDBF0235E
Invalid key file or configuration file
name.
Explanation: See message.
Administrator response: Retry the command with
valid key file or configuration file name.
HPDBF0236E
The directory does not exist.
Explanation: See message.
HPDBF0229E
The configuration action is invalid.
Valid actions are 'create' or 'replace'.
Administrator response: Ensure the specified
directory exist and has appropriate permissions.
Explanation: See message.
Administrator response: Retry the command with a
valid configuration action.
HPDBF0237E
The mode value is invalid. The value
must be 'remote' or 'local'.
Explanation: See message.
HPDBF0230E
The port number is invalid. The port
must be an integer greater than or equal
to zero.
Explanation: See message.
Administrator response: Retry the command with
valid mode value.
HPDBF0238E
Administrator response: Retry the command with a
valid port number.
The server option is invalid. Specify
one policy server or authorization server
parameter.
Explanation: See message.
HPDBF0231E
The rank is invalid. The rank must be
an integer.
Administrator response: Retry the command with
valid server parameter.
Explanation: See message.
Administrator response: Retry the command with a
valid rank.
HPDBF0239E
The listening option is invalid. The
value must be 'true' or 'false'.
Explanation: See message.
HPDBF0232E
The format of the servers option is
host1:port1:rank1,host2:port2:rank2,...
Administrator response: Retry the command with
valid listening value.
Explanation: An invalid servers format was entered.
Administrator response: Rerun the command with a
valid servers format.
HPDBF0233E
An invalid server option was entered.
The format of the server option is
host:port:rank.
HPDBF0240E
The refresh interval is invalid. The
value must be an integer greater than or
equal to zero.
Explanation: See message.
Administrator response: Retry the command with a
valid refresh value.
Explanation: See message.
Administrator response: Rerun the command with a
valid server option.
HPDBF0234E
Unable to load pd.properties.
Explanation: Not able to load pd.properties files.
Administrator response: Make sure pdjrte is
configured.
HPDBF0247E
The local host name cannot be
obtained. Specify the host name using
the -host option.
Explanation: See message.
Administrator response: Specify a value for -host
option. and retry the command.
HPDBF0248W The following options are ignored
when configuring a remote-mode server:
%s
Explanation: The -dblisten, -dbrefresh and -dbdir
66
Version 7.0: Error Message Reference
HPDBF0250E • HPDBF0301E
options are valid only for local-mode servers. Remote
mode was specified.
Administrator response: No action required, but be
aware that the values for the listed options are not
included in the application server's configuration. If the
application server is required to use the options, it
must be unconfigured and reconfigured as a local-mode
server.
HPDBF0289E
Explanation: An incorrected administrator name or
password was given.
Administrator response: Correct the information and
retry the command.
HPDBF0292E
HPDBF0250E
The certificate refresh is invalid. The
value must be true or false.
Explanation: See message.
Incorrect Security Access Manager
administrator name or password.
The PDMgrProxyd service could not
be deleted.
Explanation: See message.
Administrator response: Retry the command with a
valid appsvr-certrefresh setting.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0253E
HPDBF0295E
The SSL V3 protocol enable flag is
invalid. The value must be true or false.
Explanation: See message.
Administrator response: Retry the command with a
valid ssl_v3_enable setting.
HPDBF0255E
The TLS V1.0 protocol enable flag is
invalid. The value must be true or false.
Explanation: See message.
Administrator response: Retry the command with a
valid tls_v10_enable setting.
HPDBF0257E
The TLS V1.1 protocol enable flag is
invalid. The value must be true or false.
Explanation: See message.
Administrator response: Retry the command with a
valid tls_v11_enable setting.
HPDBF0259E
The TLS V1.2 protocol enable flag is
invalid. The value must be true or false.
An error occurred while
unconfiguring the Security Access
Manager proxy server.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0298E
Security Access Manager runtime
must be configured first.
Explanation: See message.
Administrator response: Configure Security Access
Manager runtime, then retry the command.
HPDBF0299E
Security Access Manager policy server
has already been unconfigured.
Explanation: The policy server is already
unconfigured.
Administrator response: This process only works if
the policy server is currently configured. Configure the
server and retry the command.
Explanation: See message.
Administrator response: Retry the command with a
valid tls_v12_enable setting.
HPDBF0300E
The PDMgrProxyd service could not
be deleted.
Explanation: See message.
HPDBF0283E
Invalid LDAP SSL information was
entered.
Explanation: See message.
Administrator response: Provide the correct key file,
key label, password and ssl port number, then retry the
command.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0301E
The PDMgrProxyd service could not
be registered.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
Chapter 2. Security Access Manager Base Messages
67
HPDBF0302E • HPDBF0352W
HPDBF0302E
An error occurred opening
configuration file.
unconfigured for that JRE, the jsse.jar file must be
manually restored from its backup location to the lib
directory.
Explanation: See message.
Administrator response: Check the permissions of the
file and make sure it is not in use by another process,
then retry the command.
HPDBF0349E
HPDBF0303E
Explanation: During Security Access Manager
Runtime for Java configuration, it was determined that
the target JRE must be modified. The currently running
JRE is the target JRE and cannot be modified as
required.
An error occurred while
unconfiguring the Security Access
Manager proxy server.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0304E
A memory allocation error resulted in
the termination of the program. Check
the maximum allowable memory and
the amount of system paging space as
these may both need to be increased.
Explanation: See message.
Administrator response: Increase the maximum
allowable memory and the system paging space or shut
down one or more applications.
HPDBF0305E
An error occurred while starting the
Security Access Manager policy proxy
server.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBF0348W An error occurred while checking the
properties of the target Java Runtime
Environment (%s). The JRE might need
post-configuration modification.
Explanation: During Security Access Manager
Runtime for Java configuration, the version and vendor
of the target JRE are examined. Since the version and
vendor could not be determined, the configuration
continues as if the JRE needs no modification.
Administrator response: After Security Access
Manager Runtime for Java configuration, determine the
target Java runtime version and vendor manually. This
can be done by executing 'java -version', where the java
invoked is in the target runtime. The output should
indicate the version and vendor. If the version is JRE
1.4 or later and the vendor is Sun Microsystems, the
JRE can then be modified manually: The jsse.jar file
present in the JRE's lib directory must be moved to a
backup location outside of the lib directory. Note that
when the Security Access Manager Runtime for Java is
68
Version 7.0: Error Message Reference
The Java Runtime Environment (%s)
cannot be configured. Configure by
using the pdjrtecfg command in
non-interactive mode.
Administrator response: Configure the Security
Access Manager Runtime for Java by executing the
pdjrtecfg command found in the Security Access
Manager sbin directory. The pdjrtecfg command must
be executed in non-interactive mode. Also, do not use a
response file when executing pdjrtecfg.
HPDBF0350E
Unable to start Security Access
Manager Web Portal Manager.
Explanation: An error occurred while starting Security
Access Manager Web Portal Manager.
Administrator response: Stop and restart the IBM
WebSphere Application Server.
HPDBF0351W An error occurred while restoring the
original state of the target Java Runtime
Environment (%s). The JRE might need
post-unconfiguration modification.
Explanation: During Security Access Manager
Runtime for Java configuration, the target JRE was
modified so that the jsse.jar file in its lib directory was
moved to a jarbackup directory created under lib. The
unconfiguration program is unable to move the jsse.jar
file back to its original location and remove the
jarbackup directory, possibly due to file system access
problems.
Administrator response: Manually restore the state of
the Java Runtime Environment by moving the jsse.jar
file in JRE lib/jarbackup directory to its original
location in the lib directory. Then remove the jarbackup
directory.
HPDBF0352W The temporary file %s cannot be
deleted. Manually delete the file.
Explanation: During Security Access Manager
Runtime for Java configuration, a temporary file was
created, but cannot be deleted, possibly due to file
system access problems.
Administrator response: Manually delete the named
file.
HPDBF0358E • HPDBF0413E
HPDBF0358E
Could not contact the Security Access
Manager authorization server. Possible
causes are:The Authorization server is
not running.The Authorization server
host name or port number is incorrect.
Explanation: See message.
Administrator response: Make sure the authorization
server is running and specify a correct value for host
name and port number, and retry the command.
HPDBF0366E
Could not contact the Security Access
Manager authorization server. Possible
causes are:The Authorization server is
not running.The Authorization server
host name or port number is incorrect.
HPDBF0370E
Invalid hostname for the Security
Access Manager authorization server.
Possible causes are:The Authorization
server host name is incorrect.
Explanation: See message.
Administrator response: Specify a correct value for
the host name and retry the command.
HPDBF0371E
Invalid hostname for the WebSphere
server. Possible causes are:The
WebSphere host name is incorrect.
Explanation: See message.
Administrator response: Specify a correct value for
the host name and retry the command.
Explanation: See message.
Administrator response: Make sure the authorization
server is running and specify a correct value for host
name and port number, and retry the command.
HPDBF0367E
Could not contact the WebSphere
server. Possible causes are:The
WebSphere server is not running.The
WebSphere server host name or port
number is incorrect.
HPDBF0372E
Explanation: See message.
Administrator response: Specify all of the required
options. Retry the command.
HPDBF0388E
Explanation: See message.
Administrator response: Make sure the IBM
WebSphere Application Server or Deployment Manager
is running and specify a correct value for host name
and port number, and retry the command.
HPDBF0368E
Could not find a IBM WebSphere
Application Server or Cluster. Possible
causes are:The WebSphere server host
name or port number is incorrect. The
specified cluster or application server is
invalid.
Explanation: See message.
Administrator response: Specify a correct value for
host name and port number, and retry the command.
HPDBF0369E
Invalid hostname for the Security
Access Manager policy server. Possible
causes are:The Policy server host name
is incorrect.
Explanation: See message.
Administrator response: Specify a correct value for
the host name and retry the command.
The required option (%s) was not
specified.
Unable to create the
PDJLog.properties file in the specified
JRE.Ensure you have the correct
permissions to do so.
Explanation: Unable to create PDJLog.properties file
in PolicyDirector directory of the JRE being configured.
Administrator response: Ensure that the user has the
necessary permissions to create the PolicyDirector
directory and the PDJLog.properties file in the
<JRE_HOME>/PolicyDirector directory.
HPDBF0399E
The Security Access Manager Runtime
for Java cannot run with the FIPS mode
set.
Explanation: The Security Access Manager Runtime
for Java has configured FIPS mode that is different
from the WebSphere FIPS mode.
Administrator response: Make sure that the
WebSphere and Security Access Manager Runtime for
Java are configured with the same FIPS setting.
HPDBF0413E
The Security Access Manager Runtime
for Java installed within the JRE (%s)
version (%s) is outdated.Upgrade the
Security Access Manager Runtime for
Java.
Explanation: Security Access Manager Runtime for
Java needs to be upgraded.
Administrator response: Upgrade the Security Access
Manager Runtime for Java configured to the JRE.
Chapter 2. Security Access Manager Base Messages
69
HPDBF0440E • HPDBF0455E
HPDBF0440E
The file %s could not be accessed.
Explanation: The file does not exist or does not have
the correct permissions.
Administrator response: Reissue the command
specifying a valid file.
HPDBF0443E
The server audit configuration file %s
could not be created.
Explanation: The server audit configuration file could
not be created.
Administrator response: Ensure that there is enough
space and that the directory has the correct permissions
Then, reissue the command.
HPDBF0448E
Explanation: The audit server is down or the
information provided for the audit server is incorrect.
Administrator response: After verifying the audit
server is running and the information provided for the
audit server is correct, reissue the command.
HPDBF0450E
Configuration data could not be
written to %s.
Explanation: The server audit configuration file could
not be created.
Administrator response: Ensure that there is enough
space and that the directory has the correct permissions
Then, reissue the command.
Administrator response: Reissue the command
specifying the missing option.
Invalid value specified for
-disk_cache_mode. Valid values are
\'auto\', \'always\', and \'never\'.
Explanation: Invalid value specified for
-disk_cache_mode. Valid values are \'auto\',
'\always'\, and \'never\'.
Administrator response: Reissue the command
specifying a valid value for -disk_cache_mode.
HPDBF0446E
Invalid value specified for -enable_ssl.
Valid values are \'yes\' and \'no\'.
The server audit configuration file %s
could not be created.
Explanation: The server audit configuration file could
not be created.
Administrator response: Ensure that there is enough
space and that the directory has the correct permissions
Then, reissue the command.
HPDBF0452E
HPDBF0445E
Option %s is required with option %s.
Explanation: Required option is not specified.
HPDBF0451E
HPDBF0444E
The audit server could not be
contacted.
Configuration data could not be
written to %s.
Explanation: The server audit configuration file could
not be created.
Administrator response: Ensure that there is enough
space and that the directory has the correct permissions
Then, reissue the command.
HPDBF0453E
Invalid value specified for
-disk_cache_mode. Valid values are
\'auto\', \'always\', and \'never\'.
Explanation: Invalid value specified for -enable_ssl.
Valid values are \'yes' and \'no\'.
Explanation: Invalid value specified for
-disk_cache_mode. Valid values are \'auto\',
'\always'\, and \'never\'.
Administrator response: Reissue the command
specifying a valid value for -enable_ssl.
Administrator response: Reissue the command
specifying a valid value for -disk_cache_mode.
HPDBF0447E
HPDBF0454E
Invalid value specified for
-enable_pwd_auth. Valid values are
\'yes\' and \'no\'.
Explanation: Invalid value specified for
-enable_pwd_auth. Valid values are \'yes' and \'no\'.
Administrator response: Reissue the command
specifying a valid value for -enable_pwd_auth.
Invalid value specified for -enable_ssl.
Valid values are \'yes\' and \'no\'.
Explanation: Invalid value specified for -enable_ssl.
Valid values are \'yes' and \'no\'.
Administrator response: Reissue the command
specifying a valid value for -enable_ssl.
HPDBF0455E
Invalid value specified for
-enable_pwd_auth. Valid values are
\'yes\' and \'no\'.
Explanation: Invalid value specified for
-enable_pwd_auth. Valid values are \'yes' and \'no\'.
70
Version 7.0: Error Message Reference
HPDBF0456E • HPDBF0505E
Administrator response: Reissue the command
specifying a valid value for -enable_pwd_auth.
HPDBF0456E
The audit server could not be
contacted.
Explanation: The audit server is down or the
information provided for the audit server is incorrect.
Administrator response: After verifying the audit
server is running and the information provided for the
audit server is correct, reissue the command.
HPDBF0478E
HPDBF0484E
Incorrect Security Access Manager
value for policysvr. The value should
contain host:port:rank.
Explanation: An incorrect entry was given for
policysvr. It should have host:port:rank.
Administrator response: Correct the information and
retry the command.
HPDBF0487E
The audit key file is invalid.
Invalid value specified for
-temp_storage_full_timeout. Valid values
are \'-1\', \'0\', and any positive
integer.
Administrator response: Specify a valid key file.
Explanation: Invalid value specified for
-temp_storage_full_timeout. Valid values are \'-1\',
'\0'\, and any positive integer.
HPDBF0479E
Administrator response: Reissue the command
specifying a valid value for -temp_storage_full_timeout.
Explanation: The audit key file is invalid.
Invalid value specified for
-temp_storage_full_timeout. Valid values
are \'-1\', \'0\', and any positive
integer.
HPDBF0488E
Explanation: Invalid value specified for
-temp_storage_full_timeout. Valid values are \'-1\',
'\0'\, and any positive integer.
The option
-temp_storage_full_timeout is only valid
when -disk_cache_mode is set to
\'auto\' or \'always\'.
Administrator response: Reissue the command
specifying a valid value for -temp_storage_full_timeout.
Explanation: The option -temp_storage_full_timeout is
only valid when -disk_cache_mode is set to \'auto\' or
'\always\'.
HPDBF0480E
Administrator response: Reissue the command
specifying a proper value for -disk_cache_mode.
The option
-temp_storage_full_timeout is only valid
when -disk_cache_mode is set to
\'auto\' or \'always\'.
Explanation: The option -temp_storage_full_timeout is
only valid when -disk_cache_mode is set to \'auto\' or
'\always\'.
Administrator response: Reissue the command
specifying a proper value for -disk_cache_mode.
HPDBF0503E
Explanation: See message.
Administrator response: Retry the command with
valid -ldap_ssl_enable value.
HPDBF0504E
HPDBF0481E
The audit ID password is invalid.
Explanation: The audit ID password is invalid.
Administrator response: Specify a valid audit ID
password.
HPDBF0482E
The -ldap_mgmt option must be set to
'true' to use the -ldap_ssl_truststore
option.
Explanation: See message.
Administrator response: Retry the command with
valid -ldap_mgmt value.
The audit server URL is invalid.
Explanation: The audit server URL is invalid.
Administrator response: Specify a valid audit server
URL.
HPDBF0483E
The -ldap_ssl_enable option must be
either 'true' or 'false'.
The audit cache file is invalid.
HPDBF0505E
The file specified by the
-ldap_ssl_truststore is not accessible.
Explanation: See message.
Administrator response: Ensure that the specified file
exists and that it has appropriate permissions.
Explanation: The audit cache file is invalid.
Administrator response: Specify a valid audit cache
file.
Chapter 2. Security Access Manager Base Messages
71
HPDBF0506E • HPDBG0003E
HPDBF0506E
The -ldap_ssl_truststore option must
be set to use the
-ldap_ssl_truststore_pwd option.
Explanation: See message.
Administrator response: Retry the command with
-ldap_ssl_truststore set.
HPDBF0513E
Explanation: See message.
Administrator response: Ensure that the specified file
exists and that it has appropriate permissions.
HPDBF0514E
HPDBF0507E
The -ldap_ssl_truststore_pwd option
must be set to use the
-ldap_ssl_truststore option.
Explanation: See message.
Administrator response: Retry the command with
-ldap_ssl_truststore_pwd set.
The LDAP server type is not valid.The
type must be one of 'readwrite' or
'readonly'.
Explanation: See message.
Administrator response: Retry the command with a
valid LDAP server type.
Administrator response: Retry the command with
-ldap_ssl_truststore set.
The LDAP server rank is not
valid.The rank must be an integer from
0 to 10.
Explanation: See message.
Administrator response: Retry the command with a
valid rank value.
HPDBF0510E
The -ldap_mgmt option must be set to
'true' to use the -ldap_ssl_enable option.
The -ldap_ssl_truststore_pwd option
must be set to use the
-ldap_ssl_truststore option.
Explanation: See message.
Administrator response: Retry the command with
-ldap_ssl_truststore_pwd set.
HPDBF0534E
HPDBF0509E
The -ldap_ssl_truststore option must
be set to use the
-ldap_ssl_truststore_pwd option.
Explanation: See message.
HPDBF0515E
HPDBF0508E
The file specified by the
-ldap_ssl_truststore is not accessible.
The Security Access Manager Runtime
for Java cannot run as the WebSphere
security standard does not match the
configured compliance.
Explanation: The Security Access Manager Runtime
for Java has configured a compliance mode that is
different from the WebSphere security standard
compliance.
Administrator response: Make sure that the
WebSphere and Security Access Manager Runtime for
Java are configured with the same setting.
Explanation: See message.
Administrator response: Retry the command with
valid -ldap_mgmt value.
HPDBG0001E Unsupported operating system type:
%s.
HPDBF0511E
Explanation: The command is not supported on this
operating system.
The -ldap_ssl_enable option must be
either 'true' or 'false'.
Explanation: See message.
Administrator response: Change to a supported
operating system and retry the command.
Administrator response: Retry the command with
valid -ldap_ssl_enable value.
HPDBG0003E
HPDBF0512E
Explanation: An attempt to login to the server was
unsuccessful.
The -ldap_mgmt option must be set to
'true' to use the -ldap_ssl_truststore
option.
Explanation: See message.
Administrator response: Retry the command with
valid -ldap_mgmt value.
72
Version 7.0: Error Message Reference
Login to the server failed.
Administrator response: Ensure the server is running,
that all ports, user IDs and passowrds are correct, then
retry the command.
HPDBG0005E • HPDBG0110W
HPDBG0005E This script must be executed by 'root'
(uid = 0).
Explanation: Invalid credentials detected running this
process.
Administrator response: Login as the root user and
retry the command.
HPDBG0017E The policy server must first be
installed in the secure domain.Install
the Security Access Manager policy
server on one of the systemsin your
secure domain and retry the command.
Explanation: Same as text.
Administrator response: Same as text.
HPDBG0019W The policy server is not running in
this secure domain.Start the policy
server and retry the command.
Explanation: The policy server cannot be contacted.
Administrator response: Start the policy server and
retry the command.
HPDBG0028W The parent directory does not
exist.Cannot create the document root
directory.
HPDBG0064W
The package is already configured.
Explanation: The package cannot be configured
because it is already configured.
Administrator response: Unconfigure the package
first, then retry the command.
HPDBG0066W The pre-removal of the package has
failed.
Explanation: An error occurred during the pre-remove
phase of the process.
Administrator response: Review log files, correct the
problem, then retry the command.
HPDBG0087W
Could not contact the LDAP server.
Explanation: Same as text.
Administrator response: Ensure the port,
administrator id, and password are correct, and ensure
the server is running on the specified host name.
HPDBG0106W
SBS configuration error.
Explanation: An error occurred during the
configuration.
Administrator response: Review the log files, correct
the problem, then retry the command.
Explanation: The directory cannot be created.
Administrator response: Check the file permissions
and ensure there is enough disk space.
HPDBG0043W
Could not restart the server.
Explanation: The server could not be restarted.
Administrator response: Check the error logs, correct
the problem, then retry the command.
HPDBG0107W
SBS unconfiguration error.
Explanation: An error occurred during the
unconfiguration.
Administrator response: Review the log files, correct
the problem, then retry the command.
HPDBG0108W
Cannot connect to the LDAP server.
Explanation: Same as text.
HPDBG0062W The post-configuration phase of the
package failed.
Explanation: A problem has occurred that prevented
the package from configuring successfully.
Administrator response: Review the log files, correct
the problem, then retry the command.
Administrator response: Ensure the administrator id,
password, and port are correct and that the server is
running on the specified machine.
HPDBG0109W
Invalid LDAP authentication.
Explanation: A password, administrator id, keyfile
password, etc. was invalid.
HPDBG0063W The pre-configuration phase of the
package failed.
Administrator response: Ensure the correct passwords
and ids have been specified, then retry the command.
Explanation: A problem has occurred that prevented
the package from configuring successfully.
HPDBG0110W
Administrator response: Review the log files, correct
the problem, then retry the command.
The LDAP server is not available.
Explanation: The LDAP server is not responding.
Administrator response: Ensure the server name and
port have been speified correctly then retry the
command.
Chapter 2. Security Access Manager Base Messages
73
HPDBG0111W • HPDBG0150W
HPDBG0111W Not authorized to perform the LDAP
operation.
Explanation: The LDAP server denied the requested
operation.
Administrator response: Ensure the user has
appropriate access then retry the command.
HPDBG0112W Cannot connect to the LDAP server
using SSL.
Explanation: Same as text.
Administrator response: Ensure the SSL key file is
valid, the password and port is correct, and that the
server is running. Also check the date on the machines
and validate that the key file has not expired.
HPDBG0123W Unconfigure the authorization server
package before the base package. The
unconfiguration failed.
Explanation: The unconfiguration was attempted out
of sequence.
Administrator response: Same as text.
HPDBG0131W This package is partially
configured.Unconfigure this package
before configuring it. To
unconfigure,return to the Security
Access Manager Configuration Menu
and select Exit.
Explanation: Same as text.
Administrator response: Same as text.
HPDBG0113W An unexpected LDAP error has
occurred.
Explanation: Same as text.
Administrator response: Check the log files on this
machine and on the LDAP server, correct the problem,
then retry the command.
HPDBG0114W Unable to disable the Security
Access Manager WebSEAL server.
Explanation: Same as text.
Administrator response: Review the log files, correct
the problem, then retry the command.
HPDBG0115W Unable to disable the NetSEAL
server.
Explanation: Same as text.
Administrator response: Review the log files, correct
the problem, then retry the command.
HPDBG0117W LDAP client version %s does not
appear to be installed.The LDAP client
must be installed and configured in
order to use the LDAP user registry.
Explanation: Same as text.
HPDBG0147W Configure the Security Access
Manager Runtime package before this
package. The configuration failed.
Explanation: A configuration was attempted out of
sequence.
Administrator response: Configure the packages in
order.
HPDBG0148W Configure the Security Access
Manager Runtime package before the
Net package. The configuration has
failed.
Explanation: A configuration was attempted out of
sequence.
Administrator response: Configure the packages in
order.
HPDBG0149W Configure the runtime package
before the authorization server package.
The configuration failed.
Explanation: A configuration was attempted out of
sequence.
Administrator response: Configure the packages in
order.
Administrator response: Same as text.
HPDBG0119W Configure the net package before the
trap package. The configuration failed.
Explanation: A configuration was attempted out of
sequence.
Administrator response: Configure the packages in
order.
74
Version 7.0: Error Message Reference
HPDBG0150W Unconfigure the policy server
package before the runtime package.
The unconfiguration failed.
Explanation: The unconfiguration was attempted out
of sequence.
Administrator response: Same as text.
HPDBG0151W • HPDBG0210W
HPDBG0151W Unconfigure the authorization server
package before the runtime package.
The unconfiguration failed.
HPDBG0166W Unconfigure the application
developer kit before the runtime
package.
Explanation: The unconfiguration was attempted out
of sequence.
Explanation: The unconfiguration was attempted out
of sequence.
Administrator response: Same as text.
Administrator response: Same as text.
HPDBG0152W Unconfigure the Net package before
the runtime package. The
unconfiguration failed.
HPDBG0167W Unconfigure the console package
before the runtime package.
Explanation: The unconfiguration was attempted out
of sequence.
Explanation: The unconfiguration was attempted out
of sequence.
Administrator response: Same as text.
Administrator response: Same as text.
HPDBG0153W Could not initialize the SSL
configuration.
Explanation: Same as text.
Administrator response: Ensure the key file,
password, and port are correct and that the server is
running in SSL mode.
HPDBG0154W Could not initialize the Base SSL
configuration.
Explanation: Same as text.
Administrator response: Ensure the key file,
password, and port are correct and that the server is
running in SSL mode.
HPDBG0163W Install all required Security Access
Manager packageson the system before
running pdconfig.
Explanation: Same as text.
HPDBG0192W Unconfigure the Web package before
the policy server package. The
unconfiguration failed.
Explanation: An unconfiguration was attempted out
of sequence.
Administrator response: Same as text.
HPDBG0193W Unconfigure the Web package before
the runtime package. The
unconfiguration failed.
Explanation: The unconfiguration was attempted out
of sequence.
Administrator response: Same as text.
HPDBG0205W Some packages have not been
upgraded yet.Upgrade the remaining
packages and retry the command.
Explanation: Same as text.
Administrator response: Same as text.
Administrator response: Same as text.
HPDBG0207W
The upgrade failed.
HPDBG0164W Configure the runtime package
before the application developer kit.
The configuration failed.
Explanation: The upgrade did not complete
successfully.
Explanation: A configuration was attempted out of
sequence.
Administrator response: Review log files or other
previous messages, correct the problem, then retry the
command.
Administrator response: Same as text.
HPDBG0210W
HPDBG0165W Configure the runtime package
before the console package. The
configuration failed.
Explanation: A configuration was attempted out of
sequence.
%s was not found.
Explanation: A file could not be found.
Administrator response: Ensure the file exists and can
be accessed, then retry the command.
Administrator response: Same as text.
Chapter 2. Security Access Manager Base Messages
75
HPDBG0211W • HPDBG0322E
HPDBG0211W Configure the policy server before
the authorization server. The
configuration failed.
Explanation: A configuration was attempted out of
sequence.
HPDBG0275W The necessary LiveCONTENT
directory components have not been
installed.They must be installed before
configuration can continue.
Explanation: Same as text.
Administrator response: Same as text.
Administrator response: Same as text.
HPDBG0212W Configure the policy server before
the net package. The configuration
failed.
HPDBG0277W Security Access Manager policy
server (%s,%s) cannot be contacted.
Explanation: A configuration was attempted out of
sequence.
Administrator response: Same as text.
HPDBG0213W Configure the policy server before
the Web package. The configuration
failed.
Explanation: A configuration was attempted out of
sequence.
Explanation: The specified host and port cannot be
accessed.
Administrator response: Ensure the port and host
name are correct, then retry the command.
HPDBG0278E Login to the Security Access Manager
policy server failed.Ensure that the
password is correct and the policy server
is running, then retry the command.
Explanation: Same as text.
Administrator response: Same as text.
Administrator response: Same as text.
HPDBG0214W The version of the installed LDAP
client must be %s or higher.
HPDBG0284E Unable to read necessary files. Ensure
read permission is set forthe current
user on the following files located in
the directory specifiedabove:
ivmgrd.conf, ivmgrd.kdb, ivmgrd.sth,
pdcacert.b64
Explanation: Same as text.
Administrator response: Install the LDAP client and
retry the command.
Explanation: Same as text.
HPDBG0215W Security Access Manager policy
server must be upgraded on the system.
Explanation: Same as text.
Administrator response: Same as text.
Administrator response: Same as text.
HPDBG0297W Unconfigure the policy proxy server
before the policy server. The
unconfiguration failed.
HPDBG0217W The LDAP server host name does
not exist.
Explanation: The unconfiguration was attempted out
of sequence.
Explanation: Same as text.
Administrator response: Same as text.
Administrator response: Ensure the LDAP server host
name was entered correctly, that the server is running,
and that the port was specified correctly.
HPDBG0298W Unconfigure the policy proxy server
before the runtime package. The
unconfiguration failed.
HPDBG0232E Load the Security Access Manager
schema entries.
Explanation: The unconfiguration was attempted out
of sequence.
Explanation: The schema for secAuthority=Default has
not been set up on the LDAP server.
Administrator response: Same as text.
Administrator response: Apply the schema then retry
the command.
HPDBG0322E The specified administrator ID is not
authorized to configurethe server. Check
the ID, password, and port and be sure
the policy serveris configured and
running.
Explanation: Same as text.
76
Version 7.0: Error Message Reference
HPDBG0323E • HPDBG0828E
Administrator response: Log in as an administrative
user and retry the command.
HPDBG0323E The specified administrator ID is not
authorized to configurethe server. Check
the ID, password, and port and be sure
the policy serveris configured and
running.
HPDBG0358E The management domain name,
%s,already exists within LDAP.
Explanation: The domain name must not already exist
within LDAP.
Administrator response: Retry the command
specifying a different domain name or remove the
existing one from LDAP.
Explanation: Same as text.
Administrator response: Ensure the correct user
name, password, and port are specified.
HPDBG0327E LDAP client version %s does not
appear to be installed.The LDAP client
must be installed to use the Active
Directory user registry.
HPDBG0367E Instance '%s' is already configured
('%s').
Explanation: A configuration file for the instance
specified already exists.
Administrator response: Use a different name or
remove the existing configuration file and its associated
key files.
Explanation: Same as text.
Administrator response: Same as text.
HPDBG0331E The version of the installed %s must
be %s or higher.
Explanation: Same as text.
HPDBG0812E An Administrative account must be
used to run this program.
Explanation: The user is not qualified to run the
program.
Administrator response: Log in as an administrative
user and retry the command.
Administrator response: Same as text.
HPDBG0348E The environment variable
JAVA_HOME must be set to an existing
valid JRE before executing this
command.
Explanation: JAVA_HOME is necessary to determine
what JRE to use for the process.
Administrator response: Set the JAVA_HOME variable
then retry the command.
HPDBG0813E Security Access Manager registry
entries could not be created.
Explanation: A problem was detected while trying to
create entries in the system registry.
Administrator response: Be sure another process is
not accessing the registry and retry the command.
HPDBG0826E
The %s service failed to start.
Explanation: The service could not be started.
HPDBG0349E The LDAP client package %s, version
%s does not appear to be installed.
Administrator response: Review log files, the Event
Viewer, or other messages, then retry the command.
Explanation: Same as text.
Administrator response: Install the package and try
the command again.
HPDBG0350E The Tivoli Common Logging
directory cannot be a relative directory.
Explanation: The path is invalid. It must be an
absolute path.
Administrator response: Re-enter the directory.
HPDBG0827E The directory %s could not be
created.
Explanation: The specified directory could not be
created.
Administrator response: Check the permissions of the
parent directory and disk space, then retry the
command.
HPDBG0828E The unconfiguration of the %s server
failed.
HPDBG0351E The Tivoli Common Logging
directory cannot be created.
Explanation: Same as text.
Explanation: The path is invalid. It must be an
absolute path and must allow creation.
Administrator response: Review log files, the Event
Viewer, or other messages, correct the problem, then
retry the command.
Administrator response: Re-enter the directory.
Chapter 2. Security Access Manager Base Messages
77
HPDBG0829W • HPDBG0860E
HPDBG0829W
The %s service could not be deleted.
Explanation: Same as text.
Administrator response: Review log files, the Event
Viewer, or other messages, correct the problem, then
retry the command.
HPDBG0830E The %s server could not be
configured.
Explanation: Same as text.
Administrator response: Review log files, the Event
Viewer, or other messages, correct the problem, then
retry the command.
HPDBG0832E The directory %s could not be
created.
Explanation: Same as text.
Administrator response: Check permissions on the
parent directory and disk space, then retry the
command.
HPDBG0836E
HPDBG0840E An error occurred configuring the %s
service.
Explanation: Same as text.
Administrator response: Review the logs, Event
Viewer, or other messages, correct the problem, then
retry the command.
HPDBG0841E Could not get configuration
information from the Security Access
Manager registry.
Explanation: The process could not access the system
registry properly.
Administrator response: The package may need to be
reinstalled or the registry may be corrupt.
HPDBG0843E
Could not stop the %s service.
Explanation: Same as text.
Administrator response: Review the logs, Event
Viewer, or other messages, correct the problem, then
retry the command.
Could not create keytab directory: %s
Explanation: The directory could not be created.
Administrator response: Check permissions of the
parent directory and disk space, then retry the
command.
HPDBG0837E Startup of Security Access Manager
Policy Server failed.
Explanation: Same as text.
Administrator response: Review the logs, Event
Viewer, or other messages, correct the problem, then
retry the command.
HPDBG0838E Startup of Security Access Manager
Security Server failed.
Explanation: Same as text.
Administrator response: Review the logs, Event
Viewer, or other messages, correct the problem, then
retry the command.
HPDBG0844E The %s package must be removed
first.
Explanation: Same as text.
Administrator response: Remove the specified
package, then retry the command.
HPDBG0857W The Security Access Manager Policy
Server is already configured in this
secure domain.The Security Access
Manager Policy Server must be removed
completely before installing.
Explanation: Same as text.
Administrator response: Same as text.
HPDBG0858W The Security Access Manager Policy
Server appears to be configured on
another machine in the secure domain.
The local Security Access Manager
Policy Server cannot be unconfigured.
Explanation: Same as text.
HPDBG0839E Startup of Security Access Manager
Authorization Server failed.
Explanation: Same as text.
Administrator response: Review the logs, Event
Viewer, or other messages, correct the problem, then
retry the command.
78
Version 7.0: Error Message Reference
Administrator response: Same as text.
HPDBG0860E
GsoInit error 1: Invalid Parameters
Explanation: An invalid parameter was specified.
Administrator response: Correct the parameter and
retry the command.
HPDBG0861W • HPDBG0910W
HPDBG0861W GsoInit error 2: No LDAP
Connection
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: The LDAP host could not be reached.
Administrator response: Ensure the information is
correct, then retry the command.
HPDBG0869W GsoInit error 10: Can't get LDAP
Connection
Explanation: The LDAP server could not be reached.
HPDBG0862W
GsoInit error 3: Not Authorized
Explanation: The user is not authroized to perform
the task.
Administrator response: Ensure the server is running
and that the information is correct, then retry the
command.
Administrator response: Increase the user's authority
or try the command again as a different user.
HPDBG0870W
GsoInit error 11: Not GSO User
Explanation: The user is not a valid GSO user.
HPDBG0863W
GsoInit error 4: Object Exists
Explanation: The object that is trying to be created
already exists.
Administrator response: Delete the object then retry
the command.
HPDBG0864W
GsoInit error 5: Object Not Found
Administrator response: Retry the command as a
valid GSO user.
HPDBG0905E
SBS Unconfiguration Error
Explanation: An error occurred unconfiguring SBS.
Administrator response: Review log files or other
messages, then retry the command.
Explanation: The object could not be found.
Administrator response: Ensure the configuration was
successful, then retry the command.
HPDBG0865W
GsoInit error 6: No GSO Database
Explanation: The GSO database does not exist.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBG0866W
GsoInit error 7: No Suffix
Explanation: The suffix does not exist.
Administrator response: Ensure the configuration was
successful, then retry the command.
HPDBG0867W
GsoInit error 8: GSO Database Exists
Explanation: The database could not be created
because it already exists.
Administrator response: The database could not be
created because it already exists. Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBG0906W
Cannot connect to the LDAP server.
Explanation: The LDAP server could not be reached.
Administrator response: Ensure the server is running
and that the information is correct, then retry the
command.
HPDBG0907W
Invalid LDAP authentication
Explanation: The LDAP server denied the request.
Administrator response: Ensure the LDAP
administrator id and password are correct.
HPDBG0908W
LDAP server not available
Explanation: Same as text.
Administrator response: Ensure the LDAP server is
running and the ports are correct, then retry the
command.
HPDBG0909W Not authorized to perform LDAP
operation
Explanation: The LDAP server denied the request.
Administrator response: Ensure the LDAP
administrator id and password are correct.
HPDBG0868W GsoInit error 9: GSO Unrecoverable
Error
HPDBG0910W Cannot connect to registry server
using SSL.
Explanation: An unknown error occurred.
Explanation: SSL could not be used to communicate
to the registry server.
Administrator response: Check IBM Electronic
Chapter 2. Security Access Manager Base Messages
79
HPDBG0938E • HPDBG1007W
Administrator response: Ensure the ports, key file,
passowrd, and ids are correct, and that the registry
server can use SSL, then retry the command.
HPDBG0992E Notes_ExecDirectory environment
variable not set.
Explanation: Same as text.
HPDBG0938E
Configuration failed.\r
Explanation: The configuration process failed.
Administrator response: Review logs, correct the
problem, then retry the command.
HPDBG0957E Error attempting to shutdown the
system.
Explanation: The system could not be shut down.
Administrator response: Shut down and restart the
system manually.
HPDBG0964E ERROR: SecAuthority=Default suffix
not found on LDAP server. Load
secschema.def before configuring
Security Access Manager
Administrator response: Set the variable, then retry
the command.
HPDBG0993E The Notes install directory is not in
the PATH
Explanation: Same as text.
Administrator response: Set the PATH to include the
Notes install directory, then retry the command.
HPDBG0994E The EXTMGR_ADDINS parameter is
not set in notes.ini.
Explanation: Same as text.
Administrator response: Set the parameter in the
notes.ini file, then retry the command.
Explanation: The LDAP server configuration may not
be completely finished.
HPDBG0997W The notes.ini file does not exist in
the Windows directory.
Administrator response: Apply the schema as
directed, then retry the command.
Explanation: Same as text.
HPDBG0972W Security Access Manager Policy
Server must first be upgraded on this
system.
Explanation: The policy server must be upgraded
before this package.
Administrator response: Upgrade the policy server,
then retry the command.
HPDBG0973E SecAuthority=Default suffix not
found on LDAP server, Security Access
Manager initialization of LDAP failed
Explanation: The LDAP server configuration was not
completed before running this process.
Administrator response: Apply the schema on the
LDAP server, then retry this command.
HPDBG0991E URAFCFG environment variable not
set.
Explanation: Same as text.
Administrator response: Set the variable, then retry
the command.
Administrator response: Ensure the product was
installed correctly, then retry the command.
HPDBG1005E Could not contact the LDAP server.
Possible causes are:The LDAP server is
not running.The LDAP server host name
or port is incorrect.There is an SSL
configuration mismatch between
Security Access Manager and the
registry server.
Explanation: Same as text.
Administrator response: Same as text - correct the
problem, then retry the command.
HPDBG1006E Could not contact the Security Access
Manager Policy Server.Ensure that you
have specified a valid host name and
port number and that Security Access
Manager Policy Server is started before
retrying this operation.
Explanation: Same as text.
Administrator response: Same as text.
HPDBG1007W Could not get the TCP/IP host name
of local machine.
Explanation: Same as text.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
80
Version 7.0: Error Message Reference
HPDBG1032W • HPDBG1100E
support/index.html?ibmprd=tivman
the problem, then retry the command.
HPDBG1032W You are not authorized to update the
schema!
HPDBG1096E The environment variable
JAVA_HOME must be set to an existing
valid JRE before executing this
command.
Explanation: Same as text.
Administrator response: Log in as a different user
and retry the command.
HPDBG1049W Unable to read necessary files. Make
sure that the readpermission is set for
the current user on the following files
located inthe directory specified:
ivmgrd.conf, ivmgrd.kdb, ivmgrd.sth,
pdcacert.b64
Explanation: Same as text.
Administrator response: Same as text.
HPDBG1054W Cannot contact the host
server.Possible causes are:The host
server is not running.The host server
name is incorrect.
Explanation: Same as text.
Administrator response: Ensure the server is running
and that the information is correct, then retry the
command.
HPDBG1056W Could not contact the Domino
server. Possible causes are:The Domino
server is not running.The Domino
server host name is incorrect.The Notes
client password is incorrect for the
active Notes ID file.Verify that
information and then unconfigure and
reconfigure the Runtime component
with the correct values.
Explanation: Same as text.
Administrator response: Same as text.
HPDBG1080E Could not contact the Security Access
Manager Policy Server.Ensure that you
have specified a valid ID, password and
domain name and that Security Access
Manager Policy Server is started before
retrying this operation.
Explanation: Same as text.
Administrator response: Same as text.
HPDBG1083E Error: Command %s failed (0x%x).
Make sure java is in the path.
Explanation: JAVA_HOME is necessary to determine
what JRE to use for the process.
Administrator response: Set the JAVA_HOME variable
then retry the command.
HPDBG1097E The Security Access Manager License
registry key is missing.
Explanation: The current version of Security Access
Manager License must be installed to configure other
Security Access Manager components.
Administrator response: Install Security Access
Manager License from the Security Access Manager
CDs then retry this command.
HPDBG1098E Security Access Manager License is
not installed.
Explanation: The current version of Security Access
Manager License must be reinstalled to configure other
Security Access Manager components. The registry key
may contain an incorrect 'Path' or the path doesn't
match the path returned by the pd_get_path command.
Administrator response: Install Security Access
Manager License from the Security Access Manager
CDs to the same path as the other Security Access
Manager components then retry this command.
HPDBG1099E Security Access Manager License is
not at the required version level.
Explanation: Security Access Manager License must
be at the current level to configure other Security
Access Manager components.
Administrator response: Reinstall the Security Access
Manager License from the current Security Access
Manager CDs then retry this command.
HPDBG1100E Security Access Manager Policy
Server must be unconfigured before it is
removed.
Explanation: The policy server must be unconfigured
before removal.
Administrator response: Unconfigure the policy
server and then retry the removal.
Explanation: See text.
Administrator response: See text, review logs, correct
Chapter 2. Security Access Manager Base Messages
81
HPDBG1101E • HPDBG1137E
HPDBG1101E Security Access Manager policy proxy
server must be unconfigured before it is
removed.
Explanation: The policy proxy server must be
unconfigured before removal.
Administrator response: Unconfigure the policy proxy
server and then retry the removal.
HPDBG1102E Security Access Manager
Authorization Server must be
unconfigured before it is removed.
Explanation: The authorization server must be
unconfigured before removal.
Administrator response: Unconfigure the
authorization server and then retry the removal.
HPDBG1104E Could not contact the Active
Directory server. Possible causes are:The
Active Directory server is not
running.The Active Directory Global
Catalog server is not running.The Active
Directory server host name or domain is
incorrect.
Explanation: Same as text
Administrator response: Make sure that the Active
Directory server or Active Directory Global Catalog
server is running and that the host name specified is
the fully qualified host name.
HPDBG1105E The domain name is different from
the local domain and Security Access
Manager Policy Server is installed on
this machine.If the Policy Server is to be
configured on this machine, make sure
the domain is correct.If Security Access
Manager is configured with the Active
Directory multiple domains option,
make sure this domain is the root of the
Active Directory forest. Policy Server
must be installed and configured on the
root domain of the forest.When using an
LDAP client to communicate with the
Active Directory server for a Security
Access Manager blade server or user
application it's necessary to remove the
Security Access Manager Policy Server
package then retry the configuration.
Explanation: Same as text
Administrator response: If the Policy Server will be
configured on this machine and it is a client of an
Active Directory server, make sure the machine is
logged in to the correct domain. Also note that in order
for Security Access Manager to be configured with
Active Directory multiple domain, the Policy Server
must be installed and configured on the root of the
82
Version 7.0: Error Message Reference
Active Directory forest or a client machine of that root
domain. Correct the problem and retry.
HPDBG1106E Invalid authentication information.
Either the Active Directory admin ID
doesn't exist or the admin password is
incorrect.
Explanation: Same as text
Administrator response: Correct the user ID and
password and retry.
HPDBG1107E Unable to locate the Active Directory
data location information. Make sure
the Active Directory domain is up and
running or check to make sure the
distinguished name for the data location
exists on the Active Directory server
before using it.
Explanation: The Active Directory data location may
not exist or is not yet created in the Active Directory
server.
Administrator response: Correct the the Active
Directory data location information and retry.
HPDBG1120E The pdcacert.b64 file could not be
downloaded from the policy server.
Explanation: The certificate automatic download
failed.
Administrator response: Make sure the policy server
is running.
HPDBG1133W The management domain location
DN, %s, was not found in the LDAP
server. Create the location DN on the
LDAP server or specify a different one.
Explanation: The user specified a location DN for
private policy server data but the DN does not already
exist on the LDAP server.
Administrator response: Create the location DN on
the LDAP server first, or specify an existing one.
HPDBG1137E The windows socket library could not
be loaded.
Explanation: An internal error has occurred.
Administrator response: Ensure that windows socket
support is installed and the library directory is in the
PATH then retry the command. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDBG1156E • HPDBI0162E
HPDBG1156E The file %s could not be deleted.
Errno %d
HPDBI0134E The ldapdb2 user did not get created.
Aborting the configuration.
Explanation: The specified file could not be deleted.
Explanation: The creation of the ldapdb2 user failed
and configuration cannot continue.
Administrator response: Check the permissions of the
file, then retry the command.
HPDBG1169W The compliance type is not valid. It
must be one of: none, fips,
sp800-131-transition, sp800-131-strict,
suite-b-128, suite-b-192.
Explanation: Same as text.
Administrator response: Remove the installed LDAP
server components, reboot, and retry the command.
HPDBI0136E This script only works on: %s.
Explanation: These are the only platforms on which
this process works.
Administrator response: Same as text.
Administrator response: Use this process on one of
the listed platforms only.
HPDBI0026E An error occurred configuring %s.
HPDBI0140E Unable to determine the machine type.
Explanation: Configuration failed for the component.
Explanation: See message.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBI0027E An error occurred while installing %s.
Explanation: The installation of the component failed.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBI0036E Could not change to directory: %s.
Explanation: The directory does not exist or the
permissions are not correct.
Administrator response: Check the permissions and
path of the directory.
HPDBI0084E %s completed with errors. The exit code
was %s.
Explanation: Indicates that the process finished
unsucsessfully.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBI0133W
The file, %s, did not exist during
GSKit configuration.
Explanation: Message indicating that a non-critical file
was not available on the CD during configuration of
GSKIT.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBI0141E The response file, %s, could not be read.
Explanation: The specified response file could not be
read.
Administrator response: Verify the path and
permissions of the response file and retry the
command.
HPDBI0146E You must be the root user to run this
process.
Explanation: See message.
Administrator response: Log in as root and retry the
command.
HPDBI0159E Could not load %s.
Explanation: An expected installation file could not be
loaded.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDBI0162E Ezinstall failed to complete successfully.
Explanation: An error occurred durnig the ezinstall
process.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
Chapter 2. Security Access Manager Base Messages
83
HPDBI0163E • HPDBI0283E
HPDBI0163E The file, %s, could not be read.
Explanation: See message.
Administrator response: Check the existence and
permissions of the file and retry the command.
HPDBI0170E You must have administrator authority
to run this program.
Explanation: The user does not have authority to run
this program.
HPDBI0232E Solaris version 2.7 or later is required to
run the LDAP server.
Explanation: See message.
Administrator response: Upgrade the operating
system and retry the command.
HPDBI0237E %s could not be removed from the
registry.
Explanation: See message.
Administrator response: Log in as the administrative
user and retry the command.
Administrator response: Remove the key manually,
reboot, and retry the command.
HPDBI0175E The file, %s, could not be created.
HPDBI0263E Cannot upgrade the LDAP client. A
previous version of the server exists.
Explanation: The file could not be created.
Administrator response: Check the permissions of the
directory and available disk space, then retry the
command.
HPDBI0196E The current %s version is %s. %s or
higher is required.
Explanation: The process cannot migrate components
that are too old.
Administrator response: Use the supported version
and retry the command.
HPDBI0215E The backup or restore of the
information failed.
Explanation: The migration process could not be
completed.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBI0217W
Start the %s and policy servers if they
are not already started.
Explanation: A previous version of the LDAP server
exists on this machine.
Administrator response: Upgrade the LDAP server on
this machine before continuing.
HPDBI0264E Upgrade the server first, then retry the
command.
Explanation: A previous version of the server exists
on this machine.
Administrator response: Upgrade the LDAP server on
this machine before continuing.
HPDBI0266E Cannot upgrade Security Access
Manager runtime because a previous
version of the policy server exists.
Explanation: See message.
Administrator response: Upgrade the policy server
then retry the command.
HPDBI0276E Check that the server is configured
properly and running.
Explanation: The servers must be running before
continuing.
Explanation: Inform the user that the host name
specified was invalid.
Administrator response: Start the servers at this time,
then continue.
Administrator response: Check the host name entered
and make sure it is running the software.
HPDBI0222E Ezinstall is not supported on this
platform.
HPDBI0283E The %s server did not start properly.
Explanation: See message.
Administrator response: Move to a supported
platform and retry the command.
84
Version 7.0: Error Message Reference
Explanation: A problem prevented the server from
starting.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDBI0285E • HPDCF0055E
HPDBI0285E An error occurred while installing %s
patches.
Explanation: The patch could not be installed due to
an error.
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDCF0002E
A memory allocation error resulted in
the termination of the program. Check
the maximum allowable memory and
the amount of system paging space as
these may both need to be increased.
Explanation: See message.
Administrator response: Increase the maximum
allowable memory and the system paging space or shut
down one or more applications.
HPDCF0003E
The file, %s, could not be opened.
Ensure that file exists and that the file
permissions allow access.
HPDCF0009E
Explanation: See message.
Administrator response: Reinstall the product.
HPDCF0033E
HPDCF0004E
The file, %s, could not be read.
Ensure that file exists and that the file
permissions allow read access.
Explanation: See message.
Administrator response: Make sure the file exists and
that the permissions are set so this process can access
it.
HPDCF0005E
The current time could not be
obtained.
Administrator response: Stop the server and retry the
command.
HPDCF0051E
HPDCF0006E
The file, %s, could not be modified.
Ensure that file exists and that the file
permissions allow write access.
Explanation: See message.
Administrator response: Make sure the file exists and
that the permissions are set so this process can access
it.
The file, %s, was not found.
Explanation: See message.
Administrator response: Check the path to the file, its
permissions, fix the problem then retry the command.
HPDCF0052E
The request to change the key file
password failed.
Explanation: An internal error has occurred or access
to perform the operation was denied.
Administrator response: Ensure that the administrator
ID being used to permorm this cmmand has authority.
HPDCF0053E
The request to renew the server
certificate failed.
Explanation: An internal error has occurred or access
to perform the operation was denied.
Administrator response: Ensure that the administrator
ID being used to permorm this cmmand has authority.
HPDCF0054E
Explanation: See message.
Administrator response: Retry the command and if
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
The file, %s, is in use.You must stop
the server or application before using
this command.
Explanation: An attempt was made to modify the
configuration of an active server application.
Explanation: See message.
Administrator response: Make sure the file exists and
that the permissions are set so this process can access
it.
The installation directory could not be
determined. Ensure that the product is
installed correctly.
An operating system function for
obtaining the local TCP/IP host name
has failed. The error code is %d.
Explanation: See message text.
Administrator response: Ensure that the TCP/IP host
name of the system is properly configured and retry
the command.
HPDCF0055E
Socket initialization failed. The error
code is %d.
Explanation: Unable to initialize a necessary socket
communication.
Administrator response: Retry the operation and if
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
85
HPDCF0057E • HPDCF0101E
HPDCF0057E
A replica entry for the specified host
name already exists in the configuration
file.
Explanation: An attempt was made to add an
authorization server replica that already exists in the
specified configuration file.
Administrator response: If the replica name was
incorrectly specified, retry the command specifying the
correct name.
HPDCF0058E
A replica entry for the specified host
name was not found in the
configuration file.
Explanation: An attempt was made to change an
authorization server replica that does not exist in the
specified configuration file.
Administrator response: Retry the command
specifying the correct parameters.
HPDCF0059E
A replica entry in the configuration
file is corrupted.
Explanation: The configuration file contains invalid
data.
Administrator response: First unconfigure then
reconfigure the server application and then retry the
command.
HPDCF0060E
The user registry type cannot be
determined. Ensure that Security Access
Manager runtime is properly installed
and configured.
Administrator response: Ensure that the policy server
is properly configured and started and retry the
command.
HPDCF0074E
Explanation: See message.
Administrator response: The server must first be
unconfigured before retrying this command.
HPDCF0079E
HPDCF0061E
The function, %s, returned the error
code: 0x%8.8lx.
Explanation: An internal error has occurred.
Administrator response: Retry the command and if
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Refer to previous messages
that have appeared on the screen for more details. Fix
the problem and then retry the command.
HPDCF0084E
Could not connect to the Security
Access Manager policy server. Error
code is 0x%8.8lx.Ensure that the policy
server host name, port and local domain
name are correct.
Explanation: The policy server may not be properly
configured or is not started.
86
Version 7.0: Error Message Reference
File %s is missing essential
information.You must first use the
-config action to create the initial
configuration file.
Explanation: See message.
Administrator response: Specify a valid configuration
file or use the -config action to create one.
HPDCF0085E
The configuration file %s is not
valid.Ensure that Security Access
Manager runtime is properly
configured.
Explanation: See message.
Administrator response: Ensure that the Security
Access Manager runtime is properly configured.
HPDCF0086E
The configured user registry type is
not supported.
Explanation: See message.
Administrator response: Ensure that the Security
Access Manager runtime is properly configured.
HPDCF0101E
HPDCF0062E
SSL configuration failed. The error
code is 0x%8.8lx.
Explanation: The command failed. This message is
preceded by other messages that more fully describe
the cause of the failure.
Explanation: Unable to determine the registry type.
Administrator response: Reconfigure Security Access
Manager runtime.
The keyring database files already
exist. This indicates that the server
might already be configured or partially
configured.
Configuration cannot be performed
for server %s.File %s already exists. The
server might already be configured.
Explanation: See message.
Administrator response: The server must first be
unconfigured before it can be reconfigured.
HPDCF0104W • HPDCF0133E
HPDCF0104W This usage is deprecated. Refer to the
help for the correct usage of this
command.
HPDCF0123E
Explanation: A usage error has occurred.
Explanation: See message.
Administrator response: Type the command and
action to see the command help.
Administrator response: Configure a listening port
before enabling listening mode or disable listening
mode.
HPDCF0116E
The keyring database or file, %s,
could not be modified. Ensure that file
exists and that the file permissions
allow write access.
Explanation: See message.
Administrator response: Make sure the file exists and
that the permissions are set so this process can access
it.
HPDCF0117E
An error occurred in the IKeyMan
API. Configuration failed.
Explanation: An internal error has occurred.
Administrator response: Retry the command and if
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDCF0118E
Configuration failed. The specified
configuration file does not exist or you
do not have the proper permissions to
access the configuration file.
Explanation: The specified configuration file is
invalid.
Administrator response: Ensure that the configuration
file exists and that you have the required permissions
to write to the file.
HPDCF0120E
An application server with the
specified name is already configured.
You must use a different name or
unconfigure the existing application
The currently configured SSL
listening port number cannot be zero if
listening mode is enabled.
HPDCF0126W The Security Access Manager policy
server has been configured to disallow
downloading of its CA certificate. A root
CA certificate base64 file must be
available on the local machine in order
to configure.
Explanation: See message.
Administrator response: Contact your Security Access
Manager administrator to obtain the secure domain's
root CA certificate. This file was saved as
"pdcacert.b64" when the policy server was configured.
Retry the command specifying the location of the
"pdcacert.b64" file on your local machine.
HPDCF0127E
Download of the root CA certificate
failed. Ensure that the Security Access
Manager policy server host and port are
specified correctly and that the correct
version of the policy server is
configured and running properly.
Explanation: Unable to download the root CA
certificate file.
Administrator response: Be sure the policy server is
configured to allow automatic download of this file
and that the specified host and ports are correct.
HPDCF0129W The value %s of ca-cert-downloadenabled keyword in ivmgrd.conf file is
incorrect. Acceptable values are yes or
no. Downloading of the secure domain's
root CA certificate is disabled.
Explanation: See message.
Administrator response: The server must first be
unconfigured before retrying the command.
Administrator response: If the root CA certifcate
downloading is desired, edit the ivmgrd.conf file and
correct the ca-cert-download-enabled parameter to "yes"
or "no", then restart the policy server.
HPDCF0122E
HPDCF0133E
Explanation: See message.
If listen mode is enabled, the
listening port must be specified with
the -r parameter.
Explanation: A port parameter is required when
listening mode is enabled.
Administrator response: Specify the missing port
parameter.
The Security Access Manager policy
server is not responding. Verify the host
name and port, and verify that the
server is started.
Explanation: See message.
Administrator response: Start the policy server then
retry the command, and ensure that the port and host
name was entered correctly.
Chapter 2. Security Access Manager Base Messages
87
HPDCF0134E • HPDCF0170E
HPDCF0134E
A listening port number of zero is
allowed only if the [aznapi-adminservices] stanza in the configuration file
is empty.
Explanation: An invalid value was detected in the
configuration files.
Administrator response: Either specify a non-zero
port number or edit the configuration file to remove
the "[aznapi-admin-services]" stanza before retrying the
command.
HPDCF0140E
The keyring database could not be
located using the specified configuration
file.
Explanation: Either the wrong configuration file was
specified, it contains invalid data or the keyring
database does not exist.
Administrator response: Ensure that the specified
configuration file is correct or unconfigure and
reconfigure the application.
HPDCF0161E
Explanation: The configuration file does not contain
information required to perform the command. The
configuration file is not valid or the application must
be configured.
Administrator response: Specify a valid configuration
file or use the -config action to create one.
HPDCF0164E
The specified configuration file does
not exist or you do not have the proper
permissions to access the file.
Explanation: The specified configuration file cannot be
opened.
Administrator response: Ensure that the configuration
file exists and that you have the required permissions
to write to the file.
HPDCF0158E
Administrator response: Ensure that the configuration
file exists, that you have the required permissions to
write to the file, and that the DN does not already
exist.
Administrator response: Ensure that the specified
stanza/key pair are valid values.
HPDCF0159E
The specified configuration file may
be corrupted.
Explanation: The specified configuration file is
invalid.
Administrator response: Ensure that the configuration
file is a valid stanza-based file.
HPDCF0160E
Unknown error occurred while
reading and writing to the configuration
file.
Explanation: The specified configuration file is
invalid.
Administrator response: Ensure that the configuration
file is a valid stanza-based file.
88
Version 7.0: Error Message Reference
Cannot display configuration file
information from the obfuscated version
of the file.
Explanation: The specified stanza/key pair cannot be
displayed because the pair is in the obfuscated version
of the configuration file.
Administrator response: None
HPDCF0166E
The specified stanza/key pair does not
exist in the specified configuration file.
Explanation: The specified stanza/key pair is invalid.
They do not exist in the given configuration file.
Configuration failed. An error
occurred creating the specified DN,
accessing a configuration file, or setting
up the keyfile.
Explanation: An error occurred in relation to creating
the DN.
HPDCF0165E
HPDCF0157E
The configuration file is missing
essential information.
Cannot modify information in the
specified version of the configuration
file because it exists in the alternate
version.
Explanation: If a stanza/key/value exists in the
obfuscated config file then trying to modify it in the
non-obfuscated config file is not allowed. The same
restriction applies to modifying a stanza/key/value in
the non-obfuscated config file, that already exists in the
obfuscated config file
Administrator response: Remove the
stanza/key/value from the appropriate config file
before setting a new value to the alternate config file
HPDCF0170E
Instance '%s' is already configured
('%s').
Explanation: A configuration file for the instance
specified already exists.
Administrator response: Use a different name or
remove the existing configuration file and its associated
key files.
HPDCF0179E • HPDDB0607E
HPDCF0179E
The compliance value '%s' is not valid
for ssl-compliance in pd.conf. It must be
one of the following values: 'none',
'fips', 'sp800-131-transition',
'sp800-131-strict', 'suite-b-128',
'suite-b-192'.
Explanation: The pd.conf [ssl] ssl-compliance value is
not a valid value.
Administrator response: Correct the value in pd.conf
and retry the command.
HPDCF0180E
The -C compliance value '%s' is not
valid and must be one of the following
values: 'none', 'fips',
'sp800-131-transition', 'sp800-131-strict',
'suite-b-128', 'suite-b-192'.
Explanation: The -C value is not a valid value.
Administrator response: Retry the command with a
valid value.
HPDDB0150E
that sufficent disk space is available in the file system.
HPDDB0603E Could not fetch object from backing
database (%s, 0x%8.8lx).
Explanation: The policy server is unable to retrieve an
item from the policy database.
Administrator response: No action is required.
HPDDB0604E Could not write object to backing
database (%s, 0x%8.8lx).
Explanation: The policy server is unable to update the
policy database.
Administrator response: Ensure that sufficient disk
space is available in the file system. If a server restart
does not resolve the problem, use the pdacld_dump
utility to verify the policy database. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Not implemented
Explanation: This message is obsolete.
Administrator response: No action is required.
HPDDB0450W Could not bind to server (%s,
0x%8.8lx).
Explanation: The application is unable to contact the
policy server.
Administrator response: Verify that the policy server
host name and port number are configured correctly
and that the remote host can be contected directly
through the network.
HPDDB0451E CDS entry for database server does
not exist (%s).
Explanation: Message is obsolete.
Administrator response: No action required.
HPDDB0601E Could not close backing database
(0x%8.8lx).
Explanation: The policy database could not be closed
during replication or server shutdown.
Administrator response: Restart the application.
HPDDB0602E Could not create backing database
(%s, 0x%8.8lx).
Explanation: The primary policy database could not
be created or initialized.
Administrator response: Verify the policy database
pathname configuration and file permissions. Ensure
HPDDB0605E Could not delete object from backing
database (%s, 0x%8.8lx).
Explanation: The policy server is unable to update the
policy database.
Administrator response: Ensure that sufficient disk
space is available in the file system. If a server restart
does not resolve the problem, use the pdacld_dump
utility to verify the policy database. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDDB0606E Could not initialize database iterator
(0x%8.8lx).
Explanation: The policy server is unable to retrieve an
item from the policy database.
Administrator response: Use the pdacld_dump utility
to verify that the policy database can be read. Compare
the number of objects read with the expected number
of objects. If these numbers differ, use the
pdacld_dump utility to rebuild the policy database. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDDB0607E Could not fetch next database
element (0x%8.8lx).
Explanation: The policy server is unable to retrieve an
item from the policy database.
Administrator response: Use the pdacld_dump utility
Chapter 2. Security Access Manager Base Messages
89
HPDDB0608E • HPDDB0901E
to verify that the policy database can be read. Compare
the number of objects read with the expected number
of objects. If these numbers differ, use the
pdacld_dump utility to rebuild the policy database. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDDB0608E Could not build initial database
replica (%s, 0x%8.8lx).
Explanation: A policy database replication operation
has failed and a replica policy database is unavailable.
Administrator response: If a policy replica exists,
move it to a temporary location. Try an application
restart. If the problem persists, check Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDDB0609E Could not rebuild database replica
(%s, 0x%8.8lx).
Explanation: A policy database replication operation
has failed.
Administrator response: If a policy replica exists,
move it to a temporary location. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDDB0751E Could not decode object (%ld,
0x%8.8x).
Explanation: An error occurred interpreting an item
from the policy database.
Administrator response: Run the pdacld_dump utility
to verify the database integrity and if necessary, rebuild
the policy database.
HPDDB0752E Could not encode object (%ld,
0x%8.8x).
Explanation: An error occurred while storing an item
to the policy database.
Administrator response: Restart the policy server and
run the pdacld_dump utility to verify the database
integrity.
HPDDB0753E
Could not find object (%s).
Explanation: The policy server is unable to retrieve an
item from the policy database.
Administrator response: No action is required.
HPDDB0754E
Object type is unknown.
Explanation: Message is obsolete.
Administrator response: No action is required.
HPDDB0755E
Unexpected object type.
Explanation: Message is obsolete.
HPDDB0611E Invalid database specified for
replication.
Administrator response: No action is required.
Explanation: The policy server is unable to provide
replication services.
HPDDB0756E The policy database is not ready for
use.
Administrator response: Restart the policy server. If
this problem persists, check Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal error has occurred which
prevents the application from retrieving records from
security policy database.
HPDDB0612E Replica database version is
incompatible and will be replaced.
Administrator response: If a server restart does not
resolve the problem, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: The application has detected an
incompatible version of the policy database. The
database is replaced automatically.
HPDDB0901E Could not bind to client for
notification (%s, 0x%8.8lx).
Administrator response: No action is required.
Explanation: The policy server was unable to contact
the client for a policy database update notification.
HPDDB0750E
Administrator response: Ensure that the application is
available to receive notifications.
Invalid object name (%s).
Explanation: Message is obsolete.
Administrator response: No action is required.
90
Version 7.0: Error Message Reference
HPDDB0906E • HPDDL0004E
HPDDB0906E
Client not found.
Explanation: An attempt was made to retrieve
information about an unknown client.
Administrator response: No action is required.
HPDDB0907E
Client already exists.
Explanation: An attempt was made to add a client
which already exists.
Administrator response: No action is required.
HPDDB1050E Could not download object (%s,
0x%8.8lx).
Explanation: Message is obsolete.
Administrator response: No action is required.
HPDDB1051E Remote update detected - aborting
download.
Explanation: The application received multiple policy
update notifications. The secondary notifications are
discarded.
host name and port number are configured correctly
and that the remote host can be contected directly
through the network.
HPDDB1060W Could not check synchronization
with master database server - using local
replica instead.
Explanation: A new policy database could not be
downloaded. The existing database is used.
Administrator response: No action is required.
HPDDB1061E Critical failure during DB replication
- aborting (0x%8.8lx).
Explanation: The application is unable to create a
policy database replica. The application aborts.
Administrator response: If a policy replica exists,
move it to a temporary location. Ensure that the files
system has sufficent disk space and that file and
directory permissions are correct. Try an application
restart. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: No action is required.
HPDDB1052E Could not read database header
(0x%8.8lx).
HPDDB1062W Could not rebuild local replica continuing to use existing replica
(0x%8.8lx).
Explanation: The policy database could not be opened
and initialized.
Explanation: The application is not able to update the
existing policy database. The existing database is used.
Administrator response: The database file might have
incorrect permissions br truncated or corrupted. Verify
that policy database file permissions are valid. Also,
ensure that sufficient disk space is available in the file
system and restart the application. For local-mode
applications, if the problem persists, recreate the replica
by moving the database to a temporary location and
restarting the application. For the policy server, restore
a backup database or use the pdacld_dump utility to
salvage the existing database.
Administrator response: Ensure that the file system
has sufficent disk space. If this problem persists, restart
the policy server.
HPDDB1053E Could not write database header
(0x%8.8lx).
Explanation: The primary policy database could not
be created or initialized.
Administrator response: Verify the policy database
pathname configuration and file permissions. Ensure
that sufficent disk space is available in the file system.
HPDDL0001E
Explanation: The database was not opened before this
database call.
Administrator response: Call pd_db_open before this
database procedure.
HPDDL0002E
Explanation: The application is unable to contact the
policy server.
Administrator response: Verify that the policy server
Database filename missing.
Explanation: The database filename was not supplied
when trying to open the database with pd_db_open.
Administrator response: Call pd_db_open with a
valid database filename.
HPDDL0004E
HPDDB1054W Master database server is
unavailable (0x%8.8lx).
Database not open.
The data type is not known or is
incorrectly specified.
Explanation: An attempt was made to create a
database without specifying an index type or to open
an existing database with an incorrect type.
Administrator response: When creating a new
Chapter 2. Security Access Manager Base Messages
91
HPDDL0005E • HPDED0102E
database, the data_type (pd_db_type_t) parameter must
be either pd_db_type_ivobj or pd_db_type_encoded.
When opening an existing database, the data type must
match the type used when the database was first
created.
HPDDL0005E
The data type (pd_db_type_t) in the
flags parameter does not match the type
in the database.
Explanation: The data type parameter to pd_db_open
did not match the type stored in the database.
Administrator response: Call pd_db_open with the
data type that matches the database data type.
HPDDL0009E
Database create failure - data file
already exists.
Explanation: When attempting to open a database
with the PD_DB_CREATE flag the specified database
file was found to already exist.
Administrator response: Do not open an existing
database with the PD_DB_CREATE flag, Or, you can
remove the database file if a new (and empty) database
is desired.
HPDDL0011E
Database open failure - permission
denied
Explanation: The server does not have permission to
open the database file. The open call returned EACCES.
Administrator response: Run the process as the
operating system user who has permission to access the
database, or change the permission of the database file
itself or the path to it.
HPDDL0015E
Explanation: The database-delete procedure has failed.
Administrator response: Examine the global variable,
errno, for further information.
HPDDL0017E
Database open failure.
Explanation: The database-open procedure has failed.
Administrator response: Examine the global variable,
errno, for further information. Database open failures
can also occur if codepage conversion tables are not
accessible or could not be initialized.
HPDDL0013E
Database store failure.
Explanation: The database-store procedure has failed.
Administrator response: Examine the global variable,
errno, for further information.
HPDDL0014E
Database fetch failure.
Explanation: The database-fetch procedure has failed.
Administrator response: Examine the global variable,
errno, for further information.
92
Version 7.0: Error Message Reference
This database does not contain a
valid header.
Explanation: An attempt to fetch the database header
failed. The database might be truncated or otherwise
corrupted.
Administrator response: Use the pdacld_dump utility
to validate and if necessary, repair the database.
HPDDL0023E
The operation is not allowed while
iterating.
Explanation: A call to either a function that alters a
backing store (a store or delete operation) or one that
starts another iteration was attempted while iterating.
This is not allowed.
Administrator response: Do not call routines that alter
the backing store or nest iterations while in an iteration
loop.
HPDED0100E
Invalid argument: Null context.
Explanation: A nonnull PDContext object is required
to communicate with the Security Access Manager
policy server.
Administrator response: Ensure that the context
argument is nonnull.
HPDED0101E
HPDDL0012E
Database delete operation failure.
Unknown message code: %s.
Explanation: The text for the message code could not
be found in the message catalogs installed on the local
system. This typically means that the policy server is at
a more recent level than the client and has returned a
code undefined in the client runtime. The
documentation associated with the policy server
installation should include the message code.
Administrator response: Consult the Error Message
Reference to obtain the message text, explanation, and
suggested actions for the message code.
HPDED0102E
The specified configuration or
keystore file already exists.
Explanation: The 'create' configuration action is
designed to check for existing files and fail if they are
found in order not to overwrite them accidentally.
Administrator response: To preserve existing files,
specify new configuration and keystore file names. To
overwrite existing files, specify the 'replace'
configuration action.
HPDED0200E • HPDED0210E
HPDED0200E
Invalid argument: Null context.
Explanation: A nonnull PDContext object is required
to communicate with the Security Access Manager
policy server.
Administrator response: Ensure that the context
argument is nonnull.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0206E
HPDED0201E
The AmIdentity does not contain a
valid name.
Explanation: The AmIdentity does not contain a valid
name.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0202E
The AmObject cannot be created from
the encoded object.
Explanation: The AmObject cannot be created from
the encoded object.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0203E
The object type requested is
unexpected.
Explanation: The object type requested is unexpected.
The object cannot be decoded.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0204E
The configuration information cannot
be stored to file.
Explanation: The configuration information cannot be
stored to file.
Administrator response: Ensure that the configuration
file is writable.
Explanation: Could not get socket input stream.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0207E
The temporary database file %s
cannot be written.
Explanation: The temporary database file cannot be
written.
Could not read data from data input
stream or socket.
Explanation: Could not read data from data input
stream or socket.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0208E
Could not write data to data output
stream or socket.
Explanation: Could not write data to data output
stream or socket.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0209E
An error occurred while creating
database sequence property file.
Explanation: Unable to create database sequence
property file in PolicyDirector/db directory of the
AM_INSTALL_DIR.
Administrator response: Ensure that the user has the
necessary permissions to create file in the
<AM_INSTALL_DIR>/PolicyDirector/db directory.
HPDED0210E
HPDED0205E
Could not get socket input stream.
An error occurred while loading
database sequence property file.
Explanation: Unable to load database sequence
property file in PolicyDirector/db directory of the
AM_INSTALL_DIR.
Administrator response: Ensure that the user has the
Chapter 2. Security Access Manager Base Messages
93
HPDED0211E • HPDED0408E
necessary permissions to read/write database sequence
property file in the <AM_INSTALL_DIR>/
PolicyDirector /db directory.
Administrator response: Ensure that the
keyword/value for 'filename=<db pathname>' is
correctly specified in the configuration file.
HPDED0211E
HPDED0404E
The database sequence information
cannot be stored to file.
Invalid state: Expected %d, but got %d
from database.
Explanation: The database sequence information
cannot be stored to file.
Explanation: An internal error occurred. The database
may have been corrupted.
Administrator response: Ensure that the user has the
necessary permissions to read/write database sequence
property file in the <AM_INSTALL_DIR>/
PolicyDirector /db directory.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0300E
Invalid argument: Null context.
Explanation: A nonnull PDContext object is required
to communicate with the Security Access Manager
policy server.
Administrator response: Ensure that the context
argument is nonnull.
HPDED0400E
Invalid argument: Too many
properties.
Explanation: The database filename configured for the
application is not specified correctly in the
configuration file.
Administrator response: Ensure that the
keyword/value for 'filename=<db pathname>' is
correctly specified in the configuration file.
HPDED0401E
Invalid argument: Filename property
not found.
Explanation: The database filename configured for the
application is not specified correctly in the
configuration file.
Administrator response: Ensure that the
keyword/value for 'filename=<db pathname>' is
correctly specified in the configuration file.
HPDED0405E
Explanation: See text.
Administrator response: Ensure the versions of the
local Security Access Manager runtime environment
and policy server are supported. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0406E
Invalid argument: Filename not
supplied.
Explanation: The database filename configured for the
application is not specified correctly in the
configuration file.
A database object cache store
operation failed.
Explanation: An error occurred while attempting to
retrieve an entry from the database object cache.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0407E
HPDED0402E
The version of the local replicated
database is downlevel and not
supported.
A database object cache retrieve
operation failed.
Explanation: An error occurred while attempting to
write an entry to the database object cache.
Administrator response: Ensure that the
keyword/value for 'filename=<db pathname>' is
correctly specified in the configuration file.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0403E
HPDED0408E
Invalid state: Could not open
database.
Explanation: The database file specified in the
configuration file could not be opened.
A database file read operation failed.
Explanation: An error occurred while attempting to
read the database file. The database could be corrupted.
Administrator response: Refer to the Security Access
94
Version 7.0: Error Message Reference
HPDED0409E • HPDIA0103E
Manager error log for more information. Ensure the
Security Access Manager is up and running and the
application is properly configured. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDED0409E
The database file was not found.
Explanation: The database file was not found in the
location specified by the configuration file.
Administrator response: Ensure the Security Access
Manager is up and running and the application is
properly configured.
HPDHZ0001E
Explanation: The file is either invalid or cannot be
read.
Administrator response: Ensure the file is valid and
can be read.
HPDHZ0002E
Could not read policy database
header.
Explanation: The policy database header information
could not be read. The database could be corrupted or
have incorrect permissions.
Administrator response: Verify that the policy
database file permissions are valid. Also, ensure that
sufficient disk space is available in the file system and
restart the application. For local-mode applications, if
the problem persists, recreate the replica by moving the
database to a temporary location and restarting the
application.
HPDED0411E
Invalid state: Policy retrieval error.
Explanation: An unexpected error occurred while
retrieving policy data from the database. The database
could be currupted.
Administrator response: Ensure the Security Access
Manager is up and running and the application is
properly configured. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDED0412E
Startup failure: Local policy database
unavailable.
Explanation: An error occurred while attempting to
retrieve the policy database from the Security Access
Manager policy server at application statup. A
subsequent attempt to start the application with a valid
local copy of the database also failed.
Administrator response: Ensure both the Security
Access Manager and the user registry server are up and
running, and the application is properly configured.
Unable to read the file:
Explanation: The file is either invalid or cannot be
read.
Administrator response: Ensure the file is valid and
can be read.
HPDIA0100E
HPDED0410E
Unable to parse the file:
An internal error has occurred.
Explanation: The authentication switch encountered
an unexpected internal error.
Administrator response: Retry the operation. If the
problem persists contact your IBM service
representative.
HPDIA0101E
An unexpected error code was
encountered.
Explanation: The authentication switch encountered
an unexpected error code.
Administrator response: Retry the failing operation. If
the problem persists, contact your IBM service
representative.
HPDIA0102E
Unable to open shared library.
Explanation: An attempt to open a shared library
failed.
Administrator response: Make sure that the path to
the shared library is correct, or if the full path is not
specified make sure that the library is present in
/usr/lib on UNIX systems or is in the path on
Windows systems.
HPDIA0103E
Unable to locate symbol in shared
library.
Explanation: An attempt to retrieve a symbol from a
shared library failed. The most probable reason for the
error is that the library was built incorrectly.
Administrator response: If the failing library is
supplied as part of Security Access Manager, retry the
operation. If the problem persists, contact your IBM
service representative.
Chapter 2. Security Access Manager Base Messages
95
HPDIA0104E • HPDIA0118W
HPDIA0104E
The authentication mechanism is
incorrectly specified.
Explanation: The authentication mechanism is not
specified or invalid in the .conf configuration file.
Administrator response: Make sure the correct
authentication mechanism is specified in the
[authentication-mechanisms] stanza of the .conf
configuration file.
HPDIA0105W
Invalid authentication method.
Explanation: The specified authentication method is
either invalid or unsupported in the current product
configuration.
Administrator response: Verify the validity of the
specified authentication method.
HPDIA0110E
An authentication mechanism module
specific error occurred.
Explanation: A configured authentication mechanism
module generated an unexpected error.
Administrator response: If the failing authentication
mechanism module is supplied as part of Security
Access Manager, retry the operation. If the problem
persists, contact your IBM service representative.
HPDIA0111E A memory allocation call failed.
Explanation: In most cases this error due to the
application program running out of memory.
Administrator response: Ensure that the application
has been configured with sufficient virtual memory for
its requirements. The Security Access Manager
Performance Tuning Guide contains instructions on
how to ensure that the application is configured with
the correct a mount of virtual memory. Stop and restart
the process. If the problem persists then contact your
IBM service representative.
HPDIA0112E
The current authentication module
operation terminated due to an
exception.
Explanation: See message.
Administrator response: Retry the failing operation. If
the problem persists, contact your IBM service
representative.
HPDIA0113E
Could not acquire a client credential.
Major status = 0x%8.8lx, minor status =
0x%8.8lx
Explanation: A request to create a client credential
was denied by the Security Access Manager
Authorization API.
96
Version 7.0: Error Message Reference
Administrator response: Retry the failing operation. If
the problem persists, contact your IBM service
representative.
HPDIA0114E
Could not acquire a client credential.
Explanation: A request to create a client credential
was denied by the Security Access Manager
Authorization API.
Administrator response: Retry the failing operation. If
the problem persists, contact your IBM service
representative.
HPDIA0115E
Unknown identity type.
Explanation: Unrecognized identity information
returned from an authentication mechanism module.
Administrator response: Check the identity
information returned from the module and, if the
failing authentication mechanism module is supplied as
part of Security Access Manager, retry the failing
operation. If the problem persists, contact your IBM
service representative.
HPDIA0116E
Can't load extended attributes into the
client credential.
Explanation: Security Access Manager was unable to
annotate the client credentials with extended attributes
returned from an authentication mechanism module.
Administrator response: Retry the failing operation. If
the problem persists, contact your IBM service
representative.
HPDIA0117E
Can't select authentication mechanism.
Explanation: Security Access Manager was unable to
authenticate a client because no suitable authentication
mechanisms are configured.
Administrator response: Make sure the correct
authentication mechanism is configured in the
[authentication-mechanisms] stanza of the .conf
configuration file.
HPDIA0118W Authentication method is not
supported.
Explanation: Security Access Manager was unable to
authenticate a client because the authentication method
employed is not supported.
Administrator response: Use a different authentication
method.
HPDIA0119W • HPDIA0202W
HPDIA0119W Authentication mechanism is not
available.
HPDIA0126W Authentication method (%s) is not
configured.
Explanation: Security Access Manager was unable to
authenticate a client because the authentication
mechanism is currently out of service.
Explanation: Security Access Manager was unable to
authenticate a client because the authentication method
employed is not configured.
Administrator response: Make sure the registry server
(LDAP server,or DOMINO server, or other type of
registry server) is up running.
Administrator response: Make sure the employed
authentication method is configured in the
[authentication-mechanisms] stanza of the .conf
configuration file.
HPDIA0120W Not authorized to perform the current
operation.
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
HPDIA0121W
Administrator response: Consult documentation for
operation.
Unable to open shared library %s: %s.
Explanation: An attempt to open a shared library
failed.
Administrator response: Examine the reason given in
the error message, and attempt to correct the problem.
Make sure that the path to the shared library is correct,
or if the full path is not specified make sure that the
library is present in /usr/lib on UNIX systems or is in
the path on Windows systems.
HPDIA0123E
Explanation: See message.
Administrator response: An authorization decision
result. No action is required.
The requested operation is not valid.
Explanation: Security Access Manager was unable to
perform a requested operation because it is not valid.
An example would be a token authentication user
attempting to change their password
HPDIA0122E
HPDIA0127W User %s is not authorized to perform
the current operation.
Unable to locate symbol %s in shared
library %s: %s.
Explanation: An attempt to retrieve a symbol from a
shared library failed, probably because the symbol was
not found. The most probable reason for the error is
that the library was built incorrectly.
Administrator response: If the failing library is
supplied as part of Security Access Manager, retry the
operation. If the problem persists, contact your IBM
service representative.
HPDIA0125W Authentication method (%s) is not
supported.
HPDIA0128W The requested operation by user %s
is not valid.
Explanation: Security Access Manager was unable to
perform a requested operation because it is not valid.
An example would be a token authentication user
attempting to change their password
Administrator response: Consult documentation for
operation.
HPDIA0200W Authentication failed. You have used
an invalid user name, password or client
certificate.
Explanation: See message.
Administrator response: Check your authentication
information and try again.
HPDIA0201W The client supplied invalid
authentication information.
Explanation: Invalid authentication information was
presented to Security Access Manager.
Administrator response: Check the format of the
authentication information and try again.
HPDIA0202W An unknown user name was
presented to Security Access Manager.
Explanation: Security Access Manager could not locate
the supplied user name in the authentication registry.
Administrator response: Check the supplied user
name information and try again.
Explanation: Security Access Manager was unable to
authenticate a client because the authentication method
employed is not supported.
Administrator response: Use a different authentication
method.
Chapter 2. Security Access Manager Base Messages
97
HPDIA0203W • HPDIA0217W
HPDIA0203W
Authentication retry limit reached.
Explanation: The user has performed too many
consecutive invalid authentication attempts.
Administrator response: Contact your Security Access
Manager administrator.
HPDIA0204W
The user's password has expired.
Explanation: See message.
HPDIA0211W A client certificate could not be
authenticated.
Explanation: A client certificate could not be
authenticated.
Administrator response: Check the client certificate
HPDIA0212W The data contained in the HTTP
header %s failed authentication.
Administrator response: Contact your Security Access
Manager administrator, and change your password.
Explanation: The request an HTTP header that
Security Access Manager was configured to use as
authentication data. This data failed authentication.
HPDIA0205W
Administrator response: Check the request, the proxy
server (if one is used), and the mapping library
The user's account has expired.
Explanation: See message.
Administrator response: Contact your Security Access
Manager administrator.
HPDIA0214W IP address based authentication
failed
HPDIA0206W Login rejected due to policy
violation.
Explanation: Security Access Manager is configured to
authenticate using the client IP address, which was
either unavailable or invalid
Explanation: Login rejected due to policy enforced for
the account.
Administrator response: Check Security Access
Manager configuration and/or authentication library
Administrator response: Contact your Security Access
Manager network administrator.
HPDIA0215E
HPDIA0207W A PIN must be assigned to enable
account
Explanation: The administrator attempting to SU
entered a username which does not exist in the registry.
Explanation: A PIN must be assigned to enable
account
Administrator response: Verify that username exists
in user registry.
Administrator response: Contact system administrator
to assign new PIN
HPDIA0216E
HPDIA0208W
User's account has been disabled.
Explanation: See message.
Administrator response: Contact your Security Access
Manager administrator.
HPDIA0209W Next token required for
authentication
Explanation: Next token required for authentication
The supplied username does not exist
in the registry.
Administrator does not have
permission to su to this account.
Explanation: The administrator attempted to SU to a
privileged user, and the authentication mechanism did
not allow them to do so.
Administrator response: Make sure that the
administrator has the permissions needed to switch
username to the desired account.
HPDIA0217W Authentication by user %s denied at
this time of day.
Administrator response: Enter next token
Explanation: A user attempted to authenticate during
a time of day when his/her account is restricted.
HPDIA0210W The login data entered could not be
mapped to an Security Access Manager
user
Administrator response: Contact your Security Access
Manager administrator to validate or change the time
of day for which this user is allowed to authenticate.
Explanation: A mapping function, such as that in a
library or CDAS, failed to map the login information to
a Security Access Manager user.
Administrator response: Check the login data,
registry, or mapping function.
98
Version 7.0: Error Message Reference
HPDIA0218W • HPDIA0232W
HPDIA0218W Authentication by user denied at this
time of day.
HPDIA0226W The login for user %s was rejected
due to a policy violation.
Explanation: A user attempted to authenticate during
a time of day when his/her account is restricted.
Explanation: Login rejected due to policy enforced for
the account.
Administrator response: Contact your Security Access
Manager administrator to validate or change the time
of day for which this user is allowed to authenticate.
Administrator response: Contact your Security Access
Manager network administrator.
HPDIA0219W An unknown user, %s, was presented
to Security Access Manager.
Explanation: Security Access Manager could not locate
the user name in the authentication registry.
Administrator response: Check the supplied user
name information and try again.
HPDIA0221W Authentication for user %s failed.
You have used an invalid user name,
password or client certificate.
HPDIA0227W The account for user %s has been
disabled.
Explanation: See message.
Administrator response: Contact your Security Access
Manager administrator.
HPDIA0228W A client certificate for user %s could
not be authenticated.
Explanation: See message.
Administrator response: Check the client certificate
Explanation: See message.
Administrator response: Check your authentication
information and try again.
HPDIA0222W The client, %s, supplied invalid
authentication information.
Explanation: Invalid authentication information was
presented to Security Access Manager.
HPDIA0229W IP address authentication failed for
address %s.
Explanation: Security Access Manager is configured to
authenticate using the client IP address, which was
either unavailable or invalid
Administrator response: Check Security Access
Manager configuration, or authentication library
Administrator response: Check the format of the
authentication information and try again.
HPDIA0230E
HPDIA0223W The authentication retry limit for user
%s was reached.
Explanation: The administrator attempting to use the
switch username command and entered a username
that does not exist in the registry.
Explanation: The user has performed too many
consecutive invalid authentication attempts.
Administrator response: Contact your Security Access
Manager administrator.
HPDIA0224W The password for user %s has
expired.
Explanation: See message.
Administrator response: Contact your Security Access
Manager administrator, and change your password.
HPDIA0225W
The account for user %s has expired.
Explanation: See message.
Administrator response: Contact your Security Access
Manager administrator.
The supplied username %s does not
exist in the registry.
Administrator response: Verify that username exists
in user registry.
HPDIA0231E
Administrator %s does not have
permission to use switch username on
this account.
Explanation: The administrator attempted to SU to a
privileged user, and the authentication mechanism did
not allow them to do so.
Administrator response: Make sure that the
administrator has the permissions needed to switch
username to the desired account.
HPDIA0232W The data contained in the HTTP
header failed authentication.
Explanation: The request an HTTP header that
Security Access Manager was configured to use as
authentication data. This data failed authentication.
Administrator response: Check the request, the proxy
Chapter 2. Security Access Manager Base Messages
99
HPDIA0233W • HPDIA0242W
server (if one is used), and the mapping library
HPDIA0233W Authentication failed. You have used
an invalid password. This account has
been temporarily locked due to too
many failed login attempts.
Explanation: The Security Access Manager
administrator has set a disable-time-interval to lock this
account when the maximum number of login failures is
exceeded.
Administrator response: Check your password and
wait until disable-time-interval has elapsed, or contact
your Security Access Manager administrator to unlock
and enable login to the account.
HPDIA0234W Authentication failed. You have used
an invalid password. This account has
been disabled due to too many failed
login attempts.
Explanation: The Security Access Manager
administrator has set a disable-time-interval to disable
this account when the maximum number of login
failures is exceeded.
Administrator response: Check your password and
contact your Security Access Manager administrator to
enable this account.
HPDIA0235W Authentication for user %s failed.
You have used an invalid password.
This account has been temporarily
locked due to too many failed login
attempts.
Explanation: The Security Access Manager
administrator has set a disable-time-interval to lock this
account when the maximum number of login failures is
exceeded.
Administrator response: Check your password and
wait until disable-time-interval has elapsed, or contact
your Security Access Manager administrator to unlock
and enable login to the account.
HPDIA0236W Authentication for user %s failed.
You have used an invalid password.
This account has been disabled due to
too many failed login attempts.
Explanation: The Security Access Manager
administrator has set a disable-time-interval to disable
this account when the maximum number of login
failures is exceeded.
Administrator response: Check your password and
contact your Security Access Manager administrator to
enable this account.
100
Version 7.0: Error Message Reference
HPDIA0237W Authentication failed. The account
could not be logged into as the
password has expired.
Explanation: The LDAP registry failed the
authentication and reported that the password has
expired.
Administrator response: Contact the administrator for
the LDAP registry to reset the password.
HPDIA0238W Authentication for user %s failed.
The account could not be logged into as
the password has expired.
Explanation: The LDAP registry failed the
authentication and reported that the password has
expired.
Administrator response: Contact the administrator for
the LDAP registry to reset the password.
HPDIA0239W Authentication failed. The account is
locked.
Explanation: The LDAP registry failed the
authentication and reported that the account is locked.
Administrator response: Contact the administrator for
the LDAP registry to reset the account.
HPDIA0240W Authentication for user %s failed.
The account is locked.
Explanation: The LDAP registry failed the
authentication and reported that the account is locked.
Administrator response: Contact the administrator for
the LDAP registry to reset the account.
HPDIA0241W Authentication failed. The account is
deactivated.
Explanation: The LDAP registry failed the
authentication and reported that the account is
deactivated.
Administrator response: Contact the administrator for
the LDAP registry to activate the account.
HPDIA0242W Authentication for user %s failed.
The account is deactivated.
Explanation: The LDAP registry failed the
authentication and reported that the account is
deactivated.
Administrator response: Contact the administrator for
the LDAP registry to activate the account.
HPDIA0300W • HPDIA0312W
HPDIA0300W Password rejected due to policy
violation.
Explanation: A password violates the rules for valid
passwords set in a policy for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0301W Password rejected due to minimum
length policy.
Explanation: A password does not meet the minimum
length requirement set in a policy for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0302W Password rejected due to the spaces
policy.
Explanation: A password does not meet the spaces
requirement set in a policy for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0303W Password rejected due to the
maximum repeated characters policy.
Explanation: A password does not meet the maximum
repeated characters requirement set in a policy for the
account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0304W Password rejected due to the
minimum alphabetic characters policy.
Explanation: A password does not meet the minimum
alphabetic characters requirement set in a policy for the
account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0305W Password rejected due to the
minimum non-alphabetic characters
policy.
Explanation: A password does not meet the minimum
non-alphabetic characters requirement set in a policy
for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0306W This account has been temporarily
locked out due to too many failed login
attempts.
Explanation: The Security Access Manager
administrator has set a disable-time-interval to disable
this account when the maximum number of login
failures is exceeded.
Administrator response: Wait until
disable-time-interval has elapsed, or contact your
Security Access Manager administrator to unlock and
enable login to the account.
HPDIA0307W Post password change processing for
user %s failed.
Explanation: A configured post password change
processing module returned a failure status.
Administrator response: Check the post password
change processing module's log file.
HPDIA0309W
This account is disabled.
Explanation: This account is disabled in the user
registry. Logins will not succeed until the account is
enabled.
Administrator response: Contact your Security Access
Manager administrator to enable this account.
HPDIA0310W The password for user %s was
rejected due to policy violation.
Explanation: A password violates the rules for valid
passwords set in a policy for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0311W The password for user %s was
rejected due to minimum length policy.
Explanation: A password does not meet the minimum
length requirement set in a policy for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0312W The password for user %s was
rejected due to the spaces policy.
Explanation: The password does not meet the spaces
requirement set in a policy for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
Chapter 2. Security Access Manager Base Messages
101
HPDIA0313W • HPDIA0500W
HPDIA0313W The password for user %s was
rejected due to the maximum repeated
characters policy.
Explanation: A password does not meet the maximum
repeated characters requirement set in a policy for the
account.
the LDAP registry to gain access.
HPDIA0319W The user %s does not have
permission to modify their password.
Explanation: The LDAP registry rejected the password
change as the user does not have permission.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
Administrator response: Contact the administrator for
the LDAP registry to gain access.
HPDIA0314W The password for user %s was
rejected due to the minimum alphabetic
characters policy.
HPDIA0320W The user is not permitted to change
their password this early after the prior
change.
Explanation: A password does not meet the minimum
alphabetic characters requirement set in a policy for the
account.
Explanation: The LDAP registry rejected the password
change as it reported that the password can not be
changed this early after a prior change.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
Administrator response: Avoid changing the
password, or contact the administrator for the LDAP
registry to reset the password.
HPDIA0315W The password for user %s was
rejected due to the minimum
non-alphabetic characters policy.
Explanation: A password does not meet the minimum
non-alphabetic characters requirement set in a policy
for the account.
Administrator response: Contact your Security Access
Manager administrator for a list of password policies.
HPDIA0316W The account for user %s has been
temporarily locked due to too many
failed login attempts.
Explanation: The Security Access Manager
administrator has set a disable-time-interval to disable
this account when the maximum number of login
failures is exceeded.
Administrator response: Wait until
disable-time-interval has elapsed, or contact your
Security Access Manager administrator to unlock and
enable login to the account.
HPDIA0317W
The account for user %s is disabled.
Explanation: This account is disabled in the user
registry. Logins will not succeed until the account is
enabled.
Administrator response: Contact your Security Access
Manager administrator to enable this account.
HPDIA0318W The user does not have permission to
modify their password.
Explanation: The LDAP registry rejected the password
change as the user does not have permission.
Administrator response: Contact the administrator for
102
Version 7.0: Error Message Reference
HPDIA0321W The user %s is not permitted to
change their password this early after
the prior change.
Explanation: The LDAP registry rejected the password
change as it reported that the password can not be
changed this early after a prior change.
Administrator response: Avoid changing the
password, or contact the administrator for the LDAP
registry to reset the password.
HPDIA0322W The user is not permitted to use the
new password as it has already been
used recently.
Explanation: The LDAP registry rejected the password
change as it reported that the password has already
been used by the user and cannot be reused.
Administrator response: Choose a new password that
has not been used with the account before.
HPDIA0323W The user %s is not permitted to use
the new password as it has already been
used recently.
Explanation: The LDAP registry rejected the password
change as it reported that the password has already
been used by the user and cannot be reused.
Administrator response: Choose a new password that
has not been used with the account before.
HPDIA0500W Authentication failure (error status
0x%x).
Explanation: An error occurred that was outside the
bounds of expected authentication errors.
HPDIA0501E • HPDJA0109W
Administrator response: Contact your IBM service
representative with the given error status.
HPDIA0501E
Authentication failed for user %s
(error status 0x%x).
Explanation: An error occurred that was outside the
bounds of expected authentication errors.
Administrator response: Contact your IBM service
representative with the given error status.
HPDJA0104E
Invalid argument: Null or zero-length
password.
Explanation: A valid, nonnull password is required.
Administrator response: Ensure that the password
argument is nonnull and has a positive length.
HPDJA0105E
Invalid argument: Null or zero-length
pattern.
Explanation: A valid, nonnull pattern is required.
HPDIA0502E
Password change failed for user %s
(error status 0x%x).
Explanation: An error occurred that was outside the
bounds of expected authentication errors.
Administrator response: Contact your IBM service
representative with the given error status.
HPDJA0100E
Invalid argument: Null context.
Explanation: A nonnull context object is required to
communicate with the Security Access Manager policy
server and define values for message and trace logging.
Administrator response: Ensure that the pattern
argument is nonnull and has a positive length.
HPDJA0106E
Invalid argument: Negative maximum
return number.
Explanation: The number of returned items must be
nonnegative.
Administrator response: Ensure that the maximum
return argument is greater than or equal to 0.
HPDJA0107E
Invalid argument: Null locale.
Administrator response: Ensure that the context
argument is nonnull.
Explanation: A valid, nonnull locale is required. To
use the default locale, use the method that does not
take a locale argument.
HPDJA0101E
Administrator response: Ensure that the locale
argument is nonnull.
Invalid argument: Null messages.
Explanation: A nonnull PDMessages object is required
to hold any return messages that might be generated
during the operation. Typically, this object contains no
messages on input.
Administrator response: Ensure that the messages
argument is nonnull.
HPDJA0102E
Invalid argument: Null or zero-length
user or group name.
Explanation: A valid, nonnull name is required.
Administrator response: Ensure that the user or
group name argument is nonnull and has a positive
length.
HPDJA0103E
Invalid argument: Null or zero-length
registry name.
Explanation: A valid, nonnull registry name is
required.
Administrator response: Ensure that the registry
name argument is nonnull and that the name returned
by its getRgyName() method is nonnull and has a
positive length.
HPDJA0108E
Invalid argument: Null configuration
URL.
Explanation: A valid, nonnull URL is required. In
addition, the caller must have adequate permission to
access and read the URL. The configuration data in the
URL must be in the proper format and must contain all
the data necessary to locate and communicate with a
Security Access Manager policy server.
Administrator response: Ensure that the configuration
URL argument is nonnull.
HPDJA0109W A nonnull value is being passed to
an unsupported argument.
Explanation: The method being invoked has one or
more unsupported arguments. A nonnull value is being
passed for an unsupported argument.
Administrator response: Ensure that a value of null is
passed for unsupported arguments. Refer to product
documentation to find out what arguments are
unsupported for the method being invoked.
Chapter 2. Security Access Manager Base Messages
103
HPDJA0110E • HPDJA0120W
HPDJA0110E
Invalid data received from the
Security Access Manager policy server.
Explanation: The data received from the Security
Access Manager policy server is invalid. Required
values might be missing or the values might have been
corrupted during transmission. Data values might be
missing because the policy server is incompatible with
the client.
Administrator response: Ensure the Security Access
Manager policy server supports the release level of the
client. If the policy server is compatible with the client,
try the operation again.
HPDJA0111W The component has not been
initialized or has already been shut
down.
Explanation: The shutdown() method was called on a
component that has already been shut down or was
never initialized.
Administrator response: No action is required.
HPDJA0112W The component has already been
initialized.
Explanation: The initialize() method of a component
initialization class might be called more than once, but
only the first caller sets the program name for the
component log output.
Administrator response: No action is required, but the
program name might differ from what is expected. Use
the getProgramName() method to determine the
program name that appears in the component message
and trace log output.
HPDJA0113W The component was not shut down.
There might be other users.
Explanation: Several calls might have been made to
initialize a component using the initialize() method.
The component is shut down only after the same
number of calls have been made to the shutdown()
method. Each program that calls the initialize() method
should also call the shutdown() method.
HPDJA0115E
Invalid argument: Null attribute value.
Explanation: A nonnull attribute value is required.
Administrator response: Ensure that the attribute
value argument is nonnull.
HPDJA0116E
Cannot contact server.
Explanation: The client cannot connect to the server.
This can mean that the server process is not running or
that network connectivity does not exist between the
client and server machines due to network partitioning
caused by an intervening firewall or a nonfunctional
intermediate router. The server address and port can be
found in the trace log file.
Administrator response: Ensure that network
connectivity exists between the client and server
machines (issue a ping, for example) and verify that the
server process is running on the expected port.
HPDJA0117E
Invalid argument: Null description
text.
Explanation: A nonnull description value is required.
Administrator response: Ensure that the description
argument is nonnull.
HPDJA0118E
Invalid argument: Port number is less
than or equal to 0.
Explanation: Only port numbers greater than 0 are
valid. It is usually good practice to assign port numbers
greater than 1024 to user applications because many
systems reserve port numbers below that value for
special purposes.
Administrator response: Ensure that the input port
number is greater than 0.
HPDJA0119E
Invalid argument: Null or zero-length
server host name.
Explanation: A valid, nonnull host name is required.
Administrator response: Ensure that the server host
name argument is nonnull and has a positive length.
Administrator response: No action is required.
HPDJA0114E
Invalid argument: Null or zero-length
attribute name.
Explanation: A valid, nonnull attribute name is
required.
Administrator response: Ensure that the attribute
name argument is nonnull and has a positive length.
104
Version 7.0: Error Message Reference
HPDJA0120W The outData information received
from the policy server was not returned
because the input outData parameter is
null.
Explanation: A nonnull outData argument is required
to return outData information received from the policy
server.
Administrator response: Ensure the outData argument
is nonnull.
HPDJA0122E • HPDJA0300E
HPDJA0122E
Unknown message code: %s.
Explanation: The text for the message code could not
be found in the message catalogs installed on the local
system. This typically means that the policy server is at
a more recent level than the client and has returned a
code undefined in the client runtime. The
documentation associated with the policy server
installation should include the message code.
Administrator response: Consult the Error Message
Reference to obtain the message text, explanation, and
suggested actions for the message code.
HPDJA0123E
Invalid argument: Null properties.
Explanation: A valid, nonnull properties object is
required.
Administrator response: Ensure that the properties
argument is nonnull.
HPDJA0124E
Invalid argument: Null or zero-length
credentials.
Explanation: A valid, nonnull credentials array is
required.
Administrator response: Ensure that the delegated
credentials argument is nonnull and has a positive
length.
HPDJA0125E
The data for %s that was received
from the Security Access Manager
policy server is not valid.
Explanation: The data received from the Security
Access Manager policy server is not valid. Required
values might be missing or the values might have been
garbled during transmission. Data values might be
missing because the policy server is incompatible with
the client.
HPDJA0127E
No PDContext available.
Explanation: There is no more free PDContext in the
PDContextPool to service the getPDContext() call.
Administrator response: Increase the PDContextPool
size and ensure application calls PDContext.close() to
return the PDContext back into the pool it's no longer
needed.
HPDJA0200E
Invalid operation: The current object
does not represent a Security Access
Manager user.
Explanation: An operation was attempted on a
PDUser object that represents a user that exists in the
user registry but is undefined in Security Access
Manager. Therefore, certain Security Access Manager
operations are invalid.
Administrator response: Ensure that the user this
object represents is defined in Security Access Manager.
That is, there must be a user defined to the Security
Access Manager policy server with the registry name
used to instantiate this object.
HPDJA0201E
Invalid argument: The user name
object is not a valid type or is
zero-length.
Explanation: The input user name argument can be a
String object representing a Security Access Manager
user name or an instance of the PDRgyUserName class
if the name being specified is a registry name. No other
object types are allowed. If the input name argument is
a String, it must have a positive length. If the input
name is a PDRgyUserName object, the String returned
from its getRgyName() method must be nonnull and
have a positive length.
Administrator response: Ensure that the Security
Access Manager policy server supports the release level
of the client. If the policy server is compatible with the
client, try the operation again.
Administrator response: Ensure that the user name
argument is an instance of the String class for Security
Access Manager user names or an instance of the
PDRgyUserName class for registry names. Ensure the
input String or the name returned from the
PDRgyUserName object getRgyName() method is
nonnull and has a positive length.
HPDJA0126E
HPDJA0300E
Connection pool closed.
Explanation: Attempting to acquire a connection from
a connection pool when in the process of closing or is
closed. This is usually due to resuing a PDContext after
calling its close() method. Create a new PDContext or
defer calling PDContext.close() method.
Administrator response: Do not re-use a PDContext
after calling its close() method.
Invalid operation: The current object
does not represent a Security Access
Manager group.
Explanation: An operation was attempted on a
PDGroup object that represents a group that exists in
the user registry but is undefined in Security Access
Manager. Therefore, certain Security Access Manager
operations are invalid.
Administrator response: Ensure that the group this
object represents is defined in Security Access Manager.
That is, there must be a group defined to the Security
Access Manager policy server with the registry name
used to instantiate this object.
Chapter 2. Security Access Manager Base Messages
105
HPDJA0301E • HPDJA0408E
HPDJA0301E
Invalid argument: The group name
object is not a valid type or is
zero-length.
Explanation: The input group name argument can be
a String object representing a Security Access Manager
group name or an instance of the PDRgyGroupName
class if the name being specified is a registry name. No
other object types are allowed. If the input name
argument is a String, it must have a positive length. If
the input name is a PDRgyGroupName object, the
String returned from its getRgyName() method must be
nonnull and have a positive length.
Administrator response: Ensure that the group name
argument is an instance of the String class for Security
Access Manager group names or an instance of the
PDRgyGroupName class for registry names. Ensure the
input String or the name returned from the
PDRgyGroupName object getRgyName() method is
nonnull and has a positive length.
HPDJA0302E
Invalid argument: Null or empty
member name list.
Explanation: At least one valid, nonnull member
name is required.
Administrator response: Ensure that the member
name list argument is nonnull and has at least one
member.
HPDJA0400E
Invalid argument: The maximum
number of login failures is outside of
the allowed range.
Explanation: The maximum number of login failures
is enforced to be a nonnegative integer.
Administrator response: Ensure that the maximum
number of login failures argument is greater than or
equal to 0.
HPDJA0401E
Invalid argument: The account-disable
time interval argument is outside of the
allowed range.
Administrator response: Ensure that the account
expiration date argument falls within the acceptable
range, current time - 2035-12-31-23:59:59.
HPDJA0403E
Invalid argument: The maximum
password age argument is outside of the
allowed range.
Explanation: The maximum password age must be a
nonnegative integer.
Administrator response: Ensure that the maximum
password age argument is greater than or equal to 0.
HPDJA0404E
Invalid argument: The maximum
repeated characters argument is outside
of the allowed range.
Explanation: The range of the maximum repeated
characters value is enforced to be a nonnegative integer.
Administrator response: Ensure that the maximum
repeated characters argument is greater than or equal
to 0.
HPDJA0405E
Invalid argument: The minimum
alphabetic characters argument is
outside of the allowed range.
Explanation: The minimum alphabetic characters
value is enforced to be a nonnegative integer.
Administrator response: Ensure that the minimum
alphabetic characters argument is greater than or equal
to 0.
HPDJA0406E
Invalid argument: The minimum
nonalphabetic characters argument is
outside of the allowed range.
Explanation: The minimum nonalphabetic characters
value is enforced to be a nonnegative integer.
Administrator response: Ensure that the minimum
nonalphabetic characters argument is greater than or
equal to 0.
Explanation: The account-disable time interval is
enforced to be an integer greater than or equal to 0
(where 0 indicates an unlimited time interval).
HPDJA0407E
Administrator response: Ensure that the account
disable time interval argument is greater than or equal
to 0.
Explanation: The minimum password length value is
enforced to be a nonnegative integer.
HPDJA0402E
Invalid argument: The account
expiration date argument is outside of
the allowed range.
Explanation: The account expiration date is enforced
by the API logic. The maximum value is consistent
with existing Security Access Manager installations that
impose this limitation.
106
Version 7.0: Error Message Reference
Invalid argument: The minimum
password length argument is outside of
the allowed range.
Administrator response: Ensure that the minimum
password length argument is greater than 0.
HPDJA0408E
Invalid argument: The time-of-day
access days specification argument does
not correspond to any predefined value.
Explanation: The bitmaps defined in the PDPolicy
HPDJA0409E • HPDJA0508E
class represent the days of the week positionally within
an 8-bit structure.
Administrator response: Ensure that the access days
are specified using the predefined bitmaps. These
bitmaps can be used individually. A logical OR
operation can be performed on two or more of the
bitmaps to generate the desired bitmap.
HPDJA0409E
Invalid argument: The time-of-day
start time is either less than 0 or greater
than the maximum allowable time.
Explanation: The time-of-day start time must fall
within 0 through 1439.
Administrator response: Ensure that the time-of-day
start time falls within the acceptable range, 0 through
1439.
HPDJA0410E
Invalid argument: The time-of-day
end time is either less than 0 or greater
than the maximum allowable time.
Explanation: The maximum value is the number of
minutes in 24 hours, less 1 minute.
Administrator response: Ensure that the time-of-day
end time falls within the acceptable range, 0 through
1439.
HPDJA0411E
Invalid argument: The time-of-day
time zone is not UTC or local.
Explanation: Only two time zone values are
supported: UTC or local. These values are represented
by constants in the PDPolicy class.
Administrator response: Ensure that the time zone is
one of the predefined constants,
PDPOLICY_TIME_UTC or PDPOLICY_TIME_LOCAL,
found in the PDPolicy class.
HPDJA0412E
Invalid argument: The maximum
number of concurrent web sessions is
outside of the allowed range.
Explanation: The maximum number of concurrent
web sessions is enforced to be a nonnegative integer
and greater than zero.
Administrator response: When specifying a number
for the maximum number of concurrent web sessions,
ensure that it is an integer greater than 0.
HPDJA0502E
Explanation: A nonnull PDAclEntryUser argument is
required.
Administrator response: Ensure that the
PDAclEntryUser argument is nonnull.
HPDJA0503E
Invalid argument: Null or zero-length
ACL name.
Invalid argument: Null
PDAclEntryGroup object.
Explanation: A nonnull PDAclEntryGroup argument
is required.
Administrator response: Ensure that the
PDAclEntryGroup argument is nonnull.
HPDJA0504E
Invalid argument: Null
PDAclEntryAnyOther object.
Explanation: A nonnull PDAclEntryAnyOther
argument is required.
Administrator response: Ensure that the
PDAclEntryAnyOther argument is nonnull.
HPDJA0505E
Invalid argument: Null
PDAclEntryUnAuth object.
Explanation: A nonnull PDAclEntryUnAuth argument
is required.
Administrator response: Ensure that the
PDAclEntryUnAuth argument is nonnull.
HPDJA0506E
Invalid argument: Null or zero-length
user name field for the ACL entry.
Explanation: A user name is required to create an
ACL entry.
Administrator response: Ensure that the user name
for the ACL entry is nonnull.
HPDJA0507E
Invalid argument: Null or zero-length
group name field for the ACL entry.
Explanation: A group name is required to create an
ACL entry.
Administrator response: Ensure that the group name
for the ACL entry is nonnull.
HPDJA0508E
HPDJA0500E
Invalid argument: Null
PDAclEntryUser object.
Invalid argument: Null permissions
field for the ACL entry.
Explanation: An ACL name is required.
Explanation: A nonnull permissions field is required
to create an ACL entry.
Administrator response: Ensure that the ACL name
argument is nonnull.
Administrator response: Ensure that the permissions
field for the ACL entry is nonnull.
Chapter 2. Security Access Manager Base Messages
107
HPDJA0509E • HPDJA0805E
HPDJA0509E
An ACL entry present in the
UserAclEntries HashMap is not a
PDAclEntryUser object.
Explanation: Only PDAclEntryUser objects can be
present in the UserAclEntries HashMap. Use the
GroupAclEntries HashMap for passing in the
PDAclEntryGroup objects.
Administrator response: Ensure that the
UserAclEntries HashMap contains only
PDAclEntryUser objects.
HPDJA0510E
An ACL entry present in the
GroupAclEntries HashMap is not a
PDAclEntryGroup object.
Explanation: Only PDAclEntryGroup objects can be
present in the GroupAclEntries HashMap. Use the
UserAclEntries HashMap for passing in the
PDAclEntryUser objects.
Administrator response: Ensure that the
GroupAclEntries HashMap contains only
PDAclEntryGroup objects.
HPDJA0600E
Invalid argument: Null or zero-length
protected object name.
Explanation: A nonnull protected object name is
required.
Administrator response: Ensure that the protected
object name argument is nonnull.
HPDJA0601E
Invalid argument: Null or zero-length
permission string
HPDJA0800E
Explanation: A valid, nonnull name is required.
Administrator response: Ensure that the application
server name argument is nonnull and has a positive
length.
HPDJA0801E
HPDJA0602E
Invalid argument: Length of input
arrays do not match.
Explanation: Matching Input array lengths required.
Administrator response: Ensure that the size of all
input arrays match.
HPDJA0700E
Invalid argument: Null or zero-length
protected objectspace name.
Explanation: A nonnull protected objectspace name is
required.
Administrator response: Ensure the protected
objectspace name argument is nonnull.
108
Version 7.0: Error Message Reference
Invalid argument: Null group list.
Explanation: A valid, nonnull group list is required.
Administrator response: Ensure that the application
server group list argument is nonnull. An empty list
may be used to clear an existing group list.
HPDJA0802E
Invalid argument: Null URL or invalid
protocol.
Explanation: A valid, nonnull URL is required. In
addition, only the 'file' protocol is currently supported.
Administrator response: Ensure that the URL
argument is nonnull and that the URL uses the 'file'
protocol.
HPDJA0803E
Database URL does not specify a
directory.
Explanation: The operation requires an existing
directory in which to locate the local policy database.
Administrator response: Ensure that the database
URL argument specifies an existing directory on the
local system.
HPDJA0804E
Explanation: A nonnull permission string is required.
Administrator response: Ensure that the permission
string is nonnull.
Invalid argument: Null or zero-length
application server name.
Invalid argument: Null or empty
Security Access Manager server list.
Explanation: Configuration and use of Java
application servers require communication with the
Security Access Manager policy server and an
authorization server.
Administrator response: Ensure that there is at least
one server in the server list argument.
HPDJA0805E
Invalid argument: Preference rank
must be greater than 0.
Explanation: Internal logic requires that all Security
Access Manager servers specified in an application
configuration have a rank greater than 0.
Administrator response: Ensure that the rank
argument is greater than 0.
HPDJA0806E • HPDJA0816E
HPDJA0806E
Invalid argument: Unsupported
configuration action.
Explanation: The configureAppSvr() method verifies
that a known action is specified and executes different
logic based on that action.
Administrator response: Ensure that one of the
configuration action constants defined in the
PDAppSvrConfig class is used.
HPDJA0807E
Invalid argument: Null application
server specification.
Explanation: The nonnull application server
specification is required.
Administrator response: Ensure that the application
server specification argument is nonnull.
HPDJA0811W Some aspect of local unconfiguration
failed.
Explanation: When unconfiguring a Java application
server, a number of operations are performed locally.
These steps include removing configuration data from
the configuration URL and deleting the keystore file.
One or more of these steps failed, so the files must be
manually cleaned up.
Administrator response: Manually remove the
configuration or keystore file, or both, if desired.
Alternatively, information in the files can be
overwritten by configuring another Java application
server using the 'replace' action.
HPDJA0812E
Invalid argument: Unrecognized
server type.
Explanation: A recognized server type is required.
HPDJA0808E
The specified configuration or
keystore file already exists.
Explanation: The 'create' configuration action is
designed to check for existing files and fail if they are
found in order not to overwrite them accidentally.
Administrator response: To preserve existing files,
specify new configuration and keystore file names. To
overwrite existing files, specify the 'replace'
configuration action.
HPDJA0809E
Cannot create the specified
configuration or keystore file.
Explanation: Failure to create the configuration or
keystore file might be caused by a variety of reasons
such as access restrictions or limited resources (file
descriptors or disk space).
Administrator response: Ensure the server type
argument is one of the server type constants defined in
the PDAppSvrConfig class.
HPDJA0813E
Invalid argument: Null server object.
Explanation: A nonnull server object is required.
Administrator response: Ensure the server argument
is nonnull.
HPDJA0814E
The specified server already exists in
the configuration.
Explanation: A server cannot be added to the
configuration if it already exists.
Administrator response: Try another file name or
another directory. Ensure that the process has
permission to create and write to the file.
Administrator response: Check that the input server
has been specified properly. Ensure that the host, port
and server type are correct. The configuration
information can be examined using the getAppSvrInfo()
method for further information.
HPDJA0810E
HPDJA0815E
The signature needed to sign a
certificate request is not supported.
Explanation: Only RSA is used to create application
server certificate requests. If the Security Access
Manager policy server's certificate has not been signed
using RSA, then information required to complete the
application server certificate request is not available.
Administrator response: Ensure that the keystore
used by the Security Access Manager policy server has
not been corrupted and that the signature algorithm for
the server certificate is RSA. Other signature
algorithms, such as DSA, are not supported.
The specified server does not exist in
the configuration.
Explanation: A server of the specified type with the
given host and port cannot be found the configuration.
Administrator response: Check that the input server
has been specified properly. Ensure that the host, port,
and server type are correct. The configuration
information can be examined using the getAppSvrInfo()
method.
HPDJA0816E
Cannot remove last server.
Explanation: At least one policy server and one
authorization server must be specified in a Java
application server configuration. The last policy server
and authorization server cannot be removed.
Chapter 2. Security Access Manager Base Messages
109
HPDJA0817E • HPDJA0900E
Administrator response: Add another server of the
specified type before trying to remove this one.
HPDJA0817E
The specified server is ambiguous. It
matches more than one server in the
configuration.
Explanation: When searching for a match to the input
server, first both host and port are examined. If a server
in the configuration matches both host and port, the
search is done. If no server in the configuration
matches both host and port, a match is made on host
alone. If more than one server matches on host, the
results are ambiguous.
Administrator response: Change the port specification
of the server so that the combination of host and port
matches one and only one server of its type in the
configuration. The configuration information can be
examined using the getAppSvrInfo() method.
HPDJA0818E
Cannot set value for remote mode
application server.
Explanation: The configuration data that is being set
is used only by local mode Java application servers,
and the specified configuration URL indicates a remote
mode server.
Administrator response: Verify that the application
server was configured correctly. If it is supposed to
operate in local mode, the server must be unconfigured
and configured again. If it is not supposed to operate in
local mode, the attempted operation is not applicable
and no further action is necessary.
HPDJA0819W Failure restoring original
configuration or keystore information.
Explanation: The configuration operation failed but
the original contents of the configuration or keystore
file, or both, could not be restored, possibly due to a
system-dependent file I/O error. The information
contained in the files is lost, but this is significant only
if there was application-specific data in the
configuration file. If that was the case, the only
recovery is to reconfigure the application server and
supply any extra information to the new configuration.
Administrator response: The Java application server
should be unconfigured and then reconfigured.
HPDJA0820W Local unconfiguration ignored;
specified application server name or
host does not match data in
configuration file.
Explanation: Before performing local unconfiguration
operations, a check is made to verify that the user
specified the same server and host data that is present
in the configuration file. This check prevents a user
from inadvertently removing local configuration for the
110
Version 7.0: Error Message Reference
wrong application server. Since this check is made after
calling the policy server to unconfigure the application
server, it has no effect on remote unconfiguration
operations.
Administrator response: Ensure that the application
server name and host specified to the unconfiguration
operation matches the application server name and
host present in the configuration file.
HPDJA0821E
Cannot create temporary configuration
file.
Explanation: Failure to create the configuration file
might be caused by a variety of reasons such as access
restrictions or limited resources (file descriptors or disk
space).
Administrator response: Try another file name or
another directory. Ensure that the process has
permission to create and write to the file.
HPDJA0822E
Cannot store information in temporary
configuration file.
Explanation: Failure to create the configuration file
might be caused by a variety of reasons such as access
restrictions or limited resources (file descriptors or disk
space).
Administrator response: Try another file name or
another directory. Ensure that the process has
permission to create and write to the file.
HPDJA0823E
Cannot set Local LDAP Management
value as it is not enabled.
Explanation: The configuration data that is being set
is used only by the Local LDAP Management API, and
the specified configuration URL indicates a it is not
enabled.
Administrator response: Verify that Local LDAP
Management was configured correctly. If it is supposed
to be enabled, the server must be unconfigured and
configured again. If it is not supposed to have Local
LDAP Management, the attempted operation is not
applicable and no further action is necessary.
HPDJA0900E
Invalid argument: Null or zero-length
SSO resource name.
Explanation: A valid, nonnull SSO resource name is
required.
Administrator response: Ensure the SSO resource
name argument is nonnull and has a positive length.
HPDJA1000E • HPDJA1404E
HPDJA1000E
Invalid argument: Null or zero-length
SSO resource group name.
Explanation: A valid, nonnull SSO resource group
name is required.
Administrator response: Ensure the SSO resource
group name argument is nonnull and has a positive
length.
HPDJA1100E
Invalid argument: SSO resource type.
Explanation: The SSO resource type must be either
PDSSOCRED_SSORESOURCE or
PDSSOCRED_SSORESOURCEGROUP, defined in the
PDSSOCred class.
HPDJA1300E
Invalid argument: Null or zero-length
server name.
Explanation: A valid, nonnull server name is required.
Administrator response: Ensure that the server name
argument is nonnull and has a positive length.
HPDJA1301E
Invalid argument: Null task name.
Explanation: A valid, nonnull task name is required.
Administrator response: Ensure that the task name
argument is nonnull and has a positive length.
HPDJA1400E
Invalid argument: Null or zero-length
POP name.
Administrator response: Ensure the SSO resource type
is one of the supported types.
Explanation: A valid, nonnull POP name is required.
HPDJA1101E
Administrator response: Ensure that the POP name
argument is nonnull and has a positive length.
Invalid argument: SSO resource user
name.
Explanation: A nonnull SSO resource user name is
required.
HPDJA1401E
Administrator response: Ensure the SSO resource user
name argument is nonnull.
Explanation: A valid, nonnull QOP value is required.
HPDJA1102E
Invalid argument: SSO resource
password.
Invalid argument: Null or invalid
QOP value.
Administrator response: Ensure that the QOP
argument is nonnull and is one of the PDPOP_QOP_*
constants defined in the PDPop class.
Explanation: A nonnull SSO resource password is
required.
HPDJA1402E
Administrator response: Ensure the SSO resource
password argument is nonnull.
Explanation: A valid, nonnull value for the audit level
is required.
HPDJA1200E
Invalid argument: Null or zero-length
action name.
Explanation: A valid, nonnull action name is required.
Invalid argument: Invalid audit level
value.
Administrator response: Ensure that the audit level
argument is set to one of the PDPOP_AUDIT_LEVEL_*
constants defined in the PDPop class or a logical OR
operation on these constants.
Administrator response: Ensure that the action name
argument is nonnull and has a positive length.
HPDJA1403E
HPDJA1201E
Explanation: A nonnull todAccessInfo argument is
required.
Invalid argument: Null action type.
Explanation: A valid, nonnull action type is required.
Administrator response: Ensure that the action type
argument is nonnull.
HPDJA1202E
Invalid argument: Null or zero-length
action group name.
Explanation: A valid, nonnull action group name is
required.
Administrator response: Ensure that the action group
name argument is nonnull and has a positive length.
Invalid argument: Null todAccessInfo
argument.
Administrator response: Ensure that the
todAccessInfo argument is nonnull. Use the
PDTodAccessInfo constructor to create a valid
PDTodAccessInfo object.
HPDJA1404E
Invalid argument: Null or empty
IPAuthInfo argument.
Explanation: A nonnull and nonempty IPAuthInfo
argument is required.
Administrator response: Ensure that the IPAuthInfo
argument is nonnull and nonempty. Use the
PDPop.IPAuthInfo constructor to create IPAuthInfo
Chapter 2. Security Access Manager Base Messages
111
HPDJA1405W • HPDJA1711E
objects and pass them as elements of the IPAuthInfo
ArrayList argument.
HPDJA1405W IPAuthInfo specified at index %s
already exists for this POP.
Explanation: New IPAuthInfo cannot be specified if
IPAuthInfo already exists for a given IP address and
netmask.
Administrator response: Ensure that the existing
IPAuthInfo for the specified IP address and netmask is
removed before specifying a new one for the same IP
address and netmask.
HPDJA1406W IPAuthInfo specified at index %s not
found for this POP.
HPDJA1601E
Invalid argument: Null or zero-length
rule text.
Explanation: A valid, nonnull rule text is required.
Administrator response: Ensure that the rule text
argument is nonnull and has a positive length.
HPDJA1602E
Invalid argument: Null fail reason.
Explanation: A nonnull fail reason is required.
Administrator response: Ensure that the fail reason
argument is nonnull.
HPDJA1700E
Command does not pass validation
check.
Explanation: Only IPAuthInfo entries that exist can be
removed.
Explanation: The command syntax was incorrect. This
can occur when an argument of the wrong type is
specified.
Administrator response: Ensure that the IPAuthInfo
entry exists. If the entry does not exist, remove it from
the input list.
Administrator response: Verify the correct syntax for
the command and try again.
HPDJA1407E
Specified IP address is not valid.
Explanation: A valid IP address is required.
Administrator response: Ensure that the IP address is
specified in dotted decimal format with valid numeric
characters.
HPDJA1408E
Specified netmask is not valid.
Explanation: A valid netmask is required.
Administrator response: Ensure that the netmask is
specified in dotted decimal format with valid numeric
characters.
HPDJA1500E
Invalid argument: Null or zero-length
domain name.
Explanation: A valid, nonnull domain name is
required.
Administrator response: Ensure that the domain
name argument is nonnull and has a positive length.
HPDJA1600E
Invalid argument: Null or zero-length
rule name.
HPDJA1708E
The server did not start.
Explanation: A problem occurred when the command
line program tried to start the server.
Administrator response: Try to start the server
independently of the command line administration tool;
it might start successfully under those circumstances. If
the server fails to start, any errors that are written to
the terminal or to the server's trace logs can be used to
help determine the problem.
HPDJA1710E
The server did not stop. Check the
host and port number.
Explanation: A problem occurred when the command
line program tried to stop the server.
Administrator response: Ensure that the host and port
specify a valid audit server. If the host and port specify
a different type of server, the stop command will not
work. If the host and port do specify a valid audit
server, try to stop the server independently of the
command line administration tool; it might stop
successfully using that method. If the server fails to
stop, any errors that are written to the terminal or to
the server's trace logs can be used to help determine
the problem.
Explanation: A valid, nonnull rule name is required.
Administrator response: Ensure that the rule name
argument is nonnull and has a positive length.
HPDJA1711E
Invalid argument: Port number must
be greater than 0.
Explanation: A valid, positive port number is required
in order to try to connect to the server.
Administrator response: Ensure that the specified port
number is greater than 0.
112
Version 7.0: Error Message Reference
HPDJA1712E • HPDMG0166W
HPDJA1712E
Could not detect a server running on
host %s, port %s.
Explanation: The command line program cannot stop
a server if it cannot connect to it using the specified
host and port.
Administrator response: Ensure that the specified host
and port number are correct. Also, test connectivity
from the system on which the command line program
is running to the target system.
HPDMG0150E
Invalid object name.
Explanation: The Security Access Manager policy
server received a request containing an invalid object
name.
Administrator response: Ensure that the object has
been specified properly.
HPDMG0155E Too many subjects found within the
client credential.
Explanation: The Security Access Manager policy
server encountered a client credential that contained
more than one subject.
HPDMG0160E SSL database (ivmgrd.kdb) could not
be opened.
Explanation: The Security Access Manager policy
server keystore file, ivmgrd.kdb, could not be opened.
Administrator response: Ensure that the keystore
used by the Security Access Manager policy server
exists and has not been corrupted. Should the failure
persist, stop the policy server, and run mgrsslcfg to
re-configure the policy server.
HPDMG0162E ASN1 decode error %d occurred. The
certificate buffer received is invalid and
cannot be decoded.
Explanation: The Security Access Manager policy
server has received a corrupted or invalid request.
Administrator response: Retry the operation. If the
problems persists, unconfigure and reconfigure the
client application or remote server.
HPDMG0164E The Policy Server could not be
started (0x%8.8lx).
HPDMG0156E Unable to sign a certificate.
Unexpected error from %s (0x%8.8lx).
Explanation: The Security Access Manager policy
server encountered an error during initialization.
Probably the password or login DN is incorrect or the
password has expired. This error should not occur if
the program is correctly configured, but if [ldap]
admin-dn or admin-pwd values in .conf files have been
modified then it is possible.
Explanation: An unexpected error was encountered
while attempting to issue a certificate.
Administrator response: Check ivmgrd.log for
additional information.
Administrator response: Ensure that the request or
operation deals with a single identity.
Administrator response: Ensure that the keystore
used by the Security Access Manager policy server has
not been corrupted.
HPDMG0157E The policy server failed to sign a
certificate.
Explanation: The Security Access Manager policy
server encountered an unexpected error while
attempting to sign a certificate.
Administrator response: Ensure that there is enough
disk space on the policy server machine. See
ivmgrd.log for more information.
HPDMG0158E Could not open %s because the
password stash file does not exist or is
corrupted.
Explanation: The server's configuration has possibly
been corrupted.
Administrator response: Ensure that the keystore has
not been corrupted. If the failure persists, reconfigure
the failed server.
HPDMG0165W The application has received a
database update notification however
the version of the command is incorrect.
The policy database will not be
updated.
Explanation: The policy server has sent a database
update notification however the policy server is
unaware that this system has been upgraded.
Administrator response: This is typically a
self-correcting problem and no action is normally
required. If the problem persists beyond a restart of the
application, check the application logs and policy
server logs for additional information.
HPDMG0166W Memory allocation failure.
Attempted to allocate %d bytes of
memory.
Explanation: The Security Access Manager policy
server attempted to allocate memory, and an error
occurred.
Administrator response: This error might be a
temporary condition. Attempt to free up memory by
Chapter 2. Security Access Manager Base Messages
113
HPDMG0167E • HPDMG0464E
closing other running applications. If the problem
persists, increase the system memory in the machine.
HPDMG0167E Domain in the certificate to be
signed does not match the local domain.
Explanation: PDMgr received a certificate to be signed
but the domain in the certificate distinguished name is
different from the local domain contained in the
authenticated credentials for the session.
Administrator response: Log in to the correct domain
for the certificate.
HPDMG0169E
Database migration failed!
Explanation: The Security Access Manager policy
server has opened a down-level version of the policy
database, and encountered an error in the process of
migrating the database to the current level.
Administrator response: Ensure that system resources
are available and retry. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG0170E The policy server is unable to sign
certificates. The policy server's CA
certificate has expired.
Explanation: The policy server's CA certificate lifetime
of 20 years has expired.
Administrator response: Unconfigure and re-configure
the policy server, then unconfigure and re-configure all
clients and applications in the secure domain.
HPDMG0301E No command handler is installed for
the command.
Explanation: The Security Access Manager policy
server received an unsupported request. This can occur
when Security Access Manager is running in an
unsupported configuration.
Administrator response: Ensure that the client
application version is supported by Security Access
Manager.
HPDMG0451E
Invalid server name.
Explanation: The Security Access Manager policy
server has received a server request containing an
invalid server name. This error is likely due to a syntax
error in the name.
Administrator response: Ensure that the server name
argument is nonnull.
114
Version 7.0: Error Message Reference
HPDMG0452E
Server not found.
Explanation: The Security Access Manager policy
server has received a server request containing a server
name that cannot be found in the policy database.
Administrator response: Ensure that the server name
appears in the list of configured servers.
HPDMG0453E A server with the same name already
exists.
Explanation: The Security Access Manager policy
server has received a configure server request
containing a server name of an already configured
server.
Administrator response: Ensure that the server name
is not in the list of configured servers.
HPDMG0455W The API function is not supported
by this registry type.
Explanation: An attempt was made to use a registry
API function that is not supported by the installed
registry type.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG0462E The AZN application returned an
error.
Explanation: The admin service plugin has returned
an error.
Administrator response: Refer to the admin service
plugin documentation.
HPDMG0463E A protected object %s was requested
from the %s application. The application
returned the following error: (0x%8.8lx).
Explanation: The Security Access Manager policy
server will request protected object information from
applications at various times. This information is used
to facilitate management of the protected object space.
An error has occurred while attempting to retrieve this
information.
Administrator response: The application might not be
configured correctly. Check the returned error code,
make any necessary corrections, and retry the
operation.
HPDMG0464E A list of child protected objects
under the parent protected object %s
was requested from the %s application.
The application returned the following
error: (0x%8.8lx).
HPDMG0465E • HPDMG0613E
Explanation: The Security Access Manager policy
server will request protected object information from
applications at various times. This information is used
to facilitate management of the protected object space.
An error has occurred while attempting to retrieve this
information.
Administrator response: The application might not be
configured correctly. Check the returned error code,
make any necessary corrections, and retry the
operation.
HPDMG0465E An administration task was
forwarded to the %s application. The
application returned the following error:
(0x%8.8lx).
Explanation: The Security Access Manager policy
server attempted to forward the requested
administration task to the application. The application
returned an error indicating the task could not be
performed.
Administrator response: The application might not be
configured correctly. Check the returned error code,
make any necessary corrections, and retry the
operation.
HPDMG0466E A list of supported administration
tasks was forwarded to the %s
application. The application returned
the following error: (0x%8.8lx).
Explanation: The Security Access Manager policy
server requested the list of supported administration
tasks from the application. The application returned an
error indicating that the list could not be provided.
Administrator response: The application may not be
configured correctly. Check the returned error code,
make any necessary corrections, and retry the
operation.
HPDMG0467E A policy database update notification
was sent to the %s application. The
application returned the following error:
(0x%8.8lx).
Explanation: The Security Access Manager policy
server sent a database update notification to the
application. This notification informs the application
that a change has been made to the policy database.
Administrator response: The application may not be
configured correctly. Check the returned error code and
make any necessary corrections. You can force a
database update notification to be sent by using the
"server replicate" administration command.
HPDMG0600E
Object not found.
Explanation: The Security Access Manager policy
server received a request that referenced an object
which was not found in the policy database.
Administrator response: Ensure that the requested
object exists and is referenced correctly.
HPDMG0601E
Object already exists.
Explanation: The Security Access Manager policy
server received a create protected object request for an
object name that already exists in the policy database.
Administrator response: Ensure that the requested
protected object name does not already exist.
HPDMG0609E The specified group container cannot
be used as it corresponds to an existing
group name.
Explanation: The Security Access Manager policy
server received a request to create a group container
specifying a container name that already exists as a
group name.
Administrator response: Ensure that the group name
does not already exist.
HPDMG0611E This operation is not supported for
the objects in this object space.
Explanation: A Security Access Manager admin
service plugin has received a request that is not
supported.
Administrator response: Refer to the admin service
plugin documentation to determine the capabilities of
the plugin.
HPDMG0612E The operation requested cannot be
performed on the root object.
Explanation: The Security Access Manager policy
server received a request to create, delete, or modify
the root object. These operations are not permitted.
Administrator response: No action is required.
HPDMG0613E One or more of the child object
names was invalid.
Explanation: The Security Access Manager policy
server received a request with a protected object as an
argument. The object string contained at least one child
object that was not present in the policy database.
Administrator response: Ensure that the protected
object is specified correctly.
Chapter 2. Security Access Manager Base Messages
115
HPDMG0614W • HPDMG0626E
HPDMG0614W One or more ACL entries contain
both the Add (A) and Password (W)
capabilities. These capabilities
potentially create a security
vulnerability if they are granted to an
administrator of a group. The
administrator may then add any user to
the group and then change the user's
password.
Explanation: With both capabilities, the administrator
of a group of users may add any user to the group and
then change the user's password.
Administrator response: Only grant both of these
capabilities to the same administrator under special
controlled circumstances or to a highly trusted user.
HPDMG0615W One or more ACL entries contain
both the Add (A) and Modify (m)
capabilities. These capabilities
potentially create a security
vulnerability if they are granted to an
administrator of a group. The
administrator may then add any user to
the group and then change the user's
data.
Explanation: With both capabilities, the administrator
of a group of users may add any user to the group and
then change the user's data.
Administrator response: Only grant both of these
capabilities to the same administrator under special
controlled circumstances or to a highly trusted user.
HPDMG0616W One or more ACL entries contain
both the Add (A) and Delete (d)
capabilities. These capabilities
potentially create a security
vulnerability if they are granted to an
administrator of a group. The
administrator may then add any user to
the group and then delete the user.
Explanation: With both capabilities, the administrator
of a group of users may add any user to the group and
then delete user.
Administrator response: Only grant both of these
capabilities to the same administrator under special
controlled circumstances or to a highly trusted user.
HPDMG0619E The user is not authorized to view
attached ACL information.
Explanation: Attached ACL information is available at
the specified protected object location, however, the
user is not authorized to view ACLs.
Administrator response: No action is required.
116
Version 7.0: Error Message Reference
HPDMG0620E The user is not authorized to view
attached POP information.
Explanation: Attached POP information is available at
the specified protected object location, however, the
user is not authorized to view POPs.
Administrator response: No action is required.
HPDMG0621E The user is not authorized to view
attached Rule information.
Explanation: Attached Rule information is available at
the specified protected object location, however, the
user is not authorized to view Rules.
Administrator response: No action is required.
HPDMG0622E The user is not authorized to view
effective ACL information.
Explanation: Effective ACL information is available at
the specified protected object location, however, the
user is not authorized to view ACLs.
Administrator response: No action is required.
HPDMG0623E The user is not authorized to view
effective POP information.
Explanation: Effective POP information is available at
the specified protected object location, however, the
user is not authorized to view POPs.
Administrator response: No action is required.
HPDMG0624E The user is not authorized to view
effective Rule information.
Explanation: Effective Rule information is available at
the specified protected object location, however, the
user is not authorized to view Rules.
Administrator response: No action is required.
HPDMG0625E The user is not authorized to view
one or more protected objects where the
requested ACL is attached.
Explanation: See text.
Administrator response: No action is required.
HPDMG0626E The user is not authorized to view
one or more protected objects where the
requested POP is attached.
Explanation: See text.
Administrator response: No action is required.
HPDMG0627E • HPDMG0761W
HPDMG0627E The user is not authorized to view
one or more protected objects where the
requested authzrule is attached.
Explanation: See text.
Administrator response: No action is required.
HPDMG0628E The specified network addresses
cannot be processed by the Security
Access Manager policy server.
Explanation: This error may occurr if the network
addresses are invalid, or the addresses are in IPv6
format and the Security Access Manager policy server
is running on an operating system that does not
support IPv6.
HPDMG0756W
Incorrect current password.
Explanation: The correct current password must be
provided to be able to change the password.
Administrator response: Retry the change password
operation specifying the correct current password.
HPDMG0757W The Distinguished Name (DN) is
already configured as a user.
Explanation: This error can occur when creating or
importing a user. It is generated because the DN
provided has been successfully created or imported
before.
Administrator response: Ensure that the DN specified
is correct.
Administrator response: No action is required.
HPDMG0752E More than one matching
Distinguished Name (DN) was found.
Explanation: Multiple entries have been found in the
LDAP registry when only one was expected.
Administrator response: Ensure that the LDAP
registry has not been modified using external tools.
HPDMG0753E An invalid format of the
authorization mechanism attribute was
found in the user entry.
Explanation: The correct format is
<AppName>:<mechanism>[,<mechanism>....]. The
default is Default:LDAP. This information is stored in
the secUser object's secLoginType attribute.
Administrator response: Ensure that the LDAP
registry has not been modified using external tools.
HPDMG0754W The entry was not found. If a user
or group is being created, ensure that
the Distinguished Name (DN) specified
has the correct syntax and is valid.
Explanation: A search of the LDAP registry did not
locate the entry.
Administrator response: Ensure that the name
specified is correct. If a user or group is being created
or imported, ensure that the Distinguished Name (DN)
specified has the correct syntax and is valid.
HPDMG0755W The specified Distinguished Name
(DN) does not exist.
HPDMG0758W The Distinguished Name (DN) is
already configured as a group.
Explanation: This error can occur when creating or
importing a group. It is generated because the DN
provided has been successfully created or imported
before.
Administrator response: Ensure that the DN specified
is correct.
HPDMG0759W The user name already exists in the
registry.
Explanation: A user already exists with the user name
chosen. If Microsoft Active Directory registry is used,
the error may apply to the sAMAccountName,
userPrincipalName or the CN attributes of the registry
user object.
Administrator response: Specify a different user
name.
HPDMG0760W The group name already exists in
the registry.
Explanation: A group already exists with the group
name chosen.
Administrator response: Specify a different group
name.
HPDMG0761W The entry referred to by the
Distinguished Name (DN) must be a
person entry.
Explanation: See message.
Explanation: Security Access Manager validates that
the Distinguished Name (DN) provided is the DN of a
person entry.
Administrator response: Make sure the specified DN
is a valid LDAP entry.
Administrator response: Ensure that the DN specified
refers to a person type entry.
Chapter 2. Security Access Manager Base Messages
117
HPDMG0762W • HPDMG0771E
HPDMG0762W The entry referred to by the
Distinguished Name (DN) must be a
group entry.
Explanation: Security Access Manager validates that
the Distinguished Name (DN) provided is the DN of a
group (accessGroup, groupOfNames, or
groupOfUniqueNames).
Administrator response: Ensure that the DN specified
refers to a group type entry.
HPDMG0763E LDAP is not configured as a registry
of users and groups.
Explanation: During configuration of Security Access
Manager, LDAP was not chosen as the registry type to
store user and group information.
Administrator response: Reconfigure Security Access
Manager if the LDAP registry should have been
selected.
HPDMG0764E
An internal error has occurred.
Explanation: This error indicates an unexpected
condition has occurred. For example, this may be
generated if a return code is received from the LDAP
server that was unexpected.
Administrator response: Retry the operation. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0765W The request made to the LDAP
server exceeded the server's configured
time limit.
Explanation: The LDAP server can be configured for
the maximum amount of time allowed to process a
request. If it takes too long to fulfill a particular
request, then this error is returned.
Administrator response: Ensure that the LDAP server
is configured to allow adequate time to process
requests. This time might have to be extended if the
server is busy.
HPDMG0766W The search request exceeded the
maximum number of entries the LDAP
server is allowed to return.
Explanation: This limit is imposed from two sources.
First, the LDAP server has a configurable size limit
setting. Second, Security Access Manager has a default
size limit of 2048. The effective size limit will be the
smaller of the two.
Administrator response: Ensure that the LDAP server
is configured to allow the number of entries required to
be returned. The Security Access Manager limit can be
118
Version 7.0: Error Message Reference
set using the max-search-size parameter in the [ldap]
stanza of the .conf configuration file.
HPDMG0767E The Distinguished Name (DN) has
an invalid syntax.
Explanation: A Distinguished Name (DN) consists of a
set of attribute value assertions (for example, o=ibm)
separated by commas. Either the DN specified is
invalid or a value input when used to construct the DN
caused an invalid DN to be constructed.
Administrator response: Ensure the DN syntax is
correct.
HPDMG0768E
Unable to login.
Explanation: The password or login Distinguished
Name (DN) is incorrect.
Administrator response: Ensure that the admin-dn or
admin-pwd in the [ldap] stanza of the .conf
configuration files have not been modified. If the
configuration has been modified or corrupted, restore
the configuration from a backup copy or reconfigure.
HPDMG0769E There were insufficient LDAP access
privileges to allow Security Access
Manager to create and delete entries in
the registry.
Explanation: The portion of the LDAP namespace
where users and groups are created or maintained must
have access contol lists (ACLs) set to permit the
Security Access Manager Security Group proper
authority. This access is normally set when the policy
server is configured.
Administrator response: Ensure that the LDAP server
access controls allow the Security Access Manager
Security Group to create and delete entries in the
namespace.
HPDMG0770E The settings defined for the entry are
invalid (object class violation).
Explanation: An attempt to create or update an entry
in the LDAP registry failed because it did not agree
with the LDAP schema definition. For example, an
attribute was given a value larger than the maximum
size allowed by the attribute's LDAP schema definition.
Administrator response: Ensure that the Security
Access Manager schema is correctly applied. This is
normally automatically done when the policy server is
configured.
HPDMG0771E Cannot delete the entry completely
because it has unexpected subentries in
the LDAP registry. This is usually
because the user or group being deleted
is a member of another domain.
HPDMG0772W • HPDMG0781E
Explanation: An attempt was made to delete an entry
in the LDAP namespace. However, the entry contains
subentries that cannot be deleted. If a user or group is
being deleted, ensure the user or group Distinguished
Name (DN) is not a member of another domain.
Administrator response: Security Access Manager is
unable to delete the entry. If a user or group is being
deleted with the -registry option, check to ensure that
the user or group is not a member of another domain
and retry the operation.
HPDMG0772W
The entry already exists.
Explanation: See message.
Administrator response: Choose a different name or
accept the existing entry.
HPDMG0777W The LDAP referral limit was
exceeded.
Explanation: The LDAP servers can be configured
with referrals from one server to another to split the
namespace. There is a maximum number of referrals
that is followed to locate the final server. This default is
10.
Administrator response: Ensure that the network of
LDAP servers using referrals does not exceed the limit.
HPDMG0778E The SSL initialization failed for
connection to the LDAP server.
Explanation: Security Access Manager attempted to
create an SSL connection with the LDAP server but the
SSL session could not be established.
Explanation: See message.
Administrator response: Ensure that the server's SSL
certificate is correct and that the Security Access
Manager key file contains a certificate of the Certificate
Authority (signer) that can validate the certificate.
Administrator response: Activate the LDAP server,
restart Security Access Manager, and retry the
operation.
HPDMG0779E An SSL parameter error occurred
when connecting to the LDAP server.
HPDMG0774E Illegal characters were specified in
the LDAP search filter.
Explanation: Security Access Manager attempted to
create an SSL connection with the LDAP server but the
SSL session could not be established.
HPDMG0773E The request failed because the LDAP
server is down.
Explanation: When Security Access Manager
attempted a search request, the resulting filter was
unacceptable to LDAP.
Administrator response: If a pattern is being
specified, ensure that it is syntactically correct. If a user
or group name is being specified, ensure that it does
not contain special characters that could cause the filter
to be invalid.
HPDMG0775E Not enough memory was available to
perform the operation.
Explanation: See message.
Administrator response: Restart Security Access
Manager and retry the operation.
HPDMG0776E An error connecting to the LDAP
server has occurred.
Explanation: A connection could not be established
with the configured LDAP server.
Administrator response: Ensure that the LDAP server
has the correct configured host name and port number
and that the server is active.
Administrator response: Ensure that the server's SSL
certificate is correct and that the Security Access
Manager key file contains a certificate of the Certificate
Authority (signer) which can validate that certificate.
HPDMG0780E The SSL handshake failed when
connecting to the LDAP server.
Explanation: Security Access Manager attempted to
create an SSL connection with the LDAP server but the
SSL session could not be established.
Administrator response: Ensure that the server's SSL
certificate is correct and that the Security Access
Manager key file contains a certificate of the Certificate
Authority (signer) which can validate that certificate.
HPDMG0781E SSL failed to establish the requested
encryption cipher level when connecting
to the LDAP server.
Explanation: Security Access Manager attempted to
establish an SSL connection with the LDAP server but
was unable to acquire the required cipher.
Administrator response: Configure the LDAP server
SSL settings for a lower encryption cipher level and
retry the operation.
Chapter 2. Security Access Manager Base Messages
119
HPDMG0782E • HPDMG0900E
HPDMG0782E SSL was not available for connection
to the LDAP server.
HPDMG0788E Unable to sign certificate due to an
unexpected error.
Explanation: Security Access Manager was configured
to use SSL for connection with the LDAP server but the
SSL support is not available.
Explanation: An unexpected internal processing error
has occurred while trying to create an SSL certificate.
Administrator response: Ensure that the GSKit is
properly installed. See the Security Access Manager
Base Installation Guide for information to install GSKit.
HPDMG0783E The SSL Key Database File was not
found for connection to the LDAP
server.
Explanation: Security Access Manager attempted to
open an SSL connection with the LDAP server but
could not locate the specified key database file.
Administrator response: Ensure that the configured
Key Database File has the correct name and that the
permissions allow Security Access Manager to read the
file.
HPDMG0784E The SSL password was not specified
for connection to the LDAP server.
Explanation: Security Access Manager attempted to
open an SSL connection with the LDAP server but no
password for the key database file was specified.
Administrator response: Ensure that the correct
password is configured for the Security Access
Manager key database file.
HPDMG0786E Unable to sign certificate because of
missing attribute definitions in the
LDAP schema.
Explanation: The LDAP schema for the secCertDN
and secCertSerialNumber attributes is missing.
Administrator response: Ensure that LDAP is
properly configured and that the Security Access
Manager schema has been correctly applied. This is
normally automatically done when the policy server is
configured.
HPDMG0787E Unable to sign certificate due to
unexpected error (0x%8.8lx).
Explanation: An unexpected internal processing error
has occurred while trying to create an SSL certificate.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
120
Version 7.0: Error Message Reference
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0789W The user Distinguished Name (DN)
cannot be created because it already
exists.
Explanation: This error can occur when creating a
user. It is generated because the DN provided already
exists in the registry.
Administrator response: You can either choose to
delete this DN and retry the operation or use the
import command to make the DN specified a Security
Access Manager user.
HPDMG0790W The group Distinguished Name
(DN) cannot be created because it
already exists.
Explanation: This error can occur when creating a
group. It is generated because the DN provided already
exists in the registry.
Administrator response: You can either choose to
delete this DN and retry the operation or use the
import command to make the DN specified a Security
Access Manager group.
HPDMG0793E Duplicate member assignment was
attempted. No members have been
added.
Explanation: All members to be added to a group
must be new members.
Administrator response: Remove users from the list
that are already members of the group.
HPDMG0900E The Distinguished Name (DN)
cannot be determined.
Explanation: The specified entry cannot be found on
the LDAP server, or more than one exists when only
one was expected.
Administrator response: Ensure the resource or
resource group name is correct.
HPDMG0901E • HPDMG0911E
HPDMG0901E Cannot determine the exported
suffixes on the LDAP Server.
HPDMG0906E The configured LDAP server is not
correct version.
Explanation: The LDAP server encountered an error
while performing a suffix search.
Explanation: A downlevel version of The LDAP server
is configured into Security Access Manager. This can
result from upgrading Access Manager without
upgrading the LDAP server.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0902E LDAP server SSL initialization
failed.
Explanation: Security Access Manager cannot initialize
an SSL session with the LDAP server.
Administrator response: Ensure the LDAP server is
properly configured and is up and running.
HPDMG0903E
Administrator response: Ensure the supported version
of LDAP server is configured into the Security Access
Manager environment.
HPDMG0907E A memory allocation error in the
GSO Management API.
Explanation: A error occurredThe Global Sign-On
(GSO) Management API attempted to allocate memory.
Administrator response: This is potentially a
temporary condition. Attempt to free up memory by
closing other running applications. If the problem
persists, increase the system memory in the machine
The LDAP server cannot be located.
Explanation: Security Access Manager cannot initialize
an SSL session with the LDAP server.
Administrator response: Ensure the LDAP server is
properly configured and is up and running.
HPDMG0904E LDAP server bind options cannot be
initialized.
Explanation: Security Access Manager has
encountered bind option errors while attempting to
contact the LDAP server.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0905E Invalid parameters passed to GSO
Management API.
Explanation: Invalid parameter data has been
provided to the Global Sign-On (GSO) Management
API.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0908E Cannot perform remove operation,
because subdirectories exist.
Explanation: An attempt was made to remove
Security Access Manager Global Sign-On (GSO)
resource object without first removing its subobjects.
Administrator response: Remove the GSO subobjects
then retry the operation.
HPDMG0909E GSO Management API reports that
invalid data was specified.
Explanation: Invalid parameter data has been
provided to the Global Sign-On (GSO) Management
API.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0910E
Cannot find the member resource.
Explanation: An attempt was made to remove a
Global Sign-On (GSO) resource from a resource group,
but the resource was not a member.
Administrator response: Ensure that the name of the
resource to be removed exists and is a member of the
resource group.
HPDMG0911E Cannot access GSO database. Invalid
user name or password.
Explanation: The Security Access Manager policy
server attempted to access the Global Sign-On (GSO)
database but the identity was not authorized
Chapter 2. Security Access Manager Base Messages
121
HPDMG0912E • HPDMG0921E
Administrator response: Ensure that the directory
server access control settings have not been altered. The
policy server identity, specified in the ivmgrd.conf file,
must have the authority to search and make updates to
the Global Sign-On (GSO) data.
HPDMG0912E User not authorized to perform
operation.
Explanation: The portion of the LDAP namespace
where users and groups are created or maintained must
have access contol lists (ACLs) set to permit the
Security Access Manager Security Group proper
authority. This access is normally set when the policy
server is configured.
Administrator response: Ensure that the LDAP server
access controls allow the Security Access Manager
Security Group to access entries in the namespace.
HPDMG0913E Cannot connect to GSO database
LDAP Server. Either the LDAP Server is
inactive or busy.
Explanation: See text.
Administrator response: Retry this operation when
the LDAP Server is available.
HPDMG0914E GSO database not found on LDAP
server.
Explanation: The Security Access Manager is unable
to locate the Global Sign-On (GSO) objects in the user
registry.
Administrator response: Ensure the Security Access
Manager Global Sign-On (GSO) definition is properly
defined in the user registry. Also, verify the Access
Manager is configured properly.
HPDMG0915E No SSL connection exists between
Security Access Manager and the LDAP
server.
Explanation: Security Access Manager attempted to
create an SSL connection with the LDAP server but the
SSL session could not be established.
Administrator response: Ensure that the server's SSL
certificate is correct and that the Security Access
Manager key file contains a certificate of the Certificate
Authority (signer) that can validate the certificate.
HPDMG0916E No account information for GSO
resource credential found.
Explanation: A request was made to retrieve the
account information from a Global Sign-On (GSO)
resource credential but none was found.
Administrator response: Either create or modify the
resource credential for the specified user to specify the
122
Version 7.0: Error Message Reference
account information (user id and password).
HPDMG0917E The specified GSO resource
credential was not found.
Explanation: The Global Sign-On (GSO) resource
credential was not found at the LDAP server.
Administrator response: Ensure that the Global
Sign-On (GSO) resource credential is specified correctly
for the user indicated and that the resource credential
type (web or group) is specified correctly. The pdadmin
rsrccred list user command can be used to determine
the set of defined credentials for the user.
HPDMG0918E The requested GSO resource was not
found.
Explanation: The Global Sign-On (GSO) resource was
not found at the LDAP server.
Administrator response: Ensure that the Global
Sign-On (GSO) resource is specified correctly. The
pdadmin rsrc list command can be used to determine
the current set of defined resources.
HPDMG0919E The GSO resource type could not be
determined.
Explanation: The Global Sign-On (GSO) resource type
could not be retrieved from the LDAP server.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0920E
Resource group not found.
Explanation: The specified Global Sign-On (GSO)
resource group was not found at the LDAP server.
Administrator response: Ensure that the resource
group was specified correctly. The pdadmin rsrcgroup
list command can be used to determine the current set
of defined resource groups.
HPDMG0921E The specified user identity was not
found.
Explanation: The specified user is not known to
Security Access Manager.
Administrator response: Specify a user that is defined
to Security Access Manager.
HPDMG0922E • HPDMG0961E
HPDMG0922E
The specified user is not a GSO user.
Explanation: The specified user is not configured as a
Global Sign-On (GSO) user.
Administrator response: Use pdadmin to configure
the user as a Global Sign-On (GSO) user.
HPDMG0923E
Administrator response: Either choose a different
name for the object being created or delete the existing
object and re-create it.
Object not found.
Explanation: The specified Global Sign-On (GSO)
resource, resource group or resource credential could
not be found.
Administrator response: Ensure that the name of the
resource, resource group or resource credential is
specified correctly.
HPDMG0925E An unexpected exception occurred in
the GSO Management API.
Explanation: Security Access Manager encountered an
unexpected error while processing Global Sign-On
(GSO) data.
Administrator response: Check the Security Access
Manager error log for additional information. If after
re-trying the operation, the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG0931E
Explanation: LDAP is not enabled in the ldap stanza
of the iv.conf file.
Administrator response: Modify the configuration file
to enable LDAP.
Object already exists.
Explanation: The Global Sign-On (GSO) resource,
resource group or resource credential already exists.
HPDMG0924E
HPDMG0937E LDAP is not enabled in the ivmgrd
configuration file.
The specified user is inactive.
Explanation: The specified user is a defined Security
Access Manager user, but is not active.
Administrator response: Ensure the desired user is
both an active Security Access Manager user, and a
Global Sign-On (GSO) user.
HPDMG0942E The GSO management function
returns unknown error.
Explanation: An unknown error has been returned by
the Global Sign-On (GSO) Management API
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG0943E
Invalid name.
Explanation: Security Access Manager invoked the
Global Sign-On (GSO) interface with an invalid name.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG0957E
Resource Type
Explanation: none needed
Administrator response: none needed
HPDMG0960E An LDAP limit (timelimit or
sizelimit) was exceeded.
Explanation: See text.
Administrator response: Ensure the LDAP server is
correctly configured.
HPDMG0961E An unrecoverable LDAP error has
occurred.
Explanation: See text.
HPDMG0932E The GSO Management Function is
not implemented.
Explanation: Security Access Manager attempted to
perform a Global Sign-On (GSO) function which is not
supported.
Administrator response: Refer to the Security Access
Manager error log for more information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
123
HPDMG1052E • HPDMG1067E
HPDMG1052E
A registry memory allocation failed.
Explanation: An attempt to allocate memory using the
registry adapter API returned a NULL pointer.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1053E
The configuration file is invalid.
Explanation: One of the configuration files (for
example, domino.conf) could not be opened or was
missing some required information.
Administrator response: Repair or replace the server
and/or registry .conf files in the etc subdirectory. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDMG1054E A registry input/output error has
occurred.
Explanation: The registry server had an error while
processing a request.
Administrator response: Verify that the registry server
is functioning normally before retrying the operation.
HPDMG1055E
A registry SSL error has occurred.
Explanation: An error occurred during Secure Sockets
Layer (SSL) communications with the registry server.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1056E A registry initialization error has
occurred.
Explanation: A registry API call was made with an
invalid parameter, or the registry type could not be
determined or is not configured correctly.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1057E
A registry data error has occurred.
Explanation: One of several basic registry functions
has failed.
Administrator response: Verify that the registry server
is functioning normally before retrying the operation.
124
Version 7.0: Error Message Reference
HPDMG1058E The user is not defined in the
registry.
Explanation: The specified user ID was not found in
the registry database.
Administrator response: Verify that the user ID is
spelled correctly and that it exists in the registry
database for the domain to which you are logged in.
HPDMG1059E
Group is not defined in the Registry.
Explanation: The specified group ID was not found in
the registry database.
Administrator response: Verify that the group ID is
spelled correctly and that it exists in the registry
database for the domain to which you are logged in.
HPDMG1064E
The group member was not found.
Explanation: The group has no members or the
specified member was not found in the group.
Administrator response: Verify that the group name
and member ID is spelled correctly and that they both
exist in the registry database for the domain to which
you are logged in.
HPDMG1065E
An invalid user type was specified.
Explanation: When the calling program requested a
list of users it did not specifiy one of the 3 allowed
types.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1066E
An invalid group type was specified.
Explanation: When the calling program requested a
list of groups it did not specifiy one of the 3 allowed
types.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1067E The Universal Unique Identifier
(UUID) was not specified.
Explanation: The UUID used to find a user in the
registry was missing from the lookup operation.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1068E • HPDMG1079E
HPDMG1068E An invalid group identification or
Distinguished Name (DN) was
specified.
Explanation: A group operation was attempted for the
wrong domain or the group's registryGID value (also
known as the DN) was invalid. The DN entered may
contain invalid characters or be in an invalid format.
Administrator response: Select another name or a
variation for this user.
HPDMG1074E The group is already defined in the
registry.
Explanation: A group with the name you chose is
already in the registry.
Administrator response: Correct the registry group ID
(or DN) that you specified and retry the operation.
Administrator response: Select another name or a
variation for this group.
HPDMG1069E An invalid policy identification was
specified.
HPDMG1075E The policy is already defined in the
registry.
Explanation: A user specific policy that was expected
to be in the registry was not found.
Explanation: A policy object already exists for the
chosen user.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1070E An invalid resource identification
was specified.
HPDMG1076E The resource is already defined in
the registry.
Explanation: A resource that was expected to be in the
registry was not found.
Explanation: A resource object already exists with the
specified name.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Select another name for the
new resource object.
HPDMG1071E An invalid resource group
identification was specified.
Explanation: A resource group that was expected to
be in the registry was not found.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1072E Invalid resource credentials
identification was specified.
Explanation: A resource credential that was expected
to be in the registry was not found.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1073E The user is already defined in the
registry.
HPDMG1077E The resource group is already
defined in the registry.
Explanation: A resource group object with the
specified name already exists in the registry.
Administrator response: Select another name for the
new resource group object.
HPDMG1078E The resource credentials are already
defined in the registry.
Explanation: A resource credential object with the
specified name already exists.
Administrator response: Select another name for
which to create a resource credential object.
HPDMG1079E The user registry identification is not
unique in the registry.
Explanation: More than one user in the registry shares
the specified registryID.
Administrator response: Select another user registryID
or modify the users to have unique registry IDs.
Explanation: A user with the name you chose is
already in the registry.
Chapter 2. Security Access Manager Base Messages
125
HPDMG1080E • HPDMG1092W
HPDMG1080E The group registry identification is
not unique in the registry.
Explanation: More than one group in the registry
shares the specified registryID.
intended to re-create a previously deleted domain.
HPDMG1087E The domain name specified is
invalid.
Administrator response: Select another group
registryID or modify the groups to have unique
registry IDs.
Explanation: The domain name specified is not
allowed. Either the name is too long, contains invalid
characters, or does not match the Active Directory
domain name.
HPDMG1081W Not all requested users were
assigned to group (%s).
Administrator response: Ensure that the domain
name is not too long and that for Active Directory it
matches the Active Directory domain name.
Explanation: There was a problem assigning one or
more users to a group.
Administrator response: Make sure the users in the
user list are specified correctly.
HPDMG1082W Not all requested users were
removed from group (%s).
Explanation: There was a problem removing one or
more users from a group.
Administrator response: Make sure the users in the
user list are specified correctly.
HPDMG1083W
The domain name already exists.
Explanation: The name that you specified for the new
domain already exists in the registry.
Administrator response: Choose another name for the
new domain.
HPDMG1084W
The domain name is unknown.
Explanation: The domain name that you specified
could not be found in the registry.
Administrator response: Verify the spelling of the
name of the domain and retry the command.
HPDMG1085E The location specified in which to
create the management domain does not
exist.
Explanation: The location in which to create the
management domain that you specified could not be
found in the registry.
Administrator response: Verify the location to be used
to create the management domain and retry the
command.
HPDMG1086W The domain has been re-created
successfully.
Explanation: The domain being created had
previously existed and had not been removed from the
registry.
Administrator response: Ensure that the administrator
126
Version 7.0: Error Message Reference
HPDMG1088W
The registry client is not available.
Explanation: An attempt was made to access a
registry type that is not installed.
Administrator response: Make sure the same registry
type is configured for all servers.
HPDMG1089W Multiple registry routing is not
supported.
Explanation: An attempt was made to use multiple
registry routing, which is not a supported function.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1090W The registry server is down or
cannot be contacted.
Explanation: An attempt to contact the registry server
failed. Either the server is not up or the
communications path to it has been disrupted.
Administrator response: Verify that the registry server
is up and functioning normally and that this client can
communicate with it. If Active Directory is used as a
user registry, an incorrect distinguished name (DN)
input (if applicable) also results in this error.
HPDMG1091W The user does not have the rights to
perform requested operation.
Explanation: The server has indicated the user does
not have the right to perform the requested operation.
Administrator response: Verify that the user whose
credentials are being used has the authority to perform
the requested operation.
HPDMG1092W The registry client received a
non-SSL communications error when
communicating with the registry server.
Explanation: A non-SSL communication error occurred
between this server and the server that provides the
registry service.
HPDMG1093W • HPDMS0429E
Administrator response: Verify that this server and its
registry server are configured correctly for non-SSL
communications.
HPDMG1093W
No more entries are in the list.
Explanation: A program processing a list of registry
entries has tried to get an entry beyond the end of the
list.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1094W The required list parameter is
missing from the API call.
Explanation: A program failed to provide a list
parameter that is required for the API call it made.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDMG1950E The user is already a member of the
group.
Explanation: The Security Access Manager policy
server received a request to add a user to a group in
which the user was already a member.
Administrator response: No action is required.
HPDMG1951E
The management domain is empty.
Explanation: The Security Access Manager policy
server returned an empty value for the domain name.
HPDMG1954E The requested command is not
supported for the registry specified.
Explanation: The Security Access Manager policy
server received an administration command that is not
supported using the currently configured registry.
Administrator response: Ensure that the
administration command is supported by the registry
configured for Security Access Manager.
HPDMG2100E The policy proxy server could not be
started (0x%8.8lx).
Explanation: The policy proxy server encountered an
error during initialization.
Administrator response: Check pdmgrproxyd.log for
additional information.
HPDMS0406E
Could not read from rule file %s
Explanation: The specified rule file could not be
opened or read.
Administrator response: Ensure that the specified rule
file exists on the system and that the user who invoked
pdadmin has read permission on the file.
HPDMS0412E
Invalid argument
Explanation: An invalid argument was passed to a
library routine that accesses a non-LDAP registry.
Administrator response: Ensure that all arguments
supplied to the command line or programming
interface are valid.
HPDMS0416E
Unknown internal exception
Administrator response: Ensure that the policy server
is configured correctly and is reachable.
Explanation: This typically means that there is interor intra-process contention for access to the policy
database.
HPDMG1952E The requested command is no longer
supported.
Administrator response: Stop and restart all of the
Security Access Manager servers running on the system
that exhibits the error. If the problem persists, increase
the per-process limits of system resources (available
threads, available open file handles, and so forth),
reboot the system, and restart the Security Access
Manager servers.
Explanation: An attempt was made to use a command
that is no longer supported in the installed version of
Security Access Manager.
Administrator response: Upgrade your application or
revert to the previously installed version of Security
Access Manager.
HPDMG1953E The admin command input data that
is required is missing or invalid.
Explanation: The Security Access Manager policy
server received a request that contained incomplete or
missing input data.
Administrator response: Ensure that all input data
required for the admin command is provided.
HPDMS0429E
Invalid command
Explanation: The Security Access Manager policy
server has received a command it does not recognize.
This may mean that the server is incompatible with the
client.
Administrator response: Ensure the Security Access
Manager policy server supports the release level of the
clients.
Chapter 2. Security Access Manager Base Messages
127
HPDMS0461E • HPDMS4071E
HPDMS0461E Extract of entry %s from stanza %s in
configuration file %s failed
HPDMS4061E Local authentication (local login) is
required to perform this operation
Explanation: The specified entry could not be found
in the specified stanza in the configuration file.
Explanation: For security reasons, most Security
Access Manager administration operations require an
authenticated session to perform local tasks.
Administrator response: Ensure that the entry, stanza,
and configuration file have been specified correctly.
HPDMS0462E
Administrator response: Login using the 'login -l'
subcommand and retry the operation.
Entry does not exist
Explanation: The specified entry could not be found
in the specified stanza in the configuration file.
Administrator response: Ensure that the entry, stanza,
and configuration file have been specified correctly.
HPDMS0463E Extract of stanza %s from
configuration file %s failed
Explanation: The specified stanza could not be found
in the configuration file.
HPDMS4068E The specified network IP address is
not in a valid IPv4 address format.
Explanation: The network IP address specified is not
in one of the industry standard formats permitted for
IPv4 addresses. See the Security Access Manager
documentation for further information regarding IPv4
formats.
Administrator response: Specify the address in a valid
IPv4 format
Administrator response: Ensure that the stanza and
configuration file have been specified correctly.
HPDMS4069E The specified netmask IP address is
not in a valid IPv4 address format.
HPDMS0465E The write operation to the
configuration file %s failed with error
code %d.
Explanation: The netmask IP address specified is not
in one of the industry standard formats permitted for
IPv4 addresses. See the Security Access Manager
documentation for further information regarding IPv4
formats.
Explanation: The specified configuration file could not
be written to.
Administrator response: Ensure that the user who
invoked pdconf has write permission on the
configuration file.
HPDMS0466E Can not retrieve information from the
ldap.conf configuration file.
Explanation: Required information could not be read
from the %PD_HOME%\etc\ldap.conf file.
Administrator response: Ensure that the ldap.conf
configuration file exists and is not corrupted. If the file
is missing or corrupted, then unconfigure the Security
Access Manager Runtime component and reconfigure.
HPDMS4047E Non-local authentication (login) is
required to perform this operation
Explanation: For security reasons, most Security
Access Manager administration operations require an
authenticated session with the Security Access Manager
policy server.
Administrator response: Login using the 'login'
subcommand and retry the operation. Do not use the
login -l option.
Administrator response: Specify the address in a valid
IPv4 format
HPDMS4070E The specified network IP address is
not in a valid IPv6 address format.
Explanation: The network IP address specified is not
in one of the industry standard formats permitted for
IPv6 addresses. Alternatively, on Win2k clients, IPv6
addresses cannot be specified since IPv6 addresses are
not supported by this platform. See the Security Access
Manager documentation for further information
regarding IPv6 formats.
Administrator response: Specify the IP address in a
valid IPv6 format. For Win2k clients, specify an IPv4
address or use an alternative client platform to specify
the IPv6 address.
HPDMS4071E The specified netmask IP address is
not in a valid IPv6 address format.
Explanation: The netmask IP address specified is not
in one of the industry standard formats permitted for
IPv6 addresses. Alternatively, on Win2k clients, IPv6
addresses cannot be specified since IPv6 addresses are
not supported by this platform. See the Security Access
Manager documentation for further information
regarding IPv6 formats.
Administrator response: Specify the IP address in a
valid IPv6 format. For Win2k clients, specify an IPv4
128
Version 7.0: Error Message Reference
HPDMS4072E • HPDMS4082E
address or use an alternative client platform to specify
the IPv6 address.
greater than or equal to 0. Use zero to return all entries
that are found.
HPDMS4072E The specified network and netmask
IP addresses must both be in IPv4 or
IPv6 address formats.
HPDMS4077E Name cannot begin with a space
character.
Explanation: The network IP address was specified in
IPv4 or IPv6 format and the netmask address was not
specified in the same format. Both IP addresses must be
specified in the same industry standard format for
either IPv4 or IPv6 addresses. See the Security Access
Manager documentation for further information
regarding IPv4 and IPv6 formats.
Administrator response: Specify the network and
netmask addresses using the same IP address format.
HPDMS4073E The network or netmask IP address
was specified as zero.
Explanation: The network IP address or netmask IP
address was specified using zeros. See the Security
Access Manager documentation for further information
regarding IPv4 and IPv6 formats.
Administrator response: Specify the network and
netmask addresses as valid, non-zero addresses.
HPDMS4074E The binary AND of network and
netmask addresses must be non-zero.
Explanation: The network IP address and netmask IP
address are combined using a bitwise AND. The
resulting masked network address cannot be zero. See
the Security Access Manager documentation for further
information regarding IPv4 and IPv6 formats.
Administrator response: Specify the network and
netmask addresses that do not result in a zero masked
network when combined.
HPDMS4075E Incorrect account-expiry-date.
Acceptable dates are between the
current date and 2035-12-31-23:59:59.
Explanation: The first character of the name was a
space character.
Administrator response: Specify a valid name without
leading space characters. For string names, ensure there
are no space characters after the opening quotation
mark.
HPDMS4078E User specified does not have an entry
in the ACL specified.
Explanation: The user specified does not exist for the
ACL specified.
Administrator response: No action required. If
desired, specify a different user or a different ACL.
HPDMS4079E Group specified does not have an
entry in the ACL specified.
Explanation: The group specified does not exist for
the ACL specified.
Administrator response: Specify a different group or a
different ACL.
HPDMS4080W The any-other entry does not exist
for the ACL specified.
Explanation: See message.
Administrator response: No action required.
HPDMS4081W The unauthenticated entry does not
exist for the ACL specified.
Explanation: See message.
Administrator response: No action required.
Explanation: The date specified was earlier than the
current date or greater than 2035-12-31-23:59:59.
HPDMS4082E ACL name contains characters that
are not allowed.
Administrator response: Specify an valid
account-expiry-date for the policy. Acceptable values
can be the current date or later but not greater than
2035-12-31-23:59:59
Explanation: The ACL name specified contains one or
more characters that are not allowed in ACL names.
HPDMS4076E Incorrect max-return value specified.
Use a value that is greater than or equal
to zero. Use zero to return all found.
Administrator response: Specify an ACL name that
contains valid characters. For information about
characters that are valid in ACL names, see the " IBM
Security Access Manager for Web Administration
Guide".
Explanation: The max-return value that was specified
was not an integer equal to or greater than 0.
Administrator response: Specify a valid integer value
for the max-return argument. Use a value that is
Chapter 2. Security Access Manager Base Messages
129
HPDMS4083E • HPDPZ0007E
HPDMS4083E Value for the 'type' option is not an
integer greater than or equal to zero.
HPDPZ0003E
Explanation: See message.
Administrator response: Specify an integer value that
greater than or equal to zero.
HPDMS4084E Value for the 'ispolicyattachable'
option is not a valid Boolean value.
Unexpected error opening XPG4
converter for codepage %s to %s
conversion. The iconv_open error code
is %d.
Explanation: The required codepage tables could not
be located.
Administrator response: On the Windows platforms,
ensure that LOCPATH and LANG environment
variables are set correctly.
Explanation: See message.
Administrator response: Specify a valid Boolean
value. Acceptable values are 'yes','no','true','false','1','0',
'on', or 'off'.
HPDPZ0004E
Unexpected error from
pthread_mutex_init(). The error code is
%d.
Explanation: An internal coding error has occurred.
HPDMS4085E Value is not an integer greater than
or equal to zero.
Explanation: See message.
Administrator response: Specify an integer value
greater than or equal to zero.
HPDMS4086E Value specified for option 'rsrctype' is
not 'web' or 'group'.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0005E
Unexpected error from
pthread_mutex_destroy(). The error code
is %d.
Explanation: See message.
Explanation: An internal coding error has occurred.
Administrator response: Specify a valid value for the
rsrctype parameter. Valid values include 'web' and
'group'.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0001E
Exception: %s File: %s %d Error:
%dNo text has been defined for this
exception.
HPDPZ0006E
Explanation: An exception was caught that has no
appropriate text to display. This is an internal error.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDPZ0002E
Memory allocation failure.
Explanation: A request to allocate memory failed.
Administrator response: Ensure that sufficient disk
space and memory are available in the system. If
restarting the server does not resolve the problem,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
130
Version 7.0: Error Message Reference
Unexpected error from
pthread_mutex_lock(). The error code is
%d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0007E
Unexpected error from
pthread_mutex_unlock(). The error code
is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0008E • HPDPZ0017E
HPDPZ0008E
Unexpected error from
pthread_cond_init(). The error code is
%d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0009E
Unexpected error from
pthread_cond_destroy(). The error code
is %d.
HPDPZ0013E
Explanation: An attempt to open a Windows registry
key has failed.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0014E
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0010E
Unexpected error from
pthread_cond_wait(). The error code is
%d.
Unexpected error from Windows
RegOpenKeyEx(). Opening of the
registry key %s failed with error %s.
Unexpected error from Windows
RegQueryValueEx(). Reading of the
value %s failed with error %s.
Explanation: An attempt to read a value from a
Windows registry key has failed.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0015E
Object is not cloneable.
Explanation: An internal coding error has occurred.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0011E
HPDPZ0016E
Unexpected error from
pthread_cond_signal(). The error code is
%d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0017E
HPDPZ0012E
This function is not supported on this
platform.
Explanation: An attempt was made to use an API that
is not supported on the current operating system.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Unexpected error from
pthread_attr_init(). The error code is %d.
Unexpected error from
pthread_attr_setdetachstate(). The error
code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
131
HPDPZ0018E • HPDPZ0028E
HPDPZ0018E
Unexpected error from
pthread_create(). The error code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0019E
Unexpected error from
pthread_attr_destroy(). The error code is
%d.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0024E
Unexpected error from WSAStartup().
The error code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0020E
An unknown exception was caught.
No exception information is available.
HPDPZ0025E
Unexpected error from gethostname().
The error code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0021E
Unexpected error from pthread_join().
The error code is %d.
HPDPZ0026E
Unexpected error from
gethostbyname(). The error code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0022E
Unexpected error from
pthread_cond_timedwait(). The error
code is %d.
HPDPZ0027E
Unexpected error from
pthread_cond_broadcast(). The error
code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0023E
A function or method was called with
an invalid parameter.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
132
Version 7.0: Error Message Reference
HPDPZ0028E
The configuration file %s is missing
the required attribute %s in stanza %s.
Explanation: A required attribute is missing probably
because the configuration file is damaged or was
modified incorrectly.
Administrator response: Provide a valid value for the
attribute or reconfigure the application.
HPDPZ0029E • HPDPZ0038E
HPDPZ0029E
Unexpected error from
pthread_key_create(). The error code is
%d.
HPDPZ0034E
An unexpected error was received
when trying to release a process lock.
The error code is %d.
Explanation: An internal coding error has occurred.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0030E
HPDPZ0035E
Unexpected error from
pthread_setspecific(). The error code is
%d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0036E
HPDPZ0031E
The requested function is not
implemented.
Explanation: An attempt was made to use an API that
is not implemented.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0032E
An unexpected lock state was
detected. The current lock state is %s.
Explanation: An internal coding error has occurred.
The current state of the resource lock is not valid for
the requested operation.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0033E
An unexpected error was received
when trying to obtain a process lock.
The error code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
A read operation failed for a process
lock. The error code is %d.
A write operation failed for a process
lock. The error code is %d.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0037E
A create operation failed for a process
lock. The error code is %d and the lock
file name is %s.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0038E
A close operation failed for a process
lock. The error code is %d and the lock
file name is %s.
Explanation: An internal coding error has occurred.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
133
HPDPZ0039E • HPDPZ0050E
HPDPZ0039E
The configuration file %s has an
invalid value %s for key %s in stanza
%s.
Explanation: An attribute value is incorrect.
Administrator response: Provide a valid value or
reconfigure the application.
HPDPZ0040E
The configuration file %s has an
invalid numeric value %s for key %s in
stanza %s.
Explanation: A numeric attribute has a non-numeric
value. The configuration file might be damaged or was
modified incorrectly.
Administrator response: Provide a valid value or
reconfigure the application.
HPDPZ0041E
The configuration file %s has an
invalid boolean value %s for key %s in
stanza %s.
Explanation: A boolean attribute has an invalid value.
The configuration file might be damaged or was
modified incorrectly.
Administrator response: Provide a valid value or
reconfigure the application.
HPDPZ0042E
The iterator for configuration file %s
is in an invalid state for the operation.
Explanation: The current state of the iterator does not
permit the attempted access.
Administrator response: This is an internal error.
Check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDPZ0043E
An access function failed for
configuration file %s. The access
function was %s and return code was
%d.
Explanation: An Input/Output operation could not be
performed on a configuration file. The daemon process
might not have proper permissions to access the file.
Administrator response: Ensure that the file and
directory permissions permit program access to the file.
Administrator response: Correct the invalid data or
reconfigure the application.
HPDPZ0045E
Explanation: The AMTISDIR environment variable
was not available to the application.
Administrator response: Ensure that application is
properly configured.
HPDPZ0046E
The configuration file %s contains
invalid data at line %d.Data: %s.
Explanation: The specified configuration file contains
valid data. This might be caused by a duplicate stanza
name in the file.
134
Version 7.0: Error Message Reference
The tis_mblen() function failed.
Probable cause is an invalid multi-byte
character.
Explanation: The function returned -1 if it could not
determine the length of the multibyte character.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDPZ0047E
The handle for codeset %s could not
be created.The AMTISDIR environment
variable is %s.
Explanation: The function failed. The AMTISDIR,
LC_CODE or LANG might not be correct.
Administrator response: Verify that the product is
properly installed and configured.
HPDPZ0048E
The function or operation is not
supported.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDPZ0049E
A string could not be converted from
the local codeset %s to UTF-8.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDPZ0050E
HPDPZ0044E
The AMTISDIR environment variable
is not set.
A string could not be converted from
UTF-8 to the local codeset %s.
Explanation: An internal error has occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDPZ0051E • HPDRA0011W
Shared Library error (%s) %d. %s
HPDPZ0051E
Explanation: An error occured loading or unloading a
shared library. Verify installation, permissions and path
settings to ensure that the library can be located.
support/index.html?ibmprd=tivman
HPDRA0004E
Component already exists.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDPZ0052E
HPDRA0005E
Shared Library resolve error (%s:%s)
%d. %s
Explanation: An error occured resolving a symbol in a
shared library. Verify installation to determine that the
correct library is being loaded.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDPZ0053E
Unexpected end of file encounted
while reading %s.
Explanation: An end of file character was
unexpectedly encountered while reading a file. Verify
that the file is valid.
Component not found.
Explanation: The specified trace component is not a
known component.
Administrator response: Retry the operation
specifying a valid component.
HPDRA0006E
Component handle is invalid.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRA0007E
Trace level is invalid.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: An invalid trace level has been specified.
HPDPZ0054E
HPDRA0008E
Internal error encountered while
loading Java property file %s.
Explanation: An internal state error was encountered
while loading a Java property file. The file was not
loaded.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Specify a valid trace level
and retry the operation.
Explanation: The specified component name does not
conform to the rules for a valid component name.
Administrator response: Specify a valid component
name. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRA0010E
HPDRA0001E
Trace is not initialized.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRA0002E
Trace initialization failed.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
Component name is invalid.
The specified destination is invalid.
Explanation: The log agent specified is invalid.
Administrator response: Specify a valid log agent and
retry the operation.
HPDRA0011W Serviceability component %s could
not be registered for dynamic trace:
0x%x: %s
Explanation: A serviceability component could not be
registered for dynamic trace for the reason indicated.
This condition is benign and does not stop operation of
the product however trace points for the identified
component can not be activated dynamically.
Administrator response: Check IBM Electronic
Chapter 2. Security Access Manager Base Messages
135
HPDRA0064E • HPDRA1094E
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRA0064E Unable to perform requested task:
0x%x: %s
Explanation: The task could not be performed for the
indicated reason.
Administrator response: Correct the problem
indicated and retry the operation.
HPDRA0065E The requested task is incomplete or
malformed.
Explanation: The task command is badly formed.
Administrator response: Specify a valid task
command and retry the operation.
HPDRA0066E
support/index.html?ibmprd=tivman
HPDRA0195E Statistics gathering for this
component is always on.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRA0196E Statistics gathering for this
component is not on.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
The requested task does not exist.
Explanation: A task name was specified that is not
handled by this server.
Administrator response: Specify a valid task name
and retry the operation.
HPDRA0068E The specified destination (%s) is
invalid.
Explanation: The log agent specified is invalid.
Administrator response: Correct the log agent
specification and retry the operation.
HPDRA0192E Statistics gathering is already
registered for this component.
HPDRA0197E The structure containing statistics
gathering functions is invalid.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRA1091E The specified component has not
been registered with the framework.
Explanation: A command has been received for which
there is no registered component.
Administrator response: Re-issue the command with
a valid component.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRA0193E Statistics gathering is not registered
for this component.
Explanation: No statistics gathering capability is
available for the specified component.
Administrator response: Only specify components
with statistics capabilities with statistics tasks.
HPDRA0194E Statistics gathering for this
component is already on.
Explanation: An internal error occurred.
Administrator response: Check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
136
Version 7.0: Error Message Reference
HPDRA1093E The component is already writing
transactional information to a file.
Explanation: An attempt was made to start the
transaction logging while it was already running.
Administrator response: Stop the component
transaction logging before issuing the start command.
HPDRA1094E A supplied transaction record is
larger than the specified maximum file
size: %d
Explanation: A transaction record was received which
exceeded the specified maximum file size.
Administrator response: Increase the maximum size
of the transaction log file.
HPDRA1095E • HPDRG0107E
HPDRA1095E The filename must not contain any
path information.
Explanation: A base path for the transaction log files
has been statically configured and as such the supplied
file name should not contain any path information.
Administrator response: Specify the file name with no
path information.
HPDRG0100E The operation in the Active Directory
registry for %s failed with return error
%lx.
Explanation: An unknown Active Directory user
registry error has occurred.
Administrator response: Retry the failing operation. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDRG0101E The user password violates the Active
Directory user password policies.
Explanation: Make sure that the specified password
conforms to the password policies and/or complexity
requirements of the Active Directory domain controller.
If the problem persists, check IBM Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: This password may violate
one of the Active Directory general password policies
or the password complexity requirements.
HPDRG0102E An invalid user name or
distinguished name (DN) was presented
to Security Access Manager. The user
name or DN may contain incorrect
information, invalid characters or
violates a registry user name limitation.
Explanation: If Security Access Manager is configured
using Active Directory multiple domains, the username
or distinguished name may belong to different domains
or the domain suffix doesn't exist or is unreachable.
Administrator response: The specified group is a
dynamic group in which its membership is determined
by its LDAP query filter . Security Access Manager can
use dynamic groups but cannot create or manage them.
Use the tools or utilities provided with the directory
server product to manage the group.
HPDRG0104E The specified group is a registry
dynamic group and Security Access
Manager dynamic group support is not
enabled.
Explanation: Must enable dynamic group support in
Security Access Manager in order to use registry
dynamic group.
Administrator response: Use the padmin command to
modify the configuration file to enable dyanmic group
support. Restart server service and retry.
HPDRG0105W Unable to remove Security Access
Manager meta data from Active
Directory domain %s. Either the data
doesn't exist in the Active Directory
domain or this domain can not be
contacted.
Explanation: Either the Active Directory domain is no
longer existed or is unreachable or the data doesn't
exist in the specified Active Directory domain.
Administrator response: To ensure that no Security
Access Manager data is left behind after it is
unconfigured, manually delete the Security Access
Manager data from the domain once it's available. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDRG0107E The value of the userPrincipalName
in the Active Directory registry is not
unique. Duplicate userPrincipalName
values are not allowed to be used for
the Security Access Manager user or
policy ID.
Administrator response: Check the user name and
DN information and try again. For Active Directory
user registry, note that a "." as the 20th character of the
user name is not allowed.
Explanation: There may exist more than one user in
the registry with the same userPrincipalName. Security
Access Manager requires the userPrincipalName
attribute of the registry user object to be unique,
otherwise it can cause unexpected results for Security
Access Manager operations.
HPDRG0103E The specified group is a dynamic
group and dynamic group membership
cannot be modified.
Administrator response: Duplication of the
userPrincipalName must be resolved before using it as
an object ID in Security Access Manager or choose a
different object ID.
Explanation: Use the tools or utilities provided with
the Microsoft Active Directory server product to
manage a dynamic group.
Chapter 2. Security Access Manager Base Messages
137
HPDRG0108E • HPDRG0201E
HPDRG0108E The Active Directory Global Catalog
server may be down or unreachable.
The Global Catalog is required to be up
and reachable from the Security Access
Manager configured Active Directory
domain.
Explanation: The Global Catalog server may be down
or unreachable by the Security Access Manager
configured Active Directory Domain.
Administrator response: Ensure the Global Catalog
server is up and/or check the firewall to ensure
connections between the Global Catalog server and the
Active Directory domain/client are allowed.
HPDRG0109W Unable to migrate user %s to the
alternate userPrincipalName/e-mail
format. Microsoft Active Directory
Registry error: 0x%x.
Explanation: Unable to modify registry data for the
user. Security Access Manager blade server identity
might not have the privilege to modify registry user
data.
Administrator response: Make sure the Security
Access Manager blade server identity has the
administrative privilege to modify user if it's desired
and the Microsoft returned error is access denial.
Otherwise, migration is done at a later time.
HPDRG0150E The registry object could not be
found.
Explanation: See message.
Administrator response: Change the supplied DN to
that of an existing registry object.
HPDRG0151E Unable to load the IBM Directory
client library.
Explanation: Security Access Manager could not be
able to locate and dynamically load the IBM Directory
client library in order to use the LDAP client to
communicate with the Microsoft Active Directory
server.
Administrator response: Ensure that the IBM
Directory client is installed and has the correct
permissions to allow Security Access Manager to load
the library.
HPDRG0152W Unable to contact the Policy Server
to create the registry handle. The Policy
Server may be down.
Explanation: Blade Servers that use a LDAP client to
communicate with Active Directory servers require the
Policy Server to be up in order to perform the registry
write operation. The Policy Server may currently be
down.
138
Version 7.0: Error Message Reference
Administrator response: Make sure that the Policy
Server is up and running. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDRG0153E Either Secure Socket Layer (SSL)
support is not enabled or the SSL key
file or key file password are missing or
incorrect. If the 'change user password
using LDAP APIs' option is enabled,
SSL is required to be enabled with a
valid key file and key file password.
Explanation: Either Secure Socket Layer (SSL) is not
enabled or SSL key file and/or key file password are
missing. Change user passwords using LDAP APIs
requires SSL to be enabled with a valid key file and key
file password.
Administrator response: Check to see if SSL is
enabled and ensure the key file and key file password
are valid.
HPDRG0154E The Active Directory Global Catalog
server hostname(s) is either missing or
incorrect. The hostname(s) must be
specified and reachable when the
e-mail/UPN support is enabled.
Explanation: The Global Catalog server hostname is
required and must be available when the e-mail/UPN
format ID support is enabled.
Administrator response: Mofify the registry
configuration file and try again.
HPDRG0200E The specified group is a dynamic
group and cannot be modified.
Explanation: The specified group is a dynamic group
in which its membership is specified as a filter. Security
Access Manager can use dynamic groups but cannot
create or manage them. Use the tools or utilities
provided with the directory server product to manage
the group.
Administrator response: Use the tools or utilities
provided with the directory server product to manage a
dynamic group.
HPDRG0201E Error code 0x%x was received from
the LDAP server. Error text: %s.
Explanation: Security Access Manager attempted to
perform a request to the LDAP server and received an
unexpected error code. The error code returned to
Security Access Manager from the LDAP server is
displayed in hexadecimal and error text describing the
code is displayed.
Administrator response: Use the tools or utilities
provided with the directory server product to examine
HPDRG0202E • HPDRG0206E
the error logs of the LDAP server for possible
additional information. The documentation included
with the LDAP server being used, should have
additional information for possible causes for error
codes. If the error code and error text indicate a
problem with Secure Socket Layer (SSL) initialization,
be sure that the correct SSL Key Database (sometimes
referred to as a "keyring" or "keyfile"), password and
label are configured. Also ensure that the SSL Key
Database file has read and write permission for the
process attempting to establish an SSL connection to
the LDAP server. If, after retrying the operation, the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
the directory server proxy to create a partition called
cn=itamproxy and instantiate the container object on
the back-end server. See the Security Access Manager
documentation for information about setting up and
configuring the proxy server for use with Security
Access Manager. Also ensure that the LDAP
administration DN identity being used has sufficient
authority to create LDAP objects on the back-end
server(s) being used. The LDAP administration DN
identity should usually be a member of the global
administration group (ex. cn=manager,cn=ibmpolicies).
If, after retrying the operation, the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDRG0202E Unable to load the IBM Directory
client library. The LDAP registry cannot
be initialized.
HPDRG0205E The LDAP server is an IBM Tivoli
Directory Server proxy. The requested
action cannot be performed with a proxy
server.
Explanation: To use the LDAP registry, Security
Access Manager must locate and dynamically load the
IBM Directory client and it could not.
Administrator response: Ensure that the IBM
Directory client is installed and has the correct
permissions to allow Security Access Manager to load
the library.
HPDRG0203E Unable to load the Access Control
Information dynamic library. The LDAP
registry cannot be initialized.
Explanation: The Generic LDAP Access Control
Information dynamic library has been configured in the
ldap.conf configuration file and therefore Security
Access Manager must dynamically load the library and
it could not.
Administrator response: Ensure that the Access
Control Information dynamic library is configured
properly, installed and has the correct permissions to
allow Security Access Manager to load the library. If
the Access Control Information dynamic library is not
required, unconfigure it by modifying the ldap.conf
configuration file and comment out the
external-aci-libpath parameter.
HPDRG0204E The LDAP server is an IBM Tivoli
Directory Server proxy and the required
cn=itamproxy container is missing. The
Policy Server cannot be configured.
Explanation: Security Access Manager attempted to
configure the Policy Server but the LDAP server being
used is an IBM Tivoli Directory Server proxy. When the
proxy server is used, a container called cn=itamproxy is
required to exist on the proxy. This required container
was not found.
Administrator response: Use the tools provided with
Explanation: Security Access Manager attempted to
perform an action but the LDAP server being used is
an IBM Tivoli Directory Server proxy. The proxy server
has some restrictions about the set of LDAP actions
which can be performed. For example, schema cannot
be applied, Access Control Lists (ACLs) cannot be set
and the partition object cannot be modified through the
proxy.
Administrator response: See the Security Access
Manager documentation for information about setting
up and configuring the proxy server for use with
Security Access Manager. Also ensure that the LDAP
administration DN identity being used has sufficient
authority to create LDAP objects on the back-end
server(s) being used. The LDAP administration DN
identity should usually be a member of the global
administration group (ex. cn=manager,cn=ibmpolicies).
If, after retrying the operation, the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDRG0206E The secAuthority=Default suffix is
required but was not found on the
LDAP server. The requested operation
cannot be performed.
Explanation: Security Access Manager attempted to
create the management domain but the required LDAP
suffix (secAuthority=Default) was not found.
Administrator response: See the Security Access
Manager documentation for information about setting
up and configuring the LDAP server for use with
Security Access Manager. Ensure that the
secAuthority=Default suffix has been created and that
the LDAP server has been restarted to allow the suffix
to be used.
Chapter 2. Security Access Manager Base Messages
139
HPDRG0207W • HPDRG0251E
HPDRG0207W The LDAP server is an IBM Tivoli
Directory Server and is running in
configuration only mode. Security
Access Manager will not be able to
operate normally with the LDAP server
in this mode.
Explanation: The LDAP server is an IBM Tivoli
Directory Server and the server is currently running in
configuration only mode. In this mode, most normal
LDAP operations (such as update) cannot be
performed. Since many LDAP operations which
Security Access Manager performs are not possible,
Security Access Manager will not be able to operate
normally until the LDAP server is configured properly
and restarted in normal mode.
Administrator response: View the IBM Tivoli
Directory Server error logs and correct any identified
errors which prevent the LDAP server from starting in
normal mode. See the IBM Tivoli Directory Server
documentation for the location of the error log and
information for configuring the server properly. Once
the conditions have been corrected, restart the LDAP
server in normal mode and restart Security Access
Manager.
HPDRG0208E The %s suffix is required but was not
found on the LDAP server. The
requested operation cannot be
performed.
Explanation: Security Access Manager attempted to
create the management domain but the required LDAP
suffix was not found.
Administrator response: See the Security Access
Manager documentation for information about setting
up and configuring the LDAP server for use with
Security Access Manager. Ensure that the suffix has
been created and that the LDAP server has been
restarted to allow the suffix to be used.
HPDRG0209E Ensure the LDAP administrator is a
member of the CN=Administrators
group of the partition.
Explanation: Security Access Manager attempted to
create the management domain but the required LDAP
suffix was not found.
Administrator response: See the Security Access
Manager documentation for information about setting
up and configuring the ADAM server for use with
Security Access Manager. Ensure that the suffix has
been created and that the LDAP administrator has the
authority to manage the partition.
140
Version 7.0: Error Message Reference
HPDRG0210E The requested operation cannot be
performed. Ensure SSL has been
configured with the ADAM instance or
the ADAM SSL requirement for
password operations has been disabled.
Explanation: Security Access Manager could not
perform a password operation with the ADAM registry.
By default, ADAM requires an SSL connection for any
password operation or the SSL requirement to be
disabled on the ADAM instance.
Administrator response: See the Security Access
Manager documentation for information about setting
up and configuring the ADAM server for use with
Security Access Manager.
HPDRG0211E The LDAP server reports a naming
violation. Ensure the distinguished
name (DN): %s is allowed by the LDAP
server schema.
Explanation: Security Access Manager could not
perform the requested operation because the LDAP
server did not allow the DN used in the operation. The
DN may not be allowed because the LDAP server
schema is not configured to allow the DN containment
or the RDN values are not defined.
Administrator response: See the Security Access
Manager documentation for information about setting
up and configuring the LDAP server for use with
Security Access Manager.
HPDRG0250E A user that you tried to add to a
group is already a member of that group
Explanation: Users that are already members of a
group cannot be added a second time.
Administrator response: Use the pdadmin 'group
show-members' command to see the current group
membership. Avoid attempts to add those members a
second time.
HPDRG0251E A user registry request to the Domino
database failed with return code %lx.
Explanation: The Domino server may be down, the
Domino server may be stopped, or the server is
unreachable over the network.
Administrator response: Verify that the Domino
server is functioning normally. This can be
accomplished by temporarily starting the Notes client
application and verifying that the Notes name and
address book is accessible.
HPDRG0252E • HPDST0104E
HPDRG0252E
The Domino error message is: %s
HPDRG0304E A failure occurred while trying to
open file %s.
Explanation: The Domino server may be down, the
Domino server may be stopped, or the server is
unreachable over the network.
Explanation: A failure occurred while amldif2v6 was
trying to open the specified file.
Administrator response: Refer to the Lotus Notes or
Domino documentation for more information.
Administrator response: Check the permissions on the
directory that contains the specified file.
HPDRG0300E
HPDRG0305E A failure occurred while trying to
make a temporary copy of the input
LDIF file (%s.tmp).
Memory allocation failure.
Explanation: A memory allocation request issued by
the amldif2v6 program failed.
Administrator response: Ensure that sufficient disk
space and memory are available in the system. If
rerunning the amldif2v6 program does not resolve the
problem, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDRG0301E The amldif2v6 program has
experienced an internal error caused by
the failure of a system call. (%s, rc=%d)
Explanation: The amldif2v6 program experienced an
internal error caused by the failure of a system call.
Administrator response: Ensure that sufficient disk
space and memory are available in the system. If
rerunning the amldif2v6 program does not resolve the
problem, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: A failure occurred while amldif2v6 was
trying to make a temporary copy of the input LDIF file.
Administrator response: Ensure that directory
permissions allow this file to be created.
HPDRG0306E A failure occurred while trying to
write to the file %s.
Explanation: A failure occurred while trying to write
to the specified file.
Administrator response: Ensure that directory
permissions allow this file to be written.
HPDRG0307E A failure occurred while trying to
read file %s.
Explanation: A failure occurred while trying to read
the specified file.
Administrator response: Ensure that directory
permissions allow this file to be read.
HPDRG0302E The amldif2v6 program has
experienced an internal error caused by
an unusable input LDIF file.
HPDST0102W The security translation layer is not
initialized.
Explanation: While processing the input LDIF file, the
amldif2v6 program experienced an internal processing
error caused by an unusable input LDIF file.
Administrator response: Initialize the security
translation layer by calling the security translation layer
initialization interface.
Administrator response: Ensure that the input LDIF
file was generated using one of the LDAP tools
specified by the Security Access Manager
documentation.
HPDST0104E
HPDRG0303E The input LDIF file contains more
than one object with the distinguished
name %s.
Explanation: While processing the input LDIF file, the
amldif2v6 program detected more than one object with
the same distinguished name.
Explanation: See message.
A memory address that is not valid
was supplied to the security translation
layer.
Explanation: See message.
Administrator response: Retry the failing operation. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Ensure that the input LDIF
file was generated using one of the LDAP tools
specified by the Security Access Manager
documentation.
Chapter 2. Security Access Manager Base Messages
141
HPDST0105E • HPDST0127E
HPDST0105E
A credential that is not valid was
supplied to the security translation
layer.
HPDST0121E
The security translation layer could
not load the security library.
Explanation: The credential supplied to the security
translation layer is not valid.
Explanation: The security library required by the
security translation layer could not be found on the
system, or could not be loaded.
Administrator response: Retry the failing operation
after obtaining a valid credential. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Check that the security
library is installed. Retry the failing operation. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDST0106E
HPDST0122E
The context input token supplied to
the security translation layer is not
valid.
Explanation: The security translation layer was
presented a security token which could not be
validated for security context negotiation.
Administrator response: Retry the failing operation
with a valid security token. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: The security library that was loaded
does not have the required initializer function.
Administrator response: Ensure that the correct
security library is installed on the system. Retry the
failing operation. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDST0123E
HPDST0118E
The security context presented to the
security translation layer was not valid.
Explanation: The security context presented to the
security translation layer was not valid. Either it has
expired, has been destroyed, or the reference presented
was to a security context that has not been initialized.
Administrator response: Establish a valid security
context and retry the failing operation. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDST0120E
The security translation layer was
unable to perform the memory
operation because memory is full.
Explanation: Memory has been exhausted and there is
no available memory to perform the memory operation.
Administrator response: Check the memory status of
the system and retry the failing operation. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
The security translation layer could
not find the initializer function for the
security system.
The security translation layer could
not initialize the security function table.
Explanation: The security translation layer
initialization using the security library initialization
function failed.
Administrator response: Check the system security
configuration and system event log for details. Retry
the failing operation. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
HPDST0126E
The buffer type encountered by the
security translation layer is unknown.
Explanation: An unknown buffer type was
encountered by the security translation layer.
Administrator response: Retry the failing operation. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDST0127E
An undiagnosed error was detected by
the security translation layer. The
security system specific error code was:
%08x.
Explanation: An undiagnosed error was detected by
the security translation layer. The security system
specific error is provided to assist with debugging.
142
Version 7.0: Error Message Reference
HPDST0128E • HPDST0130E
Administrator response: Check system event logs and
system documentation for further details of the
problem. Retry the failing operation. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDST0128E
A routine was called with one or more
parameter values that were not correct.
Explanation: The parameter values supplied to the
security translation layer are very important. If the
values supplied by a caller are incorrect the routines
cannot continue to process the parameters. This
typically occurs when required length parameters have
a value of less than or equal to zero.
Administrator response: Retry the failing operation. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
HPDST0129E
The security service function %s
returned major error code %d and minor
error code %d.
Explanation: A security service function failed and
provided a minor error code.
Administrator response: Look in the IBM Security
Access Manager for Web Troubleshooting Guide section
dealing with common Web security SPNEGO problems.
If no documentation describing the solution is
available, consult the OS specific documentation for the
security service (Kerberos or SSPI). If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
HPDST0130E
The security service function %s
returned the error '%s' (code
0x%08x/%d).
Explanation: A security service function failed. The
error string and error code provide a more detailed
reason for the failure.
Administrator response: Look in the IBM Security
Access Manager for Web Troubleshooting Guide section
dealing with common Web security SPNEGO problems.
If no documentation describing the solution is
available, consult the OS specific documentation for the
security service (Kerberos or SSPI). If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Chapter 2. Security Access Manager Base Messages
143
144
Version 7.0: Error Message Reference
Chapter 3. Security Access Manager WebSEAL Messages
These messages are provided by the Security Access Manager WebSEAL
component.
DPWAD0309E The WebSEAL administration service
has not been initalized.
Explanation: The WebSEAL administration service
plug-in failed to initialize properly.
Administrator response: Check for other initialization
errors and/or configuration problems that may have
previously occurred.
DPWAD0312E
Object list failed: %s
Explanation: The object list command failed to
complete correctly.
Administrator response: This is a generic error which
will contain further details when output.
DPWAD0328E The junction import command
received invalid data
Explanation: An error occurred when trying to extract
one or more of the junction attributes sent in the admin
command.
Administrator response: Check that the data being
passed into the junction import command is valid.
DPWAD0329E The junction import command
received an invalid version
Explanation: The version in the junction definition is
not supported by this version of WebSEAL
Administrator response: Check the version of the
junction in the XML definition
DPWAD0330E The junction import could not create
the junction file
Explanation: WebSEAL can not create the junction file.
Administrator response: Check the filesystem to make
sure there is space available, or that the WebSEAL
server has permissions to create/write the file.
DPWAD0331E The junction import could not write
the junction file
Explanation: An error occurred writing the junction
definition.
Administrator response: Check the filesystem to make
sure there is space available, or that the WebSEAL
© Copyright IBM Corp. 2001, 2012
server has permissions to create/write the file.
DPWAD0332E The junction export could not read
the junction directory
Explanation: An error occurred while trying to read
the contents of the junction database directory.
Administrator response: Check to make sure that
WebSEAL is able to read the contents of the directory
which is configured to contain the junction definitions.
DPWAD0333E Unable to add junction attributes
into command handler
Explanation: An error occurred returning the junction
data to the client
Administrator response: This is an internal error
which occurs when WebSEAL is marshalling the
junction data to the export command. Check for other
errors occurring previously.
DPWAD0334E An invalid junction point was
specified.
Explanation: WebSEAL was unable to build the
junction filename.
Administrator response: An internal error occurred in
WebSEAL when trying to build the encoded filename.
Check for previous errors.
DPWAD0335E
Error reading junction point %s.
Explanation: The file name representing the junction
could not constructed.
Administrator response: An internal error occurred in
WebSEAL when trying to build the encoded filename.
Check for previous errors.
DPWAD0336E
Error reading junction file %s.
Explanation: There was an error opening or parsing
the junction definition file.
Administrator response: Verify the .xml file exists, is
readable, and has valid data.
DPWAD0342E
Error reading input user session id.
Explanation: There was an error parsing the user
session id.
145
DPWAD0343E • DPWAD0372W
Administrator response: Verify that the input is being
passed correctly.
DPWAD0343E
Error reading input user id.
Explanation: There was an error parsing the user ID.
Administrator response: Verify that user ID is being
input correctly.
DPWAD0345E
No matching User Session found.
Explanation: Bad input, or User session was already
terminated.
Administrator response: Verify validity of input, or
assume session was already terminated.
DPWAD0362E The dynurl configuration file %s
cannot be opened for reading.
Explanation: An attempt to open the dynurl
configuration file for reading failed
Administrator response: Ensure that the file exists on
the WebSEAL server and is readable
DPWAD0363E The jmt configuration file %s cannot
be opened for reading.
Explanation: An attempt to open the jmt configuration
file for reading failed
Administrator response: Ensure that the file exists on
the WebSEAL server and is readable
DPWAD0364E You must specify a junction point to
read or write an fsso configuration file.
DPWAD0367E The fsso configuration file: %s could
not be opened for reading.
Explanation: The junction specified could not be
opened.
Administrator response: Ensure that the fsso
configuration file for the junction specified exists and is
readable.
DPWAD0368E Could not create dynurl
configuration file: %s
Explanation: WebSEAL was unable to create the
dynurl conf file.
Administrator response: Ensure that ivmgr has
filesystem permissions to create a file in the directory
where the dynurl configuration file will be stored
DPWAD0369E Reloading the in memory dynurl
table failed
Explanation: An error occurred while trying to read
the dynurl configuration file.
Administrator response: Ensure that the new file
specified is in the proper format
DPWAD0370E Could not create jmt configuration
file: %s
Explanation: An error occured while trying to open
the jmt configuration file.
Administrator response: Ensure that ivmgr has
filesystem permissions to create a file in the directory
where the jmt configuration file will be stored
Explanation: A junction point is necessary to
determine which fsso configuration file to read or write
DPWAD0371E Reloading the in memory jmt table
failed
Administrator response: Add the junction point to the
junction attribute of the indata attribute list
Explanation: An error occurred while trying to read in
the new jmt configuration file.
DPWAD0365E The junction: %s is not a valid
junction on this WebSEAL server.
Explanation: An invalid junction point was provided.
Administrator response: Ensure that the new file
specified is in the proper format.
Administrator response: Ensure that the junction
attribute in indata is a valid junction
DPWAD0372W The junction specified does not
exist. The configuration file: %s was
created.
DPWAD0366E The junction: %s is not an fsso
junction on this WebSEAL server.
Explanation: An fsso junction may not be created
without the configuration file being inplace. This allows
the file to be created before the junction
Explanation: The junction specified is not an FSSO
junction.
Administrator response: The junction may now be
created using this new configuration file
Administrator response: Ensure that the junction
specified is an FSSO junction.
146
Version 7.0: Error Message Reference
DPWAD0373E • DPWAD0411E
DPWAD0373E Could not create fsso configuration
file: %s
Explanation: An error occurred while trying to read in
the new fsso configuration file.
Administrator response: Ensure that ivmgr has
filesystem permissions to create a file in the directory
where the fsso configuration file will be stored
DPWAD0374E
The backup operation failed for %s
Explanation: An error occurred while attempting to
create a backup copy of the original configuration file.
Administrator response: Ensure that ivmgr has
filesystem permissions to create a file in the directory
where the configuration file resides.
DPWAD0375E
Reloading junction: %s failed
Explanation: An error occurred while trying to load
the fsso configuration file.
Administrator response: Ensure that the new file
specified is in the proper format.
DPWAD0376E
The restore operation failed for %s
Explanation: An error occurred while trying to restore
a backed up version of a configuration file.
Administrator response: Ensure that ivmgr has
filesystem permissions to create a file in the directory
where the configuration file resides.
DPWAD0386E Failed to open the supplied junction
archive file.
Explanation: An error occurred when trying to access
a junction archive file.
Administrator response: Ensure that the specified file
name is correct and that the WebSEAL server can
access the file.
DPWAD0387E The supplied junction archive file
contains an invalid junction definition.
Explanation: An error occurred while trying to access
a junction archive file.
Administrator response: Ensure that the supplied file
is correctly formatted.
DPWAD0391W Failed to execute the program (%s).
(Errno = %d).
Explanation: An error occurred when attempting to
run the specified program.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWAD0394W The requested file segment
contained binary characters.
Explanation: A request to display a binary file was
submitted. A binary file can be displayed only if the
'-encode' option is supplied.
Administrator response: Ensure that the correct file
has been requested and if so that the '-encode' option is
supplied to the command.
DPWAD0404E Failed to locate the authorization
server password, required for the server
sync command.
Explanation: The server sync command is not
available because the authorization server password
could not be determined.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0405E Failed to synchronize the WebSEAL
server.
Explanation: The server sync command did not
complete successfully.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0406E The server name supplied was not
valid.
Explanation: The server name supplied to the server
sync command was not valid.
Administrator response: Ensure that a valid server
name is supplied with the server sync command. The
server name must not be the same as the name of the
server that runs the command.
DPWAD0411E The TCP/IP host information could
not be determined from the server
hostname: %s. Ensure that the server
hostname is correct and that the domain
name server is functioning correctly.
Explanation: The TCP/IP address for the specified
host could not be determined.
Administrator response: Ensure that the IP address
for the specified host name can be resolved. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
Chapter 3. Security Access Manager WebSEAL Messages
147
DPWAD0412E • DPWAD0432E
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWAD0412E The configuration entry found within
the %s stanza was not valid: %s = %s.
Explanation: The specified configuration entry
contained a value that must be corrected.
Administrator response: Correct the configuration
entry which is not valid.
DPWAD0413E An attempt to create a temporary file
failed.
Explanation: An attempt was made to create a
temporary file and the file could not be created.
Administrator response: Check the log file for
additional errors. Also check the file system to ensure
that there is adequate disk space available.
DPWAD0415E An ICAP Server for the '%s' resource
was not found.
DPWAD0419E Failed to connect to a required ICAP
server.
Explanation: An attempt to contact an ICAP server
failed. The ICAP server is required to be able to
correctly service the Web request.
Administrator response: Ensure that the configuration
for the ICAP server is correct and that the ICAP server
is available. Check the log file for additional errors.
DPWAD0420E The maximum number of concurrent
requests which can be processed for this
session has been reached.
Explanation: The user session has reached the
maximum number of simultaneous requests which can
be processed by WebSEAL.
Administrator response: Either increase the
configured maximum number of requests which can be
processed by a session, or wait for existing requests for
the user session to complete.
Explanation: An unknown ICAP resource was
specified.
DPWAD0421W The session, owned by %s, has
reached it's soft limit of %d concurrent
requests.
Administrator response: Check the ICAP
configuration within both the WebSEAL configuration
file and the policy database.
Explanation: The user session has reached the
warning point for the number of simultaneous requests
which can be processed by WebSEAL.
DPWAD0416E An ICAP Server for the specified
resource was not found.
Administrator response: Prepare to increase the hard
limit of concurrent requests for a user session, or wait
for existing requests for the user session to complete.
Explanation: An unknown ICAP resource was
specified.
Administrator response: Check the log file for
additional errors.
DPWAD0431E Failed to locate the authorization
server password, required for the cluster
functionality.
DPWAD0417E A bad response was received from
the ICAP server.
Explanation: The cluster support is not available
because the authorization server password could not be
determined.
Administrator response: Check the configuration of
the ICAP server.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0418E Failed to connect to the ICAP server:
%s.
DPWAD0432E Failed to execute the server task '%s'
on %s: %s
Explanation: An attempt to contact an ICAP server
failed. The ICAP server is required to be able to
correctly service the Web request.
Explanation: An attempt to execute a server task
command failed.
Explanation: The response which was received from
the ICAP server was incorrectly formatted.
Administrator response: Ensure that the configuration
for the ICAP server is correct and that the ICAP server
is available. Check the log file for additional errors.
148
Version 7.0: Error Message Reference
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0433E • DPWAD0446E
DPWAD0433E Failed to execute a server task
command
Explanation: An attempt to execute a server task
command failed.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0434E Failed to create the administration
context for %s: %s
Explanation: An attempt to create an administration
context failed.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0435E Failed to create an administration
context
Explanation: An attempt to create an administration
context failed.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0436E An unexpected result was received
from the server task command: %s (%s)
Explanation: An unexpected result was received from
the server task command.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0439E
Failed to restart the cluster
Explanation: An attempt to restart the cluster failed.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0440E
Failed to restart the cluster: 0x%lx
Explanation: An attempt to restart the cluster failed.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0441E Failed to restart the cluster as a
cluster restart is already in progress
Explanation: An attempt to restart the cluster failed as
a prior request to restart the cluster is still in progress.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0442E The server, %s, failed to restart
within a reasonable period of time.
Explanation: The specified server did not restart
within the allocated period of time. This restart was
performed as a part of the cluster synchronisation.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0445E
%s
Explanation: An unspecified error has occurred.
DPWAD0438E Failed to synchronize with the cluster
master
Explanation: An attempt to synchronize the local
configuration with the cluster master server failed.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD0446E Both the '-ripple' and '-status' options
cannot be specified at the same time.
Explanation: The cluster restart command cannot have
both the '-ripple' and '-status' options specified in the
same command.
Administrator response: Re-issue the command with
Chapter 3. Security Access Manager WebSEAL Messages
149
DPWAD0447E • DPWAD0459E
either of the options, but not both.
DPWAD0447E
The server is not fully initialized.
DPWAD0454E Unable to configure the eCSSO
authentication module for domain/host
'%s': status 0x%lx.
Explanation: An attempt to access the server failed
due to the fact that it is not fully initialized. This can
occur during server start-up or shutdown.
Explanation: The eCSSO (consume or create)
authentication module configured for the domain/host
specified returned an error while being initialised.
Administrator response: Allow extra time for the
server to finish initialization and then retry the
operation. If the problem persists check the log file for
additional errors.
Administrator response: Either a bad shared library
was specified for the authentication module or the
configuration is incorrect, for example the key files
specified are missing or inaccessible.
DPWAD0448E The new user identity (%s) does not
match the current authenticated user
identity (%s).
DPWAD0455E The value '%s' is not a valid option
for ip-support-level. Use one of
'displaced-only', 'generic-only', or
'displaced-and-generic'.
Explanation: The identity which is provided in a
subsequent authentication operation must match the
identity which was used during the original
authentication operation.
Administrator response: The user must present the
same user ID provided in the previous authentication
operation.
DPWAD0449E The new user identity does not
match the current authenticated user
identity.
Explanation: An invalid setting was set for the
webseald configuration file option ip-support-level.
Administrator response: Change the setting for
ip-support-level to a valid one.
DPWAD0456E The value displaced-only is not a
valid option for ip-support-level when
ipv6-support is enabled.
Explanation: displaced-only can not be set when
ipv6-support = yes.
Explanation: The identity which is provided in a
subsequent authentication operation must match the
identity which was used during the original
authentication operation.
Administrator response: Change the setting for
ip-support-level to generic-only or displaced-andgeneric.
Administrator response: The user must present the
same user ID provided in the previous authentication
operation.
DPWAD0457E The authentication challenge type
specified is not valid: %s
DPWAD0452E eCSSO authentication is enabled but
no Master Authorization Server is
defined.
Explanation: The e-community-sso-auth has been set
without setting a master authorization server.
Administrator response: Update the configuration file
and set a master authorization server in the
master-authn-server value under the [e-community-sso]
stanza.
DPWAD0453E Duplicate eCSSO domain '%s'
defined under the [e-communitydomains] stanza.
Explanation: Each domain under the
[e-community-domains] stanza must be unique.
Administrator response: Remove the duplicate entry
and retry.
150
Version 7.0: Error Message Reference
Explanation: The challenge type string located in the
WebSEAL configuration file was not valid.
Administrator response: Change the setting for
auth-challenge-type to be a valid challenge type.
DPWAD0458E The corresponding authentication
method for the challenge type, %s, is
not enabled.
Explanation: The corresponding authentication
method for the specified challenge type is not enabled.
Administrator response: Either remove the failing
challenge type from the auth-challenge-type
configuration entry, or enable the corresponding
authentication method.
DPWAD0459E The authentication challenge type
contains multiple entries for %s.
Explanation: The challenge type string located in the
WebSEAL configuration file contains multiple rule sets
for a single mechanism.
DPWAD0460E • DPWAD0611E
Administrator response: Remove the duplicate entries
in the auth-challenge-type configuration entry.
DPWAD0460E The following authentication
challenge type contains a syntax error or
invalid pattern.%s
Explanation: The challenge type string located in the
WebSEAL configuration file contains a syntax error.
Administrator response: Correct the syntax error for
the auth-challenge-type configuration entry.
DPWAD0600E An error occurred attempting to
determine the current installed version
of WebSEAL. WebSEAL cannot start.
Explanation: This error occurs if the current installed
version of WebSEAL cannot be determined. This
indicates a severe problem.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWAD0601E
The version string '%s' is invalid.
DPWAD0604E An error occurred attempting to
restore the configuration file.
Explanation: This error occurs when WebSEAL is
trying to restore a backed up copy of the configuration
file.
Administrator response: Examine the log file for
additional errors. More information about the problem
that occurred will be present.
DPWAD0605W The configuration file entry [%s]%s
was not found.
Explanation: This error occurs when WebSEAL is
trying to determine the version of the WebSEAL server
that created the configuration file.
Administrator response: No action is necessary - the
WebSEAL server will try another method to determine
the original version of WebSEAL installed, and update
the configuration file as necessary.
DPWAD0606E An error occurred attempting to
migrate the configuration file entry
[%s]%s.
Explanation: This error occurs if an invalid version
number is found.
Explanation: This error occurs when WebSEAL is
trying to perform migration of a configuration file
entry.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: You may need to manually
update the entry to allow migration to proceed.
Examine the configuration file and documentation for
more information on the particular entry.
DPWAD0602E An error occurred attempting to
determine the originally installed
version of WebSEAL to verify that the
configuration file is up-to-date.
WebSEAL cannot start.
DPWAD0607E An error occurred attempting to
migrate the configuration file entry [%s].
Explanation: This error occurs if the originally
installed version of WebSEAL cannot be determined.
This indicates a severe problem.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWAD0603E An error occurred attempting to
backup the configuration file.
Explanation: This error occurs when WebSEAL is
trying to make a backup copy of the original
configuration file before upgrade.
Administrator response: Examine the log file for
additional errors. More information about the problem
that occurred will be present.
Explanation: This error occurs when WebSEAL is
trying to perform migration of a configuration file
stanza.
Administrator response: You may need to manually
update the entry to allow migration to proceed.
Examine the configuration file and documentation for
more information on the particular entry.
DPWAD0611E A serious error occurred performing
configuration file migration. You may
need to perform manual migration of
some configuration options.
Explanation: This message indicates that a serious
problem occurred while attempting to update the
configuration file.
Administrator response: Refer to other log messages
to attempt to determine the problem. You may be able
to perform manual migration of configuration file
entries. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
Chapter 3. Security Access Manager WebSEAL Messages
151
DPWAD0752E • DPWAD0783E
support/index.html?ibmprd=tivman. If you wish to
attempt to manual migration, comment the problematic
entries out of the WebSEAL configuration file and
restart the WebSEAL server. Once the WebSEAL server
has started successfully, manually modify the
configuration file to restore the functionality you have
disabled, refering to the WebSEAL Administration
Guide where necessary.
DPWAD0752E A replica set must be specified for
the virtual host junction '%s'.
Explanation: When the SMS is used for session
storage, all virtual host junctions must have a replica
set specified with the -z junction option.
[e-community-domains] and [e-community-domainkeys:<domain>]
Administrator response: Add a eCSSO key for the
domain the Virtual Host junction is in using the
[e-community-domains] and [e-community-domainkeys:<domain>] stanzas and restart WebSEAL so it
recognises the changes. Then retry creating the Virtual
Host junction.
DPWAD0756W The junction reload command did
not complete for regular junctions as a
previous reload is still in effect. Try
again later.
Administrator response: Create the junction using the
-z <replica-set> option. The <replica-set> must be one
of the replica sets listed in the WebSEAL configuration
file.
Explanation: A reload command issued earlier is still
waiting for some requests using the older junction
definitions to complete. New reload commands will not
have an effect until these requests complete. Virtual
Host junctions are independent and you should look
for a separate message if they are busy too.
DPWAD0753E A replica set must be specified for
the junction.
Administrator response: The command has had no
effect on junctions, retry the command at a later time.
Explanation: When the SMS is used for session
storage, all virtual host junctions must have a replica
set specified with the -z junction option.
Administrator response: Create the junction using the
-z <replica-set> option. The <replica-set> must be one
of the replica sets listed in the WebSEAL configuration
file.
DPWAD0754E The Virtual Host junction '%s' must
have an eCSSO domain key in the
configuation file for it's virtual host
name '%s'.
Explanation: When the Virtual Host junction was
created or restored from the junction database it's
virtual host name was discovered not to have a eCSSO
domain key. These are configured using
[e-community-domains] and [e-community-domainkeys:<domain>]
Administrator response: Add a eCSSO key for the
domain the Virtual Host junction is in using the
[e-community-domains] and [e-community-domainkeys:<domain>] stanzas and restart WebSEAL so it
recognises the changes. Then retry creating the Virtual
Host junction.
DPWAD0755E The Virtual Host junction must have
an eCSSO domain key in the
configuration file for it's virtual host
name.
Explanation: When the Virtual Host junction was
created or restored from the junction database it's
virtual host name was discovered not to have a eCSSO
domain key. These are configured using
152
Version 7.0: Error Message Reference
DPWAD0757W The junction reload command did
not complete for Virtual Host junctions
as a previous reload is still in effect. Try
again later.
Explanation: A reload command issued earlier is still
waiting for some requests using the older Virtual Host
junction definitions to complete. New reload
commands will not have an effect until these requests
complete. Regular junctions are independent and you
should look for a separate message if they are busy too.
Administrator response: The command has had no
effect on Virtual Host junctions, retry the command at a
later time.
DPWAD0782E
Could not take junction offline
Explanation: This message is followed by an
explanation of why the junction could not be taken
offline.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWAD0783E Could not take Virtual Host junction
offline
Explanation: This message is followed by an
explanation of why the Virtual Host junction could not
be taken offline.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWAD0784E • DPWAD1055E
DPWAD0784E
Could not throttle junction
DPWAD0791E
Invalid server ID
Explanation: This message is followed by an
explanation of why the junction could not be throttled.
Explanation: The argument passed to -i was not a
valid server UUID.
Administrator response: Correct the problem
described in the message displayed after this message.
Administrator response: Obtain the correct UUID by
using the 'virtualhost show' command.
DPWAD0785E Could not throttle Virtual Host
junction
DPWAD0792E
Explanation: This message is followed by an
explanation of why the Virtual Host junction could not
be throttled.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWAD0786E
Could not bring junction online
Explanation: This message is followed by an
explanation of why the junction could not be brought
online.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWAD0787E Could not bring Virtual Host
junction online
Explanation: This message is followed by an
explanation of why the Virtual Host junction could not
be brought online.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWAD0788E You can only change the operation
state of TCP, SSL, TCP Proxy, and SSL
Proxy junctions.
Explanation: Not all junction types support
operational state changes.
Administrator response: Ensure you are applying the
command to the correct junction.
DPWAD0789E You can only change the operation
state of TCP, SSL, TCP Proxy, and SSL
Proxy Virtual Host junctions.
Explanation: Not all Virtual Host junction types
support operational state changes.
Server %s not found at junction %s
Explanation: An attempt was made to change the
operational state of a junction server based on a UUID
which did not match any of the servers of the junction.
Administrator response: Use the 'show' command to
find the correct UUID.
DPWAD0793E Server %s not found at Virtual Host
junction %s
Explanation: An attempt was made to change the
operational state of a Virtual Host junction server based
on a UUID which did not match any of the servers of
the Virtual Host junction.
Administrator response: Use the 'virtualhost show'
command to find the correct UUID.
DPWAD1050E The filename must not contain any
path information.
Explanation: A base path for the database files has
been statically configured and as such the supplied file
name should not contain any path information.
Administrator response: Specify the name of the
database without any path information.
DPWAD1053E An error occurred while writing the
WebSEAL flow data to disk.
Explanation: An error occured while WebSEAL was
committing the collected flow data to disk. One or
more records may be missing for the last time period.
Administrator response: No action is required.
DPWAD1054E
The %s system routine failed: %d.
Explanation: An error occured when WebSEAL
attempted to execute a system routine.
Administrator response: Ensure you are applying the
command to the correct Virtual Host junction.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWAD0790E
DPWAD1055E
Invalid server ID
A system routine failed.
Explanation: The argument passed to -i was not a
valid server UUID.
Explanation: An error occured when WebSEAL
attempted to execute a system routine.
Administrator response: Obtain the correct UUID by
using the 'show' command.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information Chapter 3. Security Access Manager WebSEAL Messages
153
DPWAD1056E • DPWAD1210E
http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWAD1056E A process terminated unexpectedly:
%d.
Explanation: A process which was currently being
monitored terminated unexpectedly. This process will
be automatically restarted.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWAD1200E The incoming connection from %s
has been blocked.
Explanation: The incoming connection has been
temporarily blocked by the Web Application Firewall
functionality.
Administrator response: Check the log file for
additional errors. For the error code from the message
and additional troubleshooting steps, see the IBM
Security Access Manager for Web Troubleshooting
Guide.
DPWAD1201E An invalid csv field was provided:
%s
Explanation: An invalid field was provided.
Administrator response: Examine the configuration
and correct the offending field.
DPWAD1202E An invalid configuration value was
provided: %s
Explanation: An invalid configuration value was
provided.
Administrator response: Examine the configuration
and correct the offending value.
DPWAD1203E An invalid number of fields were
provided within the csv file: %s
Explanation: An invalid number of fields were
discovered in a csv file.
Administrator response: Examine the configuration
and correct the offending csv file.
DPWAD1204E An unknown issue was discovered,
%d, and as such no action was taken.
Explanation: An issue was discovered for which there
was no configured action.
Administrator response: Examine the configuration
and ensure that an action exists for the specified issue.
154
Version 7.0: Error Message Reference
DPWAD1206E An incompatible ISS protocol
analysis module library was found.
Explanation: An incompatible ISS protocol analysis
module was specified within the WebSEAL
configuration.
Administrator response: Install a compatible ISS
protocol analysis module distribution, or disable this
functionality within WebSEAL.
DPWAD1207E An internal error was encountered
within the ISS protocol analysis
module.
Explanation: An error was returned from the ISS
protocol analysis module.
Administrator response: Check the log file for
additional errors. If necessary, look up the error code
from the message in the IBM Security Access Manager
for Web Troubleshooting Guide for additional
troubleshooting steps.
DPWAD1208E An unrecoverable error was
encountered within the ISS protocol
analysis module : %s.
Explanation: An error was returned from the ISS
protocol analysis module.
Administrator response: Check the log file for
additional errors. If necessary, look up the error code
from the message in the IBM Security Access Manager
for Web Troubleshooting Guide for additional
troubleshooting steps.
DPWAD1209E An insufficient amount of memory
was supplied to an internal WAF
routine.
Explanation: An insufficient amount of memory was
supplied to one of the internal WAF routines.
Administrator response: Check the log file for
additional errors. If necessary, look up the error code
from the message in the IBM Security Access Manager
for Web Troubleshooting Guide for additional
troubleshooting steps.
DPWAD1210E The client connection has been
blocked due to a security attack which
was detected by the protocol analysis
module.
Explanation: The protocol analysis module detected a
potential attack in a prior request from the client and as
such has blocked all connections from this client for a
period of time.
Administrator response: Check the log file for
additional errors. If necessary, look up the error code
from the message in the IBM Security Access Manager
DPWCA0150E • DPWCF0460E
for Web Troubleshooting Guide for additional
troubleshooting steps.
writable. If necessary, look up the system error code to
identify the problem.
DPWCA0150E
DPWCF0455E
Invalid UNIX user name (%s)
Explanation: See message.
The directory '%s' could not be
opened. Error code: %d
Administrator response: Use a valid user name
Explanation: The directory could not be opened
because of the indicated system error code.
DPWCF0450E
Administrator response: Make sure that the directory
exists and file system permissions allow it to be read.
The IBM Security Access Manager
Runtime installation directory could not
be found. Install IBM Security Access
Manager Runtime.
DPWCF0456E
The directory '%s' could not be
closed. Error code: %d
Explanation: The installation directory for AMRTE
could not be found in the registry. This is probably
because AMRTE is not installed.
Explanation: Closing a directory failed because of the
indicated system error code.
Administrator response: Make sure that AMRTE is
installed.
Administrator response: Make sure that the directory
exists and is writable.
DPWCF0451E
DPWCF0457E
The IBM Security Access Manager
WebSEAL installation directory could
not be found. Install IBM Security
Access Manager WebSEAL.
Explanation: The installation directory for AMWeb
could not be found in the registry. This is probably
because AMWeb is not installed.
Administrator response: Make sure that IBM Security
Access Manager WebSEAL is installed.
DPWCF0452E
The configuration file '%s' could not
be opened.
Explanation: The configuration file may not exist, or
file system permissions may prevent it from being
opened.
Explanation: The instance name is already in use.
Administrator response: Use a different instance
name.
DPWCF0458E
The file '%s' could not be opened.
Error code: %d
Explanation: The file could not be opened. The system
function returned the indicated error code
Administrator response: Make sure that the file exists
in the system, and that it is readable and writable. If
necessary, look up the system error code to determine
the problem.
DPWCF0454E
The file '%s' could not be closed.
Error code %d.
The length of the instance name '%s'
is more than %d characters.
Explanation: The provided instance name is more
than 20 characters.
Administrator response: Use an instance name that
has less than 20 characters.
DPWCF0459E
Administrator response: Make sure that the
configuration file exists and can be read and written.
DPWCF0453E
The instance name '%s' is already in
use.
The instance name '%s' contains
invalid characters. Instance names must
consist of alphanumeric characters plus
the symbols: '-' '_' '.'
Explanation: The provided instance name contains
illegal characters.
Administrator response: Use an instance name that
contains only valid characters.
DPWCF0460E
The IP address '%s' does not exist in
the system.
Explanation: The provided IP address does not exist
in the system.
Administrator response: Make sure that the provided
IP address exists in the system.
Explanation: A file could not be closed because of the
indicated system error.
Administrator response: Make sure that the file
system on which the file is located is not full. Also
make sure that the directory for the file exists and is
Chapter 3. Security Access Manager WebSEAL Messages
155
DPWCF0461E • DPWCF0473E
DPWCF0461E
The key file '%s' does not exist in the
system.
Explanation: The provided key file does not exist in
the system.
Administrator response: Make sure the provided key
file exists in the system.
DPWCF0462E
The key file password is incorrect.
Explanation: The key file password may have been
entered incorrectly.
Administrator response: Make sure that the key file
password is entered correctly.
DPWCF0463E
The LDAP server could not be
contacted through SSL on port %d.
Explanation: The SSL LDAP port may have been
entered incorrectly, or the LDAP server may not be
running.
Administrator response: Make sure the LDAP server
is running. Correct the SSL LDAP port if necessary.
DPWCF0464E
The key file for SSL communcation
with the LDAP server is invalid.
Explanation: The wrong key file may have been
entered.
Administrator response: Make sure that the provided
key file is a valid key file for SSL communication with
the LDAP server
DPWCF0465E
SSL environment could not be
opened. Error: %s.
DPWCF0468E
The Policy Server could not be
contacted. Make sure the Policy Server
is running and try again.
Explanation: The Policy Server must be running in
order to configure WebSEAL.
Administrator response: Make sure the Policy Server
is functioning properly. Restart the Policy Server if
necessary.
DPWCF0469E
The file '%s' could not be copied to
'%s'
Explanation: An error occurred when trying to copy a
file.
Administrator response: Make sure the orginal file
exists and the directory for the new file exists. Make
sure the file system has sufficient space to copy the file.
Make sure the destination directory is writable.
DPWCF0470E
The directory '%s' could not be copied
to the directory '%s'.
Explanation: The original directory or the path of the
new directory may not be existed.
Administrator response: Make sure the orginal
directory exists and the path of the new directory also
exists.
DPWCF0471E
The directory '%s' could not be
created.
Explanation: The path to the directory that want to be
created may be not existed in the system.
Administrator response: Make sure the path to the
directory that want to be created exists in the system.
Explanation: An internal SSL error occurred.
Administrator response: The action to correct this
problem depends on details in the error message.
DPWCF0472E
The random password could not be
generated.
Explanation: Memory allocation operation failed.
DPWCF0466E
Port '%s' is already in use.
Explanation: The provided port is already in use.
Administrator response: Use a different port, or
remove the service that is using the port.
Administrator response: Check memory limits on
your machine, and increase availabel memory if
possible
DPWCF0473E
DPWCF0467E
Fields marked with an asterisk (*) are
required.
Explanation: Not all required inputs were provided.
Administrator response: Fill in values for all of the
required fields.
156
Version 7.0: Error Message Reference
The WebSEAL instance '%s' failed to
configure.
Explanation: WebSEAL instance cannot be configured
due to the error that displayed before this message
Administrator response: Unconfigure this WebSEAL
instance and run configuration program again.
DPWCF0474E • DPWCF0486E
DPWCF0474E
The WebSEAL instance '%s' failed to
unconfigure.
Explanation: WebSEAL instance cannot be
unconfigured due to the error that displayed before this
message
Administrator response: Run unconfiguration
program again.
DPWCF0481E
Explanation: No instance with the provided name was
found on the system.
Administrator response: Make sure the instance name
was typed correctly.
DPWCF0482E
DPWCF0475E
The specified document root directory
'%s' does not exist.
Explanation: The provided document root directory
does not exist.
Administrator response: Make sure the document root
directory exists in the system.
Could not determine the hostname of
the machine. Error code: %d
Explanation: An error occurred when attempting to
determine the host name of the local system.
Administrator response: Make sure the network
configuration on the machine is correct.
DPWCF0483E
DPWCF0476E
The instance name '%s' does not exist
to unconfigure.
The specified option '%s' is invalid.
The entry '%s' in the response file
does not have a value
Explanation: The specified option is invalid. Only the
flags in the usage message are valid.
Explanation: A needed entry in the response file did
not have a value.
Administrator response: The specified option is
invalid. Use one of the options from the usage and try
again.
Administrator response: Make sure that the value of
the entry exists in the response file.
DPWCF0484E
DPWCF0477E
The specified option '%s' needs a
parameter.
Error: the configuration program must
be run as root.
Explanation: The specified option must have a
parameter.
Explanation: The configuration program needs to be
run as the root user in order to be able to function
properly.
Administrator response: Need to specify a parameter
for the specified action.
Administrator response: Run the configuration
program as the root user.
DPWCF0478E
DPWCF0485E
The action option needs to be
specified.
Explanation: The "action" option needs to be specified
to configure or unconfigure WebSEAL instance from
command line.
Administrator response: Need to specify the "action"
option in the command line inputs.
DPWCF0479E
The specified certificate label '%s' is
invalid.
Explanation: The provided certificate label is incorrect.
Administrator response: Make sure the certificate
label is entered correctly.
DPWCF0480E
The response file '%s' could not be
opened.
The ownership of '%s' cannot be
changed to user ivmgr, group ivmgr.
Error code: %d.
Explanation: An attempt to change the ownership of a
file or directory failed. The system error number can be
used to determine the cause of the failure.
Administrator response: Make sure the file or
directory exists.
DPWCF0486E
Could not create symbolic link from
'%s' to '%s'. Error code: %d.
Explanation: An attempt to create a symbolic link
failed.
Administrator response: Make sure the destination
directory for the symlink exists, and no file or directory
exists in that location already. Look up the system error
code for further information if necessary.
Explanation: The provided response file does not
exist.
Administrator response: Make sure the response file
exists.
Chapter 3. Security Access Manager WebSEAL Messages
157
DPWCF0487E • DPWCF0498E
DPWCF0487E
The hash table for configuration
options cannot be initialized.
Explanation: The hash table can not be initialized
because the allocation of the options failed.
Administrator response: Check memory limits on
your machine, and increase available memory if
possible
DPWCF0488E
The file '%s' could not be moved to
'%s'
Explanation: An error occurred when trying to move
a file.
Administrator response: Make sure the orginal file
exists and the directory for the new file exists. Make
sure the file system has sufficient space to move the
file. Make sure the destination directory is writable.
DPWCF0489E
ERROR: For WebSEAL to function
correctly the maximum number of
threads per process should be at least
96. This value can be increased by
modifying the MAXTHREADPROC or
MAX_THREAD_PROC kernel parameter
through the sam utility.
code for additional information. Check system resource
limits on the number of file descriptors, and increase
the limits if necessary.
DPWCF0493E
The -interactive option is not
supported on this platform.
Explanation: The amwebcfg utility does not support
the -interactive flag on Windows.
Administrator response: Should not use interactive
option for the amwebcfg utility on windows
DPWCF0494E
The executable file 'ldapsearch' could
not be found.
Explanation: The installlation directory for the LDAP
client could not be found.
Administrator response: Make sure the LDAP client is
installed correctly.
DPWCF0495E
The configuration value of an entry
[%s] '%s' could not be retrieved from the
configuration file '%s'.
Explanation: An attempt to retrieve an entry from a
configuration file failed.
Explanation: The MAXTHREADPROC or
MAX_THREAD_PROC must be greater than 96 for
WebSEAL to function correctly.
Administrator response: Check logs for additional
errors. The configuration file may not exist or might
not be readable. The entry might not exist in the
configuration file.
Administrator response: Use the sam utility to
increase the MAXTHREADPROC or
MAX_THREAD_PROC and run the configuration
program again.
DPWCF0496E
DPWCF0490E
Explanation: Only IBM Security Access Manager
Administrators are allowed to configure or unconfigure
WebSEAL.
The configuration status could not be
set.
The user '%s' does not have
permission to unconfigure the server.
Explanation: This problem should not occur. If it does
happen, the machine should be restarted and run the
configuration program again.
Administrator response: Run the configuration
program again, supplying the ID and password of an
Administrative user.
Administrator response: Restart the machine and run
the configuration program again.
DPWCF0497E
DPWCF0491E
Explanation: The provided response file does not exist
or is not readable.
The file '%s' could not be deleted.
Error code: %d.
The response file '%s' does not exist.
Explanation: An attempt to delete a file failed.
Administrator response: Make sure the response file
exists and is readable.
Administrator response: Make sure that the file and
the directory containing the file are both writable.
DPWCF0498E
DPWCF0492E
The socket could not be created. Error
code: %d
Explanation: An error occured when attempting to
initialize a socket.
Administrator response: Look up the system error
158
Version 7.0: Error Message Reference
The user '%s' could not be removed
from the group '%s'. Error message: '%s'
Explanation: The function
ivadmin_group_removemember failed to remove the
user from the group because of the indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0499E • DPWCF0510E
DPWCF0499E
The objectspace '%s' could not be
created. Error message: '%s'
Explanation: The function ivadmin_objectspace_create
failed to create the objectspace because of the indicated
error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0500E
The ACL '%s' could not be created
with an error: '%s'
DPWCF0505E
The permissions for unauthenticated
in the ACL '%s' could not be set to '%s'.
Error message: '%s'
Explanation: The function ivadmin_acl_setunauth
failed to set the permissions for unauthenticated
because of the indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0506E
Explanation: The function ivadmin_acl_create failed to
create the ACL because of the indicated error.
The ACL '%s' could not be attached to
the protected object '%s'. Error message:
'%s'
Administrator response: Fix the problem indicated by
the error message.
Explanation: The function ivadmin_protobj_attachacl
failed to attach the acl to a protected object because of
the indicated error.
DPWCF0501E
Administrator response: Fix the problem indicated by
the error message.
The description of ACL '%s' could not
be set to '%s'. Error message: '%s'
Explanation: The function ivadmin_acl_setdescription
failed because of the indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0502E
The permissions for group '%s' in the
ACL '%s' could not be set. Error
message: '%s'
Explanation: The function ivadmin_acl_setgroup failed
to set the group permissions because of the indicated
error.
DPWCF0507E
The protected object '%s' could not be
created. Error message: '%s'
Explanation: The function ivadmin_protobj_create
failed to create a protected object because of the
indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0508E
The protected object '%s' could not be
deleted. Error message: '%s'
Administrator response: Fix the problem indicated by
the error message.
Explanation: The function ivadmin_protobj_create
failed to delete the protected object because of the
indicated error.
DPWCF0503E
Administrator response: Fix the problem indicated by
the error message.
The permissions for user '%s' in the
ACL '%s' could not be set. Error
message: '%s'
Explanation: The function ivadmin_acl_setuser failed
to set the user permissions because of the indicated
error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0504E
The permissions for anyother in the
ACL '%s' could not be set. Error
message: '%s'
Explanation: The function ivadmin_acl_setanyother
failed to set the permissions for anyother because of the
indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0509E
The group '%s' could not be retrieved.
Error message: '%s'
Explanation: The function ivadmin_group_get fails to
retrieve the group because of the indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0510E
The group '%s' could not be created.
Error message: '%s'
Explanation: The function ivadmin_group_create
failed to create a group because of the indicated error.
Administrator response: Fix the problem indicated by
the error message.
Chapter 3. Security Access Manager WebSEAL Messages
159
DPWCF0511E • DPWCF0522E
DPWCF0511E
The descript for group '%s' could not
be set to '%s'. Error message: '%s'
Explanation: The function
ivadmin_group_setdescription failed because of the
indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0517E
Explanation: The log.properties file must exist in
Tivoli Common Directory if Tivoli Common Directory
is used.
Administrator response: Make sure the log.properties
file exists in Tivoli Common Directory.
DPWCF0518E
DPWCF0512E
The DN of the group '%s' could not
be retrieved. Error message: '%s'
Explanation: The function ivadmin_group_getdn
failed because of the indicated error.
The log.properties file does not exist.
Failed to create Tivoli Common
Directory for WebSEAL.
Explanation: An error occurred when creating Tivoli
Common Directory for WebSEAL.
Administrator response: Fix the problem indicated by
the error message.
Administrator response: The action to correct this
problem depends on details displayed in previous error
messages.
DPWCF0513E
DPWCF0519E
The directory '%s' could not be
deleted.
Explanation: The directory may not exist.
Administrator response: Make sure the directory
exists.
DPWCF0514E
The ivadmin context could not be
created. Error message '%s'. Use
pdadmin to manually create 'su-admins'
and 'su-excluded' groups as instructed in
the appendix of WebSEAL upgrade
document.
Explanation: The function
ivadmin_context_createdefault2 failed because of the
indicated error.
Administrator response: Fix the problem indicated by
the error message.
DPWCF0515E
Use pdadmin to manually create
'su-admins' or 'su-excluded' groups as
instructed in the appendix of WebSEAL
upgrade document.
Explanation: The 'su-admins' or 'su-groups' could not
be created in the upgrade process. It should be created
manually.
Administrator response: Fix the problem indicated by
the message.
DPWCF0516E
The tivoli_common_dir entry in the
log.properties file has an empty value.
Explanation: The tivoli_common_dir entry must
contain Tivoli Common Directory in log.properties file
if Tivoli Common Directory is used.
Administrator response: Add a Tivoli Common
Directory to tivoli_common_dir entry in log.properties
file.
160
Version 7.0: Error Message Reference
Failed to relocate Tivoli Common
Directory for WebSEAL.
Explanation: An error occurred when relocating the
Tivoli Common Directory for WebSEAL.
Administrator response: The action to correct this
problem depends on details displayed in previous error
messages.
DPWCF0520E
The '%s' option must be provided on
the command line.
Explanation: The option displayed in the message
must be provided in the command line in order to
successfully configure WebSEAL.
Administrator response: Provide the option displayed
in the message on the command line.
DPWCF0521E
The '%s' option only uses 'y' or 'n' for
its parameter.
Explanation: The option displayed in the message
requires 'y' or 'n' for its value.
Administrator response: Need to provide 'y' or 'n' as
the value of the option displayed in the message on the
command line.
DPWCF0522E
The administrator ID or password is
invalid.
Explanation: A valid administrator ID and valid
password are required to configure WebSEAL.
Administrator response: Make sure that the
administrator ID and password provided are correct.
DPWCF0523E • DPWNS0165E
DPWCF0523E
The request-log-format entry in the
logging stanza contains an invalid
directive: %s
Explanation: The request-log-format value is invalid.
Administrator response: Correct the invalid
request-log-format configuration value.
DPWCF0524E
The request-log-format entry in the
logging stanza contains an invalid
parameter for a directive.
DPWCF0530E
Explanation: The configuration items [acnt-mgt]
enable-js-redirect and [acnt-mgt] login-redirect-page are
mutually exclusive.
Administrator response: Correct the configuration as
needed and restart the WebSEAL daemon.
DPWCF0531E
Explanation: The request-log-format value is invalid.
Administrator response: Correct the invalid
request-log-format configuration value.
A login redirect page cannot be
specified when JavaScript redirection is
enabled.
The configured single sign-off
resource is invalid. The resource must
reside on a standard junction.
Explanation: The single sign-off resource must reside
on a standard junction and the URI specified must
begin with a '/'.
DPWCF0525W The ping-method value of '%s' is not
a valid ping-method, defaulting to
HEAD.
Administrator response: Correct the configuration as
needed and restart the WebSEAL daemon.
Explanation: The ping-method specified is not
supported. A default value of 'HEAD' has been used.
DPWCF0532E
Administrator response: No action is necessary.
DPWCF0527W The configuration item (%s, %s) is
missing, defaulting to a value of: '%s'.
Explanation: The required configuration entry is
missing, a default value will be used.
Administrator response: Add the required
configuration entry to the configuration file.
DPWCF0528W The configuration file entry
encountered is not valid.
Explanation: A configuration entry was retrieved from
the configuration file which was not of the expected
type or formatting.
Administrator response: Examine the log files for
additional information.
DPWCF0529E
Domain cookies cannot be shared
when the session management server
has been configured.
Explanation: The configuration items [session]
shared-cookie-name and [session] dsess-enabled are
mutually exclusive. If you are attempting to acheive
single sign-on in an SMS environment, Disable the
shared-cookie-name configuration entry. If you are in
an environment without the SMS, disable the
dsess-enabled configuration entry.
Administrator response: Correct the configuration as
needed and restart the WebSEAL daemon.
The configured list of user-agent
patterns will not match all user-agent
strings. The list must contain a
match-all pattern.
Explanation: The configured list of user-agent patterns
will not match against all possible user-agent strings.
Add a new entry to the [user-agents] stanza with the
pattern '*'.
Administrator response: Correct the configuration as
needed and restart the WebSEAL daemon.
DPWCF0533E
The [user-agents] stanza must be
configured when flow data is enabled.
Explanation: The configuration stanza [user-agents]
must be configured and contain at least one entry when
using the flow data functionality.
Administrator response: Correct the configuration as
needed and restart the WebSEAL daemon.
DPWNS0150E Process can't access directory '%s',
error: 0x%8.8lx
Explanation: The process is trying to change it's
working directory
Administrator response: Check the UID running the
process has the correct permissions
DPWNS0165E The certificate revocation check result
was undetermined. The subject issuer is
'%s'.
Explanation: An OCSP CRL check could not
determine if the certificate is revoked. This is usually
due to an unresponsive OCSP responder.
Chapter 3. Security Access Manager WebSEAL Messages
161
DPWNS0166E • DPWNS0900E
Administrator response: Check the OCSP responder is
operating.
configuration of your servers to verify that they are
returning valid MIME types for all documents.
DPWNS0166E The junction server, '%s', certificate
revocation check result was
undetermined. The subject issuer is '%s'.
DPWNS0600E Compression initialization failed
with error code %d (%s).
Explanation: An OCSP CRL check could not
determine if the junctions certificate is revoked. This is
usually due to an unresponsive OCSP responder.
Administrator response: Check the OCSP responder is
operating.
DPWNS0301W Junction server '%s:%d' is
renegotiating SSL sessions at a rate of
%ld per minute.
Explanation: The SSL server junctioned behind
WebSEAL is forcing WebSEAL to renegotiate new SSL
Sessions at a rate higher than specified by [junction]
jct-ssl-reneg-warning-rate.
Administrator response: Ensure the junctioned SSL
server has SSL session caching enabled and functioning
correctly, or check that any intervening load balancers
are not causing this issue by forcing WebSEAL to
alternate between two SSL servers.
DPWNS0450E The pattern '%s' is not a valid MIME
type matching pattern.
Explanation: MIME type patterns must be either exact
(type/subtype), subtype wild cards (type/*), or type
and subtype wildcards (*/*).
Administrator response: Make sure the mime type
specified is valid.
DPWNS0451E
Invalid MIME matching pattern.
Explanation: Initialization of compression failed. This
error should never occur.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWNS0601E Compression failed with error code
%d (%s).
Explanation: Compression of a document failed. This
error should never occur.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWNS0602E Completion of compression failed
with error code %d (%s).
Explanation: The completion of document
compression failed. This error should never occur.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWNS0603E An error occured during document
compression.
Explanation: This error is returned when a problem
was encountered during document compression.
Explanation: Mime type patterns must be either exact
(type/subtype), subtype wild cards (type/*), or type
and subtype wildcards (*/*).
Administrator response: Examine log files for
additional information.
Administrator response: Make sure the mime type
specified is valid.
DPWNS0750E
DPWNS0452E
Invalid MIME type '%s'.
Explanation: An attempt was made to lookup a match
for a MIME type that did not contain a '/'.
Administrator response: Check the MIME type
configuration of your servers to verify that they are
returning valid MIME types for all documents.
DPWNS0453E
Invalid MIME type.
Explanation: An attempt was made to lookup a match
for a MIME type that did not contain a '/'.
Administrator response: Check the MIME type
162
Version 7.0: Error Message Reference
The HTTP header key '%d' is invalid.
Explanation: This message indicates an internal error.
An attempt was made to reference an HTTP header
using an invalid key.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWNS0900E The client certificate EAI request
failed: %s (0x%lx)
Explanation: This error is returned when the EAI
request which has been generated by WebSEAL does
not return a valid HTTP response.
DPWNS0901E • DPWNS1058E
Administrator response: Examine log files for
additional information.
DPWNS0901E No EAI authentication data was
provided with the EAI response.
Explanation: This error is returned when the EAI
response lacks all of the configured EAI authentication
headers.
Administrator response: Examine the log files for
additional information. Check the EAI application to
ensure that valid authentication headers are being set.
DPWNS1050E
Explanation: This message indicates that the
maximum number of concurrent sessions for the user
has been reached and no new sessions will be
permitted until one of the existing sessions has ended.
Administrator response: Refer to the WebSEAL
Administration Guide discussion of concurrent login
sessions for more complete information.
Session cache creation failed.
Explanation: This message can indicate a failure due
to system resource limitations.
Administrator response: Check available system
memory and process resource usage limits.
DPWNS1051E Addition or update of a session cache
entry failed.
Explanation: This message indicates an internal error.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWNS1052W
DPWNS1055E You are already logged in from
another client. You can either wait for
the other login to end or contact your
local support personnel to cancel the
existing login.
A session cache entry was not found.
Explanation: This message indicates that an expected
session cache entry was not found.
DPWNS1056W You are already logged in from
another client. Do you want to terminate
your existing login or cancel this new
login request?
Explanation: This message indicates that the
maximum number of concurrent sessions for the user
has been reached, and that the user can choose to
replace an existing session.
Administrator response: The action depends on the
reason for the previous session. If the user closed their
browser without properly logging out or does not need
their old session, they can press the 'Terminate existing
login' button. If the user does need their old session,
they should press the 'Cancel this new login' button.
DPWNS1057E Unable to intialize the distributed
session API (error code 0x%08lx)
Administrator response: No action is necessary unless
other problems are experienced.
Explanation: Initialization of the distributed session
API failed. This error should never occur. The error
code in the message might reveal more information
about the problem.
DPWNS1053E Session owner tracking is not
supported in this configuration.
Administrator response: Look up the error code
included in the message in the IBM Security Access
Manager for Web Troubleshooting Guide.
Explanation: This message indicates that an attempt
was made to get a list of the sessions associated with a
user when session owner tracking was not enabled.
Administrator response: Refer to the WebSEAL
Administration Guide for instructions on how to enable
tracking of session owners.
DPWNS1054E
Invalid session ID.
Explanation: This message indicates that an invalid
session ID was encountered when trying to generate an
internal representation of the ID. The most likely cause
of this error is a malformed session cookie from a
browser.
Administrator response: No action is necessary. A
new session and session cookie is created as needed.
DPWNS1058E Unable to join the replica set '%s'
(error code 0x%08lx)
Explanation: The WebSEAL server attempted to join a
particular replica set but the operation failed. The SMS
might not be available, or may have prevented the
WebSEAL server from joining the replica set for some
reason.
Administrator response: Make sure the correct
protocol, host name, and port for the SMS in the
WebSEAL configuration file are correct. Make sure the
SMS server is running and can be reached from the
WebSEAL server machine. Make sure the SMS server is
configured to host the specified replica set. Check the
log file for additional errors. If necessary, look up the
error code from the message in the IBM Security Access
Manager for Web Troubleshooting Guide for additional
troubleshooting steps.
Chapter 3. Security Access Manager WebSEAL Messages
163
DPWNS1059E • DPWNS1068E
DPWNS1059E Unable to shut down the distributed
session API (error code 0x%08lx)
Explanation: Shutdown of the distributed session API
failed. This error should never occur. The error code in
the message might reveal more information about the
problem.
Administrator response: Look up the error code
included in the message in the IBM Security Access
Manager for Web Troubleshooting Guide.
DPWNS1060E Unable to leave the replica set '%s'
(error code 0x%08lx)
Explanation: The WebSEAL server attempted to leave
a particular replica set but the operation failed. The
SMS might not be available or there might have been
another problem when leaving the replica set.
Administrator response: Look up the error code
included in the message in the IBM Security Access
Manager for Web Troubleshooting Guide.
DPWNS1061E An attempt to create a session failed
with error code 0x%08lx.
Explanation: An attempt to create a session at the
SMS failed.
Administrator response: Repeat the operation. If the
problem continues to occur, look up the error code
included in the message in the IBM Security Access
Manager for Web Troubleshooting Guide. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWNS1062E An attempt to update a session failed
with error code 0x%08lx.
Explanation: An attempt to update a session at the
SMS failed.
Administrator response: Repeat the operation. If the
problem continues to occur, look up the error code
included in the message in the IBM Security Access
Manager for Web Troubleshooting Guide. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWNS1063E An attempt to delete a session failed
with error code 0x%08lx.
Explanation: An attempt to delete a session at the
SMS failed.
Administrator response: Repeat the operation. If the
problem continues to occur, look up the error code
included in the message in the IBM Security Access
164
Version 7.0: Error Message Reference
Manager for Web Troubleshooting Guide. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWNS1064E
Unknown replica set '%s'
Explanation: An attempt was made to locate a replica
set that was not configured.
Administrator response: Check that the replica set
requested is included in the WebSEAL configuration
file as a replica set that the WebSEAL server should
join.
DPWNS1065E
Unknown replica set.
Explanation: An attempt was made to locate a replica
set that was not configured.
Administrator response: Check that the replica set
requested is included in the WebSEAL configuration
file as a replica set that the WebSEAL server should
join.
DPWNS1066E An error with code 0x%08lx occurred
when decoding a session from the SMS.
Explanation: An attempt to decode a session from the
SMS failed.
Administrator response: Look up the error code
included in the message in the IBM Security Access
Manager for Web Troubleshooting Guide.
DPWNS1067E An attempt to generate a new
external session ID failed with error
code 0x%08lx.
Explanation: An attempt to generate a new external
session ID for a session failed.
Administrator response: Repeat the operation. If the
problem continues to occur, look up the error code
included in the message in the IBM Security Access
Manager for Web Troubleshooting Guide. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWNS1068E An attempt to register an
authentication failure for user '%s' failed
with status code 0x%08lx.
Explanation: An attempt to notify the SMS of an
authentication failure was unsuccessful.
Administrator response: Check the log file for
additional errors. If necessary, look up the error code
from the message in the IBM Security Access Manager
DPWNS1070E • DPWNS1202E
for Web Troubleshooting Guide for additional
troubleshooting steps.
DPWNS1070E Session version mismatch while
deserializing session data.
Explanation: WebSEAL attempted to deserialize
session data but encountered an invalid session version.
This indicates that the session was not compatible with
the WebSEAL server that generated this error. The
session was discarded.
Administrator response: No action is necessary. A
new session will be created as needed. Refer to the
documentation for the server that generated the invalid
session version for information on compatibility with
the WebSEAL server that generated this error.
DPWNS1075E The single sign-off attempt to %s for
user '%s' failed because the configured
single sign-off resource is not
responding.
Explanation: A single sign-off request was sent to the
configured single sign-off resource but no response was
received.
Administrator response: Check that the configured
single sign-off application is running and functioning
correctly.
DPWNS1076E The single sign-off attempt to %s for
user '%s' failed because the configured
single sign-off resource returned a
response with the HTTP status code %d.
DPWNS1071E The max-concurrent-web-sessions
policy value of '%d' is invalid.
Explanation: An unexpected response was received
from the configured single sign-off resource. WebSEAL
expects a response with the HTTP status code 200.
Explanation: The max-concurrent-web-sessions policy
returned from the IBM Security Access Manager
Runtime had an unexpected value. A default value of
'unlimited' has been assumed.
Administrator response: Check that the configured
single sign-off application is running and functioning
correctly.
Administrator response: Reset the
max-concurrent-web-sessions policy for the user. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWNS1072W WebSEAL received notification that
the SMS session cache for replica-set
'%s' was cleared. All local references to
sessions are being discarded to
synchronize the local session cache with
the SMS session cache.
Explanation: The SMS notified the WebSEAL server
that the SMS session cache was lost. Any sessions
remaining on the WebSEAL server are no longer valid
and will be removed. This message will also be
displayed when the WebSEAL server first regains
contact with the SMS after WebSEAL is restarted.
DPWNS1200W The application server you are
accessing has been taken offline by the
system administrator.
Explanation: The application server being accessed
has been taken offline or throttled by the system
administrator.
Administrator response: Try again at a later time or
contact the system administrator for more information.
DPWNS1201E The server is temporarily unable to
service your request. Try again later.
Explanation: The WebSEAL server is unable to service
a request because a needed resource is unavailable.
Administrator response: The WebSEAL server log file
will have more detailed information about why the
WebSEAL server is unable to service the request. Check
the WebSEAL server log file and correct the problem.
Administrator response: No action is necessary.
DPWNS1074E The single sign-off attempt for the
user '%s' failed because the single
sign-off resource is unavailable.
Explanation: The single sign-off attempt failed
because the configured single sign-off resource is not
accessible by WebSEAL.
Administrator response: Check that the configured
single sign-off resource URI points to a resource on a
junction which is accessible by WebSEAL.
DPWNS1202E An error occurred processing a HTTP
transformation.
Explanation: The WebSEAL server is unable to service
a request because a HTTP transformation rule caused
an error.
Administrator response: The WebSEAL server log file
will have more detailed information about why the
HTTP transformation failed. Check the WebSEAL
server log file and correct the HTTP transformation
rule.
Chapter 3. Security Access Manager WebSEAL Messages
165
DPWNS1203E • DPWNS1211W
DPWNS1203E An invalid XML message document
was used as part of a HTTP
transformation operation.
Explanation: The WebSEAL server is unable to service
a request because an invalid XML message document
was used as part of a HTTP transformation operation.
Administrator response: The WebSEAL server log file
will have more detailed information about the XML
object used. Check the WebSEAL server log file and
correct the HTTP transformation rule.
DPWNS1204E The XML element %s was missing
from the document generated by a
HTTP transformation operation.
Explanation: The WebSEAL server is unable to service
a request because an expected XML element was
missing from the output document of a HTTP
transformation operation.
Administrator response: Correct the HTTP
transformation rule to ensure the rule includes all
required elements.
DPWNS1205E The XML attribute %s was missing
from the %s element for the document
generated by a HTTP transformation
operation.
Explanation: The WebSEAL server is unable to service
a request because an expected XML attribute was
missing from the output document of a HTTP
transformation operation.
Administrator response: Correct the HTTP
transformation rule to ensure the rule includes all
required elements.
Administrator response: Correct the HTTP
transformation rule to ensure the rule includes all
required elements.
DPWNS1208E The action attribute %s is unknown
and therefore cannot be used by a HTTP
transformation operation.
Explanation: The WebSEAL server is unable to service
a request because an unexpected action attribute was
found as part of a HTTP transformation operation.
Administrator response: Correct the HTTP
transformation rule to ensure the rule outputs
supported actions.
DPWNS1209W A configuration entry for the
resource %s was not defined in the
http-transformation stanza of the
WebSEAL configuration file and
therefore HTTP transformation cannot
take place.
Explanation: A HTTPTransformation resource was
defined as an extended attribute on a POP but the
WebSEAL configuration does not include a
transformation rule for this resource.
Administrator response: Correct the WebSEAL
configuration or the POP HTTPTransformation attribute
to ensure the resource references an appropriate
transformation rule.
DPWNS1210E The cookie attribute %s is unknown
and therefore cannot be used by a HTTP
transformation operation.
Explanation: The WebSEAL server is unable to service
a request because an unexpected cookie attribute was
found as part of a HTTP transformation operation.
DPWNS1206E The XML element %s was missing
from the request change document
generated by a HTTP transformation
operation.
Administrator response: Correct the HTTP
transformation rule so that it does not reference
unsupported cookie attributes.
Explanation: The WebSEAL server is unable to service
a request because an expected XML element was
missing from the request change document as part of a
HTTP transformation operation.
DPWNS1211W The cookie %s already exists in the
HTTP message and as such it cannot be
added by the transformation rule.
Administrator response: Correct the HTTP
transformation rule to ensure the rule includes all
required elements.
DPWNS1207E The XML element %s was missing
from the response change document
generated by a HTTP transformation
operation.
Explanation: The WebSEAL server is usable to service
a request because an expected XML element was
missing from the response change document as part of
a HTTP transformation operation.
166
Version 7.0: Error Message Reference
Explanation: The WebSEAL server is unable to add a
cookie to a HTTP message as it already exists in the
HTTP message being transformed.
Administrator response: Modify the HTTP
transformation so that it either checks for the existence
of the cookie before adding the new cookie, or specifies
the update action so that the cookie is updated.
DPWNS1212W • DPWNS1360W
DPWNS1212W The authentication challenge type
rules could not be applied because
WebSEAL received a request without
the User-Agent HTTP header.
DPWNS1354W Failed to start WebSEAL as an ARM
application: error code %d: error
message '%s'. ARM support will be
disabled.
Explanation: A client which did not present a User
Agent header in their request has made a request to
authenticate with WebSEAL. WebSEAL was unable to
determine the authentication challenge type for this
request.
Explanation: WebSEAL was unable to start as an ARM
application.
Administrator response: No action required.
DPWNS1350W Failed to load ARM library '%s':
error code %d: error message '%s'. ARM
support will be disabled.
Explanation: WebSEAL attempted to dynamically load
the ARM shared library and failed.
Administrator response: Check the shared library
name is correct and present on the system. Refer to the
error message for more specific information. The shared
library name is specified by the library entry under the
[arm] stanza. If loading the ARM library is not desired
set enable = no under the [arm] stanza.
Administrator response: Check ARM setup. Refer to
the error message for more specific information.
DPWNS1356W Failed to stop WebSEAL running as
an ARM application: error code %d:
error message '%s'.
Explanation: WebSEAL was unable to stop running as
an ARM application using arm_stop_application().
Administrator response: Refer to the error message
for more specific information.
DPWNS1357W Failed to unregister the WebSEAL
application from ARM: error code %d:
error message '%s'.
Explanation: WebSEAL was unable to unregister as an
ARM application using arm_destroy_application().
DPWNS1351W ARM library is missing function
'%s': error code %d: error message '%s'.
ARM support will be disabled.
Administrator response: Refer to the error message
for more specific information.
Explanation: WebSEAL dynamically loaded the ARM
shared library and can not find a required function in
it.
DPWNS1358W Failed to get ARM transaction '%s'
arrival time: error code %d: error
message '%s'.
Administrator response: Check the shared library
name is correct. Refer to the error message for more
specific information. The shared library name is
specified by the library entry under the [arm] stanza.
Explanation: The call to ARM function
arm_get_arrival_time() failed unexpectedly. The
transaction will not be reported.
DPWNS1352W Failed to register the WebSEAL
application with ARM: error code %d:
error message '%s'. ARM support will
be disabled.
Explanation: WebSEAL was unable to register itself
with ARM.
Administrator response: Check ARM setup is
operational. Refer to the error message for more
specific information.
Administrator response: Refer to the error message
for more specific information.
DPWNS1359W Failed to get the length of an ARM
correlator: error code %d: error message
'%s'.
Explanation: The call to ARM function
arm_get_correlator_length() failed unexpectedly. The
correlator will not be used.
Administrator response: Refer to the error message
for more specific information.
DPWNS1353W Failed to register WebSEAL
transaction '%s' with ARM: error code
%d: error message '%s'. ARM support
will be disabled.
DPWNS1360W An invalid correlator string was
passed to WebSEAL: '%s'. It will not be
used for subsequent transactions.
Explanation: WebSEAL was unable to register the
transaction with ARM.
Explanation: An ARMCorrelator header was received
by WebSEAL with an invalid value.
Administrator response: Check ARM setup. Refer to
the error message for more specific information.
Administrator response: Check the application
making the request to WebSEAL. Or disable WebSEAL
from using incoming ARM Correlator by setting
Chapter 3. Security Access Manager WebSEAL Messages
167
DPWNS1361W • DPWNS1502E
accept-correlators = no in the [arm] stanza.
DPWNS1361W Failed to start ARM transaction '%s':
error code %d: error message '%s'. The
transaction will not be reported.
Explanation: The call to ARM function
arm_start_transaction() failed unexpectedly. The
transaction will not be reported.
Administrator response: ARM can limit the number
of concurrent transactions being reported. It may be
possible to increase the limit. Also refer to the error
message for more specific information.
DPWNS1362W Failed to stop ARM transaction '%s':
error code %d: error message '%s'.
Explanation: The call to ARM function
arm_stop_transaction() failed unexpectedly.
Administrator response: Refer to the error message
for more specific information.
DPWNS1363W Unable to start ARM transaction
reporting as ARM initialization failed.
See log files for more information.
Explanation: The 'arm on' command cannot complete
as the ARM initialization failed.
Administrator response: Examine the log files for the
reason ARM initization failed. Correct this, restart
WebSEAL and try again.
DPWNS1364W Unable to start ARM transaction
reporting as WebSEAL ARM support
has been disabled.
Explanation: The 'arm on' command cannot complete
as the WebSEAL ARM support has been disabled in the
configuration file.
Administrator response: Don't run the 'arm off'
command while transaction reporting is off.
DPWNS1367W Failed to load ARM library '%s':
error code %d: error message '%s'. ARM
support will be disabled.
Explanation: WebSEAL attempted to dynamically load
the ARM shared library and failed.
Administrator response: Check the shared library
name is correct and present on the system. Refer to the
error message for more specific information. The shared
library name is specified by the library entry under the
[arm] stanza. If loading the ARM library is not desired
set enable-arm = no under the [arm] stanza.
DPWNS1368W Unable to start ARM transaction
reporting as WebSEAL ARM support
has been disabled.
Explanation: The 'arm on' command cannot complete
as the WebSEAL ARM support has been disabled in the
configuration file.
Administrator response: To enable ARM support set
enable-arm = yes in the [arm] stanza and restart
WebSEAL.
DPWNS1500E The interface '%s', defined in the [%s]
stanza, contains an invalid value for
'%s'. You must specify either 'http' or
'https'.
Explanation: The web-http-protocol and
web-https-protocol interface settings can only contain
'http' or 'https'.
Administrator response: Set the value to either 'http'
or 'https'
Administrator response: To enable ARM support set
enable = yes in the [arm] stanza and restart WebSEAL.
DPWNS1501E The option '%s', defined in the [%s]
stanza, contains an invalid value. You
must specify either 'http' or 'https'.
DPWNS1365W ARM transaction reporting is
already on.
Explanation: The web-http-protocol and
web-https-protocol settings can only contain 'http' or
'https'.
Explanation: The 'arm on' command is redundant and
will be ignored as arm transaction reporting is already
on.
Administrator response: Set the value to either 'http'
or 'https'
Administrator response: Don't run the 'arm on'
command while transaction reporting is on.
DPWNS1502E The option '%s' defined in the [%s]
stanza contains an invalid port value.
DPWNS1366W ARM transaction reporting is
already off.
Explanation: The 'arm off' command is redundant and
will be ignored as arm transaction reporting is already
off.
168
Version 7.0: Error Message Reference
Explanation: The port value provided is either out of
the valid range, or is not a number.
Administrator response: Provide a valid value for a
TCP/IP port in the range 1 to 65535.
Chapter 4. Security Access Manager Plug-in for Web Servers
Messages
These messages are provided by the Security Access Manager Plug-in for Web
Servers component.
AMZCO0005W The IBM Security Access Manager
user registry type could not be
determined.
Explanation: The type of user registry that IBM
Security Access Manager has been configured to use
could not be determined.
Administrator response: Ensure that the IBM Security
Access Manager runtime environment is correctly
configured.
AMZCO0075E
The server could not be started.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
be started the configuration program. This message is
informational.
Administrator response: Examine earlier messages to
determine the reason why the IBM Security Access
Manager Plug-in for Web Servers authorization server
could not be started and take appropriate action.
AMZCO0077E
The server could not be stopped.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
be stopped the configuration program. This message is
informational.
Administrator response: Examine earlier messages to
determine the reason why the IBM Security Access
Manager Plug-in for Web Servers authorization server
could not be stopped and take appropriate action.
AMZCO0079E
The server could not be stopped.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
be stopped the configuration program. This message is
informational.
Administrator response: Examine earlier messages to
determine the reason why the IBM Security Access
Manager Plug-in for Web Servers authorization server
could not be stopped and take appropriate action.
AMZCO0080E
The server could not be started.
be started the configuration program. This message is
informational.
Administrator response: Examine earlier messages to
determine the reason why the IBM Security Access
Manager Plug-in for Web Servers authorization server
could not be started and take appropriate action.
AMZCO0160E The LDAP SSL client key file %s
could not be opened: system error: %s
(system error code: %d).
Explanation: The specified LDAP SSL client key file
could not be opened for the indicated reason.
Administrator response: Correct the problem and
retry the operation.
AMZCO0166E The specified LDAP SSL client key
file could not be opened.
Explanation: The specified LDAP SSL client key file
could not be opened for the indicated reason.
Administrator response: Correct the problem and
retry the operation.
AMZCO0167E All virtual hosts have already been
protected.
Explanation: You cannot perform a configuration
using the configuration utility if no virtual hosts have
been left unprotected. The configuration utility is only
useful for protecting currently unprotected virtual
hosts.
Administrator response: Either add more virtual hosts
to the web server, or unprotected one or more existing
virtual hosts before running the configuration utility
again.
AMZCO0196E A stanza in the configuration file
could not be located.
Explanation: A stanza being searched for could not be
located.
Administrator response: Examine earlier messages for
details of the particular stanza and stanza file, correct
the problem, and retry the operation.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
© Copyright IBM Corp. 2001, 2012
169
AMZCO0198E • AMZCO0220E
AMZCO0198E The authorization server IPC
interface was not configured
successfully.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server IPC
interface was not successfully configured.
Administrator response: Examine earlier messages for
details of the failure, correct any problems and retry the
operation.
AMZCO0201W The authorization server IPC
interface failed to unconfigure.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server IPC
interface was not successfully unconfigured.
Administrator response: No action is required.
AMZCO0205E The authorization server could not be
configured for the virtual hosts
specified.
Explanation: The virtual host was not successfully
configured.
Administrator response: Examine earlier messages for
details of the failure, correct the problem, and retry the
operation.
AMZCO0211E The authorization server could not be
configured to start automatically on
system restart.
be removed from the list of services to be automatically
started on system restart.
Administrator response: If the IBM Security Access
Manager Plug-in for Web Servers authorization server
still appears as an operating system service use the
operating system service administration tools to remove
it manually.
AMZCO0215W The authorization server will no
longer be automatically started on
system restart.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
be removed from the list of services to be automatically
started on system restart.
Administrator response: If the IBM Security Access
Manager Plug-in for Web Servers authorization server
still appears as an operating system service use the
operating system service administration tools to remove
it manually.
AMZCO0216E The IBM Security Access Manager
policy server is not responding. Verify
that the IBM Security Access Manager
policy server is running.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers configuration or
unconfiguration cannot be completed because the IBM
Security Access Manager policy server cannot be
contacted.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
be configured to start automatically on system restart.
Administrator response: Ensure that the location of
the IBM Security Access Manager policy server was
specified correctly during configuration and retry the
operation.
Administrator response: Examine earlier messages for
details of the problem, correct it and retry the
operation.
AMZCO0217E A IBM Security Access Manager
administration operation failed.
AMZCO0212E The authorization server could not be
configured to start automatically on
system restart.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
be configured to start automatically on system restart.
Administrator response: Examine earlier messages for
details of the problem, correct it and retry the
operation.
AMZCO0214W The authorization server could not
be removed from the list of services to
be automatically started on system
restart.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server could not
170
Version 7.0: Error Message Reference
Explanation: A IBM Security Access Manager
administration operation has failed.
Administrator response: Examine earlier messages for
details on the failure, correct the problem, and retry the
operation.
AMZCO0220E Failure obtaining local host name:
system error: %s (system error code: %d).
Explanation: The host name of the machine could not
be determined for the indicated reason.
Administrator response: Correct the problem and
retry the operation.
AMZCO0226E • AMZCO0238W
AMZCO0226E The authorization server IPC
interface file could not be created.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers authorization server
inter-process communication (IPC) interface file could
not be created.
Administrator response: Examine earlier messages in
the log file containing this message for more detailed
errors, correct the problem, and retry the configuration
operation.
AMZCO0227E The Sun Java System (formerly
SunONE) Web Server plug-in is not
supported on this operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for Sun Java
System (formerly SunONE) Web Server on an
unsupported operating system.
AMZCO0231E The directory %s does not exist or is
not accessible: error: %s (error code:
%#x).
Explanation: The specified directory could not be
accessed.
Administrator response: Check the availability of the
specified directory.
AMZCO0232E
The virtual host '%s' does not exist.
Explanation: The specified virtual host could not be
located in the Web server's configuration data.
Administrator response: Check the name of the
virtual host and retry the configuration.
AMZCO0233E
The file %s could not be opened.
Explanation: The specified file could not be accessed.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for Sun Java System
(formerly SunONE) Web Server on this operating
system.
Administrator response: Check the availability of the
specified file.
AMZCO0228E An error occurred while parsing the
Sun Java System (formerly SunONE)
Web Server configuration file %s for the
virtual host %s.
Explanation: The requested stanza within the
configuration file could not be accessed.
Explanation: An error occurred while parsing the Sun
Java System (formerly SunONE) Web Server
configuration file.
AMZCO0234E The stanza %s in the %s
configuration file could not be accessed.
Administrator response: Check the availability of the
specified file, and also check whether the file contains
the required stanza.
AMZCO0235E The %s entry of the %s stanza of the
%s configuration file could not be
accessed.
Administrator response: Check the Sun Java System
(formerly SunONE) Web Server configuration file to
ensure that it is of the correct format. Start the Sun Java
System Web Server to see if it accepts the configuration
file.
Explanation: The requested stanza and entry within
the configuration file could not be accessed.
AMZCO0229E There appears to be an error with the
IHS configuration file %s.
Administrator response: Check the availability of the
specified file, and also check whether the file contains
the required stanza and entry.
Explanation: An error occurred while parsing the IBM
HTTP Server (IHS) configuration file.
Administrator response: Check the IBM HTTP Server
(IHS) configuration file to ensure that it is of the correct
format. Start the Web server to see if it accepts the
configuration file.
AMZCO0230E The IHS Web server plug-in is not
supported on this operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for IBM HTTP
Server (IHS) on an unsupported operating system.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for IBM HTTP Server
(IHS) on this operating system.
AMZCO0236E The necessary configuration options
could not be found in the configuration
file.
Explanation: The required items could not be
retrieved from the file.
Administrator response: Check that the correct file is
specified.
AMZCO0238W The IBM Security Access Manager
Plug-in for Web Servers could not be
unconfigured as a IBM Security Access
Manager server.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers could not be unconfigured as a
Chapter 4. Security Access Manager Plug-in for Web Servers Messages
171
AMZCO0240E • AMZCO0251E
IBM Security Access Manager server.
Administrator response: Use the svrsslcfg utility
provided with the IBM Security Access Manager
runtime environment to manually unconfigure IBM
Security Access Manager Plug-in for Web Servers as a
IBM Security Access Manager server. The server name
to use when performing the unconfiguration manually
is 'PDWebPI'.
AMZCO0240E The plug-in already appears to be
configured. Unconfigure and try again.
Explanation: The IBM Security Access Manager Web
server plug-in is already configured.
Administrator response: Unconfigure the IBM
Security Access Manager Web server plug-in and retry
the operation.
AMZCO0241E The Web server plug-in is not
configured.
AMZCO0246E The IBM Security Access Manager
Plug-in for Web Server configuration as
a IBM Security Access Manager server
failed.
Explanation: The IBM Security Access Manager
Plug-in for Web servers configuration as a IBM Security
Access Manager server was not successful.
Administrator response: Examine earlier messages for
details of the configuration failure, correct the indicated
problems, and retry the operation.
AMZCO0247E The administration service failed to
configure.
Explanation: The administration service configuration
was not successful.
Administrator response: Examine earlier messages for
details of the configuration failure, correct the indicated
problems, and retry the operation.
Explanation: An attempt has been made to
unconfigure the Web server plug-in when it is not
configured.
AMZCO0248W The administration service failed to
unconfigure.
Administrator response: No action is required.
Explanation: The administration service
unconfiguration was not successful.
Explanation: The configuration was not successful.
Administrator response: Examine earlier messages for
details of the unconfiguration failure, correct the
indicated problems, and retry the operation.
Administrator response: Examine earlier messages for
details of the configuration failure, correct the problems
identified, and retry the operation.
AMZCO0249E The necessary ACLs could not be
created.
AMZCO0243E
Explanation: The access control lists for the IBM
Security Access Manager Plug-in for Web Servers could
not be created.
AMZCO0242E
The configuration was not successful.
The configuration was not successful.
Explanation: The configuration was not successful.
Administrator response: Examine earlier messages for
details of the configuration failure, correct the problems
identified, and retry the operation.
AMZCO0244E The unconfiguration was not
completed successfully.
Explanation: The unconfiguration failed.
Administrator response: Examine earlier messages for
details of the unconfiguration failure, correct the
indicated problems, and retry the operation.
AMZCO0245E The unconfiguration was not
successful.
Administrator response: Examine earlier messages for
details of the configuration failure, correct the indicated
problems, and retry the operation.
AMZCO0250W The IBM Security Access Manager
Plug-in for Web Server ACLs could not
be deleted.
Explanation: The IBM Security Access Manager
Plug-in for Web Server ACLs could not be deleted.
Administrator response: Examine earlier messages for
details of the unconfiguration failure, correct the
indicated problems, and retry the operation.
Explanation: The unconfiguration failed.
AMZCO0251E No Web server plug-in package has
been installed.
Administrator response: Examine earlier messages for
details of the unconfiguration failure, correct the
indicated problems, and retry the operation.
Explanation: An attempt has been made to configure
the IBM Security Access Manager Web server plug-in
when no plug-in package has been installed.
Administrator response: Install a IBM Security Access
172
Version 7.0: Error Message Reference
AMZCO0252E • AMZCO0389E
Manager Web server plug-in package and retry the
operation.
AMZCO0252E No Web server plug-in package has
been installed.
Explanation: An attempt has been made to configure
the IBM Security Access Manager Web server plug-in
when no plug-in package has been installed.
Administrator response: Install a IBM Security Access
Manager Web server plug-in package and retry the
operation.
AMZCO0253E The requested Web server plug-in is
not currently supported.
Explanation: A request has been made to configure a
IBM Security Access Manager Web server plug-in that
is installed but is not supported.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0254E The requested Web server plug-in is
not currently supported.
Explanation: A request has been made to configure a
IBM Security Access Manager Web server plug-in that
is installed but is not supported.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0255E The IIS Web server plug-in is not
supported on this operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for Microsoft
Internet Information Services (IIS) on an unsupported
operating system.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for Microsoft Internet
Information Services (IIS) on this operating system.
AMZCO0384E The Windows service database could
not be opened: system error: %s (system
error code: %d).
Explanation: The Windows service database could not
be opened for the reason indicated.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0385E The Windows service database could
not be opened.
Explanation: The Windows service database could not
be opened.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0386E The %s service could not be accessed
in the Windows service database: system
error: %s (system error code: %d).
Explanation: A service in the Windows service
database could not be opened for the reason indicated.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0387E The service could not be accessed in
the Windows service database.
Explanation: A service in the Windows service
database could not be opened.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0388E The current state of the %s service
could not be determined: system error:
%s (system error code: %d).
Explanation: A service in the Windows service
database could not be queried for its status for the
reason indicated.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0389E The current state of the service could
not be determined.
Explanation: A service in the Windows service
database could not be queried for its status.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Chapter 4. Security Access Manager Plug-in for Web Servers Messages
173
AMZCO0390E • AMZCO0399E
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
panel applet, wait until the identified service starts. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
AMZCO0390E The %s service could not be stopped:
system error: %s (system error code: %d).
AMZCO0395E
Explanation: A service in the Windows service
database could not be stopped for the reason indicated.
Explanation: A service in the Windows service
database took longer than expected to start.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Using the service control
panel applet, wait until the identified service starts. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
AMZCO0391E
AMZCO0396E The %s service has taken longer than
%d seconds to stop.
The service could not be stopped.
Explanation: A service in the Windows service
database could not be stopped.
Administrator response: Ensure that you are logged
in as a user with sufficient privileges to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
The service took too long to start.
Explanation: A service in the Windows service
database took longer than expected to stop.
Administrator response: Using the service control
panel applet, wait until the identified service stops and
retry the operation. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0392E The %s service could not be started:
system error: %s (system error code: %d).
AMZCO0397E
Explanation: A service in the Windows service
database could not be started for the reason indicated.
Explanation: A service in the Windows service
database took longer than expected to stop.
Administrator response: Ensure that you are logged
in as a user with the sufficient privileges to administer
windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Using the service control
panel applet, wait until the identified service stops and
retry the operation. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0393E
AMZCO0398E The Web server could not be
restarted: error: %s (error code: %#x).
The service could not be started.
Explanation: A service in the Windows service
database could not be started.
Administrator response: Ensure that you are logged
in as a user with sufficient privilege to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0394E The %s service has taken longer than
%d seconds since the last checkpoint to
start.
Explanation: A service in the Windows service
database took longer than expected to start.
Administrator response: Using the service control
174
Version 7.0: Error Message Reference
The service took too long to stop.
Explanation: An attempt to restart the Web server was
made but failed.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0399E The Web server could not be
restarted.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers configuration program
attempted to restart the Web server but failed.
Administrator response: Restart the Web server
manually. If the problem persists, check IBM Electronic
AMZCO0400E • AMZCO0414E
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0400E The configuration information for
the %s service could not be accessed:
system error: %s (system error code: %d).
AMZCO0410E The user %s could not be added to
the group %s: (URAF error code: %#x).
Explanation: A service in the Windows service
database could not be queried for its configuration for
the reason indicated.
Administrator response: Ensure that you are logged
in as a user with sufficient privilege to administer
Windows services. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0401E The configuration information for
the service could not be accessed.
Explanation: A service in the Windows service
database could not be queried for its configuration.
Administrator response: Ensure that you are logged
in as a user with privilege to administer Windows
services. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0402E The configuration program must be
run as root.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers configuration program needs
to be run as the root user.
Administrator response: Run the IBM Security Access
Manager Plug-in for Web Servers configuration
program as the root user.
AMZCO0403E No user was found for the virtual
host %s.
Explanation: A user could not be found for a
particular virtual host. A user is required to allow
permissions to be set up correctly for the shared
memory used to communicate between the IBM
Security Access Manager Plug-in for Web Servers
authorization server and the Web server plug-in.
Administrator response: Ensure that the Web server
configuration is correct.
AMZCO0409E The URAF initialization was not
successful: %s (%#x).
Explanation: The URAF initialization was not
successful.
Explanation: The identified user could not be added
to the identified group.
Administrator response: Ensure that the user registry
is available and retry the operation. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
AMZCO0412E The response file %s could not be
processed: error: %s (error code: 0x%x).
Explanation: An invalid response file was provided to
the IBM Security Access Manager Plug-in for Web
Servers configuration program.
Administrator response: Examine the IBM Security
Access Manager Plug-in for Web Servers configuration
program log file for more details on the errors found in
the response file.
AMZCO0413E An invalid DN was retrieved for the
admin group %s
Explanation: The admin group is required as a DN
template in creation of other groups. The DN for the
admin group which was retrieved does not contain the
name of the admin group.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
AMZCO0414E No Sun Java System (formerly
SunONE) Web Server configuration
information for the virtual host %s
could be found under the %s directory.
Ensure that the correct directory is
specified and that file permissions allow
read access to the appropriate users.
Explanation: No configuration file could be found
under the specified directory for the identified virtual
host.
Administrator response: Retry the configuration
option making sure you specify the correct Sun Java
System (formerly SunONE) Web Server installation
directory and valid virtual host names. Ensure that the
correct permissions are assigned to the files contained
within the Web server installation directory, allowing
read access for the appropriate users.
Administrator response: If the problem persists, check
Chapter 4. Security Access Manager Plug-in for Web Servers Messages
175
AMZCO0415E • AMZCO0424E
AMZCO0415E The SSL keyfile %s permissions do
not permit read-write access by the user
%s or group %s.
Explanation: In order to use the identified SSL keyfile
the identified user requires read-write access. Normally,
the configuration program will change the ownership
or permissions of the file so that the identified user can
access the keyfile appropriately. It will not do this if the
keyfile is owned by the ivmgr user and a group other
than ivmgr and the group permissions on the file do
not permit read-write access. This protects
configurations where the administrator has carefully set
the keyfile permissions from being overridden by this
configuration program.
Administrator response: Change the permissions of
the file so that the identified user will have read-write
access or specify an alternate keyfile to use.
AMZCO0416E The specified SSL keyfile
permissions do not permit read-write
access.
Explanation: In order to use the identified SSL keyfile
the IBM Security Access Manager Plug-in for Web
Servers authorization server requires read-write access.
Normally, the configuration program will change the
ownership or permissions of the file so that the
authorization server can access the keyfile
appropriately. It will not do this if the keyfile is owned
by the ivmgr user and a group other than ivmgr and
the group permissions on the file do not permit
read-write access. This protects configurations where
the administrator has carefully set the keyfile
permissions from being overridden by this
configuration program.
Administrator response: Change the permissions of
the file so that the identified user will have read-write
access or specify an alternate keyfile to use.
AMZCO0417E The file permissions for file %s
could not be set to %#o: error: %s (error
code: %#x).
Explanation: The configuration requires that the
identified file have the specified permissions and the
specified error occurred while attempting to change the
permissions.
Administrator response: Change the permissions
manually and retry the operation.
AMZCO0418E The user %s could not be added to
the group %s: error: %s (error code:
%#x).
Explanation: The identified user could not be added
to the identified group.
Administrator response: Ensure that the user registry
is available and retry the operation. If the problem
176
Version 7.0: Error Message Reference
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
AMZCO0419E The properties for file %s could not
be set to user %s, group %s, and
permissions %#o: error: %s (error code:
%#x).
Explanation: The configuration requires that the
identified file have the specified permissions and
ownership properties and the specified error occurred
while attempting to change the properties.
Administrator response: Change the ownership and
permissions manually and retry the operation.
AMZCO0420E The Web server plug-in is not
configured.
Explanation: An attempt has been made to
unconfigure the Web server plug-in when it is not
configured.
Administrator response: No action is required.
AMZCO0422E The action '%s' is not a recognized
action.
Explanation: An invalid value for the '-action'
parameter of the configuration program has been
specified either on the command line or in the response
file.
Administrator response: Run the configuration
program specifying a valid action.
AMZCO0423E An unrecognized action was
specified.
Explanation: An invalid value for the '-action'
parameter of the configuration program has been
specified either on the command line or in the response
file.
Administrator response: Run the configuration
program specifying a valid action.
AMZCO0424E No value has been specified for the
required '%s' configuration item.
Explanation: No value has been specified for the
required configuration item.
Administrator response: Run the configuration
program specifying a value for identified configuration
item on the command line or in a response file.
Alternatively, you may run the configuration program
in interactive mode (-interactive yes) and be prompted
for the item value.
AMZCO0425E • AMZCO0435E
AMZCO0425E No value has been specified for a
required configuration item.
Explanation: No value has been specified for the
required configuration item.
Administrator response: Examine earlier error
message to identify the particular configuration item
that has not been specified. Run the configuration
program specifying a value for that configuration item
on the command line or in a response file.
Alternatively, you may run the configuration program
in interactive mode (-interactive yes) and be prompted
for the item's value.
AMZCO0426E The value '%s' specified for the
'remove' configuration item is not valid.
Explanation: An invalid value for the 'remove'
configuration item has been specified either on the
command line or in the response file.
Administrator response: Run the configuration
program specifying a valid value for the 'remove'
configuration item.
AMZCO0427E The value specified for the 'remove'
configuration item is not valid.
Explanation: An invalid value for the 'remove'
configuration item has been specified either on the
command line or in the response file.
Administrator response: Run the configuration
program specifying a valid value for the 'remove'
configuration item.
AMZCO0428E
The virtual host does not exist.
Explanation: A virtual host could not be located in the
Web server's configuration data.
Administrator response: Examine earlier messages to
identify the virtual host that does not exist. Check the
name of the virtual host and retry the configuration.
AMZCO0429E The IHS Web server plug-in is not
supported on this operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for IBM HTTP
Server (IHS) on an unsupported operating system.
Administrator response: Run the IBM Security Access
Manager Plug-in for Web Servers configuration
program as the root user.
AMZCO0431E The Sun Java System (formerly
SunONE) Web Server plug-in is not
supported on this operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for Sun Java
System (formerly SunONE) Web Server on an
unsupported operating system.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for Sun Java System
(formerly SunONE) Web Server on this operating
system.
AMZCO0432E The command line option '-%s' is not
valid.
Explanation: The identified command line option is
not valid for the operation requested of the
configuration program.
Administrator response: Re-run the configuration
program either without the option or with the correct
option for the operation.
AMZCO0433E The option '%s' in the [%s] stanza of
the %s response file is not valid.
Explanation: The identified option read from the
response file is not valid for the operation requested of
the configuration program.
Administrator response: Correct the options in the
response file and re-run the command.
AMZCO0434E The value '%s' for command line
option '-%s' is inconsistent with the
previously set value '%s'.
Explanation: The identified command line option is
has been specified more than once with different values
to the configuration program.
Administrator response: Re-run the configuration
program without specifying inconsistent values for the
option.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for IBM HTTP Server
(IHS) on this operating system.
AMZCO0435E The value '%s' for option '%s' in the
[%s] stanza of the %s response file is
inconsistent with the previously set
value '%s'.
AMZCO0430E The configuration program must be
run as root.
Explanation: The identified option read from the
response file is not valid for the operation requested of
the configuration program.
Explanation: The IBM Security Access Manager
Plug-in for Web Servers configuration program needs
to be run as the root user.
Administrator response: Correct the options in the
response file and re-run the command.
Chapter 4. Security Access Manager Plug-in for Web Servers Messages
177
AMZCO0436E • AMZCO0449E
AMZCO0436E
'%s' is not a valid Web server type.
Explanation: The specified Web server type is not
valid.
Administrator response: Specify a valid Web server
type and re-run the command. The usage message of
the configuration program lists the valid Web server
types.
AMZCO0437E The specified Web server type is not
valid.
Explanation: The specified Web server type is not
valid.
Administrator response: Specify a valid Web server
type and re-run the command. The usage message of
the configuration program lists the valid Web server
types.
AMZCO0438W The Web server type could not be
determined.
Explanation: The configuration program has reported
that there are configuration parameters that are invalid.
This might be because the parameters are specific to a
particular Web server plug-in but the type of Web
server plug-in to be configured was not explicitly
specified and could not be determined automatically.
Administrator response: Re-run the configuration
program using the 'web_server' configuration
parameter to explicitly specify the Web server type for
which the IBM Security Access Manager Plug-in for
Web Severs is being configured.
AMZCO0439E The Web server type could not be
determined.
Explanation: More than one Web server plug-in
package has been installed and the configuration
program was not able to automatically determine
which Web server type to use.
Administrator response: Re-run the configuration
program using the 'web_server' configuration
parameter to explicitly specify the Web server type for
which the IBM Security Access Manager Plug-in for
Web Severs is being configured.
AMZCO0444E '%s' is not a valid Apache server
version.
Explanation: The specified Apache server version is
not valid.
Administrator response: Specify a valid Apache
server version and re-run the command. The usage
message of the configuration program lists the valid
Apache server versions.
178
Version 7.0: Error Message Reference
AMZCO0445E The specified Apache server version
is not valid.
Explanation: The specified Apache server version is
not valid.
Administrator response: Specify a valid Apache
server version and re-run the command. The usage
message of the configuration program lists the valid
Apache server versions.
AMZCO0446E The specified Apache Web Server
version is not supported on this
operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for Apache Web
Server against a version of the Apache Web Server that
is not supported on the operating system.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for Apache Web
Server against this version of Apache Web server on
this operating system.
AMZCO0447E The specified Apache Web Server
version is not supported on this
operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for Apache Web
Server against a version of the Apache Web Server that
is not supported on the operating system.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for Apache Web
Server against this version of Apache Web server on
this operating system.
AMZCO0448E '%s' is not a valid IBM HTTP Server
version.
Explanation: The specified IBM HTTP Server version
is not valid.
Administrator response: Specify a valid IBM HTTP
Server server version and re-run the command. The
usage message of the configuration program lists the
valid IBM HTTP Server versions.
AMZCO0449E The specified IBM HTTP Server
version is not valid.
Explanation: The specified IBM HTTP Server version
is not valid.
Administrator response: Specify a valid IBM HTTP
Server version and re-run the command. The usage
message of the configuration program lists the valid
IBM HTTP Server versions.
AMZCO0450E • AMZCO0457E
AMZCO0450E The specified IBM HTTP Server
version is not supported on this
operating system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for IBM HTTP
Server against a version of the IBM HTTP Server that is
not supported on the operating system.
languages with full translations are supported.
AMZCO0455E The version number of the Apache
Web server could not be determined.
Explanation: The version number could not be
obtained from the Apache Web server.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for IBM HTTP Server
against this version of IBM HTTP Server on this
operating system.
Administrator response: The version number for the
Apache Web server is determined by passing the -v
option to the httpd command. The output of this
command did not contain a valid version number.
Check the Apache Web server installation.
AMZCO0451E The specified IBM HTTP Server
version is not supported on this
operating system.
AMZCO0456E No IHS Web server package has been
installed.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for IBM HTTP
Server against a version of the IBM HTTP Server that is
not supported on the operating system.
Administrator response: Do not configure the IBM
Security Access Manager Plug-in for IBM HTTP Server
against this version of IBM HTTP Server on this
operating system.
AMZCO0452E An error occurred during the
configuration of the IBM Security
Access Manager Plug-in for Microsoft
Internet Information Services. Ensure
that Microsoft Internet Information
Services is installed on the system.
Explanation: An attempt was made to configure the
IBM Security Access Manager Plug-in for Microsoft
Internet Information Services. This attempt failed and
the most likely reason for this is that IIS is not
currently installed on the system.
Explanation: An attempt has been made to configure
the IBM Security Access Manager Web server plug-in
when no IHS package has been installed.
Administrator response: Install a supported version of
the IHS Web server package and retry the operation.
AMZCO0457E An error has occured while
attempting to access the configuration of
the IIS Web Server (%s). Ensure that the
IIS Web Server has been installed and
configured correctly on the host system.
(system error code: %d)
Explanation: An attempt has been made to configure
the IBM Security Access Manager Web server plug-in
with an invalid IIS Web server configuration.
Administrator response: Install a supported version of
the IIS Web server, ensure that all of the required
components are installed, and retry the operation.
Administrator response: Ensure that the Microsoft
Internet Information Services component is installed on
the system.
AMZCO0454W The following IIS Web sites cannot
be represented in a code page supported
by IBM Security Access Manager
Plug-in for Web Servers. To be
protected, IIS Web site names must not
contain characters that cannot be
represented in a supported code page.
Rename each Web site to enable
protection. %s
Explanation: The listed IIS Web sites are named using
characters that cannot be represented in a supported
code page. Only those code pages corresponding to
languages with full translations are supported.
Administrator response: Rename each of the listed
Web sites using only characters from supported code
pages. Only those code pages corresponding to
Chapter 4. Security Access Manager Plug-in for Web Servers Messages
179
180
Version 7.0: Error Message Reference
Chapter 5. Security Access Manager Session Management
Server Messages
These messages are provided by the Security Access Manager Session Management
Server component.
CTGSC0150E
An SSL toolkit failure occurred while
calling %s. Error: %s.
Explanation: An internal SSL error occurred.
Administrator response: The action required to correct
this problem depends on details in the error message.
Administrator response: Examine the log for
additional information. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0155E
CTGSC0151E
Memory could not be allocated.
Explanation: An error occurred when the process
attempted to allocate memory. There is not enough free
memory available to complete the request.
Administrator response: Examine the system for
processes consuming excessive memory and restart
them. Ensure the system has sufficient physical and
virtual memory for its expected load. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSC0152E
No more entries were found in the
specified list.
Explanation: An operation requested another entry
from a list when there were no remaining entries.
Administrator response: This message is logged as a
clarifying addition to another error message. Refer to
the recommended action for that error message. For
further detailed information about the failure examine
earlier messages in the log containing this message.
Correct any problems and retry the operation.
CTGSC0153E
The requested data is not available.
Explanation: An operation requested data that was
not available.
Administrator response: This message is logged as
the reason part of an error message. Refer to the
recommended action for that error message. For further
detailed information about the failure examine earlier
messages in the log containing this message. Correct
any problems and retry the operation.
CTGSC0154E
Input data to a system routine is
invalid.
Explanation: Input data to a system routine is invalid.
Administrator response: Examine the log for
additional information. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0156E
The %s system routine failed: system
error code: %d
Explanation: A system routine failed for the reason
indicated by the system error code.
Administrator response: Examine the log for
additional information. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0157E
A system routine failed.
Explanation: A system routine failed.
Administrator response: Examine the log for
additional information. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0158E
Expected configuration data could not
be located in the configuration file.
Explanation: An expected configuration item is not
present in the configuration file.
Administrator response: Examine the log for further
details of the error, correct the configuration, and retry
the operation.
Access is denied.
Explanation: Insufficient permission to access a
resource.
© Copyright IBM Corp. 2001, 2012
CTGSC0159E
The %s stanza of %s requires
specification of the %s configuration
parameter.
181
CTGSC0160E • CTGSC0169E
Explanation: An expected configuration item is not
present in the configuration file.
Administrator response: Correct the configuration and
retry the operation.
CTGSC0160E
The supplied configuration data was
not valid.
Explanation: A configuration entry was found to be
invalid.
Administrator response: Examine the log for further
details of the error, correct the configuration, and retry
the operation.
CTGSC0161E
The configuration file could not be
locked (system error code: %d).
Explanation: The configuration file could not be
locked for the indicated reason.
Administrator response: Check for other processes
have the same configuration file open. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSC0165E
Explanation: A Unicode string could not be converted
to a multi-byte character string.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0166E
Could not open file %s (system error
code: %d).
Explanation: The identified file could not be opened
for the specified reason.
A configuration entry is invalid. There
is no separator between the entry name
and value on the line '%S' in stanza
[%s].
Explanation: No separator was found between a
configuration parameter name and its value.
Configuration parameter names and values must be
separated by an equal sign: '='. Configuration
parameter names may not have white space within
them.
Administrator response: Correct the invalid
configuration file entry.
CTGSC0167E
CTGSC0162E
A Unicode string could not be
converted to a multi-byte character
string: %S
An invalid argument was passed to an
internal stanza file processing routine.
Explanation: An internal stanza file routine failed
because of an invalid argument.
Administrator response: Check to ensure that the file
exists and has the correct permissions.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0163E
CTGSC0168E
A multi-byte character string could
not be converted to a Unicode string: %s
Explanation: A multi-byte character string could not
be converted to a Unicode string.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0164E
There is no terminating bracket on the
stanza name: %S.
Explanation: Configuration file stanza names must be
terminated by a closing bracket: ']'.
Administrator response: Correct the invalid
configuration file entry.
182
Version 7.0: Error Message Reference
The configuration file could not be
opened.
Explanation: The specified file could not be opened.
Administrator response: Check that the file exists and
has the correct permissions.
CTGSC0169E
A configuration file operation has not
been performed as it would block when
requested not to.
Explanation: A configuration file operation has not
been performed as it would block when requested not
to.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0170E • CTGSC0180E
CTGSC0170E
The configuration file is not open.
Explanation: An operation was requested on a file
that has not been opened.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0171E
The stanza file is incorrectly
formatted.
Explanation: An operation was requested on a file
which is incorrectly formatted.
Administrator response: Examine other error
messages for further information. Correct the
formatting of the stanza file and then retry the
operation.
CTGSC0172E
An internal error occurred within the
stanza processing code.
Explanation: An internal error occurred within the
stanza processing code.
Administrator response: Examine other error
messages for further information. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSC0173E
Text in the configuration file could
not be updated.
Explanation: Text in the configuration file could not
be updated.
Administrator response: Examine other error
messages to find the name of the particular
configuration file, correct any problem, and retry the
operation.
CTGSC0174E
The configuration file was opened in
read-only mode and cannot be updated.
Explanation: An update operation was attempted on a
configuration file that was opened in read-only mode.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0175E
The configuration file could not be
read.
Explanation: A configuration file read operation
failed.
messages for more detail, correct any problem, and
retry the operation.
CTGSC0176E
An invalid number was supplied.
Explanation: The system was expecting a number to
be supplied, but something else was supplied instead.
Administrator response: Examine other error
messages for more detail, correct any problem, and
retry the operation.
CTGSC0177E
The number which was supplied is
too large.
Explanation: The number which was supplied to the
system was too large to fit into the allocated memory.
Administrator response: Examine other error
messages for more detail, correct any problem, and
retry the operation.
CTGSC0178E
An ICC toolkit failure occurred.
Explanation: An internal ICC error occurred.
Administrator response: This error is always
accompanied with a serviceability log error message
detailing the ICC routine which failed and the reason
for the failure. The action to correct this problem
depends on details in the serviceability log message. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSC0179E
An ICC toolkit failure occurred while
calling %s. Error: %s.
Explanation: An internal ICC error occurred.
Administrator response: The action to correct this
problem depends on details in the error message. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSC0180E
An ICC toolkit failure occurred while
calling %s. No further details are
known.
Explanation: An internal ICC error occurred.
However, no details about the error we able to be
determined beyond the name of the ICC function
which failed.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Examine other error
Chapter 5. Security Access Manager Session Management Server Messages
183
CTGSC0300E • CTGSC0307E
CTGSC0300E
No server DN was found within the
provided server certificate.
CTGSC0304E
Explanation: The server certificate, provided by the
SMS Administration Web Service, did not contain a
server DN.
Administrator response: Ensure the correct server
certificate is supplied. For further detailed information
about the failure examine earlier messages in the log
containing this message. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0301E
The DN contained within the server
certificate, %s, is not a configured DN.
Explanation: The DN found within the server
certificate was not listed as a valid DN within the
configuration file.
Administrator response: Ensure the correct server
certificate is supplied, or modify the list of valid DNs
within the configuration file.
CTGSC0302E
An error occurred when attempting to
communicate with the administration
interface of the session management
server using the URL %s: %s (0x%x).
Explanation: An attempt was made to communicate
with the administration interface of the session
management server and a failure occurred within the
underlying communications layer.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Ensure the administration interface of the
session management server is available and reachable.
If the problem persists, check IBM Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSC0303E
The administration interface of the
session management server could not be
accessed.
Explanation: An unsuccessful attempt has been made
to communicate with the administration interface of the
session management server.
Administrator response: Ensure the administration
interface of the session management server is available
and can be reached by the client. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
184
Version 7.0: Error Message Reference
The %s operation of the session
management server administration
interface returned some data for the %s
attribute which was not in the expected
format.
Explanation: The return data from a session
management server administration operation was of an
unexpected format.
Administrator response: Ensure the correct version of
the session management server and client is being
used. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0305E
The administration interface of the
session management server returned
some unexpected data.
Explanation: The return data from a session
management server administration operation was of an
unexpected format.
Administrator response: Ensure the correct version of
the session management server and client is being
used. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0306E
The %s operation of the session
management server administration
interface did not return all expected
data: %s.
Explanation: The indicated return data from a session
management server administration operation is
missing.
Administrator response: Ensure the correct version of
the session management server and client is being
used. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0307E
The administration interface of the
session management server did not
return all expected data.
Explanation: Return data from a session management
server administration operation was missing.
Administrator response: Ensure the correct version of
the session management server and client is being
used. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSC0309W • CTGSD0151E
CTGSC0309W No replicas were found for the
specified replica set.
Explanation: A request was made to display a
specified replica set, but no replicas are currently
registered with the replica set.
Administrator response: No action is required, this is
a status message.
CTGSC0310W The specified realm is not known to
the session management server.
Explanation: A request was made for a session realm
which is not known to the session management server.
Administrator response: Ensure a valid session realm
is being specified by examining the configuration of the
session management server. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSC0311W No replica sets were found for the
specified session realm.
Explanation: A request was made to show a specified
session realm, but no replica sets are currently
configured within the session realm.
Administrator response: No action is required, this is
a status message.
CTGSC0315W No session realms have been
configured within the session
management server.
Explanation: A request was made to list all known
session realms, but no session realms are configured
within the session management server.
Administrator response: No action is required, this is
a status message.
CTGSC0319W The configured '%s' URL, identified
by the '%s' entry within the [%s] stanza
of %s, is invalid.
Explanation: The specified configuration entry is not a
valid URL. The URL should start with either http:// or
https://
Administrator response: Correct the configured URL.
CTGSC0320W The configured Web service URLs,
identified by the '%s' entries within the
[%s] stanza of %s, are not all of the
same type. They must be all HTTP or
all HTTPS.
Explanation: All of the Web service URLs must be of
the same type. A mixture of HTTP and HTTPS URLs is
not supported.
Administrator response: Correct the configured URLs,
ensuring they are all of the same type.
CTGSC0326W An invalid command parameter was
supplied.
Explanation: One of the command parameters,
supplied for an administration task, was invalid.
Administrator response: Review the format of the
command text to ensure all parameters are correct.
CTGSC0327W
The '%s' instance is invalid.
Explanation: The specified instance, supplied for an
administration task, was invalid.
Administrator response: Review the format of the
command text to ensure all parameters are correct.
CTGSC0328W An unknown SMS instance was
supplied.
Explanation: An instance which was supplied for an
administration task was not a recognized instance.
CTGSC0316W No sessions were found which match
the specified search criteria.
Administrator response: Review the format of the
command text to ensure all parameters are correct.
Explanation: A request was made to list sessions
which match specified criteria, but no matching
sessions were found.
CTGSD0151E
Administrator response: No action is required, this is
a status message.
Explanation: An argument required for the action was
not provided to the deployment program.
CTGSC0318W The '%s' parameter of the command
is invalid.
Administrator response: Read the usage message for
the configuration program and verify all required
arguments are provided.
The %s action requires the %s
argument.
Explanation: The specified parameter, supplied for an
administration task, was invalid.
Administrator response: Review the format of the
command text to ensure all parameters are correct.
Chapter 5. Security Access Manager Session Management Server Messages
185
CTGSD0154E • CTGSD0169E
CTGSD0154E
The WebSphere application server
setupCmdLine script must be run before
this program can be run.
Explanation: The environment variables specifying the
WebSphere application server installation path were not
found.
Administrator response: Run the setupCmdLine script
in the WebSphere application server installation
directory and run the command again. On Unix
platforms, the script must be run using the 'source'
command, rather than run directly. For WebSphere
application server version 6 installations, the script for
the active application server profile must be run.
CTGSD0157E
An error occurred during the
configuration process: %s
Explanation: An error occurred during the
configuration process. The error message is given.
server or cluster. More than one cluster exists in the
cell, so a cluster must be specified using the
'-was_cluster' command line option.
Administrator response: Retry the command,
specifying a single cluster using the '-was_cluster'
command line option.
CTGSD0166E
Explanation: When deploying the session
management server application, either a WebSphere
cluster or a single application server must be specified.
Administrator response: Retry the command, using
either the '-was_cluster' option, or one or both of the
'-was_server' and '-was_node' options.
CTGSD0167E
Administrator response: Examine the error message
to determine the cause of the problem. Take any
necessary corrective action and retry the command.
CTGSD0160E
The configuration tool is unable to
access the WebSphere application
management interface.
Explanation: The configuration tool must be able to
locate WebSphere's application management interface to
perform application management tasks.
Administrator response: Verify the WebSphere
application server is running correctly. If in a network
deployment environment, verify the configuration tool
is connecting to the deployment manager server, rather
than a node agent or managed process.
CTGSD0163E
The specified parameters match more
than one application server in the
WebSphere cell, %s. The servers
matched are: %s Use the '-was_node'
and '-was_server' parameters to specify a
single application server.
Both a cluster name and a WebSphere
server identifier were specified.
The configuration tool cannot deploy
the session management server
application to a WebSphere cluster
when it is not connected to the
deployment manager.
Explanation: The configuration tool cannot deploy the
session management server application to a WebSphere
cluster when it is not connected to the deployment
manager.
Administrator response: Retry the command
specifying connection parameters for the deployment
manager. Alternatively, retry the command specifying
one or both of the '-was_server' and '-was_node'
options instead of '-was_cluster'.
CTGSD0168E
The cluster, %s, could not be found in
the WebSphere cell, %s.
Explanation: The cluster specified on the
configuration tool command line could not be found.
Administrator response: Verify the cluster name is
specified correctly and the configuration tool is
connecting to the correct deployment manager, then
retry the command.
Explanation: The WebSphere server and node
parameters specified on the command line match more
than one application server. The requested action can
only be performed on a single application server.
CTGSD0169E
Administrator response: Retry the command, using
both the '-was_server' and '-was_node' arguments to
specify a single application server.
Explanation: The server specified on the command
line either could not be found, or is not a suitable
deployment target. The session management server can
not be deployed onto node agent or deployment
manager servers.
CTGSD0165E
The WebSphere cell, %s, contains
multiple clusters. The cluster names
are:%sUse the '-was_cluster' option to
specify a cluster.
Explanation: The configuration tool can only deploy
the session management server to a single application
186
Version 7.0: Error Message Reference
The server, %s, on the node, %s, in
the WebSphere cell, %s, either could not
be found or is not a suitable
deployment target.
Administrator response: Verify the server name and
the node are specified correctly, and the configuration
tool is connecting to the correct deployment manager,
then retry the command.
CTGSD0170E • CTGSD0181W
CTGSD0170E
No clusters or application servers
exist in the WebSphere cell, %s.
Explanation: The session management server cannot
be deployed until an application server or cluster has
been created in the WebSphere cell.
Administrator response: Create an application server
or a cluster and retry the command.
CTGSD0171E
The session management server is
already being configured. The existing
configuration client is %s.
Explanation: The selected instance of the session
management server is already being configured.
Administrator response: Either close the existing
configuration client or try the operation again,
specifying the option to displace an existing
configuration client.
CTGSD0174E
WebSphere eXtreme Scale is not
installed on the WebSphere Application
Server Deployment Manager.
Explanation: WebSphere eXtreme Scale was not found
on the WebSphere Application Server Deployment
Manager.
Administrator response: Install a supported version of
WebSphere eXtreme Scale onto the WebSphere
Application Server Deployment Manager.
CTGSD0175E
An unsupported version of
WebSphere eXtreme Scale (%s) was
found on the WebSphere Application
Server Deployment Manager.
Explanation: An unsupported version of WebSphere
eXtreme Scale was found on the WebSphere
Application Server Deployment Manager.
Administrator response: Install a supported version of
WebSphere eXtreme Scale onto the WebSphere
Application Server Deployment Manager.
CTGSD0176W WebSphere eXtreme Scale is not
installed on the %s WebSphere
Application Server.
Explanation: WebSphere eXtreme Scale was not found
on a WebSphere Application Server.
Administrator response: Install a supported version of
WebSphere eXtreme Scale onto the WebSphere
Application Server Deployment Manager and all
WebSphere Application Server instances within the
cluster.
CTGSD0177W An unsupported version of
WebSphere eXtreme Scale (%s) was
found on the %s WebSphere
Application Server.
Explanation: An unsupported version of WebSphere
eXtreme Scale was found on a WebSphere Application
Server instance.
Administrator response: Install a supported version of
WebSphere eXtreme Scale onto the WebSphere
Application Server Deployment Manager and all
WebSphere Application Server instances within the
cluster.
CTGSD0178W Unable to determine the version of
WebSphere eXtreme Scale running on
the %s WebSphere Application Server.
Explanation: The SMS configuration process was
unable to determine the version of WebSphere eXtreme
Scale on an WebSphere Application Server.
Administrator response: Ensure all cluster members
are running and have a supported version of
WebSphere eXtreme Scale installed.
CTGSD0179W Unable to determine the version of
WebSphere eXtreme Scale running on
the %s WebSphere Application Server
because it is unreachable.
Explanation: The smscfg tool was unable to determine
the version of WebSphere eXtreme Scale on an
WebSphere Application Server because it could not be
contacted.
Administrator response: Ensure all cluster members
are running and are contactable by the deployment
manager.
CTGSD0180E
Unable to find a supported version of
WebSphere eXtreme Scale on all
members of the WebSphere Application
Server cluster.
Explanation: One or more cluster members were
unreachable. They contain either an unsupported
version of WebSphere eXtreme Scale or no WebSphere
eXtreme Scale at all.
Administrator response: Install a supported version of
WebSphere eXtreme Scale onto every WebSphere
Application Server in the cluster and ensure they are all
running.
CTGSD0181W The version of WebSphere eXtreme
Scale installed across the cluster is
inconsistent.
Explanation: The version of WebSphere eXtreme Scale
installed across the cluster is inconsistent.
Chapter 5. Security Access Manager Session Management Server Messages
187
CTGSD0300E • CTGSD0328E
Administrator response: Ensure that all cluster
members share the same version of WebSphere eXtreme
Scale.
program and include the missing command line
options.
CTGSD0311E
CTGSD0300E
An error occurred while processing
the WebSphere eXtreme Scale
configuration file %s: %s
Explanation: An error occurred while processing an
WebSphere eXtreme Scale configuration file.
Administrator response: Examine the error message
to determine the cause of the problem. Retry the
configuration operation.
CTGSD0306E
The configuration program must be
run as root.
Explanation: The configuration program must be run
as the root user.
A command line option was not of
the correct format.
Explanation: A command line option was not
specified correctly.
Administrator response: Re-run the configuration
program ensuring the correct command line options are
provided.
CTGSD0312E
The specified file could not be
opened.
Explanation: An attempt to open a file has failed.
Administrator response: Ensure the specified file
exists and the correct permissions have been assigned.
Administrator response: Run the configuration
program as the root user.
CTGSD0313E
CTGSD0307E
Explanation: No value was given for a required
configuration option.
The command line option, -%s, is not
valid for the %s action.
Explanation: The command line option is not valid for
the specified action of the configuration program.
Administrator response: Check the usage of the
configuration program and re-run it with the correct
options.
CTGSD0308E
The value, %s, for command line
option, -%s, is inconsistent with the
previously set value, %s.
Explanation: The identified command line option has
been supplied to the configuration program more than
once with different values.
Administrator response: Re-run the configuration
program with consistent values for the option.
CTGSD0309E
The following command line options
are missing: %s.
Explanation: The identified command line options are
missing. They must be specified to perform the
operation.
Administrator response: Re-run the configuration
program specifying the required command line options.
CTGSD0310E
A required command line option has
not been supplied.
Explanation: One or more command line options are
missing. They must be specified to perform the
operation.
Administrator response: Re-run the configuration
188
Version 7.0: Error Message Reference
There is no default value for this
configuration item. Provide a value.
Administrator response: Supply the required
configuration option when asked.
CTGSD0321E
The command line extension is
already configured. Unconfigure and try
again.
Explanation: The IBM Security Access Manager
Session Management Command Line is already
configured.
Administrator response: Unconfigure the IBM
Security Access Manager Session Management
Command Line and retry the operation.
CTGSD0324E
The file, %s, could not be created: %s.
Explanation: The specified file could not be created
for the reason indicated by the error message.
Administrator response: Take any necessary corrective
action indicated by the error message.
CTGSD0328E
The session management server action
on %s failed due to a transient
condition.
Explanation: The configuration operation of the
session management server on the named server has
failed due to a transient condition. The configuration
operation can be retried once this condition has been
resolved.
Administrator response: Examine the configuration
log data to determine the cause of the failure. Once the
problem has been corrected, restart the specified server
CTGSD0329E • CTGSD0419E
or retry the configuration operation.
CTGSD0329E
CTGSD0414E
The session management server action
on %s failed.
Explanation: The configuration operation of the
session management server on the named server has
failed. Changes to the session management server are
required.
Administrator response: Examine the configuration
log data to determine the cause of the failure and the
changes to the session management server
configuration that are required to correct it. Retry the
configuration operation.
CTGSD0334E
The WebSphere application server
home directory is not specified. This
must be set in either the WAS_HOME
environment variable or with the
'-was_home' command line option.
Explanation: The session management Web interface
configuration program cannot run without the home
directory of the WebSphere application server being
specified either by the WAS_HOME environment
variable or the -was_home command line option.
Administrator response: Specify the WebSphere
application server home directory and retry the
operation.
CTGSD0409E
The command line extension upgrade
was unsuccessful.
Explanation: The configuration upgrade was not
successful.
Administrator response: Examine earlier messages for
details of the upgrade failure, correct the problems
identified, and retry the operation.
CTGSD0412E
The command line option, -%s, is not
valid.
Explanation: The command line option is not valid for
the current program.
Administrator response: Check the usage of the
program and re-run it with the correct options.
CTGSD0413E
The IBM Security Access Manager
product must be installed before
integration is possible.
Explanation: The user has requested to integrate with
IBM Security Access Manager when it has not been
installed on the system.
Administrator response: Install the required IBM
Security Access Manager components and then attempt
to re-configure.
The property, %s, has been specified
more than once.
Explanation: A property was specified more than
once.
Administrator response: Remove duplicate entries
and try again.
CTGSD0415E
No running SMS instances were
located within the WebSphere
Application Server. Ensure that the
WebSphere Application Server details
are correct and that the SMS instances
have been started.
Explanation: No running SMS instances were located
within the specified WebSphere Application Server.
Administrator response: Ensure that the supplied
WebSphere Application Server details are correct and
that the SMS instances have been started.
CTGSD0416E
The JNI library, %s, failed to load.
Explanation: An attempt to load a JNI library was not
successful.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSD0418E
WebSphere eXtreme Scale is not
functioning correctly on the following
servers:%s
Explanation: WebSphere eXtreme Scale is not
functioning correctly on the cluster of WebSphere
Application Servers hosting the session management
server application. The session management server
cannot be configured unless WebSphere eXtreme Scale
is functioning correctly.
Administrator response: Examine the configuration
program logs and the logs of the specified servers to
determine the cause of the problem. Check that the
WebSphere eXtreme Scale catalog server configuration
is correct, and that any firewalls and packet filters are
configured to allow connections between the
WebSphere Application Server processes. When the
problem has been corrected, retry the configuration
operation.
CTGSD0419E
WebSphere eXtreme Scale has not
been configured on the server, %s.
Explanation: The WebSphere eXtreme Scale
configuration files for the session management server
application have not been distributed to the server.
Without these files in place, the session management
server cannot be configured.
Chapter 5. Security Access Manager Session Management Server Messages
189
CTGSD0420E • CTGSD0751E
Administrator response: Ensure that the WebSphere
Application Server configuration is correctly
synchronized to all nodes in the cell.
CTGSD0420E
WebSphere eXtreme Scale is not
available. The current WebSphere
eXtreme Scale state is: %s
Explanation: The session management server cannot
be configured unless WebSphere eXtreme Scale is
available.
Administrator response: Check the logs of each server
for more information about the problem. It may be
necessary to restart one or more servers in the cell.
CTGSD0421E
An operation to check that
WebSphere eXtreme Scale is functioning
correctly has failed.
Explanation: The session management server cannot
be configured unless WebSphere eXtreme Scale is
functioning correctly.
Administrator response: Check the logs of each server
for more information about the problem. It may be
necessary to restart one or more servers in the cell.
CTGSD0422W The value %s is an invalid
max_logins value for a session realm
when session limit policy has been
disabled. Defaulting to 0.
Explanation: The data which was supplied should be
of the format: <realm>:0=<rset1>,<rset2> when session
limit policy is disabled
Administrator response: Retry the operation, with
session limit policy enabled to enforce a maximum
number of sessions per realm.
CTGSD0423E
An error occurred while processing
the WebSphere eXtreme Scale zones
configuration: %s
CTGSD0425E
Explanation: An error occurred while processing the
WebSphere eXtreme Scale zones configuration.
Administrator response: If zones are defined, ensure
that all nodes within the cluster are not within more
than 1 zone. Retry the configuration operation.
CTGSD0426E
CTGSD0424E
WebSphere eXtreme Scale zones have
been defined but node %s is not part of
a zone.
Explanation: An error occurred while processing the
WebSphere eXtreme Scale zones configuration.
Administrator response: If zones are defined, ensure
that all nodes within the cluster are within a zone.
Retry the configuration operation.
Node %s is part of an undefined zone
%s.
Explanation: An error occurred while processing the
WebSphere eXtreme Scale zones configuration.
Administrator response: Ensure that nodes within the
cluster are part of a defined zone. Retry the
configuration operation.
CTGSD0453E
A binary has been executed with
incorrect arguments.
Explanation: A binary has been executed with
incorrect arguments.
Administrator response: Examine the log files for
further error messages, correct any problem, and retry
the operation.
CTGSD0480E
The SMS application instance, %s, is
at a newer version, %s, than the
available fixpack, %s.
Explanation: The SMS application instance is at a
newer level than the currently available fixpack. The
SMS application instance can only be upgraded to a
newer fixpack.
Administrator response: To move the SMS instance to
a previous fixpack version, use the 'revert' action.
CTGSD0750E
Explanation: An error occurred while processing the
WebSphere eXtreme Scale zones configuration.
Administrator response: Examine the error message
to determine the cause of the problem. Retry the
configuration operation.
WebSphere eXtreme Scale zones have
been defined and node %s is part of
more than 1 zone.
The action parameter must be
supplied to the configuration program.
Valid action arguments are 'deploy',
'config', 'unconfig', 'undeploy', 'extract',
'upgrade', 'revert'.
Explanation: A parameter specifying the action to take
must be specified to the configuration program.
Administrator response: Read the usage message for
the configuration program and check that the action
argument is specified correctly.
CTGSD0751E
An unrecognized action argument, %s,
was supplied to the configuration
program. Valid action arguments are
'deploy', 'config', 'unconfig', 'undeploy',
'extract', 'upgrade', 'revert'.
Explanation: An unrecognized action argument was
190
Version 7.0: Error Message Reference
CTGSD0752E • CTGSD0779E
supplied to the configuration program.
action and retry the operation.
Administrator response: Read the usage message for
the configuration program and check that the action
argument is specified correctly.
CTGSD0773E
CTGSD0752E
The response file contained a line
that could not be parsed: %s
Explanation: The response file contained a line that
the configuration program was unable to parse.
Administrator response: Correct the mistake
identified in the response file and retry the operation.
CTGSD0755E
An error occurred when attempting to
read the response file, %s: %s
Explanation: An administration client to the
WebSphere application server could not be created.
Administrator response: Ensure that the WebSphere
application server parameters have been specified
correctly. Ensure that the WebSphere application server
is running. Examine the error details for additional
information.
CTGSD0774E
Explanation: An error occurred when attempting to
read the response file that was specified.
Administrator response: Check that the response file
specified is valid. Examine the error details for further
information.
CTGSD0757E
%s is not a valid configuration
parameter.
Explanation: An invalid configuration parameter was
specified.
Administrator response: Read the usage message for
the configuration program to determine the valid
configuration parameters.
CTGSD0758E
The configuration parameter, %s, does
not have a value associated with it.
Explanation: The configuration parameter specified
does not have a corresponding value.
Administrator response: Read the usage message for
the configuration program to determine a valid value
for the required configuration parameter.
CTGSD0760E
The configuration parameter, %s, has
been specified more than once.
An error occurred when attempting to
create an administration client to the
WebSphere application server: %s
An error occurred when attempting to
determine if the session management
server configuration application was
deployed: %s
Explanation: An error occurred when attempting to
determine if the session management server
configuration application was deployed.
Administrator response: Ensure that the WebSphere
application server is running. Examine the error details
for additional information.
CTGSD0776E
An error occurred when attempting to
deploy the session management server
configuration application: %s
Explanation: An error occurred when attempting to
deploy the session management server configuration
application.
Administrator response: Ensure that the WebSphere
application server is running. Examine the error details
for additional information.
CTGSD0778E
An error occurred when attempting to
communicate with the WebSphere
application server: %s
Explanation: An error occurred when attempting to
communicate with the WebSphere application server.
Administrator response: Remove duplicate entries
and re-run the configuration program.
Administrator response: Ensure that the WebSphere
application server parameters have been specified
correctly. Ensure that the WebSphere application server
is running. Examine the error details for additional
information.
CTGSD0769E
CTGSD0779E
Explanation: A configuration parameter was specified
more than once on the command line.
The configuration of the session
management server failed.
Explanation: The configuration of the session
management server has failed for reasons indicated by
earlier error messages.
Administrator response: Examine the configuration
log file for earlier messages indicating the cause of the
configuration failure. Take any necessary corrective
The session management server has
not been deployed to the WebSphere
application server. The session
management server needs to be
deployed before it can be configured.
Explanation: The session management server has not
been deployed to the WebSphere application server. It
needs to be deployed before it can be configured.
Chapter 5. Security Access Manager Session Management Server Messages
191
CTGSD0785E • CTGSD0860E
Administrator response: Ensure that the WebSphere
application server parameters have been specified
correctly.Ensure that the WebSphere application server
is running. Ensure that the session management server
has been deployed to the specified WebSphere
application server.
CTGSD0785E
An error occurred when attempting to
start the session management server
application.
CTGSD0854E
Explanation: An error occurred while accessing the
WebSphere application server configuration.
Administrator response: Examine the error details for
information regarding the cause of this error.
CTGSD0855E
Explanation: An error occurred when attempting to
start the session management server application.
Administrator response: Examine the application
server logs for more information.
CTGSD0786E
An error occurred when attempting to
stop the session management server
application.
Explanation: An error occurred when attempting to
stop the session management server application.
Administrator response: Examine the application
server logs for more information.
CTGSD0820E
An error occurred when attempting to
perform the Session Management Server
configuration :%s.
Explanation: An error occurred when attempting to
perform the Session Management Server configuration.
Administrator response: Examine the error details for
information regarding the cause of this error.
An error occurred when attempting to
undeploy the Session Management
Server : %s
Explanation: An error occurred when attempting to
undeploy the Session Management Server.
Administrator response: Examine the error details for
information regarding the cause of this error.
Administrator response: If in a WebSphere application
server network deployment environment, ensure that
the deployment manager is running. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSD0856E
An error occurred when attempting to
deploy the session management server
application: %s.
Explanation: An error occurred when attempting to
deploy the session management server application.
Administrator response: Ensure that the WebSphere
application server is running. Examine the error details
for additional information.
Failed to read data from the console:
%s
Explanation: An error occurred while attempting to
read some data from the console.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
An error occurred when attempting to
write the response file, %s: %s
Explanation: An error occurred when attempting to
write to the response file that was specified.
Administrator response: Check that the response file
specified is valid. Examine the error details for further
information.
CTGSD0859E
CTGSD0848E
A WebSphere application server
configuration object of type %s could
not be located.
Explanation: A required WebSphere application server
configuration object could not be located.
CTGSD0857E
CTGSD0822E
An error occurred while accessing the
WebSphere application server
configuration: %s
%s is an invalid value for the %s
parameter. The %s parameter must be a
boolean value (yes, true, no or false).
Explanation: The data which was supplied should
have the value of either 'yes', 'true', 'no' or 'false'
Administrator response: Retry the operation,
supplying either 'yes', 'true', 'no' or 'false'
CTGSD0860E
The value which was supplied could
not be resolved to a valid internet
address.
Explanation: The supplied data does not correspond
to a valid internet address, or a known host name.
192
Version 7.0: Error Message Reference
CTGSD0861E • CTGSD0872E
Administrator response: Retry the operation,
supplying a known host name.
CTGSD0861E
The value which was supplied does
not correspond to a valid number.
Explanation: The supplied data was not actually a
number.
Administrator response: Retry the operation,
supplying a valid number.
CTGSD0862E
The specified file could not be found.
Explanation: A file which matches the specified name
could not be found.
Administrator response: Retry the operation,
supplying an existing file.
CTGSD0863E
CTGSD0868E
The value which was supplied does
not correspond to a valid option.
Explanation: The supplied data was not actually a
number, or it did not correspond to the index value of
one of the supplied options.
Explanation: The data which was supplied should be
of the format <op>:<rule>. The data which was
supplied did not contain all of the necessary fields, or
one or more of the fields were invalid.
Administrator response: Retry the operation,
supplying the correct fields.
CTGSD0869E
The SMS instance parameter was not
supplied. The instance names which are
currently valid include: %s
Explanation: The SMS instance which is to be used by
the configuration utility was not supplied.
Administrator response: Execute the configuration
utility again, supplying a valid SMS instance name.
CTGSD0866E
Administrator response: Examine the error details for
information regarding the cause of this error.
CTGSD0870E
Administrator response: Retry the operation,
supplying a correctly formatted string.
CTGSD0867E
%s is an invalid value for a IBM
Security Access Manager authorization
server. Ensure that a valid host name,
port and rank is supplied.
Explanation: The data which was supplied should be
of the format <host>:<port>:<rank>. The data which
was supplied did not contain all of the necessary fields,
or one or more of the fields were invalid.
Administrator response: Retry the operation,
supplying the correct fields.
An error occurred while attempting to
confirm that the supplied address
corresponds to a local address: %s
Explanation: An error occurred while attempting to
confirm that the supplied address is one of the local
machine address.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSD0871E
%s is an invalid value for a session
realm.
Explanation: The data which was supplied should be
of the format: <realm>:<max logins>=<rset1>,<rset2>
An error occurred when attempting to
unconfigure an instance of the Session
Management Server : %s
Explanation: An error occurred when attempting to
unconfigured an instance of the Session Management
Server.
Administrator response: Retry the operation,
supplying a valid index number.
CTGSD0864E
%s is an invalid value for a credential
refresh operation. Ensure that a valid
operation and rule is supplied. The
operation must be either 'preserve' or
'refresh'.
The session management server
configuration and administration
module for the Integrated Solutions
Console can only be deployed to the
local host.
Explanation: The ISC instance can only be deployed
to the local host. An attempt was made to deploy the
instance to a WebSphere Application Server which was
hosted on another machine.
Administrator response: Execute the configuration
utility on the machine which is hosting the destination
WebSphere Application Server.
CTGSD0872E
The directory, %s, does not exist, or is
not a directory.
Explanation: The specified directory does not exist.
Administrator response: Ensure that the specified
directory is correct and that it does in fact exist on the
system.
Chapter 5. Security Access Manager Session Management Server Messages
193
CTGSD0873E • CTGSD0923W
CTGSD0873E
A tempory file could not be created:
%s
CTGSD0905E
The WebSphere application server
node, %s, in cell, %s, has no servers.
Explanation: An attempt to create a temporary file
failed.
Explanation: The specified WebSphere node does not
have any servers configured on it.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Retry the operation ensuring
the wsadmin connection parameters are correctly
specified.
CTGSD0906E
CTGSD0874E
%s is not a known session realm.
Explanation: The session realm supplied was not
known to the Session Management Server.
Administrator response: Retry the operation,
supplying a known session realm name.
CTGSD0875E
The SMS instance parameter, %s, is
not a recognized instance. The instance
names which are currently valid
include: %s
Explanation: The SMS instance which is to be used by
the configuration utility was invalid.
Administrator response: Execute the configuration
utility again, supplying a valid SMS instance name.
CTGSD0902E
The argument, %s, is not recognized.
Explanation: An unrecognized argument was passed
the smscars.jacl configuration program.
Administrator response: Examine the usage message
displayed with this message, correct the command line
options and re-run the command.
CTGSD0903E
The -action option must be set to
either 'config' or 'unconfig'. The value,
%s, is not valid.
Explanation: An unrecognized value was specified for
the -action option.
Administrator response: Retry the operation
specifying a valid value for the -action option.
CTGSD0904E
The required option, %s, was not
specified.
Explanation: The specified option is required but was
not specified.
Administrator response: Retry the operation
specifying missing option.
The WebSphere application server
node, %s, in cell, %s, has more than one
server. You must specify a single server
using the -server option
Explanation: The specified WebSphere node has more
than one server configured on it. A default server
cannot be chosen.
Administrator response: Retry the operation
specifying the -server option.
CTGSD0907E
The server, %s, is not recognized on
node, %s, within cell, %s.
Explanation: The specified WebSphere node does not
have a server configured matching the specified server
name.
Administrator response: Retry the operation ensuring
the wsadmin connection parameters are correct and
that the -server option is specified correctly.
CTGSD0914E
The directory, %s, does not exist. The
-cars option setting is not valid.
Explanation: The common audit and reporting service
(CARS) installation directory must have client/etc and
client/lib subdirectories but does not.
Administrator response: Retry the operation ensuring
the -cars option specifies the correct common audit and
reporting service (CARS) installation directory.
CTGSD0922W The %s application must be restarted
before the configuration changes will
take effect.
Explanation: This message records that configuration
changes requiring the applicaton to be restarted have
been made.
Administrator response: Restart the application when
you are ready so that the configuration changes will
take effect.
CTGSD0923W The %s application must be enabled
to use the %s shared library.
Explanation: This message records that the application
has not yet been enabled to use the newly configured
shared library.
194
Version 7.0: Error Message Reference
CTGSD1200E • CTGSD1210E
Administrator response: Re-run this command
without the -noenable option.
CTGSD1200E
The option, %s, requires an argument
but one was not provided.
Explanation: The option specified in the message
requires an argument.
Administrator response: Re-run the command
specifying an argument for the specified option.
CTGSD1201E
The option, %s, is not recognized.
Explanation: The option specified in the message is
not recognized by the command.
Administrator response: Consult the documentation
for the command and re-run it with the correct options.
CTGSD1202E
The argument, %s, is not recognized.
Explanation: The argument specified in the message is
not valid for the command.
Administrator response: Consult the documentation
for the command and re-run it with the correct
arguments.
CTGSD1203E
The WebSphere Application Server
installed at, %s, does not have a profile
named, %s.
Explanation: The WebSphere Application Server does
not have a profile with the specified name.
Administrator response: Run the command again
ensuring the profile name is specified correctly, and the
WAS_HOME environment variable or -was_home
command line option is specified correctly.
Administrator response: Run the command again
ensuring the WAS_HOME environment variable or
-was_home command line option is specified correctly.
CTGSD1206E
Explanation: The WAS_USER_SCRIPT environment
variables specifies the name of the script that defines
WebSphere Application Server environment variables
for a particular profile. The file specified by the
WAS_USER_SCRIPT environment variable either
doesn't exist or is not accessible.
Administrator response: Run the command again
ensuring the WAS_HOME environment variable or
-was_home command line option is specified correctly
and ensuring that you are running the command with
the required privileges.
CTGSD1207E
There does not appear to be a
WebSphere Application Server installed
at, %s.
Explanation: The contents of the specified directory
do not look like a WebSphere Application Server
installation.
Administrator response: Run the command again
ensuring the WAS_HOME environment variable or
-was_home command line option is specified correctly.
Administrator response: Examine the erorr message
reported and take action indicated for the message.
CTGSD1208E
A value for the WAS_USER_SCRIPT
environment variable could not be
determined.
Explanation: The WAS_USER_SCRIPT environment
variables specifies the name of the script that defines
WebSphere Application Server environment variables
for a particular profile. The location of this script could
not be determined.
The SSL repertoire, %s, is not
defined.
Explanation: The settings of the specified SSL
repertoire could not be determined.
Administrator response: Ensure the name of the SSL
repertoire is specified correctly and that it is configured
at cell or node scope.
The format, %s, of key file, %s, of
SSL repertoire, %s, is not recognized.
Explanation: The format specified in the WebSphere
Appplication Server configuration for the specified key
file is not recognized by the program.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSD1210E
CTGSD1205E
Conversion of SSL repertoire, %s, to
CMS key database, %s, failed.
Explanation: The SSL repertoire to CMS key database
conversion failed.
CTGSD1209E
CTGSD1204E
The WAS_USER_SCRIPT, %s, could
not be accessed.
The %s command failed with exit
code %d:%s
Explanation: An executed command terminated
indicating failure. The exit code of the command and
the output of the command are logged in the message.
Administrator response: The exit code of the
command and the command's output should be
examined to determine the cause of the error and the
appropriate action to take.
Chapter 5. Security Access Manager Session Management Server Messages
195
CTGSI0301E • CTGSI0310W
CTGSI0301E Initialization of the session management
server failed.
Explanation: The session management server was
unable to initialize and cannot function until the cause
of the failure is corrected.
includes all any necessary replica sets.
CTGSI0307E The client attempted to perform an
operation on a replica set that it has not
joined.
Administrator response: Inspect the application server
log files for details, take any necessary corrective
action, and restart the session management server.
Explanation: When clients connect to the session
management server they must specify the names of all
replica sets they will use. This error indicates a client
has not done so.
CTGSI0302W
Administrator response: Verify the client is correctly
configured.
The client is not registered with the
session management server.
Explanation: The client is not registered with the
session management server. Clients must register before
performing any operations.
Administrator response: No action is necessary.
CTGSI0303E The client is not authorized to perform
the requested operation.
Explanation: The client attempted to perform an
operation that it is not authorized to perform.
Administrator response: If the client is expected to be
authorized to perform the requested operation then
correct the security policy that applies to the session
management server.
CTGSI0304W
The concurrent session limit for the
user has been reached.
Explanation: The attempt to create a new session for
the user failed because creating another session would
exceed the concurrent session limit for the user.
Administrator response: No action is necessary.
CTGSI0305W
The client attempted to create a
session with a session ID that is already
in use.
Explanation: The session ID specified for the new
session already exists in the shared session cache. The
client must choose a new ID for the session.
Administrator response: No action is necessary.
CTGSI0306E The client attempted to use a replica set
that does not exist in the session
management server configuration.
Explanation: The client attempted to use a replica set
that has not been specified in the session management
server configuration. All replica set names must be
specified in the session management server
configuration.
Administrator response: Verify the client's
configuration specifies all replica set names correctly
and the session management server's configuration
196
Version 7.0: Error Message Reference
CTGSI0308E The client attempted to create or modify
a session such that its concurrent
session key would not be valid.
Explanation: Sessions stored by the session
management server can include session data items
indicating the concurrent session key. Either all of these
session data items must be present and valid, or none
of them. This error indicates that some, but not all, of
the session data items were present.
Administrator response: This error indicates a
problem with the configuration of the client or a
programming error. Examine the sections of the client
configuration relating to concurrent session limits and
session displacement. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSI0309W
The client's version of the session is
out of date.
Explanation: The client issued a session modification
request based on an out of date version of the session.
The client must retrieve the current version of the
session and retry the request.
Administrator response: No action is necessary.
CTGSI0310W
The client specified a capability mask
that does not match the active capability
mask.
Explanation: The client specified a capability mask
that does not match the active capability mask. The
client will not be able to register until the session
management server is restarted and initialized with a
matching capability mask.
Administrator response: Ensure all clients accessing
the session management server are compatible with the
version of the session management server. It may be
necessary to restart the session management server and
all active clients to correct this condition. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSI0311E • CTGSI0320E
CTGSI0311E The session management server was
unable to generate a new key.
Explanation: The session management server was
unable to generate a new key.
Administrator response: Examine the session
management server logs for further details. It may be
necessary to restart the session management server
completely to correct this condition.
CTGSI0312W
The session was not found.
Explanation: The session management server was
unable to find a session with the session ID specified
by the client.
Administrator response: No action is necessary.
CTGSI0316E The client attempted to register using an
active client name from a different IP
address than was used to register the
active instance.
Explanation: The client attempted to register using an
active client name from a different IP address than was
used to register the active instance.
Administrator response: Inspect the client's
configuration to ensure each client uses a unique
replica name. The session management server logs
indicate the IP addresses of the clients using the same
client name. If the IP address of the client has recently
changed, wait until the session management server
expires the previous registration before restarting the
client. The amount of time to wait is controlled by the
session management server's client idle timeout
configuration parameter.
CTGSI0313E A parameter value was not valid.
Explanation: The client specified a parameter value
that was not valid to the session management server.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSI0314E The specified client instance ID has
already been registered by another
client.
Explanation: Each client that makes use of the session
management server must register a unique instance ID.
This message indicates a client attempted to use an
instance ID that another client had already registered.
Administrator response: Restart the client. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSI0315E The session management server
encountered an error and was unable to
complete the operation.
Explanation: While processing the client's request, the
session management server encountered an error that
prevented it from completing the operation.
Administrator response: Inspect the session
management server logs to identify the nature and
cause of the error. Take any necessary corrective
measures. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSI0317W
The client attempted an idle timeout
operation but the capabilities required
to support idle timeouts have not been
enabled.
Explanation: The first client to start-up requested a set
of capabilities from the session management server that
did not include the session interest list capability. This
capability is required to support idle timeout of
sessions.
Administrator response: Examine any client
configuration options relating to session management
server capabilities. To change the active set of
capabilities, all clients must be shut-down, and the
session management server restarted. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSI0319E The client issued a change session
request with no session data changes.
Explanation: The client issued a change session
request with no session data changes.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSI0320E The interface version requested by the
client is not supported by this server.
Explanation: The interface version requested by the
client is not supported by this server.
Administrator response: Ensure the versions of client
software and server software are compatible.
Chapter 5. Security Access Manager Session Management Server Messages
197
CTGSI0321W • CTGSM0301E
CTGSI0321W
The session management server
detected a conflict resulting from
replication of the changes.
Explanation: The session management server detected
a conflict resulting from replication of the changes.
Administrator response: No action is necessary.
CTGSI0322E An invalid request parameter was
passed to the session administration
interface.
Explanation: An invalid request parameter was passed
to the session administration interface.
Administrator response: Retry the operation
specifying valid parameters. Consult the IBM Security
Access Manager Shared Session Administration Guide
for information about valid request parameters.
CTGSI0323E An unrecognized administration
operation was passed to the session
management server's administration
interface.
Explanation: The session management server's
administration interface can only handle known request
types from its clients. An unrecognized request type
was sent from a client.
Administrator response: Ensure the requested
administration operation is currently enabled and that
the version of the client software in use is supported by
this version of the session management server.
CTGSI0324E The request from the client requires a
capability of the session management
server that is not enabled by the session
management server.
CTGSI0327W
The session management server was
not able to replicate the changes across
the cluster.
Explanation: The session management server was not
able to replicate the changes resulting from the request
across the cluster.
Administrator response: Check the session
management server logs for more information
concerning this error. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSI0328E Authentication failed. You have used an
invalid user name or password.
Explanation: An invalid user name or password was
supplied.
Administrator response: Check your authentication
information and try again.
CTGSI0329E Authentication failed. The account
associated with the user has expired.
Explanation: The users account has expired.
Administrator response: Contact your system
administrator to have the account reactivated.
CTGSI0330E Authentication failed. The credential
associated with the user has expired.
Explanation: The user's credential has expired. This
error might indicate that the user's password has
expired.
Administrator response: Contact your system
administrator to renew the users credential.
Explanation: The request from the client requires a
capability of the session management server that is not
enabled by the session management server.
CTGSI0331W
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: The attempt to create a new session for
the user failed because creating another session would
exceed the session limit for the session realm.
CTGSI0325E The client attempted to use a session
realm that does not exist in the session
management server configuration.
CTGSM0301E The new instance, %s, of the client,
%s, could not be stored.
Explanation: The client attempted to use a session
realm that does not exist in the session management
server configuration. All session realm names must be
specified in the session management server
configuration.
Administrator response: Retry the operation
specifying a defined session realm.
198
Version 7.0: Error Message Reference
The session limit for this session
realm has been reached.
Administrator response: No action is necessary.
Explanation: The session management server was
unable to store the details of the client.
Administrator response: Examine the log for further
detailed messages regarding the error, take any
necessary corrective action, and restart the client. It
may also be necessary to restart the session
management server.
CTGSM0303E • CTGSM0316E
CTGSM0303E The list of keys stored in the session
list store, %s, for the replica set, %s,
could not be retrieved.
Explanation: The session management server was
unable to retrieve the list of keys stored in the given
session list.
Administrator response: Examine the log for earlier
messages regarding this error and take any necessary
corrective action. If the problem persists, restart the
session management server.
CTGSM0304E The session, %s, in the replica set,
%s, does not have a concurrent session
key.
Explanation: Every session must include the data item
used as the key for maintaining concurrent session
counts. A session was either created without the data
item, or the data item was removed as part of a session
update.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0305E The session, %s, in replica set, %s,
could not be stored.
Explanation: A session could not be stored in the
session cache.
Administrator response: Examine the log for other
messages regarding the error and take any necessary
corrective action. The error might indicate resource
exhaustion.
CTGSM0306W The session management server has
rejected a session modification request
from the client, %s, for the session, %s,
in the replica set, %s, based on an
outdated version of the session. The
client has version number %s, while %s
is the current version number.
Explanation: A client has issued a session update
request based on an outdated version of the session.
The request has been rejected.
Administrator response: This condition can
sometimes occur during normal operation of the
session management server. The client can correct the
condition by first requesting the current version of the
session, and then re-issuing the update request based
on that version. This error could also indicate a
problem with the client.
CTGSM0310W
The client, %s, is not registered.
Explanation: The client attempted the perform an
operation without first registering with the session
management server.
Administrator response: No action is necessary.
CTGSM0311W
Returning result: %s (code: 0x%s).
Explanation: The specified result is being returned to
the client. This message is usually only logged when an
error result is returned.
Administrator response: If the result indicates an
error has occurred, examine the log for further details
and take any necessary corrective action.
CTGSM0312E A new instance of the client, %s, has
attempted to start-up. The existing
instance ID is %s, with the client ID of
%s. The second instance ID is %s, with
IP address %s.
Explanation: A replica attempted to register with the
session management server using a replica name that
was already active, and its client ID was different to
that used to register the active instance. The replica's
registration was denied by the session management
server.
Administrator response: This message indicates two
replicas are configured with the same replica name, and
both are attempting to register with the session
management server. If this message coincides with a
planned client ID change for a replica machine, the
replica cannot be restarted until its previous instance is
expired. Otherwise, examine the configuration on the
machines with the client ID's given to determine
whether they have been configured to use the same
replica name. If so, change the replica name on one
machine. It may be necessary to explicitly configure the
replica name on both machines to avoid a conflict.
CTGSM0316E Single sign-on was requested in
session realm, %s, but there is no single
sign-on mapping configured.
Explanation: A client requested a session be created
using single sign-on within a session realm, but the
session management server configuration does not
specify a single sign-on mapping for the session realm.
Administrator response: Modify the session
management server configuration so it specifies a single
sign-on mapping to use within the session realm. The
session management server must be restarted for this
change to take effect.
Chapter 5. Security Access Manager Session Management Server Messages
199
CTGSM0317E • CTGSM0327E
CTGSM0317E An error occurred during statistics
gathering setup: %s.
Explanation: An error occurred during statistics
gathering setup. Statistics will not be recorded until the
error is corrected and the session management server
application is restarted.
Administrator response: Examine this and earlier log
messages for more information regarding the error.
Once the error has been corrected, restart the session
management server.
CTGSM0318E Initialization of the event timer class,
%s, failed: %s
Explanation: The session management server uses
different event timer classes in different runtime
environments. This message indicates the event timer
class for this environment is not available. The session
management server will not function without an event
timer.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0319E The database, %s, could not be
opened.
Explanation: The database may not exist or may have
other problems.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0321E
The event does not specify a session.
Explanation: The event may be corrupt or incorrectly
created because it does not specify a session.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0322E The session management server could
not copy the file %s to %s: %s
Explanation: The session management server could
not copy a file.
Administrator response: Examine the error message
for more information on the error. Restart the session
management server application to retry the operation.
If the problem persists, check IBM Electronic Support
for additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
200
Version 7.0: Error Message Reference
CTGSM0323E The administration interface version,
%s, requested by the client is not
supported by the server. The server
supports the following versions of the
administration interface: %s.
Explanation: The interface version requested by the
client is not supported by this server.
Administrator response: Ensure the versions of client
software and server software are compatible.
CTGSM0324W J2EE security is disabled for this
application server. No security checks
will be performed by the session
management server administration
interface.
Explanation: The session management server
administration interface security depends on J2EE
security being enabled in the application server.
Administrator response: If security is required for the
session management server administration interface
then enable J2EE security and restart the application
server.
CTGSM0325E Unable to retrieve message text for
message code {0}.
Explanation: The message text for the specified
message code could not be retrieved.
Administrator response: Verify the files that make up
the session management server application are present
in the WebSphere application server installed
applications directory. The session management server
will not function correctly until this problem is
corrected. It may be necessary to reinstall the session
management server application to correct this problem.
CTGSM0326E
The file, %s, could not be deleted.
Explanation: A file could not be deleted.
Administrator response: Check that the file system is
writable, and that the file system permissions allow the
file to be deleted.
CTGSM0327E An error occurred during
initialization of the class, %s, specified
by property, %s: %s
Explanation: An error occurred during initialization of
an event handler class.
Administrator response: Examine the error message
for information regarding the error and take any
necessary corrective action. The session management
server application must be restarted.
CTGSM0328E • CTGSM0335E
CTGSM0328E An error occurred while replicating
session management server data: %s
Explanation: An error occurred while replicating
session management server data. This error may
indicate communication problems between cluster
members.
Administrator response: Examine the error message
for information regarding the error and take any
necessary corrective action. It may be necessary to
restart the session management server application. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0329E The session management server was
not able to replicate an operation on the
key, %s, in the map, %s.
Explanation: The session management server was not
able to replicate an operation on an entry in a storage
map to other nodes in the cluster. The client issuing the
request that resulted in the operation will be notified of
the failure.
Administrator response: Check that all WebSphere
cluster members are running correctly, and that the
network connections between each node are
functioning. Multiple instances of this error may
indicate resource starvation or server availability
problems. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0330E The session management server
instance was not able to establish
communication with other instances in
the cluster: %s.
Explanation: The session management server instance
was not able to establish communication with other
instances in the cluster.
Administrator response: Restart the server on which
this instance of the session management server runs. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0332E The session management server was
not able to obtain a cluster-wide lock on
the item, %s: %s
network connections between each node are
functioning. Multiple instances of this error may
indicate resource starvation or server availability
problems. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0333E The session management server was
not able to release a lock on the item,
%s: %s
Explanation: The session management server was not
able to release a cluster-wide lock on a data item after
updating it.
Administrator response: Check that all WebSphere
cluster members are running correctly, and that the
network connections between each node are
functioning. Multiple instances of this error may
indicate resource starvation or server availability
problems. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0334E Transfer of existing session
management server data to a new
instance, %s, failed: %s.
Explanation: Transfer of existing session management
server data to a new instance failed. The new instance
will not process requests until it is restarted.
Administrator response: Restart the server on which
the new instance runs. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0335E An error occurred while receiving
session management server data from
another instance: %s
Explanation: An error occurred while receiving
session management server data. This error may
indicate communication problems between cluster
members.
Administrator response: Examine the error message
for information regarding the error and take any
necessary corrective action. It may be necessary to
restart the session management server application. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
Explanation: The session management server was not
able to obtain a cluster-wide lock on a data item in
order to update it.
Administrator response: Check that all WebSphere
cluster members are running correctly, and that the
Chapter 5. Security Access Manager Session Management Server Messages
201
CTGSM0336E • CTGSM0458E
CTGSM0336E The replication operation message
was badly formed.
Explanation: A replication operation message, used to
transfer data between session management server
instances, was badly formed.
Administrator response: This message indicates a
serious problem relating to session management server
data replication. Restart the session management server
application. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0337E Initialization of the event worker
class, %s, failed: %s
Explanation: The session management server uses
different event worker classes in different runtime
environments. This message indicates the event worker
class for this environment is not available.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0450E An SQL error has occurred: %s (SQL
error code: %s, SQL state: %s).
Explanation: The session management server has
encountered an SQL error during a database operation.
Administrator response: This message may indicate
resource starvation problems, such as disk space or
memory exhaustion. Examine the system's resource
usage to see if this is the case. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0451E The JDBC driver could not be
initialized: %s
Explanation: The JDBC driver required to access the
session management server database tables could not
be initialized.
Administrator response: Check the properties of the
JDBC data source configured for use by the session
management server and restart the session
management server.
CTGSM0452E The database table, %s, was not
found.
Explanation: One of the session management server
database tables is missing.
Administrator response: Correct the database
configuration and restart the session management
202
Version 7.0: Error Message Reference
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0453E The column, %s, in the database
table, %s, was not found.
Explanation: A column in one of the session
management server database tables is missing.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0454E The column, %s, in the database
table, %s, has the wrong type. The
expected type is %s, but the type in the
database is %s.
Explanation: A column in one of the session
management server database tables has the wrong type.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0457E The column, %s, in the database
table, %s, is not a primary key.
Explanation: A column in one of the session
management server database tables is not a primary
key.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0458E The column, %s, in the database
table, %s, is not configured to use a
foreign key.
Explanation: A column in one of the session
management server database tables is not configured to
use a foreign key.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0459E • CTGSM0604E
CTGSM0459E The foreign key column, %s, in the
database table, %s, imports its key from
the table, %s, but it should import from
the table, %s.
Explanation: A column in one of the session
management server database tables has a
misconfigured foreign key.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0460E The foreign key column, %s, in the
database table, %s, imports its key from
the column, %s, but it should import
from the column, %s.
Explanation: A column in one of the session
management server database tables has a
misconfigured foreign key.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0461E The foreign key column, %s, in the
database table, %s, uses the update rule,
%s, but it should use the update rule,
%s.
Explanation: A column in one of the session
management server database tables has a
misconfigured foreign key.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0462E The foreign key column, %s, in the
database table, %s, uses the delete rule,
%s, but it should use the delete rule, %s.
Explanation: A column in one of the session
management server database tables has a
misconfigured foreign key.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0463E No index was found for the column,
%s, in the database table, %s.
Explanation: The database does not contain an index
for the specified column.
Administrator response: Correct the database
configuration and restart the session management
server. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0464E The JDBC driver could not be
initialized.
Explanation: The JDBC driver required to access the
session management server database tables could not
be initialized.
Administrator response: Check the properties of the
JDBC data source configured for use by the session
management server. The session management server
may need to be restarted.
CTGSM0602E The session management server was
not able to load the class %s: %s.
Explanation: The session management server
configuration specifies that it must load the given class
for SSO mapping, session data inspection, or data
replication. The class could not be loaded, for the given
reason.
Administrator response: Verify all class names
specified in the session management server
configuration are spelled correctly, and all necessary
files are present in the application's class path.
CTGSM0603E The session management server was
not able to create an instance of the
class %s: %s.
Explanation: The session management server
encountered an error while trying to instantiate the
class.
Administrator response: Check the class name is
correct, and the Java security policy allows the session
management server to instantiate the class, then restart
the application. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0604E The session management server
configuration specifies an illegal value
for the %s property: %s.
Explanation: The property value must be a positive
integer, but the configuration file specifies either a
non-integer or a negative value.
Chapter 5. Security Access Manager Session Management Server Messages
203
CTGSM0617E • CTGSM0633W
Administrator response: Modify the configuration file
so a positive integer is specified for the named
property, and restart the session management server.
CTGSM0617E An unknown single sign-on
mapping, %s, was specified for the
session realm, %s.
Explanation: The single sign-on mapping name
specified in the configuration for a session realm does
not match any of the configured single sign-on
mappings.
Administrator response: Verify the single sign-on
mapping name is correctly specified and restart the
session management server.
CTGSM0618E The session management server was
unable to identify the version of
WebSphere application server.
Explanation: The session management server
application needs to identify the application server
version in order to perform statistics gathering. This
message indicates that it was not able to do so.
Administrator response: Ensure you are running the
session management server application on a supported
version of WebSphere application server. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0619E A Java class name is required to be
specified in the session management
server configuration by property %s.
Explanation: Each extension specified in the session
management server configuration must include the
name of a Java class implementing the extension
functionality. The specified property does not specify a
class name.
Administrator response: Examine the session
management server configuration. Verify all extension
names and property names are specified correctly, and
each extension configuration includes the correct Java
class name. Restart the session management server
application.
CTGSM0620E The Java class, %s, specified by
property, %s, is not a valid session
management server %s class.
Explanation: The Java class configured for the
specified property name does not an implementation of
the expected interface.
Administrator response: Ensure all Java class names
specified in the session management server
configuration are correct. Restart the session
management server application.
204
Version 7.0: Error Message Reference
CTGSM0622W The session management server was
unable to read the Tivoli Common
Directory configuration file: %s
Explanation: The session management server was
unable to read the Tivoli Common Directory
configuration file. The Tivoli Common Directory can be
used in the logging destination configuration. Any log
handlers configured to use the Tivoli Common
Directory variable will write to an incorrect location
until the problem is corrected.
Administrator response: Verify the Tivoli Common
Directory configuration file exists and is readable.
Restart the session management server once the
problem has been corrected
CTGSM0626E An error occurred while reading the
configuration file %s: %s
Explanation: An error occurred while attempting to
read the configuration file.
Administrator response: Examine the error message
to determine the cause of the problem. Once the
problem has been corrected, restart the session
management server.
CTGSM0627E An error occurred while writing the
configuration file %s: %s
Explanation: An error occurred while attempting to
write the configuration file.
Administrator response: Examine the error message
to determine the cause of the problem. Once the
problem has been corrected, restart the session
management server.
CTGSM0633W The session management server was
unable to access the Windows registry:
%s
Explanation: The session management server attempts
to access the Windows registry in order to locate the
Tivoli Common Directory configuration file and the
product installation directory. In this case the session
management server was unable to access the Windows
registry.
Administrator response: Examine the error message
to determine the cause of the problem. Verify the
WebSphere application server configuration includes a
shared library definition for the session management
server registry access library. Check the session
management server deployment descriptor includes a
reference to this shared library. If Java 2 security policy
is enforced, ensure the session management server
policy file includes the permissions required to load the
registry access shared library. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
CTGSM0634E • CTGSM0644E
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0634E The session management server
installation directory could not be
determined: %s
Explanation: The session management server was
unable to determine the directory in which it is stored
under the WebSphere application server install
applications directory.
Administrator response: Examine the error message
to determine the cause of the problem. If Java 2
security policy is enforced, ensure the session
management server policy file includes the permissions
required to read files in the WebSphere application
server configuration directory. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0637W An error was encountered while
reading output from the process, %s: %s
CTGSM0639E An error was encountered while
attempting to execute the command, %s,
during session management server
configuration: %s
Explanation: An error was encountered while
attempting to execute a process during session
management server configuration.
Administrator response: Examine the error message
to determine the cause of the problem. Restart the
session management server application to retry the
configuration process. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0640E The directory, %s, could not be
created.
Explanation: A directory could not be created.
Administrator response: Check that the file system is
writable and has sufficient free space, and that the file
system permissions allow the directory to be created.
Explanation: An error was encountered while reading
output from a process run during session management
server configuration.
CTGSM0641E An error was encountered while
configuring the Tivoli Common
Directory: %s
Administrator response: No action is necessary. If the
configuration process failed, not all of the output from
the process will be available.
Explanation: An error was encountered while
configuring the Tivoli Common Directory.
CTGSM0638E The command, %s, run during
session management server
configuration has exceeded the time
limit of %s seconds and has been
terminated.
Explanation: A process run during session
management server configuration has exceeded the
time limit. The process has been terminated, and
session management server configuration will fail as a
result. The captured output from the process will be
included in a later log message.
Administrator response: Examine the output from the
process, which is included in a later log message, to
determine the reason the process did not complete
within the time limit. Restart the session management
server to retry the configuration process. If the problem
persists, check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Examine the error message
to determine the cause of the error. Restart the session
management server application to retry the
configuration process. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0642E Activation of the session management
server configuration MBean failed: %s
Explanation: Activation of the session management
server configuration MBean failed.
Administrator response: Examine the error message
to determine the cause of the error. It may be necessary
to restart the WebSphere application server deployment
manager to correct the problem.
CTGSM0644E The session management server
configuration application could not
create a new WebSphere application
server SSL configuration: %s
Explanation: The session management server could
not create a new WebSphere application server SSL
configuration.
Administrator response: Examine the error message
to determine the cause of the error. Run the session
Chapter 5. Security Access Manager Session Management Server Messages
205
CTGSM0645E • CTGSM0659E
management server configuration program again to
retry the operation. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0645E The session management server
configuration application could not
remove the WebSphere application
server SSL configuration, %s: %s
Explanation: The session management server
configuration application could not remove the
WebSphere application server SSL configuration.
Administrator response: Examine the error message
to determine the cause of the error. Attempt to remove
the SSL configuration manually through the WebSphere
application server administration console. Run the
session management server configuration program
again to retry the operation. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0648E Failed to access the WebSphere
application server configuration service.
Explanation: The session management server could
not access the WebSphere application server
configuration service in order to complete its
configuration.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0649E Failed to locate the WebSphere
application server security
configuration.
Explanation: The session management server could
not locate the WebSphere application server security
configuration in order to complete its configuration.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0651W An error occurred while parsing the
WebSphere application server
configuration: %s
Explanation: An error occurred while parsing the
WebSphere application server configuration. The
logging for the Session management server may not
function correctly until the problem is resolved.
Administrator response: The message shown
describes the error condition that occurred. Take the
206
Version 7.0: Error Message Reference
appropriate corrective action based on the details
contained within the message.
CTGSM0652E An error occurred while retrieving
the list of applications installed on the
WebSphere application server: %s
Explanation: An error occurred while retrieving the
list of applications installed on the WebSphere
application server. The session management server
configuration application will not function correctly
until the problem is resolved.
Administrator response: The message shown
describes the error condition that occurred. Take the
appropriate corrective action based on the details
contained within the message.
CTGSM0653E An error occurred while parsing the
configuration of the application, %s: %s
Explanation: An error occurred while parsing the
configuration of the named application. The session
management server configuration application will not
function correctly until the problem is resolved.
Administrator response: The message shown
describes the error condition that occurred. Take the
appropriate corrective action based on the details
contained within the message.
CTGSM0654E An error occurred while attempting to
restart the application, %s: %s
Explanation: An error occurred while attempting to
restart the named application.
Administrator response: The message shown
describes the error condition that occurred. Take the
appropriate corrective action based on the details
contained within the message. The session management
server configuration process will not proceed until the
session management server application is restarted. If
the session management server application is restarted
manually, the configuration process will proceed, but
the results will not be reported to the configuration
program.
CTGSM0659E The deployment descriptor for the
session management server application
could not be located.
Explanation: The deployment descriptor for the
session management server application could not be
located.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0663E • CTGSM0672E
CTGSM0663E The session management server was
not able to create an instance of the
class %s.
Explanation: The session management server
encountered an error while trying to instantiate the
class.
Administrator response: Examine the log for earlier
messages indicating why the class could not be
instantiated. Check the class name is correct, and the
Java security policy allows the session management
server to instantiate the class, then restart the
application. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0666E The specified configuration session is
not active.
Explanation: The specified configuration session is not
active. This may mean that the target session
management server instance has been restarted, or that
the configuration session has been displaced by a
newer session.
Administrator response: Retry the configuration
action.
CTGSM0667E The session management server was
not able to lock the distributed
configuration: %s
Explanation: Before updating its configuration, the
session management server first locks the configuration
to protect against concurrent updates. This failure may
indicate there are communication problems between the
WebSphere application servers hosting the session
management server.
Administrator response: Examine the detailed error
message and previous entries in the WebSphere
application server logs for more information about the
error.
CTGSM0668E The session management server was
not able to unlock the distributed
configuration: %s
Explanation: Before updating its configuration, the
session management server first locks the configuration
to protect against concurrent updates. This failure may
indicate there are communication problems between the
WebSphere application servers hosting the session
management server.
Administrator response: Examine the detailed error
message and previous entries in the WebSphere
application server logs for more information about the
error.
CTGSM0669E The session management server was
not able to retrieve the configuration
state from other instances in the cluster:
%s
Explanation: This may indicate there are
communication problems between the WebSphere
application servers hosting the session management
server.
Administrator response: Examine the detailed error
message and previous entries in the WebSphere
application server logs for more information about the
error.
CTGSM0670E The session management server was
not able to distribute the updated
configuration across the cluster: %s
Explanation: The session management server was not
able to distribute the updated configuration to other
instances in the cluster. This may indicate that there are
communication problems between the WebSphere
application servers hosting the session management
server. Unless this problem is corrected, future
configuration operations may operate on an outdated
version of the configuration.
Administrator response: Examine the detailed error
message and previous entries in the WebSphere
application server logs for more information about the
error. It may be necessary to restart the application
server instance that logged this message.
CTGSM0671E The session management server was
not able to distribute configuration
result information across the cluster: %s
Explanation: The session management server was not
able to distribute the updated configuration to other
instances in the cluster. This may indicate that there are
communication problems between the WebSphere
application servers hosting the session management
server.
Administrator response: Examine the detailed error
message and previous entries in the WebSphere
application server logs for more information about the
error. It may be necessary to restart the application
server instance that logged this message.
CTGSM0672E The new configuration is based on a
previous version of the configuration.
The current configuration is version %d
and the new configuration is version
%d.
Explanation: An update to the session management
server configuration has a version number older than
or equal to that of the current configuration.
Administrator response: Retry the configuration
operation.
Chapter 5. Security Access Manager Session Management Server Messages
207
CTGSM0673E • CTGSM0753E
CTGSM0673E A component with the name %s
already exists in the %s component set.
Explanation: An attempt was made to add a
component to a set using a name already present in
that component set.
Administrator response: Retry the operation using a
different name for the component.
CTGSM0674E The component %s from component
set %s failed to initialize: %s
Explanation: An SMS component failed to initialize.
The component will not be available until the problem
is fixed. This may make the session management server
unavailable until the problem is fixed.
Administrator response: Examine the error message
for details of the failure. It may be necessary to
reconfigure or restart the session management server.
CTGSM0675E The component %s was not found in
the component set %s.
Explanation: The specified component does not exist
in the configuration.
Administrator response: Check the component name
and retry the configuration operation.
CTGSM0676E An unknown configuration
component set identifier, %d, was
specified.
Explanation: The configuration component set
specified does not match any of the known component
sets.
matching the name specified in the replica set
configuration or change the replica set configuration to
match an existing session realm. The replica set will not
be available until the problem is corrected.
CTGSM0679E An attempt to process an SMS event
failed: %s.
Explanation: The session management server
encountered an error while trying to process an event.
Administrator response: Examine the log for other
messages relating to this error, and take any necessary
corrective action. If the problem persists, restart the
session management server.
CTGSM0750E The SecureRandom algorithm, %s,
could not be loaded: %s
Explanation: The SecureRandom algorithm specified
in the session management server configuration could
not be loaded.
Administrator response: Verify the SecureRandom
algorithm specified in the session management server
configuration is correct, and restart the application.
CTGSM0751E The SecureRandom provider, %s, was
not found: %s
Explanation: The SecureRandom provider specified in
the session management server configuration could not
be found.
Administrator response: Verify the SecureRandom
provider specified in the session management server
configuration is correct, and restart the application.
Administrator response: Check the component set
identifier and retry the configuration operation.
CTGSM0752E The session management server was
unable to determine the current key
details.
CTGSM0677E The session realm, %s, cannot be
removed because it still contains replica
sets.
Explanation: The session management server was
unable to determine the current key details. The key
information may have become corrupted.
Explanation: Session realms cannot be removed while
they still contain replica sets.
Administrator response: Request a change of key
using the administration interface. If the problem
persists, restart the session management server.
Administrator response: Remove the replica sets that
are still in the session realm before removing the
session realm.
CTGSM0753E The session management server was
unable to find the key with ID: %s.
CTGSM0678E An unknown session realm name, %s,
is specified in the configuration for the
replica set, %s.
Explanation: The session management server was
unable to find the key. The key information may have
become corrupted.
Explanation: The configuration for the replica set
specifies a session realm name that does not match any
configured session realm.
Administrator response: Request a change of key
using the administration interface. If the problem
persists, restart the session management server.
Administrator response: Check the session realm
name for the replica set. Either create a session realm
208
Version 7.0: Error Message Reference
CTGSM0754E • CTGSM0907E
CTGSM0754E An error occurred while updating the
key distribution information. The
parameter, %s, could not be associated
with the value: %s.
Explanation: While updating the key distribution
information, the session management server
encountered an error.
Administrator response: Examine the log for other
messages relating to this error, and take any necessary
corrective action. Request a key change using the
administration interface. If the problem persists, restart
the session management server.
CTGSM0755W An error occurred while updating
the key distribution information. The
expired key, %s, could not be removed.
Explanation: While updating the key distribution
information, the session management server
encountered an error. This condition does not effect the
operation of the session management server, but it may
indicate future errors.
Administrator response: Examine the log for other
messages relating to this error, and take any necessary
corrective action. Unless the other messages indicate a
serious problem, it is not necessary to request a new
key or restart the session management server.
CTGSM0901E The session management server was
not able to initialize the IBM Security
Access Manager Runtime for Java: %s
Explanation: The session management server must
initialize the IBM Security Access Manager Runtime for
Java. This message indicates the initialization failed
Administrator response: Examine this and earlier log
messages for information regarding the error and take
any necessary corrective action. Verify the IBM Security
Access Manager Runtime for Java configuration URL is
specified correctly. The session management server
application must be restarted.
CTGSM0902W An error occurred while accessing a
IBM Security Access Manager
credential: %s
Explanation: An error occurred while accessing a IBM
Security Access Manager credential.
Administrator response: Examine the error message
for specific details of the error. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM0903W The session, %s, does not contain a
IBM Security Access Manager
credential.
Explanation: The identified session does not contain a
IBM Security Access Manager credential. All
authenticated sessions stored in the session
management server must contain a credential.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0904E A configuration value required to
configure the IBM Security Access
Manager Runtime for Java is missing:
%s.
Explanation: One of the configuration values required
to configure the IBM Security Access Manager Runtime
for Java is missing.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM0905E Configuration of the IBM Security
Access Manager Runtime for Java failed:
%s
Explanation: Configuration of the IBM Security Access
Manager Runtime for Java has failed.
Administrator response: Examine the error message
for information regarding the error and take any
necessary corrective action. Verify that the IBM Security
Access Manager policy server and the user registry
server are available. The session management server
application must be restarted.
CTGSM0906E Unconfiguration of the IBM Security
Access Manager Runtime for Java failed:
%s
Explanation: Unconfiguration of the IBM Security
Access Manager Runtime for Java has failed.
Administrator response: Examine the error message
for information regarding the error and take any
necessary corrective action. Verify that the IBM Security
Access Manager policy server and the user registry
server are available. The session management server
application must be restarted.
CTGSM0907E An error was encountered while
creating the key and trust store files
used to authenticate clients of the
session management server: %s
Explanation: An error was encountered while creating
the key and trust store files used to authenticate clients
Chapter 5. Security Access Manager Session Management Server Messages
209
CTGSM0908E • CTGSM1055E
of the session management server.
Administrator response: Examine the error message
for information regarding the error and take any
necessary corrective action. Verify that the necessary
Java security providers are available. The session
management server application must be restarted.
CTGSM0908E IBM Security Access Manager
integration has not been enabled for the
session management server.
Explanation: A Security Access Manager configuration
operation was requested, but Security Access Manager
integration has not been enabled.
Administrator response: Enable Security Access
Manager integration before attempting further Security
Access Manager configuration.
CTGSM0909E The IBM Security Access Manager
Runtime for Java is not currently
available.
CTGSM1051E The %s attribute of the %s session
management server administration
interface request must be an integer
value - the %s value cannot be parsed as
an integer.
Explanation: The specified request attribute must be
an integer but the value provided by the client cannot
be parsed as an integer value.
Administrator response: Ensure the version of the
client software in use is supported by this version of
the session management server.
CTGSM1052E The %s attribute of the %s session
management server administration
interface request has a lower bound of
%s - the value %s is too low.
Explanation: The client specified a value for the
specified request attribute that is less than the
identified attribute's minimum valid value.
Explanation: The IBM Security Access Manager
Runtime for Java is not currently available.
Administrator response: Ensure the version of the
client software in use is supported by this version of
the session management server.
Administrator response: Examine earlier log messages
to determine the cause of the problem. This may
indicate a problem with the IBM Security Access
Manager policy server. The session management server
may need to be restarted.
CTGSM1053E The %s attribute of the %s session
management server administration
interface request has an upper bound of
%s - the value %s is too high.
CTGSM0910W The session, %s, does not contain a
user UUID.
Explanation: The client specified a value for the
specified request attribute that is greater than the
identified attribute's maximum valid value.
Explanation: The identified session does not contain a
user UUID. This information is required for the
recording of last login information. The information
should be supplied either as session data, or as a part
of a IBM Security Access Manager credential.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM1050E Multiple values for the %s attribute
of the %s session management server
administration interface request were
specified but no more than one value
may be specified.
Explanation: The client sent multiple values for the
indicated request attribute but the attribute may only
have a single value.
Administrator response: Ensure the version of the
client software in use is supported by this version of
the session management server.
210
Version 7.0: Error Message Reference
Administrator response: Ensure the version of the
client software in use is supported by this version of
the session management server.
CTGSM1054E The required %s attribute of the %s
session management server
administration interface request was not
provided by the client.
Explanation: A required request attribute was not sent
by the session management server administration
interface client.
Administrator response: Ensure the version of the
client software in use is supported by this version of
the session management server.
CTGSM1055E The value (%s) of the %s attribute of
the %s session management server
administration interface request could
not be processed. Error: %s.
Explanation: The indicated value of the indicated
attribute is not valid when specified as part of the
indicated session management server administration
interface request.
CTGSM1059E • CTGSM1363E
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM1059E The session realm %s specified in a
%s request of the session management
server's administration interface is not
recognized by the session management
server.
Explanation: The request from the client specified an
undefined session realm name.
Administrator response: Retry the operation
specifying a defined session realm name.
CTGSM1060E
The %s request failed with error: %s
Explanation: The request from the client could not be
executed.
Administrator response: Examine the log for further
detailed messages regarding the error and take any
necessary corrective action.
CTGSM1061E The %s request caused an exception:
%sException stack trace:%s
Explanation: The request from the client caused the
indicated exception.
CTGSM1064E Unable to authorize access for the %s
operation requiring the %s role for user
%s delegated by user %s.
Explanation: Authorization of a user for this operation
has failed. For further detailed information about the
failure examine earlier messages in the log containing
this message. Correct any problems and retry the
operation.
Administrator response: Examine the log containing
this message for more information describing the error
that occurred and take the appropriate corrective
action.
CTGSM1065E Authorization of user %s for role %s
failed. %s exception: %s
Explanation: The specified exception occurred while
attempting to authorize the user for the role.
Administrator response: The message shown
describes the error condition that occurred. Take the
appropriate corrective action.
CTGSM1066E The administration request type, %s,
cannot be handled by class, %s, as
specified by handler, %s, as it is already
configured to be handled by the class,
%s.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Explanation: The session management server
administration requests may only be configured to be
handled by one handler. This message indicates that a
single request type is configured to be handled by more
than one handler.
CTGSM1062E No HTTP request for administration
service authorization.
Administrator response: Ensure the session
management server administration request handlers are
configured correctly and restart the application.
Explanation: The HTTP request object could not be
accessed while authorizing an administration service
operation.
CTGSM1067E Failed to locate the DSessAdmin
request dispatcher.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM1063E The user %s is not permitted to
delegate access to the administration
service.
Explanation: The identified user is not permitted to
delegate access to the administration service.
Administrator response: If the identified user is
expected to be able to delegate access to the
administration service ensure they have the
sms-delegator role.
Explanation: The request from the client could not be
executed.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM1363E Validation of the last login
information database table failed.
Explanation: The last login information database table
has not been correctly created.
Administrator response: Refer to earlier log messages
regarding the creation of the last login information
database table. Check that the table exists in the
database. It may be necessary to modify the table
manually to allow the table validation to succeed.
Chapter 5. Security Access Manager Session Management Server Messages
211
CTGSM1369E • CTGSM1655E
CTGSM1369E An error occurred while installing a
component into the WebSphere
application server runtime. The file, %s,
could not be copied to the target
location, %s.
Explanation: An error occurred while installing a
component into the WebSphere application server
runtime.
Administrator response: Check that the permissions
on the target directory permit the file to be copied and
that there is sufficient disk space. The file may also be
copied into place manually. Restart the session
management server application.
CTGSM1500W The host name of this machine could
not be determined.
Explanation: The host name of the machine on which
the session management server is running could not be
determined.
Administrator response: Check that the system host
name and network devices have been configured
correctly. Restart the session management server
application.
CTGSM1501E User information is required to report
an audit event but no session
information is available.
Explanation: User information is required to report an
audit event but no session information is available.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM1505W The session creation time, %s, is in
the future. Check time synchronization
between SMS and client %s.
CTGSM1507E The CARS Security Event Factory
reported an error while constructing an
event: %s
Explanation: The common audit reporting service
(CARS) Security Event Factory reported an error while
constructing an event for the reported reason.
Administrator response: Examine the reason for the
failure and take any necessary corrective action.
CTGSM1509E The CARS emitter reported an error
while sending an event: %s
Explanation: The common audit reporting service
(CARS) emitter reported an error while sending an
event for the reported reason.
Administrator response: Examine the reason for the
failure and take any necessary corrective action.
CTGSM1514E The common audit and reporting
service (CARS) encountered a severe
error when initializing: Error: %s, cause:
%sError stack trace:%sCause stack
trace:%s
Explanation: The common audit and reporting service
(CARS) encountered a severe error when initializing.
Administrator response: Examine the reason for the
failure and take any necessary corrective action.
CTGSM1515E The common auditing service
encountered a severe error when
shutting down: Error: %s, cause: %sError
stack trace:%sCause stack trace:%s
Explanation: The common auditing service
encountered a severe error when shutting down.
Administrator response: No action is necessary.
CTGSM1654E The command line option, %s, is not
recognized.
Explanation: The session creation timestamp
associated with the session being terminated is later
than the current time. This indicates clock skew
between the SMS and the client that created the
session.
Explanation: The identified command line option of
the smsbackup command is not recognized by the
smsbackup command.
Administrator response: Synchronize the clocks of the
SMS system and its clients and restart the SMS.
Administrator response: Re-run the smsbackup
command with correct command line options.
CTGSM1506E The auditing emitter configuration
has been set to debug mode. Events will
not be sent to a CARS emitter, they will
be written to the log file.
CTGSM1655E The %s command line option
requires an argument.
Explanation: The auditing emitter configuration has
been set to debug mode. Events will not be sent to a
CARS emitter, they will be written to the log file.
Administrator response: Consult the documentation
for the smsbackup command and re-run it specifying a
valid argument for the option.
Administrator response: No action is necessary.
212
Version 7.0: Error Message Reference
Explanation: The identified smsbackup command line
option requires an argument.
CTGSM1656E • CTGSM1803E
CTGSM1656E The argument to the -list option must
be a readable file. The value provided,
%s, is not a readable file.
Explanation: The value provided for the -list option of
the smsbackup command does not identify a readable
file.
Administrator response: Re-run the smsbackup
command specifying a valid value for the -list option.
CTGSM1657E
The file, %s, could not be opened: %s
Explanation: The identified file could not be opened
for the specified reason.
Administrator response: Ensure that the name of the
file is correct, that it exists and is that it is readable.
CTGSM1658W Line %s of the list file %s, %s,
cannot be interpreted.
Explanation: Not all of the contents of the file
specified by the -list option could be interpreted
correctly.
Administrator response: Ensure the list file name is
specified correctly and that the contents of the file are
not corrupt.
CTGSM1659E The file, %s, could not be backed up:
%s
Explanation: The file was indicated to be backed up
by the list file and does exist but could not be backed
for the reason indicated by the exception shown.
Administrator response: Ensure that all files required
to be backed up are accessible to the smsbackup
program.
CTGSM1660E The command, %s, could not be
executed: %s
Explanation: The command was indicated to be
executed by the list file but execution failed for the
reason indicated by the exception shown.
Administrator response: Ensure that all programs
required to be executed are accessible to the smsbackup
program.
CTGSM1662E The directory, %s, could not be
created: %s
Explanation: The directory specified as the output
path does not exist and could not be created.
CTGSM1663E An error occurred writing to the file,
%s: %s
Explanation: The file specified could not be written to
for the reason indicated.
Administrator response: Ensure that the file system
containing the file has sufficient space and that the
directory containing the file may be written to.
CTGSM1800E The property, %s, which is required
to configure the Java client API is
missing.
Explanation: One of the configuration values required
to configure the Java client API is missing.
Administrator response: Add the property to the
supplied properties object.
CTGSM1801E A configuration value required to
configure the Java client API is missing:
%s.
Explanation: The specified configuration item has not
been supplied to the DSessClientConfig class.
Administrator response: Ensure that the specified
configuration item is passed into the DSessClientConfig
class.
CTGSM1802E The session management interface of
any configured session management
server could not be accessed.
Explanation: An unsuccessful attempt has been made
to communicate with the session management interface
of each configured session management server.
Administrator response: Ensure the session
management interface of at least one configured session
management server is available and can be reached by
the client. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM1803E An internal error occurred within the
Java client API: %s.
Explanation: An internal error occurred within the
Java client API.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Re-run the smsbackup
command specifying a different value for -path option
or ensuring that you have permission to create the
specified directory.
Chapter 5. Security Access Manager Session Management Server Messages
213
CTGSM1804E • CTGSM1954E
CTGSM1804E The MAC algorithm, %s, could not be
loaded: %s
Explanation: The MAC algorithm which is used for
Session ID generation and validation could not be
loaded.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
CTGSM1805E The provided session ID, %s, is
invalid.
Explanation: The session ID that was provided to the
Java client API failed the cyrpographic check which is
used to validate ID's.
Administrator response: The client of the API should
disregard the locally cached session and should return
an error back to the client.
CTGSM1806E The provided session ID, %s, was
incorrectly formatted.
Explanation: The session ID that was provided to the
Java client API was of an incorrect format.
Administrator response: The client of the API should
disregard the locally cached session and should return
an error back to the client.
CTGSM1807E A request was made to send a session
which contained no data to the SMS.
Explanation: The session which was to be sent to the
SMS contains no session data.
Administrator response: The client of the API should
not be sending any empty sessions to the SMS. A
review of the client code should be conducted.
CTGSM1950E An exception occurred while
performing a WebSphere eXtreme Scale
data replication operation: %s
Explanation: An exception occurred while performing
a WebSphere eXtreme Scale data replication operation.
Administrator response: Examine the details of the
WebSphere eXtreme Scale error to determine the cause
and take appropriate action. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
214
Version 7.0: Error Message Reference
CTGSM1951E The session management server was
unable to initialize the WebSphere
eXtreme Scale data replication service.
Explanation: The session management server was
unable to initialize the WebSphere eXtreme Scale data
replication service.
Administrator response: Examine previous log
messages for more details of the underlying cause of
the failure. Once the underlying problem has been
corrected, restart the application server.
CTGSM1952E Initialization of the WebSphere
eXtreme Scale data replication service
failed: %s
Explanation: Initialization of the WebSphere eXtreme
Scale data replication service failed. The session
management server will not function until this problem
is corrected.
Administrator response: Examine the details of the
WebSphere eXtreme Scale error to determine the cause.
Once the underlying problem has been corrected,
restart the application server. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
CTGSM1954E An exception occurred during a
remote WebSphere eXtreme Scale
operation on server %s: %s
Explanation: An exception occurred during a
WebSphere eXtreme Scale operation on a remote server.
Administrator response: Examine the details of this
message and the logs on the named server for more
information on the cause of the problem and take any
appropriate action.
Chapter 6. Security Access Manager Web Runtime Messages
These messages are provided by the Security Access Manager Web Runtime
component.
DPWCA0151E
Invalid UNIX group name (%s)
Explanation: See message
Administrator response: Put user in a valid group.
DPWCA0152E
Could not change process GID (%s)
Explanation: See message.
Administrator response: Contact support.
DPWCA0153E
Could not change process UID (%s)
Explanation: See message.
Administrator response: Contact support.
DPWCA0154E Could not become background
process (%d)
Explanation: See message.
Administrator response: Contact support.
DPWCA0155W
Could not start background process
Explanation: See message.
Administrator response: Contact support.
Administrator response: Contact Support.
DPWCA0160E
Could not create new thread (%d)
Explanation: See message.
Administrator response: Contact support.
DPWCA0161E
Could not cancel thread (%d)
Explanation: See message.
Administrator response: Contact support.
DPWCA0162E
Could not join thread (%d)
Explanation: See message.
Administrator response: Contact Support.
DPWCA0163E Could not set RPC authorization
function (0x%8.8lx)
Explanation: See message.
Administrator response: Contact support.
DPWCA0164E Could not setup authentication info
(0x%8.8lx)
Explanation: Unable to perform login.
DPWCA0156E Could not use RPC protocol sequence
(%s,%s,0x%8.8lx)
Explanation: See message.
Administrator response: Contact support.
DPWCA0157E Could not fetch RPC bindings
(0x%8.8lx)
Explanation: See message.
Administrator response: Check login parameters.
DPWCA0165E Could not set server login context
(0x%8.8lx)
Explanation: Unable to set the network credentials to
those specified by login context.
Administrator response: Check that network
credentials are correct.
Administrator response: Contact support.
DPWCA0158E Could not release RPC bindings
(0x%8.8lx)
Explanation: See message.
Administrator response: Contact Support.
DPWCA0159E
Caught signal (%d)
Explanation: See message.
© Copyright IBM Corp. 2001, 2012
DPWCA0166E Could not perform network login
(%s,%s,0x%8.8lx)
Explanation: See message.
Administrator response: Verify that user/password is
correct.
DPWCA0167E Could not fetch key from keytab file
(%s,%s,0x%8.8lx)
Explanation: See message.
215
DPWCA0168E • DPWCA0300E
Administrator response: Check that the keyfile is set
up correctly, and the user information is valid.
DPWCA0176E
Malloc failure (0x%8.8lx)
Explanation: See message.
DPWCA0168E Could not refresh login context
(0x%8.8lx)
Explanation: WebSEAL was unable to refresh the
login based on existing login information.
Administrator response: Check validity of login
information
DPWCA0169E Could not determine login context
expiration (0x%8.8lx)
Explanation: See message.
Administrator response: Check validity of login
information.
Administrator response: Check status of memory on
the system.
DPWCA0177E This CDAS does not support this
authentication style: (%d)
Explanation: See message.
Administrator response: Check validity of
authentication style
DPWCA0178E General CDAS (Cross Domain
Authentication Service) failure (%s,
0x%8.8lx)
Explanation: See message.
DPWCA0170E Could not set RPC interface
(0x%8.8lx)
Administrator response: See message.
Explanation: See message.
DPWCA0179E
Administrator response: Check interfaces.
Explanation: See message.
Pthread error occurred: %d
Administrator response: Check system resources.
DPWCA0171E Could not register RPC endpoints
(%s,0x%8.8lx)
Explanation: See message.
Administrator response: Check endpoints.
DPWCA0172E Could not unregister RPC interface
(0x%8.8lx)
DPWCA0180E
An invalid rule was supplied: %s
Explanation: An invalid rule was retrieved from the
rules file.
Administrator response: Correct the rule within the
specified rules file.
Explanation: See message.
DPWCA0181E
Administrator response: Check validity and status of
interfaces.
Explanation: No valid rules were found in the rules
file.
DPWCA0173E Could not export bindings to name
service (%s,%s,0x%8.8lx)
Explanation: See message.
Administrator response: Check status of name service.
DPWCA0174E Could not unregister RPC endpoints
(0x%8.8lx)
Explanation: See message.
Administrator response: Check validity and status of
endpoints.
No rules were found in the rules file
Administrator response: Add a valid rule to the rules
file, or specify a different rules file.
DPWCA0182W The cache entries have exceeded the
maximum cache size.
Explanation: The cache has reached its configured
limit.
Administrator response: Increase the permitted size of
the cache.
DPWCA0300E
API internal error: (%s, %d)
Explanation: See message.
DPWCA0175E Could not unexport bindings from
name service (%s,0x%8.8lx)
Explanation: See message.
Administrator response: Check validity of interfaces
and name service.
216
Version 7.0: Error Message Reference
Administrator response: See message.
DPWCA0301W • DPWCA0765E
DPWCA0301W A timeout occurred while waiting
for authentication information from %s.
DPWCA0757E Failure extracting key-value pairs
from CERT-DN.
Explanation: A requested authentication operation
required further authentication information. This
information was not received in a timely fashion.
Explanation: An error occurred while parsing the DN
from a certificate.
Administrator response: No action is required.
DPWCA0458E
malloc() failure
Explanation: The application was unable to allocate
the required memory.
Administrator response: Ensure that there is enough
system memory.
DPWCA0751E There is no user authentication
information available.
Explanation: The user did not provide their
information for authentication
Administrator response: Check user information for
authentication
DPWCA0753E
Unable to encode certificate data
Administrator response: Check that the certificate DN
is valid.
DPWCA0759E Invalid parameter passed to
get_name_value
Explanation: An internal error has occurred.
Administrator response: Call support.
DPWCA0760E Invalid replacement string entry
found
Explanation: The entries in the replacement string
stanza must contain '=' characters.
Administrator response: Check that all entries in the
replacement string stanza contain an equals sign.
DPWCA0761E Out of memory in get_name_value
function
Explanation: See message.
Explanation: Memory allocation failed.
Administrator response: Verify that xauthn_cert is
valid
Administrator response: Check per process memory
allocation limits.
DPWCA0754E Failure reading string key or value of
replacementString from WebSEAL
configuration file.
DPWCA0762E Calloc function could not allocate
memory
Explanation: See message.
Administrator response: Ensure the value exists for
the replacementString in the WebSEAL configuration
file.
DPWCA0755E
Unable to perform DN mapping.
Explanation: An internal error has occurred. A
function was called with invalid parameters.
Administrator response: Contact support.
DPWCA0756E
Error building replacement string.
Explanation: An error occurred while preparing an
LDAP search filter.
Administrator response: Check for other errors in the
configuration file which may provide more information.
If no other errors are found, call support.
Explanation: Memory allocation failed.
Administrator response: Check per process memory
allocation limits.
DPWCA0763E The last character in the DN was the
= following the name
Explanation: The format of the certificate DN was not
valid.
Administrator response: Make sure the certificate DN
is valid.
DPWCA0764E Unexpected end of string
encountered parsing certificate DN
Explanation: See message.
Administrator response: Check the format of the last
string in certifcate DN
DPWCA0765E
The search string is NULL
Explanation: An internal error has occurred.
Administrator response: Call support.
Chapter 6. Security Access Manager Web Runtime Messages
217
DPWCA0766E • DPWCA0787E
DPWCA0766E
The return dn is NULL
Explanation: An internal error has occurred.
Administrator response: Call support.
DPWCA0768E Error loading XKMS CDAS
configuration file.
Explanation: There was an error in the XKMS CDAS
configuration file.
Administrator response: Look for other log messages
indicating which entries were not found.
DPWCA0769E Error searching suffix '%s', return
status = 0x%x
Administrator response: None necessary.
DPWCA0779E
Cannot load class: %s
Explanation: An error occurred while trying to load a
java class.
Administrator response: Make sure the classpath in
webseald.conf is correct and that the class can be found
in a jar file in the classpath.
DPWCA0780E
Cannot create new object: %s
Explanation: An error occurred while creating a new
object.
Explanation: An LDAP search failed.
Administrator response: Make sure the classpath in
webseald.conf is correct and that the class can be found
in a jar file in the classpath.
Administrator response: Verify the LDAP server is
running and that the suffix exists.
DPWCA0781E
DPWCA0770E Bad Parameters passed to
build_search_filter function.
Explanation: An internal error has occurred.
Cannot load class method: %s.init
Explanation: An error occurred while trying to load
the init method for the class.
Administrator response: Make sure that the class is
valid and implements the 'init' method.
Administrator response: Call support
DPWCA0782E
Exception ocurred in %s.init(%s)
DPWCA0771E Error retrieving value from certificate
DN.
Explanation: An exception occurred while invoking
the init method of a class.
Explanation: Make sure that the DN contains all of
the strings specified in the replacement strings list.
Administrator response: Check the log file for other
details about the exception and make sure the
properties file contains no errors.
Administrator response: An error occurred while
trying to replace a value from the certificate DN.
DPWCA0774E Unable to attach thread to existing
JVM.
Explanation: An error occurred when trying to attach
a thread to a JVM.
Administrator response: Make sure the JVM being
used is a supported JVM.
DPWCA0775E Unable to create JVM or attach to an
existing JVM.
Explanation: An error occurred when trying to
discover whether or not a JVM already existed in the
current process.
Administrator response: Make sure the JVM being
used is a supported JVM.
DPWCA0783E Cannot load class method:
%s.validate
Explanation: An error occurred while trying to load
the validate method for the class.
Administrator response: Make sure that the class is
valid and implements the 'validate' method.
DPWCA0785E Exception ocurred in validate,
certificate DN = %s
Explanation: An exception occurred while invoking
the validate method of a class with the specified
certificate DN.
Administrator response: Check the log file for other
details about the exception.
DPWCA0787E
DN of first entry is NULL.
DPWCA0778E Unable to attach thread in shutdown.
Aborting cleanup.
Explanation: An LDAP search returned an entry
without a DN.
Explanation: An error occurred while trying to attach
to the JVM to perform clean up activities.
Administrator response: Call support.
218
Version 7.0: Error Message Reference
DPWCA0788E • DPWCA0911E
DPWCA0788E Parsing the names and values for
replacement string failed.
Explanation: An error occurred retrieving values
needed to certificate DN mapping.
Administrator response: Check the log file for
additional errors. Verify the replacement strings in
webseald.conf are correct.
DPWCA0906E
Could not create socket (%d)
Explanation: This message is overloaded in its
meaning. It can mean there was a failure in creating a
socket for connecting, setting socket options on it, or
creating sockets for HTTP and HTTPS connections.
Administrator response: Check WebSEAL has not
exceeded system resource limits. Examine the errno in
the system error header file for details.
DPWCA0900E Unable to open ITIM CDAS
configuration file.
DPWCA0907E
Explanation: An error occurred while opening the
ITIM CDAS configuration file.
Explanation: This message means that there was a
failture to connect to a specific socket.
Administrator response: Check the file path in the
WebSEAL configuration file and verify that the ITIM
CDAS configuration file exists.
Administrator response: Examine the errno in the
system error header file for details.
DPWCA0901E Incorrect number of arguments used
for ITIM CDAS initialization.
Explanation: Bad number of arguments used in ITIM
CDAS configuration.
Administrator response: Verify that the correct
number of arguments are specified in the WebSEAL
configuration file for initializaion of the ITIM CDAS.
DPWCA0902E No ITIM CDAS configuration file or
action in the WebSEAL configuration
file.
Explanation: Bad parameter for ITIM CDAS
configuration file name or action type.
Administrator response: Verify that the ITIM CDAS
configuration file name path are correct in the
WebSEAL configuration file and that the CDAS action
type is either 'check' or 'sync'.
DPWCA0904E Could not create the sending message
to ITIM.
Explanation: See message.
Administrator response: Contact support.
DPWCA0905W Function call, func, failed error: error
code error text.
Explanation: The specified GSKit function failed while
setting up for SSL connections to junctions or from
browsers. Or perhaps the initial handshake failed due
to invalid certificates or the browser simply closed the
connection abruptly.
Administrator response: Examine the error text for
details. Typical problems might be that the PKCS#11
library is incorrectly specified, or the PKCS#11 token or
token password is incorrect, or the PKCS#11 token is
not set up.
Could not connect socket (%d)
DPWCA0908E Could not get the ITIM server host
address
Explanation: See the message.
Administrator response: Check whether ITIM server
is already running. If ITIM is running, check the ITIM
CDAS configuration file to verify the ITIM server URL
is specified correctly.
DPWCA0909E Windows library call failed. Could
not call the function WSAStartup.
Explanation: The WSAStartup function must be the
first Windows Sockets function called by an application
or DLL. It allows an application or DLL to specify the
version of Windows Sockets required and to retrieve
details of the specific Windows Sockets implementation.
The application or DLL can only issue further Windows
Sockets functions after a successfully calling
WSAStartup.
Administrator response: Check WS2_32.DLL in the
system environment.
DPWCA0910E
Unable to allocate memory
Explanation: Memory allocation failed.
Administrator response: Check per process memory
allocation limits.
DPWCA0911E Could not find host name or IP
address of ITIM server in the ITIM
CDAS configuration file.
Explanation: See the message.
Administrator response: Check the ITIM Password
URL part in the ITIM CDAS configuration file.
Chapter 6. Security Access Manager Web Runtime Messages
219
DPWCA0912E • DPWDS0302E
DPWCA0912E Could not find KeyDataBase in the
ITIM CDAS configuration file.
Explanation: See the message.
Administrator response: Verify that the KeyDataBase
entry exists in the ITIM CDAS configuration file.
DPWCA0913E Could not find KeyDataBase
Password in the ITIM CDAS
configuration file.
Explanation: See the message.
Administrator response: Verify that the KeyDataBase
Password entry exists in the ITIM CDAS configuration
file.
DPWDS0150E An attempt to create a UUID has
failed with the following error: %s
(error code: 0x%x)
Explanation: An attempt to create a UUID has failed.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0151E An attempt to retrieve the machine
address code (MAC) failed: %s (error
code: 0x%lx)
DPWCA0914E Could not find Source DN in the
ITIM CDAS configuration file.
Explanation: An attempt to retrieve the MAC of the
server failed.
Explanation: See the message.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Administrator response: Verify that the Source DN
entry exists in the ITIM CDAS configuration file.
DPWCA0915E Could not find ITIM Principal Name
in the ITIM CDAS configuration file.
Explanation: See the message.
Administrator response: Verify that the ITIM Principal
Name entry exists in the ITIM CDAS configuration file.
DPWCA0916E Could not find ITIM Principal
Password in the ITIM CDAS
configuration file.
Explanation: See the message.
Administrator response: Verify that the ITIM Principal
Password entry exists in the ITIM CDAS configuration
file.
DPWCA0917E
Could not find ITIM message header.
Explanation: ITIM server replied with an invalid
HTTP message header.
Administrator response: Check ITIM server for error
message details. Verify the version of the reverse
password server component.
DPWCA0922E The password could not be changed
in ITIM. The password has beeen
changed in TAM.
Explanation: Message indicates that module failed to
change the password in ITIM. Password in TAM has
been changed.
Administrator response: No action is required.
DPWDS0300E The session management client failed
to initialized.
Explanation: The client for the session management
interface could not be initialized.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0301E A general failure has occured within
the session management client.
Explanation: An error has occured within the session
management client.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0302E A replica set which is unknown to
the session management client has been
supplied (%s).
Explanation: An operation on a unknown session
management replica set has been requested.
220
Version 7.0: Error Message Reference
DPWDS0303E • DPWDS0311E
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0303E A replica set which is unknown to
the session management client has been
supplied.
Explanation: An operation on a unknown session
management replica set has been requested.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0304E The requested version %d of the
session key was not found for replica
%s in replica set %s.
Explanation: A request was made for a session key
which is not currently stored. This error occurs when
an old session ID is used.
Administrator response: Either increment the key
expiration time within the configuration file, or ensure
that old session ID's are not used.
DPWDS0305E
The requested key was not found.
Explanation: A request was made for a session key
which is not currently stored. This will usually occur
when an old session ID is used.
Administrator response: Either increment the key
expiration time within the configuration file, or ensure
that old session ID's are not used.
DPWDS0306E No session keys are currently
available.
Explanation: A request was made for the current
session key, but no key has been stored in the key table
.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0307E An error occurred when attempting to
communicate with the SOAP server
URL %s: %s (error code: %d/0x%x).
Explanation: An attempt was made to communicate
with the SOAP server and a failure occured within the
underlying communications layer.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Ensure that the SOAP server is running and
reachable. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWDS0309E An error was returned from the
SOAP server in cluster %s when calling
the %s interface: %s (code: 0x%x).
Explanation: The session management server returned
an error.
Administrator response: Examine messages within the
session management server log. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0310E An invalid key size was returned by
the session management server: %d,
whereas it should be: %d.
Explanation: The session management server has
passed a key to the client which is not the expected key
size.
Administrator response: Examine messages within the
session management server log. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0311E An incorrect key version was
returned by the session management
server to replica %s in replica set %s:
%d, whereas it should be: %d.
Explanation: The session management server has
passed a key to the client which is not the expected
version.
Administrator response: Examine messages within the
session management server log. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
Chapter 6. Security Access Manager Web Runtime Messages
221
DPWDS0312E • DPWDS0322E
DPWDS0312E The session management server could
not be reached.
Explanation: An unsuccessful attempt has been made
to communicate with an interface of the session
management server.
Administrator response: Ensure that the session
management server is running and can be reached by
the client. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWDS0313E The cryptographic routine, %s, failed
: %s (error code: 0x%x).
Explanation: A call in to a cryptographic routine has
failed.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0314E
The cryptographic routine, %s, failed.
Explanation: A call in to a cryptographic routine has
failed.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0315W An invalid session key was provided
to the session management server client.
Explanation: A session key with an invalid format
was provided to the session management server client.
Administrator response: Ensure that the session
management server is running and can be reached by
the client. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0316E The session management server did
not return a response.
Explanation: The session management server did not
return a response to a request made by the shared
session management client.
Administrator response: Ensure that the session
222
Version 7.0: Error Message Reference
management server is running and can be reached by
the client. Examine the session management server's
logs for error messages relating to this failure. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0319E The session management server client
attempted to join the replica set '%s'
twice with the replica name '%s'.
Explanation: The session management server client
has been configured to join a replica set twice using the
same replica name. The client must use different replica
names for each server instance in a replica set.
Administrator response: Modify the configuration file
to specify different replica names for each server
instance joining the same replica set. Restart the server.
DPWDS0320E The DN contained within the server
certificate, %s, is not recognised by
replica %s in replica set %s.
Explanation: The DN found within the server
certificate was not listed as a valid DN within the
configuration file.
Administrator response: Ensure that the correct server
certificate is supplied, or modify the list of valid DN's
within the configuration file.
DPWDS0321E The replica %s in replica set %s does
not have permission to access the
session management server.
Explanation: The session management server has been
configured to require authentication, but the session
management client either did not authenticate, or
authenticated using an identity that does not have
permission to access the session management server.
Administrator response: Ensure the session
management client has been configured to use HTTPS
to access the session management server, and that the
configuration file specifies the correct client certificate.
Check that the session management server security role
mappings are correct. It may be necessary to restart the
client.
DPWDS0322E The session management server for
the replica set, %s, of the replica, %s,
could not be reached.
Explanation: An unsuccessful attempt has been made
to communicate with an interface of the session
management server.
Administrator response: Ensure that the session
management server is running and can be reached by
the client. If the problem persists, check IBM Electronic
Support for additional information -
DPWDS0323E • DPWIV0154E
http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWDS0323E No session keys are currently
available for replica %s in replica set
%s.
Explanation: A request was made for the current
session key, but no key has been stored in the key table
.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWDS0450E Error parsing STS response element
line %d, column %d: '%s'. The element
text was '%s'.
Explanation: The STS returned an unintelligible XML
response.
Administrator response: If other elements of the STS
response are complete, SSO will continue. Otherwise,
SSO will fail. If SSO fails, exmaine the element to
determine why the STS response was invalid.
DPWDS0451E
Unable to parse timestamp '%s'
Explanation: The timestamp returned from the STS
was unintelligible.
Administrator response: Examine the element to
determine why the timestamp was invalid.
TFIM server may not be functioning properly, or the
STS module may need to be modified to return the
necessary data.
DPWDS0455E Token types other than 'kerberos'
require that you specify an HTTP
header name with the 'header-name'
configuration option or an HTTP cookie
name with the 'cookie-name'
configuration option.
Explanation: A configuration option was missing from
the configuration file
Administrator response: Add the needed entries to
the configuration file.
DPWDS0456E Error %08x occurred when retrieving
a token for user '%s' to access '%s'. Refer
to other log messages for additional
detail.
Explanation: An attempt to retrieve a token to access
a resource failed. Other messages with greater detail
have been logged.
Administrator response: Examine other entries in the
logs to determine the root cause of the failure.
DPWIV0151E
Could not initialize serviceability
component (%s, 0x%8.8lx)
Explanation: WebSEAL was unable to register the
service component with the serviceibility subsystem or
register an in memory catalog. The error code output in
the message will give finer details as to why. Most
likely it will be due to a lack of memory or a design
flaw.
Explanation: The timestamp returned from the STS
was unintelligible.
Administrator response: Check memory ulimit on
UNIX platforms, and available memory on all types of
platforms. Increase available memory to the WebSEAL
process if applicable.
Administrator response: Examine the element to
determine why the timestamp was invalid.
DPWIV0152E
DPWDS0452E
Unable to parse timestamp.
DPWDS0453E The STS response did not contain the
element '%s'
Explanation: The STS response was incomplete.
Administrator response: The TFIM server may not be
functioning properly, or the STS module may need to
be modified to return the necessary data.
DPWDS0454E The STS response did not contain a
necessary element.
Explanation: The STS response was incomplete.
Administrator response: Examine other entries in the
logs to determine which element was missing. The
Could not register serviceability
message table (%s, 0x%8.8lx)
Explanation: WebSEAL was unable to register an in
memory catalog. The error code output in the message
will give finer details as to why. Most likely it will be
due to a lack of memory or a program design flaw.
Administrator response: Check memory ulimit on
UNIX platforms, and available memory on all types of
platforms. Increase available memory to the WebSEAL
process if applicable.
DPWIV0154E
Could not open configuration file (%s,
%d)
Explanation: The configuration file output in the
message was not able to be opened. The error code also
Chapter 6. Security Access Manager Web Runtime Messages
223
DPWIV0155E • DPWIV0163E
output in the message will give finer details. This code
is likely to be one of: 8, failed to lock the file, generic
locking catch-all code. 10, unable to open the file,
general open catch-all code. 11, bad argument to
function from program design flaw. 12, failed to lock
the file, it is already locked. 13, File permissions don't
allow the program to open the file. 14, Insufficent
memory available to the program.
Administrator response: Increase relevant operating
system kernel specific limits. Typically WebSEAL needs
2048 file handles (except on Solaris, where it is 1024).
On Solaris WebSEAL attempts to ensure it has a
minimum virtual memory ulimit of 192MB. Another
reason this might fail is that the process was not started
by root.
Administrator response: Based on the error code
output in the message do one of the following actions.
8 or 12, the program may already be running, or the
another process may have the file open and locked. 10
or 13, check the file exists and in the case of 13, check
the ownership and access permissions. WebSEAL can
change the user it is running as so examine the
WebSEAL configuration file for unix-user. 11 contact
technical support. 14, check the data ulimit for the
process and the available memory. Increase it if
possible.
DPWIV0161E
DPWIV0155E
Configuration stanza missing (%s)
Explanation: A necessary configuration file stanza was
not found.
Administrator response: Make sure the name of the
stanza is spelled correctly in the configuration file.
DPWIV0156E
Configuration item missing (%s, %s)
Explanation: The configuration entry, output in the
error message, is missing from under the stanza, also
output in the error message. The entry is not optional.
Possibly a spelling mistake, or a new WebSEAL binary
was installed that requires additional new entries.
Administrator response: Fix any spelling errors or
add the missing entry.
DPWIV0157E
Could not initialise servicibility
messaging (0x%8.8lx)
Server is already running (PID %d)
Explanation: The program can not have multiple
instances running. In the case of WebSEAL, only one
WebSEAL process can be running per instance. The
confilicting program was determined by reading it's
Process ID (PID) from the a file and determining if that
PID was active.
Administrator response: Ensure only one instance is
running. On UNIX examine the output of the ps
command to determine the offending instance. It is
possible that if an old PID is in the PID file, and
another process has aquired this old PID that the
message is in error. In that case simply remove the PID
file and start the process again.
DPWIV0162E
Could not create PID file (%s, %d)
Explanation: The program could not create the file,
specified in the message text. The reason can be
determined in more detail from the error number, also
found in the error text. On UNIX the meaning of this
error code can typically be found in
/usr/include/sys/errno.h. Windows may need to
contact technical support as the included files are not
shipped with the operating system. Typical problems
might be insufficent priviledges, or lack of disk space.
Administrator response: Check the ownership and
permissions on the file, or directory containing the file,
allow the process to create or recreate it. Check there is
sufficent disk space on the file system/partition to
contain the file.
Explanation: See message.
Administrator response: The message contains an
error code that gives more specific details on the cause.
Also until the servicibility messaging is setup, English
messages may be output, and on UNIX platforms these
may additionally be put into syslog under the user
facility. Once the first servicibility message file is
initialised successfully errors may be output to
standard error log files. Check for these messages for
more specific details. Also check the language pack for
the locale has been installed.
DPWIV0158E
Could not set process rlimit.
Explanation: The UNIX process attempted to set it's
ulimit values for the number of file handles and on
some platforms the virtual memory size. If the
operatining system has set hard ulimits smaller than
the ones requested then it could fail.
224
Version 7.0: Error Message Reference
DPWIV0163E
Could not become background
process because output redirection
failed (%d)
Explanation: One of the four steps to creating a
background daemon process has failed. If the error
number specified in the error text is -1 or -2, then it
was unable to connect standard error or standard out
to a log file. For WebSEAL this log file is the server-log
entry in the configuration file. Typically this can be
caused by insufficent priviledges on the file or the
directory containing the file for WebSEAL.
Administrator response: Examine the error code, if -1
or -2 then check the ownership and permissions of the
servers log file and containing directory.
DPWIV0164W • DPWIV0176E
DPWIV0164W
Could not start background process
Explanation: If this message is generated during an
attempt to start WebSEAL then the attempt by
WebSEAL to fork itself into the background has failed.
Typpically some initialization failed in the child process
and an additional message will be logged by the
background child process. But it could also be due to
insufficent operating system resources.
Administrator response: For WebSEAL startup check
for additional errors that indicate why the background
process stopped.
DPWIV0166E
Could not load configuration
Explanation: Unable to load WebSEAL configuration
(typically webseald.conf) for for locating LDAP
configuration information or unable to load ldap
configuration file (typically ldap.conf). Additional
messages should be logged detailing why.
Administrator response: Locate additional logged
message to determine the problem. If no additional
messages, examine the ownership, permissions, and
existance of these files.
DPWIV0170E
Explanation: The server (typically WebSEAL) failed to
change the processes user ID to the one specified. This
can happen if the server does not have the privaledges
required.
Administrator response: Start the server as root or
change the owner of the program to root and set the 's'
bit in it's perms.
DPWIV0172E
Administrator response: No action is required
DPWIV0173E
Administrator response: Update the WebSEAL
configuration file (typically webseald.conf) and correct
the user name for 'unix-user' to a valid one.
DPWIV0168E
Invalid UNIX group name (%s)
Explanation: The server (typically WebSEAL) failed to
get information for the group. It is likely that it is an
invalid group name.
Administrator response: Update the WebSEAL
configuration file (typically webseald.conf) and correct
the group name for 'unix-group' to a valid one.
DPWIV0169E
Could not stop background process
(errno %d)
Explanation: Message is not used. This is purely used
as in internal status code.
Administrator response: No action is required
Invalid UNIX user name (%s)
Explanation: The server (typically WebSEAL) failed to
get information for the user. It is likely that it is an
invalid user name.
Unexpected end of byte stream
Explanation: Message is not used. This is purely used
as in internal status code.
DPWIV0174E
DPWIV0167E
Could not change process UID (%s)
Could not change the working
directory (errno %d)
Explanation: A child CGI process of WebSEAL is
unable to change to the directory containing the CGI.
The meaning of the errno value can typically be found
in /usr/include/sys/errno.h and will give finer details
on the cause.
Administrator response: Lookup the errno in errno.h
for the cause.
DPWIV0175E
Could not open a pipe (errno %d)
Explanation: WebSEAL failed to create a pipe for
communicating to a child CGI process of WebSEAL.
The meaning of the errno value can typically be found
in /usr/include/sys/errno.h and will give finer details
on the cause.
Administrator response: Lookup the errno in
/usr/include/sys/errno.h for the cause.
Could not change process GID (%s)
Explanation: The server (typically WebSEAL) failed to
change the processes group ID to the one specified.
This can happen if the server does not have the
privaledges required.
Administrator response: Start the server as root or
change the owner of the program to root and set the 's'
bit in it's perms.
DPWIV0176E
Could not fork (errno %d)
Explanation: WebSEAL failed for fork so that it could
execute a CGI. This could be due to insufficent
operating system resources.
Administrator response: Lookup the errno in
/usr/include/sys/errno.h for the cause.
Chapter 6. Security Access Manager Web Runtime Messages
225
DPWIV0177E • DPWIV0197E
DPWIV0177E
Could not duplicate file descriptor
(errno %d)
Explanation: A CGI created by WebSEAL failed to
redirect it's standard out or standard in to the pipes
used to communicate with the parent WebSEAL
process.
Administrator response: Lookup the errno in
/usr/include/sys/errno.h for the cause.
DPWIV0178E
Operation forbidden by the operating
system
Explanation: Message is not used. This is purely used
as in internal status code.
Administrator response: No action is required
Administrator response: No action is required
DPWIV0192W
LDAP server %s has failed
Explanation: The LDAP server named in the message
is not responding to requests.
Administrator response: Check the LDAP server is
operational. Once operational WebSEAL will start using
it again automatically. Check the LDAP server name is
correct.
DPWIV0193W
LDAP server %s has recovered
Explanation: The LDAP server named in the message
was previously non-operational. It is now responding
correctly to requests and will be used again.
Administrator response: No action required.
DPWIV0179E
Unknown user
Explanation: Message is not used. This is purely used
as in internal status code.
Administrator response: No action is required
DPWIV0180E
Missing .conf file setting
Explanation: The expected bind-dn or bind-pwd
entries in the ldap configuration file (typically
ldap.conf) are missing.
Administrator response: Add the missing bind-pwd
or bind-dn entry.
DPWIV0181E
%s: Missing [%s] setting: %s
Explanation: An ldap entry is missing from the
configuration file.
Administrator response: Add the missing entry.
DPWIV0186E
Unable to setup a connection to the
LDAP server
Explanation: Message is not used. This is purely used
as in internal status code.
Administrator response: No action is required
DPWIV0187E
Invalid LDAP 'replica' entry in config
file
DPWIV0194E
Could not become background
process because pipe failed. (%d)
Explanation: The pipe() function failed. This error
value can typically be found in /usr/include/sys/
errno.h and will give finer details on the cause.
Administrator response: Make sure server has the
permission to create interprocess pipes.
DPWIV0195E
Could not become background
process because fork failed. (%d)
Explanation: The fork() function failed. This function
fails when insufficient memory is available, or machine
process limit is reached. The error value can typically
be found in /usr/include/sys/errno.h and will give
finer details on the cause.
Administrator response: Make sure server machine
resources are available.
DPWIV0196W Could not start background process:
%s
Explanation: This is due to the failure to execute a
CGI program. Either the program is not executable, or
system resources are not available to run the program.
Administrator response: WebSEAL could not
successfully start a child process. Most likely the
program does not exist or is not executable.
Explanation: Message is not used. This is purely used
as in internal status code.
DPWIV0197E
Administrator response: No action is required
Explanation: An error occurred while attempting to
read data from a stanza file.
DPWIV0189E
Administrator response: Correct the problem in the
stanza file.
Unable to configure LDAP replica
into server.
Explanation: Message is not used. This is purely used
as in internal status code.
226
Version 7.0: Error Message Reference
Error in stanza file %s on line %d: %s
DPWIV0198E • DPWIV0454E
DPWIV0198E
Error in stanza file.
Explanation: An error occurred while attempting to
read data from a stanza f ile. Log files will contain
more information.
Administrator response: Examine log files to identify
the error in the stanza file.
DPWIV0199E
An unexpected exception occurred at
line %s:%d
Explanation: An internal error occurred.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0200E
An unexpected exception occurred
Explanation: An internal error occurred.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0201E
The azn-api function '%s' returned
0x%lx
Explanation: An unexpected azn-api function failure
occurred.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0202E
An azn-api function unexpectedly
failed
Explanation: An unexpected azn-api function failure
occurred.
Administrator response: Check log files for additional
details. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0203E
Additional information from azn-api:
%s = %s
Explanation: An azn-api error occurred, and this
message contains more detail about the error.
Administrator response: Check log files for additional
details. The exact action to take depends on the context
of the error.
DPWIV0204E
An invalid permission string, %s, was
located for the %s method within the %s
stanza.
Explanation: A configured permission string is invalid
and not recognized by the IBM Security Access
Manager Authorization engine.
Administrator response: Correct the specified
permission string within the configuration file and
ensure that the permission string is valid.
DPWIV0205E
The system function '%s' returned
0x%lx.
Explanation: An unexpected system function failure
occurred.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0450E
Could not create new thread (%d)
Explanation: WebSEAL failed to create an additional
thread. This may be due to running out of operating
system resources or exceeding process limits.
Administrator response: Check memory and thread
limits for the process, and available memory. The error
number can be looked up in /usr/include/sys/errno.h
for more details on the problem.
DPWIV0452E
Could not cancel thread (%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to stop a thread that monitors a
junctions health.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0453E
Could not join thread (%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to cleanup a stopped thread that
monitors junction health.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0454E
Could not create mutex (%d)
Explanation: WebSEAL failed to create a mutex used
to protect internal resources. This may be due to
insufficent Operating System resources or exceeding
process limits such as memory.
Chapter 6. Security Access Manager Web Runtime Messages
227
DPWIV0455E • DPWIV0466E
Administrator response: Check memory limits for the
process, and available memory. The error number can
be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0455E
Could not destroy mutex (%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to cleanup a mutex used to protect
system resources.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0456E
Could not lock mutex (%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to lock a mutex used to protect
system resources.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0457E
Could not unlock mutex (%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to lock a mutex used to protect
system resources.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0458E
Could not create condition variable
(%d)
Explanation: WebSEAL failed to create a condition
variable used to wait for events to occur. This may be
due to insufficent Operating System resources or
exceeding process limits such as memory.
Administrator response: Check memory limits for the
process, and available memory. The error number can
be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0459E
Could not destroy condition variable
(%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to release resources used by a
condition variable.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
228
Version 7.0: Error Message Reference
DPWIV0460E
Could not wait on condition variable
(%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to wait on a condition variable.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0461E
Could not broadcast on condition
variable (%d)
Explanation: This message indicates a serious internal
error involving the threading library.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0462E
Could not signal on condition
variable (%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to signal a condition variable.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0463E
Could not set thread cancelability
(%d)
Explanation: WebSEAL has an unrecoverable internal
error when trying to modify a threads cancel state.
Administrator response: Contact technical support,
this is an unexpected internal error. The error number
can be looked up in /usr/include/sys/errno.h for more
details on the problem.
DPWIV0465E
Error msg returned from stanza
function: (%s).For entry: %s/%s.
Explanation: The migrate tool has had an error while
manipulating a configuration file full of stanzas and
entries. The bracketted error string within the error
message gives more detail.
Administrator response: Correct the error specified by
the bracketted error string.
DPWIV0466E
Unsupported configuration item type
(%d)
Explanation: The migrate tool has had an
unrecoverable internal error. It has encountered an
unknown entry type.
Administrator response: Contact technical support,
DPWIV0467E • DPWIV0759W
this is an unexpected internal error.
DPWIV0467E
Could not create new pthread key
(%d)
Explanation: See message.
Administrator response: Contact product support.
DPWIV0468E
Could not create default pthread
attributes.
Explanation: WebSEAL failed to create pthread
attributes.
Administrator response: Check available memory for
the process.
DPWIV0469E
pthread_attr_setdetachstate() failed
(%d)
Explanation: This message indicates a serious internal
error involving the threading library.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0470E
Could not destroy pthread attributes.
Explanation: WebSEAL failed to delete pthread
attributes.
DPWIV0752E
Could not open file (%s, %d)
Explanation: Unable to open the file specified in the
error text. This error message is only used internally by
WebSEAL and some test programs.
Administrator response: The error number specified
in the error text gives more details. It can be looked up
in /usr/include/sys/errno.h.
DPWIV0753E
Error resetting file pointer (%d)
Explanation: An attempt to setup for reading or
writing a file from the start failed. This file is being
used to supply content for a local junction.
Administrator response: This is unexpected and if it
persists should be reported to technical support. The
error number in this message can be looked up in
/usr/include/sys/errno.h for additional details on the
cause.
DPWIV0754E
Could not close file (%d)
Explanation: Closing a file used for supplying content
for a local junction failed.
Administrator response: This is unexpected and if it
persists should be reported to technical support. The
error number in this message can be looked up in
/usr/include/sys/errno.h for additional details on the
cause.
Administrator response: Check available memory for
the process.
DPWIV0755E
DPWIV0471E
Administrator response: This is unexpected and if it
persists should be reported to technical support. The
error number in this message can be looked up in
/usr/include/sys/errno.h for additional details on the
cause.
pthread_rwlock_init() failed (%d)
Explanation: This message indicates a serious internal
error involving the threading library.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWIV0750E
Could not unlink file (%s, %d)
Explanation: Unable to remove the file used to store
the process ID (PID) of the server (typically WebSEAL).
This file is used when WebSEAL is started to detect if
WebSEAL is already running. Only one process per
instance of WebSEAL can be running.
Administrator response: Remove the file by hand.
Check the permissions and ownership of the directory
where the file is stored to ensure the server can update
it. Check the error number returned for greater details
of the cause. It can be looked up in
/usr/include/sys/errno.h.
Could not truncate file (%d)
Explanation: Truncating a file in a local junction
failed.
DPWIV0756E
Could not deallocate file descriptor
%d. (errno: %d)
Explanation: Unable to close unused file handles in
child CGI process.
Administrator response: This is unexpected and if it
persists should be reported to technical support. The
error number in this message can be looked up in
/usr/include/sys/errno.h for additional details on the
cause.
DPWIV0759W Directory (%s) could not be created.
(Errno = %d)
Explanation: Unable to create the directory specified
in the error message. The directory is created to store
content from a PUT HTTP request.
Chapter 6. Security Access Manager Web Runtime Messages
229
DPWIV0760W • DPWIV1051E
Administrator response: This may be due to lack of
disk space or permissions on parent directories. For
more details on the cause lookup the errno in
/usr/include/sys/errno.h
DPWIV0760W
The specified path is invalid. (%s)
Explanation: The path specified to the DELETE HTTP
request is not valid on the local junction.
Administrator response: Correct the HTTP URL to
contain a valid path on the local junction.
DPWIV0761W The file (%s) attributes cannot be
obtained. (Errno = %d)
Explanation: Unable to fetch information on the file
specified in the error message. This file is possibly
going to be the target of a HTTP PUT request.
Administrator response: This may be due to
permissions on the file. For more details on the cause
lookup the errno in /usr/include/sys/errno.h
DPWIV0762W
Can't delete non-empty directory (%s)
Explanation: This is only used as an internal status. It
occurs either during a PUT or DELETE HTTP request
when the replaced or deleted directory is not empty.
Administrator response: Don't PUT or DELETE on
this directory until it is empty.
DPWIV0763W
Failed to delete file (%s) (Errno = %d)
Explanation: A HTTP PUT or DELETE request is
either replacing or deleting a file on a local junction.
This failed.
Administrator response: This may be due to
permissions on the file. For more details on the cause
lookup the errno in /usr/include/sys/errno.h
DPWIV0764E
Could not rename file (%s, %s, %d)
Explanation: Unable to rename/move the file to the
destination. This is done in response to a HTTP
DELETE request when the delete files are to be
archived.
Administrator response: This may be due to
permissions on the source or destination file or their
directories. For more details on the cause lookup the
errno in /usr/include/sys/errno.h
DPWIV0766W
Write to file (%s) failed. (Errno = %d)
DPWIV0767E
List of directory (%s) failed. (Errno =
%d)
Explanation: A system error occurred while trying to
read a directory's contents.
Administrator response: Examine the directory
specified and attempt to determine and correct the
problem that caused the system error.
DPWIV0768E
Could not copy file (%s, %s, %d)
Explanation: Unable to copy the file to the
destination. The source of this error depends on the
context of the operation that failed.
Administrator response: This may be due to
permissions on the source or destination file or their
directories. For more details on the cause lookup the
errno in /usr/include/sys/errno.h
DPWIV0769W Read from file (%s) failed. (Errno =
%d)
Explanation: The server was unable to read from the
file specified.
Administrator response: This may be due to
permissions on the file. For more details on the cause
lookup the errno in /usr/include/sys/errno.h
DPWIV0770W Could not close file (%s). (Errno =
%d)
Explanation: The server was unable to close an open
file.
Administrator response: This may be due to
insufficient file system space. For more details on the
cause lookup the errno in /usr/include/sys/errno.h
DPWIV1050E
Could not create socket: ERRNO = %d
Explanation: WebSEAL failed to create a socket for
connections to junctions, or failed to create the listening
sockets for HTTP and HTTPS connections from client
browsers.
Administrator response: Check WebSEAL has not
exceeded system resource limits. For more details on
the cause lookup the errno in /usr/include/sys/
errno.h.
DPWIV1051E
Could not bind socket to port (%d,
%d)
Explanation: The server failed to write to an open file.
Explanation: WebSEAL failed to bind a socket to the
HTTP or HTTPS port specified in it's configuration file.
Administrator response: This may be due to
permissions on the file or because there is insufficient
room in the file system. For more details on the cause
lookup the errno in /usr/include/sys/errno.h
Administrator response: Check WebSEAL has not
exceeded system resource limits. Check the port
numbers are valid in the WebSEAL configuration file.
Check these ports don't clash with other servers on the
230
Version 7.0: Error Message Reference
DPWIV1052E • DPWIV1063E
same system. For more details on the cause lookup the
errno in /usr/include/sys/errno.h.
DPWIV1052E
Could not bind socket to port %d,
interface %s (errno %d)
Explanation: WebSEAL failed to bind a socket to the
HTTP or HTTPS port specified in it's configuration file
on a specific network interface address.
Administrator response: Check WebSEAL has not
exceeded system resource limits. Check the port
numbers and interface addresses are valid in the
WebSEAL configuration file. Check these ports don't
clash with other servers on the same system. For more
details on the cause lookup the errno in
/usr/include/sys/errno.h.
server directly and examine the response from the
server.
DPWIV1057E
Explanation: WebSEAL encountered an error when
attempting to close a socket.
Administrator response: No action required.
DPWIV1058E
Cannot understand requested network
interface %s
Explanation: WebSEAL failed to validate the HTTP or
HTTPS network interface address specified in its
configuration file.
Administrator response: Check the interface addresses
are valid in the WebSEAL configuration file.
DPWIV1054E
Could not connect
Explanation: WebSEAL was unable to connect to a
junctioned Web server.
Could not call select() on socket
Explanation: WebSEAL encountered an error while
using the select function on a socket.
Administrator response: No action required.
DPWIV1059E
DPWIV1053E
Could not close socket (errno %d)
Timeout occurred while attempting to
read from socket
Explanation: A timeout occurred when WebSEAL was
attempting to read from a socket.
Administrator response: No action required.
DPWIV1060E
Could not read from socket (%d)
Explanation: A timeout occurred when WebSEAL was
attempting to read from a socket.
Administrator response: No action required.
DPWIV1061E
Could not write to socket (%d)
Administrator response: Check that the host name
and port number specified for the junction are correct.
Check that the junctioned Web server is available and
responding.
Explanation: An unexpected error occurred while
writing to a socket.
DPWIV1055E
DPWIV1062E
Could not read from socket
Explanation: WebSEAL was unable to read from a
junctioned Web server, or from a browser. The browser
or Web server may have closed the connection
prematurely.
Administrator response: Retry the operation, the error
condition may be temporary. If the error reoccurs check
log files for related messages. Verify that the browser or
junctioned Web server is functioning properly.
DPWIV1056E
Could not write to socket
Explanation: WebSEAL was unable to write to a
junctioned Web server, or to a browser. The browser or
Web server may have closed the connection
prematurely.
Administrator response: Retry the operation, the error
condition may be temporary. If the error reoccurs check
log files for related messages. Verify that the browser or
junctioned Web server is functioning properly. If this
occurs when WebSEAL is writing to a junctioned Web
server, try sending the request to the junctioned Web
Administrator response: No action required.
Unable to resolve IP address for
hostname '%s' (Error %d: %s)
Explanation: An attempt to resolve a hostname to an
IP address failed. There are many possible reasons for
failure, and the system error code and error text can be
used to isolate the problem.
Administrator response: The source for this error
depends on the exact context of the error.
Administrators should verify that the hostname
specified is correct, and that DNS can resolve the
hostname properly. Check the DNS configuration the
server logging this error. The system error code and
error text may provide more detail about the problem.
DPWIV1063E
Unable to resolve IP address for
hostname.
Explanation: An attempt to resolve a hostname to an
IP address failed.
Administrator response: Check the logs for additional
error messages. Other messages will contain more
detail about the problem.
Chapter 6. Security Access Manager Web Runtime Messages
231
DPWIV1064E • DPWIV1217W
DPWIV1064E
Could not set socket options (%d)
Explanation: There was a failure in setting socket
options.
Administrator response: Check that WebSEAL has not
exceeded system resource limits. For more details on
the cause, lookup the errno in /usr/include/sys/
errno.h.
DPWIV1065E
Could not get socket options (%d)
Explanation: There was a failure trying to get socket
options.
Administrator response: Check that WebSEAL has not
exceeded system resource limits. For more details on
the cause, look up the errno in /usr/include/sys/
errno.h.
DPWIV1066E
Could not obtain the socket details:
ERRNO = %d
Explanation: WebSEAL failed to obtain the connection
details for a connected socket.
Administrator response: Check WebSEAL has not
exceeded system resource limits. For more details on
the cause lookup the errno in /usr/include/sys/
errno.h.
DPWIV1200E
Could not write to SSL connection
Explanation: This is used only as an internal error
code. It should not be visible.
PKCS#11 token or token password is incorrect, or the
PKCS#11 token is not setup.
DPWIV1212W No server DN is defined for '%s'.
The junctioned server DN verification is
not performed.
Explanation: No server DN is defined in the junction
database. DN verification against server certificate will
be ignored.
Administrator response: Recreate the junction
specifying the junctioned servers certificate DN or turn
off mutual authentication on the junction.
DPWIV1213E
Explanation: The SSL connection to the specified
junction did not have a certificate presented from the
junctioned server.
Administrator response: Check the server side's
certificate has been configured.
DPWIV1214E
Could not read from SSL connection
Explanation: This is used only as an internal error
code. It should not be visible.
Administrator response: No action required.
DPWIV1203E
Could not create new SSL connection
Explanation: This is used only as an internal error
code. It should not be visible.
Administrator response: No action required.
DPWIV1210W Function call, func, failed error: error
code error text.
Explanation: The specified GSKit function failed while
setting up for SSL connections to junctions or from
browsers. Or perhaps the initial handshake failed due
to invalid certificates or the browser simply closed the
connection abruptly.
Administrator response: Examine the error text to
gain insite on the problem. Typical problems might be
that the PKCS#11 library is incorrectly specified, or the
232
Version 7.0: Error Message Reference
Could not get junctioned server (%s)
certificate's DN
Explanation: See message.
Administrator response: Check the junctioned server
is presenting a certificate that has a printable DN
present
DPWIV1215E
Administrator response: No action required.
DPWIV1201E
Could not get junctioned server (%s)
certificate
Error in junctioned server DN
verification (%s)
Explanation: The DN in the certificate presented by
the junctioned server contains a DN that does not
match the one specified when the junction was created.
Administrator response: Check the junctioned server's
DN with the one specified during the junction creation.
DPWIV1216E
The junctioned server presented an
invalid certificate.
Explanation: The certificate presented by the backend
server failed validation.
Administrator response: Install the CA root certificate
in the WebSEAL certificate key database.
DPWIV1217W
SSL connection error.
Explanation: This is an internal error status not
visible. Error code returned when an ssl connection
failed
Administrator response: Check logs for more details.
DPWIV1218E • DPWWA0151E
DPWIV1218E
Error in junctioned server DN
verification.
DPWIV1350E
An error occurred when loading a
shared library.
Explanation: The DN specified when the junction was
created did not match the DN in the certificate
presented by the server.
Explanation: This message indicates that a problem
occurred when loading a shared library. Other log
messages will have additional information.
Administrator response: Check the junctioned server's
DN with the one specified during the junction creation.
Administrator response: Examine log files for more
detailed error messages.
DPWIV1219E
DPWIV1351E
An SSL toolkit failure occured while
calling %s. Error: %s.
Explanation: An internal SSL error occurred.
Administrator response: The action to correct this
problem depends on details in the error message.
DPWIV1220E
An ICC toolkit failure occurred.
Explanation: An internal ICC error occurred.
Administrator response: This error is always
accompanied with a serviceability log error message
detailing the ICC routine which failed and the reason
for the failure. The action to correct this problem
depends on details in the serviceability log message. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWIV1221E
An ICC toolkit failure occurred while
calling %s. Error: %s.
Explanation: An internal ICC error occurred.
Administrator response: The action to correct this
problem depends on details in the error message. If the
problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
The shared library '%s' could not be
loaded because of system error code %d.
System error text: %s.
Explanation: Opening a shared library failed. The
shared library may not exist, permissions on the library
may be incorrect, or it may contain other errors that
prevent it from loading.
Administrator response: Examine the system error
code and text to determine the nature of the problem.
Make sure the shared library exists and is readable.
Make sure all of the symbols in the library can be
resolved.
DPWIV1352E
The symbol '%s' in the shared library
'%s' could not be loaded because of
system error code %d. System error text:
%s.
Explanation: Resolving a symbol from a shared library
failed after the library was initially loaded. The symbol
may not exist in the library or other symbols on which
this symbol depends might not be available.
Administrator response: Examine the system error
code and text to determine the nature of the problem.
Make sure the shared library implements and exports
the function being resolved. Make sure all of the
symbols required by the shared library can be resolved.
DPWWA0150E
Cannot allocate memory
Explanation: Memory allocation operation failed.
DPWIV1222E
An ICC toolkit failure occurred while
calling %s. No further details are
known.
Explanation: An internal ICC error occurred.
However, no details about the error we able to be
determined beyond the name of the ICC function
which failed.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Check memory limits on
your machine, and increase available memory if
possible.
DPWWA0151E An insufficient amount of memory
was supplied.
Explanation: An insufficient amount of memory was
passed into a function.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Chapter 6. Security Access Manager Web Runtime Messages
233
DPWWA0305E • DPWWA0322E
DPWWA0305E The '%s' routine failed for '%s', errno
= %ld
DPWWA0316W Configuration item value has been
assumed for %s
Explanation: This is a major internal server failure. An
internal function call failed.
Explanation: The configuration item value did not
make sense and a default value was assumed
Administrator response: Contact customer support.
Administrator response: Correct the configuration
variable in webseald.conf
DPWWA0306E
Error in configuration file: %s
Explanation: The configuration file contained an error.
DPWWA0318E Error in configuration file, invalid
accept-client-certs value: %s
Administrator response: Edit the configuration file to
correct the error.
Explanation: See message.
DPWWA0308W Function name failed with errno
value
Explanation: This is a generic message used to
identify specific non-fatal function calls failing.
Administrator response: Determine why the function
call failed.
Administrator response: Correct the accept-client-certs
parameter in webseald.conf
DPWWA0319E Error in configuration file. When
accept-client-certs is set to optional or
required, you must specify a library
with the cert-ssl option, or you must
specify an eai-uri option.
Explanation: See message.
DPWWA0309E Badly formatted config entry for %s
cache
Explanation: The configuration defined in the
[content-cache] stanza was incorrect.
Administrator response: Correct the values in the
[content-cache] stanza of the configuration file.
DPWWA0310E Could not open IBM Security Access
Manager WebSEAL configuration file
(%s)
Administrator response: Set the cert-ssl parameter in
webseald.conf
DPWWA0320W Error in configuration. Clients and
MPAs cannot use the same session
types.
Explanation: Clients and MPAs cannot use the same
session types.
Administrator response: Configure clients and MPAs
to use different session types.
Explanation: See message.
Administrator response: Correct problem preventing
configuration file from being opened.
DPWWA0321E Value for stanza [%s] entry '%s'
contains an illegal trailing backslash
character.
DPWWA0314E Initialization of authorization API
failed. Major status=0x%x, minor status
= 0x%x
Explanation: Backslash characters are used to remove
any special meaning of the character following it. The
end of line cannot be treated this way.
Explanation: See message.
Administrator response: Remove the trailing \\
character from the the entries value.
Administrator response: Look up the specified
major/minor status codes either through the Error
Message Reference Book or the pdadmin errtxt
command. Analyze and fix the error based on that
information.
DPWWA0315E Initialization of authentication layer
failed: %s
Explanation: One of the authentication libraries failed
to load.
Administrator response: Correct the entries for the
authentication libraries in webseald.conf
234
Version 7.0: Error Message Reference
DPWWA0322E Value for stanza [%s] entry '%s'
contains an unmatched quote.
Explanation: Quote characters are used to allows
values to have leading and trailing space characters.
The values that have this requirement must have a
quote at the begining and end of the region of chars. A
unpaired quote is not legal unless its special meaning is
removed using the backslash character.
Administrator response: Remove the unmatched "
character from the the entries value or place a \\ char
before it to remove its special meaning.
DPWWA0323E • DPWWA0332E
DPWWA0323E Value for stanza [%s] entry '%s'
contains a 'name = value' with a missing
name.
DPWWA0328E The interface '%s' defined in the [%s]
stanza contains an illegal empty value
for '%s'.
Explanation: Stanza entries of this type have a special
format. This format consists of multiple name = value
pairs separated by semicolon characters. In this case the
name part of a pair is missing or empty.
Explanation: The worker threads setting in the
configuration of an interface must be set to either the
number of worker threads to create, or the name of
another interface to share worker threads with.
Typically this entry will look like 'worker-threads = 50'
Administrator response: Provide a name before the =
character.
DPWWA0324E Value for stanza [%s] entry '%s'
contains a 'name = value' with a missing
= character.
Explanation: Stanza entries of this type have a special
format. This format consists of multiple 'name = value'
pairs separated by semicolon characters. In this case the
= separating the pair is missing.
Administrator response: Insert the missing =
character.
DPWWA0325E Value for stanza [%s] entry '%s'
contains two name value pairs with the
same name '%s'.
Explanation: Stanza entries of this type have a special
format. This format consists of multiple 'name = value'
pairs separated by semicolon characters. In this case
there are two of these pairs with the same name. This
is illegal as all names must be unique.
Administrator response: Remove or rename one of
the name value pair with the duplicate name.
DPWWA0326E Stanza [%s] contains an illegal
duplicate entry '%s'.
Administrator response: Supply a non-empty value
for worker-threads.
DPWWA0329E The interface '%s' defined in the [%s]
stanza contains an illegal value for '%s'.
Explanation: The worker threads setting in the
configuration of an interface must be set to either the
number of worker threads to create, or the name of
another interface to share worker threads with.
Typically this entry will look like 'worker-threads = 50'
Administrator response: Provide the name of an
interface that has it's own worker threads or provide
the number of worker threads it should create for itself.
DPWWA0330E The interface '%s' defined in the [%s]
stanza contains an invalid value for '%s'.
Explanation: The port value provided is either out of
the legal range or is not a number.
Administrator response: Provide a legal value for a
TCP/IP port in the range 1 to 65535.
DPWWA0331E The interface '%s' defined in the [%s]
stanza contains an illegal TCP/IP
address value for '%s'.
Explanation: This stanza expects entries with unique
names.
Explanation: The TCP/IP value provided is either
255.255.255.255 or not a valid string for an TCP/IP
address
Administrator response: Remove or rename one of
the entry names.
Administrator response: Provide a legal value for a
TCP/IP port.
DPWWA0327W The default WebSEAL TCP and SSL
interfaces have both been disabled,
which also disables the default
WebSEAL worker threads.
DPWWA0332E Invalid certificate authentication
configuration for interface '%s' defined
in the [%s] stanza. Incompatible
combination of accept-client-certs and
ssl-id-sessions values.
Explanation: When both the default WebSEAL
interfaces are disabled using [server] https = no and
http = no the default worker threads are also not
created. This will make WebSEAL unaccessable unless
additional interfaces are defined under [interfaces]
stanza. Note that these additional interfaces will not be
able to share the 'default' worker threads as they will
not have been created.
Explanation: See message.
Administrator response: Change the
accept-client-certs or ssl-id-sessions parameter in
webseald.conf.
Administrator response: No action required, it just an
unusual situation.
Chapter 6. Security Access Manager Web Runtime Messages
235
DPWWA0333E • DPWWA0342W
DPWWA0333E Invalid certificate cache
configuration to support interface '%s'
defined in the [%s] stanza.
Explanation: See message.
Administrator response: Change the values of the
certificate cache configuration items.
DPWWA0334E Error in configuration file, invalid
accept-client-certs value: %s for interface
'%s' defined in the [%s] stanza.
Explanation: See message.
Administrator response: Correct the accept-client-certs
parameter in webseald.conf
DPWWA0335E Error in configuration file relating to
interface '%s' defined in the [%s] stanza.
When accept-client-certs is set to
optional, required, or
prompt_as_needed, specify a library
with the cert-ssl option or the eai-uri
option.
Explanation: See message.
Administrator response: Set the cert-ssl parameter in
webseald.conf
DPWWA0336E The interface '%s' defined in the [%s]
stanza must have one of http-port or
https-port enabled.
Explanation: An interface has no function unless at
least one port is defined.
Administrator response: Assign a port to either or
both of http-port or https-port.
DPWWA0337W The '%s' routine failed in '%s' for
interface %s:%d, errno = %d
Explanation: A non-fatal error was reported from the
specified function, called in a specified function in
relation to the specified interface and port. The system
error code is given to help diagnose the reason.
WebSEAL will continue to function. Typically this
occurs when a connection from a browser is ended
abnormally.
Administrator response: Keep an eye on this and if
this occurs too often contact WebSEAL customer
support.
DPWWA0338E Not enough free file descriptors in
the process to configure even one of the
worker threads wanted by the worker
pool named '%s'.
Explanation: Each interface defined can have it's own
worker thread pool. If previous definintions have
236
Version 7.0: Error Message Reference
consumed all available resources in creating their own
worker thread pools then there may be nothing left for
this interface. Each worker thread requires 2 file
descriptors. The number of available file descriptors is
dependent on the Operating System WebSEAL is run
on and is fixed when WebSEAL is constructed.
Administrator response: Reduce the number of
worker threads used by other worker pools.
DPWWA0339W Worker list '%s' has configured %d
worker threads which is greater than the
system can support. It has automatically
been reduced to %d.
Explanation: Each operation system has different
levels of support for threads and open files. That
combined with compile time options will provide limits
on the configurable number of worker threads.
Administrator response: The software automatically
reduced the value. However to stop this message
appearing you may set the value in the configuration
file lower.
DPWWA0340E Unable to listen on interface %s:%d,
errno = %d
Explanation: The attempt to listen for connections on
the specified interface and port failed. The system error
code is given to help diagnose the reason.
Administrator response: It is likely the reason for
failure is that another process or WebSEAL interface is
already listening on the same port and network
address. Change the port and/or network address to
one not in use.
DPWWA0341E Error in configuration file, unknown
setting '%s' for interface '%s' defined in
the [%s] stanza.
Explanation: The interface has an unknown
name=value pair in it's configuration. This could be
due to a spelling error.
Administrator response: Remove the unknown setting
in the WebSEAL configuration file
DPWWA0342W The configuration data for this
WebSEAL instance has been logged in
'%s'
Explanation: This is an informational message.
Administrator response: Informational. No action is
required.
DPWWA0343E • DPWWA0626E
DPWWA0343E An error occurred trying to log the
WebSEAL configuration data at startup.
DPWWA0605E Can't perform single sign-on. User
'%s' is not logged in
Explanation: Check the server's error log file for
specific error conditions that could have led to this
failure. It is possible that there are permission issues
with the configuration data log file or there are space
limitations in the filesystem.
Explanation: User must be authenticated to use SSO.
Administrator response: It is likely that logging the
server's configuration data failed because the desired
location for the log file is missing or was specified
incorrectly in the server's configuration file.
DPWWA0345E The request was too large to store in
the session cache.
Explanation: The request size exceeded
request-max-cache or the message body exceeded
request-body-max-read, so the request could not be
stored in the session cache.
Administrator response: Re-submit the request after
authentication or increase request-max-cache and/or
request-body-max-read
DPWWA0600E The requested single sign-on service
is not supported by this server
Administrator response: Informative only. User must
be logged in.
DPWWA0606E Could not sign user '%s' on due to
incorrect target
Explanation: Could not sign user on due to incorrect
target in SSO.
Administrator response: Check the target in SSO for
this user
DPWWA0607E Received basic authentication
challenge for junction where filtering is
being applied
Explanation: The junction type filters out Basic
Authentication data, but the junctioned server sent a
BA challenge.
Administrator response: Either create the junction
without the -filter flag or modify the junctioned server
to not use Basic Authentication.
Explanation: Junction created with an SSO
specification that the server was not built to support
DPWWA0608E Unable to obtain binding to LDAP
server
Administrator response: Do not use the single-sign-on
service specified by the junction definition
Explanation: Unable to obtain binding to LDAP server
DPWWA0601E Could not fetch SSO info for user
(%s,0x%8lx)
Explanation: Could not map from username/pwd to
principal/target in SSO
Administrator response: Check mappings from
principal/target to username/pwd in SSO
DPWWA0602E User '%s' does not have any
associated SSO info
Explanation: SSO data either does not exist or is
incorrect.
Administrator response: Check that LDAP server is
running and can be accessed.
DPWWA0609E Unable to obtain binding to
LDAP-GSO server (0x%8lx)
Explanation: Unable to obtain binding to LDAP-GSO
server
Administrator response: Check that LDAP-GSO
server is running and can be accessed.
DPWWA0625E Either the configuration file is
missing or it has errors.
Administrator response: Check that SSO data for this
user exists and is correct.
Explanation: The iv.conf file is either missing, or the
LDAP stanza does not have enough information to
bind to the LDAP server.
DPWWA0603E User '%s' does not have a matching
SSO target
Administrator response: Make sure that the
configuration file has the ldap stanza and all the LDAP
information is included in the stanza.
Explanation: The user was found in SSO, but no
target exists for them.
Administrator response: Create a target in SSO for
this user.
DPWWA0626E This script can only be used to
decode form results.
Explanation: This error occurs when the user invokes
the update password URL directly from the browser.
Administrator response: The user needs to invoke the
Chapter 6. Security Access Manager Web Runtime Messages
237
DPWWA0627E • DPWWA1061E
cgi-bin program and change the password from the
browser.
DPWWA0627E Could not get the LDAP
distinguished name (DN) for the remote
user.
Explanation: The ira_get_dn(), to get the distinguished
name, failed.
Administrator response: Make sure that the LDAP
entry is set for the remote user.
DPWWA0628E The selected resource or resource
group does not exist.
Explanation: The user selected a resource or a
resource group that does not exist in the LDAP
database.
Administrator response: Make sure that the resource
or the resource group exists for the user.
DPWWA0629E
Could not bind to the LDAP server.
Explanation: The ira_rgy_init call failed. Contact your
Administrator.
Administrator response: Make sure that the LDAP
server can be reached and try again.
DPWWA0630E This script should be referenced
with a METHOD of POST.
Explanation: This error occurs when the user invokes
the update password URL directly from the browser.
Administrator response: The user needs to invoke the
cgi-bin program and change the password from the
browser.
DPWWA0631E
Passwords don't match.
Explanation: The user attempted to change their GSO
target password and failed to confirm the new
password.
Administrator response: The user must correct their
entries in the update password form, ensuring that the
passwords match.
DPWWA0632E
Unable to retrieve user identity.
Explanation: This error occurs because the
REMOTE_USER cgi environment variable was not
passed to the GSO chpwd program by WebSEAL.
Administrator response: Verify that the cgi-program is
being invoked by WebSEAL and not called directly.
238
Version 7.0: Error Message Reference
DPWWA0633E Either a user ID or a password must
be specified.
Explanation: Either the user ID or a password must
be specified to update the resource.
Administrator response: Enter the user ID or
password and try again.
DPWWA0634E
Select a resource or resource group.
Explanation: The required resource information was
missing from the cgi form used to update a user's GSO
target information.
Administrator response: The user must specify the
proper resource information in the cgi form.
DPWWA0635E
Completed successfully.
Explanation: Operation completed successfully.
Administrator response: No action required.
DPWWA0636E No TFIM single sign-on tokens were
available.
Explanation: WebSEAL is correctly retrieving SSO
tokens from TFIM, but these tokens have expired. The
problem is most likely caused by the clocks on the
WebSEAL server and the TFIM server being set to
different times.
Administrator response: Check the time
synchronization between the TFIM server and the
WebSEAL server.
DPWWA1055E Operation has insufficient Quality of
Protection
Explanation: This error occurs when a person tries to
access an object that requires a secure communications
channel over an insecure channel such as TCP.
Administrator response: Either access the object over
SSL/TLS or modify the policy associated with the
object to reduce the QOP required.
DPWWA1061E Provide your authentication details
for method:
Explanation: This error is printed when a user
attempts to access an object that requires a higher level
of authentication than they have provided.
Administrator response: The user should either
provide the higher level of authentication, or the policy
associated with the object should be modified to reduce
the level of authentication required.
DPWWA1062E • DPWWA1088E
DPWWA1062E An invalid authentication level has
been detected in a POP object.
Explanation: A POP object specified an authentication
level that is not supported by the current WebSEAL
configuration.
Administrator response: Either modify the POP object
to correct the authentication level, or modify the
WebSEAL configuration file to specify an authentication
method that can provide the required level.
DPWWA1076E
Privacy required
Explanation: Indicates that requested object has the
privacy bit set, but the request is not using privacy
Administrator response: The user must connect using
privacy to access the resource.
DPWWA1082E Invalid HTTP status code present in
response. The response could have been
sent either by a third-party server or by
a local resource, such as a CGI program.
Explanation: An invalid status code was received in a
response. The response could have been sent either by
a third-party server or by a local resource, such as a
CGI program.
Administrator response: Check the status code in the
response. The response could have been sent either by
a third-party server or by a local resource, such as a
CGI program.
DPWWA1083E Could not read HTTP status line in
response. Possible causes: non-spec
HTTP response, connection timeout, no
data returned. The response could have
been sent either by a third-party server
or by a local resource, such as a CGI
program.
Explanation: Data read failure. Possible causes:
non-spec HTTP response, connection timeout, no data
returned. The response could have been sent either by
a third-party server or by a local resource, such as a
CGI program.
Administrator response: Check response for a missing
HTTP status line. Also investigate a possible connection
timeout problem. The response could have been sent
either by a third-party server or by a local resource,
such as a CGI program.
DPWWA1084E Could not read HTTP headers in
response. Possible causes: non-spec
HTTP headers, connection timeout, no
data returned. The response could have
been sent either by a third-party server
or by a local resource, such as a CGI
program.
Explanation: Data read failure. Possible causes:
non-spec HTTP headers, connection timeout, no data
returned. The response could have been sent either by
a third-party server or by a local resource, such as a
CGI program.
Administrator response: Check response for bad
HTTP headers. Also investigate a possible connection
timeout problem. The response could have been sent
either by a third-party server or by a local resource,
such as a CGI program.
DPWWA1085E An HTTP message body sent in a
response is too short. The response
could have been sent either by a
third-party server or by a local resource,
such as a CGI program.
Explanation: The actual length of the response body is
shorter that indicated by the Content-length HTTP
header in the response.
Administrator response: Correct problem with the
response. The actual length of the response body is
shorter that indicated by the Content-length HTTP
header of the response.
DPWWA1086E Could not read request line. Possible
causes: non-spec HTTP headers,
connection timeout, no data returned
Explanation: Data read failure. Possible causes:
non-spec HTTP data, connection timeout, no data
returned
Administrator response: Check client request. Could
contain bad HTTP headers or there might be a
connection timeout problem.
DPWWA1087E
Invalid URL
Explanation: A client request contained a URL that
does not conform to HTTP specifications.
Administrator response: Check request from client.
Does not conform to HTTP specifications.
DPWWA1088E Bad cookie header (or data read
failure)
Explanation: Data read failure. Possible causes:
timeout, connection problems, no data returned
Administrator response: Check response from either
junctioned server or client. Could be bad Cookie
header, Set-cookie header or a connection timeout
problem.
Chapter 6. Security Access Manager Web Runtime Messages
239
DPWWA1089E • DPWWA1113E
DPWWA1089E
Invalid date string in HTTP header
Explanation: Invalid date string in HTTP header in
client request.
Administrator response: Check request from client.
Contains invalid date string in HTTP header.
DPWWA1091W
Failed to load portal map (0x%8lx)
Explanation: The portal service failed to load correctly
due to a problem with the information in the
[portal-map] stanza of the configuration file.
Administrator response: Correct errors in the
[portal-map] stanza of the configuration file.
DPWWA1092E Unable to open stanza file to read
portal information
Explanation: The configuration file containing the
portal mapping service information could not be
opened for reading.
Administrator response: Ensure that the configuration
file exists and is readable.
DPWWA1093W
Unable to find [portal-map] stanza
Explanation: The [portal-map] stanza was not found
in the configuration file.
Administrator response: Ensure that the [portal-map]
stanza has been added to the configuration file.
DPWWA1094E Unable to read the URL field of the
portal map
Explanation: The URL attribute of a portal map entry
in the configuration file was not found.
Administrator response: Ensure that the [portal-map]
stanza of the configuration file contains the URL field.
DPWWA1095E Unable to read the Protected Object
field of the portal map
DPWWA1097E the Protected Object supplied to the
portal map is invalid
Explanation: The Protected Object field in the
[portal-map] stanza of the configuration file is not a
valid Protected Object name
Administrator response: Correct the value entered in
the Protected Object field of the [portal-map] stanza of
the configuration file.
DPWWA1100W POST request larger than
request-body-max-read, cannot apply
dynurl matching.
Explanation: WebSEAL attempted to apply dynurl
matching to a request, but received too much POST
data from the client.
Administrator response: Increase the
request-body-max-read in the configuration file or
rearchitect your site so that WebSEAL does not need to
apply dynurl rules to large POSTs.
DPWWA1110E Unable to build original URL for
Attribute Retrieval Service
Explanation: WebSEAL was unable to obtain the
hostname of the URL that client has requested. The
result of this is that the original URL cannot be
constructed for consumption by the Attribute Retrieval
Service.
Administrator response: Ensure that configuraion is
complete.
DPWWA1111E The SOAP client returned the error
code: %d
Explanation: The SOAP request failed, and the gSOAP
client returned the error code contained in the message
text.
Administrator response: Consult gSOAP
documentation for error code definitions.
Explanation: The Protected Object field of a portal
map entry in the configuration file was not found.
DPWWA1112E Attribute Retrieval Service internal
error: %s
Administrator response: Ensure that the [portal-map]
stanza of the configuration file contains the Protected
Object field.
Explanation: The SOAP request succeeded, but the
Attribute Retrieval Service returned the error contained
in the message text.
DPWWA1096E Unable to read the Action field of
the portal map
Administrator response: Ensure that the Attribute
Retrieval Service is configured correctly.
Explanation: The Action field of a portal map entry in
the configuration file was not found.
DPWWA1113E URL specifies an invalid Win32
object name
Administrator response: Ensure that the [portal-map]
stanza of the configuration file contains the Action
field.
Explanation: The client request specifies the object
name using a Win32 alias that points to the actual
object. The authorization check will have been
240
Version 7.0: Error Message Reference
DPWWA1114E • DPWWA1125W
performed on the alias, and not the actual object, so the
request cannot be allowed.
Administrator response: Ensure that client requests
do not use Win32 aliases.
DPWWA1114E URL contains invalid Win32
characters or abbreviations
Explanation: The client request contains Win32
abbreviations or '\' characters that are invalid.
Administrator response: Ensure that client requests
do not contain invalid Win32 characters or
abbreviations.
DPWWA1119E The HTTP version specified by the
client request is not supported
Explanation: See Message.
Administrator response: Ensure that the HTTP
version of the request is correct and supported.
DPWWA1120E The POST body of the client request
contains misformated or invalid data
Explanation: See Message.
Administrator response: Ensure that the POST bodies
of client requests contain valid data.
DPWWA1115E URL contains an illegal byte
sequence
DPWWA1121E An error occurred while reading the
POST body of the request
Explanation: The client request contains an illegal byte
sequence, possibly from an attempted multibyte
character encoding.
Explanation: See Message.
Administrator response: Ensure that client requests
do not contain illegal byte sequences.
DPWWA1116E The requested method is not
supported
Explanation: One of the supported HTTP methods
(that is: GET, PUT, POST, etc...) must be specified by
each client request. This request either contains an
unsupported method, or none at all.
Administrator response: Ensure that the POST bodies
of client requests are valid.
DPWWA1122W
Corrupted session cookie: %s.
Explanation: A session cookie was presented that was
corrupted. This could be a spoof attempt, a browser or
network problem, or a WebSEAL internal problem.
Administrator response: Investigate spoof attempt or
source of corruption.
Administrator response: Ensure that client requests
contain a valid method.
DPWWA1123W The login data entered could not be
mapped to an IBM Security Access
Manager user
DPWWA1117E The content-length of the client
request is invalid
Explanation: A mapping function, such as that in a
library or CDAS, failed to map the login information to
an IBM Security Access Manager user.
Explanation: The content-length is either less than
zero, or it doesn't accurately describe the length of the
POST-body, or it should not be provided with the
request.
Administrator response: Ensure that the
content-length specified correctly describes the
characteristics of the request, and that this is not a
chunked request.
Administrator response: Check the login data,
registry, or mapping function.
DPWWA1124W A client certificate could not be
authenticated
Explanation: A client certificate could not be
authenticated
Administrator response: Check the client certificate
DPWWA1118E The 'host' header is not present in
the client request
Explanation: The client request specifies an HTTP
version of 1.1, but doesn't include the host header that
is required for this version.
Administrator response: Ensure that the host header
is present in request who's HTTP version is 1.1.
DPWWA1125W The data contained in the HTTP
header %s failed authentication
Explanation: The request an HTTP header that IBM
Security Access Manager was configured to use as
authentication data. This data failed authentication.
Administrator response: Check the request, the proxy
server (if one is used), and the mapping library
Chapter 6. Security Access Manager Web Runtime Messages
241
DPWWA1126W • DPWWA1205E
DPWWA1126W IP address based authentication
failed with IP address: %s
DPWWA1132W Entry '%s = %s' in the [portal-map]
stanza is invalid.
Explanation: IBM Security Access Manager is
configured to authenticate using the client IP address,
which was either unavailable or invalid
Explanation: [portal-map] stanza in the configuration
file contains an invalid entry.
Administrator response: Check IBM Security Access
Manager configuration and/or authentication library
DPWWA1128E The current authentication method
does not support reauthentication.
Contact the IBM Security Access
Manager WebSEAL Administrator.
Explanation: Reauthentication is not supported by the
current WebSEAL authentication method. The user can
abort the reauthentication process (by accessing another
URL) and still participate in the secure domain by
accessing other resources that do not require
reauthentication.
Administrator response: Notify the IBM Security
Access Manager WebSEAL Administrator.
Administrator response: Correct the entry in the
[portal-map] stanza.
DPWWA1133E The 'host' header presented in the
client request does not conform to
HTTP specifications.
Explanation: The client request contains a host header
which does not conform to the HTTP specification.
Administrator response: Ensure that the host header
conforms to the HTTP specification.
DPWWA1200E The requested junction type is not
supported by this server
Explanation: The requested junction type is not
supported by this server
Administrator response: Change junction definition.
DPWWA1129E A reauthentication operation was
attempted with an initial authentication
method for which reauthentication is
not supported.
Explanation: A reauthentication misconfiguration has
occurred. Administrators should not put a
reauthentication POP on a resource for clients who
cannot actually perform a reauthentication.
Administrator response: The resource requested
requires reauthentication but reauthentication is
supported only by Forms, Token, and EAI
authentication.
DPWWA1130E Authentication level mismatch when
performing reauthentication
Explanation: The authentication level supplied while
reauthenticating does not match the authentication
level of the existing authenticated user.
Administrator response: The user's authentication
level must be the same when reauthenticating as when
they originally authenticated.
DPWWA1201E
Junction not found
Explanation: The named junction does not exist.
Administrator response: Verify the name, and if
incorrect try the operation again.
DPWWA1202E
Requested object does not exist
Explanation: Object on junctioned server does not
exist.
Administrator response: Informational only.
DPWWA1203E
Permission denied
Explanation: You do not have permission to mount or
unmount at this location.
Administrator response: Check the acl at this location
for mount or unmount permissions.
DPWWA1204E
Requested object is not a directory
Explanation: Requested object is not a directory
DPWWA1131W An entry in the [portal-map] stanza
is invalid.
Administrator response: Informational only.
Explanation: [portal-map] stanza in the configuration
file contains an invalid entry.
DPWWA1205E
Administrator response: Ensure that all entries in the
[portal-map] stanza are valid.
No query-contents on this server
Explanation: To list object space, a query_contents cgi
program must be configured on the junctioned server.
Administrator response: To list object space, configure
a query_contents cgi program on the junctioned server.
242
Version 7.0: Error Message Reference
DPWWA1206E • DPWWA1218E
DPWWA1206E
Illegal name for a junction point
Explanation: The junction point is illegal.
Administrator response: Use a different junction point
for the new junction.
DPWWA1207E Trying to add wrong type of server
at this junction point
Explanation: Trying to add wrong type of server at
this junction point
Administrator response: Change junction definition.
DPWWA1208E Trying to add two servers with the
same UUID at a junction point
Explanation: Trying to add two servers with the same
UUID at a junction point
Administrator response: Change junction definition
DPWWA1213E Could not write entry to junction
database (%s,0x%8lx)
Explanation: Internal status code only. Database was
opened, but could not be written to.
Administrator response: Check system memory and
disk space.
DPWWA1214W Could not fetch entry from junction
database (%s,0x%8lx)
Explanation: Internal status code only. Database was
opened, but this junction could not be read.
Administrator response: Check that the xml file
representing the junction is not corrupt.
DPWWA1215E Invalid junction flags for this
junction type
Explanation: Invalid junction flags for this junction
type
DPWWA1209E Trying to add the same server twice
at the same junction point
Administrator response: Correct junction definition.
Explanation: Trying to add the same server twice at
the same junction point
DPWWA1216E
Administrator response: Change junction definition
Invalid parameters for junction
Explanation: Invalid parameters for junction
Administrator response: Correct junction definition.
DPWWA1210E Could not open junction database
(%s,0x%8x)
Explanation: Indicates a problem accessing the
junction database maintained by the IBM Security
Access Manager server.
Administrator response: Check junction database
directory existance and permissions.
DPWWA1211E Could not load junction database
(%s,0x%8lx)
Explanation: An error occured when loading the
junction database.
Administrator response: Check that all of the files in
the junction database can be read by the ivmgr user
and are not corrupted. Check other error messages for
other information about the error. If necessary, remove
all of the files in the junction database and then add
them back one by one to isolate the problem to a
specific file.
DPWWA1217E An error occurred when writing a
request to a junction. WebSEAL was
unable to dispatch the request to
another junction server.
Explanation: WebSEAL tried to send a request to a
junction server. Sending the request failed. When
WebSEAL is unable to send a request to a junction,
WebSEAL attempts to 'rewind' the request from the
client so that it can be sent to another junction server. If
the request from the client is large, it may not be
possible to retry the request. In that case, this error is
returned to the client.
Administrator response: Retry the request. If the
problem continues to occur, attempt to discover why
the request could not be written to the junction server.
Check WebSEAL and junction server log files for
unusual error messages. Try sending the request
directly to the junction.
DPWWA1218E
Unknown junction server host
DPWWA1212E Could not delete entry from junction
database (%s,0x%8lx)
Explanation: Could not resolve a hostname using
gethostbyname()
Explanation: The XML File representing the junction
could not be deleted.
Administrator response: Check the hostname in the
junction configuration and make sure it is resolveable.
Administrator response: Check the file permissions on
the junction XML file
Chapter 6. Security Access Manager Web Runtime Messages
243
DPWWA1219E • DPWWA1232E
DPWWA1219E Could not build junction server URL
mappings (0x%8lx)
DPWWA1226E Could not write entry to junction
database
Explanation: See message
Explanation: Internal status code only. Database was
opened, but could not be written to.
Administrator response: Contact support.
DPWWA1220E Cannot delete the junction at the
root of the Web space. Try replacing it
instead
Explanation: Cannot delete the junction at the root of
the Web space. Try replacing it instead
Administrator response: Cannot delete the junction at
the root of the Web space. Try replacing it instead
Administrator response: Check system memory and
disk space.
DPWWA1227W Could not fetch entry from junction
database
Explanation: Internal status code only. Database was
opened, but this junctio n could not be read.
Administrator response: Check that the xml file
representing the junction is not corrupt.
DPWWA1221E Cannot add two servers with
different options (case-sensitive, etc) at
the same junction
DPWWA1228E Unable to contact junction server
host at mount point: %s
Explanation: Cannot add two servers with different
options (case-sensitive, etc) at the same junction
Explanation: Could not resolve a hostname using
gethostbyname()
Administrator response: Change junction definition
Administrator response: Check for network
conectivity with the junctioned server
DPWWA1222E A third-party server is not
responding. Possible causes: the server
is down, there is a hung application on
the server, or network problems. This is
not a problem with the WebSEAL
server.
Explanation: A junctioned server is not responding to
requests. Possible causes: junctioned server down,
network problems, hung application on junctioned
server.
Administrator response: Determine why the
junctioned server is not responding and fix it.
DPWWA1224E
Could not load junction database
Explanation: The database couldn't be loaded for
some reason.
Administrator response: Check the log files for more
details.
DPWWA1225E Could not delete entry from junction
database
Explanation: The file representing the junction could
not be deleted from the filesystem.
Administrator response: Check the log files for more
details.
DPWWA1229E
Unable to load junction file %s: %s
Explanation: An error occurred while loading a file
from the junction database. The reason for the error is
included in the message.
Administrator response: Correct the error.
DPWWA1230E Error building junction %s from file
%s: %s
Explanation: An error occurred while building a
junction from an XML file loaded from the junction
database. The XML file may have specified invalid
junction options.
Administrator response: Fix the problem in the XML
file.
DPWWA1231E
No such junction.
Explanation: A particular junction was not found in
the junction database.
Administrator response: Verify that the junction file
exists.
DPWWA1232E
Could not remove file.
Explanation: The junction database was unable to
remove a file.
Administrator response: Verify that all files in the
junction database are writable by the ivmgr user and
group.
244
Version 7.0: Error Message Reference
DPWWA1233E • DPWWA1242E
DPWWA1233E
Invalid junction file name.
Explanation: The junction file name specified did not
map to a valid junction name.
Administrator response: Make sure the junction file
name ends with .xml and is a valid mime 64 encoding.
DPWWA1234E An invalid status code was received
in a response sent by a third-party
server. This is not a problem with the
WebSEAL system.
Explanation: A junctioned server has sent an invalid
status code in a response.
Administrator response: Check status code returned
from junctioned server.
DPWWA1235E Could not read the response status
line sent by a third-party server.
Possible causes: non-spec HTTP
headers, connection timeout, no data
returned. This is not a problem with the
WebSEAL server.
DPWWA1238E An HTTP message body sent in a
response by a third-party server is too
short. This is not a problem with the
WebSEAL server.
Explanation: The actual length of the response body
sent by a junctioned server is shorter that indicated by
the Content-length HTTP header in the response.
Administrator response: Correct problem with
junctioned server response. The actual length of the
response body is shorter that indicated by the
Content-length HTTP header of the response.
DPWWA1239E A third-party server is not
responding. Possible causes: the server
is down, there is a hung application on
the server, or network problems. This is
not a problem with the WebSEAL
server.
Explanation: A junctioned server is not responding to
requests. Possible causes: junctioned server down,
network problems, hung application on junctioned
server.
Explanation: Data read failure. Possible causes:
non-spec HTTP headers, connection timeout, no data
returned
Administrator response: Determine why the
junctioned server is not responding and fix it.
Administrator response: Check response from
junctioned server. Could be bad HTTP headers or a
connection timeout problem.
DPWWA1240E Could not build Virtual Host
Junction host mappings (0x%8lx)
DPWWA1236E Could not read the response headers
sent by a third-party server. Possible
causes: non-spec HTTP headers,
connection timeout, no data returned.
This is not a problem with the
WebSEAL server.
Explanation: Data read failure. Possible causes:
non-spec HTTP headers, connection timeout, no data
returned
Administrator response: Check response from
junctioned server. Could be bad HTTP headers or a
connection timeout problem.
DPWWA1237E An invalid HTTP header was sent by
a third-party server. This is not a
problem with the WebSEAL server.
Explanation: An HTTP response from a junctioned
server does not conform to HTTP specs.
Administrator response: Check response from
junctioned server for non-spec HTTP headers.
Explanation: See message
Administrator response: Contact support.
DPWWA1241E Virtual Host Junction '%s' loaded
from database illegally partners Virtual
Host Junction '%s'. Virtual Host Junction
skipped.
Explanation: An error occured when loading the
Virtual Host Junction from it's database file. It may
have been incorrectly manually modified. The problem
is the the Virtual Host Junction being loaded refers to
one that also refers to another.
Administrator response: Manually edit the offending
Virtual Host Junction Database file and correct it.
DPWWA1242E Virtual Host Junction '%s' loaded
from database illegally partners Virtual
Host Junction '%s' that already has
partner '%s'. Virtual Host Junction
skipped.
Explanation: An error occured when loading the
Virtual Host Junction from it's database file. It may
have been incorrectly manually modified.
Administrator response: Manually edit the offending
Virtual Host Junction Database file and correct it.
Chapter 6. Security Access Manager Web Runtime Messages
245
DPWWA1243E • DPWWA1254E
DPWWA1243E Virtual Host Junction '%s' loaded
from database illegally partners Virtual
Host Junction '%s' with different virtual
hostname. Virtual Host Junction
skipped.
Explanation: An error occured when loading the
Virtual Host Junction from it's database file. It may
have been incorrectly manually modified. Virtual Host
Junctions that are partnered must have the same virtual
hostname (excluding the ports).
Administrator response: Manually edit the offending
Virtual Host Junction Database file and correct it.
DPWWA1244E Virtual Host Junction attempted to
partner (-g) non-existant Virtual Host
Junction
Explanation: See text.
DPWWA1249E Could not write entry to Virtual Host
Junction database (%s,0x%8lx)
Explanation: Internal status code only. Database was
opened, but could not be written to.
Administrator response: Check system memory and
disk space.
DPWWA1250E Virtual Host Junction can not be
deleted until it's partner is deleted.
Explanation: See text.
Administrator response: Delete the Partner Virtual
Host Junction first.
DPWWA1251E Virtual Host Junctions created using
-g don't have their own object space.
List the partner's object space instead.
Administrator response: Use 'virtualhost list'
command to find a valid partner.
Explanation: Virtual Host Junctions created using -g
share their partnered Virtual Host Junction's protected
object space. They don't have their own.
DPWWA1245E Virtual Host Junction attempted to
partner (-g) a Virtual Host Junction with
a different virtual hostname.
Administrator response: List the partnered Virtual
Host Junctions object space instead as this Virtual Host
Junction uses it for access control.
Explanation: See text.
Administrator response: Use 'virtualhost show'
command to help match virtual hostnames.
DPWWA1252E Virtual Host Junctions partnered
using -g must have different protocol
types (TCP and SSL).
DPWWA1246E Virtual Host Junction illegally
attempted to partner (-g) itself.
Explanation: The concept of -g is to have the same
content but opposite protocol, this was violated in this
attempt to create a Virtual Host junction using -g.
Explanation: See text.
Administrator response: Choose another partner.
DPWWA1247E Virtual Host Junction can not be
changed to partner (-g) another as it is
currently being partnered.
Explanation: See text.
Administrator response: Do not use -g for this
operation.
DPWWA1248E Could not write entry to Virtual Host
Junction database
Explanation: Internal status code only. Database was
opened, but could not be written to.
Administrator response: Check system memory and
disk space.
Administrator response: Either don't use -g or ensure
the type of the Virtual Host junction are of
complementry protocols. For example localtcp and
localssl will partner successfully.
DPWWA1253E The Virtual Host junction you are
attempting to partner with using -g is
already in a partnership.
Explanation: The concept of -g is to have only two
Virtual host junctions in partnership, a third is not
permitted.
Administrator response: Either don't use -g or ensure
the Virtual Host junction being partnered to is not
already in a partnership.
DPWWA1254E Can't replace a Virtual Host junction
being partnered too with a new junction
having a different protocol type (TCP
and SSL).
Explanation: The concept of -g is to have the same
content but opposite protocol, this was violated in this
attempt to replace an existing Virtual Host junction.
246
Version 7.0: Error Message Reference
DPWWA1255E • DPWWA1950E
Administrator response: Ensure the type of the
Virtual Host junction is the same protocol as the Virtual
Host juntion being replaced.
DPWWA1255E Can't replace a Virtual Host junction
being partnered too with a new junction
having a different virtual hostname.
Explanation: See text.
Administrator response: Use 'virtualhost show'
command to help match virtual hostnames.
DPWWA1256E Virtual Host junction has duplicate
virtual hostname (specificed by -v) as
another Virtual Host junction.
Explanation: Virtual Host junctions are selected based
on the host header in the client request matching the
virtual hostname (specified by -v) of the Virtual Host
junction. Thus the virtual hostname must be unique to
be able to uniquely identify a Virtual Host junction.
Administrator response: This is a fatal error. No
recovery is possible.
DPWWA1503E SSL function function failed, error
0xerror code
Explanation: An SSL toolkit function has failed.
Administrator response: This is a fatal error. No
recovery is possible. Contact Support
DPWWA1504W SSL function function failed, error
0xerror code
Explanation: An SSL toolkit function failed.
Administrator response: This is a warning message.
Operation continues. If the warning persists contact
support.
DPWWA1505W HTTP request does not contain
authentication information
Administrator response: Remove the Virtual Host
junction with the duplicate virtual hostname before
adding this one.
Explanation: HTTP request does not contain
authentication information
DPWWA1257E Could not load the local junction,
%s, as the local junction functionality
has been disabled.
DPWWA1506E Unknown HTTP authentication
scheme
Explanation: Local Junctions are disabled for this
instance and a previously configured local junction,
"%s", could not be loaded.
Administrator response: Remove the local junction or
enable local junctions in the WebSEAL configuration
file.
DPWWA1350E
Could not initialize mutex
Explanation: A resource required for proper
concurrency could not be created. The global variable
errno may provide more specific information.
Administrator response: This is a fatal error. No
recovery is possible.
DPWWA1352E
Could not lock mutex
Explanation: A resource required for proper
concurrency could not be locked. The global variable
errno may provide more specific information.
Administrator response: This is a fatal error. No
recovery is possible.
DPWWA1353E
Could not unlock mutex
Explanation: A resource required for proper
concurrency could not be unlocked. The global variable
errno may provide more specific information.
Administrator response: Internal status code only.
Explanation: An authorization header contained an
invalid authentication scheme.
Administrator response: Check Authorization header
in request.
DPWWA1507E No password supplied in HTTP
authentication header
Explanation: No password supplied in HTTP
Authorization header
Administrator response: Check Authorization header
in request.
DPWWA1518W The specified certificate key label
%s is incorrect. The default one will be
used instead.
Explanation: The specified certificate key label cannot
be retrieved from the key database
Administrator response: check the webseald.conf
ssl-keyfile-label option and the key database
DPWWA1950E Stanza '%s' is missing from
configuration file
Explanation: A necessary stanza is missing from
configuration file
Administrator response: The stanza should be added
to the configuration file
Chapter 6. Security Access Manager Web Runtime Messages
247
DPWWA1951E • DPWWA1973E
DPWWA1951E Configuration item '[%s]%s' is
missing from configuration file
DPWWA1965E
Overflow of output buffer
Explanation: Internal status code only.
Explanation: A necessary configuration item is
missing from configuration file
Administrator response: No action is required.
Administrator response: The configuration item
should be added to the configuration file
DPWWA1966E
Overflow of HTML filter workspace
Explanation: Internal status code only.
DPWWA1952E Received invalid HTTP header in
response. The response could have been
sent either by a third-party server or by
a local resource, such as a CGI program.
Administrator response: No action is required.
Explanation: Response HTTP headers do not conform
to HTTP specs. The response could have been sent
either by a third-party server or by a local resource,
such as a CGI program.
Explanation: Internal status code only.
Administrator response: Check HTTP headers in
response. The response could have been sent either by
a third-party server or by a local resource, such as a
CGI program.
DPWWA1953E HTTP document fetch failed with
status %d
Explanation: Could not retrieve requested resource.
Administrator response: Check request for
correctness.
DPWWA1954E
HTTP list request failed
Explanation: Could not list directory on junctioned
server
Administrator response: Check permissions and
existence of directory being listed
DPWWA1955E
Field missing from HTTP header
Explanation: Internal status code only.
Administrator response: No action is required.
DPWWA1962W
CGI Script Failed
DPWWA1967E
Overflow of HTTP filter workspace
Administrator response: No action is required.
DPWWA1968E
HTTP response truncated
Explanation: Internal status code only.
Administrator response: No action is required.
DPWWA1969E
HTTP request truncated
Explanation: Internal status code only.
Administrator response: No action is required.
DPWWA1970E Cannot rewind HTTP response to
write error message (%lx)
Explanation: An internal error has occoured trying to
rewing the HTTP response.
Administrator response: MRQ Contact support
DPWWA1971E Cannot write HTTP error response to
client (%lx,%lx)
Explanation: An internal error has occoured trying to
write the error response to the client.
Administrator response: MRQ Contact support
DPWWA1972E Cannot read HTTP request from
client
Explanation: Internal status code only.
Explanation: Internal status code only.
Administrator response: No action is required.
Administrator response: No action is required.
DPWWA1964E Invalid Content-Length header
returned by TCP junction server
DPWWA1973E
Explanation: The content-length is either less than
zero, or it doesn't accurately describe the length of the
POST-body.
Administrator response: No action is required.
Administrator response: Ensure that the
content-length specified correctly describes the
characteristics of the request.
248
Version 7.0: Error Message Reference
HTTP response aborted
Explanation: Internal status code only.
DPWWA1975W • DPWWA1989W
DPWWA1975W
Unable to decode %s
Explanation: The decode of the specified token has
failed.
Administrator response: Contact support.
DPWWA1976W
Unable to encode %s
Explanation: The encode of the specified token has
failed. This is an unexpected internal error.
Administrator response: Contact support.
DPWWA1977W %s for user %s, in domain %s has
expired
Explanation: cdsso authentication token for a user has
expired
Administrator response: The token has expired. This
could be due to clock skew, in which case fix the clocks
or change the authentication token lifetime in
configuration file. But beware of replay attacks
DPWWA1978W
Badly formed single-sign-on URL
Explanation: Badly formed single-sign-on URL
Administrator response: Fix the cdsso link on the web
page.
DPWWA1983W CDSSO cryptography error %d
occurred
Explanation: Internal status code only.
Administrator response: No action is required.
DPWWA1984W Unable to use failover cookies. No
failover cookie key configured
Explanation: Failover cookies have been enabled, but
no keyfile has been specified.
Administrator response: Either turn failover cookies
off, or specify the keyfile for the failover cookie.
DPWWA1985W Unable to retrieve CDSSO referer
from request
Explanation: Either the agent has not provided the
referer header or the client has directly typed in the
link and not been directed by a link
Administrator response: No action is required.
DPWWA1986W
Error reading key file %s
Explanation: The CDSSO keyfile could not be read
from
Administrator response: Check the keyfile for
existence and permissions.
DPWWA1979W Failover cookie contents have
expired
DPWWA1987W
Explanation: Failover cookie contents for a user has
expired
Explanation: The CDSSO keyfile could not be written
to
Administrator response: No action is required.
Administrator response: Check the keyfile for
permissions.
DPWWA1980W Could not retrieve key for failover
cookie
Explanation: Internal status code only.
Administrator response: No action is required.
DPWWA1981W An internal error occurred while
encoding/decoding the %s
Explanation: Internal status code only.
Administrator response: No action is required.
DPWWA1982W Could not find SSO key for
server/domain %s
Explanation: The SSO key file has not been correctly
configured for the server
Error writing key file %s
DPWWA1988E This action requires HTTP forms to
be enabled in the configuration file
Explanation: HTTP forms are required for this action
but are not enabled in the configuration file
Administrator response: The forms-auth configuration
item should be set to both
DPWWA1989W
Invalid protection level for %s
Explanation: The received token is of an insufficent
protection level
Administrator response: Ensure that vf-token-privacy
and vf-token-integrity have the same settings on both
WebSEAL servers.
Administrator response: Set up configuration to
provide correct key file for the specified server.
Chapter 6. Security Access Manager Web Runtime Messages
249
DPWWA1990W • DPWWA2002W
DPWWA1990W The e-community name %s does not
match the configured name %s
Explanation: Another WebSEAL has passed an
e-community name which does not match this servers
configured e-community name
DPWWA1996E e-community-name has not been
specified. Disabling e-community
single-sign-on
Explanation: An e-community name was not
specified. This is mandatory
Administrator response: Synchronize the
e-community names
Administrator response: Correctly configure an
e-community name
DPWWA1991W The e-community cookie passed has
expired
DPWWA1997W The machine %s could not vouch
for the user's identity
Explanation: The contents of the e-community cookie
passed have expired
Explanation: The specified machine returned a token
indicating that it could not vouch for the user's identity
Administrator response: No action is required.
Administrator response: Correct e-community
configuration
DPWWA1992E Can't retrieve fully qualified host
name for server. Disabling e-community
single-sign-on
DPWWA1998W Unable to open the LTPA key file
for reading
Explanation: The fully qualified host name could not
be retrieved
Explanation: The LTPA key file configured for a
junction could not be opened for reading
Administrator response: Ensure that network
configuration allows gethostbyname to retrieve the
fully qualified name
Administrator response: Check junction configuration
DPWWA1993E Can't determine server domain name.
Disabling e-community single-sign-on
Explanation: The domain name could not be
determined
Administrator response: Specify value for
ec-cookie-domain setting or ensure that gethostbyname
returns the fully qualified host name
DPWWA1994E Disabling e-community
single-sign-on
Explanation: An error occurred when looking up the
key associated with the domain name for this server.
Administrator response: Ensure that network
configuration allows gethostbyname to retrieve the
fully qualified name. You may need to place the fully
qualified host name of this server first in the hosts file.
DPWWA1995E Invalid master authentication server
configuration. Disabling e-community
single-sign-on
Explanation: master-authentication-server and
is-master-authentication-serverare mutually exclusive
settings
Administrator response: Correctly configure the
settings for master authentication server
250
Version 7.0: Error Message Reference
DPWWA1999W The version of the LTPA key file is
not supported
Explanation: Only certain versions of LTPA keyfiles
are supported
Administrator response: Obtain right version of the
key file
DPWWA2000W
Error parsing LTPA key file
Explanation: The LTPA Keyfile is either corrupt or the
wrong version
Administrator response: Obtain new copy of keyfile
DPWWA2001W LTPA key file: password invalid or
file is corrupt
Explanation: The password specified could not
decrypt keyfile
Administrator response: Use correct key file password
or ensure file is not corrupted
DPWWA2002W The LTPA cookie passed has
expired
Explanation: An expired LTPA cookie was passed
Administrator response: No action is required
DPWWA2004W • DPWWA2017E
DPWWA2004W
LTPA text conversion error
Explanation: An iconv routine failed
Administrator response: Check locale settings
DPWWA2005W An error occurred while encoding
an LTPA token
Explanation: Internal Error
DPWWA2013E Forms single-sign-on URLs must be
relative to the junction point.
Explanation: The fsso URL from the configuration file
does not begin with a / character.
Administrator response: Make the fsso URL relative
to the junction point.
Administrator response: Contact support.
DPWWA2014E An internal error in the forms
single-sign-on module occurred.
DPWWA2006W An error occurred while decoding
an LTPA token
Explanation: This should never happen - perhaps
some kind of unexpected configuration problem has
resulted in an internal error.
Explanation: Internal Error
Administrator response: Call tech support.
Administrator response: Contact support.
DPWWA2008E
Error reading stanza '[%s]': %s
Explanation: One of the entries in the stanza couldn't
be parsed.
DPWWA2015E A forms SSO authentication request
would have been dispatched to a
different junction than the login
request. The request has been aborted.
Administrator response: Fix the malformed entry in
the stanza.
Explanation: For security reasons, forms SSO does not
allow an authentication request to be dispatched to a
different junction than the login page was returned
from.
DPWWA2009E The forms single-sign-on argument
'%s' needs a colon.
Administrator response: Make sure that the
application does not dispatch the authentication request
to a different junction than returned the login page.
Explanation: One of the request arguments isn't
formatted properly.
Administrator response: Fix the argument.
DPWWA2010E Forms single-sign-on GSO argument
'%s' is not valid. GSO arguments must
be either 'gso:username' or
'gso:password.'
Explanation: One of the request arguments isn't
formatted properly.
Administrator response: Fix the argument.
DPWWA2011E The forms single-sign-on argument
'%s' is not valid.
Explanation: Most likely a typo in the config file.
Administrator response: Fix the argument.
DPWWA2012E Forms single-sign-on configuration
error.
Explanation: This is a summary of the problem, and
will be preceded by a better explanation of the error.
DPWWA2016E No HTML form for single-sign-on
was found.
Explanation: This occurs when no HTML form with
an action URI matching the login-form-action was
found in the document returned from the junction.
Administrator response: Examine the login page
being returned from the junction. Is it an HTML or
WML document? Does it contain an HTML form? Does
the form action URI match the login-form-action entry
in the forms SSO configuration file?
DPWWA2017E The login form returned by the
junction did not contain all required
form attributes.
Explanation: This occurs when the login form
returned from a junction did not cpontain an 'action' or
'method' attribute in the form start tag.
Administrator response: Examine the login form
being returned from the junction. Did the login form
contain both the action and method attributes? Does
the form action URI match the form action URI
specified in the configuration file?
Administrator response: Fix the configuration
problem.
Chapter 6. Security Access Manager Web Runtime Messages
251
DPWWA2018E • DPWWA2030W
DPWWA2018E The action URI in the login form
returned by the junction did not match
any WebSEAL junction.
Explanation: In order to dispatch a forms SSO
authentication request, WebSEAL must match the
action URI returned with the login form to a WebSEAL
junction. That match could not be made.
Administrator response: You must edit the
configuration file and adjust the value to a valid one
DPWWA2025W IBM Security Access Manager
WebSEAL has lost contact with junction
server: %s
Explanation: See message.
Administrator response: Examine the login form
being returned by the junction. You may need to create
a junction to the host referenced by the actoin URI.
Administrator response: Check the network conection
between WebSEAL and the junctioned server, and that
the backend application server is running.
DPWWA2019E The action URI in the login form
returned by the junction was invalid.
DPWWA2026W IBM Security Access Manager
WebSEAL has regained contact with
junction server: %s
Explanation: An action URI such as '/../foo' will be
rejected by WebSEAL because /.. is not a valid location.
Administrator response: Examine the login form.
Does it contain any invalid characters, or is the path
invalid?
DPWWA2020E One or more of the arguments
passed to the SU authentication module
were invalid.
Explanation: WebSEAL has regained contact with a
junctioned server that was previously unreachable.
Administrator response: No action is required.
DPWWA2027E One or more of the form arguments
is either missing or invalid.
Explanation: One or more of the arguments passed in
the form submission is either missing or invalid.
Explanation: The suauthn library can take an
argument to specify the authentication level for the
credential. It prints this error if the arguments are
incorrect.
Administrator response: Check the completed fields
in the form submission.
Administrator response: Check the flags being passed
to the authentication library.
DPWWA2028E New password verification failed.
Make sure both new password fields
contain the same data.
DPWWA2021E The SU authentication method
specified is not enabled.
Explanation: New password double-check failed.
Make sure both new passwords are the same.
Explanation: The POST to /pkmssu.form takes an
auth_method parameter. This must correspond to an
authentication mechanism that is enabled in the
configuration file.
Administrator response: Check the new password
fields in the form submission.
Administrator response: Check the auth_method field
in the SU form submission.
Explanation: Error with the Pam Handle. This is an
unexpected internal error.
DPWWA2023E Configuration item '[%s]%s' has an
invalid value '%s'
Explanation: A configuration item in the configuration
file has a bad value. For example it is expecting an
integer and was provided with a string
DPWWA2029E
Pam Module Internal Error
Administrator response: Notifiy the IBM Security
Access Manager WebSEAL Administrator.
DPWWA2030W Mismatch of Auth Token versions,
check pre-410-compatible-tokens setting.
DPWWA2024E %s [%s] %s: Value is out of range. It
must be value from 0 to 100.
Explanation: A new encoding method for Auth tokens
was introduced in version 4.1.0 which is enabled by
default. This can be overridden and made compatable
with earlier versions using the webseald.conf file entry,
[server] pre-410-compatible. All WebSEAL servers must
be using the same version.
Explanation: WebSEAL will not start if the
worker-thread-hard-limit or worker-thread-soft-limit is
not in the range 0 to 100 inclusive
Administrator response: Update all WebSEAL servers
to use the same setting for [server]
pre-410-compatible-tokens.
Administrator response: The configuration item
should be changed to a valid entry
252
Version 7.0: Error Message Reference
DPWWA2031W • DPWWA2041E
DPWWA2031W Mismatch of %s Auth Token
versions, check pre-410-compatibletokens setting.
Explanation: A new encoding method for Auth tokens
was introduced in version 4.1.0 which is enabled by
default. This can be overridden and made compatable
with earlier versions using the webseald.conf file entry,
[server] pre-410-compatible. All WebSEAL servers must
be using the same version.
Administrator response: Update all WebSEAL servers
to use the same setting for [server]
pre-410-compatible-tokens.
DPWWA2032E
CDSSO library error.
Explanation: The CDSSO library returned a failing
status.
Administrator response: Check configuration and
usage. See msg__webseald.log for details.
DPWWA2033E
Invalid configuration file name.
Explanation: An invalid parameter was passed to a
function, indicating an internal error.
Administrator response: Call support.
DPWWA2034E Some PKCS#11 options are missing.
You must specify either all or none of
the the options: pkcs11-driver-path,
pkcs11-token-label, pkcs11-token-pwd
Explanation: WebSEAL will not start if only some of
the PKCS#11 options are specified.
Administrator response: You must edit the
configuration file and set all PKCS#11 settings
DPWWA2035E Credential generation failed during
the credential refresh operation. Error
code 0x%lx
Explanation: The azn-api function azn_id_get_creds
was called to retrieve a new credential for a user. The
operation failed.
Administrator response: Use the pdadmin 'errtext'
command to look up the corresponding error code, and
take further action from there.
DPWWA2037E An invalid result for a credential
refresh rule was specified.
Explanation: Credential refresh rules require that the
rule result be either 'preserve' or 'refresh.'
Administrator response: Verify that the syntax of
credential refresh configuration in configuration files is
correct.
DPWWA2038E An internal error occurred during the
credential refresh operation.
Explanation: This error should not occur.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2039W A credential attribute value of type
%lu not supported by credential refresh
was found. The value was removed
from the new credential.
Explanation: Credential attribute values can be of
several types. Credential refresh is able to preserve
string, buffer, unsigned long, and protected object
values. Other value types are removed from the
credential.
Administrator response: You may ignore this warning
if you are not experiencing other difficulties involving
credential refresh. If the problem persists, check IBM
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2040E User session IDs must be enabled in
order to use the credential refresh
feature.
Explanation: Refreshing a user's credential based on
their username requires that user session IDs are
enabled.
Administrator response: Enable User Session IDs in
the WebSEAL configuration file.
DPWWA2041E An invalid session cache entry was
found while refreshing a user's
credential.
DPWWA2036E Credential generation failed during
the credential refresh operation.
Explanation: This message indicates that the user
session cache and the credential cache are inconsistent.
Explanation: The azn-api function azn_id_get_creds
was called to retrieve a new credential for a user. The
operation failed.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
Administrator response: Check error logs for further
information on the failure.
Chapter 6. Security Access Manager Web Runtime Messages
253
DPWWA2042W • DPWWA2052E
DPWWA2042W The user is not logged in to the web
server.
Explanation: If a user is not logged in to the web
server, their credential cannot be refreshed. There is
also no need to refresh their credential, since the next
time they log in to the web server they will receive a
new credential.
Administrator response: No action is necessary.
DPWWA2044E Invalid certificate authentication
configuration. Incompatible
combination of accept-client-certs and
ssl-id-sessions values.
Explanation: See message.
Administrator response: Change the
accept-client-certs or ssl-id-sessions parameter in
webseald.conf
DPWWA2045W A client attempted to Step-up to
certificates, but the server is not
configured for Step-up to certificates.
Explanation: See message.
Administrator response: Change the
accept-client-certs parameter to prompt_as_needed in
webseald.conf or unconfigure the step-up POPs.
DPWWA2046E Invalid certificate cache
configuration.
Explanation: See message.
Administrator response: Change the values of the
certificate cache configuration items.
DPWWA2047E The activity timestamp is missing
from the failover cookie.
Explanation: A request was made to update the last
activity timestamp of the failover cookie, but the
attribute was not found in the cookie.
Administrator response: An internal error occurred. If
the problem persists, check IBM Electronic Support for
additional information - http://www.ibm.com/
software/sysmgmt/products/support/
index.html?ibmprd=tivman
DPWWA2048E The original authentication method
in the failover cookie is not recognized
for failover authentication on this
server. The value %s is invalid.
Explanation: A request could not be authenticated
using the supplied failover cookie because the
authentication level specified in the cookie is not valid
for this server.
254
Version 7.0: Error Message Reference
Administrator response: Update the supported
failover authentication methods in the configuration file
or correct the configuration of the server that generated
the failover cookie.
DPWWA2049E The original authentication method
in the failover cookie is not recognized
for failover authentication on this
server.
Explanation: A request could not be authenticated
using the supplied failover cookie because the
authentication level specified in the cookie is not valid
for this server.
Administrator response: Update the supported
failover authentication methods in the configuration file
or correct the configuration of the server that generated
the failover cookie.
DPWWA2050E An authentication system failure has
occurred.
Explanation: A call to the authentication system failed
with an unexpected error.
Administrator response: Examine the log for the
context of the failure and correct any indicated
problem. In particular, ensure that your user registry is
available and accessible. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2051E An authentication system failure has
occurred: error: %s (error code: %#lx).
Explanation: A call to the authentication system failed
with an unexpected error.
Administrator response: Examine the log for the
context of the failure and correct any indicated
problem. In particular, ensure that your user registry is
available and accessible. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2052E The cross domain single sign-on
operation failed.
Explanation: A call into the cross domain single
sign-on system failed with an unexpected error.
Administrator response: Examine the log for the
context of the failure. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2053E • DPWWA2062W
DPWWA2053E The cross domain single sign-on
system failed with an unexpected error:
%#x
Explanation: A call into the cross domain single
sign-on system failed with an unexpected error.
Administrator response: Examine the log for the
context of the failure. If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2054E No default HTTP method permission
map has been specified.
Explanation: A default HTTP method permission map
must be specified in the configuration file but none has
been.
support/index.html?ibmprd=tivman
DPWWA2058E The integer value '%s' for the '%s'
entry in the '%s stanza is not valid.
Explanation: The specified value is required to be a
non-negative integer.
Administrator response: Correct the invalid
configuration value.
DPWWA2059W The %s attribute could not be
extracted from a credential: API error:
%s (API error code [%x:%x]).
Explanation: The specified attribute could not be
extracted from a credential. This may be due to
resource exhaustion, and as such be transient.
Administrator response: Specify a value for the
default HTTP method permission map in the
configuration file.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2055E The HTTP method permission map
configuration information could not be
found in the configuration file.
DPWWA2060W The %s attribute could not be
extracted from a credential: API error
code [%x:%x].
Explanation: No HTTP method permission map
configuration information could be found in the
configuration file.
Explanation: The specified attribute could not be
extracted from a credential. This may be due to
resource exhaustion, and as such be transient.
Administrator response: Ensure that HTTP method
permission map configuration information is present in
the configuration file.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2056E HTTP method permission map
validation failed: API error: %s (API
error code: [%#x:%#x]).
Explanation: The authorization API failed while
validating the configured HTTP method permission
map.
Administrator response: Perform the action required
to resolve the problem indicated by the identified API
error. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2057E The SSO token module
configuration data was missing or
invalid.
Explanation: The process using the SSO token
modules must provide some input data to configure
the modules. This data was not provided correctly. This
is an unexpected internal error.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
DPWWA2061W The number of values for the %s
attribute could not be retrieved from an
attribute list: API error: %s (API error
code [%x:%x]).
Explanation: The number of values for the specified
attribute could not be retrieved from an attribute list.
This may be due to resource exhaustion, and as such be
transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2062W The number of values for the %s
attribute could not be retrieved from an
attribute list: API error code [%x:%x].
Explanation: The number of values for the specified
attribute could not be retrieved from an attribute list.
This may be due to resource exhaustion, and as such be
transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information Chapter 6. Security Access Manager Web Runtime Messages
255
DPWWA2063W • DPWWA2071W
http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2063W The type of value %d for the %s
attribute from an attribute list could not
be determined: API error: %s (API error
code [%x:%x]).
Explanation: The type of a values for the specified
attribute in an attribute list could not be determined.
This may be due to resource exhaustion, and as such be
transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2064W The type of value %d for the %s
attribute from an attribute list could not
be determined: API error code [%x:%x].
Explanation: The type of a values for the specified
attribute in an attribute list could not be determined.
This may be due to resource exhaustion, and as such be
transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2065W Value %d of the %s attribute cannot
be included in an SSO token, as it is of
type %s.
Explanation: The specified attribute value cannot be
included in an SSO token, because it is of the wrong
type. Only string and unsigned long data types can be
included in SSO tokens.
Administrator response: Remove the token attribute
specification which matched this attribute, or, for
custom attributes, change the attribute type to one
suitable for inclusion in tokens.
DPWWA2066W The %s attribute could not be
extracted from an attribute list: API
error: %s (API error code [%x:%x]).
Explanation: The specified attribute could not be
extracted from an attribute list. This may be due to
resource exhaustion, and as such be transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2067W The %s attribute could not be
extracted from an attribute list: API
error code [%x:%x].
Explanation: The specified attribute could not be
extracted from an attribute list. This may be due to
resource exhaustion, and as such be transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2068W The attribute list could not be
retrieved from a credential: API error:
%s (API error code [%x:%x]).
Explanation: The attribute list could not be extracted
from a credential. This may be due to resource
exhaustion, and as such be transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2069W The attribute list could not be
retrieved from a credential: API error
code [%x:%x].
Explanation: The attribute list could not be extracted
from a credential. This may be due to resource
exhaustion, and as such be transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2070W The list of entry names could not be
retrieved from an attribute list: API
error: %s (API error code: [%x:%x]).
Explanation: The list of entry names could not be
extracted from an attribute list. This may be due to
resource exhaustion, and as such be transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2071W The list of entry names could not be
retrieved from an attribute list: API
error code [%x:%x].
Explanation: The list of entry names could not be
extracted from an attribute list. This may be due to
resource exhaustion, and as such be transient.
Administrator response: If the problem persists, check
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
256
Version 7.0: Error Message Reference
DPWWA2072E • DPWWA2080E
support/index.html?ibmprd=tivman
DPWWA2072E No cryptographic keys are
configured for cross domain single
sign-on in the stanza '%s'.
Explanation: No keys are configured for Cross
Domain Single Sign-On in the specified stanza. For
Cross Domain Single Sign-On to operate, keys must be
configured in this stanza.
Administrator response: Correct the configuration, or
use the cdsso_key_gen utility to create keys for use by
CDSSO. CDSSO keys must be securely shared by, and
installed on, all CDSSO participant servers.
DPWWA2073E No cryptographic keys are
configured for e-community single
sign-on in the stanza '%s'.
Explanation: No keys are configured for e-Community
Single Sign-On in the specified stanza. For
e-Community Single Sign-On to operate, keys must be
configured in this stanza.
Administrator response: Correct the configuration, or
use the cdsso_key_gen utility to create keys for use by
eCSSO. eCSSO keys must be securely shared by and
installed on all servers participating in the
e-Community.
DPWWA2074W The machine '%s' could not vouch
for the user's identity: error: %s (error
code: %#lx)
Explanation: The specified machine returned a token
indicating that it could not vouch for the user's identity.
This means that either the user's account is disabled, or
that the user was unable to authenticate to the specified
machine.
Administrator response: If the message indicates that
the user's account is disabled, check whether this
should be the case. If the message indicates an
authentication failure, the user may need to have their
password changed. If possible, check the log messages
on the specified machine for more information.
DPWWA2075E The stanza '%s' contains an invalid
SSO token incoming attribute
configuration item: '%s = %s'.
Explanation: The SSO token incoming attribute
stanzas specify attributes that are accepted and rejected
from incoming eCSSO or CDSSO tokens. The right
hand side of the items in this stanza must be either
'accept' or 'reject'.
Administrator response: Locate and correct the
invalid configuration item and try again.
DPWWA2076E Failed to construct a credential from
a PAC supplied by an EAI server. Major
status = 0x%x, minor status = 0x%x.
Explanation: An EAI server constructed a PAC to
authenticate a user, but the PAC could not be converted
to a credential.
Administrator response: Investigate the PAC
construction and verify that the PAC data is valid for
IBM Security Access Manager.
DPWWA2077E Could not authenticate user. An EAI
server returned invalid authentication
data.
Explanation: An EAI server failed to return proper
authentication data in an authentication response. This
is typically due to a misconfigured EAI server.
Administrator response: Investigate and correct any
problems with the authentication headers returned by
the EAI server.
DPWWA2078E Could not authenticate user. An
external authentication service did not
return required authentication data.
Explanation: An EAI server did not return required
authentication data in an authentication response. This
is typically due to a misconfigured EAI server not
returning attributes that it must return.
Administrator response: Investigate and correct any
problems with the authentication headers returned by
the EAI server.
DPWWA2079E Configuration of the SSO create
and/or consume authentication
module(s) failed: %s'.
Explanation: ECSSO and/or CDSSO is configured to
create and/or consume authentication tokens, but the
modules could not be configured. This means that they
are either not properly loaded, or there is a fatal
problem with the current configuration settings.
Administrator response: Ensure that the
sso-create/sso-consume libraries are properly specified
in the configuration file.
DPWWA2080E The session inactivity timestamp is
missing from the failover cookie.
Explanation: WebSEAL is configured to require
inactivity timestamps in all received failover cookies,
and a failover cookie was received that did not have
the session inactivity timestamp.
Administrator response: Set failover-validateinactivity-timestamp to optional.
Chapter 6. Security Access Manager Web Runtime Messages
257
DPWWA2081E • DPWWA2092E
DPWWA2081E The session lifetime timestamp is
missing from the failover cookie.
Explanation: WebSEAL is configured to require
lifetime timestamps in all received failover cookies, and
a failover cookie was received that did not have the
session inactivity timestamp.
Administrator response: Set failover-validate-lifetimetimestamp to optional.
DPWWA2082E This system error code could not be
converted to an error string.
Explanation: The system error code has no equivalent
error string.
Administrator response: No action is required.
DPWWA2083E The shared library could not be
opened.
Explanation: The shared library could not be opened.
Administrator response: Examine earlier messages in
the log containing this message to identify the module
that could not be opened. Check that the identified
library exists and is found within the configured library
path.
DPWWA2084E Could not find the requested
symbol.
Explanation: The requested symbol was not found
within the shared library.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWWA2085E The shared library file '%s' could not
be opened: %s
Explanation: The specified shared library file could
not be opened. The system error string is given.
Administrator response: Ensure the specified shared
library file exists and has appropriate permissions.
Restart the process.
DPWWA2086E The symbol '%s' could not be
resolved in the shared library '%s': %s
Explanation: The specified symbol could not be
resolved. The system error string is given.
Administrator response: Ensure the specified shared
library file is the appropriate type of library file. Restart
the process. If the problem persists, check IBM
258
Version 7.0: Error Message Reference
Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2087E The '%s' flag to the authentication
module requires an argument.
Explanation: The authentication module flag must
have an argument.
Administrator response: Add an argument to the
specified flag.
DPWWA2088E Unknown authentication module
flag '%s'.
Explanation: An invalid option was provided to the
authentication module.
Administrator response: Provide correct
authentication module option.
DPWWA2089E The authentication module flag '%s'
requires an integer argument.
Explanation: The argument of the authentication
module flag must be an integer.
Administrator response: Ensure that the argument of
the authentication module flag is an integer.
DPWWA2090E The session activity timestamp is
missing from the failover cookie.
Explanation: WebSEAL is configured to require
activity timestamps in all received failover cookies, and
a failover cookie was received that did not have the
session activity timestamp.
Administrator response: Set failover-require-activitytimestamp-validation to no.
DPWWA2091E Bad EAI trigger URL pattern '%s' in
configuration file.
Explanation: The EAI trigger is not formatted
correctly. If it is a Virtual Host junction trigger it must
begin with HTTP[S]://hostname[:port]/.
Administrator response: Correct the syntax of the EAI
trigger.
DPWWA2092E Could not reset the cache session
lifetime because the EAI server
provided a bad value ('%s') in the
'am_eai_xattr_session_lifetime' header.
Explanation: WebSEAL could not reset the cache
session lifetime because the header value returned by
the EAI server is invalid. The value must contain only
numeric digits.
Administrator response: Investigate and correct any
DPWWA2093E • DPWWA2401E
problems with the 'am_eai_xattr_session_lifetime'
extended attribute header returned by the EAI server.
DPWWA2093E Configuration item '[%s]%s' has an
invalid value '%s'
Explanation: A configuration item in the configuration
file has a bad value. For example it is expecting an
integer and was provided with a string
Administrator response: The configuration item
should be changed to a valid entry
DPWWA2100E The new user ID does not match the
user ID previously presented to
authenticate.
Explanation: In the event of a step-up operation with
verify-step-up-user set to true, the user ID presented to
this authentication level must match the user ID
authenticated to the previous level.
Administrator response: The user must present the
same user ID provided in the previous authentication
level.
DPWWA2101E The new user ID (%s) does not
match the user ID (%s)previously
presented to authenticate.
Explanation: In the event of a step-up operation with
verify-step-up-user set to true, the user ID presented to
this authentication level must match the user ID
authenticated to the previous level.
Administrator response: The user must present the
same user ID provided in the previous authentication
level.
DPWWA2250E The ACL attached to the requested
resource does not permit the Traverse
operation.
Explanation: The ACL attached to the requested
resource does not permit the Traverse operation.
Administrator response: Modify the ACL if necessary,
or inform the user that they are not permitted to access
the resource.
DPWWA2251E The ACL attached to the requested
resource does not allow access by this
user.
Explanation: The ACL attached to the requested
resource does not allow access by the client.
Administrator response: Modify the ACL if necessary,
or inform the user that they are not permitted to access
the resource.
DPWWA2252E The requested resource is protected
by a policy that restricts access to
specific time periods. This request is
prohibited at this time.
Explanation: A time-of-day POP is attached to the
requested resource that has prohibited access at the
time of the request.
Administrator response: Modify the POP if necessary,
or inform the user of the policy details.
DPWWA2253E An External Authorization Server
has denied access to the requested
resource.
Explanation: An External Authorization Server has
denied access to the requested resource.
Administrator response: Modify the EAS if necessary,
or inform the user that they are not permitted to access
the resource.
DPWWA2254E The requested resource is protected
by a policy that restricts access to
specific clients. This request is
prohibited for this client.
Explanation: Step-up is configured for the requested
resource, but the client IP address is forbidden to
step-up.
Administrator response: Modify the POP if necessary,
or inform the user that they are not permitted to access
the resource.
DPWWA2255E This user does not have permissions
to perform a delegated operation.
Explanation: This user does not have permissions to
perform a delegated operation.
Administrator response: Modify the ACL attached to
the resource to grant the user delegation permissions,
or inform the user that they are not permitted to
perform the requested operation.
DPWWA2400E
Invalid challenge header
Explanation: SPNEGO Authentication requires
decoding a challenge header from the client. That
header had an invalid format.
Administrator response: Make sure that the client is
one supported by WebSEAL.
DPWWA2401E An internal error occurred during
SPNEGO processing.
Explanation: SPNEGO authentication failed because of
an internal error. This indicates a serious problem.
Administrator response: If the problem persists, check
Chapter 6. Security Access Manager Web Runtime Messages
259
DPWWA2402E • DPWWA2410E
IBM Electronic Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2402E Initialization of Kerberos
authentication failed.
Explanation: Initialization of Kerberos authentication
failed.
Administrator response: Check for additional error
messages in log files. Check your SPNEGO
configuration entries to make sure they match the
documentation.
DPWWA2403E Your browser supplied NTLM
authentication data. NTLM is not
supported by WebSEAL. Make sure
your browser is configured to use
Integrated Windows Authentication.
Explanation: If a browser is improperly unconfigured,
it will supply NTLM authentication data instead of
SPNEGO data.
Administrator response: Make sure that the browser
is located in the same domain as the WebSEAL server.
Refer to your browser documentation to make sure it is
configured properly for Integrated Windows
Authentication.
DPWWA2404E An error occurred when creating the
SPNEGO token.
Explanation: An error occurred when creating the
SPNEGO token for the GSS-API token.
Administrator response: This problem is most likely
due to an internal error or misconfiguration. Check the
SPNEGO related configuration items in your server for
errors.
DPWWA2405W Cannot update failover cookie for
switch-user admins
Explanation: A switch-user admin cannot get a
failover cookie for the user impersonated; this is a
known limitation of failover with switch-user
Administrator response: No action is required.
DPWWA2406W Could not find the failover session
ID in the user's failover token
Explanation: A user is trying to authenticate with a
failover token that should have a session ID encoded
from another WebSEAL replica. The session ID is
missing from the token, indicating a configuration error
at one of the replicas.
Administrator response: Ensure failover-includesession-id configuration settings are correct.
260
Version 7.0: Error Message Reference
DPWWA2407W The failover session ID in the user's
failover token does not match the
session ID in the user's session cookie.
Explanation: When trying to establish a session with
failover-include-session-id enabled, the session ID
stored in the session cookie and the user's failover
token must match. A mismatch indicates a possible
security breach. WebSEAL will issue new session and
failover cookies for the user.
Administrator response: Ensure failover-includesession-id configuration settings are correct.
DPWWA2408W Cannot find the session cookie in
the user's request for use in comparing
with the failover cookie.
Explanation: When attempting to establish a nonsticky
failover session, WebSEAL could not find the user's
session cookie. The cookie is required for a comparison
with the session id in the failover token. Ensure
configuration settings are correct.
Administrator response: Check cookie and nonsticky
failover settings.
DPWWA2409W Reverse lookup for host '%s'
returned an alternate host name '%s'.
This might prevent SPNEGO
authentication from functioning
properly.
Explanation: The SPNEGO authentication module
attempted to validate the SPNEGO principal name by
checking that the reverse lookup for the specified host
name resolves to the same host name as the original.
The host name returned for the reverse lookup did not
match the original host name.
Administrator response: If server startup succeeds
and SPNEGO authentication functions properly, no
action need be taken. If there are problems with
SPNEGO authentication, make sure that your host
name resolution is properly configured. Refer to the
TAM WebSEAL Administration Guide for additional
information about the problem.
DPWWA2410E Initialization of Kerberos
authentication for server principal '%s'
failed.
Explanation: Initialization of Kerberos authentication
for the specified principal failed.
Administrator response: Check for additional error
messages in log files. Refer to the TAM WebSEAL
Administration Guide for additional information.
DPWWA2411E • DPWWM1299E
DPWWA2411E No SPNEGO service principal
credential found for Virtual Host
Junction '%s'.
Explanation: SPNEGO authentication cannot complete
unless the SPNEGO keytab file contains a service
principal matching the host name of the virtual host
junction and the service principal is listed in the
WebSEAL configuration file.
Administrator response: Verify that the client is using
the correct hostname to contact the virtual host. Verify
that the WebSEAL configuration file contains an entry
'[spnego]spnego-krb-service-name =
[email protected]<hostname>' for the virtual host. The SPNEGO
keytab file must contain a key for the principal.
DPWWA2550E Error initializing the credential
policy entitlements service
Explanation: An error occurred when loading the
credential policy entitlements service.
Administrator response: Check the log file for
additional error messages. The other error messages
contain more information about the problem.
DPWWA2551E Policy retrieval for user %s failed: %s
(error code: 0x%lx)
Explanation: An error occurred when trying to
retrieve credential policy attributes for the specified
user.
Administrator response: Examine the status message
and code embedded in this message to identify the root
cause of the problem.
DPWWA2734W The authentication type is
unknown. The audit event will not be
recorded.
Explanation: An authentication event has occurred.
However, the authentication type utilized is not a
known value and, as such, the audit event will not be
recorded.
Administrator response: No action is required
DPWWA2735W The reason for the session
termination is unknown. The audit
event will not be recorded.
Explanation: A session has been terminated. The
reason for this termination, however, is unknown.
Because of this the audit record of this event could be
considered broken and, as such, will not be audited.
Administrator response: No action is required
DPWWA2850E A general failure has occured within
the SOAP client.
Explanation: An error has occured within the SOAP
client.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWWA2851E An error was returned from the
SOAP server in cluster %s when calling
the %s interface: %s (code: 0x%x).
Explanation: The web service returned an error.
Administrator response: Examine messages within the
session management server log. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWWA2852E An error occurred when attempting
to communicate with the SOAP server
URL %s: %s (error code: %d/0x%x).
Explanation: An attempt was made to communicate
with the SOAP server and a failure occured within the
underlying communications layer.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Ensure that the SOAP server is running and
reachable. If the problem persists, check IBM Electronic
Support for additional information http://www.ibm.com/software/sysmgmt/products/
support/index.html?ibmprd=tivman
DPWWA2853E
The SOAP client failed to initialized.
Explanation: The SOAP client for a Web service could
not be initialized.
Administrator response: Examine additional messages
to determine the cause of the error and correct the
problem. Restart the process. If the problem persists,
check IBM Electronic Support for additional
information - http://www.ibm.com/software/
sysmgmt/products/support/
index.html?ibmprd=tivman
DPWWM1299E
Invalid flag '-%c'
Explanation: An invalid flag was passed to a
command.
Administrator response: Read the manual to identify
the flag you want to use.
Chapter 6. Security Access Manager Web Runtime Messages
261
DPWWM1300E • DPWWM1327E
DPWWM1300E
Flag '-%c' does not take an argument
Explanation: An invalid argument was passed to a
command.
Administrator response: Correct the syntax of the
command.
DPWWM1301E
DPWWM1320E Must specify the junction server
hostname using the '-h' flag
Explanation: No hostname was passed to the add or
create command.
Administrator response: Include the hostname in the
command.
Missing argument for '-%c' flag
Explanation: An argument is required for the option
used.
Administrator response: Correct the syntax of the
command.
DPWWM1302E Basic authentication type must be
one of: ignore, filter,supply or gso
DPWWM1321E
Invalid port %s
Explanation: The port number specified was invalid.
Port numbers must be integers greater than zero.
Administrator response: Specify a valid port number.
DPWWM1322E
Invalid proxy port %s
Explanation: An invalid argument followed the -b
flag.
Explanation: An invalid port number was passed
using the -P flag. Port numbers must be integers
greater than zero.
Administrator response: Correct the syntax of the
command.
Administrator response: Pass a valid port number to
the create or add command.
DPWWM1314E Must specify the junction type
using the '-t' flag
DPWWM1323E A proxy TCP port must be supplied
with the -P option
Explanation: The junction type was not passed with
the create command.
Explanation: No -P argument was specified to the add
or create command even though the -H argument was
specified.
Administrator response: Pass the junction type as an
argument to the -t flag.
DPWWM1315E
Must specify a junction point
Explanation: No junction point was passed as an
argument.
Administrator response: Correct the syntax of the
command.
DPWWM1316W WARNING: A junction already
exists at %s
Explanation: A junction already exists at the specified
junction point.
Administrator response: Either replace the existing
junction or specify a different junction point.
DPWWM1318E
Administrator response: Include the -P argument in
the command.
Cannot create junction
Explanation: A junction create command failed.
Administrator response: This message is preceded by
a detailed explanation of why the junction could not be
created. Correct the problem and try to create the
junction again.
DPWWM1324E Can only use -T flag when using '-b
gso'
Explanation: The -T flag was specified to the create
command without the -b flag.
Administrator response: If you want to use GSO for
the junction, pass -b gso as an argument to the junction
create command. If you do not want to use GSO, then
do not pass the -T flag to the create command.
DPWWM1325E Must also use -T flag when using
'-b gso'
Explanation: The -b gso flag was passed to the create
command without a corresponding -T flag.
Administrator response: Include the name of the GSO
target which should be used for the junction.
DPWWM1327E Must specify a file system directory
using the '-d' flag
Explanation: No directory was specified when trying
to create a local junction.
Administrator response: If you want to create a local
junction, pass the full path to the directory to use with
the -d flag. If you want to create another type of
262
Version 7.0: Error Message Reference
DPWWM1330E • DPWWM1346E
junction, pass the correct type using the -t flag.
DPWWM1330E Must specify a server to remove
using the '-i' flag
Explanation: No -i flag was passed to the 'remove'
command.
Administrator response: If you want to delete the
junction entirely, use the 'delete' command. If you want
to remove a particular server, use the 'show' command
to loook up the UUID of the server to remove, and
then pass the UUID as the argument to the -i flag.
DPWWM1332E
Invalid server ID
Explanation: The argument passed to -i was not a
valid UUID.
Administrator response: Obtain the correct UUID by
using the 'show' command and pass a valid UUID as
an argument to the 'remove' command.
DPWWM1333E
DPWWM1337E
Could not update junction
Explanation: This message is followed by an
explanation of why the junction could not be modified.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWWM1339E
Junction not found at %s.
Explanation: An attempt was made to add or remove
a server from a junction point which does not exist.
Administrator response: Use the 'list' and 'show'
commands to figure out which junction point you
should use.
DPWWM1341E
Create junction
Explanation: This message is followed by an
explanation of why the creation failed.
Administrator response: Fix the problem described in
the message following this message.
Could not fetch junction definition
Explanation: This message is followed by an
explanation of the problem.
DPWWM1342E Can't add servers to this type of
junction
Administrator response: Correct the problem
described by the following message.
Explanation: It is not possible to add servers to local
junctions.
DPWWM1334E Can only remove servers from a
TCP, SSL or mutual junction
Explanation: It is not possible to remove a server from
a local junction.
Administrator response: Correct the junction point
specified in the remove command. The junction point
should belong to a TCP, SSL or mutual junction.
DPWWM1335E
Server %s not found at junction %s
Explanation: An attempt was made to remove a
junction server based on a UUID which did not match
any of the servers on the junction point.
Administrator response: Only add servers to TCP,
SSL, TCP proxy, SSL proxy or mutual junctions. Figure
out which junction you wish to add a server to using
the 'list' and 'show' commands, and then pass the
correct junction point to the 'add' command.
DPWWM1343E
Add server
Explanation: An attempt to add a server failed.
Administrator response: This message is followed by
an explanation of why the server could not be added.
Correct the problem.
DPWWM1345E
Cannot list junctions
Administrator response: Use the 'show' command to
find the correct UUID and pass the correct UUID to the
'remove' command.
Explanation: This message is followed by an
explanation of why junctions could not be listed.
Correct the problem described in that message.
DPWWM1336E
Administrator response: Correct the problem
described in the following message.
Could not delete junction
Explanation: This message is followed by an
explanation of why the junction could not be deleted.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWWM1346E
Cannot show junction
Explanation: This message is followed by an
explanation of the problem. Correct the problem
described in that message.
Administrator response: Correct the problem
described in the following message.
Chapter 6. Security Access Manager Web Runtime Messages
263
DPWWM1392E • DPWWM1437E
DPWWM1392E
Bad value for path attribute.
Explanation: An item from a configuration file which
should be set to a path name is an empty string
instead.
Administrator response: Add the path to the
configuration file.
DPWWM1416E Error: No filename specified in
request.
Explanation: WebSEAL was unable to locate a
template file to return to the user. The file may have
been specified using the /pkms.....?filename=name.html
construct or may have been one of the default response
files.
Administrator response: If the link which produced
this error was a PKMS page that included a
?filename=-name- query, make sure the format of the
query portion of the link is correct. If the link which
produced this error was not a PKMS page that
included a file name specification, make sure that all
files in the www/lib/-lang- directories are readable by
the ivmgr user (on UNIX systems) or by all users (on
Windows systems.)
DPWWM1417E
Error: Could not retrieve file data.
Explanation: WebSEAL was unable to locate a
template file to return to the user. The file may have
been specified using the /pkms.....?filename=name.html
construct or may have been one of the default response
files.
Administrator response: If the link which produced
this error was a PKMS page that included a
?filename=-name- query, verify that the file specified by
-name- is located in the www/lib/-lang- (where -langis the language appropriate to the user's browser)
directory and is readable by the ivmgr user (on UNIX
systems) or by all users (on Windows systems.) If the
link which produced this error was not a PKMS page
that included a file name specification, make sure that
all files in the www/lib/-lang- directories are readable
by the ivmgr user (on UNIX systems) or by all users
(on Windows systems.)
DPWWM1419E You can only use the -u flag with a
stateful junction.
Explanation: The -u flag was passed to the add or
create command without the -s flag. UUIDs can only be
specified for stateful junctions.
Administrator response: If you wish to specify the
UUID of the junction, then specify the -s flag as well as
the -u flag.
264
Version 7.0: Error Message Reference
DPWWM1420E The UUID specified with the -u flag
is in an invalid format.
Explanation: An invalid UUID was specified with the
-u flag to the 'add' or 'create' commands.
Administrator response: Correct the format of the
UUID. If you are unsure of the proper format for a
UUID, examine the output of the 'show' command for a
junction. The 'ID' entry will contain a valid UUID.
DPWWM1427E -D flag only supported with ssl,
sslproxy or mutual junctions.
Explanation: The -D flag can only be used for SSL,
SSL proxy or mutual junctions.
Administrator response: Either make this an SSL/SSL
Proxy or Mutual junction or do not specify the DN of
the junctioned server.
DPWWM1432W NOTE: Ensure the CA root
certificate used to sign the junctioned
server certificate is installed in the
WebSEAL certificate key database.
Explanation: WebSEAL was unable to communicate
with an SSL junction because the junction presented a
certificate WebSEAL could not validate.
Administrator response: See message.
DPWWM1435E -C flag only supported with ssl or
sslproxy junctions.
Explanation: The -C flag can only be used for SSL or
SSL proxy junctions.
Administrator response: Either make this an SSL or
SSL Proxy junction or do not make the junction a
WebSEAL to WebSEAL junction.
DPWWM1436E Either -K or -B can be defined for a
junction.
Explanation: Both -K and -B were specified in the
junction creation command. The two options cannot be
used simultaneously on the same junction.
Administrator response: Read the manual and figure
out whether you want to use -K, -B, or neither.
DPWWM1437E Both -K and -B flag only supported
with ssl, sslproxy or mutual junctions.
Explanation: The -K and -B flags can only be used for
SSL, SSL proxy or mutual junctions.
Administrator response: Either make this an SSL/SSL
Proxy or Mutual junction or do not make the junction
mutually authenticated.
DPWWM1438E • DPWWM1510E
DPWWM1438E The -b option cannot be specified
with the -B option.
Explanation: Both -b and -B were specified in the
junction creation command. The two options cannot be
used simultaneously on the same junction.
Administrator response: Read the manual and figure
out whether you want to use -b, -B, or neither.
DPWWM1439E -U <username> and -W <password>
must be supplied with the -B option.
Explanation: The -B flag was specified without the -U
and -W flags.
Administrator response: Specify the username and
password for the junction with the -U and -W flags.
DPWWM1451W Too few authentication methods
configured.
Explanation: Too few authentication methods have
been specified.
Administrator response: Add 1 or more
authentication methods to the authentication levels
stanza configuration.
DPWWM1461E
Failed loading JMT table
Explanation: The JMT file could not be read from
disk.
Administrator response: Make sure the JMT file
specifed in webseald.conf is present in the installation
directory and is readable by the ivmgr user.
DPWWM1490E No dynurl.conf file found. No
changes were made.
Explanation: No dynurl.conf file was present when
the dynurl update command was issued.
Administrator response: Create the dynurl.conf file.
DPWWM1493E Junction '%s' has reached it's worker
thread hard limit.
Explanation: The configured maximum number of
worker threads for this junction has been reached. The
overloaded requests are being retured with 503, Service
Unavailable. This could be due to either a slow junction
or too many requests.
Administrator response: Increase number of worker
threads, increase hard limit or decrease load.
DPWWM1452W No unauthenticated method
configured.
DPWWM1494W Junction '%s' has reached it's
worker thread soft limit
Explanation: The unauthenticated method has not
been specified
Explanation: A configured warning level has been
reached for this junction on the number of worker
threads currently active on it. This could be due to
either a slow junction or too many requests.
Administrator response: Ensure that the
unauthenticated method occurs first in the
authentication levels stanza configuration.
DPWWM1453E
Invalid authentication method.
Explanation: The specified authentication method is
either invalid or unsupported in the current product
configuration.
Administrator response: Verify the validity of the
specified authentication method.
DPWWM1454E
Administrator response: Prepare to increase number
of worker threads, increase soft limit or decrease load.
The requested operation is not valid
Explanation: IBM Security Access Manager was
unable to perform a requested operation beca use it is
not valid. An example would be a token authentication
user attempting to change their password
Administrator response: Consult documentation for
operation.
DPWWM1499W The configured number of worker
threads, %d, is greater than the system
can support, %d. It has automatically
been reduced.
Explanation: Each operation system has different
levels of support for threads and open files. That
combined with compile time options will provide limits
on the configurable number of worker threads.
Administrator response: The software automatically
reduced the value. However to stop this message
appearing you may set the value in the configuration
file lower.
DPWWM1510E One or more entries in dynurl.conf
do not specify URLs
Explanation: See message.
Administrator response: Examine dynadi.conf for
formatting and content errors.
Chapter 6. Security Access Manager Web Runtime Messages
265
DPWWM1513W • DPWWM1528E
DPWWM1513W The stanza '%s' in the configuration
file contains an unrecognised P3P
compact policy element: '%s'.
Explanation: The given entry is not a valid P3P HTTP
header configuration entry.
Administrator response: Correct the configuration file
entry. The list of valid P3P compact policy elements is
given in the documentation.
DPWWM1514W The stanza '%s' in the configuration
file contains an unrecognised value for
the P3P compact policy element '%s':
'%s'.
Explanation: The specified P3P HTTP header
configuration entry contains an invalid value.
Administrator response: Correct the configuration file
entry. The list of accepted values for each P3P compact
policy element is given in the documentation.
DPWWM1518E A proxy hostname must be supplied
with the -H option
Explanation: No -H argument was specified to the
add or create command even though the -P argument
was specified.
Administrator response: Include the -H argument in
the command.
DPWWM1522E Only 'onfocus', 'inhead', 'xhtml10'
and 'trailer' are supported with the -J
option.
Explanation: An invalid option was supplied with the
-J flag.
Administrator response: Correct the syntax of the
command.
DPWWM1523E You can not specify both -C and -B
flags when creating a junction.
DPWWM1515E The configuration for P3P HTTP
header insertion is invalid.
Explanation: The -C and -B flags use the same method
to transmit authentication data and thus would
overwrite each other if used together.
Explanation: One or more aspects of the P3P HTTP
header configuration are invalid. Earlier log messages
give more specific details.
Administrator response: Do not specify both flags
when creating the junction.
Administrator response: Examine other log messages
to determine the specific error or errors in the
configuration file, and correct the configuration.
DPWWM1524E The -P flag is valid only for mutual,
tcpproxy and sslproxy type junctions.
DPWWM1516W No P3P policy elements are
configured in the stanza '%s', but P3P
header insertion has been enabled.
Explanation: P3P header insertion has been enabled in
the configuration file, but no P3P policy has been
configured. P3P headers cannot be inserted until the
P3P policy is configured.
Administrator response: Either add P3P policy
elements to the stanza, or disable P3P header insertion.
DPWWM1517E The -H and -P flags are valid only
for tcpproxy and sslproxy type
junctions.
Explanation: The -H and -P parameters are only valid
for tcpproxy or sslproxy type junctions. Either create
one of those types of junctions or remove the -H and -P
parameters from this command.
Administrator response: Create a tcpproxy or sslproxy
type junction.
Explanation: The -P parameter is only valid for
mutual, tcpproxy or sslproxy type junctions. Either
create one of those types of junctions or remove the -P
parameter from this command.
Administrator response: Create a mutual, tcpproxy or
sslproxy type junction.
DPWWM1527E The supplied TCP and SSL ports
must be different.
Explanation: The TCP and SSL port values which
have been supplied point to the same port. This is not
a valid configuration.
Administrator response: Specify different port values
for the TCP and SSL port options.
DPWWM1528E The -V flag is valid only for mutual
junctions.
Explanation: The -V parameter is only valid for
mutual type junctions. Either create one of those types
of junctions or remove the -V parameter from this
command.
Administrator response: Remove the -V flag or create
a mutual type of junction.
266
Version 7.0: Error Message Reference
DPWWM1531W • DPWWM2055E
DPWWM1531W Error: The supplied keyfile must
not contain any path information.
DPWWM2050W WARNING: A Virtual Host
Junction already exists using label %s
Explanation: A base path for LTPA keyfiles has been
statically configured and as such the supplied file name
should not contain any path information.
Explanation: A Virtual Host Junction already exists
using the specified Virtual Host Junction label.
Administrator response: Specify the name of the
keyfile without any path information.
DPWWM1532W Error: The supplied FSSO
configuration file must not contain any
path information.
Explanation: A base path for FSSO configuration files
has been statically configured and as such the supplied
file name should not contain any path information.
Administrator response: Specify the name of the
FSSO configuration file without any path information.
DPWWM2041E
Cannot create Virtual Host Junction
Explanation: A virtualhost create command failed.
Administrator response: This message is preceded by
a detailed explanation of why the Virtual Host Junction
could not be created. Correct the problem and try to
create the Virtual Host Junction again.
DPWWM2044E
Create Virtual Host Junction
Explanation: This message is followed by an
explanation of why the creation failed.
Administrator response: Fix the problem described in
the message following this message.
DPWWM2045E Can't add servers to this type of
Virtual Host Junction
Explanation: It is not possible to add servers to local
Virtual Host Junctions.
Administrator response: Only add servers to TCP,
SSL, TCP proxy, or SSL proxy Virtual Host Junctions.
Figure out which Virtual Host Junction you wish to
add a server to using the 'virtualhost list' and
'virtualhost show' commands, and then pass the correct
Virtual Host Junction label to the 'virtualhost add'
command.
DPWWM2047E Must specify the Virtual Host
Junction type using the '-t' flag
Explanation: The Virtual Host Junction type was not
passed with the create command.
Administrator response: Pass the Virtual Host
Junction type as an argument to the -t flag.
Administrator response: Either replace the existing
Virtual Host Junction or specify a different Virtual Host
Junction label.
DPWWM2051E -C flag only supported with ssl or
sslproxy Virtual Host Junctions.
Explanation: The -C flag can only be used for SSL or
SSL proxy Virtual Host Junctions.
Administrator response: Either make this an SSL/SSL
Proxy Virtual Host Junction or do not make the Virtual
Host Junction a WebSEAL to WebSEAL Virtual Host
Junction.
DPWWM2052E Can only use -T flag when using '-b
gso'
Explanation: The -T flag was specified to the
virtualhost create command without the -b flag.
Administrator response: If you want to use GSO for
the Virtual Host Junction, pass -b gso as an argument
to the virtualhost create command. If you do not want
to use GSO, then do not pass the -T flag to the
virtualhost create command.
DPWWM2053E Must also use -T flag when using
'-b gso'
Explanation: The -b gso flag was passed to the
virtualhost create command without a corresponding -T
flag.
Administrator response: Include the name of the GSO
target which should be used for the Virtual Host
Junction.
DPWWM2054E Either -K or -B can be defined for a
Virtual Host Junction.
Explanation: Both -K and -B were specified in the
virtualhost create command. The two options cannot be
used simultaneously on the same Virtual Host Junction.
Administrator response: Read the manual and figure
out whether you want to use -K, -B, or neither.
DPWWM2055E Both -K and -B flag only supported
with ssl or sslproxy Virtual Host
Junctions.
Explanation: The -K and -B flags can only be used for
SSL or SSL proxy Virtual Host Junctions.
Administrator response: Either make this an SSL/SSL
Proxy Virtual Host Junction or do not make the Virtual
Chapter 6. Security Access Manager Web Runtime Messages
267
DPWWM2056E • DPWWM2068E
Host Junction mutually authenticated.
DPWWM2056E -U <username> and -W <password>
must be supplied with the -B option.
Explanation: The -B flag was specified without the -U
and -W flags.
Administrator response: Specify the username and
password for the Virtual Host Junction with the -U and
-W flags.
DPWWM2057E The -b option cannot be specified
with the -B option.
Explanation: Both -b and -B were specified in the
virtualhost create command. The two options cannot be
used simultaneously on the same Virtual Host Junction.
Administrator response: Read the manual and figure
out whether you want to use -b, -B, or neither.
DPWWM2058E Must specify the Virtual Host
Junction server hostname using the '-h'
flag
Explanation: No hostname was passed to the
virtualhost add or create command.
Administrator response: Include the hostname in the
command.
DPWWM2059E The -H and -P flags are valid only
for tcpproxy and sslproxy type Virtual
Host Junctions.
Explanation: The -H and -P parameters are only valid
for tcpproxy or sslproxy type Virtual Host Junctions.
Either create one of those types of Virtual Host
Junctions or remove the -H and -P parameters from this
command.
Administrator response: Create a tcpproxy or sslproxy
type Virtual Host Junction.
DPWWM2060E A proxy hostname must be supplied
with the -H option
Explanation: No -H argument was specified to the
virtualhost add or create command even though the -P
argument was specified.
Administrator response: Include the -H argument in
the command.
DPWWM2062E You can only use the -u flag with a
stateful Virtual Host Junction.
Explanation: The -u flag was passed to the virtualhost
add or create command without the -s flag. UUIDs can
only be specified for stateful Virtual Host Junctions.
Administrator response: If you wish to specify the
268
Version 7.0: Error Message Reference
UUID of the Virtual Host Junction, then specify the -s
flag as well as the -u flag.
DPWWM2063E -D flag only supported with ssl or
sslproxy Virtual Host Junctions.
Explanation: The -D flag can only be used for SSL or
SSL proxy Virtual Host Junctions.
Administrator response: Either make this an SSL/SSL
Proxy Virtual Host Junction or do not specify the DN
of the Virtual Host Junctioned server.
DPWWM2064E The UUID specified with the -u flag
is in an invalid format.
Explanation: An invalid UUID was specified with the
-u flag to the 'virtualhost add' or 'virtualhost create'
commands.
Administrator response: Correct the format of the
UUID. If you are unsure of the proper format for a
UUID, examine the output of the 'virtualhost show'
command for a Virtual Host Junction. The 'ID' entry
will contain a valid UUID.
DPWWM2065W NOTE: Ensure the CA root
certificate used to sign the Virtual Host
Junctioned server certificate is installed
in the WebSEAL certificate key
database.
Explanation: WebSEAL was unable to communicate
with an SSL Virtual Host Junction because the Virtual
Host Junction presented a certificate WebSEAL could
not validate.
Administrator response: See message.
DPWWM2067E Must specify a virtual hostname
using the '-v' flag
Explanation: No virtual hostname was specified when
trying to create a localtcp or localssl Virtual Host
Junction.
Administrator response: If you want to create a
localtcp or localssl Virtual Host Junction, you must set
it's virtual hostname using the -v flag.
DPWWM2068E Must specify a file system directory
using the '-d' flag
Explanation: No directory was specified when trying
to create a localtcp or localssl Virtual Host Junction.
Administrator response: If you want to create a
localtcp or localssl Virtual Host Junction, pass the full
path to the directory to use with the -d flag. If you
want to create another type of Virtual Host Junction,
pass the correct type using the -t flag.
DPWWM2069E • DPWWM2090E
DPWWM2069E Must specify a server to remove
using the '-i' flag
DPWWM2076E Server %s not found at Virtual Host
Junction %s
Explanation: No -i flag was passed to the 'virtualhost
remove' command.
Explanation: An attempt was made to remove a
Virtual Host Junction server based on a UUID which
did not match any of the servers on the Virtual Host
Junction.
Administrator response: If you want to delete the
Virtual Host Junction entirely, use the 'virtualhost
delete' command. If you want to remove a particular
server, use the 'virtualhost show' command to loook up
the UUID of the server to remove, and then pass the
UUID as the argument to the -i flag.
DPWWM2071E Could not delete Virtual Host
Junction
Explanation: This message is followed by an
explanation of why the Virtual Host Junction could not
be deleted.
Administrator response: Correct the problem
described in the message displayed after this message.
Administrator response: Use the 'virtualhost show'
command to find the correct UUID and pass the correct
UUID to the 'virtualhost remove' command.
DPWWM2077E Could not update Virtual Host
Junction
Explanation: This message is followed by an
explanation of why the Virtual Host Junction could not
be modified.
Administrator response: Correct the problem
described in the message displayed after this message.
DPWWM2080E
DPWWM2072E
Invalid server ID
Explanation: The argument passed to -i was not a
valid UUID.
Administrator response: Obtain the correct UUID by
using the 'virtualhost show' command and pass a valid
UUID as an argument to the 'virtualhost remove'
command.
Cannot list Virtual Host junctions
Explanation: This message is followed by an
explanation of why Virtual Host junctions could not be
listed. Correct the problem described in that message.
Administrator response: Correct the problem
described in the following message.
DPWWM2081E
Cannot show Virtual Host Junction
DPWWM2073E Virtual Host Junction not found
with label %s.
Explanation: This message is followed by an
explanation of the problem. Correct the problem
described in that message.
Explanation: An attempt was made to add or remove
a server from a Virtual Host Junction which does not
exist.
Administrator response: Correct the problem
described in the following message.
Administrator response: Use the 'virtualhost list' and
'virtualhost show' commands to figure out which
Virtual Host Junction point you should use.
DPWWM2088E Must specify a Virtual Host Junction
label
DPWWM2074E Could not fetch Virtual Host
Junction definition
Explanation: This message is followed by an
explanation of the problem.
Administrator response: Correct the problem
described by the following message.
Explanation: No Virtual Host Junction label was
passed as an argument.
Administrator response: Correct the syntax of the
command.
DPWWM2089E A Virtual Host Junction label cannot
contain the '/' character
Explanation: See text.
DPWWM2075E Can only remove servers from a
TCP or SSL Virtual Host Junction
Explanation: It is not possible to remove a server from
a local Virtual Host Junction.
Administrator response: Correct the Virtual Host
Junction label specified in the remove command. The
Virtual Host Junction label should belong to a TCP or
SSL Virtual Host Junction.
Administrator response: Correct the syntax of the
command and try again.
DPWWM2090E A junction mount point must begin
with '/'
Explanation: See text.
Administrator response: Correct the syntax of the
command and try again.
Chapter 6. Security Access Manager Web Runtime Messages
269
DPWWM2091E • DPWWM4045E
DPWWM2091E The existing Virtual Host Junction is
in an inconsistent state as it is missing
it's virtual host name.
Explanation: See text.
Administrator response: Contact product support.
DPWWM4023E Error reading configuration file %s:
%s
Explanation: There was an error opening a
configuration file.
Administrator response: Make sure the file exists and
is readable.
DPWWM4024E Stanza '%s' is missing from
configuration file.
Explanation: A needed stanza was not found.
Administrator response: The stanza should be added
to the configuration file
DPWWM4025E Unknown configuration item
'[%s]%s' in configuration file.
Explanation: Probably a typo of the configuration item
in the configuration file.
Administrator response: Correct the configuration
item in the configuration file.
DPWWM4041E Unable to read the stanza [%s]. Add
the stanza to theWebSEAL configuration
file to enable TFIM SSO for the
junction '%s'.
Explanation: See Message.
Administrator response: Add the configuration
options to the WebSEAL config file and restart the
WebSEAL server.
DPWWM4042E Unable to enable TFIM junction
SSO.
Explanation: See Message.
Administrator response: Add the configuration
options to the WebSEAL config file and restart the
WebSEAL server.
DPWWM4045E The address supplied with the -a
option, %s, is not a valid local address.
Explanation: See Message.
Administrator response: Ensure that the address
which is supplied is a valid local address for the
WebSEAL server.
270
Version 7.0: Error Message Reference
Chapter 7. Common Auditing and Reporting Service
messages
These messages are provided by the Common Auditing and Reporting Service
component.
CBACC0058W The maxCacheFiles property value of
maxCacheFiles disk cache files has been
reached. This means no more disk cache
files can be created until at least one
existing cache file is drained and
deleted. The server must be available
for this to happen. The value of the
diskCachePath property is diskCachePath.
The process will wait until it can create
a new cache file or the amount of time
specified by the tempStorageFull
property elapses, at which time events
will be discarded.
Explanation: The maximum allowed number of disk
cache files has been reached. This value is specified by
the value of the maxCacheFiles property.
Administrator response: The routine will wait until a
disk cache file is deleted before proceeding. Check the
values of the maxCacheFiles and maxCacheFileSize
properties. The combination of these values limits the
amount of disk space that will be used for disk
caching. When the limit is reached, the process will
wait for a disk cache file to be deleted. If this limit is
too low, it can be increased by increasing the value of
the maxCacheFiles property or the maxCacheFileSize
property, or both properties.
CBACC0059W The file system containing the disk
cache files may be out of space. The
value of the diskCachePath property is
diskCachePath. The process is not being
terminated because this problem will be
corrected when the server becomes
available and existing disk cache files
are drained and deleted. The process
will wait until space becomes available
or the amount of time specified by the
tempStorageFull property elapses, at
which time events will be discarded.
Explanation: An IOException was received when
trying to open or write to a disk cache file. This may
indicate that the file system is out of space.
Administrator response: Check the size of the file
system containing the file path name displayed in the
message. If it is too small to contain the amount of disk
caching required, then increase the size.
© Copyright IBM Corp. 2001, 2012
CBACC0060E
The file system containing the disk
cache files may be out of space or no
more cache files can be created. number
events were discarded.
Explanation: An event record could not be written to
the disk cache. Either the maximum number of cache
files exist and are all full or the system is out of disk
space.
Administrator response: Check the size of the file
system containing the file path name displayed in the
message. If it is too small to contain the amount of disk
caching required, then increase the size.
CBACC0066E
The event cannot be cached because
shutdown has started.
Explanation: An event record could not be written to
the disk cache because the disk cache is in the process
of shutting down.
Administrator response: None.
CBACE0028E
num_errors errors were reported while
attempting to send audit events,
possibly resulting in discarded audit
events.
Explanation: An event queue processing thread
received errors while attempting to send audit events.
Administrator response: One or more error messages
in the error log will be associated with this error
message. Inspect the error log for error messages just
prior to this one for more detailed information about
the error condition.
CBACE0037E
An error occurred while sending
events to the Common Auditing and
Reporting Service server: The SOAP
fault is soapfault_string and the fault
detail is soapfault_detail.
Explanation: The SOAP function failed.
Administrator response: The error message from the
call is included. Inspect this message to obtain more
specific information about the error condition.
CBACE0038E
An error occurred while opening the
disk cache file diskCachePath. The error
271
CBACE0042E • CBACE0064W
message is: errorMsg .
Explanation: The open of the disk cache file failed.
Administrator response: The error message from the
call is included. Inspect this message to obtain more
specific information about the error condition.
CBACE0042E
An error occurred while writing to the
disk cache diskCachePath. The error
message is: errorMsg.
Explanation: The write on the disk cache file failed.
Administrator response: The error message from the
call is included. Inspect this message to obtain more
specific information about the error condition.
Administrator response: Increase the maximum
number of cache files or make more disk space
available, or both.
CBACE0061E
Explanation: A Properties object contains a property
value that is not valid. The property name and the
incorrect value are provided in the message.
Administrator response: Correct the configuration of
the specified property.
CBACE0062E
CBACE0043E
An error occurred while reading the
disk cache file diskCachePath The error
message is: errorMsg.
The initialization property
propertyName value propertyValue cannot
be less than minValue or greater than
maxValue.
An unexpected exception was received
during the initialization of the disk
cache. The text of the exception is:
exceptionText
Explanation: The read on the disk cache file failed.
Explanation: An unexpected exception was received.
Administrator response: The error message from the
call is included. Inspect this message to obtain more
specific information about the error condition.
Administrator response: Check the exception text for
the cause of the problem. Correct the configuration, if
necessary, then retry the operation.
CBACE0044E
The disk cache directory diskCachePath
does not exist.
Explanation: The configured disk cache directory does
not exist.
Administrator response: Create the specified disk
cache directory.
CBACE0045E
The disk cache directory diskCachePath
is not a directory.
Explanation: The configured disk cache directory is
not a file directory.
Administrator response: Specify the correct directory.
CBACE0046E
An error occurred when creating a file
in the specified cache directory
diskCachePath. The error message is:
errorMsg.
Explanation: The configured disk cache directory is
not a file directory.
Administrator response: Specify the correct directory.
CBACE0047E
Disk cache initialization failed
because the minimum number of cache
files could not be created.
Explanation: The disk cache must be able to create at
least one cache file for successful initialization. This
may occur if there is not enough disk space available or
the configured value for the maximum number of
cache files is reached.
272
Version 7.0: Error Message Reference
CBACE0063W The Common Auditing and
Reporting Service server cannot be
contacted. This may be due to a
configuration error. Events will continue
to be cached until contact is
re-established. Events may be discarded
if contact is not re-established before
the maxCacheFiles parameter value of
maxCacheFiles is exceeded or there is no
more disk space.
Explanation: The server cannot be contacted.
Administrator response: Verify that the configured
values for serverURL, keyFilePath, certLabel,
stashFilePath, clientUserName, clientPassword,
compress, and responseTimeout are correct, then make
sure that the server is operational.
CBACE0064W The system has temporarily lost
contact with the Common Auditing and
Reporting Service server. Events will
continue to be cached until contact is
re-established. Events may be discarded
if contact is not re-established before
the maxCacheFiles parameter value of
maxCacheFiles is exceeded or there is no
more disk space.
Explanation: The server cannot be contacted.
Administrator response: Ensure that the server is
operational.
CBACE0800E • CBACE0809E
CBACE0800E
implementation received an exception from the event
validater.
The required initialization property
propertyName is missing.
Explanation: A Properties object is missing a required
property. This may be a property that is always
required, or may be a property that is required in
context of other property values.
Administrator response: Check the exception text for
the cause of the problem. Correct the configuration of
the Common Auditing and Reporting Service
properties for the application to specify values that are
acceptable to FileHandler.
Administrator response: Correct the configuration of
the Common Auditing and Reporting Service
properties for the application to configure the missing
property.
CBACE0805E
CBACE0801E
Explanation: An initialization Properties object is null
or not valid. There may be a problem with the
configuration of the application, or there may be an
internal error in the application.
The initialization property
propertyName value propertyValue is not
valid.
Administrator response: Correct the configuration of
the Common Auditing and Reporting Service
properties for the application.
Explanation: A Properties object contains a property
that is set to a value that is not valid. The property
name and the incorrect value are provided in the
message.
Administrator response: Correct the configuration of
the Common Auditing and Reporting Service
properties for the application to correct the value of the
specified property.
CBACE0802E
A Synchronization Mode Not
Supported Exception has been
generated: exception Text
Administrator response: There might be a problem
with the configuration of the application. View the log
for previous errors logged during the building of the
emitter implementation by the emitter factory.
CBACE0808E
Explanation: CARSTextFileEmitterImpl emitter
implementation received an exception from
FileHandler.
An exception was thrown by
java.util.logging.Logger when writing an
audit event to the audit text file.
Exception: exceptionText.
Explanation: The event could not be written to the
audit text file. There might be a problem with the file
system.
Administrator response: Check the exception text for
the cause of the problem. Correct the configuration to
specify values that are acceptable to FileHandler. Note
that the pattern is set according to configured values:
(auditFileLocation)/(auditFilePrefix)_audit(g).log Where
(g) is replaced by FileHandler with an incremented file
index for use in rollover.
Explanation: CARSTextFileEmitterImpl emitter
No emitter implementation is loaded.
Explanation: The emitter factory implementation does
not have an emitter implementation loaded.
An exception was generated by the
initialization of FileHandler(pattern,
auditFileSize, maxAuditFiles). Exception:
exceptionText
An exception was generated by the
event validation code. Exception:
exceptionText
The interface method methodName is
not supported by the current
implementation.
Explanation: An interface method has been called that
is not supported by the implementation class.
CBACE0807E
Administrator response: If the application requires the
specified synchronization mode, then correct the
configuration to identify an emitter implementation
that can support that mode.
CBACE0804E
CBACE0806E
Administrator response: There may be a problem
with the configuration of the application.
Explanation: A synchronization mode that is not
supported by the configured emitter has been specified
by the calling application.
CBACE0803E
The required Properties object is null
or not valid.
Administrator response: Check the exception text for
the cause of the problem, and correct the problem.
CBACE0809E
The Common Auditing and Reporting
Service Web service is not available. The
following exception was thrown when
sending audit events to the Web service:
exceptionText.
Explanation: The events could not be sent to the
Common Auditing and Reporting Service Web service.
Administrator response: Check the exception text for
Chapter 7. Common Auditing and Reporting Service messages
273
CBACE0810E • CBACE0821E
the cause of the problem, and correct the problem.
CBACE0810E
The application server is listening, but
the URL mapping to the Web service is
incorrect. exceptionText
Explanation: Unable to contact the Web service at the
endpoint specified.
Administrator response: Verify the endpoint of the
Web service is correct in the configuration. Contact the
server administrator as the application may not be
running.
CBACE0811E
The Web service communicated that it
had a problem with the message sent.
exceptionText
Explanation: The server communicated that it had a
problem with the request sent.
Administrator response: Verify that the events being
sent to the server are of the proper format.
CBACE0812E
An error occurred on the server.
exceptionText
Explanation: This is not a client-side problem. The
server had a problem while processing the request.
Administrator response: Notify the server
administrator that the server is experiencing problems.
CBACE0813E
An unknown error occurred while
communicating with the server.
exceptionText
Explanation: An unknown error was generated while
communicating with the server.
Administrator response: Analyze the exception text
for more details.
CBACE0814E
Both basic authentication and client
certificate authentication are specified in
the configuration. At most one is
allowed.
Explanation: Both basic authentication and client
certificate authentication are specified in the
configuration. At most one is allowed.
Administrator response: Modify the configuration
properties file to have at most one client authentication
mechanism.
CBACE0815E
No service was listening on the
provided port. exceptionText
Explanation: Unable to connect to an application
server listening on the port specified in the Web service
endpoint.
274
Version 7.0: Error Message Reference
Administrator response: Contact the server
administrator and make sure the server is running.
Verify that the provided endpoint for the application is
correct.
CBACE0816E
The SOAP client experienced an error
during the processing of the provided
event. exceptionText
Explanation: The SOAP client experienced an error
while processing the provided events to be sent to the
Web service
Administrator response: Verify that the sent event is
valid. Check the logs for more detail.
CBACE0817E
The SOAP client found a provided
event to be null.
Explanation: The SOAP client experienced an error
while processing the provided events because an event
was null.
Administrator response: Verify that the exploiter is
sending valid events.
CBACE0818E
The specified password is not correct
for the Java keystore.
Explanation: The password that was specified is not
correct for the Java keystore.
Administrator response: Verify that the specified
password is correct for the specified Java keystore.
CBACE0819E
The specified Java keystore could not
be found.
Explanation: The Java keystore that was specified is
either incorrect or does not exist.
Administrator response: Verify that the specified Java
keystore is correct.
CBACE0820E
An unexpected exception occurred
while contacting the service to validate
security properties.
Explanation: An unexpected exception occurred while
contacting the service to validate security properties.
Administrator response: Analyze the caused by
exception for more details.
CBACE0821E
Could not establish an SSL connection
with the server because the server
requires client side certificate
authentication and an appropriate
keystore was not provided.
Explanation: The server communicated that it does
not recognize the provided keystore as a client
certificate it accepts.
CBACE0822E • CBACE0884E
Administrator response: Verify that the correct Java
keystore was specified and that the server was
configured correctly.
CBACE0822E
CBACE0877E
Could not establish an SSL connection
with the server because the server's
public certificate is not in the specified
truststore.
Explanation: The server's public certificate must be in
the specified truststore in order to establish an SSL
connection with the server.
Administrator response: Verify that the correct Java
truststore was specified and verify that the server's
public certificate has been added.
Explanation: The server's public certificate must be in
the specified truststore in order to establish an SSL
connection with the server.
Administrator response: Verify that the correct Java
truststore was specified and verify that the server's
public certificate has been added.
CBACE0823E
CBACE0878E
The user name provided to the server
is not authorized to access the requested
resource.
Explanation: The user name provided to the server
must be authorized to access the requested resource.
Explanation: The server communicated that it does
not recognize the provided keystore as a client
certificate it accepts.
CBACE0879E
An incorrect user name, password, or
both was provided to the server for
basic authentication.
Administrator response: Analyze the caused by
exception for more details.
Administrator response: Verify that a user name and
password are configured and that they are correct for
the server being accessed.
CBACE0880E
An incorrect user name, password, or
both was provided to the server for
basic authentication.
Administrator response: Verify that the specified Java
keystore is correct.
Administrator response: Verify that a user name and
password are configured and that they are correct for
the server being accessed.
CBACE0881E
The user name provided to the server
is not authorized to access the requested
resource.
Explanation: The user name provided to the server
must be authorized to access the requested resource.
Administrator response: Verify that the user name
that is configured is correct and that the permissions
for this user are configured at the Web service.
The specified Java keystore could not
be found.
Explanation: The Java keystore that was specified is
either incorrect or does not exist.
Explanation: A correct user name and password must
be provided to the server for basic authentication.
CBACE0876E
An unexpected exception occurred
while contacting the service to validate
security properties.
Explanation: An unexpected exception occurred while
contacting the service to validate security properties.
Explanation: A correct user name and password must
be provided to the server for basic authentication.
CBACE0875E
Could not establish an SSL connection
with the server because the server
requires client side certificate
authentication and an appropriate
keystore was not provided.
Administrator response: Verify that the correct Java
keystore was specified and that the server was
configured correctly.
Administrator response: Verify that the user name
that is configured is correct and that the permissions
for this user are configured at the Web service.
CBACE0824E
Could not establish an SSL connection
with the server because the server's
public certificate is not in the specified
truststore.
The specified password is not correct
for the Java keystore.
Explanation: The password that was specified is not
correct for the Java keystore.
Administrator response: Verify that the specified
password is correct for the specified Java keystore.
CBACE0884E
No service was listening on the
provided port. exceptionText
Explanation: Unable to connect to an application
server listening on the port specified in the Web service
endpoint.
Administrator response: Contact the server
Chapter 7. Common Auditing and Reporting Service messages
275
CBACE0885E • CBACON002E
administrator and make sure the server is running.
Verify that the provided endpoint for the application is
correct.
CBACE0885E
Both basic authentication and client
certificate authentication are specified in
the configuration. At most one is
allowed.
Explanation: Both basic authentication and client
certificate authentication are specified in the
configuration. At most one is allowed.
Administrator response: Modify the configuration
properties file to have at most one client authentication
mechanism.
CBACE0886E
An unknown error occurred while
communicating with the server.
exceptionText
Explanation: An unknown error was generated while
communicating with the server.
Administrator response: Analyze the exception text
for more details.
CBACE0887E
An error occurred on the server.
exceptionText
Explanation: This is not a client-side problem. The
server had a problem while processing the request.
Administrator response: Notify the server
administrator that the server is experiencing problems.
CBACE0888E
The Web service communicated that it
had a problem with the message sent.
exceptionText
Explanation: The server communicated that it had a
problem with the request sent.
Administrator response: Verify that the events being
sent to the server are of the proper format.
CBACE0889E
The application server is listening, but
the URL mapping to the Web service is
incorrect. exceptionText
Explanation: Unable to contact the Web service at the
endpoint specified.
Administrator response: Verify the endpoint of the
Web service is correct in the configuration. Contact the
server administrator as the application may not be
running.
CBACE0890E
The AXIS client found a provided
event to be null.
Explanation: The AXIS client experienced an error
while processing the provided events because an event
was null.
Administrator response: Verify that the exploiter is
sending valid events.
CBACE0891E
The AXIS client experienced an error
during the processing of the provided
event. exceptionText
Explanation: The AXIS client experienced an error
while processing the provided events to be sent to the
Web service
Administrator response: Verify that the sent event is
valid. Check the logs for more detail.
CBACE0892E
An error occurred while sending
events to the Common Auditing and
Reporting Service server: The AXIS
fault is axisfault_string and the fault
detail is axisfault_detail.
Explanation: The AXIS function failed.
Administrator response: The error message from the
call is included. Inspect this message to obtain more
specific information about the error condition.
CBACON001E An internal error occurred while
attempting to retrieve the Common
Audit Service configuration component.
The configuration component was not
found in the connected WebSphere
Application Server.
Explanation: The name of the MBean was badly
formed; consequently the Common Audit Service
Console could not find the
CommonAuditServiceConfiguration MBean in the
connected WebSphere Application Server.
Administrator response: Ensure that the
CommonAuditServiceConfiguration MBean is correctly
deployed and running in the target WebSphere
Application Server. The MBean name might have been
incorrectly formatted.
CBACON002E The Common Audit Service
configuration component was not found
in the connected WebSphere
Application Server. Check whether the
Common Audit Service configuration
component is deployed and running
into the WebSphere Application Server.
Explanation: The configuration component
(CommonAuditServiceConfiguration MBean)
communicates with the Common Audit Serivce Console
276
Version 7.0: Error Message Reference
CBACON003E • CBACON008E
to set and update Common Audit Service configuration
settings. This MBean was not found in the connected
WebSphere Application Server.
Administrator response: Ensure that the
CommonAuditServiceConfiguration MBean is
deployed, running, and available in the connected
WebSphere Application Server. You can run the
wsadmin command from the command line of the
system where the target WebSphere Application Server
is running to determine if the MBean is deployed:
wsadmin>$AdminControl queryNames
WebSphere:*,type=CarsConfig If the MBean is present,
the fully qualified ObjectName of the MBean is
returned; otherwise nothing is returned.
Explanation: A PageException error with an unknown
cause was received while attempting to retrieve the
Common Audit Service Console wizard page from the
Web Component Library (WCL) page manager.
Administrator response: Check the WebSphere
Application Server log files to determine the cause of
the error, then try the operation again. If the problem
persists, contact IBM software support to resolve this
issue.
CBACON003E A WebSphere Application Server
configuration target object was not
selected. Select a target object from the
WebSphere Target drop-down list that is
displayed on the WebSphere Target
Mapping panel.
Explanation: A WebSphere configuration target must
be selected to configure the Common Audit Service
server. If no target objects are listed, the
CommonAuditServiceConfiguration MBean might not
have returned the list of WebSphere configuration
target objects that are available in the connected
WebSphere Application Server process. A null or empty
list can result if you do not provide correct WebSphere
Administrative user credentials in the WebSphere
Security panel of the Common Audit Service Console.
Administrator response: Confirm that the MBean did
not return null or an empty list of WebSphere
Application Server configuration target names. Ensure
that you have provided the correct user credentials,
then try the operation again.
CBACON004E The Common Audit Service Console
received a WebSphere configuration
target object from the Common Audit
Service configuration component that is
not valid. Ensure that the selected
WebSphere configuration target object
exists in the connected WebSphere
Application Server or Deployment
Manager process.
Explanation: The target object received from the
WebSphere Application Server process cannot be used.
Administrator response: Determine if the selected
WebSphere cluster or server is present and running in
the connected WebSphere Application Server, then try
the operation again.
CBACON005E An error occurred while attempting
to display a page in the Common Audit
Service Console configuration wizard.
CBACON006E A record of the last configured Audit
Database was received from the
Common Audit Service configuration
component that is not valid.
Explanation: This exception might have occurred
because the $CARS_HOME/server/etc/
carsconfig.status and $CARS_HOME/server/etc/
carsdb.properties files, which are related to the
configuration status of the Audit Database, were
corrupted.
Administrator response: Try the operation again. If
the problem persists, contact IBM software support to
resolve the problem.
CBACON007W A JDBC handle that is not valid was
received from the Common Audit
Service configuration component.
Explanation: This warning might have occurred
because the JDBC resources were not configured
correctly in the selected WebSphere configuration target
object.
Administrator response: Verify that Common Audit
Service JDBC resources are properly configured in the
selected WebSphere configuration target. If the JDBC
resources are not present, configure them manually or
use the Common Audit Service Console. For
information on manual configuration, refer to the
Auditing Guide provided with your product.
CBACON008E A value that is not valid was entered
into field {0}. A value of type {1} was
expected. Enter a valid value and try the
operation again.
Explanation: The specified value does not meet the
requirements for this field.
Administrator response: Change the value to a valid
type, then try the operation again.
Chapter 7. Common Auditing and Reporting Service messages
277
CBACON009E • CBACON017E
CBACON009E The value specified in the {0} field
must be {1} digits long. Enter a valid
value and try the operation again.
CBACON014E An internal error occurred while
invoking the {0} method of the Common
Audit Service configuration component.
Explanation: The specified value does not meet the
requirements for this field.
Explanation: This error should not occur. The
configuration component
(CommonAuditServiceManagement MBean) might not
have been running when the error occurred.
Administrator response: Change the value to the
expected length, and try the operation again.
CBACON011E An exception was received from the
Common Audit Service configuration
component : {0}
Explanation: The Common Audit Service
configuration component on the target server could not
process the specified information, and returned an
error.
Administrator response: Use the text specified in the
error message to correct the error, then try the
operation again. If the problem persists, check the
WebSphere Application Server log files for more
information.
CBACON012E The Common Audit Service
configuration component does not exist
in the selected WebSphere configuration
target. The Common Audit Service
configuration component must be
installed and running in the connected
WebSphere Application Server process.
Explanation: The configuration component
(CommonAuditServiceConfiguration MBean)
communicates with the console to set and update
Common Audit Service configuration settings. This
MBean was not found in the selected WebSphere
Application Server configuration target object. The
CommonAuditServiceConfiguration MBean might not
be installed correctly, or it might not be running.
Administrator response: Ensure that the
CommonAuditServiceConfiguration MBean is
deployed, running, and available in the connected
WebSphere Application Server. You can run the
wsadmin command from the command line of the
system where the target WebSphere Application Server
is running to determine if the MBean is deployed:
wsadmin>AdminControl queryNames
WebSphere:*,type=CarsConfig If the MBean is present,
the fully qualified ObjectName of the MBean is
returned; otherwise nothing is returned.
CBACON013E {0}
Explanation: An MBean exception occurred from an
unkonwn source.
Administrator response: Check the System.out log file
of the connected WebSphere Application Server to
determine the cause of the failure.
278
Version 7.0: Error Message Reference
Administrator response: Ensure that the
CommonAuditServiceConfiguration MBean is installed
correcty and running, then try the operation again. If
the error occurs again, check the log files to determine
the cause of the error. If the problem persists, contact
IBM software support.
CBACON015E The Common Audit Service Console
failed to connect to the specified
WebSphere Application Server process.
The error that was received is: {0}
Explanation: The WebSphere Application Server that
is pointed to by the JMX host and port values might
not be running; or the host name, port number, or both
could be specified incorrectly in the Common Audit
Service Host panel of the Console.
Administrator response: Ensure that the target
WebSphere Application Server is running, and ensure
that the correct host name and SOAP port number are
specified in the Common Audit Service Host panel of
the Common Audit Service Console, then try the
operation again.
CBACON016E An attempt to connect to the
WebSphere Application Server process
failed. The following error was
returned: {0}
Explanation: This error can result while attempting to
connect to the WebSphere Application server process if
the wrong user name, password, or both, are specified
on the WebSphere Security panel of the Common Audit
Service Console.
Administrator response: Ensure that you are
specifying the correct user name and password, and
ensure that the destination WebSphere Application
Server process is running, then try the operation again.
CBACON017E A valid configuration target was not
found in the connected Webpshere
Application Server process.
Explanation: The connected WebSphere Application
Server process might not contain a valid configuration
target, or the CommonAuditServiceConfiguration
MBean running in the connected WebSphere
Application Server process might have failed to return
to the console the list of available configuration targets.
Administrator response: Ensure that the configuration
target is present in the connected WebSphere
CBACON018E • CBAIN0200E
Application Server, and that the list of available
configuration targets is returned to the console for
selection. Try the operation again.
CBAIN0110E Prerequisite detection has not found an
installation of IBM WebSphere
Application Server. The feature selected
for installation requires IBM WebSphere
Application Server Version 7.0 or higher.
Install the required version and run the
installation again.
CBACON018E The name of the database specified
in the {0} field must be between {1} and
{2} characters long. Enter a valid value
and try the operation again.
Explanation: The target machine does not IBM
WebSphere Application Server installed.
Explanation: The specified value does not meet the
requirements for this field.
Administrator response: Install the required minimum
level of IBM WebSphere Application Server and run the
Common Audit Service installation again. Consult the
product documentation for more information regarding
the software requirements.
Administrator response: Change the value to the
expected length, and try the operation again.
CBACON019E The JDBC connection setup failed
because the previous attempt to create
the Audit Database failed.
CBAIN0120E Prerequisite detection has not found an
installation of IBM DB2. The feature
selected for installation requires either
the IBM DB2 Server or the IBM DB2
Client to operate. The versions allowed
are Version 9.7 and higher. You must
install an allowable version of the IBM
DB2 product either now or before
attempting to use the selected product
feature.
Explanation: The Audit Database JDBC connector was
not created because the creation of the Audit Database
was not successful. The JDBC connector cannot be
created until the Audit Database is created successfully.
Administrator response: Ensure that the correct
values are specified for for the creation of the Audit
Database in the Audit Database panel. The JDBC
connector can then be created successfully.
CBACON020E The {0} field requires a value. Enter a
valid value and try the operation again.
Explanation: The specified field is either empty or
contains a value that is not valid. A value must be
specified to continue.
Administrator response: Enter a valid value in the
specified field, and try the operation again.
CBACON022E The value specified in the {0} field
must be at least {1} digits long, but not
greater than {2} digits long. Enter a valid
value and try the operation again.
Explanation: The specified value does not meet the
requirements for this field.
Explanation: The target machine does not have either
an IBM DB2 Server or IBM DB2 Client installed.
Administrator response: Install the required minimum
level of IBM DB2 Server or Client before attempting to
configure the Audit Service. Consult the product
documentation for more information regarding the
software requirements.
CBAIN0130E Prerequisite detection has found an
installation of either IBM DB2 Server or
Client but it is not a correct version. The
versions allowed are Version 9.7 and
higher. You must install an allowable
version of the IBM DB2 product either
now or before attempting to use the
selected product feature.
Administrator response: Change the value to the
expected length, and try the operation again.
Explanation: The target machine does not have a
correct version of either an IBM DB2 Server or IBM
DB2 Client installed.
CBACON023E The Database Instance Owner
Password field requires a value. Enter a
valid value and try the operation again.
Administrator response: Install the required minimum
level of IBM DB2 Server or Client before attempting to
configure the Audit Service. Consult the product
documentation for more information regarding the
software requirements.
Explanation: The specified field is either empty or
contains a value that is not valid. A value must be
specified to continue.
Administrator response: Enter a valid value in the
specified field, and try the operation again.
CBAIN0200E The Common Audit Service installation
failed. An installation rollback has been
attempted.
Explanation: The Common Audit Service installation
Chapter 7. Common Auditing and Reporting Service messages
279
CBAIN0204E • CBAIN0335E
failed and the system was returned to its preinstall
state.
Administrator response: Check the log file for details.
Consult the product documentation for more
information regarding problem determination.
CBAIN0204E The Common Audit Service
uninstallation failed.
Explanation: The Common Audit Service Server
uninstallation failed.
Administrator response: Check the log file for details.
Consult the product documentation for more
information regarding problem determination.
CBAIN0206E Check the version log. Run the
uninstallation again.
Explanation: An error occurred during the
uninstallation of the Common Audit Service.
Administrator response: Check the log file for details.
Consult the product documentation for more
information regarding problem determination.
CBAIN0221E Please enter a value for version.
Explanation: An attempt to continue the installation
was made without providing input for a required user
input field.
Administrator response: Provide input for the user
input field and continue the installation. Consult the
product documentation for more information regarding
required information during the installation.
CBAIN0227E Prerequisite detection has not found an
installation of IBM WebSphere
Application Server. Install the required
version and run the installation again.
Explanation: The target machine does not IBM
WebSphere Application Server installed.
Administrator response: Install the required minimum
level of IBM WebSphere Application Server and run the
Common Audit Service installation again. Consult the
product documentation for more information regarding
the software requirements.
CBAIN0235E Please enter a value for:
CBAIN0207E Check the version log.
Explanation: An error occurred during the installation
of the Common Audit Service.
Administrator response: Check the log file for details.
Consult the product documentation for more
information regarding problem determination.
Explanation: An attempt to continue the installation
was made without providing input for a required user
input field.
Administrator response: Provide input for the user
input field and continue the installation. Consult the
product documentation for more information regarding
required information during the installation.
CBAIN0216E Prerequisite detection has not found an
installation of IBM WebSphere
Application Server. The feature selected
for installation requires IBM WebSphere
Application Server Version version. If the
IBM WebSphere Application Server is
actually installed then continue the
installation and enter the correct
installation path when requested.
Otherwise cancel the installation, install
the required software and run the
installation again.
CBAIN0335E The Common Audit Service is already
configured on this profile. The Common
Audit Service must be installed on a
different directory path to configure
against this profile. Use the Back button
to select a different path and continue.
Explanation: The install could not locate an installed
IBM WebSphere Application Server.
Administrator response: Verify that Common audit
Service is already installed against the correct profile. If
not then uninstall the Common Audit Service and
reinstall against this profile. Consult product
documentation for more information regarding the
undeployment of IBM Tivoli Common Audit Service
configuration management items before continuing
with this uninstallation.
Administrator response: Install the required minimum
level of IBM WebSphere Application Server and run the
Common Audit Service installation again. Consult the
product documentation for more information regarding
the software requirements.
280
Version 7.0: Error Message Reference
Explanation: This installation of the Common Audit
Service is already configured to a WebSphere
Application Server profile. You must install the
Common Audit Service on a different path to install
against another profile.
CBAIN0336E • CBAIN0342E
Application Server profile is correctly installed,
configured and running correctly. Consult product
documentation for more information regarding the
deployment of IBM Tivoli Common Audit Service
configuration management items before continuing
with this installation.
CBAIN0336E Configuration Management items
cannot be deployed or undeployed.
Before continuing with the Common
Audit Service deployment: Check that
you do not have another installation of
the Common Audit Service on your
machine. You may have already
deployed the Configuration
Management items form this other
installation. In this case you must
undeploy the Common audit service
from the selected profile using the
installer in the other installation.
CBAIN0339E Please enter a value for the WebSphere
profile directory.
Explanation: The WebSphere profile directory field is
empty
Administrator response: Provide a valid WebSphere
profile directory path and continue the installation.
Consult the product documentation for more
information regarding required information during the
installation.
Explanation: The Common Audit Service
configuration management items can only be deployed
once for a WebSphere Application Server profile. The
Common audit service can be installed multiple times
on a host machine but can only be configured once
against each profile.
CBAIN0340E Please enter a valid directory as a
WebSphere profile directory.
Administrator response: Verify the Common Audit
Service configuration management items are
undeployed from the profile. Consult product
documentation for more information regarding the
undeployment of IBM Tivoli Common Audit Service
configuration management items before continuing
with this installation.
Explanation: The WebSphere profile directory field
value is not a valid directory.
CBAIN0337E The Configuration items were not
undeployed correctly. Before continuing
with the Common Audit Service
undeployment: Check the configuration
log for error conditions. Check that the
WebSphere Application Server profile
you select is valid and running correctly.
Explanation: Undeployment may fail for a WebSphere
Application Server profile if the profile is not
configured correctly.
CBAIN0341E Please enter a valid WebSphere profile
path. Either a valid cell or WebSphere
install path could not be found for this
profile.
Explanation: The setupCmdLine script for this profile
was not found or was invalid. The WAS_HOME and
WAS_CELL variables were not found.
Administrator response: Provide a valid WebSphere
profile directory path and continue the installation.
Consult the product documentation for more
information regarding required information during the
installation.
Administrator response: Verify the WebSphere
Application Server profile is correctly installed,
configured and running correctly. Consult product
documentation for more information regarding the
undeployment of IBM Tivoli Common Audit Service
configuration management items before continuing
with this installation.
CBAIN0338E The Configuration items were not
deployed correctly. Before continuing
with the Common Audit Service
deployment: Check the configuration
log for error conditions. Check that the
WebSphere Application Server profile
you select is valid and running correctly.
Explanation: Deployment may fail for a WebSphere
Application Server profile if the profile is not
configured correctly.
Administrator response: Provide a valid WebSphere
profile directory path and continue the installation.
Consult the product documentation for more
information regarding required information during the
installation.
CBAIN0342E Please enter a valid WebSphere profile
path. The WebSphere edition and
version could not be determined for this
profile.
Explanation: The WAS_HOME/properties/version/
WAS.product file was not found or was invalid.
WebSphere version information is contained in this file
Administrator response: Check the WebSphere
installation related to this profile still exists and
continue the installation. Consult the product
documentation for more information regarding required
information during the installation.
Administrator response: Verify the WebSphere
Chapter 7. Common Auditing and Reporting Service messages
281
CBAIN0343E • CBAIN0351E
CBAIN0343E Please enter a valid WebSphere profile
path. Only the WebSphere Base edition
or the WebSphere Network Deployment
edition are supported.
Explanation: The id attribute in the WAS.product file
did not contain either BASE or ND.
Administrator response: Install and configure the
correct WebSphere edition and continue this
installation. Consult the product documentation for
more information regarding prerequisite products.
CBAIN0344E Please enter a valid WebSphere profile
path. WebSphere version 7.0 or higher is
a prerequisite for Common Audit
Service 7.0.
Explanation: The version attribute in the WAS.product
file was not of the form 7.0.x.x.
Administrator response: Install and configure the
correct WebSphere version and continue this
installation. Consult the product documentation for
more information regarding prerequisite products.
CBAIN0345E Please enter a valid WebSphere profile
path. The type of profile could not be
determined.
Explanation: The WAS_PROFILE/properties/version/
profile.version file was not found or the id attribute in
it was not found.
Administrator response: Check that the profile has
been configured correctly, especially the port
allocations. Consult the product documentation for
more information regarding required information
during the installation.
CBAIN0348E A connection could not be made with
the deployment manager or stand-alone
server in this profile. Ensure the
deployment manager or stand-alone
server is running.
Explanation: The installer uses the SOAP protocol to
communicate with WebSphere services. For SOAP to
work the corresponding server must be running.
Administrator response: Issue the startManager or
startServer servername command as appropriate.
Consult the product documentation for more
information regarding required information during the
installation.
CBAIN0349E An attempt to communicate with the
WebSphere server failed due to an
internal fault. Check the profile is
configured correctly and the server is
running.
Explanation: The connection attempt failed due to the
AdminClient object not being created correctly. This is
most likely because the WebSphere class jars were not
correctly loaded or were corrupt.
Administrator response: Check the WebSphere profile
is complete and continue this installation. Consult the
product documentation for more information regarding
required information during the installation.
Administrator response: Check that the value of the
WAS_HOME property in the setupCmdLine script
identifies a valid WAS installation. Consult the product
documentation for more information regarding required
information during the installation.
CBAIN0346E Please enter a valid WebSphere profile
path. A managed node profile is not
valid.
CBAIN0350E Please enter a value for the WebSphere
Administrator user name.
Explanation: The id attribute in the
WAS_PROFILE/properties/version/profil