IBM 2.2.0 Security zSecure Messages Guide
Security zSecure 2.2.0 is a collection of security, monitoring, auditing, and alerting products used on both the z/OS and z/VM platforms. zSecure Admin provides a user-friendly interface on top of RACF for security administration, user management, and compliance management. zSecure Audit allows you to automatically analyze and report on security events and detect security exposures. zSecure Alert is a real-time security event monitor, issuing alerts for security-related system events as they occur.
Advertisement
Advertisement
Security zSecure
Version 2.2.0
Messages Guide
IBM
SC27-5643-02
Security zSecure
Version 2.2.0
Messages Guide
IBM
SC27-5643-02
Note
November 2015
This edition applies to version 2, release 2, modification 0 of IBM Security zSecure products and to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 1998, 2015.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
About this publication . . . . . . ..
Obtain licensed documentation .
IBM Security zSecure Suite library .
IBM Security zSecure Manager for RACF z/VM library .
Statement of Good Security Practices .
Chapter 1. Introduction . . . . . . ..
Overview of the zSecure products .
Chapter 2. CKF Messages . . . . . ..
Chapter 3. CKG messages . . . . ..
Chapter 4. CKN messages . . . . ..
Chapter 5. CKR messages . . . . ..
© Copyright IBM Corp. 1998, 2015
Chapter 6. CKV messages . . . . ..
Chapter 7. CKX messages . . . . ..
Chapter 8. CQT messages . . . . ..
Chapter 9. C2P messages . . . . ..
Messages from 0 to 999 (zSecure started task) ..
Messages from 1000 to 1999 (Predefined RACF alerts) .
Messages from 2000 to 2999 (Predefined ACF2 alerts) .
Messages from 4000 to 6999 (Installation defined alerts) .
iii
Chapter 10. C2R messages . . . ..
Chapter 11. C2RU messages . . . ..
Chapter 12. C2RW messages . . ..
Chapter 13. C2X messages . . . ..
Chapter 14. C4R messages . . . ..
Chapter 15. BB messages . . . . ..
Chapter 16. B8R messages . . . ..
Chapter 17. ICH and IRR messages 471
Chapter 18. Other error messages ..
Appendix. Support for problem solving . . . . . . . . . . . . ..
Available technical resources .
Searching with support tools .
Registering with IBM Software Support .
Receiving weekly support updates .
Contacting IBM Software Support .
Determining the business impact .
Describing problems and gathering information 478
Notices . . . . . . . . . . . . ..
Index . . . . . . . . . . . . . ..
iv
Messages Guide
About this publication
This guide contains the messages and return codes that you might receive when using the IBM
®
Security zSecure
™
2.2.0 products. It provides explanations for these messages and errors. The information in this guide that applies to zSecure
Manager for RACF
® z/VM
® applies to version 1.11.2 of that product.
The guide includes the following information: v An introduction to the zSecure products and a description of what each product does v
Lists of the messages and errors and their severity levels v An explanation for each individual message v Support information
This guide is intended for the system administrators who are responsible for managing and troubleshooting the zSecure products. Readers must be familiar with the zSecure product concepts and commands.
zSecure documentation
The IBM Security zSecure Suite and IBM Security zSecure Manager for RACF z/VM libraries consist of unlicensed and licensed publications. This section lists both libraries and instructions to access them.
Unlicensed zSecure publications are available at the IBM Knowledge Center for
IBM Security zSecure Suite or IBM Security zSecure Manager for RACF z/VM. The
IBM Knowledge Center is the home for IBM product documentation. You can customize IBM Knowledge Center, create your own collection of documents to design the experience that you want with the technology, products, and versions that you use. You can also interact with IBM and with your colleagues by adding comments to topics and by sharing through email, LinkedIn, or Twitter. For
instructions to obtain the licensed publications, see “Obtain licensed documentation.”
IBM Knowledge Center for product
IBM Security zSecure Suite
IBM Security zSecure Manager for RACF z/VM
URL
http://www.ibm.com/support/ knowledgecenter/SS2RWS/welcome http://www.ibm.com/support/ knowledgecenter/SSQQGJ/welcome
The IBM Terminology website consolidates terminology for product libraries in one location.
Obtain licensed documentation
All licensed and unlicensed publications for IBM Security zSecure Suite 2.2.0 and
IBM Security zSecure Manager for RACF z/VM 1.11.2, except the Program
Directories, are included on the IBM Security zSecure Documentation CD, LCD7-5373.
Instructions for downloading the disk image (.iso) file for the zSecure
Documentation CD directly are included with the product materials.
© Copyright IBM Corp. 1998, 2015
v
To obtain an extra copy of the .iso file of the Documentation CD or PDF files of individual publications, complete the following steps:
1.
Go to the IBM Publications Center.
2.
Select your country or region and click the Go icon.
3.
On the Welcome to the IBM Publications Center web page, click Customer
Support
in the left navigation menu.
4.
Complete the support form with the following information: your contact details, your customer number, and the numbers of the licensed publications you want to order.
5.
Click Submit to send the form. The form is forwarded to an IBM Publications
Center Customer Support representative who sends you details to fulfill your order.
Alternatively, you can send an email to [email protected] requesting access to the
.iso
file of the zSecure Documentation CD. Include your company's IBM customer number and your preferred contact information. You will receive details to fulfill your order.
IBM Security zSecure Suite library
The IBM Security zSecure Suite library consists of unlicensed and licensed publications.
Unlicensed publications are available at the IBM Knowledge Center for IBM
Security zSecure Suite. Licensed publications have a form number that starts with
L; for example, LCD7-5373.
The IBM Security zSecure Suite library consists of the following publications: v About This Release includes release-specific information as well as some more general information that is not zSecure-specific. The release-specific information includes the following:
– What's new: Lists the new features and enhancements in zSecure V2.2.0.
– Release notes: For each product release, the release notes provide important installation information, incompatibility warnings, limitations, and known problems for the IBM Security zSecure products.
– Documentation: Lists and briefly describes the zSecure Suite and zSecure
Manager for RACF z/VM libraries and includes instructions for obtaining the licensed publications.
v
IBM Security zSecure CARLa-Driven Components Installation and Deployment Guide,
SC27-5638
Provides information about installing and configuring the following IBM
Security zSecure components:
– IBM Security zSecure Admin
– IBM Security zSecure Audit for RACF, CA-ACF2, and CA-Top Secret
– IBM Security zSecure Alert for RACF and ACF2
– IBM Security zSecure Visual
– IBM Security zSecure Adapters for QRadar SIEM for RACF, CA-ACF2, and
CA-Top Secret v
IBM Security zSecure Admin and Audit for RACF Getting Started, GI13-2324
Provides a hands-on guide introducing IBM Security zSecure Admin and IBM
Security zSecure Audit product features and user instructions for performing standard tasks and procedures. This manual is intended to help new users
vi
Messages Guide
develop both a working knowledge of the basic IBM Security zSecure Admin and Audit for RACF system functionality and the ability to explore the other product features that are available.
v IBM Security zSecure Admin and Audit for RACF User Reference Manual, LC27-5639
Describes the product features for IBM Security zSecure Admin and IBM
Security zSecure Audit. Includes user instructions to run the admin and audit features from ISPF panels. This manual also provides troubleshooting resources and instructions for installing the zSecure Collect for z/OS
® component. This publication is available to licensed users only.
v
IBM Security zSecure Admin and Audit for RACF Line Commands and Primary
Commands Summary, SC27-6581
Lists the line commands and primary (ISPF) commands with very brief explanations.
v IBM Security zSecure Audit for ACF2 Getting Started, GI13-2325
Describes the IBM Security zSecure Audit for ACF2 product features and provides user instructions for performing standard tasks and procedures such as analyzing Logon IDs, Rules, Global System Options, and running reports. The manual also includes a list of common terms for those not familiar with ACF2 terminology.
v IBM Security zSecure Audit for ACF2 User Reference Manual, LC27-5640
Explains how to use IBM Security zSecure Audit for ACF2 for mainframe security and monitoring. For new users, the guide provides an overview and conceptual information about using ACF2 and accessing functionality from the
ISPF panels. For advanced users, the manual provides detailed reference information, troubleshooting tips, information about using zSecure Collect for z/OS, and details about user interface setup. This publication is available to licensed users only.
v IBM Security zSecure Audit for Top Secret User Reference Manual, LC27-5641
Describes the IBM Security zSecure Audit for Top Secret product features and provides user instructions for performing standard tasks and procedures. This publication is available to licensed users only.
v IBM Security zSecure CARLa Command Reference, LC27-6533
Provides both general and advanced user reference information about the
CARLa Auditing and Reporting Language (CARLa). CARLa is a programming language that is used to create security administrative and audit reports with zSecure. The CARLa Command Reference also provides detailed information about the NEWLIST types and fields for selecting data and creating zSecure reports.
This publication is available to licensed users only.
v IBM Security zSecure Alert User Reference Manual, SC27-5642
Explains how to configure, use, and troubleshoot IBM Security zSecure Alert, a real-time monitor for z/OS systems protected with the Security Server (RACF) or CA-ACF2.
v IBM Security zSecure Command Verifier User Guide, SC27-5648
Explains how to install and use IBM Security zSecure Command Verifier to protect RACF mainframe security by enforcing RACF policies as RACF commands are entered.
v
IBM Security zSecure CICS Toolkit User Guide, SC27-5649
Explains how to install and use IBM Security zSecure CICS
®
Toolkit to provide
RACF administration capabilities from the CICS environment.
v IBM Security zSecure Messages Guide, SC27-5643
About this publication
vii
Provides a message reference for all IBM Security zSecure components. This guide describes the message types associated with each product or feature, and lists all IBM Security zSecure product messages and errors along with their severity levels sorted by message type. This guide also provides an explanation and any additional support information for each message.
v IBM Security zSecure Visual Client Manual, SC27-5647
Explains how to set up and use the IBM Security zSecure Visual Client to perform RACF administrative tasks from the Windows-based GUI.
v IBM Security zSecure Documentation CD, LCD7-5373
Supplies the IBM Security zSecure documentation, which contains the licensed and unlicensed product documentation. The IBM Security zSecure: Documentation
CD is available to licensed users only.
Program directories are provided with the product tapes. You can also download the latest copies from the IBM Knowledge Center for IBM Security zSecure Suite.
v Program Directory: IBM Security zSecure CARLa-Driven Components, GI13-2277
This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of IBM Security zSecure
CARLa-Driven Components: Admin, Audit, Visual, Alert, and the IBM Security zSecure Adapters for QRadar SIEM.
v Program Directory: IBM Security zSecure CICS Toolkit, GI13-2282
This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of IBM Security zSecure
CICS Toolkit.
v Program Directory: IBM Security zSecure Command Verifier, GI13-2284
This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of IBM Security zSecure
Command Verifier.
v Program Directory: IBM Security zSecure Admin RACF-Offline, GI13-2278
This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of the IBM Security zSecure Admin RACF-Offline component of IBM Security zSecure Admin.
IBM Security zSecure Manager for RACF z/VM library
The IBM Security zSecure Manager for RACF z/VM library consists of unlicensed and licensed publications.
Unlicensed publications are available at the IBM Knowledge Center for IBM
Security zSecure Manager for RACF z/VM. Licensed publications have a form number that starts with L; for example, LCD7-5373.
The IBM Security zSecure Manager for RACF z/VM library consists of the following publications: v
IBM Security zSecure Manager for RACF z/VM Release Information
For each product release, the Release Information topics provide information about new features and enhancements, incompatibility warnings, and documentation update information. You can obtain the most current version of
viii
Messages Guide
the release information from the zSecure for z/VM documentation website at the
IBM Knowledge Center for IBM Security zSecure Manager for RACF z/VM.
v
IBM Security zSecure Manager for RACF z/VM: Installation and Deployment Guide,
SC27-4363
Provides information about installing, configuring, and deploying the product.
v
IBM Security zSecure Manager for RACF z/VM User Reference Manual, LC27-4364
Describes how to use the product interface and the RACF administration and audit functions. The manual provides reference information for the CARLa command language and the SELECT/LIST fields. It also provides troubleshooting resources and instructions for using the zSecure Collect component. This publication is available to licensed users only.
v IBM Security zSecure CARLa Command Reference, LC27-6533
Provides both general and advanced user reference information about the
CARLa Auditing and Reporting Language (CARLa). CARLa is a programming language that is used to create security administrative and audit reports with zSecure. The zSecure CARLa Command Reference also provides detailed information about the NEWLIST types and fields for selecting data and creating zSecure reports. This publication is available to licensed users only.
v IBM Security zSecure Documentation CD, LCD7-5373
Supplies the IBM Security zSecure Manager for RACF z/VM documentation, which contains the licensed and unlicensed product documentation.
v
Program Directory for IBM Security zSecure Manager for RACF z/VM, GI11-7865
To use the information in this publication effectively, you must have some prerequisite knowledge that you can obtain from the program directory. The
Program Directory for IBM Security zSecure Manager for RACF z/VM is intended for the systems programmer responsible for installing, configuring, and deploying the product. It contains information about the materials and procedures associated with installing the software. The Program Directory is provided with the product tape. You can also download the latest copies from the IBM
Knowledge Center for IBM Security zSecure Manager for RACF z/VM.
Related documentation
If you are using IBM Security zSecure products in a RACF environment, you can find more information about RACF and the types of events that can be reported using zSecure Admin and Audit in several IBM manuals. For information about the RACF commands, and the implications of the various keywords, see the RACF
Command Language Reference and the RACF Security Administrator's Guide. You can find information about the various types of events that are recorded by RACF in the RACF Auditor's Guide. To access manuals in the z/OS online library, see http://www.ibm.com/systems/z/os/zos/bkserv/.
Table 1. z/OS manuals in z/OS online library
Manual Title
z/OS Security Server RACF Command Language Reference z/OS Security Server RACF Security Administrator's Guide z/OS Security Server RACF Auditor's Guide z/OS Security Server RACF System Programmer's Guide z/OS MVS System Commands z/OS Communications Server IP Configuration Reference z/Architecture
®
Principles of Operation
Order Number
SA23-2292
SA23-2289
SA23-2290
SA23-2287
SA23-2292
SC27-3651
SA22–7832
About this publication
ix
You can find more information about ACF2 and the types of events that can be reported using zSecure Audit for ACF2 in the CA-ACF2 documentation.
For information about Top Secret, see the CA-Top Secret for z/OS documentation.
For information about z/VM, see the IBM Knowledge Center at http://www.ibm.com/support/knowledgecenter/SSB27U/welcome. Also see http://www.vm.ibm.com/library for more information about z/VM.
Table 2. Further information about RACF administration, auditing, programming, and commands for z/VM
Manual
z/VM RACF Security Server Command Language Reference z/VM RACF Security Server Security Administrator's Guide z/VM RACF Security Server Auditor's Guide z/VM RACF Security Server System Programmer's Guide
ISPF Quick Start Guide for VM V2R3
Order Number
SC24-6213
SC24-6218
SC24-6212
SC24-6219
GI13-3554
For information about incompatibilities, see the Incompatibility section under
Release Information
on the documentation website for your product at: v For z/OS: http://www.ibm.com/support/knowledgecenter/SS2RWS_2.2.0/ com.ibm.zsecure.doc_2.2.0/welcome.html
v For z/VM: http://www.ibm.com/support/knowledgecenter/SSQQGJ_1.11.2/ com.ibm.zsecurevm.doc_1.11.2/welcome.html
Accessibility
Accessibility features help users with a physical disability, such as restricted mobility or limited vision, to use software products successfully. With this product, you can use assistive technologies to hear and navigate the interface. You can also use the keyboard instead of the mouse to operate all features of the graphical user interface.
Technical training
For technical training information, see the IBM Education website at http://www.ibm.com/training.
For hands-on exercises to help you understand the basics of the CARLa command language, see zSecure CARLa Training at https://www.ibm.com/developerworks/ community/wikis/home?lang=en#!/wiki/
Wa6857722838e_491e_9968_c8157c8cf491/page/zSecure%20CARLa%20Training.
Support information
IBM Support provides assistance with code-related problems and routine, short duration installation or usage questions. You can directly access the IBM Software
Support site at http://www.ibm.com/software/support/probsub.html.
x
Messages Guide
Statement of Good Security Practices
IT system security involves protecting systems and information through prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated, or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service, or security measure can be completely effective in preventing improper use or access. IBM systems, products, and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective. IBM DOES
NOT WARRANT THAT ANY SYSTEMS, PRODUCTS, OR SERVICES ARE
IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
About this publication
xi
xii
Messages Guide
Chapter 1. Introduction
The IBM Security zSecure suite is a collection of products that improve the efficiency and maintainability of the mainframe security environment. These products can be used alone or in conjunction with the other zSecure products. The main products are zSecure Admin and zSecure Audit. The IBM Security zSecure products provide security, monitoring, auditing and alerting functionality on both the z/OS and z/VM platforms.
zSecure messages are usually categorized by a three-character prefix to identify the associated programs or components. For example, the CKF prefix identifies messages issued by the zSecure Collect for z/OS component, and CKG messages are issued by the CKGRACF program. This guide is organized by message prefixes that are associated with their programs or components.
The following sections provide release information for zSecure 2.2.0 and zSecure
Manager for RACF z/VM1.11.2, an overview of the zSecure products, and the types of messages that can be generated.
Release information
The zSecure release information includes details on new features and enhancements, incompatibility warnings, and documentation update information.
You can find the latest versions of What's new and Release notes in About This
Release on the IBM Knowledge Center for IBM Security zSecure V2.2.0 at: http://www.ibm.com/support/knowledgecenter/SS2RWS_2.2.0/ com.ibm.zsecure.doc_2.2.0/welcome.html.
You can download the latest version of the release information for zSecure
Manager for RACF z/VM 1.11.2 at: http://www.ibm.com/support/ knowledgecenter/SSQQGJ_1.11.2/com.ibm.zsecurevm.doc_1.11.2/welcome.html.
Overview of the zSecure products
The IBM Security zSecure suite includes the following products.
zSecure Admin
Provides a user-friendly layer in the form of an ISPF interface on top of
RACF which enables security administration, user management and compliance management on the mainframe. It allows you to enter and process administrative commands more quickly, generate custom reports, and thoroughly clean up databases. Additionally, zSecure Admin provides administration authority in a more granular fashion so that users are only granted the specific amount of administration authority required for their job.
zSecure Audit
Compliance and audit solution that enables you to automatically analyze and report on security events and detect security exposures. It provides standard and customized reports that warn of policy exceptions or violations. This component is available for RACF, ACF2, and Top Secret.
© Copyright IBM Corp. 1998, 2015
1
zSecure Alert
Mainframe audit solution that enables you to detect and report security events and exposures on z/OS, DB2
®
, UNIX, RACF, ACF2, and Top Secret.
IBM Security zSecure Alert is a real-time monitor, issuing alerts for security-related system events at the time they occur.
zSecure Command Verifier
Mainframe policy enforcement solution adds granular controls for RACF to help prevent errors and noncompliant commands. This product runs in the background to verify your RACF commands against company policies and procedures. If the command does not comply with the policy, it is blocked or fixed. It can run independently from the other zSecure components.
zSecure Visual
zSecure Visual client is a Windows-based graphical user interface for RACF administration. Using the Visual Server product establishes a secure connection directly with RACF to enable decentralized administration from a Windows environment.
zSecure CICS Toolkit
This component enables you to do most RACF administration from a CICS environment instead of TSO.
zSecure Adapters for QRadar SIEM
This component enables you to collect mainframe security data and send it to the IBM Security QRadar
®
SIEM product to get an enterprise-wide view.
zSecure Manager for RACF z/VM
This product simplifies the process of managing mainframe security and enables you to quickly identify and fix problems in RACF on z/VM. It automates recurring and time-consuming security tasks.
zSecure message types
zSecure messages are categorized by an alphanumeric prefix. Each prefix refers to the zSecure product function which the messages in that category are associated with. The following table lists the available zSecure message prefixes, their related functions, and the products that can display these messages:
Table 3. zSecure product messages
Message
Prefix
CKF
CKG
CKN
Function
zSecure Collect for z/OS
(CKFCOLL)
CKGRACF program
IBM Security zSecure Admin,
IBM Security zSecure Audit,
IBM Security zSecure Alert,
IBM Security zSecure Adapters for QRadar SIEM
IBM Security zSecure Admin,
IBM Security zSecure Visual zSecure Server (network node)
Product
IBM Security zSecure Admin,
IBM Security zSecure Audit,
IBM Security zSecure Visual
Reference
Chapter 3, “CKG messages,” on page
Chapter 4, “CKN messages,” on page
2
Messages Guide
Table 3. zSecure product messages (continued)
Message
Prefix
CKR
CKV
Function
CKRCARLA program zSecure Collect for z/VM (CKVCOLL)
Product
IBM Security zSecure Admin,
IBM Security zSecure Audit,
IBM Security zSecure Visual,
IBM Security zSecure Alert,
IBM Security zSecure Manager for RACF z/VM, IBM Security zSecure Adapters for QRadar
SIEM
IBM Security zSecure Manager for RACF z/VM
CKX
CQT
C2P
TSO execution utility program CKX or zSecure Command
Execution Utility
Module CQTPMSGE IBM Security zSecure CICS
Toolkit
Reference
Chapter 5, “CKR messages,” on page
IBM Security zSecure Admin,
IBM Security zSecure Manager for RACF z/VM
Chapter 6, “CKV messages,” on page
Chapter 7, “CKX messages,” on page
Chapter 8, “CQT messages,” on page
Chapter 9, “C2P messages,” on page
C2R
C2RU zSecure Alert address space, Predefined RACF alert, Predefined ACF2 alert, Installation defined alert, or zSecure RACF
Access Monitor
IBM Security zSecure Alert or
IBM Security zSecure Admin
IBM Security zSecure NLS table processor
C2RIMENU, XSLT stylesheet, or the installation customization REXX exec C2REUPDR
User interface IBM Security zSecure Visual
Client
Chapter 10, “C2R messages,” on page
C2RW
C2X
C4R
BB
B8R
ICH and
IRR zSecure RACF Exit
Activator component
C2XACTV
BBRACF component
Security zSecure Admin
RACF-Offline functions
IBM Security zSecure Visual
Server
IBM Security zSecure Admin,
IBM Security zSecure Audit,
IBM Security zSecure Alert
IBM Security zSecure
Command Verifier
IBM Security zSecure Visual
IBM Security zSecure Admin
RACF
Chapter 11, “C2RU messages,” on page
Chapter 12, “C2RW messages,” on page
Chapter 13, “C2X messages,” on page
Chapter 14, “C4R messages,” on page
Chapter 15, “BB messages,” on page
Chapter 16, “B8R messages,” on page
Chapter 1. Introduction
3
4
Messages Guide
Table 3. zSecure product messages (continued)
Message
Prefix
C
Function Product
IBM Security zSecure Visual
Client
LC
EPR
Communication layer between the client user interface and the c2ragent component
Communication layer between the c2ragent component and the server. Found also in the log-files called cesys and ceaud in the directory:
ApplicationDirectory\
Servers\ServerName.
Files cesys0..cesys9 and ceaud..ceaud9 are previous log-files.
IBM Security zSecure Visual
Client
IBM Security zSecure Visual
Client
Reference
Chapter 18, “Other error messages,” on page 473
Chapter 18, “Other error messages,” on page 473
Chapter 18, “Other error messages,” on page 473
The following chapters of this guide provide a listing of each message prefix along with a detailed explanation and possible solutions.
Chapter 2. CKF Messages
zSecure Collect is a component of these products: v zSecure Admin v zSecure Audit v zSecure Alert v zSecure Adapters for QRadar SIEM v zSecure Manager for RACF z/VM zSecure Collect gathers system data and stores that data in CKFREEZE data sets. It issues messages with the CKF prefix for the z/OS products and the CKV prefix for the z/VM product. For example, if you are using zSecure Admin and Audit you might see message number of CKF970I. The same message issued by zSecure
Manager for RACF z/VM has the number CKV970I. zSecure Collect messages for all products are documented. zSecure Collect messages shared between the z/OS and z/VM platforms are documented in this section. zSecure Collect messages
specific to the z/VM product are documented in Chapter 6, “CKV messages,” on page 319.
Each message number has the form CKFnnnI or CKVnnnI where nnn is the message number. In addition to the message identifier, the program also issues a severity code. This code is derived from the program completion code that indicates the highest severity code encountered.
Note:
The return code from the program is normally set to the maximum value of the return codes from any messages. If NOWARNINGRC is coded, the 04 return code from the program is reset to 00.
12
16
24
The severity code can contain any of the following values:
00
Normal message, giving status or summary information.
04
08
Unusual condition found that may or may not result in missing information.
Unusual condition found that causes information that was requested to be missing. Subsequent processing may be impacted.
28
Unexpected condition during zSecure Collect processing.
Syntax error in command input or entitlement problem.
Internal error or other unexpected and unsupported condition in zSecure
Collect detected.
Internal error or other unexpected and unsupported condition in zSecure
Collect detected. A user abend will be issued to protect your system and force a dump.
In the rest of this section, all error messages are listed with an explanation and possible actions to take. Messages are included in subsections, grouped by the hundred message-numbers. To locate documentation for a specific message, search this documentation for the message number, CKF970I or CKV970I, for example.
Messages from 0 to 99
© Copyright IBM Corp. 1998, 2015
5
CKF000I • CKF007I
CKF000I Control block
name omitted, because of
reason
Explanation:
This message is issued if the program fails to find an OS control block. This is not necessarily a problem, rather it notes the absence of some information which might have been useful, but which may not be available in your OS version at all. The name of the control block is given by name, the control block ID. The exact nature of the failure is given by
reason, which may be:
invalid block ID
The control block ID is not found in its proper place.
protection exception
A protection exception occurred during the walk through the pointer chain leading to the control block.
invalid length
A protection exception occurred during access to the last-to-be-used byte of the control block.
nil pointer
The pointer to the control block was found to contain binary zeros.
This message may very well occur after conversion to a new release of the OS. The resulting CKFREEZE file may still be usable for your purposes.
Problems indicated with missing control block names include the following:
STGS
RMF
™ is not active
EDT
device type information not retrieved
IODN
LCU and device number table missing (also
RMF)
IOCH
Channel information missing (also RMF)
LPBT
Logical Path Block Table missing (SRM SP4)
RCVT
No RACF in system
SSVT
This may be seen if RMM is not active
Severity:
04
CKF001I
Explanation:
This message indicates that your OS could not give a generic unit name for the device on address dev, and the device type (given as 8 hex digits) is also not available in the hardcoded device table in zSecure Collect. The device class is devclass. This is not a problem; it just warns you to expect question marks in the unit name fields.
Severity:
04
No generic unit name for
devclass unit
dev devtype devtype
CKF002I LOCATE return code
rc on type data set
datasetname
Explanation:
This message indicates that the data set
datasetname (which is supposed to be a type data set) could not be found by the LOCATE service of MVS
™
.
The return code returned by the service is rc. The volume will be left blank or zero in the CKFREEZE file.
Severity:
04
CKF003I DEVTYPE RC nonzero for unit
dev
Explanation:
The DEVTYPE SVC used to collect information on unit dev returned a nonzero return code.
This may cause the device type record in the
CKFREEZE file to be unusable.
Severity:
04
CKF004I Closed PDSE
dev volume dsname read
decnum bytes in decnum members
Explanation:
This informational message indicates the amount of data read from the indicated PDSE. It is issued only if the INFO option was selected.
Severity:
00
CKF005I Please ignore CMD rejects
Explanation:
This message is displayed on the operator console to warn the operator that no action should be taken on the burst of IOS000I or IEA000I messages specifying a CMD reject on 3350 DASD devices. It is removed immediately after the program has finished processing the 3350 range of devices. It is displayed during authorized operation only.
CKF006I CVAFDIR
type error, R15=rc,
CVSTAT=
code on device dev volume
volume
Explanation:
During access to the VTOC index, the
CVAFDIR type (READ or RLSE) service returned a nonzero return code rc accompanied by CVAF return code code. See the appropriate IBM manual for the meaning of these codes. If the type of access was
READ, the VTOC was read completely without taking into account the used DSCB map in the VTOC index.
Severity:
12
CKF007I Task is not APF authorized - only non-protected information can be collected
Explanation:
This message alerts you to the fact that the program could not obtain authorization. For additional information, see the section Authorized or
unauthorized? in the zSecure Collect documentation
6
Messages Guide
CKF008I • CKF018I
available in the user reference manual for your zSecure product.
Severity:
00
CKF008I Number of DASD devices interrogated:
nn
Explanation:
This message gives the number of devices that have been allocated and interrogated.
Severity:
00
CKF009I Number of DSCB entries copied:
nn
Explanation:
This message gives the number of Data
Set Control Blocks copied from VTOCs to the
CKFREEZE file. It is somewhat larger than the number of data sets on the interrogated devices, because some extents are described in separate DSCBs for the same data set. Note that only used DSCBs are copied.
Severity:
00
CKF010I Number of VVDS datasets processed:
nn
Explanation:
This message gives the number of VVDS data sets for which an OPEN was attempted. Generally, this number is smaller than the number of DASD devices interrogated, because not every volume needs to have a VVDS.
Severity:
00
CKF011I Number of NVR/VVR entries copied:
nn
Explanation:
This messages gives the number of VVRs
(VSAM volume records) and NVRs (non-VSAM volume records) copied to the CKFREEZE file. The number of
VVRs is roughly two times the number of VSAM data sets on the processed volumes. NVRs are associated with SMS managed non-VSAM data sets.
Severity:
00
CKF012I Non-4K block size for VVDS not supported - volume
volume
Explanation:
This message indicates a VVDS was encountered on volume volume with a block size other than 4KB. This is not supported by this release of zSecure Collect. The VVDS has a 4KB block size if it has been made automatically on 3330/3350/3380/3390
DASD with at least DFP 1.0 through DFP 3.3. If you encounter this message, then the VVDS information for the specified volume will not be read, and you will only see component names mentioned in the VTOC, not the cluster names.
Severity:
12
CKF014I DASD Device
dev online but not ready
Explanation:
This message indicates the device number dev was included in the configuration because it was online, but could not be interrogated because it was not ready. Instead of scheduling an I/O request, zSecure Collect has skipped the device. This may result in incomplete information for your purpose.
Severity:
04
CKF015I SYSEVENT DONTSWAP failed, return code hex
rc
Explanation:
This message indicates that zSecure
Collect failed to make itself nonswappable. As a result, no authorized I/Os can be scheduled and no cache size information and device level cache disablement information will be collected for 3880 devices. Neither will guaranteed device path I/O be used to eliminate
WAITs.
Severity:
08
CKF016I
Explanation:
This message indicates that a control block of an unsupported layout was returned by
Directory Entry Services for the indicated PDSE. If control block is "DESB", checksum and IDR processing are skipped for the remainder of the PDSE; if it is
"SMDE", processing is skipped for a single member only.
Severity:
08
Unsupported
control block level hexnum
for
volume dsname
CKF017I Path
ch to type device dev volume not
operational
Explanation:
This message indicates that the installed physical channel (pre-XA) or channel path (XA) ch to the selected online and ready device number dev with volume serial volume was not operational. If this is not your normal working configuration, then you are measuring a reduced configuration with a higher contention than normal. Alternatively this may point at running MVS/370 under VM.
Severity:
04
CKF018I
parameter Parameter invalid in non-XA
system.
Explanation:
The parameter specified is not applicable to pre-XA systems.
Severity:
12
Chapter 2. CKF Messages
7
CKF019I • CKF027I
CKF019I BFLHFCHN invalid for
type device dev
volser; VTOC processing skipped
Explanation:
The forward chain pointer of next buffer list (BFLHFCHN) is not valid; i.e. no (more) VTOC information could be obtained for device dev.
Severity:
12
CKF020I
Explanation:
This message indicates that you requested configuration information for a device type
type, which is not currently supported by zSecure
Collect. Requests for support for other DASD types than 3350, 3380, 3390, and compatibles should be directed to IBM Software Support.
Severity:
08
Path information not gotten for unsupported device type
type, device dev
volume
CKF021I Storage director IDs unavailable for
type
device
dev volume because unauthorized
Explanation:
This message indicates that physical storage director IDs for device number dev with volume serial volume can only be extracted by authorized programs because its device type is type. The result is missing storage director information which may prevent an automatic deduction of the configuration.
Severity:
08
CKF022I Storage director ID not returned by IOS for path
ch to type device dev volume
Explanation:
This message indicates that the IOS version you have fails to return the complete sense information needed to find the storage director ID. The failure occurred on path ch to device number dev with volume serial volume. The device type is type. This message is issued for only one path, because zSecure
Collect assumes the same failure will occur on the other paths to the device, and does not attempt I/O on these paths.
Severity:
08
CKF023I String controller ID not returned by IOS for path
ch to type device dev volume
Explanation:
This message indicates that the controller
ID was not found in its proper place. This message is not issued if the storage director ID is also missing.
Currently no software level is known which omits only controller information. Because of redundancy of information, you will probably not notice any effect on the reports.
Severity:
08
CKF024I
Explanation:
This message indicates that after bs tries zSecure Collect still did not succeed in scheduling I/O along all paths to a device. This message only occurs if you specified or implied WAIT=NO and PATH=YES.
The resulting CKFREEZE information will be incomplete.
Severity:
08
Path information still incomplete after
bs tries on type device dev volume:
missing at least path
ch
CKF025I Path information still incomplete after
bn bs-try bursts on type device dev
volume: missing at least path ch
Explanation:
This message indicates that after bn bursts of bs tries with a 0.5 second WAIT interval between the bursts, zSecure Collect still did not succeed in scheduling I/O along all paths to a device. This may happen on very busy shared DASD systems and on very empty pre-XA systems that do not have channel rotation. The number of bursts, burst size, and inter-burst wait time can be adjusted by the appropriate
BURSTxxxx parameters.
Severity:
08
CKF026I
Explanation:
This message indicates an unexpected error during EXCP processing. The IOS return codes are documented in the IBM debugging handbooks
(IOB/IOSB) and in the appropriate DFP manuals. The
cccc/mm and type/mm are the control unit type / model and unit type / model, respectively, as returned by the
SenseId CCW. The resulting CKFREEZE file will probably be incomplete.
Severity:
12
Unexpected IOS return code
rc hex,
CSW status
hhhh sense ssss on path ch to
cccc/mm for type/mm device dev volume
CKF026I Unexpected IOS return code
rc hex,
CSW status
hhhh sense ssss on path ch to
3350 device
dev volume
Explanation:
This message indicates an unexpected error during EXCP processing. The IOS return codes are documented in the IBM debugging handbooks
(IOB/IOSB) and in the appropriate DFP manuals. The resulting CKFREEZE file will probably be incomplete.
Severity:
12
CKF027I Invalid DSCB FMTID=X'
xx' on type
device
dev volser CCHHR=0000000000
DSN=
dsname
Explanation:
The VTOC for the indicated volume contained an invalid DSCB, with format X'xx'. The only valid types are X'F0' .. X'F6'. The DSCB record is
8
Messages Guide
CKF028I • CKF036I
included in the CKFREEZE file, but will not used. The
dsname reported is the data set name field (key area) of the DSCB in error. This has no consequences for MVS if the DSCB is not in use according to the space map.
Severity:
04
CKF028I
Explanation:
The device/volser may be absent. This message will be followed by an IKJ-message on the problem. The error occurred in dynamic allocation or unallocation of a VTOC or data set for device dev. This message has continuation lines detailing the individual text units contents after SVC 99 (DYNALLOC) completion.
Severity:
08
SVC 99 RC=
n DAIRFAIL code xxxx xxxx
on
dev volser
CKF029I DASD Device
dev online, but not
mounted
Explanation:
Device dev was not mounted public, storage or private, zSecure Collect does not attempt to allocate the VTOC and VVDS data sets.
Severity:
04
CKF030I OPEN abend
xxx-rc on device dev
volume
volser for dsname
Explanation:
The data set named dsname could not be opened for input on device dev. The VTOC is indicated with ** VTOC volser **. If the error occurs for a VTOC, both the VTOC and the VVDS for the volume will be missing. If the error occurs for a VVDS, the VTOC information has been read properly. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF031I
CKF031I
CKFCOLL runs on
sid with osname oslevel
DFSMS
release JES2 release CPU model
model
site-specific identification string running on
where CPU-id CPUid
CKF031I Last record written: ID=
hh, contents start
hexstring
Explanation:
zSecure Collect abended while running on the indicated system (SMF id) and operating system release levels, under the focus and Products ids shown, on the CPU indicated, after writing the indicated record
(this line is omitted if no records had been written yet).
Severity:
00
CKF032I Number of record(s) truncated:
nn
Explanation:
This message indicates that records were truncated on output. You might try increasing the record length, if problems arise. However, for most purposes the information needed is located at the beginning of the BCS records, and these truncated records therefore do not usually present a problem.
Severity:
08
CKF033I Module IGG019X1 missing, no configuration info for 3350 devices possible
Explanation:
This message indicates that the appendage IGG019X1 could not be found.
Severity:
08
CKF034I [ Before MONITOR interval ] CKFCOLL used
ss.t CPU seconds, ss elapsed
seconds, and collected
m.kkk MB (m.kkk
MB/s)
[Error trap count is
number]
Written
rectotal records to ddname volume
dsname
Region requested
r,rrrKB, granted
g,ggg+g,gggKB max used in jobstep
u,uuu+u,uuuuKB
Explanation:
This message details the TCB time used as well as the wall clock time. In addition, the amount of data collected (written to the CKFREEZE file) is summarized as well as the effective data rate. The effective data rate will be misleadingly low if
CHECK=Y was specified, since that is a data reduction function. It is normal that the error trap count number has a non-zero value. The message is included for diagnostic purposes only. If MONITOR has been requested, then this message is issued twice, once before the monitoring starts, and once at the end of the program. The message at the end of the program also shows the region requested, granted, and used, both below and above the 16MB line.
Severity:
00
CKF035I Number of PDS directories processed:
nn
Explanation:
This messages gives the number of PDS
(Partition Data Set) directories copied to the CKFREEZE file.
Severity:
00
CKF036I Information omitted for
devn volser, SAF
READ access required on FACILITY
STGADMIN.IFG.READVTOC.
volser if
non-APF
Explanation:
This message indicates that an attempt to
Chapter 2. CKF Messages
9
CKF037I • CKF046I
read the VTOC resulted in an system abend 300, reason code 6, which means that name hiding was active, and you were not allowed to read the VTOC. In a RACF system, name hiding is activated with the command
SETROPTS MLNAMES. If name hiding is active, a SAF resource check is done against the resource name indicated.
Severity:
04
CKF037I Unexpected
abend condition dev devn
volser during action
Explanation:
This message indicates that an abend occurred during EXCP for a channel program attempting to perform the action indicated. Contact
IBM Software Support if this message occurs to see if this can be prevented.
Severity:
12
CKF038I Unexpected
abend during allocate of dsn
Explanation:
This message indicates a failure to allocate (and possibly perform an automatic recall of) a
VSAM cluster. An abend was encountered. The cluster will be skipped. If you think the program should have succeeded, contact IBM Software Support.
Severity:
08
CKF039I
Explanation:
This message indicates release levels or status of the software that zSecure Collect extracts information from. Instead of a version number, the keyword inactive, active, or unknown may be present to indicate respectively that the product is installed but not active, active but release could not be obtained, or control blocks present but of unsupported layout. secp is the detected security product, it can be RACF, ACF2, or TSS.
Severity:
00
Running
OS version DFSMS version JESn
version VTAM version secp version RMF
version TSO version HSM version [ under
VM/
version release ]
CKF040I Unexpected
abend during LISTCAT of
dsn
Explanation:
This message indicates a failure to locate a VSAM cluster name in the catalog; an abend was encountered. The cluster will be skipped. If you think the program should have found it, contact IBM
Software Support.
Severity:
08
CKF041I Number of catalogs processed:
nn
Explanation:
This message gives the number of ICF and HSM catalogs for which an OPEN was attempted.
Severity:
00
CKF042I Number of BCS records copied:
nn
Explanation:
This messages gives the number of BCS
(Basic Catalog Structure) records copied to the
CKFREEZE file.
Severity:
00
CKF043I VVDS information not collected, catalogs cannot be dumped fast
Explanation:
This message is issued if the VVDS data sets could not be accessed, but catalog processing was requested. zSecure Collect requires VVDS access to dump catalogs.
Severity:
00
CKF044I Name of master catalog not found in
CAXWA. Abend 913-0C may result for unconnected catalogs
Explanation:
This message indicates that the master catalog name or volume serial could not be determined.
Consequently, it is impossible to determine which catalogs are connected. zSecure Collect will try to open all catalogs it encounters on the disks processed. This will result in abend 913-0C for each unconnected catalog.
Severity:
12
CKF045I Master catalog volume
volume not
selected. Abend 913-0C may result for unconnected catalogs
Explanation:
This message indicates that the master catalog was not found on any of the disk volumes processed. Hence no user catalog connector information is accumulated by zSecure Collect. zSecure Collect will try to open all catalogs it encounters on the disks processed. This will result in abend 913-0C for each unconnected catalog.
Severity:
08
CKF046I Slowdown mode invoked because noimbed and multi-volume index for
dsname
Explanation:
This message indicates that normal
VSAM processing was selected for this cluster because it has a multi-volume index component that is needed because of NOIMBED.
Severity:
00
10
Messages Guide
CKF047I Data collection started on
date time for
node
nodename sysname sysname sid smfid
netid
netid on a manufacturer typemodel
model [ MVSCP conguration id xx ] [
logical partition
LPARname ] [ virtual
machine
userid ] [ at sysid ] [ sysplex
name ] [ rrsf RRSF_node ]
Explanation:
This message indicates the timestamp marking the start of data collection. It can be used to find the proper zSecure Collect SYSPRINT output when presented with a specific CKFREEZE file. In addition, the various system identifiers are listed: the JES2 node name, the GRS system name, the SMF id, the VTAM
® netid, and the processor type. The processor specifications are those returned by the CSRSI service.
On older machines where that service is not yet available the type is the internal hexadecimal representation (devtype/model); for VM systems the real model byte is displayed if running APF authorized, otherwise it is FF. On the second line, optional configuration information may be present to indicate the MVSCP configuration id, the Logical Partition name, the VM virtual machine user ID, the VM system
ID (as would be displayed in the lower right corner under CMS), the SYSPLEX name, and the RRSF local node name, if any. The RRSF local node name is only for z/OS 2.2 and higher.
Severity:
00
CKF048I
Explanation:
This message indicates a failure to open the VSAM data set indicated and gives the return code and reason code. The type can be BCS for an ICF catalog, MCD for HSM MCDS, BCD for HSM BCDS, and RMM for the DFSMS RMM control data set. ACB
OPENs for ICF catalogs are attempted only if the catalog has been defined with NOIMBED, if it has more than 16 extents on a pre-DFP V3 system, or if the run is unauthorized in a pre-DFP V3 system.
Severity:
08
ACB OPEN failed for
type dev volser
componentname rc=nn, code=nn cluster
clustername
CKF049I Internal error CKFCCHH RC=16
Explanation:
Contact IBM Software Support.
Severity:
24
CKF050I TTT Conversion fails on
reltrk
DEBNMEXT=
nnn on dev volser
Explanation:
This message indicates a failure to convert the indicated relative track number to an absolute cylinder and head address. The requested track will not be read. Generally this means that the internal structure of a data set was not understood properly, for example, because of a new version of the
CKF047I • CKF053I
software maintaining that data set. Contact IBM
Software Support.
Severity:
08
CKF051I EXCP failed on
ddname, RC=hh,
IOBSEEK=
address device dev volser
Explanation:
This message indicates an unexpected
I/O failure on the indicated device and address. The return code is the EXCP return code in hex.
Severity:
12
CKF051I
Explanation:
This message indicates an unexpected
ECKD
™
I/O failure on the indicated device and address. The return code is the EXCP return code in hex.
Severity:
12
(ECKD) EXCP failed on
ddname, Address
CKFB:
address, rc nnx,
CSW=
hhhhhhhhhhhhhh, IOBSEEK=address
device
dev volser
CKF051I Multiple track read EXCP failed on
ddname, Number of reads hhhh, Address
CKFB:
address, rc nnx,
CSW=
hhhhhhhhhhhhhh, IOBSEEK=address
device
dev volser
Explanation:
This message indicates an unexpected multitrack read I/O failure on the indicated device and address. The return code is the EXCP return code in hex.
Severity:
12
CKF052I Slowdown mode invoked because noimbed and index on
volume for
catname
Explanation:
This message indicates that the requested
ICF, HSM, or RMM catalog dump will be tried with
VSAM, because the faster EXCP mode does not support
NOIMBED with the index on a different volume than the data component.
Severity:
00
CKF053I Slowdown mode invoked because not
APF-authorized, data set
volume catname
Explanation:
This message indicates that the requested catalog dump will be tried with VSAM, because the faster EXCP mode requires APF authorization that is not present. ALTER authority is required to read ICF catalogs without APF authorization on DFP systems below version 3. For DFP version 3 APF authorization is required to read ICF catalogs anyway and message
CKF064I will be issued. READ authority is needed to read HSM catalogs.
Chapter 2. CKF Messages
11
CKF054I • CKF064I
Severity:
00
CKF054I
Explanation:
This message indicates that the number of CIs described by the index sequence set record was not the number of CIs per CA. If the error message is reproducible, perform EXAMINE on the data set. If no strange things are found, contact IBM Software
Support.
Severity:
00
Data set
catname CA at rel track tt
missing
nn CIs in sequence set record
CKF055I ACB OPEN
type abend xxx-nn
(explanation) for dev volume componentname
of
catalogname
Explanation:
This message indicates an abend during an attempt to open the ICF, RMM, or HSM catalog indicated.
Severity:
08
CKF056I Slowdown mode invoked because more extents than EXCP supports (abend
013-E4) for
vol cluster
Explanation:
The maximum number of extents supported by an EXCP OPEN depends on the DFSMS release. This is reflected in the job log as an abend
013-E4 (or in older releases, 213-20). The CKF030I message is suppressed in this case. The abend is intercepted, and slowdown mode is invoked for this release.
Severity:
00
CKF057I
type abend xxx-nn (explanation) on dev
volser dsname
Explanation:
A nonrecoverable abend occurred opening data set dsname for input on device dev. If the error occurs for a VTOC, the VTOC and all data sets on the volume will be missing. If the error occurs for a
VVDS, the VTOC information has been read properly.
For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF058I Unexpected physical record length
decnum in imbedded SSR with index
blksize
decnum for catname
Explanation:
This message indicates that a physical record (i.e. block) was read from the imbedded index track with a block size different from the block size indicated in the information in the VVR. Results will be unpredictable.
Severity:
12
12
Messages Guide
CKF059I
Explanation:
This message indicates that for some reason the index was not read successfully.
Consequently, the NOIMBED data set cannot be processed.
Severity:
08
NOIMBED not supported, data set
catname on volser skipped
CKF060I VVDS space map extension at RBA
hexnum ignored - expecting hexnum
Explanation:
zSecure Collect expects the space map chain to occur in order in the VVDS.
Severity:
12
CKF061I VVDS can only be accessed with APF authorization
Explanation:
In DFP V3 systems, APF authorization is required to read the VVDS.
Severity:
04
CKF062I Connected catalog
catname not found on
volumes processed
Explanation:
The master catalog processed contained a connector entry for catalog catname. However, the catalog was not found on the volumes processed.
Catalog information may be incomplete.
Severity:
08
CKF063I Unexpected error: Master cat BCS not found on mastercat volume. Abend
913-0C may occur
Explanation:
This message indicates that for some reason the master catalog was not found on the volume it was supposed to reside on. Consequently, it cannot be determined whether user catalogs are connected or not. Abend 913-0C results from trying to open an unconnected catalog if bypass-password processing is not being used.
Severity:
08
CKF064I Catalog cannot be dumped without APF authorization -
catname
Explanation:
On a DFP version 3 or higher system,
APF authorization is required to dump ICF catalogs.
Severity:
08
CKF065I Slowdown mode invoked because primary data VVR not obtained for
datacomponent
Explanation:
To read VSAM data sets in EXCP mode, zSecure Collect needs the VSAM Volume Record (VVR) residing in the VVDS. This message is issued if the
VVR of the data component was not encountered.
Severity:
00
CKF066I Slowdown mode invoked because noimbed and primary index VVR not obtained for
datacomponent
Explanation:
To read VSAM data sets with the
NOIMBED attribute in EXCP mode, zSecure Collect needs the VSAM Volume Record (VVR) of the index residing in the VVDS. This message is issued if the
VVR of the index component was not encountered.
Severity:
00
CKF067I Data set
datacomponent error at CI num in
CA at rel trk
nnn type key
Explanation:
Where key is the current record key (a data set name), and type can be one of the following error types:
last segment missing - record skipped
For a spanned record, the last segment was not found in the control area. The record will not be copied to
CKFREEZE.
orphan inner segment skipped
A spanned record intermediate segment was encountered, but the first segment for the record was not found in the control area. The segment will be discarded.
updated during copy
A spanned record was encountered, but the segments did not have the same update count. This can happen if the record was updated between read instructions to the control area. The record may appear garbled in the
CKFREEZE file.
orphan last segment skipped
The last segment of a spanned record was encountered, but the first segment for the record was not found in the control area. The segment will be discarded.
Severity:
04
CKF068I Cat rlen=
xxxx (RDF=xxxxxx) at CI offset
xxxx > used CI xxxxxx of CA at reltrk
nnnnn in datacomponent
Explanation:
The record length field in a catalog
CKF065I • CKF074I
record (rlen) points beyond the end of the used bytes in a control interval.
Severity:
08
CKF069I Slowdown mode invoked for multi-volume cluster
dsname
Explanation:
This message indicates that normal
VSAM processing was selected for this cluster because it has a multi-volume data component.
Severity:
00
CKF070I
type abend xxx-nn (explanation) on dev
volume dataset
Explanation:
This message indicates a nonrecoverable abend occurred during OPEN of the indicated PDS(E).
For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF071I Internal error IOBEXCP DEBNMEXT=0
Explanation:
This message indicates an unexpected condition; I/O was being attempted against an empty data set. Contact IBM Software Support. The message is suppressible.
Severity:
24
CKF072I Unexpected IOCINFO return code
rc
reason code
rr (decimal)
Explanation:
This message indicates that the IOCINFO service issued an unexpected return code. Results are unpredictable.
Severity:
08
CKF073I Dynamic configuration change occurred,
UCB scan restarted - file may contain duplicate records
Explanation:
This message indicates that the
UCBSCAN service indicated a configuration change while scanning all UCBs. The scan will be restarted, but this may make the CKFREEZE file unusable if your application does not support duplicate information. In this case, you will have to rerun zSecure Collect.
Severity:
04
CKF074I
Explanation:
This message indicates that the
UCBSCAN service issued an unexpected return code.
Severity:
12
Unexpected UCBSCAN return code
rc
reason code
rr (decimal)
Chapter 2. CKF Messages
13
CKF075I • CKF087I
CKF075I
Explanation:
This message indicates that the
EDTINFO service issued an unexpected return code while trying to obtain the generic device type for a device. The field will be filled with a default value.
Severity:
04
Unexpected EDTINFO return code
rc
reason code
rr (decimal) for dev volume
devtype
devtype
CKF076I Unexpected UCBSCAN return code
rc
reason code
rr (decimal) on dev volume
Explanation:
This message indicates that the
UCBSCAN service issued an unexpected return code when trying to obtain the last path used mask.
Severity:
12
CKF077I Unexpected UCBSCAN return code
rc
reason code
rr (decimal) on dev volume
Explanation:
This message indicates that the
UCBSCAN service issued an unexpected return code while trying to pin and obtain the address of a UCB.
The intended authorized I/O function will not be performed.
Severity:
12
CKF078I Unexpected UCBPIN UNPIN rc
rc
reason code
rr (decimal) on dev volume
Explanation:
This message indicates that the UCBPIN service issued an unexpected return code while trying to unpin an UCB after an authorized I/O operation.
Severity:
12
CKF080I Unexpected IXCQUERY return code
rc
reason code
rr (decimal)
Explanation:
This message indicates that the
IXCQUERY service issued an unexpected return code.
The XCF sysplex record will be missing from the file.
Severity:
04
CKF081I Unexpected IXCQUERY return code
rc
reason code
rr (decimal)
Explanation:
This message indicates that the
IXCQUERY service issued an unexpected return code.
The XCF sysplex record will be missing from the file.
Severity:
04
CKF082I Unexpected IXCQUERY
type abend
xxx-nn (explanation)
Explanation:
This message indicates that the
IXCQUERY service abended. The XCF sysplex record will be missing from the file.
Severity:
04
CKF083I Extent size discrepancy
size
DEBNMTRK=
num on dev volser
Explanation:
There is an unexpected difference in the low order two bytes of the number of tracks in an extent. The software uses DEBNMTRK (which may be too small). Contact IBM Software Support.
Severity:
20
CKF084I Internal error CKFCCHH RC=20 on
dev volser
Explanation:
Contact IBM Software Support.
Severity:
24
CKF085I
Explanation:
This message indicates a failure to convert the indicated relative track number to an absolute cylinder and head address. The requested track will not be read. Generally this means that the internal structure of a data set was not understood properly, for example, because of a new version of the software maintaining that data set. Contact IBM
Software Support.
Severity:
08
TTT conversion result CCC HHHH
cccc
hhhh not in extent cccc hhhh - cccc hhhh
for
reltrk on dev volser Extent nn range
cccc hhhh - cccc hhhh start reltrk size trks
CKF086I Member
mem rel trk trk Rrec not in dev
volser dsn size trks trk
Explanation:
This message indicates that a PDS directory entry points to a member start (relative track and record number) beyond the end of the data set. A possible cause might be that the data set was truncated during a copy or restore operation.
Severity:
04
CKF087I Missing EOF in member
mem rel trk trk
R
rec in dev volser dsn size trks trk
Explanation:
This message indicates that the last member physically present in a partitioned data set was truncated before it's End Of File marker. The member starts at the indicated relative track and record number. A possible cause might be that the data set was truncated during a copy or restore operation.
There will be no checksum for this member.
14
Messages Guide
Severity:
04
CKF088I Missing
n out of total members in dev
volser dsn size trks trk
Explanation:
This message indicates that a Partitioned
Data Set directory referred to members not physically present in the data set. A possible cause might be that the data set was truncated during a copy or restore operation.
Severity:
04
CKF089I Unexpected DMS subfile name
name at
record
nnn of DMSU volume datasetname
Explanation:
The data set indicated by the DMSUNL= keyword contains an unknown subfile name. The data set is not read any further.
Severity:
08
CKF090I
Explanation:
This message indicates a nonrecoverable abend occurred during OPEN of the indicated TMC.
For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
type abend xxx-nn (explanation) on dev
volume dataset
CKF091I TRKCALC for
dsname gives RC=nn
decimal
Explanation:
The calculation of the number of blocks per track for the TMC, VMF or ACF failed with the indicated return code. As a consequence, no blocks will be read.
Severity:
08
CKF092I Opened
type dev volume dataset, num
by/bl
num bl/tr num rc/bl num trk
Explanation:
This message indicates that the type data set (TMC for CA1, VMF for CA-TLMS, or ABR for
FDR/ABR) has just been opened, and shows the characteristics used for reading the TMC/VMF. It is issued only if the INFO option was specified.
Severity:
00
CKF093I Unexpected block length
nnn at rel track
nnn Rnn of type vol dataset
Explanation:
This message indicates that a track read contained an unexpected block size. The remainder of the track is skipped. The current relative track number and physical record number are shown in decimal. The
type can be TMC, VMF, or ABR.
CKF088I • CKF097I
Severity:
08
CKF093I
Explanation:
This message indicates that an ABR track read contained an unexpected block prefix. The current relative track number and physical record number are shown in decimal.
Severity:
08
Unexpected block prefix "
ttttttt" at rel
track
nnn Rnn of ABR vol dataset
CKF094I Closed
type dev volume dataset, read nnn
tracks, copied
nnn type and nnnn DSNB
records
Explanation:
This informational message indicates that the TMC/VMF/ABR data set was closed and shows the number of volume and data set records that were copied to CKFREEZE. It is issued only if the INFO option was specified.
Severity:
00
CKF095I
Explanation:
For type equal to TMC this message indicates that the indicated data set had a record size
(lrecl) different from 200 and 340 (CA1 5.0). For type equal to VMF this message indicates that the record size was different from 500. For type equal to ABR this indicates that the block size was smaller than 32 bytes.
Severity:
08
Unsupported
type blocksize nnn lrecl
nnn for volume dataset
CKF096I
Explanation:
This message indicates a nonrecoverable abend occurred during OPEN of the indicated type data set (DMSU for DMSUNL, PDSE for PDS/E directory, or
PDSM for DMS AUTHLIB). For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
type abend xxx-nn (explanation) on type
dev volume dataset
CKF097I Opened
type dev volume dataset, blksz
nnnn, lrecl nnnn lasttrk nnnnn
Explanation:
This message indicates that the indicated
type data set (DMSU for DMSUNL, PDSE for PDS/E directory, or PDSM for DMS AUTHLIB) has just been opened, and shows the block size, record length, and last relative track number (decimal). It is issued only if the INFO option was specified.
Severity:
00
Chapter 2. CKF Messages
15
CKF098I • CKF108I
CKF098I
Explanation:
A record length smaller than 9 was encountered, this is not supported for a DMS unload
(each record is expected to start with the 8 byte subfile name). The remainder of the data set will be skipped.
Severity:
08
Unexpected record length
n at record
nnn of DMSU volume dataset
CKF099I Closed
type dev volume dataset read nnn
records, copied
nnn DSNINDEX and
Messages from 100 to 199
CKF100I Missing PDS directory end in
dev vol dsn
Explanation:
This message indicates that a data set that was supposed to have a Partitioned Data Set organization did not have a proper PDS directory (i.e.
ending in a record with a key of high values). Possible causes are that the data set is not a PDS at all, or that the data set was truncated before the end of the PDS directory by a failed copy or restore operation.
Severity:
08
CKF101I
Explanation:
This message indicates a failure to locate a VSAM cluster name in the catalog. The cluster will be skipped. If you think the program should have found it, contact IBM Software Support.
Severity:
08
Unexpected return code
nn dec during
LISTCAT of
dsn
CKF102I
Explanation:
This informational message gives the control interval size, the number of bytes, blocks, and tracks in a control area, and the number of blocks per track and blocks per control intervals for the specified
type VSAM data set (BCS for catalog, MCD for HSM migration Control Data set, BCD for HSM Backup
Control Data set, RMM for DFSMS RMM control data set) immediately before it is opened. It is issued only if the INFO option is selected.
Severity:
00
type catname on volume BLK decnum CISZ
decnum, CASZ decnum byte, num CI/CA,
num bl/CA, numtr/CA, nn bl/trk, nn bl/CI
CKF103I No imbed - index
indexname on volume
BLK
decnum CISZ decnum
Explanation:
This message indicates that the index component about to be opened has the NOIMBED attribute, which makes it necessary to process the index. The message indicates the index component data set name, as well as the physical block size and CI size.
It is issued only if the INFO option is selected.
16
Messages Guide
nnnn RACFENCD records
Explanation:
This informational message indicates that the DMStype data set (DMSU for DMSUNL, PDSE for
PDS/E directory, or PDSM for DMS AUTHLIB) was closed and shows the number of records read as well as the number of data set and RACF profile records that were copied to CKFREEZE. It is issued only if the
INFO option was specified.
Severity:
00
Severity:
00
CKF104I
Explanation:
This informational message summarizes the number of bytes that were read from the catalog index component prior to closing. It is issued only if the INFO option was selected.
Severity:
00
Closed IX
dev volume catname index
incore
decnum bytes - indexname
CKF105I Opened
type dev volser catname size num
trk
datacomponent
Explanation:
This informational message contains the number of tracks in the data component of the type data set (see CKF102I) that has just been opened successfully. It is issued only if the INFO option was selected.
Severity:
00
CKF106I Master catalog is
catname
Explanation:
This informational message indicates the name of the master catalog. It is issued only if the
INFO option was selected.
Severity:
00
CKF107I
Explanation:
This informational message indicates the successful opening of the ACB for the indicated VSAM data set. It is issued only if the INFO option was selected.
Severity:
00
Opened ACB
dev volume cluster
component
dsname
CKF108I Closed ACB
dev volume cluster read
decnum, copied decnum records
datacomponent
Explanation:
This informational message shows the number of records read and copied from the indicated
VSAM data set. It is issued only if the INFO option was selected.
Severity:
00
CKF109I
Explanation:
This informational message indicates the successful opening of the PDS(E) indicated, and, for a
PDS, the size of the data set in tracks. It is issued only if the INFO option was selected.
Severity:
00
Opened
dsntype dev volume dsname [ alloc
size
nn trk ]
CKF110I
Explanation:
This informational message indicates the number of directory tracks and blocks read from the indicated PDS. It is issued only if the INFO option was selected.
Severity:
00
Closed PDS
dev volume dsname read
decnum trks, copied decnum dir blks,
scanned
decnum byte in decnum members
CKF111I Scheduler allocated
decnum I/O
executors
Explanation:
This informational message shows the amount of parallelism introduced by the PARALLEL parameter or its default. It is issued only if the
REPORT or INFO option was selected or defaulted.
Severity:
00
CKF112I Opened VTOC
dev volume size decnum
tracks
Explanation:
This informational message indicates the successful opening of the VTOC for the indicated volume. It is issued only if the INFO option was selected.
Severity:
00
CKF113I
Explanation:
This informational message summarizes the number of tracks and records that were read from the VTOC prior to closing. It is issued only if the INFO option was selected.
Severity:
00
Closed VTOC
dev volume read num
tracks, copied
decnum DSCBs
CKF114I Opened SYS1.VVDS.V
volume size
decnum tracks, nnn blk/trk
Explanation:
This informational message indicates the successful opening of the indicated VVDS and the number of 4KB blocks per track. It is issued only if the
INFO option was selected.
CKF109I • CKF119I
Severity:
00
CKF115I
Explanation:
This informational message summarizes the number of tracks and records that were read from the VVDS prior to closing. It is issued only if the INFO option was selected.
Severity:
00
Closed SYS1.VVDS.V
volume read num
tracks, copied
decnum NVR/VVRs
CKF116I
Explanation:
This informational message summarizes the number of tracks and records (both non-spanned and spanned) that were read and copied from the data component of the type data set (see CKF102I) prior to closing. It is issued only if the INFO option was selected.
Severity:
00
Closed
type dev volume catname read num
trks,
num records, copied decnum/decnum
non/spanned records
CKF117I
Explanation:
This message indicates that the response to the specified CP command issued while running under VM did not fit into the return area. The first 5 lines of the response are displayed. As a result, information collected by the command may be missing from the CKFREEZE file.
Severity:
12
CP response truncated for command
"
command": response
CKF118I
Explanation:
This message indicates the nonzero return code returned by CP on the specified command issued while running under VM. As a result, information collected by the command will be missing from the CKFREEZE file.
Severity:
12
CP return code
nn on command
"
command": response
CKF119I Q V
nnnn returns data for nnnn -
possibly unsupported VM release
Explanation:
While running an XA release of MVS under VM, the QUERY VIRTUAL command issued by zSecure Collect unexpectedly returned information from a different device. The information is not processed.
Severity:
12
Chapter 2. CKF Messages
17
CKF120I • CKF129I
CKF120I
Explanation:
This message indicates a failed I/O operation of the type CCWname on the indicated device. The Channel Status Word and the first 2 bytes of the sense code are shown in hexadecimal, together with the hexadecimal controller type cccc and model
mm and device type dddd and model mm, as returned by the Sense Id, and the Virtual and Physical controller type returned by the ReadDeviceCharacteristics. The latter are needed to determine the exact device type and mode of 3990 models and RAMAC devices. Check for a possible hardware defect. More diagnostic information might be available in a directly subsequent message CKF144I.
Severity:
08
Unexpected IOS rc
xx x, CSW stat xxxx
sns
xxxx id cccc/mm dddd/mm v/r=vv/rr
dev
dev volser during CCWname
CKF121I Unexpected nil
name pointer in product
Explanation:
This message has two forms. the first shows the name of a pointer that was unexpectedly found to be zero during access to a control block chain with cross memory services in an address space for the specified product (HSM, JES2, JES3, RMM, TLMS).
Severity:
04
CKF121I Unexpected null ASID for
product
Explanation:
The second form of this message shows that the Address Space Id was unexpectedly found to be zero during access to a control block chain with cross memory services in an address space for the specified product (HSM, JES2, JES3, RMM, TLMS).
Severity:
04
CKF122I Number of TAPE devices interrogated:
nnn
Explanation:
This message, shown if TAPE=YES was specified or implied, shows the number of tape devices that were interrogated.
Severity:
00
CKF123I Q V
mmm query for device nnnn returns
data for
nnnn - possibly unsupported
VM release
Explanation:
While running a non-XA release of MVS under VM, the QUERY VIRTUAL command issued by zSecure Collect to the VM device number mmm on behalf of the nnnn device number in MVS, unexpectedly returned information from a different device. The information is not processed.
Severity:
12
CKF124I Non-SMS system
Explanation:
This informational message is issued to indicate that the SMS subsystem is not defined on the system.
Severity:
00
CKF125I SMS is inactive
Explanation:
This informational message is issued to indicate that the SMS subsystem is defined, but inactive. No SMS information will be present in the
CKFREEZE file.
Severity:
04
CKF126I SMS IEFSSREQ RC=
nn (decimal) for
request SSSA1TYP=
nn (decimal)
Explanation:
This message indicates the failure of a
SMS subsystem request. The requested SMS information will be missing from the CKFREEZE file.
Severity:
08
CKF127I
Explanation:
This message indicates the failure of a
SMS information request. The requested SMS information will be missing from the CKFREEZE file.
Severity:
08
SMS return code SSOBRETN=
nn
(decimal) reason code SSSARSN=
nnn
(decimal) for request SSSA1TYP=
nn
(decimal)
CKF128I SMS returned reason code
SSSARSN=
nnn (decimal) and messages
for request SSSA1TYP=
nn (decimal):
messages
Explanation:
This message indicates the possible failure of a SMS information request. Informational or error messages returned by SMS follow this message.
The requested SMS information may be missing from the CKFREEZE file.
Severity:
04
CKF129I Unexpected SMS call
type abend xxx-nn
(explanation) for request SSSA1TYP=nn
(decimal)
Explanation:
This message indicates the abend issued during a SMS information request. The requested SMS information will be missing from the CKFREEZE file.
Severity:
08
18
Messages Guide
CKF130I • CKF141I
CKF130I SMS
type name configuration description
Explanation:
This informational message indicates that the complex of type type and name name has SMS active and shows the comment (description) field of the active configuration.
Severity:
00
CKF131I LCU selection not possible
Explanation:
This message indicates that a LCU selection was given but no LCU information could be found in the system. The run is aborted. Possible reasons include: RMF was not active, running under a
VM system, or an unsupported RMF release.
Severity:
12
CKF132I Tape management system CA1
v.r.nl
Explanation:
This message indicates that CA1 was found to be active on the system, and shows the release in the form version.release.newsletter
Severity:
00
CKF133I FOCUS must precede parameters selecting additional information to be collected
Explanation:
This message is issued if FOCUS was not the first parameter, and you specified a parameter that is not allowed under each focus before the FOCUS parameter. Move the FOCUS parameter in front.
Severity:
12
CKF134I Command not valid in current FOCUS -
name
Explanation:
This message indicates that a feature was requested that is invalid under the current focus combination. You can look up the command name in the index and read the restrictions.
Severity:
12
CKF135I
site-specific identification string Runs on
where CPU-id, source file ddname volser
dsn
Explanation:
This message shows the site-specific identification string, CPU-id, and relevant product numbers and names.
Severity:
00
CKF136I CLOSE abend
xxx-rc on device dev
volume
volser for dsname
Explanation:
The data set named dsname could not be closed on device dev. The VTOC is indicated with
** VTOC volser **. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF137I ACB CLOSE failed for
type dev volume
datacomp rc=nn code=code cluster dsname
Explanation:
The VSAM data set data component
datacomp could not be closed. See the appropriate DFP manual for the meaning of the codes.
Severity:
08
CKF138I
Explanation:
This messages indicates an unexpected return code and reason code (in decimal) from the
VSAM GET macro after the indicated number of records.
Severity:
08
GET RPL
type dev volume datacomponent
rc=
nn reason=nnnn after nnnn records
CKF139I
Explanation:
The calculation of the number of blocks per track for the VVDS failed with the indicated return code. As a consequence, the space map will not be used and all tracks of the VVDS will be read.
Severity:
08
TRKCALC for SYS1.VVDS.V
volume
gives RC=
nn decimal
CKF140I
Explanation:
This message indicates the number of records copied from the RACFENCD subfiles of DMS
DMSFILES and unloaded DMSFILES data sets. The
RACFENCD subfile gives the relation between data set names of archived or backed-up data sets and the corresponding RACF profiles with an encoded name.
Severity:
00
Number of RACFENCD records copied:
nnnn
CKF141I Number of DSNINDEX records copied:
nnnn
Explanation:
This message indicates the number of records copied from the RACFENCD subfiles of DMS
DMSFILES and unloaded DMSFILES data sets. It includes all archived and backed-up data sets.
Severity:
00
Chapter 2. CKF Messages
19
CKF142I • CKF153I
CKF142I Number of MCD records copied:
nnnnn
Explanation:
This message indicates the number of records copied from HSM Migration Control Data sets.
It is shown if the number is nonzero.
Severity:
00
CKF143I Number of BCD records copied:
nnnnn
Explanation:
This message indicates the number of records copied from HSM Backup Control Data sets. It is shown if the number is nonzero.
Severity:
00
CKF144I
Explanation:
This message occurs optionally behind message CKF120I or CKF051I. It indicates the original
EXCP return code and sense code associated with a failing channel program, for example, a Unit Check.
Check for a hardware defect or failure. If you cannot find one, contact IBM Software Support to report these messages and to determine whether they can be prevented.
Severity:
00
original rc
nnx sense xxxxxxxx xxxxxxxx
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
CKF145I CKFREEZE LRECL=
nnn must at least be
23472, use half/full track as BLKSIZE and set LRECL 4 less, or use LRECL=X,
RECFM=VBS
Explanation:
This message indicates that the
CKFREEZE file has an insufficient maximum record length. Check your JCL, if you did not specify a
LRECL, check the BLKSIZE. If you did not specify either, try specifying BLKSIZE. If this does not work, try specifying both. If you specified both and SMS is active, contact your site's storage administrator how you can prevent the ACS routines from providing an insufficient overriding LRECL.
Severity:
12
CKF146I Number of TMC volume records copied:
nnnn
Explanation:
This message indicates the number of volume records copied from the CA1 TMC (Tape
Management Catalog).
Severity:
00
CKF147I Number of DSNB records copied:
nnnn
Explanation:
This message indicates the number of secondary data set records (Data Set Name Blocks) copied from the CA1 TMC (Tape Management
Catalog).
20
Messages Guide
Severity:
00
CKF148I DMS records at level
v.r.m
Explanation:
This message indicates the highest DMS release number encountered in a DMSFILES record.
Severity:
00
CKF149I Number of SWCH devices interrogated:
nnn
Explanation:
This message, shown if SWCH=YES was specified or implied, shows the number of ESCON directors that were interrogated.
Severity:
00
CKF150I
Explanation:
This message indicates that the OPEN for a DMSFILES data set failed with the indicated abend code. No information will be present in the
CKFREEZE file from this data set.
Severity:
08
type abend xxx-nn (explanation) on dev
volser dsname
CKF151I
Explanation:
The calculation of the number of blocks per track for the DMSFILES data set failed with the indicated return code. As a consequence, no blocks will be read.
Severity:
08
TRKCALC for
dsname gives RC=nn
decimal
CKF152I Opened DMSF
dev volume dataset, nnn
by/bl
nn bl/tr nnn by/tr nnnn trk
Explanation:
This message indicates that a DMSFILES data set has just been opened, and shows the characteristics used for reading the DMSFILES data set.
It is issued only if the INFO option was specified.
Severity:
00
CKF153I Dataset has unsupported DMSFILES format -
volser dsname
Explanation:
This message indicates that the data set indicated does not conform to the supported layout of a DMSFILES data set. Specifically, the control record does not contain a correct control block id. The data set is not processed any further.
Severity:
08
CKF154I • CKF163I
CKF154I Dataset expects blksize
nnnn but is nnnn
for
volser dsname
Explanation:
The message indicates that the
DMSFILES data set contains a physical block size in the
DMS control record that differs from the physical block size in the format 1 DSCB in the VTOC. The data set is not processed any further.
Severity:
08
CKF155I Unexpected block length
nnn at rel track
nnn Rnn of DMSF vol dataset
Explanation:
This message indicates that a DMSFILES track read contained an unexpected block size. The remainder of the data set is skipped.
Severity:
08
CKF156I DMSFILES error: reference to RBA
xxxxxxxx and length nnnnn points
beyond last rel track
nnnn
Explanation:
This message indicates an error during read of a DMSFILES data set. An index entry or file control block points to a block at a Relative Byte
Address (hexadecimal) and with a length (decimal) that would extend beyond the last used track of the data set as shown in the F1 DSCB (last relative track number in decimal). The blocks beyond the last used track will not be read.
Severity:
08
CKF157I DMSFILES error: missing
nnnn bytes at
the end of logical block at RBA
xxxxxxxx
Explanation:
This message indicates that zSecure
Collect expected additional bytes to complete a logical block when end-of-file processing was entered.
Severity:
08
CKF158I DMSFILES error: found BLK RBA
xxxxxxxx but unexpected subfile name
rel trk
nnn Rnn
Explanation:
This message indicates that a block, pointed to by the DSNINDEX or RACFENCD index was read at the specified RBA, but it contained records of a different subfile than DSNINDEX and
RACFENCD. The current relative track number and physical record number are shown in decimal.
Severity:
08
CKF159I
Explanation:
This message indicates that an index block, pointed to by the DSNINDEX or RACFENCD
FCB was read at the specified RBA, but it contained the index of a different subfile than DSNINDEX and
RACFENCD. The current relative track number and physical record number are shown in decimal.
Severity:
08
DMSFILES error: found IND RBA
xxxxxxxx but unexpected subfile name
rel trk
nnn Rnn
CKF160I
Explanation:
This message indicates that a block, pointed to by the DSNINDEX or RACFENCD FCB or index was read at the specified RBA, but it did not contain a BLK or IND prefix. The current relative track number and physical record number are shown in decimal.
Severity:
08
DMSFILES error: found RBA
xxxxxxxx
but not a BLK or IND prefix, at rel trk
nnn Rnn
CKF161I
Explanation:
This message indicates that the starting
RBA of a logical block, pointed to by the DSNINDEX or RACFENCD FCB or index was not found on a physical block boundary. The current RBA, relative track number, and physical record number are shown in decimal.
Severity:
08
DMSFILES error: RBA
xxxxxxxx not
found on block boundary, at RBA
xxxxxxxx rel trk nnn Rnn
CKF162I DMSFILES error: missed block(s) starting at RBA
xxxxxxxx
Explanation:
This message indicates that zSecure
Collect expected additional information starting at the specified RBA (pointed to by DSNINDEX or
RACFENCD FCB or index) when end-of-file processing was entered.
Severity:
08
CKF163I
Explanation:
This informational message indicates that the DMSFILES data set was closed and shows the number of data set and RACF profile records that were copied to CKFREEZE. It is issued only if the INFO option was specified.
Severity:
00
Closed DMSF
dev volume dataset, read
nnn tracks, copied nnn DSNINDEX and
nnnn RACFENCD records
Chapter 2. CKF Messages
21
CKF164I • CKF172I
CKF164I DMSFILES error:
name subfile not
found in FCBs
Explanation:
This message indicates that zSecure
Collect failed to find the specified subfile definition in the File Control Blocks. Information from the subfile will be missing from the CKFREEZE file.
Severity:
08
CKF165I DMSFILES error: no or invalid
IND/BLK RBA in FCBs
Explanation:
This message indicates that zSecure
Collect failed to find valid RBAs in the DSNINDEX and
RACFENCD File Control Blocks. No information from this DMSFILES data set will be copied to the
CKFREEZE file.
Severity:
08
CKF166I Message number to be suppressed must be in range 0..999
Explanation:
The form of the message suppression command SUPMSG and its aliases is a list of decimal numbers separated by commas and enclosed in parentheses, or a single number. It may not be left blank.
Severity:
12
CKF167I Volume not mounted for expected data set
volume dsname
Explanation:
This message indicates that zSecure
Collect wants to extract information from the indicated data set, but the volume was not mounted.
Severity:
04
CKF168I
Explanation:
This message indicates that zSecure
Collect wants to extract information from the indicated data set, but the OPEN attempt was not successful.
This text of the message can only occur if
RESTORE=YES or RECALL=YES was specified or implied.
Severity:
04
Restore not successful for expected data set on volume
volume dsname
CKF168I RESTORE=NO and expected data set not on volume
volume dsname
Explanation:
This form of the message indicates that zSecure Collect wants to extract information from the indicated data set, but the data set was not found in the VTOC, and RESTORE=NO (same as RECALL=NO) was specified or implied.
Severity:
04
22
Messages Guide
CKF169I
Explanation:
This message indicates that you requested an action for a data set, but the volume was not mounted or excluded by your SELECT and
EXCLUDE commands.
Severity:
08
Volume [excluded or] not mounted for requested data set
volume dsname
CKF170I Restore not successful for requested data set on volume
volume dsname
Explanation:
This message indicates that you requested an action for a data set, but the OPEN attempt was not successful. This text of the message can only occur if RESTORE=YES (same as
RECALL=YES) was specified or implied.
Severity:
08
CKF170I RESTORE=NO and requested data set not on volume
volume dsname
Explanation:
This form of the message indicates that you requested an action for a data set, but the data set was not found in the VTOC, and RESTORE=NO was specified or implied.
Severity:
08
CKF171I Restore not successful for expected data set on any volume -
dsname
Explanation:
This message indicates that zSecure
Collect wants to extract information from the indicated data set, but the ALLOCATE attempt was not successful. This text of the message can only occur if
RESTORE=YES was specified or implied.
Severity:
04
CKF171I RESTORE=NO and expected data set not on any volume
dsname
Explanation:
This form of the message indicates that zSecure Collect wants to extract information from the indicated data set, but the data set was not found in any VTOC, and RESTORE=NO (same as RECALL=NO) was specified or implied.
Severity:
04
CKF172I Restore not successful for requested data set on any [included] volume -
dsname
Explanation:
This message indicates that you requested an action for a data set, but the data set was not found on the volume or the volume was not included by your SELECT and EXCLUDE statements.
This text of the message can only occur if
RESTORE=NO was specified or implied.
Severity:
08
CKF172I RESTORE=NO and expected data set not on any [included] volume
dsname
Explanation:
This form of the message indicates that you requested an action for a VSAM data set, but the data set was not found in any VTOC included by your
SELECT and EXCLUDE statements, and RESTORE=NO was specified or implied.
Severity:
08
CKF173I Volume not mounted for expected
VSAM data set
volume dsname
Explanation:
This message indicates that zSecure
Collect wants to extract information from the indicated
VSAM data set, but the volume was not mounted.
Severity:
04
CKF174I Restore not successful for expected
VSAM data set on volume
volume dsname
Explanation:
This message indicates that zSecure
Collect wants to extract information from the indicated
VSAM data set, but the OPEN attempt was not successful. This text of the message can only occur if
RESTORE=YES (same as RECALL=YES) was specified or implied.
Severity:
04
CKF174I RESTORE=NO and expected VSAM data set not on volume
volume dsname
Explanation:
This form of the message indicates that zSecure Collect wants to extract information from the indicated VSAM data set, but the data set was not found in the VTOC, and RESTORE=NO (same as
RECALL=NO) was specified or implied.
Severity:
04
CKF175I
Explanation:
This message indicates that you requested an action for a VSAM data set, but the volume was not mounted or excluded by your SELECT and EXCLUDE commands.
Severity:
08
Volume [excluded or] not mounted for requested VSAM data set
volume dsname
CKF176I Restore not successful for requested
VSAM data set on volume
volume dsname
Explanation:
This message indicates that you requested an action for a VSAM data set, but the OPEN attempt was not successful. This text of the message can only occur if RESTORE=YES (same as
RECALL=YES) was specified or implied.
CKF172I • CKF178I
Severity:
08
CKF176I RESTORE=NO and requested VSAM data set not on volume
volume dsname
Explanation:
This form of the message indicates that you requested an action for a VSAM data set, but the data set was not found in the VTOC, and
RESTORE=NO (same as RECALL=NO) was specified or implied.
Severity:
08
CKF177I Restore not successful for expected
VSAM data set on any volume -
dsname
Explanation:
This message indicates that zSecure
Collect wants to extract information from the indicated
VSAM data set, but the ALLOCATE attempt was not successful. This text of the message can only occur if
RESTORE=YES was specified or implied.
Severity:
04
CKF177I RESTORE=NO and expected VSAM data set not on any volume
dsname
Explanation:
This form of the message indicates that zSecure Collect wants to extract information from the indicated VSAM data set, but the data set was not found in any VTOC, and RESTORE=NO was specified or implied.
Severity:
04
CKF178I Restore not successful for requested
VSAM data set on any [included] volume -
dsname
Explanation:
This message indicates that you requested an action for a VSAM data set, but the
ALLOCATE attempt was not successful or the volume was not included by your SELECT and EXCLUDE statements. This text of the message can only occur if
RESTORE=YES (same as RECALL=YES) was specified or implied.
Severity:
08
CKF178I RESTORE=NO and expected VSAM data set not on any [included] volume
dsname
Explanation:
This form of the message indicates that you requested an action for a VSAM data set, but the data set was not found in any VTOC included by your
SELECT and EXCLUDE statements, and RESTORE=NO
(same as RECALL=NO) was specified or implied.
Severity:
08
Chapter 2. CKF Messages
23
CKF179I • CKF187I
CKF179I Unsupported MPFT level xx
Explanation:
This message indicates that a newer control block layout was encountered than currently supported for the Message Processing Facility.
Information on message suppression will be missing from the CKFREEZE file. Contact IBM Software
Support.
Severity:
08
CKF180I Device
dev volume has no VTOC
Explanation:
This message indicates that the indicated volume had no VTOC at the time of the last IPL or
VARY command. Processing is skipped for this volume.
Severity:
04
CKF181I Device
dev volume has VTOC on track 0
record
n - not supported
Explanation:
This message indicates that the indicated volume had a VTOC on track 0 at the indicated record.
This format is not recognized by zSecure Collect.
Processing is skipped for this volume (the VTOC will not be dumped).
Severity:
04
CKF182I Options for this run are:
FOCUS=(
focus)
IO=
Y/N,TCPIP=Y/N, DASD=Y/N,
TAPE=
Y/N, SWCH=Y/N, PATH=Y/N,
VTOC=
Y/N, VVDS=Y/N, PDS=Y/N,
CAT=
Y/N/MCAT, MCD=Y/N, BCD=Y/N,
DMS=
Y/N, ABR=Y/N, TMC=Y/N,
RMM=
Y/N, VMF=Y/N, UNIX=Y/N
[,UNIXCLIENT=
Y/N] RECALL=Y/N
[,AUTOMOUNT=
Y/N, UNIXACL=Y/N],
SHARED=
Y/N, OFFLINE=Y/N,
SMS=
Y/N, STATS=Y/N, IDR=Y/N,
CHECK=
Y/N, SCAN=Y/N,
PARALLEL=
NONE/PATHGROUP/PATH
[,NO]REPORT[,ALLRECS]
[,WAIT=
Y/N[,BURSTS=num,
BURSTWAIT=
num,BURSTSIZE=num ]]
[,[NO]KEY0, [NO]BYPASS, [NO]SIO,
[NO]XMEM, [NO]XMDSN, [NO]DIAG,
[NO]UID0[,UNCONNECTED]
[,SLOWDOWN] [,FREE]
[,MONITOR=
num] [,INTERVAL=num]],
ENQ=
Y/N, DDLIMIT=num,
IOTIMEOUT=
nn, PDSEBUFSIZE=num,
SIGVER=
Y/N, XTIOT=Y/N, MOD=Y/N,
NJE=
Y/N, CICS=Y/N, IMS=Y/N,
MQ=
Y/N, DB2=Y/N, DB2CAT=Y/N,
[NO]DB2ADM, TKDS=
Y/N,
SERIALIZATION(NOENQ|
ENQ(SYSDSN/CKRDSN/
SYSDSN,CKRDSN)
[,WAIT[,MAXWAIT(
nn)]|,
24
Messages Guide
FAIL][,VOLSER][,UNIT])
Explanation:
This message lists the basic options
(options that are not a combination of others) that are currently in effect.
Severity:
00
CKF183I Device
dev volume CP-formatted VTOC
not supported
Explanation:
This message indicates that the volume has the VTOC in a position as for a CP-formatted volume (for use by VM). Processing is skipped for this volume (the VTOC will not be dumped).
Severity:
04
CKF184I Device
dev volume AIX-formatted VTOC
not supported
Explanation:
This message indicates that the volume has the VTOC in a position as for an AIX-formatted volume (for use by AIX/ESA
®
). Processing is skipped for this volume (the VTOC will not be dumped).
Severity:
04
CKF185I
Explanation:
This message indicates that an I/O error occurred while processing a track in a PDS directory.
Severity:
08
Error reading rel trk
nnn in dev volume
dsname directory
CKF185I
Explanation:
This message indicates that an I/O error occurred while processing a track in a PDS member.
Severity:
08
Error reading rel trk
nnn in dev volume
dsname(member)
CKF186I Unexpected CSVAPF return code
xxxxxxxx hex, reason code xxxxxxxx hex
Explanation:
This message indicates that the CSVAPF service returned an unexpected return code. Contact
IBM Software Support.
Severity:
08
CKF187I Unexpected CSVDYNL return code
xxxxxxxx hex, reason code xxxxxxxx hex
Explanation:
This message indicates that the
CSVDYNL service returned an unexpected return code.
Contact IBM Software Support.
Severity:
08
CKF188I Unexpected CSVDYNL return data
Explanation:
This message indicates that the
CSVDYNL service returned unexpected data (no sets at all). Contact IBM Software Support.
Severity:
08
CKF189I Exit same ptr for
module1 and module2
ASID=
aaaa tag=xx and ASID=bbbb
tag=
yy
Explanation:
This message indicates that two module major names were found that both claimed to reside at the same address. Only one of the names will be the
'official' name in the CKFREEZE file.
Severity:
04
CKF190I Slowdown mode invoked because
VVDS
volser has no index for bcsname
Explanation:
An error was found in the VVDS (it will show up on an IDCAMS DIAGNOSE). This error made it impossible to use fast I/O routines. Slowdown mode was invoked instead.
Severity:
00
CKF191I NOCLOSE only valid in PARM string
Explanation:
This message indicates that the
NOCLOSE parameter does not work unless present in the parameter string.
Severity:
16
CKF192I NODCBE only valid in PARM string
Explanation:
This message indicates that the NODCBE parameter does not work unless present in the parameter string.
Severity:
16
CKF193I NODUMP only valid in PARM string
Explanation:
This message indicates that the
NODUMP parameter does not work unless present in the parameter string.
Severity:
16
CKF194I Unexpected return code
hhhhhhhh from
IARV64 REQUEST=LIST for
xxxx
memory
Explanation:
An IARV64 REQUEST=LIST macro failed with return code hhhhhhhh. In the message, xxxx can be either XSHR or XCOM. IARV64 REQUEST=LIST is used to retrieve information about 64-bit memory objects. There are two types of memory objects for which CKFCOLL will request information. These are
CKF188I • CKF196I
Shared Memory Objects which zSecure refers to as
XSHR objects, and Common Memory Objects which zSecure refers to as XCOM objects. As a result of this error, it is likely that information about Shared or
Common memory objects will be missing from the
CKFREEZE file.
User response:
This error might be caused by running zSecure on an operating system that is not supported, or by recent maintenance to the operating system which might have affected IARV64. It might also be caused by a memory corruption. For further information about the error, refer to the return codes for IARV64, which are documented in the MVS
Programming: Authorized Assembler Services Reference
manuals, SA23-1371 to SA23-1375. If the problem persists, contact IBM Software Support.
Severity:
08
CKF195I
tttt abend xxx-nn (description) in
IARV64 REQUEST=LIST processing.
xxxx info missing
Explanation:
An abend occurred while processing an
IARV64 REQUEST=LIST macro . In the message, v tttt will be either System or User, that is, the type of abend v
description describes the abend v
xxxx will be either XSHR or XCOM.
IARV64 REQUEST=LIST is used to retrieve information about 64-bit memory objects. There are two types of memory objects for which CKFCOLL will request information. These are Shared Memory Objects which zSecure refers to as XSHR objects, and Common
Memory Objects which zSecure refers to as XCOM objects. As a result of this error, it is likely that information about Shared or Common memory objects will be missing from the CKFREEZE file.
User response:
This error might be caused by running zSecure on an operating system that is not supported, or by recent maintenance to that operating system, which might have affected IARV64. It might also be caused by a memory corruption. For further information about the error, refer to the return codes for IARV64 documented in the series of manuals "MVS
Programming: Authorized Assembler Services
Reference SA23-1371 to SA23-1375". If the problem remains, contact IBM Software Support.
Severity:
08
CKF196I Unexpected IXCCPLX processing
type
abend
xxx-nn (explanation)
Explanation:
This message indicates that an abend occurred while processing the IXCCPLX. The couple data set definition records will be missing from the file.
Severity:
04
Chapter 2. CKF Messages
25
CKF197I • CKF209I
CKF197I
Explanation:
This message indicates that an unexpected abend condition was encountered while executing IEEQEMCS. This may be accompanied by a system dump. Information on EMCS consoles will be missing from the CKFREEZE file. Contact IBM
Software Support.
Severity:
12
Unexpected
type abend xxx-nn
(
explanation) during IEEQEMCS
CKF198I Unexpected IEEQEMCS RC=
nn RSN=nn
Explanation:
This message indicates that an unexpected return code and reason code was returned
Messages from 200 to 299
CKF200I
Explanation:
This message indicates that the data set
datasetname (which is supposed to be a type data set) could not be found by the OBTAIN service of MVS.
The return code returned by the service is rc.
Severity:
00
OBTAIN return code
rc on type data set
volser datasetname
CKF201I Access denied to one or more APF authorized features - adjust FOCUS or drop APF authorization
Explanation:
This message indicates that the user has insufficient authority on the proper resource. He either has to change the requested function, obtain a READ permit to the proper CKF.focus resource, or drop APF authorization (for example, by adding a non-authorized
STEPLIB).
Severity:
12
CKF202I Resource profile does not permit use of
FOCUS=AUDIT* -
class CKF.AUDIT
Explanation:
This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8). AUDIT* means either AUDITACF2,
AUDITRACF or AUDITTSS.
Severity:
12
CKF204I Resource not defined -
class profile
Explanation:
This message indicates that the indicated profile cannot be found (RACF return code 4 while class is active). Message CKF211I will follow.
Severity:
00
CKF205I ESM return code
nnnnnnnn hex, reason
code
nnnnnnnn hex class profile
26
Messages Guide by the IEEQEMCS service. Information on EMCS consoles will be missing from the CKFREEZE file.
Contact IBM Software Support.
Severity:
12
CKF199I Unsupported UCM level
xx
Explanation:
This message indicates that a newer control block layout was encountered than currently supported for analyzing consoles. Information on consoles will be missing from the CKFREEZE file.
Contact IBM Software Support.
Severity:
08
Explanation:
This message indicates the ESM return code and reason code returned in the first two fullwords of the RACROUTE REQUEST=AUTH parameter list by SAF. Generally, the meaning is explained in additional messages, or, for return code 8, in an ICH408I message issued by RACF in the job log.
This message is mainly for debugging purposes. The meanings of the reason codes are documented in the
ESM documentation.
Severity:
12
CKF206I ESM not installed, no authorization check possible
Explanation:
This message indicates that no resource access control is present on the system, as indicated by return code 24 on the RACSTAT macro. All operations requested will be allowed.
Severity:
00
CKF207I ESM inactive, no authorization check possible
Explanation:
This message indicates that no resource access control is active on the system. All operations requested will be allowed.
Severity:
00
CKF208I SAF class
class not defined in CDT, no
authorization check possible
Explanation:
This message indicates that the resource class indicated is not defined in the SAF Class
Descriptor Table. All operations requested will be allowed.
Severity:
00
CKF209I SAF class
class not active, no
authorization check possible
CKF210I • CKF227I
Explanation:
This message indicates that protection for the resource class indicated has not been activated on the system. This message will be followed by message CKF210I or CKF214I indicating the focus for which an authorization check was requested.
Severity:
00
CKF210I
Explanation:
This message explains that zSecure
Collect does not collect protected auditing information specifically requested by FOCUS=focus for a user unless this is specifically allowed by a security resource. The
focus can be ALERT*, AUDIT*, or QRADAR*. To be able to check the resource, the indicated class must be activated.
Severity:
12
Authorization checking for class
class
must be active to use FOCUS=
focus
CKF211I Resource profile must be present to use
FOCUS=AUDIT* -
class CKF.AUDIT
Explanation:
This message explains that zSecure
Collect will refuse to collect auditing information specifically requested by FOCUS=AUDIT* for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource.
Severity:
12
CKF214I
Explanation:
This message explains that zSecure
Collect. will refuse to collect protected auditing information specifically requested by FOCUS=focus for a user unless this is specifically allowed by a security resource. To be able to check the resource, the indicated class must be activated. The focus can be ADMIN* or
VISUAL.
Severity:
12
Authorization checking for class
class
must be active to use FOCUS=
focus
CKF215I Resource profile must be present to use
FOCUS=ADMIN* -
class CKF.ADMIN
Explanation:
This message explains that zSecure
Collect will refuse to collect auditing information specifically requested by any of the ADMIN* FOCUS specifications for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource.
Severity:
12
CKF216I Resource profile does not permit use of
FOCUS=ADMIN* -
class CKF.ADMIN
Explanation:
This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8).
Severity:
12
CKF221I
Explanation:
This message is issued if the CSVDYNEX
LIST service fails. The return codes are documented in your MVS system in the macro CSVEXRET. If the return code is 8 and the reason code 2052 decimal, then this means that the caller was not APF-authorized and did not have a READ permit on FACILITY
CSVDYNEX.LIST.
Severity:
04
Unexpected CSVDYNEX return code
nnn reason code nnn (decimal)
CKF222I RMF not active or running under VM -
LCU selection invalid
Explanation:
This message is issued if the RMF control blocks used for LCU processing cannot be found. This can be caused by a system without RMF or under a VM release that does not allow service processor diagnose instructions.
Severity:
16
CKF225I SVC number to scan for must be in range 0..255
Explanation:
This message is issued if the SCANSVC parameter contains a list entry with a value that is not in the range 0 though 255.
Severity:
12
CKF226I Number of RMM control records copied:
nnn
Explanation:
This message, shown if RMM=YES was specified or implied, shows the number of records copied from the RMM control data set.
Severity:
00
CKF227I
Explanation:
This message, shown if CHECK=YES was specified or implied, shows the number of megabytes of data that were read and summarized by the checksum algorithms, as well as the number of PDS members that contained this data.
Severity:
00
Disk data records checked:
nnn MB in
nnn members
Chapter 2. CKF Messages
27
CKF228I • CKF243I
CKF228I Unsupported IDENTIFY IDR data in
dev
volume dsname(member)
Explanation:
This message indicates that the format of
IDENTIFY IDR data for the specified load library member could not be recognized. PTF level information may be missing or incomplete for this member.
User response:
When specifying parameters for data collection, include the PARM= parameter specification in the CKFCOLL batch JCL.
Severity:
04
CKF229I PDS dirblk key/data len
kk/nnn instead
of 8/256 for
dev volume dsname rel track
nnnn
Explanation:
This message indicates that the format of a directory block for the specified load library member was not supported. The rest of the track is skipped.
Possibly the data set has DSORG=PO but no initialized directory.
Severity:
08
CKF230I Number of TLMS base records copied:
nnn
Explanation:
This message, shown if VMF=YES was specified or implied, shows the number of volume base records copies from the TLMS volume master file.
Severity:
00
CKF231I Number of TLMS data set cells copied:
nnn
Explanation:
This message, shown if VMF=YES was specified or implied, shows the number of data set records copied from the TLMS volume master file.
Severity:
00
CKF232I Number of ABR archive records copied:
nnn
Explanation:
This message, shown if ABR=YES was specified or implied, shows the number of records copied from the ABR archive control file.
Severity:
00
CKF233I Unexpected CSRSI return code
xxxxxxxx
Explanation:
This message indicates that the CSRSI service returned an unexpected return code. As a result, less CPU detail information will be dumped.
Severity:
00
CKF234I No valid data found on track
nnn
Explanation:
This message is shown if I/O was done to a track but nothing was found on the track. This is not a normal situation, contact IBM Software Support.
Severity:
08
CKF235I MON msg
nnn: text
Explanation:
This message is shown during
MONITOR processing. The number nnn corresponds to a proper zSecure Collect message. See the appropriate
CKFnnnI message for an explanation.
Severity:
08
CKF236I CKFCMON internal error on
text
Explanation:
This message is shown during
MONITOR processing. Contact IBM Software Support.
Severity:
24
CKF237I
type abend xxx-nn (explanation) during
ERBSMFI processing
Explanation:
This message is shown if ERBSMFI, the
RMF interface module was abnormally terminated during MONITOR processing. Contact IBM Software
Support if you cannot find an obvious cause.
Severity:
08
CKF238I
parm must be less than 1440 (1 day)
Explanation:
The MONITOR or INTERVAL parameter was specified as a number of minutes greater than
1440. Both parameters must be less than 1 day.
Severity:
12
CKF242I Dynamic exit info omitted, SAF READ access required on FACILITY class entity CSVDYNEX.LIST if non-APF
Explanation:
This message is issued if the CSVDYNEX
LIST service fails. The CSVDYNEX return code was 8 and the reason code 2052 decimal. This is documented in your MVS system in the macro CSVEXRET. It means that the caller was not APF-authorized and did not have a READ permit on FACILITY CSVDYNEX.LIST.
Severity:
04
CKF243I Resource profile must be present to use
FOCUS=QRADAR* -
class
CKF.QRADAR
Explanation:
This message explains that zSecure
Collect does not collect auditing information specifically requested by any of the QRADAR* FOCUS specifications for a user unless this is specifically
28
Messages Guide
allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. The check for CKF.QRADAR is not done if an
AUDIT* focus is also specified or implied.
Severity:
12
CKF244I Resource profile does not permit use of
FOCUS=QRADAR* -
class
CKF.QRADAR
Explanation:
This message indicates that the user has insufficient authority on the indicated recourse (SAF return code 8). The check for CKF.QRADAR is not done if an AUDIT* focus is also specified or implied. In that case, a permit on CKF.AUDIT is also sufficient.
Severity:
12
CKF245I
Explanation:
This message indicates that a track read contained an unexpected block size. The remainder of the track is skipped. The current relative track number and physical record number are shown in decimal. The
type can be TMC or VMF. This message is only issued for a TMC or VMF when the block length reported is an integer multiple of the record length, so that the block would have been valid for a last block; however, this was not the last block.
Severity:
08
Unexpected block length
nnn at rel track
nnn Rnn of type vol dataset
CKF246I Empty tracks in CA not skipped, more than 32 blocks in CI -
nn blk/CI cluster
dsname
Explanation:
This message indicates that the internal
I/O optimization algorithm could not finish processing because it only supports 32 physical blocks per control interval. Instead, it will always read all tracks of a control area, even if some tracks are empty. This slightly reduces the I/O performance, it does not indicate any loss of data.
Severity:
04
CKF247I
Explanation:
This message occurs if the vertical pointer mask conflicts with the number of CI pointers.
Severity:
08
Invalid index record header for
catname
on
volser
CKF248I OPEN abend 213-04 on device
dev
volume
volser for dsname
Explanation:
The data set named dsname could not be opened for input on device dev. zSecure Collect issues this message (instead of CKR030I) when it was looking for an APF library the user did not explicitly indicate,
CKF244I • CKF253I
and the library apparently is not physically present on the volser. The sensitivity report produced by zSecure
Audit for RACF will properly show this, and there is no reason to assume any reports will be invalidated by this condition.
Severity:
04
CKF249I Empty tracks in CA not skipped, more than 2048 blocks in CA -
nnn blk/CA
cluster
dsname
Explanation:
This message indicates that the internal
I/O optimization algorithm could not finish processing because it only supports 2048 physical blocks per control area. Instead, it always reads all tracks of a control area, even if some tracks are empty. This slightly reduces the I/O performance; it does not indicate any loss of data. Consider reviewing whether the data set should be reblocked, because more than
2048 blocks per CA means that it has an extremely inefficient blocking factor.
Severity:
04
CKF250I
Explanation:
This message indicates that a VSAM data set had slack space at the end of an extent. It was skipped. If you want, you can reallocate the data set to reclaim wasted space and get rid of this message. If the message persists even after reallocation, contact IBM
Software Support.
Severity:
00
Skipping VSAM extent slack
n trk of
extentsize at rel trk nnn in vol dsname
CKF251I Slowdown mode invoked for
vol dsname
Explanation:
This message indicates that a VSAM data set will be read with the slower method, but no more specific error message as to the reason is available.
Severity:
00
CKF252I Open failed for ACF2 Unload file
ddname
Explanation:
This message indicates that the ACF2
Unload file mentioned could not be opened.
Severity:
00
CKF253I
type abend xxx-nn (explanation) on dev
volser dsname
Explanation:
An abend that could not be handled by the OPEN abend exit occurred during opening of the data set dsname on the volume and device indicated.
Severity:
08
Chapter 2. CKF Messages
29
CKF254I • CKF267I
CKF254I
Explanation:
An abend that could not be handled by the OPEN abend exit occurred during opening of the data set dsname on the volume and non-DASD device indicated.
Severity:
08
type abend xxx-nn (explanation) on dev
volser dsname
CKF255I
Explanation:
An abend that could not be handled by the OPEN abend exit occurred during opening of the
DASD catalog index dsname on the volume and device indicated.
Severity:
08
type abend xxx-nn (explanation) on dev
volser dsname
CKF256I Slowdown mode invoked because
Extended Format
vol dsname
Explanation:
This message indicates that a VSAM data set will be read with the slower method, because it is an Extended Format data set.
Severity:
00
CKF257I
Explanation:
An unexpected RACROUTE abend occurred.
Severity:
08
RACROUTE
type abend xxx-nn
(explanation)
CKF258I STATUS=ACCESS not allowed for this user (system abend 047)
Explanation:
The current non-APF run of zSecure
Collect does not run under a logon ID that is authorized to do RACROUTE STATUS=ACCESS calls.
This can be remedied by using the NOAPFCHK keyword on a SAFDEF record that describes the zSecure Collect environment:
INSERT SAFDEF.apf PROGRAM(CKFCOLL)
RB(CKFCOLL)
NOAPFCHK RACROUTE
(REQUEST=AUTH,CLASS=DATASET,
STATUS=ACCESS)
Severity:
00
CKF259I No storage available for I/O buffer
Explanation:
zSecure Collect did not have enough storage available to create an I/O buffer of adequate size. This will result in program termination. Allocate a larger region for the zSecure Collect run to avoid this problem.
Severity:
12
30
Messages Guide
CKF260I
Explanation:
This message indicates that the
UCBSCAN service did not return information for the indicated device. The intended authorized I/O function will not be performed. This may be due to a dynamic change during the zSecure Collect run. If this error recurs in another run, contact IBM Software Support.
Severity:
12
UCBSCAN does not return device
hhhh volser
CKF261I
Explanation:
While reading the index of the data set mentioned conflicting length specifications were found.
This is usually indicative of a corrupted data set.
Further processing for this data set will be skipped.
Severity:
08
Corrupted length found while reading
IX on
dev volser dsname
CKF262I Not a cluster or component name --
dsn
Explanation:
This message indicates that a name was passed as if it were a VSAM cluster or data component name, but it is neither a cluster name nor a data component name.
Severity:
08
CKF263I
Explanation:
This message indicates a failure to locate a VSAM data component name in the catalog. The component will be skipped. If you think the program should have found it, contact IBM Software Support.
Severity:
08
Unexpected return code
nn dec during
LISTCAT VOL of
dsn
CKF264I Unexpected
type abend xxx-nn
(explanation) during LISTCAT VOL of
dsn
Explanation:
This message indicates an a failure to locate a VSAM data component name in the catalog; an abend was encountered. The component will be skipped. If you think the program should have found it, contact IBM Software Support.
Severity:
08
CKF267I Unexpected eye catcher
eye catcher for
program object header of
volume
dsname(member)
Explanation:
The indicated program object has an unknown layout. Checksum and IDR processing are skipped for this member.
Severity:
08
CKF268I • CKF277I
CKF268I
Explanation:
Checksum and IDR processing for PDSEs requires the complete header of a program object to be present within the first block read. If this is not the case, processing is skipped.
Severity:
08
Program object header length
hexnum
larger than blocksize
hexnum for volume
dsname(member)
CKF269I Unsupported program object level
hexnum for volume dsname(member)
Explanation:
The indicated program object has an unknown layout. Checksum and IDR processing are skipped for this member.
Severity:
08
CKF270I PDSE processing requires BPAM
Explanation:
NOBSAMBPAM has been specified in the PARM string, specifying that the program should not use BPAM. However, checksum processing and IDR processing for PDSEs require BPAM. This processing will be skipped for all PDSEs.
Severity:
08
CKF271I NOBSAMBPAM only valid in PARM string
Explanation:
This message indicates that the
NOBSAMBPAM parameter does not work unless present in the parameter string.
Severity:
16
CKF272I RACSTAT unexpected RC. CLASS='
class'
SAFRC=
safrc RACFRC=racfrc
RSNCODE=
rsn
Explanation:
While retrieving the dynamic class descriptor table from the system using RACROUTE
REQUEST=STAT calls, the program received a return code indicating an error. zSecure Collect will stop processing the dynamic CDT. To determine the cause of the error, you can look up the return codes in the
Security Server RACF RACROUTE Macro Reference.
Note that if the error occurs halfway through processing the CDT (class will be other than all blanks) zSecure Collect will store part of the CDT in the
CKFREEZE file. This partial dynamic CDT will be used by zSecure Admin and Audit. If the error happens before any class setting is returned (which is more probable) zSecure Collect does not store the dynamic
CDT at all. In that case, zSecure Admin and Audit will use the static CDT for processing.
Severity:
04
CKF273I
ddname volser dsname(member) - problem description
Explanation:
The program encountered an unexpected condition while processing the IDRDATA of a program object. If problem description indicates that the
IDRDATA was truncated, it turned out that the program object contained more IDRDATA than the amount buffered (as governed by the PDSEBUFSIZE parameter). In this case, the IDRDATA written to the
CKFREEZE will be incomplete for the indicated member. Any other value of problem description indicates an unknown layout of the program object, in which case all IDRDATA information for this member will be missing from the CKFREEZE.
Severity:
04
CKF274I
ddname volser dsname(member) has code
size 0
Explanation:
The indicated program object does not actually contain anything in binder class B_TEXT.
Checksum processing is completed really fast for this member. This informational message is issued only if the INFO option was selected.
Severity:
00
CKF275I PDSE buffer size
decnum must lie
between 1 and 1024
Explanation:
The PDSEBUFSIZE parameter accepts only values in the range of 1 to 1024, inclusive.
Severity:
16
CKF276I CKFREEZE file could not be opened
Explanation:
The program failed to open the
CKFREEZE file. Verify that a CKFREEZE DD statement is present, and that the allocation parameters are correct.
Severity:
12
CKF277I
Explanation:
This message indicates that a missing interrupt was detected for I/O of the indicated type. If this was the first I/O (SenseId) to the device during an
APF authorized run, no attempt will be made to dynamically allocate the volume with SVC 99, and the run will continue without hanging. If the run was not
APF authorized, or if this was not the SenseId I/O, then the run may hang in subsequent processing performed by the operating system.
Severity:
08
Device
dev volser does not respond
within
nn seconds during CCW opcode
Chapter 2. CKF Messages
31
CKF278I • CKF288I
CKF278I
Explanation:
This message indicates that a missing interrupt was detected for a track read of an already open data set. The run will attempt to recover, but probably the data set close will hang as well.
Severity:
08
Device
dev volser has stopped
responding within
nn seconds on ddname
during
CCW opcode
CKF279A Respond 'U' to terminate hang test on volume
VOLUME
Explanation:
This WTOR on the operator console indicates that the DEBUGHANGVOLUME parameter was used to test error recovery behavior.
CKF280I
Explanation:
No information on the enablement of products and features on this system could be collected because the call to the IFAEDLIS service failed. The return codes are documented on your MVS system in macro IFAEDIDF.
Severity:
08
Unexpected returncode
rc in IFAEDLIS
call, no enable information dumped.
CKF281I ACF2 resident resource rules are not processed.
Explanation:
Since the program is not running APF, it cannot access information in fetch protected storage.
Severity:
00
CKF282I Resource profile must be present to use
FOCUS=ALERT -
CLASS CKF.ALERT
Explanation:
This message explains that zSecure
Collect will refuse to collect auditing information specifically requested by any of the ALERT* FOCUS specifications for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. The check for CKF.ALERT will not be done if an AUDIT* focus is also specified or implied.
Severity:
12
CKF283I
Explanation:
This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8). The check for CKF.ALERT will not be done if an AUDIT* is also specified or implied. In that case a permit on CKF.AUDIT is also sufficient.
Severity:
12
Resource profile does not permit use of
FOCUS=ALERT -
class CKF.ALERT
CKF284I
Explanation:
This message explains that zSecure
Collect does not collect auditing information specifically requested by any of the TCIM* FOCUS specifications for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. The check for CKF.TCIM is not be done if an
AUDIT* focus is also specified or implied.
Severity:
12
Resource profile must be present to use
FOCUS=TCIM* -
class CKF.TCIM
CKF285I Resource profile does not permit use of
FOCUS=TCIM* -
class CKF.TCIM
Explanation:
This message indicates that the user has insufficient authority on the indicated recourse (SAF return code 8). The check for CKF.TCIM is not done if an AUDIT* focus is also specified or implied. In that case, a permit on CKF.AUDIT is also sufficient.
Severity:
12
CKF286I
Explanation:
This message explains that zSecure
Collect will refuse to collect auditing information specifically requested by FOCUS=VISUAL for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. The check for
CKF.VISUAL will not be done if FOCUS=ADMINRACF is also specified or implied.
Severity:
12
Resource profile must be present to use
FOCUS=VISUAL -
class CKF.VISUAL
CKF287I
Explanation:
This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8). The check for CKF.VISUAL will not be done if FOCUS=ADMINRACF is also specified or implied. In that case a permit on CKF.ADMIN is also sufficient.
Severity:
12
Resource profile does not permit use of
FOCUS=VISUAL -
class CKF.VISUAL
CKF288I
Explanation:
This message indicates that the
STORAGEGC parameter does not work unless present in the parameter string.
Operator response:
When specifying the
STORAGEGC parameter, include the ALLOCATE command in the PARM= parameter in the batch JCL.
Severity:
16
STORAGEGC only valid in PARM string
32
Messages Guide
CKF289I • CKF297I
CKF289I Entry point
address not in extent for
control block module[/module]
Explanation:
When examining an LPDE or CDE control block describing the indicated in-storage module, it was found that the module's entry point is outside the storage range where the module allegedly resides. This condition is most likely a by-product of front-ending. Since in this situation there is no way to determine where the module resides, the information regarding this routine that is written to the CKFREEZE will be incomplete.
Severity:
04
CKF290I
Explanation:
This message indicates that a specification of the LICENSE data set name must precede any use of a licensed parameter or the FOCUS keyword. Note that this keyword is now deprecated and no longer functional.
Severity:
12
LICENSE must precede FOCUS and licensed parameters
CKF291I
Explanation:
You cannot both WAIT and FAIL if the
ENQ request cannot be immediately satisfied. Neither can you request that the program issue an ENQ and not issue an ENQ (NOENQ) at the same time.
Severity:
16
SERIALIZATION options
option1 and
option2 are mutually exclusive
CKF292I Unsupported value
nn for MAXWAIT:
not in the range 1..59
Explanation:
SERIALIZATION=(MAXWAIT) supports only values in the range of 1 through 59, inclusive.
Severity:
16
CKF293I Program not authorized. Disabled APF serialization options UNIT, VOLSER,
ENQ(SYSDSN), and MAXWAIT
Explanation:
SERIALIZATION was specified with at least one of the following parameters: UNIT, VOLSER,
ENQ(SYSDSN), or MAXWAIT. Having dynamic allocation wait until the unit or volser becomes available requires APF authorization. The same is true for requesting an ENQ on QNAME SYSDSN, and for specifying a maximum time to wait until the ENQ request can be specified. Because the program lacks this authorization, it will not wait for units or volsers, will not request ENQs on SYSDSN, and will ignore the specified value for MAXWAIT.
Severity:
04
CKF294I
Explanation:
The tested symbol could not be found in the Static System Symbol table, nor was it SMFID. For the purposes of resolving the IF statement, it is considered to contain an empty string. The IF statement evaluated to result (either true or false). When syntax or entitlement errors have been found earlier in the run, the latter part of the message is not shown, since the correct evaluation of the IF cannot be guaranteed.
Severity:
00
Symbol
symbol was unknown, treated as
empty. [ IF result:
result ]
CKF295I IF statements might not evaluate correctly
Explanation:
This message is preceded by a CKF000I message, indicating an error addressing the symt control block (Static System Symbol table). This table could not be read completely. IF statements in the input might not be correctly resolved. If this error occurs consistently, contact IBM Software Support. This error is only issued when IF statements are present in the input, and can be suppressed.
Severity:
08
CKF296I
Explanation:
The tested symbol was found to have value value. The IF statement evaluated to result (either
true
or false). This message is not issued if syntax or entitlement errors have been found earlier in the run, since the correct evaluation of the IF cannot be guaranteed.
Severity:
00
Symbol
symbol resolved to "value". IF
result:
result
CKF297I Number of allocations: static
sss
dynamic
nnn, freed fff, max allowed
mmm due to TIOT SIZE(ss)
Explanation:
This message indicates how many static
DDName allocations were present, how many SVC 99 calls were made for dynamic allocations, and how many files were freed individually to make room because the maximum was about to be reached. The maximum is determined by the TIOT SIZE() parameter in PARMLIB member ALLOCxx (this determines the physical number of bytes available for DDnames, it varies depending on the number of (candidate) volsers per DDname), and to a much lesser extent by the actual
DYNAMNBR which determines how many unused files may be around. zSecure Collect always deallocates files it frees, so that it does not create additional not-in-use DDnames. The relation between TIOT SIZE and the number of DDnames is approximately as follows: v SIZE(16) means 819 ddnames v SIZE(32) means 1635 ddnames
Chapter 2. CKF Messages
33
CKF298I • CKF307I
v SIZE(64) means 3273 ddnames
For more details on TIOT SIZE, see the ALLOCxx parmlib member in the z/OS MVS Initialization and
Tuning Reference.
Severity:
00
CKF298I Need DDname slot, [premature free of
ddname [vol] dsn | nothing to free]
Explanation:
This message warns of imminent problems because of unsufficient TIOT size. If the message indicates that a file was deallocated
(premature free of ddname [vol]), then it would have been better to leave the file allocated (because of performance and because of serialization with another program, such as DFHSM). If the message indicates
Messages from 300 to 399
CKF300I BPX1GMN failed rc=
hexrc reason=reason
Explanation:
This message indicates that an error occurred during the execution of BPX1GMN. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and
Codes manual.
Severity:
08
CKF301I BPX1OPD failed rc=
hexrc reason=reason
for '
path' depth depth
Explanation:
This message indicates that an error occurred during the execution of BPX1OPD. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
CKF302I
Explanation:
This message indicates that an error occurred during the execution of BPX1RD2. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
For debugging purposes a hex dump of the UIO control block is printed. This area is mapped by the
BPXYFUIO macro, and described in the UNIX System
Services Assembler Callable Services manual.
Severity:
08
BPX1RD2 failed rc=
hexrc reason=reason
path '
path'
CKF303I BPX1CLD failed rc=
hexrc reason=reason
path '
path'
Explanation:
This message indicates that an error occurred during the execution of BPX1CLD. The reason
34
Messages Guide
"nothing to free," this run or subsequent runs of zSecure Collect might easily fail (the headroom is less than 10 files) with a message like IKJ56866I FILE ddname ALLOCATED NOT DATA SET,
CONCURRENT ALLOCATIONS EXCEEDED. Find message 297 at the end of the SYSPRINT for the overall picture.
Severity:
04
CKF299I Need DDname slot, freeing
ddname
Explanation:
This message is issued in response to an
INFO request and reflects normal reuse of a DD name
(TIOT) slot.
Severity:
04 code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
CKF304I
Explanation:
This message indicates that an error occurred during the execution of BPX1CHD. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
BPX1CHD failed rc=
hexrc reason=reason
for .. before
path
CKF305I BPX1CHD failed rc=
hexrc reason=reason
for '
path' depth depth
Explanation:
This message indicates that an error occurred during the execution of BPX1CHD. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
CKF306I
Explanation:
This message indicates that the directory mentioned, at nesting level dirdepth was scheduled to be read. However, the current nesting level is different from the one needed. Contact IBM Software Support.
Severity:
08
Unexpected current depth
depth for
dirdepth 'path'
CKF307I Number of Unix directory entries copied:
nn from nn directories in nn file
systems
Explanation:
This message, shown if UNIX=Y was specified or implied, shows the number of Unix directories read and dumped by zSecure Collect.
Severity:
00
CKF308I OMVS is inactive
Explanation:
This informational message indicates that
UNIX System Services is not active on this system.
Severity:
00
CKF309I BPX1RDX failed rc=
hexrc reason=reason
on '
path'
Explanation:
This message indicates that an error occurred during the execution of BPX1RDX. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
CKF310I
Explanation:
This message indicates that an error occurred during the execution of BPX1RDL. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
BPX1RDL failed rc=
hexrc reason=reason
on '
path'
CKF311I BPX1GMN failed retval=
retval rc=rc
reason=
reason for device number
Explanation:
This message indicates that an error occurred during the execution of BPX1GMN for the indicated device. The reason code consists of two halfwords; the first is the reason code qualifier, the second the reason code. The return code and reason code together describe the problem that occurred and are documented in the UNIX System Services Messages
and Codes manual.
Severity:
08
CKF312I Symlink crosses automount point
'
mountpoint' for 'target':
Explanation:
This informational message indicates that while processing the symlink to target, an automountpoint was passed. This message is issued only if the INFO option is selected.
Severity:
00
CKF308I • CKF319I
CKF313I
Explanation:
This informational message indicates that an extra mountpoint control block is needed for the reading of the contents of the target directory on device.
It is issued only if the INFO option was selected.
Severity:
00
Extra MNTE needed for device
device of
'
target'
CKF314I DIRSRCH (x) not allowed on directory
'
target'
Explanation:
zSecure Collect was not allowed to search the target directory. No information on the contents of this directory will be dumped.
Severity:
00
CKF315I OPENDIR (r) not allowed on directory
'
target'
Explanation:
zSecure Collect was not allowed to open the target directory. No information on the contents of this directory will be dumped.
Severity:
00
CKF316I
type abend xxx-nn (explanation) during
Unix processing
Explanation:
This message indicates that a nonrecoverable abend occurred during Unix processing.
The Unix File System information might not be complete. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF317I Internal error: no MNTP for '
directory'
Explanation:
Contact IBM Software Support.
Severity:
24
CKF318I CATALOG OBTAIN return code hex
rc
probably failed automount of '
target'
Explanation:
An error occurred during the CATALOG
OBTAIN for the target directory. No information on the contents of this directory will be dumped.
Severity:
00
CKF319I Automount attempted for '
target'
Explanation:
This informational message indicates that an automount for the directory mentioned will be attempted. It is issued only if the INFO option was selected.
Severity:
00
Chapter 2. CKF Messages
35
CKF320I • CKF330I
CKF320I
type abend xxx-nn (explanation) during
geteuid - unable to perform UNIX=Y processing
Explanation:
This message indicates that a nonrecoverable abend occurred during geteuid processing. No Unix File System information will be dumped. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF321I Switched to effective UID 0
Explanation:
This informational message indicates that a seteuid 0 call was successful. It is issued only if the
INFO option was selected.
Severity:
00
CKF322I Switched to effective UID
uid
Explanation:
This informational message indicates that a seteuid uid call was successful. It is issued only if the
INFO option was selected.
Severity:
00
CKF323I Seteuid 0 failed rc=
hexrc reason=reason
Explanation:
This message indicates that an error occurred during the execution of the seteuid 0 command. The reason code consists of two halfwords.
The first is the reason code qualifier, the second the reason code as described in the UNIX System Services
Messages and Codes manual. UNIX information will be dumped only partially.
Severity:
04
CKF324I Seteuid
uid failed rc=hexrc reason=reason
Explanation:
This message indicates that an error occurred during the execution of the seteuid uid command. This can mean that zSecure Collect will continue running under an effective UID of 0. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and
Codes manual.
Severity:
08
CKF325I
Explanation:
This informational message indicates that contents of directory target will not be dumped because the directory is not mounted and AUTOMOUNT=NO was specified.
Severity:
00
AUTOMOUNT=N and directory not mounted '
target'
36
Messages Guide
CKF326I
Explanation:
This informational message indicates that the directory mounted on the indicated path is scheduled to be read. It is issued only if the INFO option was selected.
Severity:
00
Schedule MNTE device
number DIRP
path
CKF327I Schedule link DIRP
target
Explanation:
This informational message indicates that the directory specified in target is scheduled to be read.
It is issued only if the DEBUG option was enabled.
Severity:
00
CKF328I Start on DIRP
path depth depth
Explanation:
This informational message indicates that zSecure Collect starts reading the mentioned directory at nesting level depth. It is issued only if the INFO option was selected.
Severity:
00
CKF329I Postpone dir device
device for 'target'
Explanation:
This informational message indicates that the reading of the target directory on device is postponed. It is issued only if the INFO option was selected.
Severity:
00
CKF330I
Explanation:
This message indicates that a nonrecoverable abend occurred during a LOAD of the indicated exit. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
type abend xxx-nn (explanation) during
LOAD of exit
exit from device volume
ddname
CKF330I
type abend xxx-nn (explanation) returned
by LOAD of exit
exit from device
Explanation:
This message indicates that the LOAD of exit has recovered from an abend. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF331I • CKF340I
CKF331I
type abend xxx-nn (explanation) during
DELETE of exit
exit from device volume
ddname
Explanation:
This message indicates that a nonrecoverable abend occurred during a DELETE of the indicated exit. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF332I BPX1PCT: List aggregates failed. RC=
rc
reason=
reason
Explanation:
This message indicates that an error occurred during the execution of the BPX1PCT "List
Attached Aggregate Names" function. This is not necessarily wrong. This message can for instance also be generated on systems that do not have the zFS file system running. The reason code given consists of two half words. The first is the reason code qualifier. The second is the reason code as described in the UNIX
System Services Messages and Codes manual.
Severity:
04
CKF333I
Explanation:
This message indicates that an error occurred during the execution of the BPX1PCT "List
Aggregate Status" function. The reason code given consists of two halfwords. The first is the reason code qualifier. The second is the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
BPX1PCT: List aggregate status failed.
RC=
rc reason=reason
CKF334I
Explanation:
This message indicates that an error occurred during the execution of the BPX1PCT "List
File System Names" function. The reason code given consists of two halfwords. The first is the reason code qualifier. The second is the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
BPX1PCT: List file systems failed. RC=
rc
reason=
reason
CKF335I BPX1PCT: List file system status failed.
RC=
rc reason=reason
Explanation:
This message indicates that an error occurred during the execution of the BPX1PCT "List
File System Status" function. The reason code given consists of two halfwords. The first is the reason code qualifier. The second is the reason code as described in the UNIX System Services Messages and Codes manual.
Severity:
08
CKF336I
Explanation:
A call to Directory Entry Services returned the indicated unexpected error. All checksum and IDR processing for the offending PDSE is skipped.
Specify the INFO option to capture enough information in SYSPRINT to determine which PDSE caused the problem.
Severity:
08
Unexpected DESERV
return_code_description reason_code_description
CKF337I
Explanation:
This message alerts you to the fact that the program could not obtain authorization while the
APF keyword was specified, indicating that authorization is considered essential. The resulting
CKFREEZE only contains a zSecure Collect identification record. For additional information, see the section Authorized or unauthorized? in the zSecure
Collect documentation available in the user reference manual for your zSecure product.
Severity:
12
Task is not APF authorized, but APF authorization needed
CKF338I Number of UNIX ACL records copied:
num access ACLs, num directory default
ACLs,
num file default ACLs
Explanation:
This message, shown if UNIXACL=Y was specified or implied, shows the number of UNIX
ACL records dumped by zSecure Collect.
Severity:
00
CKF339I BPX1PIO failed rc=
hexrc reason=reason
for type
type on 'path'
Explanation:
This messages indicates that an error occurred during the execution of BPX1PIO. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual.
The type shown can be 1 for an access ACL, 2 for a file model ACL or 3 for a directory model ACL.
Severity:
08
CKF340I DIRP for MNTP device
device mountpoint
Explanation:
This informational message indicates that the directory on the mountpoint and device mentioned will be read. It is issued only if the INFO option was selected.
Severity:
00
Chapter 2. CKF Messages
37
CKF341I • CKF351I
CKF341I
Explanation:
This message indicates that the w_getmntent (BPX1GMN) service returned an empty pathname (MNTENTMOUNTPOINT). This can occur if the user running zSecure Collect lacks search authorization to one or more of the directories in the mount point, or if the file system is mounted asynchronously. A mount point entry is written, but the device is not processed further. A UNIX mount report generated from the resulting CKFREEZE will show the mount point empty for the reported file system. A
UNIX file report does not show the file system at all.
Severity:
04
Empty pathname MNTE for device
device FS name file_system_name
CKF342I Schedule DIRP
target depth depth
Explanation:
This informational message indicates that the target directory mentioned at nesting level depth is scheduled to be read. It is issued only if the INFO option was selected.
Severity:
00
CKF343I Successful cd .. to depth
depth
Explanation:
This informational message indicates that a successful directory switch upwards to nesting level
depth has been done. It is issued only if the INFO option was selected.
Severity:
00
CKF344I Successful cd
target depth depth
Explanation:
This informational message indicates that a successful directory switch to target on nesting level
depth has been done. It is issued only if the INFO option was selected.
Severity:
00
CKF345I Success opendir '
target'
Explanation:
This informational message indicates that a successful directory open on target was performed. It is issued only if the INFO option was selected.
Severity:
00
CKF346I Perform closedir '
target'
Explanation:
This informational message indicates that a close on the target directory will be performed. It is issued only if the INFO option was selected.
Severity:
00
CKF347I Duplicate pathname MNTE devices
device1 and device2 FS name
file_system_name mountpoint mountpoint
Explanation:
This message indicates that a second device device2 is mounted at the same mount point as an earlier device device1. The second device for the indicated file system is not processed. zSecure Audit may flag this condition again with message CKR1064.
Severity:
08
CKF348I
Explanation:
This message indicates that the mount entry for the indicated device was found twice. It is processed only once. zSecure Audit may flag this condition again with message CKR1064.
Severity:
04
Duplicate MNTE for device
device
mountpoint
mountpoint
CKF349I BPX1LST failed rc=
hexrc reason=reason
for '
pathname' depth depth
Explanation:
The lstat() call for the indicated pathname failed. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX
System Services Message and Codes manual. The directory is not processed.
Severity:
08
CKF350I Device number
olddev changed to newdev
during run for '
mountpoint'
Explanation:
The lstat() call for the indicated mount point returned another device number than was seen when the file system dump was scheduled. This is not properly supported. The zSecure report will show the old device number and mount information that was associated with the old device number, together with the files associated with the new device number. If this is a recurring problem, contact IBM Software Support.
Severity:
08
CKF351I
Explanation:
This informational message indicates that a mount point was encountered that was not present in the mount point table at the start of the zSecure Collect run, and was not seen in its parent directory either.
This typically happens when a symlink crosses an automount point into an unmounted directory. This message is only issued if the INFO option was selected.
Severity:
00
Device number
dev assigned to
'
mountpoint'
38
Messages Guide
CKF352I • CKF361I
CKF352I
Explanation:
This message indicates that no valid ZFS system was found. Therefore, no data on ZFS file systems and aggregates is dumped.
Severity:
00
The ZFS file system has not been started.
CKF353I PC LPA not in common storage, but at
address target ASID address space ID
Explanation:
The Latent Parameter Address passed to a PC (Program Call) routine is not in common storage.
The value of the Latent Parameter will not be dumped.
Severity:
00
CKF354I
Explanation:
This message indicates that a nonrecoverable abend occurred during function processing. The function can be WRTAGGR for ZFS
Aggregate processing or WRTCNFG for Query Config processing. Information about ZFS Aggregates or
Sysplex Sharing might not be complete. For information about the common abend codes, see the zSecure Collect documentation in the User Reference
Manual for your zSecure product.
Severity:
08
type abend xxx-nn (explanation) during
function processing
CKF355I
Explanation:
The ACL returned by the w_pioctl service (BPX1PIO) did not match the requested ACL type. This might, for example, occur if your z/OS image does not have the service for IBM APAR
OW57201 applied. zSecure Collect attempts to correct this error by setting the ACL type to the requested type in the record before writing it to the CKFREEZE file.
This may prevent zSecure from issuing CKR1761. The
types shown can be access, fdefault, or default for an access ACL, file model ACL or directory model ACL, respectively.
Severity:
04
BPX1PIO returned a
returnedtype ACL -
corrected to a
requestedtype ACL
CKF356I No READ access to data set
volser dsn
Explanation:
This message indicates that the user does not have read access to the indicated non-VSAM data set, and hence it will be skipped for processing.
Severity:
04
CKF357I Task terminating due to EXIT request
Explanation:
During input parsing an EXIT statement was read. The program terminates with the return code specified on the EXIT statement. This message has a severity equal to the value specified in the RC parameter of the EXIT statement.
Severity:
variable
CKF358I RC should be a number between 0 and
99
Explanation:
The RC keyword of the EXIT command was specified, but did not fall in the supported range.
Numbers below zero and above 99 are not supported.
Severity:
16
CKF359I Unable to dump master catalog, see other messages
Explanation:
The program terminates without having dumped the master catalog as requested. For the cause, look back for DAIRFAIL messages, for instance
IKJ56866I FILE ddname ALLOCATED NOT DATA SET,
CONCURRENT ALLOCATIONS EXCEEDED. Also look for CKF297I at the bottom to see if the number of
DDnames might be the problem. Occurrence of
CKF298I may also point to a TIOT size problem.
Severity:
08
CKF360I
Explanation:
Normal VSAM processing was used instead of faster EXCP processing for the specified
VSAM cluster because it has Record Level Sharing
(RLS).
Severity:
00
Slowdown mode invoked because of
RLS for volume
dsname
CKF361I Signature verification
action for volser
dsn(mem)
Explanation:
Signature verification was requested by the SIGVER=YES parameter and the module named in the library either failed verification (action=fails) or passed verification (action=success).
User response:
If the verification failed, look for operator messages ICH44x or run a newlist type=smf report and select on type=80, event=86(1:7) to obtain additional information about the failure. Some possible causes for failure are: v The module has a bad signature.
v The module has no signature but the RACF profile for the program requires a signature.
v The module has a valid signature but the certificate chain is not valid.
Severity:
00
Chapter 2. CKF Messages
39
CKF362I • CKF383I
CKF362I SIGVER=YES is invalid on a system that does not support signature verification
Explanation:
Signature verification, requested by the
SIGVER=YES parameter, cannot be performed on the current system because the system on which CKFCOLL is running does not support signature verification.
User response:
Remove the SIGVER=YES parameter and rerun the CKFCOLL job.
Severity:
12
CKF372I Running an unsupported version
vv.rr.mm of z/OS, results are
unpredictable - please upgrade
Explanation:
This message indicates that zSecure is being run on an operating system level that it is not supported on. The results are unpredictable. Upgrade zSecure to the proper version.
Severity:
04
CKF375I
Explanation:
The IEFPRMLB service unexpectedly returned the indicated return and reason codes. This can result in missing information about parmlib concatenations activated after IPL. Contact IBM
Software Support.
Severity:
08
Unexpected IEFPRMLB result, RC
hexrc
RSN
hexreason
CKF376I Parmlib data set
dsname not found on
volume
volume
Explanation:
The parmlib data set indicated was not found on the volume where it was expected. No attempt is made to restore it, and further processing for this data set is skipped.
Severity:
04
CKF377I Exactly one DD/DDPREF/DSN/
DSNPREF keyword should be specified
Explanation:
A CHECK= statement was read, which did not specify YES/NO, and did not contain a single keyword DD, DDPREF, DSN or DSNPREF. Fix your command parameters, and retry the job.
Severity:
12
CKF378I TCP/IP stack configuration data cannot be collected on
OS_level
Explanation:
zSecure Collect can only collect TCP/IP stack configuration data for systems running z/OS
V1R11 or higher.
User response:
If you are running zSecure on a z/OS
40
Messages Guide system that is V1R10 or lower, you can prevent this message by making sure that the zSecure Collect TCPIP parameter is set to NO in the zSecure Collect invocation.
For information about setting this parameter, see
"zSecure Collect for z/OS" in the IBM Security zSecure
Admin and Audit for RACF: User Reference Manual.
Severity:
00
CKF379I Unexpected
abend during LISTCAT of
DSNPREF=
dsnpref
Explanation:
This message indicates a failure to locate data set names matching the indicated prefix in the catalog; an abend was encountered. This CHECK statement will be ignored. If you think the program should have found data sets, contact IBM Software
Support.
Severity:
12
CKF380I
Explanation:
: This message indicates a failure to locate data set names matching the indicated prefix in the catalog. This CHECK statement will be ignored. If you think the program should have found data sets, contact IBM Software Support.
Severity:
12
Unexpected return code
nn dec during
LISTCAT of DSNPREF=
dsnpref
CKF381I No matching data sets for CHECK
statement
Explanation:
No data sets were found that matched the statement indicated. If you think the program should have found data sets, contact IBM Software
Support.
Severity:
08
CKF382I DD/DDPREF do not support DSORG=
Explanation:
Additional DSORG selection is not supported in combination with the DD and DDPREF keywords on the CHECK statement. Fix your command parameters, and retry the job.
Severity:
12
CKF383I
Explanation:
The ddname indicated is a concatenation that contains at least one tape data set. This is not supported. Split the concatenation in such a way that each DD statement contains either a concatenation of
DASD data sets, or a single tape data set, and retry the job.
Severity:
12
DD
ddname concatenations with tape
data sets are not supported
CKF384I • CKF395I
CKF384I DD
ddname checksum of a single
member is not supported
Explanation:
The indicated ddname contains the allocation of a single member of a PDS(E). This is not supported. Remove the member specification from the allocation statement, and retry the job. A checksum will be computed for all members of the PDS(E) and as well as for the data set in its entirety.
Severity:
12
CKF385I Using SAF class
class for resource checks
Explanation:
The resource class indicated is the one previously configured in the Site module, see Appendix
A: The Site module in IBM Security zSecure
CARLa-Driven Components: Installation and Deployment
Guide.
Severity:
00
CKF386I IFAQUERY return area too small.
Omitted
nnn log stream records.
Explanation:
Even after passing the required length in a second call, there is still not sufficient space to store the
SMF log stream data. Contact IBM Software Support.
Severity:
08
CKF387I Unexpected return code from
IFAQUERY. SMF log stream information is not collected. rc=
hhhhhhhhhhh hex
rsn=
hhhhhhhhhhh hex
Explanation:
Failure to obtain SMF log stream data.
Contact IBM Software Support.
Severity:
12
CKF388I Unexpected IXGCONN connect RC
xxxxxxxx hex reason yyyyyyyy hex; data
sets will be missing for stream name.
Explanation:
This message indicates failure to connect to an SMF log stream. Data set names backing this log stream are not included in sensitive data and trust analysis reports. Please contact IBM Software Support.
Severity:
08
CKF389I Unexpected IXGQUERY RC
xxxxxxxx
hex reason
yyyyyyyy hex; data sets will
be missing for stream name.
Explanation:
This message indicates failure to obtain information from a successfully connected SMF log stream. Data set names backing this log stream will be missing from sensitive data and trust analysis reports.
Please contact IBM Software Support.
Severity:
08
CKF390I Unexpected IXGCONN disconnect RC
xxxxxxxx hex reason yyyyyyyy hex for
stream name
Explanation:
This message indicates failure to disconnect from a successfully connected SMF log stream. Contact IBM Software Support.
Severity:
04
CKF391I
type abend code-reason (explanation)
during IXGCONN connect for
stream name
Explanation:
This message indicates failure to connect to an SMF log stream. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Contact IBM Software Support if you cannot resolve the abend.
Severity:
08
CKF392I
Explanation:
This message indicates the log stream data set name format is not recognized and hence not further analyzed. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Contact IBM Software Support.
Severity:
08
Unexpected log stream DSN format
dsname for stream name
CKF393I Unexpected RC
nn dec during LISTCAT
of
"level" for stream name
Explanation:
This message indicates a failure trying to find any VSAM cluster names for log stream data sets.
Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Contact
IBM Software Support.
Severity:
08
CKF394I
Explanation:
This message indicates a failure while trying to find VSAM cluster names for log stream data sets. Data set names backing this log stream will be missing from sensitive data and trust analysis reports.
Contact IBM Software Support if you cannot resolve the abend.
Severity:
08
type abend code-reason (explanation)
during LISTCAT of
"level" for stream
name
CKF395I An unexpected return code was received from IEFSSREQ SSI=54. Subsys=jjjj,
R15=nn, SSOBRETN=ss.
Explanation:
An IEFSSREQ request type 54 for subsystem jjjj ended with nn for Register 15 and ss for
Chapter 2. CKF Messages
41
CKF399I • CKF541I
the SSOBRETN field, where: v jjjj is the name of the subsystem that is queried.
v nn is the value of R15 returned from IEFSSREQ.
v ss is the value of the SSOBRETN field returned by
IEFSSREQ.
If this error occurs, a record containing the results of the IEFSSREQ SSI=54 has not been written to the
CKFREEZE data set.
If you are running z/OS version 1.8 or later, this error can also result in additional errors related to JES2 exit processing. In order to process these exits, the zSecure
Collect program CKFCOLL must know whether JES2 dynamic exits are supported. Normally, the call to
IEFSSREQ returns information about the JES2 level which is used to determine whether the JES2 dynamic exits are supported. If this information is not returned,
CKFCOLL might not be able to determine whether JES2 dynamic exits are supported and so might produce errors when processing the exits.
User response:
This error might be caused by running
Messages from 400 to 599
CKF4xxI
message
Explanation:
These messages are issued as the result of debugging commands that are not described in this manual.
Severity:
00
CKF500I INDD, OUTDD, and ERRDD only valid in PARM string
type "value" at ddname
line
number
Explanation:
The INDD, OUTDD, and ERRDD parameters can be used only as calling parameters (the
PARM keyword in JCL), and cannot be used as commands in an input file.
Severity:
16
CKF501I TCP/IP stack images cannot be retrieved. GETIBMOPT: RC=
xxxxxxxx
ERRNO:
yyyyyyyy
Explanation:
This message is triggered by a failure at the EZASMI call with function GETIBMOPT, where
xxxxxxxx is the return code and the yyyyyyyy indicates the error number.
User response:
Complete these steps:
1.
Convert the hexadecimal value that is supplied as the ERRNO return code from hexadecimal format to decimal format. For example, hexadecimal value
ERRNO=000027EA converts to decimal value 10218.
2.
Go to the z/OS information center for your version of z/OS.
42
Messages Guide zSecure on an operating system that is not supported, or by recent maintenance to that operating system that might have affected the IEFSSREQ service. For further information about the error, see the documented return code values for IEFSSREQ and SSOBRETN in z/OS
MVS Using the Subsystem Interface SA38-0679. If you cannot resolve the problem, contact IBM Customer
Support.
Severity:
08
CKF399I Could not
action amount of storage to
read TCP/IP stack
name configuration
Explanation:
If action=obtain, zSecure Collect does not have enough storage available to read the configuration data of TCP/IP stack name. Allocate a larger region for the zSecure Collect run to avoid this problem.
If action=release, zSecure could not release the storage used to read the TCP/IP stack. An internal processing problem might have occurred.
Severity:
08
3.
Click Communications server.
4.
Expand IP Sockets Application Programming
Interface Guide and Reference > Appendixes >
Appendix B. socket call error return codes >
Additional return codes
.
5.
Click Sockets extended ERRNOs.
6.
Locate the explanation for the corresponding decimal value in the list of error codes.
You can also look up the error codes in the
Communications Server IP Sockets Application
Programming Interface Guide and Reference (SC27-3660).
Severity:
08
CKF540I Address space data not collected for swapped ASID
asid jobname
Explanation:
This message is issued if the indicated address space is swapped out and data from the address space cannot be obtained. The information from this address space is missing from the CKFREEZE data set. zSecure reports created using this CKFREEZE data set might be incomplete. This especially applies if the indicated address space is running (sub)system-type tasks.
Severity:
04
CKF541I OPEN ERROR
abend code for DDNAME
CKFDS001
Explanation:
This diagnostic message is issued if a failure occurs during an OPEN of the data sets
CKF542I • CKF550I
obtained from the STEPLIB of the MQ QMGR region.
These data sets are used for preloading required connection modules. The program continues, but might fail later.
User response:
Inspect the abend code for indications about the cause of the error.
Severity:
08
CKF542I Could not connect to MQ QMGR because not authorized to access:
QMGR-name
Explanation:
The user running the CKFCOLL program does not have sufficient authorizations to connect to the indicated QMGR. This is usually controlled by profile
QMGR-name.BATCH in the MQCONN resource class.
User response:
Ensure that the user running
CKFCOLL has the required authorizations.
Severity:
08
CKF543I Could not connect to MQ QMGR because connection modules not available:
QMGR-name
Explanation:
During setup of the connection to the
MQ QMGR, several modules are dynamically loaded from STEPLIB or linklist. The required modules could not be located. The program continues with the next
MQ region.
Severity:
08
CKF544I Could not connect to MQ QMGR because QMGR not available for connection:
QMGR-name
Explanation:
During setup of the connection to the
MQ QMGR, MQ reported that the QMGR is not available. This is probably due to a failure to complete initialization of the QMGR, for example, because it is waiting for the DB2 subsystem for its queue-sharing group. The program continues with the next MQ region.
Severity:
08
CKF545I Could not connect to MQ QMGR
QMGR-name, RC=retcode-reascode
Explanation:
The CKFCOLL program could not connect to the indicated QMGR. The program continues with the next MQ region.
User response:
Check the hexadecimal reason code for additional information. Reason codes can be found in
WebSphere MQ for z/OS: Messages and Codes.
Severity:
08
CKF546I
Explanation:
During setup of the connection to the
MQ QMGR, several modules are dynamically loaded from STEPLIB or linklist. The CKFCOLL program attempts to preload these modules from the STEPLIB of the MQ QMGR region. Preloading failed for the indicated module. The program continues, but might fail later if the module cannot be located using some other means.
Severity:
08
Error preloading
module-name for MQ
QMGR
QMGR-name
CKF547I MQ QMGR
QMGR-name does not have
steplibs. No modules preloaded.
Explanation:
During setup of the connection to the
MQ QMGR, several modules are dynamically loaded from STEPLIB or linklist. The CKFCOLL program attempts to preload these modules from the STEPLIB of the MQ QMGR region. Because the indicated QMGR region does not have a STEPLIB DD-statement, preloading is not attempted. The program continues, but might fail later if the connection modules cannot be located later.
Severity:
0
CKF548I CKFWMQ will use the following steplibs for MQ QMGR
QMGR-name
Steplib data sets used:
DSN=
QMGR-steplib-datasetname
Explanation:
This diagnostic message is issued either because DEBUG was requested, or because the preloading of required modules failed.
Severity:
0
CKF549I
Explanation:
An error occurred during allocation of the data sets currently allocated to the STEPLIB ddname of the indicated QMGR. Inspect accompanying messages to analyze the cause of the failure.
Severity:
08
MQ QMGR steplib allocation error.
QMGR-name
CKF550I The MQ information is requested for
QMGR
QMGR-name
Explanation:
This diagnostic message is issued because DEBUG was requested. It indicates progress in collecting MQ-related information.
Severity:
0
Chapter 2. CKF Messages
43
CKF551I • CKF560I
CKF551I MQ
action QMGR QMGR-name
error-information
Explanation:
This diagnostic message is issued if a step fails in the process to obtain information from the
MQ QMGR region. The error information can contain a description of the error or the hexadecimal return and reason codes: RC=retcode-reascode.
You can find API completion and reason codes in the
IBM Knowledge Center for WebSphere MQ at http://www.ibm.com/support/knowledgecenter/
SSFKSJ/mapfiles/product_welcome_wmq.htm.
Severity:
08
CKF552I
Explanation:
The CKFCOLL program was not able to access the job's private region. This can occur if the
MQ=YES option is requested. Return codes for the
ALESERV ADD macro are documented in z/OS MVS
Programming Authorized Assembler Services Reference, Vol.
1 in the z/OS information center.
Severity:
04
Cannot access address space
jobname
ASID
asid - ALESERV rc=retcode
CKF553I POINT RPL
type dev volume
datacomponent rc=nn reason=nnnn
Explanation:
This messages indicates an unexpected return code and reason code (in decimal) from the
VSAM POINT macro.
Severity:
8
CKF554I IFAQUERY return area too small.
Omitted SMF Flood policy records.
Explanation:
A second call was issued to pass the required length needed to store the SMF flood policy data, but the space is not sufficient to store the data.
Contact IBM Software Support.
Severity:
8
CKF555I Unexpected return code from
IFAQUERY. SMF flood policy information will be missing.
rc=
hhhhhhhhhhh hex rsn=hhhhhhhhhhh hex
Explanation:
The SMF flood policy data could not be returned because the available space is too small.
Contact IBM Software Support.
Severity:
12
CKF556I Unsupported MQ release
release for
ASID
asid jobname. Assume SYSP length
= 256
Explanation:
The release of MQ is not recognized. The length of the SYSP control block generated by this release of MQ is unknown. A length of 256 bytes is assumed. If this value is incorrect, additional message
CKF559I might be issued.
Severity:
04
CKF557I
Explanation:
zCollect was not able to access the job's private region. This can occur if the CICS=YES zCollect option is requested. Return codes for the ALESERV
ADD macro are documented in z/OS MVS Programming
Authorized Assembler Services Reference, Vol. 1 in the z/OS information center.
Severity:
00
Cannot access address space
jobname
ASID
asid - ALESERVE rc=rc
CKF558I
abend during MQ data collection ASID
asid jobname
Explanation:
This message indicates that an unexpected condition occurred while trying to collect information from the indicated MQ address space.
User response:
Check whether the jobname is of a supported MQ subsystem and release. If it is, see the
Electronic Support Web site for possible maintenance associated with this message. If you cannot find applicable maintenance, contact IBM Software Support.
Severity:
08
CKF559I
abend during MQ data collection jobname
Explanation:
This message indicates that an unexpected condition occurred while trying to collect information from the indicated MQ address space.
User response:
Check whether the jobname is of a supported MQ subsystem and release. If it is, see the
Electronic Support Web site for possible maintenance associated with this message. If you cannot find applicable maintenance, contact IBM Software Support.
Severity:
08
CKF560I
Explanation:
This is an informational message showing the total number of CICS regions that were processed and the total number of transactions and programs that were found.
Severity:
00
Number of CICS regions interrogated:
nnn Transactions: nnn Programs: nnn
44
Messages Guide
CKF561I
Explanation:
This is an informational message showing the total number of IMS regions that were processed and the total number of transactions and
PSBs that were found.
Severity:
00
Number of IMS regions interrogated:
nnn Transactions: nnn PSBs: nnn
CKF562I CS Resolver data cannot be collected on
OS_level
Explanation:
If you are running zSecure on z/OS
V1R12 or lower, you can prevent this message by ensuring that the zSecure Collect TCPIP parameter is set to NO. For information about setting this parameter, see "zSecure Collect for z/OS" in the IBM Security
zSecure Admin and Audit for RACF: User Reference
Manual.
Severity:
00
CKF563I Resolver NMI error
UNIX error
Explanation:
This message is triggered by a failure at the EZBREIFR call.
User response:
Look up the EZBREIFR service return code and reason code in the Communications Server IP
Programmer’s Guide and Reference (SC27-3659).
Severity:
08
CKF564I Could not
action amount of storage to
read CS Resolver configuration
Explanation:
If action=obtain, zSecure Collect does not have enough storage available to read the configuration data of the CS Resolver. Allocate a larger region for a zSecure Collect run to avoid this problem. If
action=release, zSecure could not release the storage that is used to read the CS Resolver configuration. An internal processing problem might have occurred.
Severity:
08
CKF565I BPX1PCT Query Config Option failed
Return Value=
nn Return Code=nn
Reason Code=
nn
Explanation:
This message indicates that an error occurred during the execution of the BPX1PCT "Query
Config" function. This function is used to determine the zFS sysplex status. The specified reason code consists of two half words. The first is the reason code qualifier.
The second is the reason code as described in UNIX
System Services Messages and Codes. If this message occurs, the value of SYSPLEX_MODE is blank.
Severity:
04
CKF561I • CKF569I
CKF566I Unable to determine if DSN
dsn is RLS
controlled. LISTCAT return code
rc
Explanation:
This message indicates that CKFCOLL was unable to determine if the dsn data set is controlled by RLS. zSecure determines if RLS is active by issuing the LISTCAT command for a data set and checking if
"RLS in use" is displayed in the output.
User response:
If the data set is RLS controlled and it is causing collection errors, contact IBM Software
Support.
Severity:
04
CKF567I Nil pointer trying to access
id from
jobname
Explanation:
This message indicates that an unexpected condition occurred while trying to create a
CKFREEZE record from a storage control block. The id indicates the kind of control block that was being accessed.
User response:
Check whether the jobname is of a supported subsystem and release. If it is, see the
Electronic Support Web site for possible maintenance associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF568I
abend accessing jobname ASID asid
Explanation:
This message indicates that an unexpected condition occurred while trying to determine if the indicated address space is a CICS address space, and if so, find relevant CICS region information.
User response:
Check whether the jobname is of a supported subsystem and release. If it is, see the
Electronic Support Web site for possible maintenance associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF569I
abend trying to access id from jobname
Explanation:
This message indicates that an unexpected condition occurred while trying to create a
CKFREEZE record from a storage control block. The id indicates the kind of control block that was being accessed.
User response:
Check whether the jobname is of a supported subsystem and release. If it is, see the
Electronic Support Web site for possible maintenance
Chapter 2. CKF Messages
45
CKF570I • CKF576I
associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF570I Number of DB2 regions interrogated:
nn
Explanation:
This summary message indicates the number of DB2 regions that were processed during the zCollect run.
Severity:
00
CKF571I Error loading module
xxxxxxx DB2
system table unload terminated for DB2 subsystem
yyyy release zzzz
Steplib data sets used:
DSN=
aaa.aaaa
Explanation:
zSecure Collect received an error when attempting to load a DB2 module. The process of unloading the DB2 system catalog tables was terminated for each of the DB2 subsystems associated with this DB2 release.
User response:
See the Electronic Support Web site for possible maintenance associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF572I DB2 steplib allocation error. DB2 system table unload terminated for DB2 subsystem
yyyy release zzzz
Steplib data sets used:
DSN:
yyyy.yyyy
Explanation:
zSecure Collect received an error when attempting to allocate the specified DB2 steplib data sets. The process of unloading of the DB2 system catalog tables was terminated for each of the DB2 subsystems associated with this DB2 release.
User response:
See the Electronic Support Web site for possible maintenance associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF573I DB2 unload error. SYSADM userid
xxxxxxxx greater than 8 characters in
length.
Processing of DB2 system
yyyy
terminated.
Explanation:
The installation SYSADM user ID for the
46
Messages Guide specified DB2 subsystem is greater than eight characters. A user ID greater than eight characters might be a role-based SYSADM user ID. Processing for the specified DB2 subsystem was terminated because zSecure was unable to unload the DB2 system catalog tables.
User response:
See the Electronic Support Web site for possible maintenance associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF574I RACROUTE VERIFY CREATE error
RACF RC (hex)
xxxxxxx RACF reason
(hex)
yyyyyyyy
DB2 table unload terminated for DB2 subsystem
zzzz
Explanation:
zSecure Collect received an error when it issued "RACROUTE VERIFY CREATE." The unloading of the DB2 system catalog tables was terminated for the specified DB2 subsystem.
User response:
Use the return code and reason code to determine why the RACROUTE failed. If you cannot correct the problem, contact IBM Software Support.
Severity:
08
CKF575I ATTACH failed for DSNUTILB
RC=
xxxxx DB2 system table unload
terminated for DB2 subsystem
yyyy
release
zzzzz
Steplib data sets used:
DSN:
aaaa.aaaa
Explanation:
zSecure Collect received an error while attempting to start DSNUTILB to unload the DB2 system catalog tables. Further processing of the DB2 system catalog tables was terminated for the specified
DB2 subsystem.
User response:
See the Electronic Support Web site for possible maintenance associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF576I Unexpected
xxxxx during ATTACH of
DSNUTILB to UNLOAD DB2 tables
Explanation:
zSecure Collect received an error during the ATTACH to DSNUTILB to unload the DB2 system catalog tables. Further processing of the DB2 system catalog tables was terminated.
User response:
See the Electronic Support Web site for possible maintenance associated with this message.
CKF577I • CKF585I
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
CKF577I
Explanation:
zSecure Collect received an error while opening the DB2 steplib data sets. See message
CKF572I for further information on the allocated DB2 steplib data sets. Further processing of the DB2 system catalog tables was terminated.
User response:
See the Electronic Support Web site for possible maintenance associated with this message.
If you cannot find applicable maintenance, follow the
procedures described in “Contacting IBM Software
Support” on page 477 to report the problem.
Severity:
08
OPEN ERROR
xxxxx for DDNAME
CKFDS001
CKF578I
Explanation:
This informational message shows the total number of records that were processed from a
DB2 catalog table.
Severity:
00
nnn records processed from table
tablename for DB2 subsystem subsys
CKF579I Number of MQ regions interrogated:
number
Explanation:
This is an informational message showing the total number of MQ regions that were processed.
Severity:
00
CKF580I Error unloading the DB2 table
aaaaaaaa
for DB2 subsystem
yyyy
Steplib data sets used:
DSN:
yyyy.yyyy
Explanation:
zSecure Collect received an error when attempting to unload the DB2 table. See the DSNPRT
DD if it is allocated for error messages associated with this DB2 unload.
User response:
Review the messages in DSNPRT to resolve the problems unloading the DB2 table. If the error was caused by a B37/D37 error on DSNOUT, see
"DB2 table unloads" in the User Reference Manual for information on how to allocate DSNOUT in the collect
JCL.
Severity:
08
CKF581I BPX1SYC: Determine system configuration options failed. RC=
rc
reason=
reason
Explanation:
An error occurred during the execution of the BPX1SYC "Determine system configuration options" function. The reason code consists of two halfwords. The first is the reason code qualifier. The second is the reason code as described in the UNIX
System Services Messages and Codes manual.
User response:
Review the specified reason code in
UNIX System Services Messages and Codes.
Severity:
08
CKF582I Number of TKDS token/cert records copied:
decnum
Explanation:
This informational message shows the number of TKDS records copied to the CKFREEZE data set.
Severity:
00
CKF583I
type abend xxx-nn (explanation) accessing
JES2, ASID
asid
Explanation:
This message indicates that a nonrecoverable abend occurred while accessing data in the JES2 address space. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF584I
type abend xxx-nn (explanation) accessing
JES2 PSO, ASID
asid
Explanation:
This message indicates that a nonrecoverable abend occurred while accessing data in the JES2 PSO data space. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product.
Severity:
08
CKF585I
Explanation:
The CKFCOLL program was not able to access the JES2 private region. Return codes for the
ALESERV ADD macro are documented in z/OS MVS
Programming: Authorized Assembler Services Reference, Vol.
1 in the z/OS information center.
Severity:
08
Cannot access address space JES2, ASID
asid - ALESERV rc=rc
Chapter 2. CKF Messages
47
CKF586I • CKF598I
CKF586I Cannot access data space for JES2 PSO,
ASID
asid - ALESERV rc=rc
Explanation:
The CKFCOLL program was not able to access JES2 PSO data space. Return codes for the
ALESERV ADD macro are documented in z/OS MVS
Programming: Authorized Assembler Services Reference, Vol.
1 in the z/OS information center.
Severity:
08
CKF587I Cannot access OMVS kernel address space
jobname ASID asid - ALESERV
rc=
rc
Explanation:
zSecure Collect was not able to access the private region of the OMVS kernel job while zSecure Collect gathered information about UNIX processes. Return codes for the ALESERV ADD macro are documented in z/OS MVS Programming: Authorized
Assembler Services Reference, Vol. 1 in the z/OS information center.
Severity:
08
CKF588I Abend accessing OMVS kernel address space
jobname ASID asid
Explanation:
This message indicates that an unexpected condition occurred while trying to determine an OMVS kernel address space, and if so, find relevant information about UNIX processes.
User response:
Check whether the jobname is an
OMVS kernel task. If it is, see Electronic Support website for possible maintenance associated with this message. If you cannot find applicable maintenance, contact IBM Software Support.
Severity:
08
CKF589I
Explanation:
This message indicates that a control block that contains information about UNIX processes was not found.
User response:
Check whether the jobname is an
OMVS kernel task. If it is, see Electronic Support website for possible maintenance associated with this message. If you cannot find applicable maintenance, contact IBM Software Support.
Severity:
08
Process information not found in OMVS kernel address space
jobname ASID asid
CKF590I Process information table in OMVS kernel address space
jobname ASID asid
is empty
Explanation:
This message indicates that a control block that contains information about UNIX processes was found but it contains no process information or has an unsupported layout.
User response:
Check whether the jobname is an
OMVS kernel task. If it is, see Electronic Support website for possible maintenance associated with this message. If you cannot find applicable maintenance, contact IBM Software Support.
Severity:
08
CKF591I
Explanation:
zCollect could not access the job's private region while collecting the information about address space active jobs. Return codes for the ALESERV ADD macro are documented in z/OS MVS Programming
Authorized Assembler Services Reference, Vol. 1 in the z/OS information center.
Severity:
08
Cannot access address space
jobname
ASID
asid - ALESERV rc=rc
CKF592I Abend accessing
jobname ASID asid
Explanation:
This message indicates that an unexpected condition occurred while trying to collect the information about address space active jobs.
User response:
See the Electronic Support website for possible maintenance associated with this message. If you cannot find applicable maintenance, contact IBM
Software Support.
Severity:
08
CKF593...CKF596
message
Explanation:
These messages are issued as the result of debugging commands that are not described in this manual.
Severity:
00
CKF597I Cannot access address space
jobname
ASID
asid - ALESERV rc=retcode
Explanation:
zCollect was not able to obtain data from the job's private region. Return codes for the ALESERV
ADD macro are documented in z/OS MVS Programming
Authorized Assembler Services Reference, Vol. 1 in the z/OS information center.
Severity:
00
CKF598I JFCBs not collected for swapped ASID
asid jobname=jobname
Explanation:
This message is issued if the indicated address space is swapped out and data about allocated data sets cannot be obtained. The information from this address space is missing from the CKFREEZE data set.
zSecure reports created using this CKFREEZE data set might be incomplete.
48
Messages Guide
Severity:
04
CKF599I Abend
abend info during access ASID
asid jobname=jobname
Messages from 700 to 799
CKF700I
Explanation:
This message indicates a serious internal error. User abend 700 will be issued. Contact IBM
Software Support.
Severity:
24
Internal error: CKFALLOC called in invalid state
CKF701I CKFAXCP: data areas too large, on
dev
volume - user abend 701
Explanation:
This message indicates an internal error: the data areas requested by the channel program passed to the I/O driver are too large. User abend 701 will be issued. Contact IBM Software Support.
Severity:
28
CKF702I I/O routine
type abend xxx-nn
(explanation)on dev volume - user abend
702
Explanation:
This message indicates an internal error: the data areas requested by the channel program passed to the I/O driver are too large. User abend 702 will be issued. Contact IBM Software Support.
Severity:
28
CKF703I CKFCAT called in invalid state
Explanation:
This message indicates a serious internal error. User abend 703 will be issued. Contact IBM
Software Support.
Severity:
24
CKF704I Internal error: BCS
bcsvol on IOXC
ioxcvol-key
Explanation:
This message indicates a serious internal error. The catalog will be skipped. Contact IBM
Software Support.
Severity:
24
CKF705I Internal error: CKFPATH called in invalid state
Explanation:
This message indicates a serious internal error. User abend 705 will be issued. Contact IBM
Software Support.
Severity:
24
CKF599I • CKF711I
Explanation:
This message indicates a failure while trying to obtain allocated data set information for the indicated jobname in address space asid.
Severity:
08
CKF706I CKFPDS(E) called in invalid state
Explanation:
This message indicates a serious internal error. User abend 706 will be issued. Contact IBM
Software Support.
Severity:
24
CKF707I Internal error: PDS on wrong IOXC
Explanation:
This message indicates a serious internal error. The PDS will be skipped. Contact IBM Software
Support.
Severity:
24
CKF708I CKFSCHED Internal error: hung I/O executor
Explanation:
This message indicates a serious internal error. A user abend 708 will be issued. Contact IBM
Software Support.
Severity:
24
CKF709I Internal error: CKFVTOC called in invalid state
Explanation:
This message indicates a serious internal error. User abend 709 will be issued. Contact IBM
Software Support.
Severity:
24
CKF710I Internal error: CKFVVDS called in invalid state
Explanation:
This message indicates a serious internal error. User abend 710 will be issued. Contact IBM
Software Support.
Severity:
24
CKF711I
Explanation:
This message indicates that zSecure
Collect failed to free its 4KB SQA area at the specified address. To prevent further SQA pollution, the program issues a user abend 711. Contact IBM Software Support.
Severity:
28
FREEMAIN for 4K SQA at address
xxxxxxxx failed with return code nn hex
after I/O on
dev volume- user abend 711
Chapter 2. CKF Messages
49
CKF712I • CKF725I
CKF712I Unexpected GETMAIN return code
nn
hex
Explanation:
This message indicates that zSecure
Collect failed to obtain a page-aligned work area for the VM DIAGNOSE buffers. No diagnose will be issued. Contact IBM Software Support.
Severity:
24
CKF713I
Explanation:
This message indicates that an unexpected return code was encountered for the PGFIX
(non-XA) or PGSER (XA) service. Contact IBM Software
Support.
Severity:
24
Unexpected PGSER/PGFIX return code
nnn hex
CKF714I
Explanation:
This message indicates that an unexpected return code was encountered for the
PGFREE (non-XA) or PGSER (XA) service. Contact IBM
Software Support.
Severity:
24
Unexpected PGSER/PGFREE return code
nnn hex
CKF715I CKFAXVM recovered from unexpected
type abend xxx-nn (explanation)
Explanation:
This message indicates that an unexpected abend was encountered during VM diagnose processing. VM information may be missing.
Contact IBM Software Support.
Severity:
24
CKF716I CKFAXVM internal error: AXVM pointer
xxxxxxx at address xxxxxxxx
invalid
Explanation:
Contact IBM Software Support.
Severity:
24
CKF717I CKFCAT invalid VSAM data set type
type
Explanation:
This message indicates a serious internal error. Contact IBM Software Support.
Severity:
24
CKF718I CKFTMC called in invalid state
Explanation:
This message indicates a serious internal error. User abend 718 will be issued. Contact IBM
Software Support.
Severity:
24
50
Messages Guide
CKF719I Internal error:
type on wrong IOXC
Explanation:
This message indicates a serious internal error. The type data set (TMC/VMF/ABR) will be skipped. Contact IBM Software Support.
Severity:
24
CKF720I CKFDSN called in invalid state
Explanation:
This message indicates a serious internal error. User abend 720 will be issued. Contact IBM
Software Support.
Severity:
24
CKF721I Internal error:
type on wrong IOXC
Explanation:
This message indicates a serious internal error. The indicated type of data set (DMSU for
DMSUNL, PDSE for PDS/E directory, or PDSM for
AUTHLIB) will be skipped. Contact IBM Software
Support.
Severity:
24
CKF722I CKFDMSF called in invalid state
Explanation:
This message indicates a serious internal error. User abend 722 will be issued. Contact IBM
Software Support.
Severity:
24
CKF723I Internal error:
type on wrong IOXC
Explanation:
This message indicates a serious internal error. The data set of type type will be skipped. The type can be DMSF for DMSFILES. Contact IBM
Software Support.
Severity:
24
CKF724I CBVER RESET missed for ID=
cccc at
CBVER ID=
cccc
CKF724I Missing CBVER RESET after
proc
Explanation:
This message indicates a serious internal error. Contact IBM Software Support.
Severity:
24
CKF725I Internal error: unexpected concatenation after
type device volume dataset
Explanation:
This message indicates a serious internal error. Contact IBM Software Support.
Severity:
24
CKF726I Internal error: ADDDD called for concatenation with tape
Explanation:
This message indicates a serious internal error. Contact IBM Software Support.
Severity:
24
CKF729I
function NMI call error TCP/IP
tcpipstackname RC rc RSN reasoncode
Explanation:
This message indicates that the NMI request failed with an unexpected return code (rc).
Messages from 800 to 899
CKF874I RECFM=V(BS) RDW
hex exceeds
LRECL=
lrecl at record n ddname volser
dsname
Explanation:
This message indicates invalid record contents for a RECFM=V(B)(S) data set. The record descriptor word does not match the DCB parameters.
The Record Descriptor Word (RDW) is shown in hexadecimal. The first 2 bytes are the record length including the RDW. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
CKF875I RECFM=V(BS) BDW
hex exceeds
BLKSIZE=
blksize at record n ddname
volser dsname
Messages from 900 to 999
CKF900I
debug message
Explanation:
This debug message is only relevant for
IBM Software Support and is not present in any
Generally Available version of the software.
Severity:
00
CKF906I
Type abend xxx-nn (explanation) reading
REAL storage
identifier
Explanation:
This error message indicates that an abend occurred during an attempt to obtain information from real storage. If the identifier is LST, this indicates that one of the Linkage Second Tables could not be read (in its entirety). Program Call reports based on this data will not be complete.
Severity:
04
CKF726I • CKF911I
User response:
Check the explanation of the return code:
1.
See the z/OS Internet Library for the version of z/OS that you are using and click the z/OS version under z/OS Information Centers.
2.
Select z/OS Communications Server -> IP
Programmer's Guide and Reference
. Return codes are documented in Network management
interfaces
.
Severity:
08
Explanation:
This message indicates invalid block contents for a RECFM=V(B)(S) data set. The block descriptor word does not match the DCB parameters.
The Block Descriptor Word (BDW) is shown in hexadecimal. The first 2 bytes are the block length including the BDW, unless the high order bit is on, in which case it can be a large block 4 byte length. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
CKF907I DYNALLOC trace: SVC 99 return code
nn - meaning
Explanation:
This message is issued because of
DEBUG or because of a failed SVC99 where DAIRFAIL did not return a message text. It has continuation lines detailing the individual text units contents after SVC 99
(DYNALLOC) completion.
Severity:
00
CKF910I HLLENQ status report
identifier
Explanation:
These messages are issued in response to
DEBUG.
Severity:
00
CKF911I
service RC=rc hex RSN=rsn hex [for
qname-scope rname]: explanation
Explanation:
A call to the indicated service (either
Chapter 2. CKF Messages
51
CKF912I • CKF925I
ENQ or ISGENQ) did not complete with RC=0. This message does not necessarily indicate a need for action, for example, an APF authorized program can issue an
ENQ against the unauthorized QNAME CKRDSN.
Hence, this message should be considered informational only.
Severity:
00
CKF912I STIMERM error:
explanation
Explanation:
Contact IBM Software Support.
Severity:
24
CKF913I Serialization could not obtain all ENQs
Explanation:
The program could not obtain ENQs on all requested resources, and cannot continue. The resource for which no ENQ could be obtained has been identified in a preceding message CKF911I.
Severity:
16
CKF913I Serialization encountered a serious error
Explanation:
The program attempted to obtain ENQs on all requested resources, but encountered an unexpected condition. The run cannot continue. Look for a preceding message CKF911I to identify the exact cause of the failure.
Severity:
16
CKF913I Serialization has obtained all ENQs
Explanation:
The program successfully obtained ENQs for all requested resources.
Severity:
00
CKF913I Serialization starts waiting for ENQs
Explanation:
The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. The program will wait for the remaining resources to become available. Look for a preceding message CKF911I to identify the resources that were not immediately available.
Severity:
04
CKF913I Serialization WAIT timed out
Explanation:
The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. After waiting for the number of minutes specified on the MAXWAIT subparameter of the SERIALIZATION command, one or more required resources were still unavailable. The program gives up and aborts the run. Look for a preceding message
CKF911I to identify the unavailable resources.
Severity:
16
52
Messages Guide
CKF914I Multiple HLLQENQ
ACTION=xxx,ID=
id calls without an
intervening HLLQDEQ ID=
id or
HLLQDEQ ALL are not supported
Explanation:
Contact IBM Software Support.
Severity:
24
CKF915I
Explanation:
This message indicates that a BPX1WRV call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the
IBM Unix System Services manual to look up other return and reason codes.
Severity:
16
UNIX write record
nn failed RC nn
[
meaning] reason qqqq rrrrx [meaning] file
ddname path
CKF919I
Explanation:
An invalid record was passed to the output routine. An empty record has been written instead. Contact IBM Software Support.
Severity:
24
Record with negative length
length
directed to
ddname behind record recno
CKF923I Input from a TSO/E terminal is not supported - DD
ddname
Explanation:
Input from a TSO/E terminal in line mode is not supported.
Severity:
20
CKF924I DD
ddname DSN dsn invalid block size:
blksize
Explanation:
After ddname has successfully been opened (using OPEN), its DCB must indicate a positive block size unless ddname is a DUMMY device.
Severity:
16
CKF925I Member
member DDname ddname
DSname
dsn Problem description
Explanation:
The program received a non-zero return code from the FIND SVC when trying to locate the indicated member. The problem description on the second line gives the exact nature of the problem.
Severity:
08
CKF931I or CKV931I
proc: Buffer overrun -
destinationlength sourcelength:data
Explanation:
A buffer overrun occurred in the format procedure proc. This message will be followed by a user
ABEND 931. Contact IBM Software Support.
Severity:
24
CKF942I or CKV942I Environment mismatch for product code
code
Explanation:
This message indicates that while code for the product code identified was installed, it is not running in its proper environment. For instance, some product codes are limited to UNIX tasks under z/OS, some to non-UNIX tasks under z/OS, and some to z/VM.
Severity:
00
CKF944I or CKV944I UNIX
type close RC nn
[
meaning] reason qqq rrrr x [meaning] file
ddname path
Explanation:
This message indicates that a BPX1CLO call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes, the numeric values are followed by an explanatory string.
Use the IBM Unix System Services manual to look up other return and reason codes.
The type can be "wronly"or "rdonly."
Severity:
16
CKF945I or CKV945I UNIX
action failed RC nn
[
meaning] reason qqq rrrr x [meaning] file
ddname path
Explanation:
This message indicates that a BPX1OPN or BPX1FCT call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to look up other return and reason codes.
The action can be wronly open, fcntl filetag, or rdonly
open
.
Severity:
16
CKF947I or CKV947I Reading filedesc
off failed RC
nn [meaning] reason qqqq rrrr x [meaning]
file
ddname path
Explanation:
This message indicates that a BPX1RED
(UNIX read) call failed with the indicated return code in decimal and the reason code split into reason code
CKF931I or CKV931I • CKF963I or CKV963I
qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to look up other return and reason codes.
Severity:
16
CKF948I or CKV948I Enablement information corrupt for product code
code
Explanation:
This message shows a problem with product installation or entitlement.
User response:
Contact your system programmer to verify successful installation.
Severity:
16
CKF949I or CKV949I Product code
code installed and
non-APF registration limit exceeded
Explanation:
This message is issued for products that are installed but cannot be registered because the MVS limit for product registration by non-APF programs has been exceeded.
Severity:
00
CKF950I or CKV950I Code not installed here for product code
code
Explanation:
This indicates that you are attempting to run functionality for a product that is not installed here.
Severity:
16
CKF955I or CKV955I
program task heap STORAGE
REQUEST ERROR: SIZE NOT
POSITIVE
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
CKF963I or CKV963I Ambiguous
name "value"
Explanation:
This message indicates that an ambiguous abbreviation was entered, i.e. two or more different keywords could be meant by the abbreviated value. Specify the keyword intended in more detail.
Severity:
16
Chapter 2. CKF Messages
53
CKF964I or CKV964I • CKF976I or CKV976I
CKF964I or CKV964I MEMBER NAME REQUIRED
FOR WRITES TO PDS(E) DATA SET
dsn
Explanation:
This message indicates that a member name is required, but not specified, for the indicated data set.
Severity:
16
CKF967I or CKV967I RECFM=F INVALID FOR
LRECL=X,RECFM=VBS PREFERRED
DATA SET
dsn
Explanation:
This message indicates that a RECFM=F data set was encountered on a file that is to receive variable spanned unlimited length records by preference. Although downward compatibility is maintained to non-spanned and limited-record length records, the code cannot write RECFM=F records.
Severity:
16
CKF968I or CKV968I IFAEDDRG failed RC
nn
decimal
Explanation:
This message indicates that an attempt to register a previously registered product failed.
User response:
Contact IBM Software Support.
Severity:
16
CKF969I or CKV969I I/O error for
dsn: description
Explanation:
This message indicates that an I/O error occurred during normal QSAM or BSAM input processing for dsn. Operation will be continued, but an abend or other error message may follow because of the information missing due to the I/O error.
Severity:
08
CKF970I or CKV970I
program task heap FREE
STORAGE ERROR:
message
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
CKF971I or CKV971I Maximum length for this
field
is
len at file line n
Explanation:
The input contains a multiple-line string that is too long. The maximum length for the string is indicated in the message.
Severity:
16
CKF972I or CKV972I Enablement information missing for
product
Explanation:
This message indicates that the product cannot run because the load module is not complete.
User response:
Contact your system programmer to complete installation of the product.
Severity:
16
CKF973I or CKV973I IBM Security product code
code
disabled or not installed
Explanation:
This indicates that you are attempting to run functionality for a product that is not installed here, or it is disabled for this system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKF974I or CKV974I IBM Security
product disabled
or not installed here for requested focus
Explanation:
Either the product is not installed here, or the requested focus is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKF975I or CKV975I IBM Security
product disabled
or not installed
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKF976I or CKV976I Code or enablement for
product
product or feature is missing
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
54
Messages Guide
CKF976I or CKV976I IBM Security
product or feature
disabled or not installed here
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKF977I or CKV977I Installed PRODUCT
OWNER('IBM CORP') ID(
id)
NAME('
name') FEATURE('feature')
VER(
version) REL(release)
MOD(
modification)
[ Product
action RC rc decimal ]
Explanation:
This message is issued in response to
DEBUG for products that are installed. The action can be "registration" or "status." The return code is for
IFAEDREG or IFAEDSTA, respectively, which are documented in MVS Programming: Product Registration.
No continuation line is shown if product registration does not apply (for example, because of CKF979I).
Severity:
00
CKF978I or CKV978I Product code
code has been
disabled in PARMLIB
Explanation:
This message is issued in response to
DEBUG for products that have been disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name by an entry in IFAPRDxx in your z/OS PARMLIB.
User response:
Run the product somewhere else, or ask your system programmer for enablement.
Severity:
00
CKF979I or CKV979I Product code
code implied by
other
Explanation:
This message is issued in response to
DEBUG for products that are not being registered because their entitlement is implied by a more encompassing entitlement.
Severity:
00
CKF980I
Type abend xxx-nn (explanation) trying to
access
fieldname in jobname
Explanation:
This error message indicates that an abend occurred during an attempt to obtain the specified field through cross-memory services. A common cause has its own message text with the same message number.
Severity:
04
CKF976I or CKV976I • CKF984I or CKV984I
CKF980I Omitted
fieldname because address space
jobname swapped out
Explanation:
This error message indicates that an 05D abend occurred during an attempt to obtain the specified field through cross-memory services. This means the address space was swapped out. CKFCOLL does not currently cause swap-in of other address spaces (to prevent bogging down the system with swap-in requests). Usually production systems have the address spaces that CKFCOLL wants to see defined as nonswappable. So you will most often see this message on test systems, or on production systems for test-subsystems (for example, test DB2). For the purpose of auditing PC calls, it useful to know that the
PC call is also unavailable to the user while the address space is swapped out.
Severity:
04
CKF981I or CKV981I Invalid
type "value"
Explanation:
This message indicates that the text value is not a valid value in the context type.
Severity:
16
CKF982I or CKV982I Internal error: unknown error code at
ddname line number
Explanation:
The input parser error routine encountered an invalid error code. Contact IBM
Software Support.
Severity:
16
CKF983I or CKV983I Expecting list separator/terminator instead of
type"value" at ddname line number
Explanation:
This message indicates that the input parser expected a list separator or terminator for the current list (this can for instance be a comma, blank, or end-of-line, depending on the context). Instead, it encountered the indicated token type type(and text
value, if available). The input parser skips all input until it encounters a valid list separator or terminator for the current list.
Severity:
16
CKF984I or CKV984I Invalid
type list element type
type "value" at ddname line number
Explanation:
This message indicates that the input parser expected a list element of the specified type, but found a token of a type not supported as a list element in this context. If available, the offending text value is also listed in the message. The input parser skips all input until it encounters a valid list separator or terminator for the current list.
Severity:
16
Chapter 2. CKF Messages
55
CKF985I or CKV985I • CKF998I or CKV998I
CKF985I or CKV985I Required list element/parameter "
value" missing at
ddname line number
Explanation:
This message indicates that the input parser detected a missing required parameter or element in the list at the indicated line.
Severity:
16
CKF986I or CKV986I Duplicate parameter
value at
ddname line number
Explanation:
This message indicates that the input parser detected a duplicate occurrence of the parameter or list element value at the indicated line.
Severity:
16
CKF987I or CKV987I Syntax error:
type1 expected
instead of
type2 at "value" on ddname line
number
Explanation:
This message indicates that the input parser expected a specific token type type1 in the current context. Instead of this, it found the token type
type2 (at the text value, if available) on the indicated input line.
Severity:
16
CKF988I or CKV988I Syntax error: "
c" expected
instead of
type at "value" on ddname line
number
Explanation:
This message indicates that the input parser expected a specific character "c" (presumably a delimiter) in the current context. Instead of this, it found the token type type (at the text value, if available) on the indicated input line.
Severity:
16
CKF989I or CKV989I Unexpected type ["
value"] [for
element] at ddname line number
CKF989I Skipping to EOL at unexpected
type
["
value"] at ddname line number
Explanation:
This message indicates that the input parser expected one of a number of specific token types, but found a different token type instead. If available, the offending text value and the element for which it is read are also listed in the message. The parser will either continue with the next token, or skip directly to the end of the line.
Severity:
12
CKF991I or CKV991I ESTAE return code
rc
Explanation:
This message indicates that the program failed to establish an abend exit linkage.
Severity:
04
CKF993I or CKV993I DIAGNOSTIC DUMP
SUPPRESSED FOR
program TASK
taskname type ABEND xxx
Explanation:
This message indicates that the program abend exit did not attempt to make a diagnostic summary dump. This is done to prevent recursive abend conditions involving the print file. The task name is PROGRAM for the main task or for the only task in a program. For a multi-tasking program,
program might identify one of the subtasks.
CKF995I or CKV995I LRECL INVALID; NOT
OVERRULED FOR PARTITIONED
DATA SET
Explanation:
This message indicates that the print file open routine detected an invalid record length for the output file. This would have been overruled with a correct length for a Physical Sequential data set, but this is not done for Partitioned Data Sets to prevent making any existing PDS members inaccessible.
Subsequent 013 or 002 abnormal ends (abends) can result from the invalid record length.
CKF996I or CKV979I MFREE: NO LENGTH FOUND
IN BLOCK FOR STACK
name
Explanation:
This message indicates an internal stack error. It will be followed by a user abend 16. Contact
IBM Software Support.
Severity:
04
CKF997I or CKV997I STACK ERROR - ELEMENT
POPPED IS NOT ON TOP OF STACK
name
Explanation:
This message indicates an internal stack error. It will be followed by a user abend 16. Contact
IBM Software Support.
Severity:
16
CKF998I or CKV998I STACK OVERFLOW FOR
STACK
tasklevel stackname IN program
Explanation:
This message indicates an internal stack error. It is followed by a user abend 16. Contact IBM
Software Support.
Severity:
16
56
Messages Guide
CKF999I or CKV999I STORAGE SHORTAGE FOR
TASK
taskname HEAP heapname IN
program - INCREASE REGION
Explanation:
This message indicates that the program needs more storage. If the heap name is LOWHEAP, then the request is for storage below the 16MB line.
User response:
Look in message CKF034I to determine what region was requested and what was granted to the job step. Increase the REGION value on the JOB or STEP card. It can also be beneficial to use the STORAGEGC command, though this will increase
CPU usage. If the problem heap was LOWHEAP, there was not enough storage available below the line.
Increasing the REGION might still help, if there was not enough storage above the line so that LOWHEAP storage was used instead. If there is a true storage shortage below the line, you could reduce I/O parallelism with the PARALLEL option or force the immediate freeing of allocations with the FREE option.
Severity:
16
CKF999I or CKV999I
Chapter 2. CKF Messages
57
58
Messages Guide
Chapter 3. CKG messages
This chapter describes messages issued by the CKGRACF program on the mainframe. The CKGRACF program is part of zSecure Admin. It is used for handling Queued commands (like temporary access), revoke or resume schedules,
User data fields and various other functions that require updating RACF profiles.
This program is also used by zSecure Visual. The CKG messages have a message prefix in the form CKGnnnI where nnn is the message number. The message identifier is followed by a severity code. The program returns as completion code the highest severity code encountered.
The general meaning of the CKGRACF message numbers is as follows:
100-399
400-499
500-599
600-699
700-799
800-899
900-999
Normal message, giving status or summary information.
Debugging messages due to a DEBUG command
Normal message, giving status or summary information.
Error condition during execution.
Error during the parsing of input, before any command is executed.
Messages issued by architectural subcomponents.
Messages issued by architectural subcomponents.
The general meaning of the CKGRACF severity codes and hence of the completion code is as follows:
00
04
Normal message, giving status or summary information.
Warning: a condition occurred which may cause the command to have an unexpected effect. For example, a queued command was executed that applied the default password, but the default password had changed during the queuing period.
08
12
Error condition found during processing. For example, a profile could not be found, or access was denied.
Syntax error in command input, or an invalid format of USR data in the
RACF database.
16
20
24
Entitlement problem or invalid or unsupported files connected to
CKGRACF.
Unsupported condition found in RACF database, or installation error.
Internal error or other unexpected and unsupported condition in
CKGRACF detected.
Messages are included in subsections, grouped by the hundred message-numbers.
Messages from 100 to 199
CKG100I Contents of CKRSITE module:
contents
Explanation:
This message is printed as the result of a
SHOW CKRSITE command. contents displays the relevant portions of the CKRSITE module.
Severity:
00
© Copyright IBM Corp. 1998, 2015
CKG101I Authority requirement for user
user is
setting
Explanation:
This message is printed as the result of an AUTHORITY LIST command. It displays the multiple-authority requirement for user user.
59
CKG102I • CKG115I
Severity:
00
CKG102I
Explanation:
This message is printed as the result of an AUTHORITY LIST command. It displays the system-wide default multiple-authority requirement, which applies to user user.
Severity:
00
Authority requirement for user
user is
the system default (
setting)
CKG103I
field is value
Explanation:
This message is printed as the result of a
FIELD LIST command. It displays the value of the indicated field.
Severity:
00
CKG104I
Explanation:
This message is printed as the result of a
USRDATA LIST command. It indicates the USR field did not contain entries with the indicated index.
Severity:
00
No userdata elements with index '
index'
found
CKG105I Userdata with index '
index' is 'value'
Explanation:
This message is printed as the result of a
USRDATA LIST command. It displays the USRDATA part of one USR entry with the indicated index.
Severity:
00
CKG106I Starting command:
command
Explanation:
This message is printed at the start of each command. It displays the next command to be executed.
Severity:
00
CKG107I Command ended with result code
code
Explanation:
This message is issued at the end of a command if it did not end successfully. It displays the command's result code. This result code is the same as
documented as CKX return code under Chapter 7,
“CKX messages,” on page 329. The command is listed
in the previous CKG106I message.
Severity:
code
CKG108I Serious command error; terminating
CKGRACF
Explanation:
This message is issued at the end of a command if ended with a result code larger than 8, which indicates a serious processing, RACF, or internal error. CKGRACF command processing is terminated;
60
Messages Guide no further commands will be executed. The command is listed in the previous CKG106I message.
Severity:
00
CKG109I Please enter new [default] password for user
user
Explanation:
This message prompts to enter a new password or new default password for user user.
Severity:
00
CKG110I
Explanation:
This message prompts to reenter a new password or new default password for user user.
Severity:
00
Please reenter new [default] password for user
user
CKG111I Highest result code was
value
Explanation:
This message is issued after the command processing; it lists the highest command result code of the command stream executed. Each command with a result code other than zero (which indicates success) will have issued message CKG107I.
Severity:
value
CKG112I No CKGRACF-reserved userdata entries found
Explanation:
This message indicates that the LIST command did not find any CKGRACF-reserved USR entries.
Severity:
00
CKG113I Default password phrase set by
author at
date time
Explanation:
This message indicates a default password phrase was set for the target user. It includes the user who issued the command and the date and time the default value was set. The default password phrase is not included in the message.
Severity:
00
CKG115I
Explanation:
This message indicates a default password was set for the target user. It includes the user who caused the setting to be made, and the date and time it was set. The default password is not included in the message.
Severity:
00
Default password set by
author at date
time
CKG116I Scheduled
type action for schedule on date
by
user on date time Reason: reason
Deleted by
user on date time Delete
reason:
reason
Explanation:
This message is printed by the LIST command and lists a single scheduled revoke/resume action. The optional run-on messages indicate the revoke/resume reason, and, for a wiped action, the user that wiped the scheduled action.
Severity:
00
CKG117I
Explanation:
This message is printed by the LIST command. It is printed after the scheduled actions; the run-on messages list the overall revoke/resume schedule for the user.
Severity:
00
--- Overall revoke/resume status ---
Revoke from
date Resume from date
CKG118I Stopped due to attention
Explanation:
This message indicates that CKGRACF was stopped due to an attention. It will only be issued at the end of the command during which the ATTN key was pressed; commands will not be stopped halfway through.
Severity:
00
CKG119I Command request has been queued
Explanation:
This message indicates that a
USER REQUEST command for a multiple-authority user ID was queued. The command must be approved by another user before it will be executed.
Severity:
00
CKG120I User
user not resumed due to scheduled
actions
Explanation:
This message indicates that a
USER RESUME command for the indicated user did not resume the user ID, since the scheduled actions for the user indicate the user should be revoked. If the user really should be resumed, use the USER SCHEDULE command to alter the scheduled revoke/resume actions.
Severity:
08
CKG121I User
user set to status after wipe
Explanation:
This message indicates that a
USER SCHEDULE WIPE command for scheduled actions that applied to past dates caused the indicated
user's revoke status to be changed to status (revoked or resumed). This may be due to a changed overall schedule, or because a previous ALTUSER REVOKE or
CKG116I • CKG129I
ALTUSER RESUME command was overridden by the scheduled revoke status.
Severity:
0
CKG122I User
user left status after wipe
Explanation:
This message indicates that a
USER SCHEDULE WIPE command for scheduled actions that applied to past dates did not cause the indicated user's revoke status to be changed; it was left
status (revoked or resumed). This may be because the overall schedule has not changed, or because a previous ALTUSER REVOKE or ALTUSER RESUME command agrees with the changed overall schedule.
Severity:
00
CKG123I User
user left revoked after wipe,
resumed due to RESUME
Explanation:
This message indicates that a
USER SCHEDULE WIPE command for scheduled actions that applied to past dates did not cause the indicated user's revoke status to be changed; it was left revoked. However, a subsequent RESUME subcommand in the same USER command will set the user's revoke status to resumed.
Severity:
00
CKG126I Only PERMIT/CONNECT/REMOVE/
DELDSD/RDELETE allowed for
ASK/REQ
Explanation:
The only supported commands for
ASK/REQ (and thus queuing) are PERMIT/
CONNECT/REMOVE/DELDSD/RDELETE. This message is issued if another RACF command is given.
Severity:
08
CKG127I Failed to lock profile
class profile
Explanation:
Locking of the specified target profile failed. No profile data can be read; the command can not be executed.
Severity:
08
CKG128I Error in handling of queued command
Explanation:
An error occurred while trying to process the next stage of a queued command.
Severity:
08
CKG129I Failed to store command
Explanation:
Writing a queued command failed. This error can have multiple causes, for example, the profile cannot be written to or the USRDATA field in the profile is full.
Chapter 3. CKG messages
61
CKG130I • CKG406I
Severity:
08
CKG130I Failed to unlock profile
class profile
Explanation:
The specified target profile could not be freed. Other programs will not be able to use this profile if it is not unlocked.
Severity:
12
CKG131I Error in handling of queued command
Explanation:
An error occurred while trying to process the next stage of a queued command.
Severity:
08
CKG132I No CKGRACF queued command entries found
Explanation:
This message indicates that the LIST
Messages from 400 to 499
CKG400I
message
Explanation:
Results from a variety of debugging commands not described in this manual.
Severity:
00
CKG401I
Explanation:
This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a
RACROUTE REQUEST=AUDIT call. All values are in hexadecimal.
Severity:
00
Request=audit: SAF RC (hex)
value;
RACF RC (hex)
value; RACF reason (hex)
value
CKG402I Checking for
level access to class resource
Explanation:
This message is due to a
DEBUG RACHECK command and indicates the resource name and access level that will be checked.
Severity:
00
CKG403I
Explanation:
This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a RACROUTE REQUEST=
type call. All values are in hexadecimal.
Severity:
00
Request=
type: SAF RC (hex) value; RACF
RC (hex)
value; RACF reason (hex) value command did not find any CKGRACF created queued command entries in the profile being listed.
Severity:
00
CKG133I No CKGRACF schedule data entries found
Explanation:
This message indicates that the LIST command did not find any CKGRACF created schedule entries in the profile being listed.
Severity:
00
CKG135I
parameter only valid in PARM string
Explanation:
The parameter NOCLOSE, NODUMP or
TEXTPIPE is only valid in the parameter string, not in an included file.
Severity:
12
CKG404I Request=extract,user: SAF RC (hex)
value; RACF RC (hex) value; RACF
reason (hex)
value
Explanation:
This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a
RACROUTE REQUEST=EXTRACT call for a user profile. All values are in hexadecimal.
Severity:
00
CKG405I
Explanation:
This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a
RACROUTE REQUEST=EXTRACT call that attempted to find the profile's owner. All values are in hexadecimal.
Severity:
00
Request=extract,owner: SAF RC (hex)
value; RACF RC (hex) value; RACF
reason (hex)
value
CKG406I
Explanation:
This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a
RACROUTE REQUEST=EXTRACT,TYPE=ENCRYPT call that attempted to encrypt a password. All values are in hexadecimal.
Severity:
00
Request=extract,encrypt: SAF RC (hex)
value; RACF RC (hex) value; RACF
reason (hex)
value
62
Messages Guide
CKG407I ICHEINTY
type RC (hex) value; reason
(hex)
value (explanation)
Explanation:
This message is due to a
DEBUG ICHEINTY command and indicates the
ICHEINTY result and reason codes and a short explanation for a failed ICHEINTY call that attempted to read a profile. All values are in hexadecimal. This message immediately follows CKG661I, which indicates the class and profile name.
Severity:
00
CKG408I ICHEINTY CKGIWRT write RC (hex)
value; reason (hex) value (explanation)
Explanation:
This message is due to a
DEBUG ICHEINTY command and indicates the
ICHEINTY result and reason codes and a short explanation for a failed ICHEINTY call that attempted to write to a profile. All values are in hexadecimal. This message immediately follows CKG662I, which indicates the class and profile name.
Severity:
00
CKG409I ICHEINTY
type delete RC (hex) value;
reason (hex)
value (explanation)
Explanation:
This message is due to a
DEBUG ICHEINTY command and indicates the
ICHEINTY result and reason codes and a short explanation for a failed ICHEINTY call that attempted to delete a profile. All values are in hexadecimal. This message immediately follows CKG663I, which indicates the class and profile name.
Severity:
00
CKG410I Request=verify,create: RAF RC (hex)
value; RACF RC (hex) value; RACF
reason (hex)
value
Explanation:
This message is issued when DEBUG
SAFRC is active.
Severity:
00
CKG411I Request=verify,delete: RAF RC (hex)
value; RACF RC (hex) value; RACF
reason (hex)
value
Explanation:
This message is issued when DEBUG
SAFRC is active.
Severity:
00
CKG415I Checking access for
id on class profile
Explanation:
This message indicates that the access of a user or group on a resource is being checked.
Severity:
00
CKG407I • CKG422I
CKG416I RACF profile:
class profile
Explanation:
This message is issued when DEBUG
RACHECK is activated, and contains the matching profile for the RACHECK.
Severity:
00
CKG417I
user is [not] resource OWNER
Explanation:
This message indicates that a user is
[not] the owner of the resource indicated by the preceding CKG415I message.
Severity:
00
CKG418I
user is [not] resource HLQ
Explanation:
This message indicates that a user ID is
[not] equal to the HLQ of the resource indicated by the preceding CKG415I message.
Severity:
00
CKG419I
user is user attribute
Explanation:
This message indicates that a user is
SPECIAL, OPERATIONS, or AUDITOR.
Severity:
00
CKG420I
user is not SPECIAL(, OPERATIONS, or
AUDITOR)
Explanation:
This message indicates that a user is not
SPECIAL. If read access to the resource was asked, the message also indicates that the user is not
OPERATIONS or AUDITOR. The resource is indicated by the preceding CKG415I message.
Severity:
00
CKG421I
user is group attribute in group in the
resource group owner chain
Explanation:
This message indicates that a user is
GROUP SPECIAL, GROUP OPERATIONS, or GROUP
AUDITOR in a group in the resource group owner chain. The resource is indicated by the preceding
CKG415I message.
Severity:
00
CKG422I
user is not GROUP SPECIAL(, GROUP
OPERATIONS, or GROUP AUDITOR) in the resource group owner chain
Explanation:
This message indicates that a user is not
GROUP SPECIAL in any group in the resource group owner chain. If read access to the resource was asked, the message also indicates that the user is not GROUP
OPERATIONS or GROUP AUDITOR in any group in the resource group owner chain. The resource is
Chapter 3. CKG messages
63
CKG423I • CKG510I
indicated by the preceding CKG415I message.
Severity:
00
CKG423I
Explanation:
This message indicates that a user is
GROUP SPECIAL, GROUP OPERATIONS, or GROUP
AUDITOR in a group in the resource HLQ group owner chain. The resource is indicated by the preceding
CKG415I message.
Severity:
00
user is group attribute in group in the
resource HLQ group owner chain
CKG424I
user is not GROUP SPECIAL(, GROUP
OPERATIONS, or GROUP AUDITOR)
Messages from 500 to 599
CKG500I Connect revoke/resume is not supported in combination with UNTIL/FOR/LEN
Explanation:
The REVOKE, NOREVOKE, RESUME, and NORESUME parameters are not allowed on a
CONNECT command for temporary commands
(commands with UNTIL/LEN/FOR specified).
Severity:
08
CKG501I Unable to read connect information
Explanation:
CKGRACF was unable to read the connect information of a connect profile. Maybe this profile was garbled.
Severity:
08
CKG502I
class not a valid class for command
Explanation:
You tried to specify USER/GROUP/
CONNECT for a command command.
Severity:
12
CKG503I
class profile profile for command not
found
Explanation:
The profile for the command command could not be found, because it was not (properly) specified. For fully qualified generics, check that you specified generic.
Severity:
08
CKG504I
Explanation:
The profile for the command command could not be found, because it was not (properly) specified.
Severity:
08
class profile profile for command not
found
64
Messages Guide
in the resource HLQ group owner chain
Explanation:
This message indicates that a user is not
GROUP SPECIAL in any group in the resource HLQ group owner chain. If read access to the resource was asked, the message also indicates that the user is not
GROUP OPERATIONS or GROUP AUDITOR in any group in the resource HLQ group owner chain. The resource is indicated by the preceding CKG415I message.
Severity:
00
CKG505I Failed to parse queued command
Explanation:
An already stored queued command could not be parsed during reading. It was changed after queuing.
Severity:
12
CKG506I CMD subcommand not supported
Explanation:
The RACF command you specified for
CMD is not supported.
Severity:
12
CKG507I CMD subcommand parsing error
Explanation:
The syntax of the RACF command given to CMD was incorrect. Check the syntax of the command.
Severity:
12
CKG508I Internal error in IKJPARS
Explanation:
An error occurred during parsing of the specified RACF command. Check the syntax of the command.
Severity:
20
CKG509I Could not prompt for parameters
Explanation:
The RACF command given to CMD needs further input, which could not be given in a noninteractive session.
Severity:
12
CKG510I ATTN pressed
Explanation:
The ATTN key was pressed during the parsing of the specified RACF command.
CKG511I • CKG573I
Severity:
12
CKG511I Unknown RACF parse error
Explanation:
An error was issued during parsing of the RACF command that is unknown to either the parser or CKGRACF.
Severity:
20
CKG512I FROM not allowed for UNTIL/FOR/LEN
Explanation:
The FROM parameters on the PERMIT command are not supported for temporary commands
(commands with UNTIL/LEN/FOR specified). Request the reverse commands yourself through CMD AT.
Severity:
12
CKG513I WHEN is not supported with
UNTIL/FOR/LEN
Explanation:
Modifying the conditional access list of a profile is not supported for temporary commands
(commands with UNTIL/LEN/FOR specified). Request the reverse commands yourself through CMD AT.
Severity:
12
CKG514I RESET not allowed for
UNTIL/FOR/LEN
Explanation:
Resetting the access list is not allowed for temporary commands (commands with
UNTIL/LEN/FOR specified). Issue the reverse commands through extra CMD commands.
Severity:
12
CKG515I Only one ID supported for
UNTIL/FOR/LEN
Explanation:
The ID() parameter for the PERMIT command can only have one ID specified for temporary commands (commands with
UNTIL/LEN/FOR specified). Issue multiple CMD commands.
Severity:
12
CKG516I Access EXECUTE only allowed for classes DATASET and PROGRAM
Explanation:
The access level of EXECUTE for the
PERMIT command is only allowed with the classes
DATASET and PROGRAM.
Severity:
08
CKG517I
Explanation:
The user ID parameter of a CONNECT or REMOVE command can only have one user ID specified. Issue multiple CMD commands.
Severity:
12
Only one userid supported for
CONNECT/REMOVE
CKG518I UNTIL/FOR/LEN only allowed with
PERMIT/CONNECT/REMOVE, and not with
command
Explanation:
The only supported commands for
UNTIL/FOR/LEN are PERMIT/CONNECT/REMOVE.
Severity:
12
CKG530I INDD, OUTDD, and ERRDD only valid in the parameter string.
Explanation:
An occurrence of INDD, OUTDD, or
ERRDD was encountered outside of a PARM string.
Severity:
12
CKG569I Specified ID
id not USER or GROUP
Explanation:
The user ID specified on the ACCESS command was neither a user nor a group. The syntax is
CKGRACF ACCESS <id> <class> <resource>.
Severity:
08
CKG570I Class
class is not active
Explanation:
The requested ACCESS is undecided, because the class is not active. Most applications allow access in this case.
Severity:
00
CKG571I Class
class is not defined to RACF
Explanation:
The requested ACCESS is undecided, because the class is not defined in the class descriptor table. Most applications allow access in this case.
Severity:
00
CKG572I RACF is inactive
Explanation:
The requested ACCESS is undecided, because RACF is not active. Most applications allow access in this case.
Severity:
00
CKG573I RACF is inactive and class
class is not
active
Explanation:
The requested ACCESS is undecided, because RACF is not active and the class is also inactive. Most applications allow access in this case.
Chapter 3. CKG messages
65
CKG574I • CKG585I
Severity:
00
CKG574I RACF is not installed, or has an insufficient level
Explanation:
The requested ACCESS is undecided, because RACF was not installed or is not at a sufficient level to support the CKGRACF query. Most applications allow access in this case.
Severity:
00
CKG575I
Explanation:
The requested ACCESS is undecided. A
RACSTAT call was done for the class, but the return code has no built-in interpretation. Most applications allow access in this case.
Severity:
00
Unsupported STAT return code. SAF
(hex)
nn; RACF (hex) nn
CKG576I Current status:
status
Explanation:
This message is printed in case of an abend. During command processing, it may be followed by message CKG952I. status gives a rough indication of the program's activity at the time of the abend.
Severity:
00
CKG577I Current command:
command
Explanation:
This message is printed in case of an abend, if the abend occurs during command processing. It follows message CKG951I. command indicates the current command being processed.
Severity:
00
CKG578I
class profile contains a TVTOC
Explanation:
The ACCESS command issued this unexpected response.
Severity:
00
CKG579I
class profile can contain a TVTOC, but
currently does not
Explanation:
The ACCESS command issued this unexpected response.
Severity:
00
CKG580I
class profile does not contain a TVTOC
Explanation:
The ACCESS command issued this unexpected response.
Severity:
00
CKG581I [ New | Default ] password phrase prepared for RRSF propagation
Explanation:
This message notifies the user that
CKGRACF concluded that a password synchronization package was in control and required password phrases to be passed in cleartext. The only commands that can be synchronized are PWSET PHRASE and PWSET
PASSWORD. Password phrases in queued PWSET
PHRASE commands are two-way encrypted (hashed) with a fixed key. When such a command is being completed, its password phrase is decrypted and then sent as cleartext with ENCRYPT=YES.
Severity:
00
CKG582I
type has level access to class profile
Explanation:
This is a response to the ACCESS command. The user or group (type) has access level
level to the specified profile in class class.
Severity:
00
CKG583I
class profile is unprotected, protectall in
warning mode
Explanation:
This is a response to the ACCESS command. The user or group can access the data set freely because there is no generic profile for the specified resource and RACF operates in
PROTECTALL(WARNING) mode. A warning message will be issued, but access will be allowed. There is one exception: if there is a discrete data set profile, the resource might in fact be protected. The current
ACCESS command does not support discrete data set profiles.
Severity:
00
CKG584I
Explanation:
This is a response to the ACCESS command. The user or group cannot access the data set because there is no generic profile for the specified resource and RACF operates in PROTECTALL(FAIL) mode. There is one exception: if there is a discrete data set profile, the resource might in fact be accessible. The current ACCESS command does not support discrete data set profiles.
Severity:
00
class profile is protected by protectall fail
mode
CKG585I
class profile is unprotected because of
noprotectall
Explanation:
This is a response to the ACCESS command. The user or group can access the data set freely because there is no generic profile for the specified resource and RACF operates in
NOPROTECTALL mode. There is one exception: if there is a discrete data set profile, the resource might in
66
Messages Guide
fact be protected. The current ACCESS command does not support discrete data set profiles.
Severity:
00
CKG586I
class profile protection undecided by SAF,
application decides
Explanation:
The requested ACCESS is undecided.
The class is active but no matching profile was found.
Some applications allow access in this case, some do not.
Severity:
00
CKG587I
type is not authorized to class profile
Explanation:
This is a response to the ACCESS command. The user or group cannot access the resource.
Severity:
00
CKG588I
Explanation:
This is a response to the ACCESS command. The user or group cannot access the resource.
Severity:
00
type is not authorized to use volume
volser
CKG589I
type is not authorized to use class profile
Explanation:
This is a response to the ACCESS command. The user or group (type) cannot access the resource.
Severity:
00
CKG590I
type is not authorized to open
non-cataloged dataset
Explanation:
This is a response to the ACCESS command. The user or group (type) cannot access the resource because of the CATDSNS setting.
Severity:
00
CKG591I
type is not authorized when system is in
tranquil state
Explanation:
This is a response to the ACCESS command. The user or group (type) cannot access the resource because the system is in MLQUIET tranquilized state.
CKG592I
type has EXECUTE access to class profile
Explanation:
This is a response to the ACCESS command. Generally you will not see this message.
Severity:
00
CKG586I • CKG599I
CKG593I
class profile seclabel not dominated by
user
Explanation:
This is a response to the ACCESS command. The user or group (type) cannot access the resource because the resource has a seclabel that is not dominated by the user.
Severity:
00
CKG594I
class profile seclabel cannot be dominated
by user
Explanation:
This is a response to the ACCESS command. The user or group (type) cannot access the resource because the resource has a seclabel that is not dominated by the user.
CKG595I
class profile required seclabel missing
Explanation:
This is a response to the ACCESS command. The user or group (type) cannot access the resource because either the resource or the user has a seclabel and the other does not.
Severity:
00
CKG596I REQUEST=VERIFY was failed by exit
Explanation:
This is a response to the ACCESS command. Access checking failed because a site exit prevented a security environment to be established for
CKGRACF.
Severity:
00
CKG597I
type has been revoked
Explanation:
This is a response to the ACCESS command. Access checking failed because a security environment cannot to be established for CKGRACF.
This happens because the user is currently revoked.
Severity:
00
CKG598I
type has insufficient or no seclabel
Explanation:
This is a response to the ACCESS command. Access checking fails because a security environment cannot to be established for CKGRACF.
This happens because the user seclabel is missing or insufficient.
Severity:
00
CKG599I Unsupported AUTH return code: SAF
RC (hex)
nn; RACF RC (hex) nn; RACF
reason (hex)
nn; Class class; Profile profile
Explanation:
This is a response to the ACCESS command. It is a catchall message for SAF and RACF return codes that are not interpreted into text messages by CKGRACF.
Chapter 3. CKG messages
67
CKG600I • CKG610I
Severity:
00
Messages from 600 to 699
CKG600I Profile
class profile not found
Explanation:
The indicated profile was specified as the target of the current command, but does not exist. The current command cannot be performed. Use
DEBUG RACROUTE to view the RACROUTE return codes; message CKG404I (for USER profiles) or
CKG405I (for all other profile types) indicates the
RACROUTE,request=EXTRACT return codes.
Severity:
08
CKG601I Owner of profile
class profile (ID=owner)
not found
Explanation:
The owner of the indicated profile is
owner; this is neither a user ID nor a group ID. This indicates an error in the RACF database; run the
VERIFY PERMIT command.
Severity:
04
CKG602I Profile
class profile leads to owner loop
Explanation:
The owner of the indicated profile is a group whose owner tree leads to a loop. This indicates an error in the RACF database; run the
VERIFY GROUPTREE command.
Severity:
20
CKG603I Scope profile too long for
class profile
Explanation:
The scope resource name for the indicated profile cannot be constructed, since it would be over 255 characters. The scope check for the indicated profile will always fail. This can be solved by simplifying the group tree structure in your RACF database.
Severity:
08
CKG604I
Explanation:
Access to the command at input file file, line n, required access access to the command resource
resource. Access was denied; the command will not be executed.
Severity:
08
Access
access to command resource class
resource denied for command at file line
n
CKG605I Profile
class profile not in scope for
command at
file line n
Explanation:
Access to the target profile class profile for the command at input file file, line n, was denied after both the SCP profiles had been checked. The
68
Messages Guide command will not be executed. To determine the cause of this message, you can use the "Show CKGRACF command flow" in SETUP TRACE when in IBM
Security zSecure Admin and Audit for RACF, or use the CKGRACF DEBUG command directly. This will show the access checks that are performed, so that you can examine the situation, and possibly request additional authorities.
Severity:
08
CKG606I Access to userdata failed for
class profile
and index '
index' for command at file line
n
Explanation:
Access to the USR entries with the indicated index of the target profile class profile for the command at input file file, line n, was denied. The
USRDATA command will not be executed.
Severity:
08
CKG607I
type password occurs in password
history
Explanation:
The new password or new default password specified by type occurs in the user's password history. No new password or default password will be set.
Severity:
08
CKG608I Open failed for imbedded member
member of file ddname dataset dsname
Explanation:
This message indicates that an INCLUDE or IMBED command was given for a member, but the member could not be opened in the data set allocated to the file. Review the job log for a MVS/DFP message or abend code.
Severity:
12
CKG609I
Explanation:
This message indicates that an INCLUDE or IMBED command was given for a file, but the file could not be opened. Review the job log for a message or abend code.
Severity:
12
Open failed for imbedded file
ddname
dataset
dsname
CKG610I
action action for field failed
Explanation:
This message indicates that an action for
field failed for the FIELD command.
Severity:
08
CKG611I
Explanation:
This message indicates that a
PWCONVERT command was not executed, since the user did not have SPECIAL authority.
Severity:
08
PWCONVERT command refused - user not SPECIAL
CKG612I Password for user
user is not hashed
Explanation:
This message indicates that a
PWCONVERT command for target user user was not executed, since the target user's current password was not hashed.
Severity:
08
CKG613I
Explanation:
This message indicates that a
PWCONVERT command for target user user was not executed, since the target user's de-hashed password could not be encrypted using the installation's encryption method. This may be due to the installation's password-encryption exit ICHDEX01 or
ICHDEX11. Use DEBUG SAFRC to view the
RACROUTE return codes; message CKG406I i indicates the RACROUTE encryption return codes.
Severity:
08
Could not convert password for user
user
CKG614I RDELETE command refused - user not
SPECIAL
Explanation:
This message indicates that an RDELETE command was not executed, since the user did not have SPECIAL authority.
Severity:
08
CKG615I
Explanation:
This message indicates that a USER command was used with a queued-command action invalid for user with multiple-authority requirement
authority.
Severity:
08
Command action invalid for user
user
with '
authority' requirement; command at
file line n
CKG616I No default [ password | password phrase] found - prompting
Explanation:
This message indicates that a USER
PWSET DEFAULT command or a USER
PWSET DEFAULT PHRASE command was issued and no default password or password phrase was found.
(This can be due to a USER PWDEFAULT DELETE command in the same USER command.) CKGRACF tries to prompt for a new password or password
CKG611I • CKG620I
phrase. If this fails, message CKG618I is issued.
Severity:
00
CKG617I Prompting for default [ password | password phrase] failed
Explanation:
This message indicates that a USER
PWDEFAULT PROMPT command or a USER
PWDEFAULT PROMPT PHRASE command was issued. CKGRACF tried to prompt for a default password or password phrase, but this failed. This might be due to the user's profile settings, for example,
PROFILE NOPROMPT. The USER command is not executed.
Severity:
08
CKG618I Prompting for [ password | password phrase] failed
Explanation:
This message indicates that a
USER PWSET PROMPT command or a USER PWSET
PROMPT PHRASE command was issued and no default password or password phrase was found.
CKGRACF tried to prompt for a password or password phrase, but this failed. This might be due to the user's profile settings; for example, PROFILE NOPROMPT.
The USER command is not executed.
Severity:
08
CKG619I Could not read previous [ password | password phrase]
Explanation:
This message indicates that a
USER PWSET PREVIOUS command or a USER
PWSET PREVIOUS PHRASE command was issued, but the previous password or password phrase could not be read because, for example, the previous password phrase was created when KDFAES was not in effect.
The USER command is not executed.
Severity:
08
CKG620I Requested command was already in queue
Explanation:
This message indicates that a USER command was used with the REQUEST option, but that the requested command was already in the target command queue. The previously queued command must be completed, denied, or withdrawn before the request can be allowed. Remember that the target profile for CONNECT and REMOVE is the GROUP profile, not the USER profile.
Severity:
08
Chapter 3. CKG messages
69
CKG620 • CKG631I
CKG620 Requested/asked command was already in queue
Explanation:
This message indicates that a USER command was used with the REQUEST or ASK option, but that the requested command was already in the target command queue. The previously queued command must be completed, denied, or withdrawn before the request can be allowed. Remember that the target profile for CONNECT and REMOVE is the
GROUP profile, not the USER profile.
Severity:
08
CKG621I Command not found in queue
Explanation:
This message indicates that a USER command was used with the WITHDRAW, SECOND, or COMPLETE option, but that the requested command was not found in the user's command queue or had already been made inactive.
Severity:
08
CKG622I Could not replace userdata with index
'
index': old data not found
Explanation:
This message indicates that a
USRDATA REPLACE command failed for USR entries with the indicated index; there was no entry with the old value.
Severity:
08
CKG623I
type password not allowed by password
rules
Explanation:
This message indicates that a new password or new default password indicated by type failed to match any of the system's password rules. The new password or new default password will not be used.
Severity:
08
CKG624I ABEND in PWDX exit - suppressed from now on
Explanation:
This message indicates an abend occurred during the call to the installation's new-password exit ICHPWX01. The exit will not be called again during the current run of CKGRACF.
Severity:
08
CKG625I Could not prompt for password
Explanation:
This message indicates that a prompt to enter or reenter a new password failed. This can be due to the user's profile settings (for example,
PROFILE NOPROMPT).
Severity:
08
70
Messages Guide
CKG626I
Explanation:
This message indicates that the passwords entered and reentered at the prompt do not match. Another attempt will be made to prompt for a password. Enter an empty password twice to exit the prompting.
Severity:
00
Passwords are not identical - prompting again
CKG627I Reason does not fit in USRDATA; truncated
Explanation:
This message indicates that the reason field specified with a USER SCHEDULE command to be queued does not fit in the USRDATA repeat-group.
The part of the reason that does fit will be included; the rest will be lost. This message can only occur if the active or backup RACF database is non-restructured.
Severity:
04
CKG628I
Explanation:
This message indicates that the queued-command action requested-action was specified.
This action is not allowed after the indicated previous
action for a user ID with multiple-authority requirement
setting.
Severity:
08
Action '
requested-action' not allowed; last
action '
action'; authority 'setting'
CKG629I
Explanation:
This message indicates that the queued-command action requested-action was specified.
This action is not allowed because the user performed the earlier action indicated. Each queued-command command action must be performed by a different user.
Severity:
08
Action '
requested-action' not allowed; you
performed '
action'
CKG630I Action not allowed; command has expired
Explanation:
This message indicates a queued-command action was specified that is not allowed because the queued command has expired.
Severity:
08
CKG631I Unknown CKGRACF-reserved entry with index '
index'
Explanation:
This message indicates the LIST command encountered an unknown
CKGRACF-reserved USR entry with the indicated
index. This may be due to settings not made by
CKGRACF, or due to settings made with a newer
CKGRACF release during, for example, a trial install.
These entries can be deleted using WIPE UNDEFINED.
Severity:
08
CKG632I Could not delete userdata elements with index '
index'.
Explanation:
This message indicates the USRDATA command could not delete an USR entry elements with the indicated index. Either no such elements could be found, or the specified USRDATA value for the USR entry did not match.
Severity:
08
CKG633I
Explanation:
Access to the indicated schedule was denied for the USER SCHEDULE command.
Severity:
08
Access to schedule '
schedule' denied for
command at
file line n
CKG634I Authority setting has a wrong format
Explanation:
This message indicates that a multiple-authority setting was encountered that has a wrong format. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use
AUTHORITY DELETE or WIPE AUTHORITY to delete the multiple-authority setting from the target user ID; if the error occurs again, contact IBM Software Support.
Severity:
12
CKG635I Default [ password | password-phrase ] setting has a wrong format
Explanation:
This message indicates that a default-password or default-password-phrase setting was encountered that has a wrong format. This might indicate a defect in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use the USER
PWDEFAULT DELETE [PASSWORD | PHRASE] command to delete the incorrect setting from the target user ID. If the message refers to a password setting, you can also try to use the WIPE DEFAULTPW subcommand to delete the default password for the user ID. If the error occurs again, contact IBM Software
Support.
Severity:
12
CKG636I Wrong length
size specified for field
'
description'
Explanation:
This message indicates that the value specified for the field with the indicated description to be replaced or deleted had the wrong size indicated.
The reference for the FIELD command specifies the size that must be used.
CKG632I • CKG641I
Severity:
08
CKG637I Field '
description' not available.
Explanation:
This message indicates that the field with the indicated description to be displayed, replaced or deleted was not available. If this message is not printed as the result of a FIELD command, it indicates an internal error condition; contact IBM Software Support.
Severity:
08
CKG638I Values for field '
description' do not match
Explanation:
This message indicates that the field with the indicated description to be replaced or deleted does not match the value supplied. It is issued as a result of the FIELD command.
Severity:
08
CKG639I Queued command has a wrong format
Explanation:
This message indicates that a queued command was encountered that has a wrong format.
This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the target user ID; if the error occurs again, contact IBM Software Support.
Severity:
12
CKG640I
Explanation:
This message indicates that a USER command for target user user was not executed, since the new password or new default password (indicated by type) could not be encrypted using the installation's encryption method. This may be due to the installation's password-encryption exit ICHDEX01 or
ICHDEX11. Use DEBUG SAFRC to view the
RACROUTE return codes; message CKG406I indicates the RACROUTE encryption return codes.
Severity:
08
Could not encrypt
type password for
user
user
CKG641I
type password not allowed by
new-password exit
Explanation:
This message indicates that a new password or new default password indicated by type was not allowed by the installation's new-password exit
ICHPWX01. The new password or new default password will not be used.
Severity:
08
Chapter 3. CKG messages
71
CKG642I • CKG651I
CKG642I Scheduled action has a wrong format
Explanation:
This message indicates that a scheduled revoke/resume action was encountered that has a wrong format. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use
WIPE SCHEDULE to delete the scheduled actions from the target user ID; if the error occurs again, contact IBM
Software Support.
Severity:
12
CKG643I Press enter twice for no action
Explanation:
This message does not indicate an error.
It is printed before a password is prompted, and indicates that password prompting can be ended by pressing Enter twice.
Severity:
00
CKG644I No password entered
Explanation:
This message indicates that two empty passwords were entered at the prompt. This ends prompting; since no password was entered, the USER command will not be executed.
Severity:
08
CKG645I Previous [ password | password phrase] changed during queuing
Explanation:
This warning message indicates that, during the execution of a queued
USER PWSET PREVIOUS command, it was discovered that the previous password or password phrase was changed while the command was queued. The USER command uses the value of the previous password or password phrase from the time that the command was requested and first queued.
Severity:
04
CKG646I Default [ password | password phrase] changed during queuing
Explanation:
This warning message indicates that, during the execution of a queued
USER PWSET DEFAULT, USER PWRESET, or USER
PHRESET command, it was discovered that the default password or password phrase was changed or deleted while the command was queued. The USER command will use the value of the default password or password phrase from the time that the command was requested and first queued.
Severity:
04
CKG647I Field "
field" is read only
Explanation:
An unexpected return code was returned by ICHEINTY. Contact IBM Software Support.
Severity:
08
CKG648I
Explanation:
This warning indicates that the changes made will not be available in RACF nodes synchronized by the indicated subsystems - the only commands that will be synchronized are PWSET
PASSWORD and PWSET PHRASE.
Severity:
04
Password change will not be sent to
package partner nodes
CKG649I
type password prepared for RRSF
propagation
Explanation:
This messages notifies the user that
CKGRACF concluded that a password synchronization package was in control that required passwords to be passed in cleartext. The only commands that can be synchronized are PWSET PASSWORD and PWSET
PHRASE. Passwords in queued PWSET PASSWORD commands are two-way encrypted (hashed) with a fixed key. When such a command is being completed, its password is decrypted and then sent as cleartext with ENCRYPT=YES.
Severity:
00
CKG650I Encountered timestamp from future date
Explanation:
This message indicates that a queued command contained a timestamp from a future date.
This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support.
Severity:
12
CKG651I Encountered unknown queued-command code
Explanation:
This message indicates that a queued command contained unknown data. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support.
Severity:
12
72
Messages Guide
CKG652I
Explanation:
This message indicates that a queued command contained an unknown status flag. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support.
Severity:
12
Encountered unknown queued-command status
CKG653I No default [ password | password phrase] available
Explanation:
A USER PWRESET or USER PHRESET command failed because no default password or password phrase was available. This can be due to a
PWDEFAULT DELETE subcommand in the same USER command, or because no default password or password phrase is set for the target user.
Severity:
08
CKG654I Password in queued command two-way encrypted with unknown method
Explanation:
This message indicates that a queued command contained unusable data. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support.
Severity:
12
CKG656I A PWDX change requires a PASSWORD change in the same FIELD command
Explanation:
When a FIELD command with action
ADD, SET, or REPLACE specifies a PWDX field, the same command must specify a PASSWORD field as well.
Severity:
12
CKG657I A PHRASEX change requires a PHRASE change in the same FIELD command
Explanation:
When a FIELD command with action
ADD, SET, or REPLACE specifies a PHRASEX field, the same command must specify a PHRASE field as well.
Severity:
12
CKG658I Field
field is not allowed because KDFAES
is not supported on this system
Explanation:
This system does not support KDFAES.
Therefore, fields PWDX and PHRASEX cannot occur in
FIELD commands.
CKG652I • CKG662I
Severity:
12
CKG659I IRRSPW00: SAF RC (hex)
safrc; RACF
RC (hex)
racfrc; RACF reason (hex)
racfreas
Explanation:
There was an error in callable service
IRRSPW00. Contact IBM Software Support.
Severity:
24
CKG660I
Explanation:
The USER PWSET command cannot be used to change the password or password phrase of a protected user. Use the USER userid PWSET
NOPROTECTED command to remove the protected status of the target user ID before changing the password or password phrase of the user.
Severity:
08
PWSET option option not allowed - use
NOPROTECTED first
CKG661I Could not read profile data from
class profile
Explanation:
This message indicates that (part of) the indicated profile could not be read. The profile exists but may lack a specific segment. For example, a
BINDPW field is addressed but the profile does not have a PROXY segment. Use DEBUG ICHEINTY to view more detailed information.
Severity:
08
CKG662I Could not write profile data to
class profile
Explanation:
This message indicates that the indicated
profile could not be updated. This may be because the target profile does not exist, or because the profile has become too large due to many CKGRACF USRDATA entries. Use DEBUG ICHEINTY to view more detailed information.
If the profile is too large, consider running a WIPE command possibly followed by re-adding still relevant commands. For information, see the WIPE command documentation in the IBM Security zSecure Admin and
Audit for RACF: User Reference Manual.
If this message is issued for more than one profile, or if it reoccurs on a regular basis, the period during which
CKGRACF keeps expired commands in the profiles for auditing purposes might be too long. This setting can be verified with the SHOW CKRSITE command. For information on the SHOW command, see the IBM
Security zSecure Admin and Audit for RACF: User
Reference Manual. For information on changing the value for the CKRSITE Keep Command parameter, see the IBM Security zSecure CARLa-Driven Components:
Installation and Deployment Guide.
Chapter 3. CKG messages
73
CKG663I • CKG675I
Severity:
08
CKG663I
Explanation:
This message indicates that the indicated
profile could not be deleted. This may be because the target profile does not exist. Use DEBUG ICHEINTY to view more detailed information.
Severity:
08
Could not delete profile
class profile [
vol(
volser) ]
CKG664I Profile
class profile not found
Explanation:
This message indicates that the indicated
profile could not be found. Probably the profile does exist; you may have made a typing error. Use
DEBUG ICHEINTY to view more detailed information.
Severity:
08
CKG665I Unable to determine CKGAUTH for
class and index "profile" for command
Explanation:
The internal multiple authority requirement for the specified profile could not be determined.
Severity:
00
CKG666I Unable to execute timed temporary command because UNTIL date is already past
Explanation:
A temporary command was scheduled for a time period from AT date to UNTIL date, but was not executed before the UNTIL date passed. This command can not be executed anymore, and will be forcibly expired.
Severity:
08
CKG667I RACF command execution failed
Explanation:
A queued command could not be executed during a REFRESH. This could mean that a temporary command will not be undone! Check the profile manually for the failed command.
Severity:
08
CKG668I Unable to reverse command
command
Explanation:
The indicated command was to be issued temporarily. However, an attempt to reverse the meaning of the command has failed. Reversal may have to be done manually.
Severity:
08
CKG669I Internal error in procedure
name; reason:
reason
Explanation:
This message indicates that an internal error occurred. Note the procedure name and, if present, the reason, and contact IBM Software Support.
Severity:
24
CKG670I
Explanation:
A racfdata profile does not allow the user to specify a certain RACF parameter or value. The
index indicates the parameter. For information on the indices, refer to the IBM Security zSecure Admin and
Audit for RACF: User Reference Manual.
Severity:
08
Access to racfdata failed for
class prefix
and index
index for command command
CKG671I Command already deleted
Explanation:
Occurs when multiple identical commands have to be deleted, for example, due to expiration.
Severity:
04
CKG672I Scheduled event already deleted.
Explanation:
This message indicates that a duplicate scheduled event has been deleted.
Severity:
04
CKG673I IMBED parameters FILEDESC/PATH mutually exclusive with DD/MEM
Explanation:
This message indicates that a
FILEDESC/PATH parameter has been used in conjunction with a DD/MM parameter.
Severity:
12
CKG674I Answer to question Q
nn hashed with
unknown function
Explanation:
The answer to question Qnn has an unknown format because it has been hashed with an unknown function
Severity:
08
CKG675I Question Q
nn is question
Explanation:
This message shows question nn.
Severity:
00
74
Messages Guide
CKG676I • CKG689I
CKG676I Authentication by questions failed
Explanation:
Some answers are wrong.
Severity:
08
CKG677I Authentication by questions succeeded
Explanation:
All answers are right.
Severity:
00
CKG678I Could not list question Q
nn
Explanation:
Question nn cannot be listed because it does not exist.
Severity:
04
CKG679I Could not delete question Q
nn
Explanation:
Question nn cannot be deleted because it does not exist.
Severity:
08
CKG680I Could not verify question Q
nn
Explanation:
Question nn cannot be verified because it does not exist.
Severity:
08
CKG681I User or group profile
profile not found
Explanation:
The user or group profile profile does not exist.
Severity:
04
CKG682I Password phrase change will not be sent to package partner nodes.
Explanation:
This message indicates that the changes made will not be available in RACF nodes synchronized by the indicated subsystems. The only commands that will be synchronized are PWSET
PHRASE and PWSET PASSWORD.
Severity:
04
CKG683I Password phrase has fewer than minimum characters
Explanation:
The password phrase must have at least
9 characters when the new-password-phrase exit
(ICHPWX11) is present. The password phrase must have at least 14 characters when ICHPWX11 is not present.
Severity:
08
CKG684I [ New | Default ] password phrase contains more than 2 consecutive characters that are identical.
Explanation:
The password phrase must not contain more than 2 consecutive characters that are identical.
Severity:
08
CKG685I [ New | Default ] password phrase must contain at least 2 alphabetic characters.
Explanation:
The password phrase must contain at least 2 alphabetic characters (A - Z or a - z).
Severity:
08
CKG686I [ New | Default ] password phrase must contain at least 2 non-alphabetic characters.
Explanation:
The password phrase must contain at least 2 non-alphabetic characters; that is, numerics, punctuation, or special characters.
Severity:
08
CKG687I [ New | Default ] password phrase contains the user ID.
Explanation:
The password phrase must not contain the user ID as sequential uppercase or sequential lowercase characters.
Severity:
08
CKG688I ABEND in new-password-phrase exit suppressed from now on.
Explanation:
An abend occurred during the call to the installation’s new-password-phrase exit ICHPWX11.
The exit will not be called again during the current run of CKGRACF.
Severity:
08
CKG689I Password phrase in queued command two-way encrypted with unknown method.
Explanation:
A queued command contains unusable data. This might indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE
QUEUE to delete the queued commands from the user
ID. If the error occurs again, contact IBM Software
Support.
Severity:
12
Chapter 3. CKG messages
75
CKG690I • CKG701I
CKG690I Could not encrypt [ New | Default ] password phrase for user
user.
Explanation:
A USER command for target user user was not executed, since the new password phrase could not be encrypted. Use DEBUG SAFRC to view the RACROUTE return codes; message CKG406I indicates the RACROUTE encryption return codes.
Severity:
08
CKG691I
Explanation:
The new password phrase occurs in the password phrase history of the user. No new password phrase will be set.
Severity:
08
[ New | Default ] password phrase occurs in password phrase history.
CKG692I [ New | Default ] password phrase not allowed by new-password-phrase exit.
Explanation:
A new password phrase was not allowed by the installation’s new-password-phrase exit
ICHPWX11. The new password phrase will not be used.
Severity:
08
CKG693I RACLINK ID(
userid) UNDEFINE(node.id)
failed - no association found
Explanation:
A user ID association between user userid on the local node and user id on node node was not found in the userid profile. Consequently, the specified association was not undefined.
Severity:
08
CKG694I [NOPASSWORD | NOPHRASE] option not allowed - add a [PHRASE |
PASSWORD] first or use PROTECTED
Explanation:
The USER PWSET NOPASSWORD command or the USER PWSET NOPHRASE command would create a user without a password and without a phrase.
User response:
Either assign a value to the other field or make the user protected using the USER PWSET
userid PROTECTED command.
Severity:
08
Messages from 700 to 799
CKG700I Expected decimal value instead of
type
"
value" at file line number
Explanation:
This message indicates that a non-decimal value was encountered where a decimal value was expected.
Severity:
12
76
Messages Guide
CKG695I There is no server active with
SERVERTOKEN=
name
Explanation:
An attempt was made to access the zSecure Server with SERVERTOKEN=name, but an active server with the specified server token was not located.
User response:
Verify that the server token is correct in SETUP RUN when running the ISPF user interface.
If the token is correct, ensure that the server is still running. Restart the server if it is not running.
Severity:
0
CKG696I Client connection to server failed
RC=
decnum
Explanation:
An attempt to access the zSecure Server failed with the indicated return code. If one or more fields were specified that required server access, these fields could not be verified.
4
8
Return code values:
2
See the prior server-error CKN message. The message is prefixed by the ZSECSYS name of the server.
12
Did not all fit in buffer
Unsupported function
Caller not authorized as client
16
Parameters not valid
User response:
Look for CKN* server messages before this message and follow their guidance. For return codes greater than 2, restart the server to see whether the problem disappears.
Severity:
00
CKG697I Default password phrase can only be set when using the KDFAES algorithm.
Explanation:
The PWDEFAULT PHRASE subcommand is only supported if the KDFAES password hashing algorithm is used. You can change the current password algorithm using the SETROPTS
PASSWORD(ALGORITHM(KDFAES)).
Severity:
08
CKG701I Value
value (decimal) too large
Explanation:
This message indicates that a value was read that is too large to fit in the field. value indicates the value read after conversion to decimal.
Severity:
12
CKG702I
Explanation:
This message indicates that a value was read that is less than the indicated minimum value for the field. value indicates the value read after conversion to decimal.
Severity:
12
Value
value (decimal) less than
minimum
minimum
CKG703I
Explanation:
This message indicates that a value was read that is larger than the indicated maximum value for the field. value indicates the value read after conversion to decimal.
Severity:
12
Value
value (decimal) larger than
maximum
maximum
CKG704I Error during '
character' conversion of
string
string
Explanation:
This message indicates an error during the conversion of a string from binary, decimal, or hexadecimal. character indicates the type of conversion attempted; if omitted, an abend occurred during conversion.
Severity:
12
CKG705I Invalid conversion character '
character'
Explanation:
This message indicates that a quoted string was followed by a conversion character not supported by the current command. The only conversion characters supported for the current command are ' X' (convert from hexadecimal) and 'C'
(keep case as-is).
Severity:
12
CKG706I String with length
length is longer than
expected size
size
Explanation:
This message indicates that a string was read with the indicated length. The string is too large to fit in the field, which has a maximum size of size.
Severity:
12
CKG707I Keyword '
keyword' not allowed at file
line
number
Explanation:
This message indicates that a keyword was encountered that was recognized as a valid option for the current command, but is not allowed at the current position.
Severity:
12
CKG702I • CKG713I
CKG708I Keywords '
keyword one' and 'keyword two'
are mutually exclusive at
file line number
Explanation:
This message indicates that two keywords were encountered that are both valid options for the current command, but that are mutually exclusive. The indicated position is that of the second keyword.
Severity:
12
CKG709I Class '
class' not allowed at file line
number
Explanation:
This message indicates that a class was specified that is not allowed with the current command.
Severity:
12
CKG710I '
string' is not a valid user/groupid, size >
8
Explanation:
This message indicates that a user or group ID was specified that is not valid, since it is more than 8 characters long.
Severity:
12
CKG711I Invalid profile type '
character'
Explanation:
This message indicates that an invalid conversion character was specified with the RDELETE or USRDATA command. Valid conversion characters for either command are 'D' (discrete) and 'G' (generic).
Valid conversion characters for the RDELETE command only are 'C' (keep case as-is) and 'X' (convert from hexadecimal).
Severity:
12
CKG712I
Explanation:
This message indicates that an interval was specified with the USER command that is larger than the system-defined maximum set by the
SETROPTS PASSWORD(INTERVAL) command.
Severity:
12
Interval value larger than SETROPTS maximum
maximum
CKG713I Keyword '
keyword' not allowed in batch
or APPC mode
Explanation:
The keyword specified is not allowed in batch mode.
Severity:
12
Chapter 3. CKG messages
77
CKG714I • CKG726I
CKG714I
Explanation:
The default option of the
USER PWDEFAULT command is not allowed in batch mode.
Severity:
12
PWDEFAULT default option 'PROMPT' not allowed in batch or APPC mode
CKG715I CNG* USRNM values are reserved
Explanation:
The USRDATA command was specified with an index value starting with CNG. These indexes are reserved for use by CKGRACF and cannot be accessed using the USRDATA command. CKGRACF settings can be listed using the LIST command.
Severity:
12
CKG716I Start-date must be earlier than end-date
Explanation:
In the USER SCHEDULE command, the start-date specified must be earlier than the end-date specified.
Severity:
08
CKG717I Left margin cannot exceed right margin
Explanation:
In the MARGINS(x,y) command, x (the left margin) cannot exceed y (the right margin).
Severity:
12
CKG718I CKGRACF terminated due to input errors
Explanation:
Previous messages indicate an error in the program parameters or command input file.
CKGRACF does not perform any command if the input is not syntactically correct. Correct the errors and run the program again.
Severity:
12
CKG719I Schedule date must be today or in the future
Explanation:
You specified a past schedule date with a
USER SCHEDULE REQUEST command. Requested schedule dates must be today or lie in the future. Note that a date entered in an invalid format may cause this message to be issued, since it is read as zero
(01JAN1900).
Severity:
12
CKG720I Invalid date '
date'
Explanation:
The specified date has an invalid format or contains an invalid date. Dates must have the format
01jan2000 (ISO-date) or 2001/365 (Julian date). An invalid date would be to specify February 29 in a non-leap year.
Severity:
12
CKG721I Discrete dataset profiles not allowed
Explanation:
You specified the "D" conversion character for a data set profile with the USRDATA command. The USR field of discrete data set profiles is not supported by CKGRACF.
Severity:
12
CKG722I Password value must be specified for password request
Explanation:
You specified the
USER PWSET PASSWORD or
USER PWDEFAULT PASSWORD command for a request. In this case, you must specify a password value between parentheses after the PASSWORD option, for example, PASSWORD(SECRET). The password value is only optional for an action other than REQUEST.
Severity:
12
CKG723I
Explanation:
For all classes except USER, only the options QUEUE and TAG are allowed with the LIST command. The QUEUE option will be the default for these classes.
Severity:
12
Only option QUEUE or TAG allowed with CLASS
class
CKG724I No command specified for CMD
Explanation:
The CMD command could not find any
RACF command in its command-line.
Severity:
12
CKG725I Start-date cannot be earlier than today
Explanation:
You specified an AT date on a CMD command that was already past.
Severity:
08
CKG726I No active commands specified,
CKGRACF terminated
Explanation:
You didn't specify any active commands on input to CKGRACF. Non-active commands are
DEBUG, INCLUDE and SUPPRESS.
Severity:
12
78
Messages Guide
CKG727I • CKG738I
CKG727I
Explanation:
The command command requires at least one option, which isn't provided.
Severity:
12
At least one option is required for the
command command
CKG728I PWNO* keywords require an additional keyword
Explanation:
This message is issued when
PWNOEXIT, PWNOHIST or PWNORULE are defined as the only keywords on a USER command. These keywords require another keyword (for example,
PWSET) to be effective and useful.
Severity:
12
CKG729I
Explanation:
This suppressible message indicates that a 2-digit year was encountered. By default, this is not allowed to prevent any year-2000 related confusion. In case this is a problem for backward compatibility, the message can be suppressed. In this case the 2-digit years are all interpreted as lying in the 20th century
(i.e. they are prefixed with 19, being backward compatible).
Severity:
12
Date value '
value' 2-digit year is
ambiguous
CKG730I Date '
date' is beyond the year 2069
Explanation:
This message is issued when a date beyond the year 2069 has been encountered. Such a late date probably results from a typo.
Severity:
04
CKG731I Question identifier expected
Explanation:
The word, if any, after a QUESTION action (SET, VERIFY, LIST, or DELETE) must be a question identifier Qnn, where nn is a nonnegative integer below 100.
Severity:
12
CKG732I Password phrase value must be specified for password phrase request.
Explanation:
You specified the USER PWSET PHRASE command for a request. In this case, you must specify a password phrase value between parentheses after the
PHRASE option, for example, PHRASE('This is a secret'). The password phrase value is only optional for an action other than REQUEST.
Severity:
12
CKG733I Field
field not supported on z/OS v.r and
below - field ignored
Explanation:
The field field in the USER profile is not supported on z/OS version v release r and below.
Reading or setting this field using the CKGRACF
FIELD command is ignored.
Severity:
04
CKG734I Password string longer than 8 bytes
Explanation:
The password entered on a CKGRACF
USER PWDEFAULT or CKGRACF USER PWSET command is longer than 8 bytes. RACF only supports passwords with a length smaller or equal to 8 bytes.
Choose a shorter password.
Severity:
12
CKG735I CKGRACF does not run under CMS
Explanation:
CKGRACF only runs under z/OS. If this message is shown under z/OS, contact IBM Software
Support.
Severity:
20
CKG736I Invalid multiple-authority requirement
value
Explanation:
The multiple-authority requirement set in the CKRSITE module is set to the unknown value
value. This indicates an error in installation.
Severity:
20
CKG737I Queued command expiration time
(
value) larger than auditing period (value)
Explanation:
The queued-command expiration time and the auditing period set in the CKRSITE module are in conflict. This indicates an error in installation.
Severity:
20
CKG738I
explanation; RACROUTE
REQUEST=STAT returned with
SAFRC=
safrc RACFRC=racfrc
RSNCODE=
rsncode
Explanation:
The RACROUTE REQUEST=STAT call to determine whether the class set in the CKRSITE module is available, indicates that RACF or the class is not available. explanation contains a human-readable explanation of the return codes shown in the message
(in hex).
Severity:
20
Chapter 3. CKG messages
79
CKG739I • CKG749I
CKG739I RACF >= 1.8 required
Explanation:
A RACF version before 1.8 is active.
CKGRACF requires RACF version 1.8 or later.
Severity:
20
CKG740I CKGRACF must run APF-authorized
Explanation:
CKGRACF must run APF-authorized.
This can be caused, for example, by not including
CKGRACF in the TSO authorized command list
(AUTHCMD) in PARMLIB member IKJTSOxx. You can activate changes to this member without an IPL by using the TSO PARMLIB command. For more information on the PARMLIB command, see the TSO/E
System Programming Command Reference.
Severity:
20
CKG741I No ACEE could be found from TCB or
ASXB
Explanation:
CKGRACF could not find an ACEE for the current user.
Severity:
20
CKG742I Neither CKGPRINT nor SYSTERM allocated and no TSO; CKGRACF terminated
Explanation:
This message is printed when
CKGPRINT and SYSTERM are not allocated. In this case, CKGRACF is unable to generate any output, and will terminate before parsing or executing any commands.
To send the output directly to the TSO terminal, issue the TSO command ALLOC FILE(CKGPRINT) DA(*) before giving the CKGRACF command. You may free
CKGPRINT afterwards with FREE FILE(CKGPRINT).
Severity:
16
CKG743I No SYSTERM allocated
Explanation:
This message is issued when SYSTERM is not allocated. All output will still appear on
CKGPRINT.
Severity:
00
CKG744I Profile name contains invalid character
character at position position
Explanation:
The input string for the profile name is not valid because it contains a character that is not allowed in profile names.
Severity:
12
CKG745I
Explanation:
There must be single quotes around the password phrase value in the PWSET PHRASE option, as in PHRASE('This is a secret'). If a single quotation mark is intended to be part of the password phrase, you must use two single quotation marks together for each single quotation mark, as in PHRASE('This is a
''quoted'' secret').
Severity:
12
Password phrase must be enclosed in single quotes.
CKG746I
Explanation:
A password phrase can have at most
maximum characters.
Severity:
12
Password phrase has more than
maximum characters.
CKG747I Password phrase has fewer than
minimum characters
Explanation:
A password phrase must have at least
minimum characters.
Severity:
12
CKG748I UNDEF parameter must be
'(NODE_NAME.USERID)'
Explanation:
The UNDEF parameter of a USER userid
RACLINK UNDEF command was followed by something other than (node.id). Note that there must be no spaces in UNDEF(node.id). There must be a dot (.) between node node and user id.
Severity:
12
CKG749I CKGRACF command only allowed with
NODE()
Explanation:
Within a CKGRACF CMD command, a nested CKGRACF command is allowed only in order to send it to another zSecure node. The NODE(node) option of the CKGRACF CMD command is required for this purpose.
Severity:
12
80
Messages Guide
CKG834I..CKG836I • CKG905I
Messages from 800 to 899
CKG834I..CKG836I
message
Explanation:
These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support.
Severity:
0
CKG837I IDENTIFY RC=
n for CKGSRVIN at
address
Explanation:
This message indicates a failure of the
IDENTIFY service to establish the indicated module name at the indicated address.
User response:
See the MVS documentation about the
IDENTIFY service.
Severity:
12
CKG841I Severe SRVIN error PC RC=
n - issuing
user abend 841
Explanation:
While reading from a remote node, an error condition was returned by the Program Call interface of the server.
User response:
Verify that the server is active, then restart the server and try again.
Severity:
16
CKG842I SPECPROC returned length out of range
R0=
xxxxxxx - issuing user abend 842
Explanation:
This message indicates that one of the internal interfaces related to the zSecure Server received an unexpected length and issued an abend.
User response:
Look for the message on the IBM support site. If no solution is posted, collect SYSPRINT on both the local and remote sides and contact IBM
Software Support.
Severity:
16
CKG851I Local CKNSERVE server no longer available (user abend 214 (x'0D6'))
Messages from 900 to 999
CKG904I Unconditional access is required to read from file
file vol dsn(member)
Explanation:
A data set to which only conditional
(PADS) access was granted was requested for SYSIN input. Unconditional read access is needed to read this type of data. The data set is not processed.
Severity:
12
Explanation:
A program call to the zSecure Server program was attempted while it was performing a termination sequence.
User response:
No action is required. If you need assistance about this message, contact IBM Software
Support.
Severity:
00
CKG874I RECFM=V(BS) RDW
hex exceeds
LRECL=
lrecl at record n ddname volser
dsname
Explanation:
This message indicates invalid record contents for a RECFM=V(B)(S) data set. The record descriptor word does not match the DCB parameters.
The Record Descriptor Word (RDW) is shown in hexadecimal. The first 2 bytes are the record length including the RDW. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
CKG875I RECFM=V(BS) BDW
hex exceeds
BLKSIZE=
blksize at record n ddname
volser dsname
Explanation:
This message indicates invalid block contents for a RECFM=V(B)(S) data set. The block descriptor word does not match the DCB parameters.
The Block Descriptor Word (BDW) is shown in hexadecimal. The first 2 bytes are the block length including the BDW, unless the high order bit is on, in which case it can be a large block 4 byte length. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
CKG905I
Explanation:
An imbed statement was present referring to a PDS(E) data set, but the member to be read from that data set was not specified. Add the correct member to the imbed statement and resubmit the query.
Severity:
12
A member name is required to read from file
ddname data set dsn
Chapter 3. CKG messages
81
CKG907I • CKG947I
CKG907I DYNALLOC trace: SVC 99 return code
nn - meaning
Explanation:
This message is issued because of a failed SVC99 where DAIRFAIL did not return a message text. It has continuation lines detailing the individual text units contents after SVC 99
(DYNALLOC) completion.
Severity:
00
CKG915I
Explanation:
This message indicates that a BPX1WRV call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the
IBM Unix System Services manual to look up other return and reason codes.
Severity:
16
UNIX write record
nn failed RC nn
[meaning] reason
qqqq rrrrx [meaning] file
ddname path
CKG919I Record with negative length
length
directed to
ddname behind record recno
Explanation:
An invalid record was passed to the output routine. An empty record has been written instead. Contact IBM Software Support.
Severity:
24
CKG931I
proc: Buffer overrun - destinationlength
sourcelength: data
Explanation:
A buffer overrun occurred in the format procedure proc. This message will be followed by a user
ABEND 931. Contact IBM Software Support.
Severity:
24
CKG934I Value
value too large
Explanation:
This message indicates that the input parser received a numerical value that was too large.
The maximum value that can be processed by the input parser is 2147483647.
Severity:
12
CKG938I Repeated ATTN, enter C(ont)
T(erminate) or A(bend) -
Explanation:
This interactive prompt offers the option to terminate or abend the program after a repeated attention.
CKG939I Terminated due to repeated attention
Explanation:
Message written if T was selected at the
CKR938I prompt.
Severity:
16
CKG942I Environment mismatch for product code
code
Explanation:
This message indicates that while code for the product code identified was installed, it is not running in its proper environment. For instance, some product codes are limited to UNIX tasks under z/OS, some to non-UNIX tasks under z/OS, and some to z/VM.
Severity:
00
CKG944I UNIX
type close RC nn [meaning] reason
qqq rrrr x [meaning] file ddname path
Explanation:
This message indicates that a BPX1CLO call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the
IBM Unix System Services manual to look up other return and reason codes.
The type can be 'wronly' or 'rdonly'.
Severity:
16
CKG945I UNIX
action failed RC nn [meaning]
reason
qqq rrrr x [meaning] file ddname
path
Explanation:
This message indicates that a BPX1OPN or BPX1FCT call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to look up other return and reason codes. The
action can be 'wronly open', 'fcntl filetag', or 'rdonly open'.
Severity:
16
CKG947I Reading filedesc
off failed RC nn
[
meaning] reason qqqq rrrr x [meaning] file
ddname path
Explanation:
This message indicates that a BPX1RED
(UNIX read) call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services
82
Messages Guide
CKG948I • CKG962I
manual to look up other return and reason codes.
Severity:
16
CKG948I Enablement information corrupt for product code
code
Explanation:
This message shows a problem with product installation or entitlement.
User response:
Contact your system programmer to verify successful installation.
Severity:
16
CKG949I Product code
code installed and non-APF
registration limit exceeded
Explanation:
This message is issued in response to
DEBUG LICENSE for products that are installed but cannot be registered because the MVS limit for product registration by non-APF programs has been exceeded.
User response:
CKGRACF should run authorized.
Severity:
00
CKG950I Code not installed here for product code
code
Explanation:
This indicates that you are attempting to run functionality for a product that is not installed here.
Severity:
16
CKG951I
Explanation:
This message indicates a failure to load a module and the reason. Abend 806 means the module could not be found. Abend 306 may mean that a controlled environment was present and the module to be loaded was not program controlled.
Severity:
08
system abend
code (desc) trying to load
module
modulett
CKG955I
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
program task heap STORAGE REQUEST
ERROR: SIZE NOT POSITIVE
CKG962A Command terminated by attention
Explanation:
This message is issued by the command-execution module, and indicates a command was terminated by pressing the ATTN key.
Severity:
10
CKG962B Command not supported in background
Explanation:
This message is issued by the command-execution module and indicates a command could not be executed through the TSO service facility.
This can be caused, for example, by not including
CKGRACF in the TSO authorized command list
(AUTHCMD) in PARMLIB member IKJTSOxx. You can activate changes to this member without an IPL by using the TSO PARMLIB command. For more information on the PARMLIB command, see the TSO/E
System Programming Command Reference.
Severity:
16
CKG962C Command failed
abend code
Explanation:
This message is issued by the command-execution module, and indicates a command ended abnormally with the indicated abend code.
Severity:
12
CKG962E Not running in a TSO/E environment
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because command environment was not TSO/E.
Severity:
16
CKG962F Command failed, return code
code
(decimal)
Explanation:
This message is issued by the command-execution module. It indicates a command was unsuccessful and returned the indicated result code.
If the message preceding this message is CKG740I, see the explanation of CKG740I. For all other situations, determine the command that was run and check the appropriate manual for possible return codes. For
RACF commands, possible return codes are documented in the RACF Command Language Reference.
Severity:
08
CKG962I IKJTSOEV module not found
Explanation:
An attempt was made to establish a TSO environment, but the TSO environment initialization routine IKJTSOEV could not be found. Normally
IKJTSOEV is in the link list. This will cause return code
20 when encountered as part of an attempt to execute a
TSO command, and otherwise 8.
Severity:
08
Chapter 3. CKG messages
83
CKG962 • CKG962W
CKG962 IKJTSOEV return code
xx reason code
yy service reason code zz (decimal)
Explanation:
This will cause return code 20 when encountered as part of an attempt to execute a TSO command.
Severity:
08
CKG962
Explanation:
This will cause return code 20 when encountered as part of an attempt to execute a RACF or
CMS command.
Severity:
08
SVC 220 return code
hh (hex) on
command
CKG962L Command could not be found in an authorized library.
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the
CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the link list, or was not found in an
APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized.
Severity:
16
CKG962M Command may have failed, return code
n
Explanation:
This message indicates that a command returned a nonzero return code less than or equal to 4.
This message causes a minimum return code of 4. It depends on the command whether this is a partial failure or a warning.
Severity:
04
CKG962N Command not allowed from APF mode -
command
Explanation:
This message is issued by the command-execution module, and indicates that the indicated command is not in the TSO AUTHCMD list and also not in a built-in list of safe commands to be called from an APF authorized program. If the command was requested by yourself, try running it under IKJEFT01 or without APF authorization. If this message is in response to a built-in function, contact
IBM Software Support.
Severity:
16
CKG962O Command has flushed TSO stack relogon required to close output trap file
Explanation:
This message is issued by the command-execution module. Generally this means that subsequent command output is not written to the
CKGPRINT file. It might be lost or shown in line mode after leaving CKGRACF. Depending on the z/OS release, it might be sufficient to leave and reenter ISPF to restore normal behavior. In the worst case, a relogon is required.
Severity:
00
CKG962P CLIST processing through % not supported
Explanation:
This message is issued by the command-execution module. It indicates an attempt to run an CLIST using the % operator. Execution of
CLISTs is not supported.
Severity:
16
CKG962S
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed. The command returned the indicated error code and reason code.
Severity:
16
IKJEFTSR fails return code
error reason
code
reason
CKG962T Command failed, ATTACH rc
rc
(decimal)
Explanation:
This message is issued by the command-execution module, and indicates failure to attach a TSO command.
Severity:
16
CKG962U Unauthorized functions cannot be invoked from an authorized environment
Explanation:
This message should not occur. Contact
IBM Software Support.
Severity:
16
CKG962W Command not found
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the
CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the link list, or was not found in an
APF-authorized STEPLIB. Check whether the library
84
Messages Guide
CKG962X • CKG976I
containing CKGRACF is APF-authorized.
Severity:
16
CKG962X Syntax error in the command name
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because the name was not syntactically correct.
Severity:
16
CKG963I Ambiguous name "
value"
Explanation:
This message indicates an ambiguous abbreviation was entered, i.e. two or more keywords could be indicated by the abbreviated value. Specify the keyword intended in more detail.
Severity:
12
CKG968I IFAEDDRG failed RC
nn decimal
Explanation:
This message indicates that an attempt to register a previously registered product failed.
User response:
Contact IBM Software Support.
Severity:
16
CKG969I I/O error for
dsn: description
Explanation:
This message indicates that an I/O error occurred during normal QSAM or BSAM input processing for dsn. Operation will be continued, but an abend or other error message may follow because of the information missing due to the I/O error.
Severity:
08
CKG970I
program task heap FREE STORAGE
ERROR:
message
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
CKG971I Maximum length for this
field is len at
file line n
Explanation:
The input contains a multiple-line string that is too long. Multiple-line strings (print titles or quoted strings) have a maximum size len that was exceeded.
Severity:
12
CKG972I Enablement information missing for
product
Explanation:
This message indicates that the product cannot run because the load module is not complete.
User response:
Contact your system programmer to complete installation of the product.
Severity:
16
CKG973I IBM Security product code
code disabled
or not installed
Explanation:
This indicates that you are attempting to run functionality for a product that is not installed here, or it is disabled for this system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKG974I IBM Security
product disabled or not
installed here for requested focus
Explanation:
Either the product is not installed here, or the requested focus is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKG975I
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
IBM Security
product disabled or not
installed
CKG976I Code or enablement for product code
code is missing
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
Chapter 3. CKG messages
85
CKG976 • CKG987I
CKG976 IBM Security
product or feature disabled
or not installed here
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKG977I Installed PRODUCT OWNER('IBM
CORP') ID(
id) NAME('name')
FEATURE('
feature') VER(version)
REL(
release) MOD(modification)
[ Product
action RC rc decimal ]
Explanation:
This message is issued in response to
DEBUG LICENSE for products that are installed. The
action can be "registration" or "status." The return code is for IFAEDREG or IFAEDSTA, respectively, which are documented in MVS Programming: Product Registration.
No continuation line is shown if product registration does not apply (for example, because of CKG979I).
Severity:
00
CKG978I Product code
code has been disabled in
PARMLIB
Explanation:
This message is issued in response to
DEBUG LICENSE for products that have been disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name by an entry in
IFAPRDxx in your z/OS PARMLIB.
User response:
Run the product somewhere else, or ask your system programmer for enablement.
Severity:
00
CKG979I Product code
code implied by other
Explanation:
This message is issued in response to
DEBUG LICENSE for products that are not being registered because their entitlement is implied by a more encompassing entitlement.
Severity:
00
CKG981I Invalid
type "value"
Explanation:
This message indicates that the text value is not a valid value in the context type.
Severity:
12
CKG982I Internal error: unknown error code at
ddname line number
Explanation:
The input parser error routine encountered an invalid error code. Contact IBM
Software Support.
Severity:
24
CKG983I
Explanation:
This message indicates that the input parser expected a list separator or terminator for the current list of the indicated type (this can for instance be a comma, blank, or end-of-line, depending on the context). Instead, it encountered the indicated token type type (and text value, if available). The input parser skips all input until it encounters a valid list separator or terminator for the current list.
Severity:
12
Expecting
typ1 list separator/terminator
instead of
type "value" at ddname line
number
CKG984I
Explanation:
This message indicates that the input parser expected a list element of the specified type, but found a token of a type not supported as a list element in this context. If available, the offending text value is also listed in the message. The input parser skips all input until it encounters a valid list separator or terminator for the current list.
Severity:
12
Invalid
type list element type type "value"
at
ddname line number
CKG985I
Explanation:
This message indicates that the input parser detected a missing required parameter or element in the list at the indicated line.
Severity:
12
Required list element/parameter "
value"
missing at
ddname line number
CKG986I Duplicate parameter
value at ddname line
number
Explanation:
This message indicates that the input parser detected a duplicate occurrence of the parameter or list element value at the indicated line.
Severity:
12
CKG987I Syntax error:
type1 expected instead of
type2at "value" on ddname line number
Explanation:
This message indicates that the input parser expected a specific token type type1 in the current context. Instead of this, it found the token type
type2 (at the text value, if available) on the indicated input line.
86
Messages Guide
CKG988I • CKG999I
Severity:
12
CKG988I Syntax error: "
c" expected instead of
typeat "value" on ddname line number
Explanation:
This message indicates that the input parser expected a specific character "c" (presumably a delimiter) in the current context. Instead of this, it found the token type type (at the text value, if available) on the indicated input line.
Severity:
12
CKG989I Unexpected type ["
value"] [for element] at
ddname line number
CKG989 Skipping to EOL at unexpected
type
["
value"] at ddname line number
Explanation:
This message indicates that the input parser expected one of a number of specific token types, but found a different token type instead. If available, the offending text value and the element for which it is read are also listed in the message. The parser will either continue with the next token, or skip directly to the end of the line.
Severity:
12
CKG991I ESTAE return code
rc
Explanation:
This message indicates that the program failed to establish an abend exit linkage.
Severity:
04
CKG993I DIAGNOSTIC DUMP SUPPRESSED
FOR
program TASK taskname type
ABEND
xxx
Explanation:
This message indicates that the program abend exit did not attempt to make a diagnostic summary dump. This is done to prevent recursive abend conditions involving the print file. The task name is PROGRAM for the main task or for the only task in a program. For a multi-tasking program,
program might identify one of the subtasks.
CKG994I Last record truncated by end-of-file
ddname
Explanation:
This message indicates that end-of-file was reached for a RECFM=VBS input file in the middle of a multi-segment record.
Severity:
16
CKG995I LRECL INVALID; NOT OVERRULED
BECAUSE PARTITIONED
Explanation:
This message indicates that the print file open routine detected an invalid record length for the output file. This would have been overruled with a correct length for a Physical Sequential data set, but this is not done for Partitioned data sets to prevent making any existing PDS members inaccessible.
Subsequent 013 or 002 abends may be caused by the invalid record length.
CKG996I MFREE: NO LENGTH FOUND IN
BLOCK FOR STACK
name
Explanation:
This message indicates an internal stack error. It will be followed by a user ABEND 16. Contact
IBM Software Support.
Severity:
04
CKG997I STACK ERROR - ELEMENT POPPED
IS NOT ON TOP OF STACK
name
Explanation:
This message indicates an internal stack error. It will be followed by a user ABEND 16. Contact
IBM Software Support.
Severity:
16
CKG998I STACK OVERFLOW FOR STACK
tasklevel stackname IN program
Explanation:
This message indicates an internal stack error. It is followed by a user abend 16. Contact IBM
Software Support.
Severity:
16
CKG999I
Explanation:
This message indicates that the program needs more storage. It is followed by a user abend 16.
If the heap name is LOWHEAP or SYSSTACK, then the request is for storage below the 16MB line. If the name is MAINHEAP, then the request is for storage anywhere. Increase the region (for a batch job) or SIZE
(for a TSO command) and try again.
Severity:
16
STORAGE SHORTAGE FOR TASK
taskname HEAP heapname IN program -
INCREASE REGION
Chapter 3. CKG messages
87
88
Messages Guide
Chapter 4. CKN messages
This chapter describes messages that are issued by the CKNSERVE program. The
CKNSERVE program is the zSecure Server. zSecure Servers (usually one per system) form a network of peer nodes that can remotely fill requests from
CKRCARLA, CKX, and CKGRACF.
E
S
The following severity level codes are used by the CKNSERVE program:
I
W
Informational message.
Warning message. The task continues, but an error occurred.
Error message. The task may end immediately, or may attempt to continue.
Severe error message.
A
Action message. Operator action is needed to correct the situation.
The CKN message numbers are grouped according to these categories:
100-399
400-499
500-599
600-699
700-799
800-899
900-999
Normal message, giving status or summary information.
Debugging messages due to a DEBUG command
Normal message, giving status or summary information.
Error condition during execution.
Error during the parsing of input, before any command is executed.
Messages issued by architectural subcomponents.
Messages issued by architectural subcomponents.
08
12
16
20
24
The general meaning of the CKNSERVE severity codes and hence of the completion code is as follows:
00
04
Normal message, giving status or summary information.
Warning: a condition occurred which may cause the command to have an unexpected effect.
Error condition found during processing.
Syntax error in command input, or an invalid format of USR data.
Entitlement problem or invalid or unsupported files.
Unsupported condition found or installation error.
Internal error or other unexpected and unsupported condition in
CKNSERVE was detected.
Messages from 0 to 99
CKN000I
Explanation:
This message indicates the local hostname that is returned from the gethostname service. This can be of interest if the server is not using the ZSECSYS configuration statement you expect.
Severity:
00
Local hostname obtained from gethostname is
HOSTNAME
© Copyright IBM Corp. 1998, 2015
CKN001I BPX1HST gethostname failed
unix error
Explanation:
This message indicates the server failed to obtain the local hostname. The zSecure Server cannot operate without one.
User response:
Check the TCP/IP configuration.
Ensure there is a global default or connect a
TCPIPDATA file. If either of these is specified, see the
89
CKN002I • CKN011I
UNIX System Services Messages and Codes manual for guidance.
Severity:
12
CKN002I BPX1GAI getaddrinfo for hostname failed
unix error
Explanation:
This message indicates the server failed to obtain the canonical domain name. The zSecure
Server cannot operate without one.
User response:
Check the TCP/IP configuration.
Ensure there is a global default or connect a
TCPIPDATA file. If either of these is specified, see the
UNIX System Services Messages and Codes manual for guidance.
Severity:
12
CKN003I Canonical domain name is
DNAMNAME
Explanation:
This message indicates the canonical domain returned by the getaddrinfo service. This can be of interest if the server is not using the ZSECSYS configuration statement you expect. If you do not specify an OPTION OWNSYS in the CKNIN input file, the server selects the first ZSECSYS that matches this name in its IPADDR parameter.
Severity:
00
CKN004I BPX1SOC
system TCP socket family
ai_family abend
Explanation:
This message indicates a failure to obtain a socket of the indicated family type. The preferred type is 19 (AF_INIT6), but if that is inactive, fallback to family 2 (AF_INET) is expected. The use of any other family number is a software defect. The system is either a ZSECSYS name or the word "Server."
User response:
See z/OS MVS System Codes to determine the cause and actions.
Severity:
12
CKN005I BPX1SOC
system TCP socket failed -
unix error family ai_family socktype
ai_socktype
Explanation:
This message indicates a failure to obtain a socket of the indicated family type. The preferred type is 19 (AF_INIT6), but if that is inactive, fallback to family 2 (AF_INET) is expected. The use of any other family number is a software defect. The system is either a ZSECSYS name or the word "Server."
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
12
CKN006I
Explanation:
This informational message indicates for which system a specific socket descriptor number was established. You can use it to link subsequent error messages involving socket numbers to a specific system. The system is either a ZSECSYS name or the word "Server."
Severity:
00
system TCP socket family ai_family
established stream socket
SOCKDESC
CKN007I BPX1BND bind call for port
PORT
socket
SOCKDESC abend
Explanation:
This message indicates that an abend occurred during a bind call to establish a listener on the indicated port on the indicated socket.
User response:
See z/OS MVS System Codes to determine the cause and actions.
Severity:
12
CKN008I BPX1BND bind call for port
PORT
socket
SOCKDESC failed unix error
Explanation:
This message indicates that a UNIX error occurred during a bind call to establish a listener on the indicated port on the indicated socket.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
12
CKN009I
Explanation:
This message documents which socket number is used to listen to the indicated port number.
Severity:
00
Server socket
SOCKDESC bound to port
PORT
CKN010I BPX1LSN listen on socket
SOCKDESC abend
Explanation:
This message indicates that an abend occurred during a listen call on the indicated socket.
User response:
See z/OS MVS System Codes to determine the cause and actions.
Severity:
12
CKN011I BPX1LSN listen failed on socket
SOCKDESC unix error
Explanation:
This message indicates that a UNIX error occurred during a listen call on the indicated socket.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
12
90
Messages Guide
CKN012I Server now listening on socket
SOCKDESC to port PORT with max
queue depth
BACKLOG
Explanation:
This message indicates that the server is now listening to the indicated port using the indicated socket number.
Severity:
00
CKN013I BPX1AIO accept on socket
SOCKDESC abend
Explanation:
This message indicates that an abend occurred during an asyncio accept call on the indicated socket.
User response:
See z/OS MVS System Codes to determine the cause and actions.
Severity:
12
CKN014I BPX1AIO accept failed on socket
SOCKDESC unix error
Explanation:
This message indicates that a UNIX error occurred during an asyncio accept call on the indicated socket.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
12
CKN015I CKNCOMR unknown WKQRTYPE=
xx
on WKQR
address
Explanation:
This message indicates that the communication task received an unknown request type.
User response:
Determine if this is a known problem with a specified fix. If so, apply the fix. If not, contact
IBM Software Support.
Severity:
16
CKN016I BPX1AIO connect on socket
SOCKET abend
Explanation:
This message indicates that an abend occurred during an asyncio connect call on the indicated socket.
User response:
See z/OS MVS System Codes to determine the cause and actions.
Severity:
12
CKN017I BPX1AIO connect failed on socket
SOCKET unix error port PORT of
IPADDRESS
Explanation:
This message indicates that a UNIX error occurred during an asyncio connect call on the indicated socket for the indicated port and IP address.
CKN012I • CKN022I
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
12
CKN018I BPX1AIO receive on socket
SOCKDESC abend
Explanation:
This message indicates that an abend occurred during an asyncio receive call on the indicated socket.
User response:
See z/OS MVS System Codes to determine the cause and actions.
Severity:
12
CKN019I BPX1AIO receive failed on socket
SOCKDESC unix error
Explanation:
This message indicates that a UNIX error occurred during an asyncio receive call on the indicated socket.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
12
CKN020I BPX1AIO send
number byte TYPE msg
on socket
SOCKDESC abend
Explanation:
This message indicates that an abend occurred during an asyncio send call on the indicated socket for the indicated message type.
User response:
See z/OS MVS System Codes to determine the cause and actions.
Severity:
12
CKN021I BPX1AIO send
NUMBER byte TYPE
msg failed on socket
SOCKDESC unix error
Explanation:
This message indicates that a UNIX error occurred during an asyncio send call on the indicated socket for the indicated message type.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
12
CKN022I Send failed on socket
SOCKDESC unix
error , closing socket
Explanation:
This error might be caused by a firewall action blocking the communication link from this server to the peer server. If the peer server is the managing node and this server is the managed node and the connection is successful, this is not necessarily a problem. If it is a problem, you must configure one or more of the firewalls to at least allow the connection to
Chapter 4. CKN messages
91
CKN023I • CKN030I
be established in one direction, from managing node to managed node.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
04
CKN023I Send failed because socket
SOCKDESC
closed
Explanation:
This message indicates the socket was closed before a scheduled send action was ready. This might be caused by a server shutting down, or by a firewall terminating a connection.
User response:
If neither the local nor the remote server was shutting down, verify the configuration members for errors relating to the node this socket was connected to, and verify that the connection path is still working,
Severity:
08
CKN024I Receive failed on socket
SOCKDESC unix error
Explanation:
This message indicates that a UNIX error occurred during a send call on the indicated socket.
This might be caused by a firewall action in the path and is not a problem if a connection the other way still exists, or if there is no client that needs the connection.
User response:
If there is not a problem with a client, ignore the message. If a client needs to be active, see your UNIX system codes book and follow its guidance.
Severity:
04
CKN025I Receive failed because socket
SOCKDESC closed
Explanation:
This message indicates the socket was closed before a scheduled receive action was ready.
This might be caused by a server shutting down, or by a firewall terminating a connection.
User response:
If neither the local nor the remote server was shutting down, verify the configuration members for errors relating to the node this socket was connected to, and verify the connection path is still working.
Severity:
08
CKN026I Negative message length field
hexnum
received on socket
SOCKDESC
Explanation:
This message indicates a protocol error.
Presumably the server was contacted by a service that uses a different protocol.
User response:
Determine who is connected on the indicated socket and verify it has the right port number configured for what it is trying to do.
92
Messages Guide
Severity:
08
CKN027I Unknown message id
TYPE received on
socket
SOCKDESC starts "string"
Explanation:
This message indicates a protocol version error. Presumably the server is contacted by a newer zSecure Server that is not compatible with the version of the current server.
User response:
Determine who is connected on this socket and verify it has the right port number configured for what it is trying to do.
Severity:
08
CKN028I Unsupported
TYPE level xx instead of
xx received on socket SOCKDESC
Explanation:
This message indicates a protocol version error. Presumably the server is contacted by a newer zSecure Server that is not compatible with the version of the current server.
User response:
Ensure that all configured servers are on compatible levels. For example, follow a more gradual upgrade path.
Severity:
08
CKN029I Unexpected
TYPE length length found
instead of
length expected received on
socket
SOCKDESC
Explanation:
This message indicates a protocol error.
Presumably the server is contacted by a service that uses a different protocol.
User response:
Determine who is connected on this socket and verify that it has the right port number configured for what it is trying to do. If it is a zSecure
Server, verify that the version is compatible. If the version is documented as compatible, look for a problem solution for this message ID on the support web site. If you cannot find a solution, contact IBM
Software Support.
Severity:
08
CKN030I CKNRMSG called with invalid message id
type len length for socket SOCKDESC
Explanation:
This message indicates a software problem.
User response:
Save the server CKNPRINT output.
Search for the message ID on the IBM support web site.
If you cannot find a solution, contact IBM Software
Support.
Severity:
24
CKN031I BPX1CLO failed close socket
sockdesc unix error
Explanation:
This message documents a problem that occurred during the close of a socket.
User response:
See the UNIX System Services Messages
and Codes manual and follow its guidance.
Severity:
04
CKN032I BPX1FAI freeaddrinfo for domain failed
unix error
Explanation:
This message indicates that a UNIX error occurred during a freeaddrinfo call. Probably there is no impact on the server operation.
User response:
Save the CKNPRINT file and contact
IBM Software Support.
Severity:
12
CKN033I BPX1GAI getaddrinfo
ZSECSYS failed
unix error for IPADDR
Explanation:
This message indicates that a UNIX error occurred during a getaddrinfo call for the indicated IP address.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
08
CKN034I ZSECSYS
ZSECSYS getaddrinfo resolves
IPADDR to NUMIP
Explanation:
This informational message shows which
IP address will be used to attempt to connect to the indicated ZSECSYS.
Severity:
00
CKN035I CKNCLNR unknown WKQRTYPE=
xx
on WKQR
address
Explanation:
This message indicates that the communication task received an unknown request type.
User response:
Determine if this is a known problem with a specified fix. If so, apply the fix. If not, contact
IBM Software Support.
Severity:
16
CKN036I Connect to
zsecsys failed on socket
SOCKDESC unix error
Explanation:
This message indicates that a connect call to the specified server failed. The server configuration file might not be accurate, a required network link might be down, or the remote server might not be active.
CKN031I • CKN041I
User response:
Determine if the remote server is active and restart it if it is not. See your UNIX system codes book for more information on the error.
Severity:
12
CKN037I Attempt to connect from zsecsys=
ZSECSYS zsecnode=ZSECNODE
smfid=
name but not defined in
configuration file
Explanation:
This message indicates that the local server was contacted by the specified remote server, but the server is not defined in the server configuration file.
User response:
If you want the remote server to connect, update the server configuration. Otherwise, research who mimics a remote server because the connection attempt might constitute an attack.
Severity:
08
CKN038I IPADDR connected to is zsecsys=
ZSECSYS zsecnode=ZSECNODE
smfid=
name but not SYSNAME/
ZSYSNODE as defined in configuration
file
Explanation:
This message indicates that the local server is contacting a remote server but the connection returns a different name than the name defined in the local server configuration file.
User response:
Verify that this connection is intended to work. If so, change one or both of the configuration files.
Severity:
08
CKN040I Duplicate ZSECNODE
NAME(
ZSECNODE) definition
Explanation:
This message indicates an error in the server configuration file; a ZSECNODE is defined multiple times.
User response:
Change or delete one of the node definitions.
Severity:
12
CKN041I Duplicate ZSECSYS NAME(
ZSECSYS)
definition
Explanation:
This message indicates an error in the server configuration file; a ZSECSYS name is defined multiple times. A ZSECSYS name must be unique.
User response:
Change or delete one of the system definitions.
Severity:
12
Chapter 4. CKN messages
93
CKN042I • CKN054I
CKN042I NO ZSECNODE NAME(
ZSECSYS)
defined
Explanation:
This message is issued if a ZSECSYS statement refers to an as yet undefined ZSECNODE.
You must define a ZSECNODE before you define the
ZSECSYS statement that refers to it.
User response:
Move or add a ZSECNODE statement, or correct a mistake in the node name.
Severity:
12
CKN044I
Explanation:
The server configuration file must contain ZSECNODE and ZSECSYS statements. A valid
ZSECSYS statement was not found.
User response:
Create a valid server configuration file.
Severity:
12
No valid ZSECSYS defined in parameters
CKN045I ZSECSYS statement missing for
ZSECSYS specified on OPTION
OWNSYS
Explanation:
A ZSECSYS statement was found missing, or the OPTION OWNSYS contains a mistake.
User response:
Correct the server conguration file so that OWNSYS refers to a defined ZSECSYS.
Severity:
12
CKN046I IPADDR for own ZSECSYS differs from domain name
Explanation:
This message indicates the canonical name for the current system does not match the
IPADDR on the SECSYS statement for the system on
OPTION OWNSYS. This mismatch might cause remote systems to fail to connect to the current system.
User response:
Verify the DNS name for the current system name and update the configuration file.
Severity:
04
CKN047I Port number
IPPORT not possible, must
be in range 1..65535
Explanation:
The IP port specification is not valid. The number must be between 1 and 65535.
User response:
Correct the IPPORT specification.
Severity:
12
CKN048I Message number to be suppressed must be in range 0...999
Explanation:
An OPTION MSGSUP specification contains a message number that is not valid. The number must be between 0 and 999.
User response:
Correct the MSGSUP specification.
Severity:
12
CKN050I Server requires z/OS 1.9 or higher
Explanation:
This message indicates that the zSecure
Server is not running on a supported z/OS release.
Note that this message is suppressible but running zSecure Server this way is not supported.
User response:
Upgrade the z/OS release to a supported release if you need to use the zSecure Server on this system.
Severity:
16
CKN051I Server must run APF authorized
Explanation:
The server needs APF authorization to set up client communication and get RACF information. Note that this message is suppressible but running without APF authorization has very limited functionality as a non-client endpoint server, and is not supported.
User response:
Add the load library to the APF list.
Severity:
16
CKN052I Server with servertoken
SERVERTOKEN
seems to be active already
Explanation:
This message indicates that a server is already running and using the indicated server token.
That is not supported; only one server can be active per system at any time with a specific server token.
User response:
Change the server token if you intend to start a parallel server on the same system. Stop the first server instance if you intend to restart the server.
Severity:
16
CKN054I Unexpected IEANTRT return code
rc
Explanation:
This message lists an unexpected return code from the z/OS name token request service.
User response:
Try to restart the server. If the problem persists, see the IEANTRT return code documentation and follow its guidance. If you cannot resolve the problem, check whether this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM
Software Support.
Severity:
16
94
Messages Guide
CKN055I Servertoken
token is defined for an
incompatible version
version this server
uses
version
Explanation:
This message documents that a server token was found with an incompatible version.
User response:
Use a different server token or use a different version of the client software.
Severity:
16
CKN056I CKNSERVE first start after IPL with servertoken
token
Explanation:
This message documents that a new name token was added to the system for the indicated server token.
Severity:
00
CKN057I SYSEVENT DONTSWAP failed, return code
rc
Explanation:
This message lists an unexpected return code from the SYSEVENT DONTSWAP call.
User response:
Try to restart the server. If the problem persists, see the SYSEVENT return code documentation and follow its guidance.
Severity:
16
CKN058I Using existing LX
heXLX from
servertoken
Explanation:
This informational progress message documents which Linkage Index is being reused by the server.
Severity:
00
CKN059I Obtaining new LX
Explanation:
This informational progress message documents that a Linkage Index is needed by the server.
Severity:
00
CKN060I Obtained new LX
hex lx
Explanation:
This informational progress message documents which new Linkage Index was acquired by the server.
Severity:
00
CKN061I IDENTIFY RC=
decrc for CKNSVPC at
address
Explanation:
This message lists an unexpected return code from the IDENTIFY call.
User response:
Try to restart the server. If the problem
CKN055I • CKN067I
persists, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM
Software Support.
Severity:
08
CKN062I Obtaining new ET
Explanation:
This informational progress message documents that an Entry Table is needed by the server.
Severity:
00
CKN063I Obtained new ET with token
TOKEN
Explanation:
This informational progress message documents which new Entry Table token was acquired by the server.
Severity:
00
CKN064I Address spaces now connected to ET
Explanation:
This informational progress message documents that clients can now connect to the server though the Program Call.
Severity:
00
CKN065I Unexpected IEANTCR return code
decrc
creating
NAMETOKEN
Explanation:
This message lists an unexpected return code from the z/OS name token create service that occurred while trying to create a persistent server name token.
User response:
Try to restart the server. If the problem persists, see the IEANTCR return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM
Software Support.
Severity:
16
CKN066I Persistent server name token
NAMETOKEN created successfully
Explanation:
This informational progress message documents which persistent name token was created.
Severity:
00
CKN067I Unexpected IEANTCR return code
decrc
creating
NAMETOKEN
Explanation:
This message lists an unexpected return code from the z/OS name token create service that occurred while trying to cerate a nonpersistent server name token.
User response:
Try to restart the server. If the problem persists, see the IEANTCR return code documentation
Chapter 4. CKN messages
95
CKN068I • CKN084I
and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM
Software Support.
Severity:
16
CKN068I Non-persistent server name token
NAMETOKEN created successfully
Explanation:
This informational progress message documents which nonpersistent name token was created.
Severity:
00
CKN069I Removing Entry Table
Explanation:
This informational progress message documents that the server is attempting to remove an
Entry Table.
Severity:
00
CKN070I Entry Table removed while connections existed
Explanation:
This informational progress message documents that the server removed an Entry Table, but connections are still active. This might, for instance, cause 0D6 abends in clients.
Severity:
00
CKN072I Entry Table removed succesfully
Explanation:
This informational progress message documents that the server removed an Entry Table, and no connections were active.
Severity:
00
CKN073I SYSEVENT OKSWAP failed, return code
decrc
Explanation:
This message lists an unexpected return code from the SYSEVENT OKSWAP call. There might be no impact on the server.
User response:
Try to restart the server and see if the error occurs again.
Severity:
04
CKN080I Problem copying to
address1 len length1
at
address2 writing address3 len length2
from
address4 - abend
Explanation:
This message indicates that the PC call made by the server was passed a buffer address or length that was not valid.
User response:
Fix the calling problem or, if the caller is IBM software, look for the message ID on the support web site.
Severity:
08
CKN081I Invalid PLIST pointer passed
address -
abend
Explanation:
This message indicates that the PC call made by the server was passed a parameter list address that was not valid.
User response:
Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site.
Severity:
08
CKN082I Invalid BUFLEN pointer passed
address -
abend
Explanation:
This message indicates that the PC call made by the server was passed a buffer length address that was not valid.
User response:
Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site.
Severity:
08
CKN083I
Explanation:
This message indicates that the PC call made by the server was passed a token address that was not valid.
User response:
Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site.
Severity:
08
Invalid token pointer passed
address -
abend
CKN084I Invalid or expired token passed
address
cbid from jobname ASID asid user userid
Explanation:
This message indicates that the server does not know the token passed in a PC call. In rare cases this can occur if a server is restarted while a client is operating. It can also occur by sending a client end request and then sending another request like a remote file close.
User response:
If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site.
Severity:
08
96
Messages Guide
CKN085I Expired token passed
old client number
now
new client number from jobname
ASID
asid user userid
Explanation:
This message indicates that the server does not know the token passed in a PC call. In rare cases this can occur if a server is restarted while a client is operating.
User response:
If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site.
Severity:
08
CKN086I Token passed belongs to job
jobname
ASID
asid user userid; caller is jobname
ASID
asid user userid
Explanation:
This message indicates that the server was passed a client number in a PC call that belongs to another client. In rare cases this can occur if a server is restarted while a client is operating.
User response:
If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site.
Severity:
08
CKN087I Invalid token passed
address - abend from
jobname ASID asid user userid
Explanation:
This message indicates that the server does not know the token passed in a PC call. In rare cases this can occur if a server is restarted while a client is operating. It can also occur by sending a client end request and then sending another request like a remote file close.
User response:
If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site
Severity:
08
CKN088I No userid found, cannot identify
Explanation:
This message indicates that the server cannot identify the SAF user ID of the unit of work issuing the PC call. Consequently, it denies access.
User response:
Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site
Severity:
08
CKN085I • CKN093I
CKN089I Error updating token
address - abend
Explanation:
This message indicates the server cannot update the token, presumably because it is not located in key 8 storage.
User response:
Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site
Severity:
08
CKN090I Invalid FUNCTION pointer passed
address - abend
Explanation:
This message indicates that the PC call made by the server was passed a function pointer that was not valid.
User response:
Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site
Severity:
08
CKN091I Unsupported
FUNCTION level xx
instead of
yy received from jobname
ASID
asid user userid
Explanation:
This message indicates that the server does not support the version of the function passed to the PC call. Presumably you are using a new client with an old server in an unsupported combination.
User response:
Connect to a newer server or use an older client.
Severity:
08
CKN092I Unsupported
FUNCTION length len1
instead of
len2 received from jobname
ASID
asid user userid
Explanation:
This message indicates that the PC call made by the server was passed a message length for the specified function that was not valid.
User response:
Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site
Severity:
08
CKN093I ZSECSYS
ZSECSYS not defined to
server; call from
jobname ASID asid user
userid
Explanation:
This message indicates an action was directed to a server name that was not defined in the configuration file for the server.
User response:
Specify a different target system in the client, or update the server configuration file with a definition for the desired system and restart the server.
Chapter 4. CKN messages
97
CKN094I • CKN099I
Severity:
04
CKN094I Task
task IEAVAPE failed RC=dec
Explanation:
This message indicates a failure to allocate a pause element.
User response:
Try to restart the server and redo the client action. If the problem persists, see the IEAVAPE return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support.
Severity:
12
CKN095I Task
task IEAVPSE failed RC=dec
Explanation:
This message indicates a failure to wait on a pause element.
User response:
Try to restart the server and redo the action. If the problem persists, see the IEAVPSE return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support.
Severity:
12
CKN096I Task
task IEAVDPE failed RC=dec
Explanation:
This message indicates a failure to deallocate a pause element.
User response:
Try to restart the server and redo the action. If the problem persists, see the IEAVDPE return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support.
Severity:
12
CKN097I Task
task instance TCB address
unrecognized request
function from
client
client number job jobname ASID asid
user
userid
Explanation:
This message indicates that the server does not support the request passed to the PC call.
Presumably you are using a new client with an old server in an unsupported combination.
User response:
Use the server token for a newer server or use an older client.
Severity:
08
CKN098I
Explanation:
This message indicates an action was directed to a server node that was not defined in the server configuration file.
User response:
Specify a different target node in the client, or update the server configuration file with a definition for the desired node and restart the server.
Severity:
04
ZSECNODE
ZSECNODE not defined to
server; call from
jobname ASID asid user
userid
CKN099I ZSECSYS
ZSECSYS not part of node
ZSECNODE, call from jobname ASID asid
user
userid
Explanation:
This message indicates an action was directed to a server name and node combination that is not defined in the server's configuration file. The specified ZSECSYS must be a member of the specified
ZSECNODE.
User response:
Specify a different target system or node in the client, or update the server configuration file with a matching definition for the desired system and node and restart the server.
Severity:
04
98
Messages Guide
CKN100I • CKN111I
Messages from 100 to 199
CKN100I Unexpected STIMERM SET RC=
nn
Explanation:
This message indicates that the
STIMERM service received an unexpected return code.
User response:
Refer to the appropriate z/OS MVS manual and follow its guidance.
Severity:
16
CKN101I START command received from
console
user
userid command
Explanation:
This informational message confirms that an operator START command was received with the indicated positional parameters.
Severity:
00
CKN102I STCOM command received from
console
user
userid command
Explanation:
This informational message confirms that an operator START command was received with the indicated keyword parameters.
Severity:
00
CKN103I MODIFY command received from
console user userid command
Explanation:
This informational message confirms that the indicated operator MODIFY command was received.
Severity:
00
CKN104I
Explanation:
This informational message confirms that an operator STOP command was received.
Severity:
00
STOP command received from
console
user
userid
CKN105I Unexpected QEDIT RC=
nn
Explanation:
This message indicates that the QEDIT service received an unexpected return code.
User response:
Refer to the appropriate z/OS MVS manual.
Severity:
08
CKN106I Cleanup and terminating due to
abend
Explanation:
This message indicates the an abend in the main task was intercepted and resource cleanup is taking place. Cleanup can be suppressed with OPTION
NOCLEANUP but this might result in a non-reusable address space
User response:
Look up the abend in z/OS MVS
System Codes to determine the cause and actions.
Severity:
16
CKN108I CKNRCLR unknown WKQRTYPE=
nn
on WKQR
address
Explanation:
This message indicates the remote client handler task received an unknown request type.
User response:
Determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support.
Severity:
16
CKN109I Task
TASK ignoring ALLOC after END
Explanation:
This message indicates that a remote server was passed an ALLOC request for a client that is already terminating. In rare cases this can occur if a server is shutting down while a client is operating.
User response:
If the server was shutting down, ignore the message and restart the client operation.
Otherwise, fix the calling program. If the caller is IBM software, look for the message ID on the support web site.
Severity:
08
CKN0110I Task
TASK ignoring DOIO after END
from socket
SOCKET
Explanation:
This message indicates that a remote server was passed an I/O request for a client that is already terminating. In rare cases this can occur if a server is shutting down while a client is operating.
User response:
If the server was shutting down, ignore the message and restart the client operation.
Otherwise, fix calling program. If the caller is IBM software, look for the message ID on the support web site.
Severity:
08
CKN111I Task
TASK ignoring DOIO for
non-initialized client
CLNTNO from
socket
SOCKDESC
Explanation:
This message indicates that a remote server was passed an I/O request for a client without having received an ALLOC request. In rare cases this can occur if a local server is shutting down while a client is operating.
User response:
If a server was restarted, ignore the message and restart the client operation. Otherwise, fix calling program. If the caller is IBM software, look for the message ID on the support web site.
Chapter 4. CKN messages
99
CKN112I • CKN121I
Severity:
08
CKN112I ALLO (allocate) received from unconfigured ZSECSYS on socket
SOCKDESC - ignored
Explanation:
This message indicates that an ALLOC request was received on an unconfirmed connection.
This message is accompanied by earlier messages that show the probable cause of the problem.
User response:
Change the server configuration file to define the indicated system.
Severity:
08
CKN113I DOIO received from unconfigured
ZSECSYS on socket
SOCKDESC -
ignored
Explanation:
This message indicates that an I/O request was received on an unconfirmed connection.
This message is accompanied by earlier messages that show the probable cause of the problem.
User response:
Change the server configuration file to define the indicated system.
Severity:
08
CKN114I ENDC received from unconfigured
ZSECSYS on socket
SOCKDESC -
ignored
Explanation:
This message indicates that an end-client request was received on an unconfirmed connection.
This message is accompanied by earlier messages that show the probable cause of the problem.
User response:
Change the server configuration file to define the indicated system.
Severity:
08
CKN115I CKNDOIR unknown WKQRTYPE=
xx
on WKQR
address
Explanation:
This message indicates the remote worker task received an unknown request type.
User response:
Determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support.
Severity:
16
CKN116I RACF initialization failed for
USERID
RC=
hexnum RSN=hexnum hex; notifying
ZSECSYS job JOBNAME user USERID
client
CLNTNO
Explanation:
This message indicates that the remote mapped execution user ID failed to initialize with the indicated SAF return code and reason code.
100
Messages Guide
User response:
Look up the indicated SAF return code and reason code for RACROUTE REQUEST=VERIFY in the Security Server RACROUTE documentation.
Severity:
08
CKN117I Task restart limit reached, shutting down
Explanation:
This message indicates that a server task failed and was restarted more than once, up to the maximum restart limit. The server is shutting down.
User response:
Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages.
Severity:
16
CKN118I Task CKNCOMT restart initiated
Explanation:
The server communication task was found to be inactive and a restart is being attempted.
User response:
Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages.
Severity:
08
CKN119I Task CKNCLNT restart initiated
Explanation:
The local client handler task was found to be inactive and a restart is being attempted.
User response:
Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages.
Severity:
08
CKN120I Task CKNRCLT restart initiated
Explanation:
The remote client handler task was found to be inactive and a restart is being attempted.
User response:
Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages.
Severity:
08
CKN121I Duplicate request for file
CLNT_DDNM
received from
ZSECSYS client CLNTNO
job
JOBNAME user USERID
Explanation:
This message indicates that two ALLOC requests were received for the same client file name.
User response:
Fix the calling program. If the caller is
IBM software, look for the message ID on the support web site.
Severity:
08
CKN122I Allocated
serverdd dsname member to
clientdd of ZSECSYS client nn job
JOBNAME ASID ASID user USERID
Explanation:
This informational message is issued to note the successful allocation of a server side data set for a remote client.
Severity:
00
CKN123I Unsupported request for file
clientdd
received from
ZSECSYS client nn job
JOBNAME ASID ASID user USERID
Explanation:
This message indicates a protocol error.
User response:
Ensure that the server version supports the client version. If it does not, upgrade the downlevel version or use a different server.
Severity:
08
CKN124I I/O request but alloc failed for
clientdd
received from
ZSECSYS client nn job
JOBNAME ASID ASID user USERID
Explanation:
This message indicates a protocol error.
User response:
Look for one or more messages about a failure and continue there. If no messages are recorded, restart the client and try again. If that does not help, restart the server and try again. If that does not help, fix the protocol error in the client.
Severity:
08
CKN125I I/O request without alloc for
clientdd
received from
ZSECSYS client nn job
JOBNAME ASID ASID user USERID
Explanation:
This message indicates a protocol error.
User response:
Look for one or more messages about a failure and continue there. If no messages are recorded, restart the client and try again. If that does not help, restart the server and try again. If that does not help, fix the protocol error in the client.
Severity:
08
CKN126I
Explanation:
This message indicates an abend occurred while trying to open the indicated DD name on the server on behalf of the client file indicated.
User response:
See the MVS system codes for the indicated abend code and follow the guidance.
Severity:
08
Open
serverdd abend for clientdd received
from
ZSECSYS client nn job JOBNAME
ASID
ASID user USERID
CKN122I • CKN131I
CKN127I Open failed for
clientdd received from
ZSECSYS client nn job JOBNAME ASID
ASID user USERID
Explanation:
This message indicates the indicated client file could not be opened on the server.
User response:
Look for a message in the server job log about the data set being requested.
Severity:
08
CKN128I Get for unopened file
clientdd received
from
ZSECSYS client nn job JOBNAME
ASID
ASID user USERID
Explanation:
This message indicates a protocol error from a client. The client application tried to obtain a record from a file it had not opened successfully.
User response:
Look for open abend or open failure messages and follow the guidance.
Severity:
08
CKN129I Alloc missing ZSECSYS/NODE; call from
JOBNAME ASID ASID user
USERID
Explanation:
This message indicates that the server received an allocation request without a target system or node; this is a client API error.
User response:
Fix the calling program. If the caller is
IBM software, look for the message ID on the support web site.
Severity:
04
CKN130I Node
ZSECNODE not currently
connected; call from
JOBNAME ASID
ASID user USERID
Explanation:
This message indicates an attempt to access a remote server that is currently unavailable.
User response:
Try again later or verify why the connection cannot be created and remedy the cause.
Severity:
04
CKN131I System
ZSECSYS not currently
connected; call from
JOBNAME ASID
ASID user USERID
Explanation:
This message indicates an attempt to access a remote server that is currently unavailable.
User response:
Try again later or verify why the connection cannot be created and remedy the cause.
Alternatively, use a ZSECNODE instead of a ZSECSYS to let the system find an active system on the node.
Severity:
04
Chapter 4. CKN messages
101
CKN132I • CKN143I
CKN132I Message DATA received from
ZSECSYS
on socket
SOCKDESC for client nn that
is no longer present
Explanation:
This message indicates a protocol error occurred while using the server.
User response:
Check the calling program and ensure that it does not wait excessively long during server interaction.
Severity:
04
CKN133I RACF initialization failed for
USERID abend
Explanation:
An abend occurred during a
RACROUTE REQUEST=VERIFY for a local user ID that is the partner (peer) user ID for a remote client.
User response:
See the MVS system codes for the indicated abend code and follow the guidance.
Severity:
08
CKN134I Task
TASK ignores ALLOC after failed
initialization
Explanation:
This message indicates a protocol error occurred while using the server.
User response:
Fix the calling program. Consider discontinuing the call after a failure. If the caller is IBM software, look for the message ID on the support web site.
Severity:
04
CKN135I
Explanation:
This message indicates an abend occurred while returning data to the storage of the caller.
User response:
See the MVS system codes for the indicated abend code and follow the guidance.
Severity:
08
Problem copying from
address
FUNCTION len hexlen - abend
CKN136I Open/get/close without alloc for
clientdd
from
JOBNAME ASID ASID user
USERID
Explanation:
This message indicates a protocol error in using the server.
User response:
Fix the calling program. If the caller is
IBM software, look for the message ID on the support web site.
Severity:
08
CKN137I Read
number records from ddname dataset
Explanation:
This message indicates how many records were read from this data set on behalf of a remote client.
Severity:
00
CKN138I
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
Communication task status SCKD
address dump
CKN139I
TASK subtask status TSKD address
dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN140I Main task status RACF
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN141I Main task status ZNOD
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN142I Main task status ZSYS
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN143I Main task status ZSCS
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
102
Messages Guide
Severity:
00
CKN144I Main task status DNAM
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN145I Main task status INFO
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN146I Client handler task status for
ZSECSYS
CLNT
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN147I Local file name status for
ZSECSYS
client
nn LFIL address
dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN148I Remote client handler task status for
SYSNAME RCLN address
dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN149I Work queue header WKQH
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN144I • CKN155I
CKN150I Work queue element WKQR
address type status dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN151I Wait element WKQR
address type status dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN152I Client status RLNK
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN153I Client handler task status for
ZSECSYS
client
NO RFIL address
dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN154I Notify client
nn of failing server
Explanation:
This message is sent to a waiting client as a surrogate reply to the request the client was waiting on that could not be completed.
User response:
Restart the server or wait until the server is restarted and try again.
Severity:
00
CKN155I Notify client
nn of stopping server
Explanation:
This message is sent to a waiting client as a surrogate reply to the request the client was waiting on. The request could not be completed because the server received a STOP request from the operator.
User response:
Restart the server or wait until the server is restarted and try again.
Severity:
00
Chapter 4. CKN messages
103
CKN156I • CKN166I
CKN156I Server stopping - socket
SOCKDESC
wait cancelled
Explanation:
This message is sent to a waiting client as a surrogate reply to the request the client was waiting on. The request could not be completed because the server received a STOP request from the operator.
User response:
Restart the server or wait until the server is restarted and try again.
Severity:
00
CKN157I Server failing - socket
SOCKDESC wait
cancelled
Explanation:
This message is sent to a waiting client as a surrogate reply to the request the client was waiting on that could not be completed.
User response:
Restart the server or wait until the server is restarted and try again.
Severity:
00
CKN158I
activity on SYSNAME(name)
SYSPLEX(
name) [ LPARNAME(name) ] [
VMUSERID(
name) ] [ HWNAME(name) ]
CPU-id
CPUid
Product codes
codes Products
Explanation:
This message shows the system, sysplex,
LPAR, VM user ID, and hardware where it is running, and which IBM Security zSecure suite products are installed and not disabled through IFAPRDxx for use in this program. For a description of the product codes, see the License names table in any of the zSecure
Admin and Audit user reference manuals. Each line in the "Products" section shows a product ID and the full name of a particular product feature, for example,
5655-N17 IBM Security zSecure Audit for RACF for code AUDITRACF. activity can be Runs or UNIX depending on the calling environment used.
Severity:
00
CKN159I Contents of CKRSITE module:
Class:
setting
Explanation:
This message is issued in response to
OPTION DEBUG command. setting displays the relevant class name, for example, XFACILIT.
Severity:
00
CKN160I Connection dropped socket
SOCKDESC
wait cancelled
Explanation:
This message indicates a remote server connection was lost and a paused client was released.
User response:
Restore the network connection and try the operation again.
104
Messages Guide
Severity:
00
CKN161I
Explanation:
This message indicates that the main task is ready with shutdown and is terminating.
Severity:
00
zSecure Server
zsecnode/zsecsys token
servertoken shutdown complete
CKN162I
Explanation:
An attempt was made to connect to or from a remote server, but the connection was not protected by AT-TLS. The server does not allow unsecured connections. Unsecured connections can be allowed using the OPTION statement.
User response:
Set up an AT-TLS protection between the servers with the policy agent. See the Installation
and Deployment Guide for instructions.
Severity:
00
Unsecured connection rejected on socket
sockdesc from/to zsecnode/zsecsys
sysplex.clone.sysname njenode.smfid rrsfnode
CKN163I [Unsecured|Secured|Self] connection on socket
sockdesc from/to zsecnode/zsecsys
sysplex.clone.sysname njenode.smfid rrsfnode
Explanation:
This message indicates that the zSecure
Server has successfully established a connection to a peer zSecure Server or to itself.
Severity:
00
CKN164I Client
number job jobname user userid
Explanation:
This message is written to record the first request of a local client program to the zSecure
Server. As long as the client requests pass the same token and are issued from the same userid and jobname
(and the server has not restarted), the client is considered the same client.
Severity:
00
CKN165I
Explanation:
This message indicates that the last TCP connection to a partner zSecure Server was dropped.
The connection remains dropped until a new allocation request is received.
Severity:
00
zSecure Server
zsecnode/zsecsys lost last
connection to
zsecnode/zsecsys
CKN166I An unexpected return code was received from IEFSSREQ SSI=54, Subsys=
subsys,
R15=
rc, SSOBRETN=rsn
Explanation:
An IEFSSREQ request type 54 for subsystem subsys ended with return code rc for Register
15 and reason code rsn for the SSOBRETN field, where: v subsys is the name of the subsystem being queried, either JES2 or JES3.
v rc is the value of Register 15 returned from
IEFSSREQ.
v rsn is the IEFSSREQ reason code obtained from
SSOBRETN.
If a subsystem request using IEFSSREQ is issued, the
CKN166I message is generated if an error occurs.
If you are running z/OS version 1.8 or later, additional errors related to the JES node processing can occur.
Normally, the call to IEFSSREQ returns information about the primary JES2 or JES3 subsystem that obtains the JES2 own node or JES3 home node. If this information is not returned, CKNSERVE cannot determine the name of the local JES node.
User response:
This error might be caused by running zSecure on an operating system that is not supported, or by recent maintenance to the operating system that might affect the IEFSSREQ service. For further information about the error, see the documented return code values for IEFSSREQ and SSOBRETN in z/OS
MVS Using the Subsystem Interface SA38-0679. If you cannot resolve the problem, contact IBM Customer
Support.
Severity:
08
CKN167I
Explanation:
The CKN167I message is issued if the
JES node cannot be determined from the IEFSSREQ subsystem request, where: v subsys is the name of the JES2 or JES3 primary subsystem.
v version is the JES2 or JES3 version (for example, SP
1.8.0)
User response:
This error might be caused by recent maintenance to the operating system that might affect the IEFSSREQ service. Ensure that the primary JES2 or
JES3 subsystem has initialized and try to restart the zSecure multisystem server. If you cannot resolve the problem, contact IBM Customer Support.
Severity:
08
Error locating JES node, Subsys=
subsys version
CKN168I
subsys node is node
Explanation:
During multisystem server initialization, this informational message is issued after the JES node is resolved, where: v subsys is the name of the primary subsystem, either
JES2 or JES3.
v node is the own node name (JES2) or home node name (JES3).
CKN167I • CKN173I
Severity:
00
CKN169I Ignoring request
id after an end-client
request CKNE
Explanation:
This message indicates that a local server was passed the indicated request type for a client that is already terminating. This can occur, for example, if remote-files close requests are sent after and end-client request.
User response:
Ignore or fix the calling program. If the caller is IBM software, look for the message ID on the support web site.
Severity:
04
CKN170I BPX1CLO failed close listening socket
SOCKDESC UNIX_ERROR
Explanation:
This message indicates that an attempt to close a socket failed.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
04
CKN171I
Explanation:
This message documents how many records were read from the indicated data source.
Severity:
00
Close after reading
number records from
ddname volser dsname
CKN172I Cannot open
clntddnm twice; request by
zsecsys client number job jobname user
userid
Explanation:
This message indicates that two open requests were received for the same client file name
User response:
Fix the calling program. If the caller is
IBM software, look for the message ID on the support web site.
Severity:
08
CKN173I Userid mapping not allowed for
client-userid to target-userid, notifying
zsecsys job jobname user client-userid client
client-id
Explanation:
The target-userid does not have an approved PEER or MANAGED-BY association with
client-userid, use of the target-userid is denied.
User response:
Add a CKNUMAP profile to define a user ID mapping or establish a user ID association through RACLINK.
Severity:
08
Chapter 4. CKN messages
105
CKN174I • CKN183I
CKN174I Userid mapping not implemented for
client-userid, notifying zsecsys job jobname
user
client-userid client client-id
Explanation:
The client-userid does not have a mapping profile to determine the user ID to be used on the target system. Data access and command execution is denied.
User response:
Add a CKNUMAP profile to define a user ID mapping or establish a user ID association through RACLINK.
Severity:
08
CKN175I RACF EXTRACT of [CKNADMIN |
CKNUMAP] profile failed
abendcode
Explanation:
The RACF extract function to obtain and verify USERID mapping information failed. If the message contains CKNUMAP, processing continues using the identity mapping. If the message contains
CKNADMIN, processing continues without a
ZSECNODE user ID.
User response:
See the additional security measures in the Installation and Deployment Guide for information on the ZSECNODE user ID.
Severity:
08
CKN176I Task
task ignoring DOIO after lost
socket
sockdesc
Explanation:
This message indicates that the server is discarding remote I/O requests because the connection to the remote server was lost.
User response:
When the remote server has restarted, run the query again.
Severity:
08
CKN177I Task
task ignoring ALLO after lost
socket
sockdesc
Explanation:
This message indicates the server is discarding remote file allocation requests because the connection to the remote server was lost.
User response:
When the remote server has restarted, run the query again.
Severity:
08
CKN178I
Explanation:
This informational message documents which remote file name is used to funnel the remote command screen from the indicated client local file name.
Severity:
00
Remote
type file rmtfile dsname [member]
for
localfile of zsecsys client n job jobname
user
userid
106
Messages Guide
CKN179I CKNDOIA unknown WKQRTYPE=
xx
on WKQR
address
Explanation:
This message indicates that an unexpected condition was found in routine CKNDOIA.
The task is terminated with user abend 179.
User response:
Look for the message number on the
IBM support web site. If you do not find a solution, contact IBM Software Support.
Severity:
16
CKN180I Put for unopened file
localfile received
from
zsecsys client n job jobname user
userid
Explanation:
This message indicates a protocol error; a
PUT I/O is being received for a file that is not open.
User response:
Stop and restart the client program. If the problem persists, restart the local and remote servers. If the problem still persists, fix the client program or, if the client is IBM software, search for the message on the IBM support web site.
Severity:
08
CKN181I Put for unsupported file
localfile received
from
zsecsys client n job jobname user
userid
Explanation:
This message indicates a protocol error; a
PUT I/O is being received for a filetype that does not support it.
User response:
Fix the client program. If the client is
IBM software, search for the message on the IBM support web site. If you do not find a solution, contact
IBM Software Support.
Severity:
08
CKN182I Client
n job jobname user userid passed m
records to remote program via file
remotefile
Explanation:
This informational message documents how many records were passed from the client to the remote program for the indicated remote file.
Severity:
00
CKN183I Connection lost to server
zsecsys during
I/O on file
ddname; from jobname ASID
xxxx user userid
Explanation:
This message notifies the user that the connection to the remote server was lost during I/O operations on the indicated file name.
User response:
Wait until the connection to the target zsecsys or zsecnode is reestablished (ask for the remote server to be restarted or let the system select another
zsecsys in the target zsecnode), and run the query again.
Severity:
08
CKN184I Failure during
type access verification
abendcode
Explanation:
An abend occurred while attempting to verify access to the indicated resource type.
The resource type can have a value of CKNADMIN or
DIRECT:
CKNADMIN
Refers to the site SAF class profiles
CKNADMIN.TONODE.zsecnode
DIRECT
Refers to the RRSFDATA profile
DIRECT.rrsfnode
User response:
See z/OS MVS System Codes to determine the cause of the abend and possible actions.
Severity:
08
CKN185I Not authorized to access
zsecnode ,
insufficient access to RRSFDATA
DIRECT.
zsecnode RC=retcode RN=reascde
job
jobname user userid client clientid
Explanation:
The indicated userid does not have sufficient access to the RRSFDATA DIRECT.zsecnode resource. Data sets and commands directed to zsecnode are not allowed.
User response:
Look up the indicated SAF return code and reason code in the Security Server RACROUTE documentation. Give the user a permit if the user needs permission to route commands to the indicated node.
Severity:
08
CKN186I Failure during CKNADMIN access verification
abendcode, disallow use
Explanation:
An abend occurred while attempting to verify access to the CKNADMIN resource that controls access to the current node. Access to the system is not allowed.
User response:
See z/OS MVS System Codes to determine the cause of the abend and possible actions.
Severity:
08
CKN187I Not authorized to access
current-node
from
source-node RC=retcde RSN=reascde
job
jobname user userid client clientid
Explanation:
The indicated userid does not have sufficient access to the resource
CKNADMIN.FROMNODE zsecnode, which controls access to the current node. Data sets and commands
CKN184I • CKN192I
directed to current-node are not allowed.
User response:
Look up the indicated SAF return code and reason code in the Security Server RACROUTE documentation. Give the user a permit if the user needs permission to route commands to the indicated node, or add a CKNUNMAP mapping to a user ID that does exist.
Severity:
08
CKN188I RACF Retrieval of RACLINK data failed
abendcode, disallow use
Explanation:
An abend occurred while attempting to retrieve user ID mapping data. The RACLINK user ID association is not used. Data sets and commands directed to the system are not allowed.
User response:
See z/OS MVS System Codes to determine the cause of the abend and possible actions.
Severity:
08
CKN189I Connection lost to server
ZSECSYS
during ALLOC of file
CLNTDDNM, job
jobname user userid client clientno
Explanation:
This message indicates that during an
ALLOC request the connection to the remote (target) server was lost, either through a failing network connection or because the server was shutting down or had other problems.
User response:
Retry the action after reestablishing the connection or after restarting the remote server.
Severity:
08
CKN190I
program ended abend
Explanation:
This message indicates that a program that was started on behalf of a client has terminated with the indicated abend.
User response:
See z/OS MVS System Codes to determine the cause of the abend and possible actions.
Severity:
04
CKN191I
program ended RC number
Explanation:
This informational message shows that a program started on behalf of a client terminated with the indicated return code.
Severity:
00
CKN192I Excessive wait time
n minutes for client
clientno job jobname ASID asid for msgno
msgno; attempting release
Explanation:
This message shows that a client was waiting for a reply from a remote server longer than is reasonable. The action is terminated. This action might
Chapter 4. CKN messages
107
CKN193I • CKN199I
cause follow-on error messages.
User response:
Look in CKNPRINT and the job log of the local server and remote server. If any problems are noted, restart the server associated with the problem.
Severity:
04
CKN193I Invalid TYPE=
type specification "string"
for
CLNTDDNM of ZSECSYS client
clientno job jobname user userid
Explanation:
This message indicates a protocol error.
Presumably the server was contacted by a client that uses a more recent version of the protocol
User response:
Ensure the client and server are on compatible levels. Maybe use a different server token to contact a server supporting the required level.
Severity:
08
CKN194I Too many files at the same time for
CLNTDDNM of ZSECSYS client clientno
job
jobname user userid
Explanation:
This message indicates an unsupported number of information requests are routed to the same remote program instance.
User response:
Try to simplify the query.
Severity:
08
CKN195I Invalid TYPE=CKFREEZE specification
"
string" for CLNTDDNM of ZSECSYS
client
clientno job jobname user userid
Explanation:
This message indicates a protocol error.
Presumably the server is contacted by a client that uses a more recent version of the protocol.
User response:
Ensure the client and server are on compatible levels. Maybe use a different server token to contact a server supporting the required level.
Severity:
08
CKN196I
Explanation:
This message indicates that an allocation is missing from the server for the indicated CKFREEZE file.
User response:
Restart the server. If that does not correct the problem, fix the calling program. If the caller is IBM software, look for the message ID on the support web site.
Severity:
08
Remote server file name
RMTFILE not
allocated for TYPE=CKFREEZE
spec or
CLNTDDNM of ZSECSYS client clientno
job
jobname user userid
CKN197I Remote server file name
RMTFILE used
for TYPE=CKFREEZE
spec or
CLNTDDNM of ZSECSYS client clientno
job
jobname user userid
Explanation:
This informational message documents which remote file is used to satisfy the CKFREEZE request from the client.
Severity:
00
CKN198I Stopping server because
program ended
abend_or_RC
Explanation:
This message indicates that a requisite task terminated either with an abend or a nonzero return code. The server is shutting down.
User response:
Look in the job log and CKNPRINT of the local server and remote server. If you note any problems, resolve them and restart the server associated with the problem.
Severity:
16
CKN199I Failure during CKNDSN access verification
abend
Explanation:
An abend occurred during a
RACROUTE REQUEST=AUTH authorization check.
The access is not allowed.
User response:
See z/OS MVS System Codes to determine the cause of the abend and possible actions.
Severity:
08
108
Messages Guide
CKN200I • CKN207I
Messages from 200 to 299
CKN200I Not authorized to access
dsname,
insufficient access to
profile RC=hexrc
RSN=
hexrsn hex; client clientno job
jobname user userid
Explanation:
No permission exists for the indicated
profile. Consequently, access to the dsname is not allowed. This message can show either the client user
ID or the ZSECNODE user ID. The ZSECNODE user
ID is obtained from the APPLDATA of the matching
CKNADMIN.FROMNODE profile. If a user ID is specified, it is used to control which data sets can be used by users from this ZSECNODE.
User response:
Look up the indicated SAF return code and reason code in the Security Server RACROUTE documentation for RACROUTE REQUEST=AUTH.
Severity:
08
CKN201I Not authorized to use
dstype dsname from
system client clientno job jobname user
userid
Explanation:
This message is passed back to the client to notify the client about the lack of authority to access
dsname of type dstype. This message can be issued if either the client user ID or the ZSECNODE user ID has insufficient access to dsname.
User response:
If you need more information, look for
CKN200I or CKN199I in the remote server CKNPRINT.
Severity:
08
CKN202I Allocate failed
RMTDDNM dsname
[
member] to CLNTDDNM of ZSECSYS
client
clientno job jobname user userid
Explanation:
This message is passed back to the client for a failed allocation in the remote server.
User response:
If you need more information, look for
IKJ* messages preceding this message in the remote server CKNPRINT file and follow the guidance.
Severity:
08
CKN203I OPTION
name only valid in PARM
string
Explanation:
The indicated option can be specified only on the PARM string, not in the CKNIN file.
User response:
Move the option to the PARM string and try the operation again.
Severity:
12
CKN204I Answer queue for WKQH
address dump
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN205I ABEND authorizing
class 'resource': abend
Explanation:
The indicated abend was encountered during a RACROUTE REQUEST=AUTH for the indicated resource.
User response:
See z/OS MVS System Codes to determine the cause of the abend and possible actions.
Severity:
08
CKN206I [Unsecured|Secured] connection not authorized on socket
SOCKDESC
[from|to]
zsecnode/zsecsys
sysplexclone.sysname njenode.smfid rrsfnode
Explanation:
An attempt was made to connect to or from a remote server, but the connection was not protected by AT-TLS. The server task is not authorized to the unsecured exception resource
"CKNADM.INSECURE.secsys".
User response:
Set up an AT-TLS protection between the servers with the policy agent. See the Installation
and Deployment Guide for information.
Severity:
08
CKN207I Partner cert name invalid on socket
SOCKDESC [from|to] zsecnode/zsecsys
sysplexclone.sysname njenode.smfid rrsfnode
Explanation:
The hostname DOMAIN name value in the ALTNAME extension of the peer certificate
(certificate hostname) does not match the ZSECSYS name. Because the certificate is used as proof that the partner server is the real ZSECSYS partner node and not a masquerading attacker, this constitutes an identification-and-authentication failure. Neither was there a permit on the exception resource
"CKNADM.CERTOKAY.secsys" which can be used to disable this identification-and-authentication feature.
User response:
Generate a certificate for the proper
(remote) ZSECSYS name in the proper (local) key ring.
See the Installation and Deployment Guide for information.
Severity:
08
Chapter 4. CKN messages
109
CKN208I • CKN217
CKN208I Socket active WKQR
address type status
Explanation:
This message is part of a summary dump written in case of problems.
User response:
No user action is required.
Severity:
00
CKN209I CKFREEZE
ddname still in use. Refresh
delayed
Explanation:
A refresh of the automatic snapshot file is needed but the file is still in use.
User response:
Ignore a single occurrence of this message. If the problem persists, restart the server. If that does not help, look for problems in the
CKNPRINT output that might cause the delay in completing the client interaction and solve them.
Severity:
08
CKN210I
Explanation:
This message indicates that a close request was received for a remote file from a remote
CKRCALRA for which the program already has terminated. This is a normal occurrence directly before ending the client.
Severity:
00
Client
number job jobname user user
closed file
remotedd
CKN211I RETRYINTERVAL
interval must be 0 or
between 1 and 1440 minutes
Explanation:
The supplied RETRYINTERVAL value is not in the valid range. Specify 0 to deactivate automatic retry. Specify a value of at least 1 and at most 1440 minutes to define how soon a failing communication between servers is retried.
User response:
Correct the input and retry the operation.
Severity:
12
CKN212I Server
zsecnode/zsecsys token servertoken
now listening on port
n
Explanation:
This message indicates that the server is now listening to connections from peer servers. It is issued both as a print message and as a WTO.
Severity:
00
CKN213I Server
zsecnode/zsecsys token servertoken
stopping
abend
Explanation:
This message warns that the server is stopping in response to an abend condition. It is issued both as a print message and as a WTO.
Severity:
16
110
Messages Guide
CKN214I Test PC abend request from client
n job
jobname ASID asid user userid
Explanation:
User abend 214 will be issued from the
PC routine to test the error recovery of the calling program.
User response:
No user action is needed.
Severity:
00
CKN215I Excessive idle time
nn minutes for
zsecsys client clientno job jobname user
userid; simulating end
Explanation:
No interaction was received from a remote client for more than nn minutes. An end-client action will be simulated to free up enqueues and resources held in this server. This message is issued only if the remote client has been silent for 10 minutes or more.
User response:
No user action is required.
Severity:
08
CKN216I ABEND during READALL access check
abendcode assume no access
Explanation:
An unexpected situation occurred during the access verification of the execution userid to the
CKR.READALL resource in the XFACILITY resource class. The zSecure server informed the CKRCARLA client that the user does not have sufficient access to the CKR.READALL resource.
User response:
Review the abend code in the Security
Server RACF Messages and Codes Manual.
Severity:
08
CKN217
Explanation:
The ZSECNODE user ID that was obtained from the matching CKNADMIN.FROMNODE
profile does not match the user ID that is associated with the certificate of the node. The connection is refused and communication is stopped.
User response:
Verify that the ZSECNODE user ID that is specified in the APPLDATA of the matching
CKNADMIN.FROMNODE profile is correct. Verify that the RACF user ID that is associated with the node certificate is correct. For more information on specifying these user IDs, see the section on setup for secure communication using AT-TLS in the Installation
and Deployment Guide.
Severity:
08
Node userid
node-userid does not match
cert-userid
CKN218I BPX1OPT setsockopt TCP_KEEPALIVE failed on socket
sockdesc unix_error
Explanation:
This message indicates that a UNIX error occurred during a setsockopt call to set the TCP
KEEPALIVE socket option to the ZSECSYS
RETRYINTERVAL. This message is suppressible.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
08
CKN219 BPX1OPT setsockopt SO_KEEPALIVE active failed on socket
sockdesc unix_error
Explanation:
This message indicates that a UNIX error occurred during a setsockopt call to request the connection to be tested periodically. This message is suppressible.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
08
CKN220 BPX1OPT setsockopt TCP_NODELAY active failed on socket
sockdesc unix_error
Explanation:
This message indicates that a UNIX error occurred during a setsockopt call to request the connection to not delay messages. This message is suppressible.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
08
CKN221 BPX1OPT setsockopt SO_REUSEADDR active failed on socket
sockdesc unix_error
Explanation:
This message indicates that a UNIX error occurred during a setsockopt call to request the port to be reusable. This message is suppressible.
User response:
See your UNIX system codes book to determine the cause and actions.
Severity:
08
CKN222I RACF ACEE clean up failed for
userid
RC=
retcode RSN=reascde hex for sysname
job
jobname user userid client clientno
Explanation:
Removal of the security environment for user userid was not successful. The returncode and reasoncode for the RACROUTE REQUEST=VERIFY
ENVIR=DELETE are shown in the message, together with the identification of the remote userid for which this security environment was created.
User response:
Review the return and reason code for the RACROUTE function in the Security Server RACF
RACROUTE Macro Reference.
CKN218I • CKN226I
Severity:
08
CKN223I Negotiated TLS cipher
cipher is not
compliant with NIST 800-131A
Explanation:
This message indicates that the negotiated TLS cipher cipher is not compliant with NIST
Special Publication 800-131A.
User response:
See the Cipher Suite Definitions topic in z/OS Cryptographic Services System SSL
Programming
for a description of the cipher. Specify a list of NIST 800-131A-compliant ciphers in the AT-TLS policy rules using the TTLSCipherParms statement.
Severity:
04
CKN224I Invalid REREAD request on CARLA file received from
ZSECSYS client nn job
JOBNAME user USERID
Explanation:
This message indicates a protocol error from a client. The client application tried to reread a file that does not support two-pass mode.
Severity:
08
CKN225I Invalid REREAD request on CKX output file received from
ZSECSYS
client
nn job JOBNAME user USERID
Explanation:
This message indicates a protocol error from a client. The client application tried to reread a file that does not support two-pass mode.
Severity:
08
CKN226I Invalid REREAD request for unopened file
DDNAME received from ZSECSYS
client
nn job JOBNAME user USERID
Explanation:
This message indicates a protocol error from a client. The client application tried to reread a file that it had not opened successfully.
User response:
Look for open abend or open failure messages and follow the guidance.
Severity:
08
Chapter 4. CKN messages
111
CKN600...CKN699 • CKN897I
Messages from 600 to 899
CKN600...CKN699
message
Explanation:
Messages in the range CKN600-CKN699 are internal error messages that are not individually documented. If you need information about a message in this range, contact IBM Software Support.
CKN700...CKN799
message
Explanation:
Messages in the range CKN700-CKN799 are trace messages that are not individually documented. If you need information about a message in this range, contact IBM Software Support.
CKN874I RECFM=V(BS) RDW
hex exceeds
LRECL=
lrecl at record n ddname volser
dsname
Explanation:
This message indicates invalid record contents for a RECFM=V(B)(S) data set. The record descriptor word does not match the DCB parameters.
The Record Descriptor Word (RDW) is shown in hexadecimal. The first 2 bytes are the record length including the RDW. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
CKN875I RECFM=V(BS) BDW
hex exceeds
BLKSIZE=
blksize at record n ddname
volser dsname
Explanation:
This message indicates invalid block contents for a RECFM=V(B)(S) data set. The block descriptor word does not match the DCB parameters.
The Block Descriptor Word (BDW) is shown in hexadecimal. The first 2 bytes are the block length including the BDW, unless the high order bit is on, in which case it can be a large block 4 byte length. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
CKN893I Task
task TCB addr ATTACH RC=n dec
attempting to attach
task ep
Explanation:
This message documents a failure to attach a new task task ep from the indicated TCB instance of a task called task.
User response:
Review the description of the
112
Messages Guide
ATTACH return code and take the appropriate action.
For example, the return code might indicate a storage shortage.
Severity:
16
CKN894I Task
task TCB taskaddr DETACH of task
ep instance TCB subtaskaddr RC=nn dec
Explanation:
This message indicates a failure to cleanly remove the indicated TCB instance of subtask
task ep by the indicated owning instance TCB taskaddr of task task. The RC value is a nonzero DETACH return code.
User response:
Review the description of the
DETACH return code and take the appropriate action.
Severity:
04
CKN895I
Explanation:
This message documents that a DETACH task failed with the indicated abend code. The failure occurred in the daughter task instance TCB subtaskaddr of task ep of the indicated mother TCB instance of a task called task.
User response:
Review the meaning of the abend code and take the appropriate action. For example, the return code might indicate a storage shortage or an input or output-file-related failure. If it is a user abend code, there should be a message either in the print file or in a WTO in the job log or system log with the same decimal message number as the user abend code. If the user abend code is 16, then the message number might be different, for example, 999. Look up the message and follow its guidance.
Severity:
04
Task
task TCB addr subtask task ep
instance TCB
subtaskaddr failed abend
CKN896I Task
task TCB addr zero ECB wait
Explanation:
This is an internal error message that indicates a problem in the software.
User response:
Look for the message number on the
IBM support web site. If you do not find a solution, save the CKNPRINT and contact IBM Software
Support.
Severity:
16
CKN897I HMALLOC CALL ERROR:
NON-THREADSAFE
task1 heap from
task2
Explanation:
This is an internal error message that indicates a problem in the software.
User response:
Save the SYSPRINT and other relevant
files and contact IBM Software Support.
Severity:
16
CKN898I
program Recursive abend percolated
Explanation:
This WTO message warns that a
Messages from 900 to 999
CKN900I IDENTIFY RC=
rc for task taskaddr
Explanation:
The IDENTIFY service returned the indicated rc for the indicated task.
Severity:
00
CKN941I DIAGNOSTIC DUMP SUPPRESSED
FOR program BECAUSE GLOBAL
AREA OR GLBLREG GARBLE AT
xxxxxxxx
Explanation:
This WTO message explains why there is no diagnostic dump. A regular dump will be needed to analyze the problem.
Severity:
I
CKN942 Request to write record with negative length
hexnum to ddname behind record
decnum - user abend 942
Explanation:
This messages indicates either a software problem or an attempt to connect input files to the wrong DD names. User abend 942 is issued. This message is suppressible and results in the record being skipped. However, the resulting output file might be unusable and can give rise to follow-on errors.
Suppressing this message is not recommended except as directed by IBM Software Support.
User response:
Check allocations and the validity of the connected data sets. If your checks do not reveal errors, contact IBM Software Support with relevant documentation.
Severity:
16
CKN955I
program task heap STORAGE REQUEST
ERROR: SIZE NOT POSITIVE
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
CKN968I IFAEDDRG failed RC
nn decimal
Explanation:
This message indicates that an attempt to register a previously registered product failed.
CKN898I • CKN974I
recursive abend condition occurred. Probably the attempt to provide a summary dump or an attempt to recover failed.
User response:
Resolve the initial abend.
Severity:
I
User response:
Contact IBM Software Support.
Severity:
16
CKN969I I/O error for
dsn: description
Explanation:
This message indicates that an I/O error occurred during normal QSAM or BSAM input processing for dsn. Operation will be continued, but an abend or other error message may follow because of the information missing due to the I/O error.
Severity:
08
CKN970I
program task heap FREE STORAGE
ERROR:
message
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
CKN972I Enablement information missing for
product
Explanation:
This message indicates that the product cannot run because the load module is not complete.
User response:
Contact your system programmer to complete installation of the product.
Severity:
16
CKN973I IBM Security product code
code disabled
or not installed
Explanation:
This indicates that you are attempting to run functionality for a product that is not installed here, or it is disabled for this system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKN974I IBM Security
product disabled or not
installed here for requested focus
Explanation:
Either the product is not installed here,
Chapter 4. CKN messages
113
CKN975I • CKN999I
or the requested focus is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKN975I IBM Security
product disabled or not
installed
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKN976I
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
Code or enablement for
product product
or feature is missing
CKN976 IBM Security
product or feature disabled
or not installed here
Explanation:
Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation.
Severity:
16
CKN977I Installed PRODUCT OWNER('IBM
CORP') ID(
id) NAME('name')
FEATURE('
feature') VER(version)
REL(
release) MOD(modification)
[ Product
action RC rc decimal ]
Explanation:
This message is issued in response to
DEBUG for products that are installed. The action can be "registration" or "status." The return code is for
IFAEDREG or IFAEDSTA, respectively, which are documented in MVS Programming: Product Registration.
No continuation line is shown if product registration does not apply (for example, because of CKN979I).
Severity:
00
114
Messages Guide
CKN978I Product code
code has been disabled in
PARMLIB
Explanation:
This message is issued in response to
DEBUG for products that have been disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name by an entry in IFAPRDxx in your z/OS PARMLIB.
User response:
Run the product somewhere else, or ask your system programmer for enablement.
Severity:
00
CKN979I Product code
code implied by other
Explanation:
This message is issued in response to
DEBUG for products that are not being registered because their entitlement is implied by a more encompassing entitlement.
Severity:
00
CKN993I DIAGNOSTIC DUMP SUPPRESSED
FOR
program TASK taskname type
ABEND
xxx
Explanation:
This message indicates that the program abend exit did not attempt to make a diagnostic summary dump. This is done to prevent recursive abend conditions involving the print file. The task name is PROGRAM for the main task or for the only task in a program. For a multi-tasking program,
program might identify one of the subtasks.
CKN998I STACK OVERFLOW FOR STACK
tasklevel stackname IN program
Explanation:
This message indicates an internal stack error. It is followed by a user abend 16. Contact IBM
Software Support.
Severity:
16
CKN999I STORAGE SHORTAGE FOR TASK
taskname HEAP heapname IN program -
INCREASE REGION
Explanation:
This message indicates that the program needs more storage. If the heap name is LOWHEAP, then the request is for storage below the 16MB line.
User response:
Look in message CKF034I to determine what region was requested and what was granted to the job step. Increase the REGION value on the JOB or STEP card. It can also be beneficial to use the STORAGEGC command, though this will increase
CPU usage. If the problem heap was LOWHEAP, there was not enough storage available below the line.
Increasing the REGION might still help, if there was not enough storage above the line so that LOWHEAP storage was used instead. If there is a true storage shortage below the line, you could reduce I/O
parallelism with the PARALLEL option or force the immediate freeing of allocations with the FREE option.
Severity:
16
Chapter 4. CKN messages
115
116
Messages Guide
Chapter 5. CKR messages
The CKRCARLA program is the main program in zSecure products. Using the special-purpose CARLa Auditing and Reporting language (CARLa), the
CKRCARLA program processes RACF, SMF, and other types of information. This program is used by the products, such as zSecure Admin and Audit, zSecure Alert, zSecure Visual, and zSecure Adapters for QRadar SIEM.
This chapter describes messages issued by the CKRCARLA program on the mainframe. These messages are prefixed with unique message identifiers in the form CKRnnnn or CKRnnnI, where nnnn and nnn indicate the unique message value. The message identifier is followed by a severity code.
Note:
The return code from the program is normally set to the maximum value of the return codes from any messages. If an OPTION NOWARNING is coded, the 04 return code from the program is reset to 00.
12
16
20
The general meaning of the CKRCARLA severity codes and the completion code are:
00
Normal message, giving status or summary information, or a message indicating a decision taken.
04
08
Can be a general warning, or an error condition found as a result of
VERIFY or REPORT processing. Removal of the error condition can be attempted by means of a command generated by zSecure (if CKRCMD was allocated).
Error condition usually found as a result of VERIFY or REPORT processing. No commands can be generated by zSecure to remove the error.
24
32
Syntax error in the command input.
Entitlement problem or invalid or unsupported files connected to zSecure.
Unsupported condition found in security database, VTOC or VVDS, or in volume sharing.
Internal error or other unexpected and unsupported condition detected in zSecure.
RETURN or JUMP key used.
Messages are included in subsections, grouped by the hundred message-numbers.
Messages from 0 to 99
CKR0000
program terminated due to input errors
Explanation:
Previous messages indicate an error in the parameters or command input file. The program does not perform any commands if the command input is not syntactically correct. Correct the errors and submit the job again.
Severity:
12
CKR0001 No UNLOAD, SHOW, LIST, DISPLAY,
(D)SUMMARY, REPORT, VERIFY,
COPY, REMOVE, MOVE or MERGE specified
Explanation:
No commands were given or implied that would result in any output. Specify one of the commands indicated in the message.
© Copyright IBM Corp. 1998, 2015
117
CKR0002 • CKR0008
Severity:
12
CKR0002 Output file open failed - [(redirected
virtualdd)] ddname [ path | dsname volser ]
Explanation:
The OPEN for the indicated file (for example, CKRUNLOU or CKRCMD) failed. If you are running a batch job, refer to the job log for an abend code and reason code (the abend code is probably 013).
If no abend and reason code is present, the DDname is probably not allocated. If you are running TSO interactively and no abend code is listed on your terminal, try specifying PROFILE WTPMSG and try it again. The ddname field in the CKR0002 message may contain garbage. The meaning of the abend code and reason code can be found in the MVS system messages and codes manuals. The message may indicate two DD names, the actual ddname and the dd= parameter referred to in the CARLa (virtualdd).
Severity:
16
CKR0003
Explanation:
Check the DD statement for the indicated file and any ALLOC DD=ddname command.
Correct the error and submit the job again.
Severity:
16
Open for input failed on file
ddname volser dsn
CKR0004 Processing started for [
complex] pads
ddname volume dsn
Unloaded by program
program v.l.m date
time job name at date time on system name
[ Complex name
complex assigned ]
Source
type dataset i was volume
datasetname
databaseformat template level level
Explanation:
This message indicates the version of the program that created the unloaded security database, as well as the date and time the database was unloaded, and the SMF ID of the tCKRsystem on which the unload was performed. For each unloaded RACF or
ACF2 data set contained in the file, the original volume and data set name are listed. For ACF2 the type of data set is indicated as well: LID, RULE or INFO. For RACF the database format is shown on the last line in the format formattype database format release, where
formattype is Restructured or Non-restructured and
release, if present, has the form RACF release FMID
(v.r.m for older releases). The template level, if present, is the FMID or APAR number that last changed the templates, followed by numerical indicators of release level and APAR level, if this information is available. If the message contains the text PADS for pads, then this indicates that access allowed to the databases by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope. If the message contains the text program
pathing
for pads, then that access to the database was
118
Messages Guide allowed by virtue of conditional access by this program.
Severity:
00
CKR0005
Explanation:
This message is written at the end of the profile input phase. During this phase SELECT,
EXCLUDE, LIST and UNLOAD commands are processed and information is stored for the other commands. The total number of profiles in use in the
RACF database is listed, as well as the number of profiles selected by the SELECT and EXCLUDE commands. This does not apply to SELECT and
EXCLUDE in the scope of a NEWLIST command.
Severity:
00
nnnnnn profiles read, yyyy profiles
selected (
pp%) for complex
CKR0006
nn profiles truncated on ddname [path |
volser dsname]
Explanation:
Due to the insufficient record length of output file ddname, profiles were truncated. This may result in erroneous error messages with respect to the truncated profiles if subsequent processing is done on the unloaded file, but this is not necessarily the case.
For example, truncated group profiles will cause spurious error messages if you try or imply the
VERIFY CONNECT command, but in general it will not cause any other trouble, due to the redundancy in the database.
This message is issued when the profile length is too long for the current record length of the zSecure Admin
UNLOAD file. To correct the cause, allocate the
UNLOAD file with the following LRECL specification:
LRECL=X,RECFM=VBS
The Variable Blocked Spanned (VBS) record format allows an UNLOAD record to span more physical records.
Severity:
08
CKR0007 File is empty -
ddname volume dsn
Explanation:
The specified TYPE=UNLOAD file was allocated, but contained no records.
Severity:
16
CKR0008 End-of-file before
type record - ddname
volume dsn
Explanation:
The specified TYPE=UNLOAD file contained some status records, but the indicated record type was not present. The indicated type can be ICB for the first RACF database record, CRDB for an origin database record, or FDR for the ACF2 FDR records.
Probably the unload failed, or the system catalog points to a previous version of your unloaded data set (see
CKR0014 for a possible cause for this problem).
Severity:
16
CKR0009
siteidentifier activity on SYSNAME(name)
SYSPLEX(
name) [ LPARNAME(name) ] [
VMUSERID(
name) ] [ HWNAME(name) ]
CPU-id
CPUid
Product codes
codes Products
Explanation:
This message shows a site-specific string, the system, sysplex, LPAR, VM user ID, and hardware where it is running, and which IBM Security zSecure suite products are installed and not disabled through
IFAPRDxx for use in this program. For a description of the product codes, see the License names table in the
IBM Security zSecure: CARLa Command Reference. Each line in the "Products" section shows a product ID and the full name of a particular product feature, for example, 5655-N17 IBM Security zSecure Audit for
RACF for code AUDITRACF. activity can be Runs or
UNIX depending on the calling environment used.
Severity:
00
CKR0010 OPEN abend
hhh-hh on file ddname
Explanation:
The OPEN for the indicated file
(CKRACFnn, or redirected database ddname) failed. If you are running a batch job, refer to the job log for an abend code and reason code (the abend code is probably 013). If you are running TSO interactively and no abend code is listed on your terminal, try specifying
PROFILE WTPMSG and try it again. The ddname field in the CKR0010 message probably contains garbage.
Severity:
16
CKR0011 I/O error:
synadaf message
Explanation:
An I/O error occurred on one of the
CKRACFnn files. Check that the file allocated is indeed a RACF database with RECFM=F and LRECL=1024 for a non-restructured database and LRECL=4096 for a restructured database. On a VM system, it may also occur for a database on an OS formatted minidisk; in this case you can process the database by copying it to a temporary CMS formatted minidisk and process this copy.
Severity:
16
CKR0012 More than 90 RACF data sets parallel not supported - use separate runs
Explanation:
This version of the program does not support processing more than 90 data sets at the same time. Use the ALLOC DB= command to select 90 or less data sets for processing. If your site requires operation on more than 90 data sets, contact IBM
Software Support.
Severity:
12
CKR0009 • CKR0016
CKR0013
Explanation:
No source of RACF profiles was found in implicit allocation mode. Normally the current RACF database would be allocated dynamically, but you are running on a CMS system, or on an MVS system without RACF active. Allocate the database you want to process explicitly to the CKRACF01 file (and if the database is split, to the CKRACFnn files) or use an
ALLOC TYPE=RACF or ALLOC TYPE=UNLOAD command.
Severity:
16
No file
unload-ddname or db-ddname
preallocated
CKR0014 File does not start with CRCF record -
ddname volume dsn
Explanation:
This message indicates that the
CKRUNLIN file, i.e. the security database UNLOAD file, contains invalid information. There are two common reasons: v the UNLOAD data set was not filled by zSecure v the UNLOAD data set has incompatible/invalid DCB characteristics.
You can check this by looking at the DCB info using
ISPF option 3.2. They should be
Organization . . . : PS
Record format . . . : VBS
Record length . . . : 32768
Block size . . . . : 27998
If you find a record format U or data set organization
PO, then your installation probably has an ACS routine, i.e. an SMS routine to set default data set characteristics, that assumes that any data set with the letters LOAD in the last qualifier is a load module data set. We recommend that you specify the DCB characteristics in the JCL of CKRJCPYR:
//CKRUNLOU DD ....,
// DSORG=PS,RECFM=VBS,LRECL=X,BLKSIZE=27998
Severity:
16
CKR0015 Open failed of [
complex] primary RACF
DB
db file ddname data set dsname on
volume
Explanation:
Refer to CKR0002 and CKR0010 for a discussion.
Severity:
16
CKR0016 Open failed of [
complex] secondary
RACF DB
db file ddname data set dsname
on
volume
Explanation:
Refer to CKR0002 and CKR0010 for a discussion.
Severity:
16
Chapter 5. CKR messages
119
CKR0017 • CKR0027
CKR0017 Processing started for [
complex] DB db
pads ddname volume datasetname
CKR0017
Explanation:
The TYPE=RACF data set open was successful for the file indicated, and input of the database was started. The database format is shown on the second line in the format formattype database
format
release, where formattype is restructured or
non-restructured
and release if present has the form
RACF release
FMID (v.r.m for older releases). The template level, if present, is the FMID or APAR number that last changed the templates, followed by numerical indicators of release level and APAR level if this information is available. If the message contains the text PADS for pads, then this indicates that access to the data set was allowed by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope.
Severity:
00
File
ddname complex has databaseformat
release template level level
CKR0018 No extents present for
ddname volume datasetname
Explanation:
The file indicated was opened successfully, but no extents were present (the data set is empty).
Severity:
16
CKR0019 ALLOC PRIMARY/BACKUP/ACTIVE/
INACTIVE/DB invalid if CKRACF01 pre-allocated
Explanation:
An ALLOCATE command for implicit allocation mode was present in the commands as well as a preallocated database. Either remove the
ALLOCATE command or remove the CKRACFC01 file.
Severity:
16
CKR0020
Type input terminated, LIMIT lim
reached
Explanation:
The OUT or IN limit you specified on a
LIMIT command has been reached, no more profiles or records (type) will be read.
Severity:
00
CKR0021 Unsupported BAM format: 1st block on odd nibble, block number
nnnn,
database
num
Explanation:
During input of the Block Availability
Map (BAM) an unsupported format was detected (a nibble is four bits and describes the segments of one block in non-RDS format). If no other errors are found and the error is reproducible, contact IBM Software
Support.
Severity:
20
CKR0022 Unsupported BAM format: odd # blks in other than last BAM block - block number
nnnn db num
Explanation:
An unsupported format was detected during input of the Block Availability Map (BAM). If no other errors are found and the error is reproducible, contact IBM Software Support.
Severity:
20
CKR0023 OPEN for input with QSAM failed for file
ddname dataset dsn on vol
Explanation:
While using BDAMQSAM processing
(currently this is the default mode), after conclusion of
BDAM processing the data set could not be opened again with QSAM processing. Possibly other error messages were issued to indicate what went wrong.
Severity:
16
CKR0024 Index marker not on block boundary:
ddname block nnnn segment offset off
Explanation:
The RACF database was found to start an index block at an other segment than the first in a block. This format is not supported. If the problem is reproducible, run IRRUT200. If no errors are revealed, contact IBM Software Support.
Severity:
20
CKR0025 Index block with invalid length:
ddname
block
nnnn length len
Explanation:
The RACF database was found to contain an index block with a length unequal to 1024 for non-RDS and 4096 for RDS. This format is not supported. Contact IBM Software Support.
Severity:
20
CKR0026 End of file in 2nd segment of profile:
ddname block nnnn segment offset off
Explanation:
At the specified position in the RACF database a profile was being read and not complete at the end of the data set. Contact IBM Software Support.
Severity:
20
CKR0027 Unused segment instead of profile continuation:
ddname block nnnn
segment offset
off
Explanation:
At the specified position in the RACF database, a profile was being read and was not
120
Messages Guide
complete according to the physical profile length field, but the Block Availability Map indicates that the next segment is not occupied. This may happen because of update activity on the database while performing the read. If the problem and the place where it occurs is reproducible, run IRRUT200 to analyze the database. If still no errors are revealed or, if the problem is intermittent and annoying, contact IBM Software
Support.
Severity:
20
CKR0028
Explanation:
At the specified position nnnn/off in the
RACF database a profile was being read and not complete at the logical end of the data set (i.e. the end according to the BAM blocks). The logical end of the database was automatically extended with nn blocks to get a complete profile. This may happen if a large new record was added to the RACF database during the database read.
Severity:
20
File
ddname extended nn block for
profile at blk
nnnn segment offset off
needs
yyy segments extra
CKR0029
Explanation:
An unknown database segment type was encountered. If the problem is reproducible at the same place, run IRRUT200. If this does not reveal structural errors, contact IBM Software Support.
Severity:
20
Segment type X'
hh' not supported -
ddname block nnnn segment offset off
CKR0030
Explanation:
While using the templates to scan a profile, an unsupported kind of template was encountered. If the error is reproducible, contact IBM
Software Support.
Severity:
20
Unsupported template
addr. hexvalue len
ll searching fldname in entity type n ICB
at
addr
CKR0031 Restricted mode active by installation option
Explanation:
This message indicates that the product was installed with restricted mode active. The restricted mode setting is specified by the RESTRICT installation option in the CKRSITE module. For details on the
CKRSITE module and installation options, see IBM
Security zSecure CARLa-Driven Components: Installation
and Deployment Guide.
Severity:
00
CKR0028 • CKR0033
CKR0031 Restricted mode active because of
pads
Explanation:
This message indicates that one or more of the input files could only be processed because of read access granted to the program. In that case, restricted mode processing is automatically activated.
The message contains either the text PADS or the text
program pathing
for pads.
Severity:
00
CKR0031
Explanation:
Through a profile covering the
CKR.READALL resource in the class specified in the
CKRSITE area it is possible to define which users can read the full database (READ access) and those that will run in restricted mode (covering profile exists and
NONE access). The current user has no READ access.
Severity:
00
Restricted mode active, no READ access to
class CKR.READALL
CKR0031 Unrestricted mode active, READ access to
class CKR.READALL
Explanation:
Through a profile covering the
CKR.READALL resource in the class specified in the
CKRSITE area it is possible to define which users can read the full database (READ access) and those that will run in restricted mode (covering profile exists and
NONE access). The current user has READ access.
Severity:
00
CKR0031 Unrestricted mode active
Explanation:
This message indicated that the product defaults to unrestricted mode because it is not installed with the installation option RESTRICT, the input files can be processed without requiring read access granted to the program, and a profile covering the
CKR.READALL resource in the class specified in the
CKRSITE area is not defined.
Severity:
00
CKR0032 File
ddname not allocated
Explanation:
The filename requested on a PRINT command was not found allocated. Review your JCL.
Severity:
12
CKR0033 [
complex] DB db datasetname has number
segments (of 256 byte) in use,
number
segments free (
pp% used)
Index uses
pp%. Unusedspace. Using
readmethod.
Statistics
Explanation:
This message reports on the contents of a
RACF data set. Each segment is 256 byte. Free space
Chapter 5. CKR messages
121
CKR0034 • CKR0040
can be present at the end of the database (never used), or fragmented through the database. If all space is fragmented, Unusedspace will contain the text Free
space completely fragmented
, otherwise it will show
Space beyond
pp% never used. The data set is read without use of the index; readmethod can be
BDAMQSAM
, multitrack ECKD EXCP, or full-track
EXCP
. If either EXCP method was used, a third line is shown in the format Read number blocks from a total
of
number in number IOs. Cache hit was pp%.
Severity:
00
CKR0034
Explanation:
The REMOVE or MOVE command for the indicated user or group did not result in any commands being generated, since no permits or notifies to be moved exist. Check for typing errors or for
SELECT statements that exclude part of the database.
Severity:
00
Action for id
id requested, but no
occurrences were found
CKR0035
Explanation:
This message gives the location in a
TYPE=UNLOAD file where a previous error message occurred.
Severity:
00
at
ddname record nnnnn, originally DB
seq
i RBA hexnum for complex complex
CKR0036 at
ddname block nnnn segment offset i
DB seq
j RBA hexnum for complex
complex
Explanation:
This message gives the location in a
TYPE=RACF file where a previous error message occurred.
Severity:
00
CKR0037
Explanation:
During an attempt to dynamically allocate an active ACF2 (backup) data set, the program found that it could not succeed in doing so, because the requested data set was marked ERR by ACF2. This implies that ACF2 itself could not allocate the data set either, probably because the data set does not exist. The
ddname indicates the type of data set for which the allocation failed.
Severity:
16
Allocation failed for DDNAME
ddname
source=
source DSN=dsname status=ERR
CKR0038 Warning: RACF Range Table for complex
complex unknown, SUPPRESS
ICHRRNG implied
Explanation:
This message indicates that the proper
CKFREEZE file for the security complex complex was
122
Messages Guide missing or did not contain the range table needed. The program will proceed as if all profiles are in their proper RACF data set.
Severity:
00
CKR0039
product used cc.c CPU seconds, [u,uuu
+
uu.uuu KB [+uuuu MB],] and took ss
wall clock seconds
Region requested
rr,rrr KB, region
granted
g,ggg+gg,gggg KB + gggg MB (by
source)
Max used in job step
uu,uuu+uu,uuu KB
+
uuuu MB
[Error trap count is
number]
Explanation:
This message indicates the resource usage as well as the elapsed time for this run. If the run terminated unsuccessfully, the storage part is omitted. For TSO users, the CPU seconds include any work that was done on other ISPF logical screens under
TSO while interactively displaying zSecure output screens. Note that high memory is not reported in the first line if you run with the CKR4Z (31-bit) CARLa engine.
The second message line lists the region requested by the user, and the region granted to the job step by the installation. Region sizes can be formatted as below +
above + high:
below
Is the region, in kilobyte units, below the 16 MB boundary.
above
Is the region, in kilobyte units, above the 16 MB boundary and below the 2GB boundary.
high
Is the region, in megabyte units, above the 2 GB boundary.
source
is the source of the address space memory limit above the 2 GB boundary (MEMLIMIT).
The third message line shows the actual maximum used during the job step. This includes any other tasks running in the job step. That is, for TSO users, it includes TSO and ISPF storage and anything else that has run on ISPF logical screens since logon.
If any errors were trapped, a fourth line shows: Error
trap count is
number.
Severity:
00
CKR0040 RACF indicator set but no discrete profile found for
volser datasetname
Explanation:
This message is issued due to a
VERIFY INDICATED command.
To solve this error condition a command sequence consisting of an ADDSD NOSET followed by a
DELDSD for the profile is generated.
Severity:
04
CKR0041 Discrete profile found but RACF indicator not set
volser datasetname
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. To solve the error condition a DELDSD NOSET command will be generated.
Severity:
04
CKR0042
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. To solve the error condition a DELDSD NOSET command will be generated.
Severity:
04
Discrete profile present but no dataset on volume
volser datasetname
CKR0043
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. To solve the error condition a DELDSD NOSET command will be generated.
Severity:
04
Discrete profile present but volume not mounted
volser datasetname
CKR0044 PROGRAM dsn/vol obsolete
complex program - volser dsname Reason
Explanation:
This message is issued due to a
VERIFY PROGRAM function because the indicated data set does not exist on the indicated volume for any system in the complex. For each system a Reason line follows with one of the following detail explanations: v Volume is not mounted on system
syst volser
v VTOC is not readable on system
syst volser
v Data set does not exist on volume of
syst volser dsname
v Data set is not partitioned on volume of
syst volser dsname
If a CKRCMD file is allocated for the complex, an
RALTER DELMEM command is generated to remove the obsolete member from the profile.
Severity:
04
CKR0041 • CKR0048
CKR0045
Explanation:
This message is issued due to a
VERIFY PADS command while RACF runs in Basic program security mode. A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause.
Severity:
04
Obsolete permit
identity unknown
program
program - volser datasetprofile
CKR0046
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE VOL() command will be generated.
Severity:
04
event permit identity in access list of
non-VSAM
volser datasetname
CKR0047 PROGRAM dsn/vol redundant, covered by dsn w/o vol
complex program - volser dsname
Explanation:
This message is issued by the VERIFY
PROGRAM function because the indicated volume-specific PROGRAM profile member is covered by a PROGRAM profile member without volume specification, and is, therefore, redundant. If a
CKRCMD file is allocated for the complex, a commented-out RALTER DELMEM command is generated to remove the obsolete member from the profile.
Severity:
04
CKR0048
event permit identity in access list VSAM
profil
volser datasetname
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE VOL() command will be generated.
Severity:
04
Chapter 5. CKR messages
123
CKR0049 • CKR0056
CKR0049
Explanation:
This message indicates that a RACF range table was encountered with the same range present twice. The program will use the first definition and ignore subsequent ones.
Severity:
08
Duplicate range in ICHRRNG complex
complex key key
CKR0050
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT GENERIC DELETE command will be generated.
Severity:
04
event permit identity in access list generic
DATASET
datasetname
CKR0051 Date value "
value" 2-digit year is
ambiguous
Explanation:
This suppressible message indicates that a 2-digit year was encountered. By default, this is not allowed to prevent any year-2000 related confusion. In case this is a problem for backward compatibility, you can suppress the message. In this case the 2-digit years are all interpreted as lying in the 20th century (they are prefixed with 19, being backward compatible). No cut-off dates or windows are used because this would be newlist-type and fieldname-dependent and is not backward compatible.
Severity:
12
CKR0052
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE command will be generated.
Severity:
04
event permit identity in access list model
DATASET
datasetname
CKR0053
Explanation:
This suppressible message indicates that a 2-digit year was encountered in a newlist type=RACF.
By default, this is not allowed to prevent any year-2000 related confusion. In case this is a problem for backward compatibility, the message can be suppressed. In this case the 2-digit years are all interpreted as lying in the 20th century (they are prefixed with 19, being backward compatible). No cut-off dates or windows are used because this would be newlist-type and fieldname-dependent and is not backward compatible.
Severity:
12
Field
field value "value" 2-digit year
ambiguous at
ddname line number
CKR0054
event permit identity general resource
profile
class progname
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE command will be generated.
Severity:
04
CKR0055
event owner identity of non-VSAM
DATASET profile
volser datasetname -
make
newowner
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition an ALTDSD VOL() OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to
identity. In that case it will be the name specified on the
DEFAULT OWNER= command. The new owner selected is shown in the message.
Severity:
04
CKR0056
event owner identity of VSAM DATASET
profile
volser datasetname - make
newowner
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a
COPY PERMIT/USER/GROUP command. To solve the
124
Messages Guide
error condition a ALTDSD VOL() OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT
OWNER= command. The new owner selected is shown in the message.
Severity:
04
CKR0057
event owner identity of generic DATASET
profile
datasetname - make newowner
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a ALTDSD GENERIC OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to
identity. In that case it will be the name specified on the
DEFAULT OWNER= command. The new owner selected is shown in the message.
Severity:
04
CKR0058
event owner identity of model DATASET
profile
datasetname - make newowner
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a ALTDSD OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT OWNER= command. The new owner selected is shown in the message.
Severity:
04
CKR0059
event owner identity general resource
profile
progname - make newowner
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a RALTER OWNER() command will be generated with the default owner selected with
DEFAULT OWNER=. The new owner selected is shown in the message.
Severity:
04
CKR0057 • CKR0064
CKR0060
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. To solve the error condition an ALTUSER OWNER() command will be generated with the default owner selected with
DEFAULT OWNER= as the new owner. The new owner selected is shown in the message.
Severity:
04
event owner identity on user userid - make
newowner
CKR0061
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. To solve the error condition an ALTGROUP OWNER() command will be generated with the default owner selected as the new owner. The new owner selected is shown in the message.
Severity:
04
event owner identity on group group -
make
newowner
CKR0062
event owner identity connect userid to
group
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. To solve the error condition a CONNECT OWNER() command will be generated with the connect group as the new owner.
Severity:
04
CKR0063
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a RALTER OWNER() command will be generated with the default owner selected.
Severity:
04
event owner identity general resource
profile
class key
CKR0064
event permit identity general resource
profile
class key
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Copy or Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
Chapter 5. CKR messages
125
CKR0065 • CKR0073
REDUNDANT_PERMIT command, and with event equal to Replace due to a COPY PERMIT/USER/
GROUP command. To solve the error condition a
PERMIT DELETE command will be generated.
Severity:
04
CKR0065 Missing userid
userid on group group
Explanation:
This message is issued due to a
VERIFY CONNECT command. It indicates that the indicated user ID is not found in the USERID repeat group of the indicated GROUP profile, or that there is no such group profile at all. Also, the group is not universal, or the group is universal but the connect has a connect attribute of SPECIAL, OPERATIONS, or
AUDITOR, or a connect authority other than USE.
Connect information should be present in three places in the RACF databases, and for each of those places a message CKR0065, CKR0066, or CKR0067 is issued if it was missing that specific piece. No support is present to remove this condition.
Severity:
08
CKR0066 Missing group
group on user userid
Explanation:
This message is issued due to a
VERIFY CONNECT command. It indicates that the indicated group was not found in the CONGRPNM repeat group of the indicated USER profile, or that there is no such user profile at all. Connect information should be present in three places in the RACF databases, and for each of those places a message
CKR0065, CKR0066, or CKR0067 is issued if it was missing that specific piece. No support is present to remove this condition.
Severity:
08
CKR0067 Missing connect
userid to group group
Explanation:
This message is issued due to a
VERIFY CONNECT command. It indicates that the indicated group was not found in the CGGRPNM repeat group of the indicated USER profile, or that there is no such user profile at all. Connect information should be present in three places in the RACF databases, and for each of those places a message
CKR0065, CKR0066, or CKR0067 is issued if it was missing that specific piece. No support is present to remove this condition.
Severity:
08
CKR0068
event id - identity referenced number
times
Explanation:
This message summarizes the erroneous references found by the VERIFY PERMIT or
MOVE/REMOVE/COPY PERMIT/USER/GROUP/
NOTIFY commands for each undefined or removed/copied identity.
126
Messages Guide
Severity:
00
CKR0069 No system has non-directed ctlg entry for cluster on
volser clustername
Explanation:
This message indicates that a cluster
clustername with at least one component on volume
volser was cataloged in such a way that a STEPCAT or
JOBCAT DD statement is needed to access it on all systems sharing the volume volser. In addition, there is no alias on any of the systems for the first qualifier(s), otherwise message CKR0294 would be issued instead.
Severity:
04
CKR0070
Explanation:
Two identical format 1 DSCB keys in the
VTOC are not supported. If the error is reproducible
(run zSecure Collect again first), the condition may be resolved by letting the VTOC index (if present) decide which one is in use, and modifying the DSCB of the other one to another name (if you want to keep the data) or to a format 0 DSCB. If you modify the DSCB, you will have to rebuild the VTOC index.
Severity:
08
Component name found twice in VTOC
-
volser datasetname
CKR0071
Explanation:
Incidental cases may be the result of actions performed by the system between reading of the VTOC and the VVDS by zSecure Collect (opening the VVDS takes a considerable amount of time). If this message is reproducible for the same component (run zSecure Collect again first), then a problem exists.
Perform the IDCAMS DIAGNOSE function on the
VVDS: maybe a DELETE CLUSTER or DELETE VVR command will help.
Severity:
08
Component name found in VVDS but not in VTOC -
volser datasetname
CKR0072 Catalog not found on any volume for cluster name
datasetname
Explanation:
This message is issued together with
CKR0073 to indicate that the VVDS points to a catalog that was not found in the CKFREEZE file. This message lists the cluster name that was cataloged in the now-unavailable catalog. This need not be a problem if the data set was cataloged in another catalog, available through the regular search sequence.
Severity:
04
CKR0073 Catalog not found on any volume on any system
datasetname
Explanation:
This message is issued to indicate that references were found from the VVDS to the catalog
indicated. The cluster names that were cataloged in the now-unavailable catalog are listed by separate CKR0072 and CKR0169 messages.
Severity:
08
CKR0074 Discrete profile for VVDS present (not used by DFP)
volser datasetname
Explanation:
DFP does not consult RACF for operations on the VVDS. Instead, APF authorization is required to open it. Therefore, the VVDS profile gives a
false picture of the access requirements of the VVDS.
For a pure RACF/DFP combination it should be deleted to avoid misleading data. However, you might want to verify that your non-IBM storage management products are properly using DASDVOL class and not using a VVDS data set profile.
Severity:
04
CKR0075 Inaccessible data set (RACF indicated and no profile)
volser datasetname
Explanation:
An indicated data set exists that is not protected by any (discrete or generic) profile. This message is issued by the VERIFY PROTECTALL function. Since the data set is indicated (the DSCBIND bit in the VTOC, that tells RACF that this data set is protected by a discrete profile, is on), we expect a discrete profile. This situation may be acceptable when in your installation user data sets are only accessible to the user himself, and therefore there is no need to register PERMITs or audit requirements. An ADDSD
NOSET command is generated to solve this error condition, unless VERIFY INDICATED was also specified: then a message CKR0040 was already issued, with the appropriate command sequence (see
CKR0040). Note that adding the profile may not be enough, you might want to enhance the access list, or use a generic profile instead.
Severity:
04
CKR0076
Explanation:
This message is issued due to a
VERIFY PROTECTALL command in NOPROTECTALL or PROTECTALL(WARN) environment. No command is generated.
Severity:
08
Unprotected data set (not RACF indicated, no generic)
volser datasetname
CKR0077 Generic profile without matching data sets
datasetname
Explanation:
The generic profile indicated appears not to protect any data sets. This message is issued by the
VERIFY NOTEMPTY function and accompanied by a
DELDSD GENERIC command for the profile in the
CKRCMD. There could be several situations in which this message is issued while the profile still performs a
CKR0074 • CKR0082
valid function. It could be there to disallow allocation, it might protect data sets that are only temporarily present (maybe during a periodic batch run, or they are created and deleted regularly by TSO users), or the
VERIFY NOTEMPTY run did not use a recent
CKFREEZE data set as input. To check for temporary file existence, for example, during batch job run, it is recommended that you use SMF reporting and JCL library searches before deciding to delete an empty profile. After verification you can use the editor to delete any undesired commands before executing the
CKRCMD results.
Severity:
04
CKR0078 Redundant non-VSAM DATASET profile
volser datasetname
Explanation:
This message is issued due to the
REMOVE REDUNDANT command. The command generated is DELDSD VOL().
Severity:
04
CKR0079
Explanation:
This message is issued due to the
REMOVE REDUNDANT command. The command generated is DELDSD VOL().
Severity:
04
Redundant VSAM data set profile
volser datasetname
CKR0080 Redundant TAPE data set profile
volser datasetname
Explanation:
This message is issued due to the
REMOVE REDUNDANT command. The command generated is DELDSD VOL().
Severity:
04
CKR0081 Redundant MODEL data set profile
datasetname
Explanation:
This message is issued due to the
REMOVE REDUNDANT command. The command generated is DELDSD.
Severity:
04
CKR0082 Inaccessible data set (not indicated and no generic)
volser datasetname
Explanation:
This message is issued due to a
VERIFY PROTECTALL command in a
PROTECTALL(FAIL) environment. No command is generated.
Severity:
04
Chapter 5. CKR messages
127
CKR0083 • CKR0094
CKR0083 Redundant generic data set profile
datasetname
Explanation:
This message is issued due to the
REMOVE REDUNDANT command. The command generated is DELDSD.
Severity:
04
CKR0084 Component name found in VTOC but not in VVDS -
volser datasetname
Explanation:
Incidental cases can result from actions that are performed by the system between readings of the VTOC and the VVDS by zSecure Collect (opening the VVDS takes a considerable amount of time). First, run IBM zSecure Collect again. If this message is reproduced for the same component, then a problem exists. Perform the IDCAMS DIAGNOSE function on the VVDS.
Severity:
08
CKR0085 Duplicate cluster entry found in 1 catalog on volume
volser datasetname
Explanation:
This message indicates that the configuration input file CKFREEZE contains a catalog dump for a catalog on volume volser with the same cluster entry datasetname appearing twice. This might happen if you concatenate two CKFREEZE files containing dumps of the same catalog.
Severity:
08
CKR0086 Ownership cell not found for cluster cataloged on
volser datasetname
Explanation:
This message indicates that the configuration input file CKFREEZE contains a catalog dump from a catalog on volume volser with a cluster entry datasetname for which the ownership cell was not found. Check whether the record length of the
CKFREEZE file is sufficient for your catalog records.
Severity:
08
CKR0087 Number of detail messages is
nnn
Explanation:
This message summarizes the total number of detail messages that will subsequently be issued.
Severity:
00
CKR0088 Id based suppress or limit request(s) -
nnn detail message(s) suppressed
Explanation:
This message summarizes the number of suppressed messages due to the SUPPRESS ID= and
LIMIT ID= commands. Note that these two commands will only limit the number of messages issued, not the work performed by the VERIFY and REMOVE
128
Messages Guide commands (use SELECT QUAL= for this if applicable).
Severity:
00
CKR0089 Cluster not in any connected catalog, component on
volser datasetname
Explanation:
The indicated cluster (datasetname) was referred to from MVS control blocks or from a VVDS, but the cluster was not part of any catalog connected to the master catalog on any system. Possibly, the volume was shared with a system for which you did not include a CKFREEZE file, or the master catalog for one of your systems was switched without it being synchronized with the old one first. The cluster will not be normally accessible.
Severity:
08
CKR0090
volser suppress request - nnn detail
message(s) suppressed
Explanation:
This message summarizes the result of the SUPPRESS VOL= command per volume.
Severity:
00
CKR0091
volser message limit exceeded - nnn
detail message(s) suppressed
Explanation:
This message summarizes the result of the LIMIT MSG= command per volume.
Severity:
08
CKR0092
Explanation:
This message summarizes the result of the VERIFY INDICATED command per volume.
Severity:
00
volser has nnn RACF indicated data set(s)
without profile in
complex [version]
CKR0093
volser has nnn discrete profile(s) for
non-RACF indicated data sets in
complex
[
version]
Explanation:
This message (with CKR0094 and
CKR0095) summarizes the result of the
VERIFY ONVOLUME command per volume.
Severity:
00
CKR0094
volser has nnn discrete profile(s) without
data set on the volume in
complex
[
version]
Explanation:
This message (with CKR0093 and
CKR0095) summarizes the result of the
VERIFY ONVOLUME command per volume.
Severity:
00
CKR0095
volser has nnn discrete profile(s) but
volume not mounted in
complex [version]
Explanation:
This message (with CKR0093 and
CKR0094) summarizes the result of the
VERIFY ONVOLUME command per volume.
Severity:
00
CKR0096
volser has nnn inaccessible data set(s)
(RACF indicated, no profile) in
complex
[
version]
Explanation:
This message (with CKR0097 and
CKR0098) summarizes the result of the
VERIFY PROTECTALL command per volume.
Severity:
00
CKR0097
volser has nnn inaccessible data set(s)
(not indicated, no profile) in
complex
[
version]
Explanation:
This message (with CKR0096 and
CKR0098) summarizes the result of the
Messages from 100 to 199
CKR0100 Duplicate request for ID=
name
Explanation:
More than one specific and incompatible request was made for one identity. Remove duplicates and use separate runs for conflicting requests.
Severity:
12
CKR0101 Duplicate REPORT PERMIT/SCOPE=
id
Explanation:
An identity occurred twice in the indicated commands. Remove duplicates.
Severity:
12
CKR0102 The parameters OUTOFGROUP,
NONDEFAULT and
(NON)REDUNDANT are mutually exclusive
Explanation:
You must use separate runs for each of these REPORT options.
Severity:
12
CKR0103 Field "
fldname" to be processed not
found in any template
Explanation:
The field you requested on the LIST,
SORTLIST, DISPLAY, or (D)SUMMARY command was neither a NEWLIST TYPE=RACF built-in field, nor found in the templates for any type of entity. Verify the spelling in the “CARLa Command Language” chapter in the IBM Security zSecure: CARLa Command Reference.
CKR0095 • CKR0106
VERIFY PROTECTALL command per volume in a
PROTECTALL(FAIL) environment.
Severity:
00
CKR0098
Explanation:
This message (with CKR0097 and
CKR0098) summarizes the result of the
VERIFY PROTECTALL command per volume in a
NOPROTECTALL or PROTECTALL(WARN) environment.
Severity:
00
volser has nnn unprotected data set(s)
(not indicated, no profile) in
complex
[
version]
CKR0099
Explanation:
This message summarizes the result of the SUPPRESS CAT= or LIMIT MSG= command.
Severity:
00
nnn messages suppressed for catalog
catalog name
Severity:
12
CKR0103 Field "
fldname" to be processed unknown
Explanation:
The field you requested on the LIST,
SORTLIST, DISPLAY, or (D)SUMMARY command is not a built-in field. Verify the spelling in the “CARLa
Command Language” chapter in the IBM Security
zSecure: CARLa Command Reference.
Severity:
12
CKR0104 FIELD must be specified with either
SCAN or FIELDVALUE
Explanation:
Both the field to be used as selection criterion and the exact or substring scan value for it must be specified.
Severity:
12
CKR0105 Volume "
volser" specified more than
once
Explanation:
The same volume was mentioned more than once for the same function. Possibly you used the repeat command of the editor and intended to change it to another volume.
Severity:
12
CKR0106 Catalog "
catname" specified more than
once
Explanation:
The same catalog was mentioned more
Chapter 5. CKR messages
129
CKR0107 • CKR0118
than once for the same function. Possibly you used the repeat command of the editor and intended to change it to another name.
Severity:
12
CKR0107 The parameters PROFILE,
MASK/FILTER, MATCH and
BESTMATCH are mutually exclusive
Explanation:
On the SELECT or EXCLUDE command only one selection option based on the profile key can be given.
Severity:
12
CKR0108
Explanation:
In the MARGINS(x,y) command, x (the left margin) cannot exceed y (the right margin). If possible, the dataset and line number where this occurred are specified.
Severity:
12
Left margin cannot exceed right margin at
ddname line number
CKR0109 BY= must precede PAGEBY=
Explanation:
The PAGEBY value must be the first in the BY list and the BY list must be in front of the
PAGEBY option.
Severity:
12
CKR0110 PAGEBY and BY combination implies page per profile
Explanation:
The combination of BY and PAGEBY parameter as specified or implied would result in a new page for each profile. This is probably not what you meant.
Severity:
12
CKR0111 DB=1 must be included because it is the master database before
token at ddname
line
number
Explanation:
The master database must always be included in the databases selected because it contains the RACF options to be used.
Severity:
12
CKR0112
Explanation:
Selection by sequence number is only supported for sequence number 1 through 64. To use higher sequence numbers, you must preallocate
CKRACFnn files.
Severity:
12
DB numbers only supported in range
1..64 before
token at ddname line number
130
Messages Guide
CKR0113 LIST commands must be followed by at least one parameter or NEWLIST must be a LIKELIST target
Explanation:
The LIST command may not be specified without any operands, since this would result in an empty line for each selected profile or record. The exception to this rule is a LIST command in a
NEWLIST that is the target of a LIKELIST; presumably, the NEWLIST will have OUTLIM set to zero.
Severity:
12
CKR0114 Value selection for field
field not
supported at
ddname line number
Explanation:
The specified field has internally coded field values. This type is not supported, and can only be used for output.
Severity:
12
CKR0115
option only valid behind
USER/PERMIT=
Explanation:
The option indicated is only valid behind
COPY, MOVE or REMOVE options USER= or
PERMIT=. Possibly you only need to change the order of the parameters.
Severity:
12
CKR0116
option only valid behind USER/GROUP=
Explanation:
The option indicated is only valid behind
COPY, MOVE or REMOVE options USER= or
GROUP=. Possibly you only need to change the order of the parameters.
Severity:
12
CKR0117
Explanation:
The option indicated is only valid behind
MOVE or REMOVE option TOGROUP=. Possibly you only need to change the order of the parameters.
Severity:
12
option only valid behind (RE)MOVE
TOGROUP=
CKR0118
option only valid behind
USER/GROUP/NOTIFY/PERMIT=
Explanation:
The option indicated is only valid behind
COPY, MOVE or REMOVE options USER= or
GROUP=. Possibly you only need to change the order of the parameters.
Severity:
12
CKR0119 • CKR0129
CKR0119
option only valid behind USER=
Explanation:
The option indicated is only valid behind
COPY, MOVE or REMOVE options USER=. Possibly you only need to change the order of the parameters.
Severity:
12
CKR0120
option not valid with COPY
Explanation:
The option indicated is only valid behind
MOVE or REMOVE commands, not behind COPY.
Severity:
12
CKR0121
Explanation:
In the scope of a NEWLIST command, the print and selection options must be specified before the LIST, SORTLIST, DISPLAY, or (D)SUMMARY command(s). Change the order of your commands, and run the job again.
Severity:
12
Print options behind NEWLIST must be specified before the (SORT)LIST
CKR0122 Selection behind NEWLIST must be specified before the (SORT)LIST or
(D)SUMMARY
Explanation:
In the scope of a NEWLIST command, the print and selection options must be specified before the LIST, SORTLIST, DISPLAY, or (D)SUMMARY command(s). Change the order of your commands, and run the job again.
Severity:
12
CKR0124 Field
field value "value" invalid at ddname
line
number Use DDMMMYYY,
YYYY-MM-DD, YYYY/DDD, TODAY,
DUMPDATE, optionally suffixed "-nn"
Explanation:
A date is expected but the format is not recognized. The program supports an ISO-format date
(for example, 01OCT1999), a julian date (for example,
1999/274), and the two keywords TODAY and
DUMPDATE. You can add an -xx suffix to the keywords to indicate a date that is xx days earlier (for example, TODAY-7). In addition, you can specify the value NEVER to indicate no date.
Note:
Not all date fields support DUMPDATE. For example, the certificate fields CERTSTRT and
CERTEND do not allow it to be specified.
Severity:
12
CKR0125
Explanation:
This message indicates that the message number validation failed. Type a decimal number without CKR prefix, or a list of such numbers enclosed in parentheses and separated by commas.
Severity:
12
Message number to be suppressed must be in range 0..1999 -
nnnn
CKR0126 Invalid date value before
type "value" at
ddname line number
Explanation:
This message indicates that the date value encountered before the place indicated in the input is incorrect. This can be due to invalid month names, year formats, day numbers, invalid separators, etc. For valid date formats, see the date field parameter descriptions in the IBM Security zSecure: CARLa
Command Reference.
Severity:
12
CKR0127 The access value ALTER-
x was not
expected before
type "value" at ddname
line
number
Explanation:
This message indicates that the program has interpreted the previous token as the indicated access value ALTER-O, ALTER-Q, or ALTER-S, but this value is considered not applicable in this context.
Severity:
12
CKR0128 Expecting relational operator or "(" instead of
type "value" at ddname line
number
Explanation:
This message indicates that the program has interpreted the previous token as a fieldname and is now expecting the rest of the expression to test a field value. Possibly, you mistyped the keyword just before the indicated string.
Severity:
12
CKR0129 Value list only valid with "=" or "<>" before
delimiter "value" at ddname line
number
Explanation:
This message indicates that you specified a value list with a relational operator including "less than" or "greater than." Use these relational operators only when specifying a single value; do not use them with a value list.
Severity:
12
Chapter 5. CKR messages
131
CKR0130 • CKR0138
CKR0130 OPEN failed for
ddname volume dsn
Explanation:
Refer to CKR0002 and CKR0010 for a discussion.
Severity:
16
CKR0131 File empty -
ddname volume dsn
Explanation:
Refer to CKR0002 and CKR0010 for a discussion.
Severity:
16
CKR0132 Reading configuration for system
name
iplvol
volume from pads file volume dsn
running
OS version activeproducts Created
by program
progname job jobname at dd
mmm yyyy hh:mm::ss:cc (runtype)
Explanation:
This message indicates when, where and how the CKFREEZE file for an MVS system was created, and on what version of what operating system.
In activeproducts the following products may be listed:
DFP version JES2 version ESM version TSO version HSM
version, where ESM may be RACF, ACF2 or TSS, and
DFP may be DFP or DFSMS; for DFSMS active components may be listed after the version number (for example, DFSMS 2.10.0 hsm rmm). The runtype used may be APF or non-APF; if it was non-APF some information will not be contained in the CKFREEZE. If the message contains the text PADS for pads, then this indicates that access to the data set was allowed by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope.
Severity:
00
CKR0132 Reading configuration for system
name
from
pads file volume dsn created by
progname job jobname at ddmmmyyyy
hh:mm:ss.ffffff
Explanation:
This message indicates when, where and how the CKFREEZE file for a VM system was created.
If the message contains the text PADS for pads, then this indicates that access to the data set was allowed by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope.
Severity:
00
CKR0133 VERIFY PERMIT and
COPY/MOVE/REMOVE are mutually exclusive
Explanation:
The VERIFY PERMIT and
COPY/MOVE/REMOVE commands cannot both be specified (since both commands use the same method internally).
132
Messages Guide
Severity:
12
CKR0134 Default system viewpoint
name1 not
found, using
name2 instead
Explanation:
This message indicates that you specified a DEFAULT SYSTEM=name1 command. However, the system name1 is not present in the CKFREEZE files read by the program. Operation will continue with
name2 instead.
Severity:
04
CKR0135 Concatenation of system
sysid data
behind
system on file ddname invalid,
use separate CKRCKFnn file for each system
Explanation:
This message indicates that it detected two concatenated CKFREEZE data sets in one input file. This is not supported. Use separate DDnames or multiple ALLOC TYPE=CKFREEZE commands. This message can also be issued when multiple zSecure
Collect jobs have written to the same data set.
Severity:
16
CKR0136
Explanation:
This message indicates that the database contains a discrete VSAM data set profile with an indirect volser ('******'). The program does not support this with more than one system. The indirect volser would imply that the profile may cover more than one data set at the same time (seen from different systems).
Severity:
08
Indirect volser on VSAM profile not supported for multiple systems -
datasetname
CKR0137 Field
name value is not an access or
authority - "
value" at ddname line number
Explanation:
This message indicates that the program expects NONE, READ, EXECUTE, UPDATE, ALTER,
USE, CREATE, CONNECT, or JOIN.
Severity:
12
CKR0138 Audit access must be ALTER,
CONTROL, UPDATE, READ, or NONE
- "
value" at ddname line number
Explanation:
This message indicates that the value you specified for a field did not match the field type expected by the program.
Severity:
12
CKR0139 • CKR0150
CKR0139 Audit event must be ALL, SUCCESS,
FAILURE, or NONE - "
value" at ddname
line
number
Explanation:
This message indicates that the value you specified for a field did not match the field type expected by the program.
Severity:
12
CKR0140 Number of profiles referring outside group is
number for complex version
Explanation:
This message summarizes the number of profiles listed by a REPORT OUTOFGROUP command.
Severity:
00
CKR0141 Number of non-default profiles found is
number for complex version
Explanation:
This message summarizes the number of profiles listed by a REPORT NONDEFAULT command.
Severity:
00
CKR0142
Explanation:
This message gives the number of profiles considered redundant by a
REPORT NONREDUNDANT or
REPORT REDUNDANT command. In addition, it compares this to the total number of profiles tested for redundancy.
Severity:
00
Of the
xxxx profiles tested yyyy are
redundant (
pp%) for complex version
CKR0143 Number of profiles and qualifiers in selected scope is
number for complex
version
Explanation:
This message summarizes the number of profiles and qualifiers listed by a REPORT SCOPE= or
REPORT PERMIT= command.
Severity:
00
CKR0144 MOD only valid with
TYPE=CKRCMD/OUTPUT - at
ddname
line
number
Explanation:
You specified MOD on an ALLOC statement with a TYPE other than CKRCMD or
OUTPUT. This is not supported. Remove the MOD from the ALLOC statement.
Severity:
12
CKR0145 MOD mutually exclusive with
VOL/UNIT/MEMBER/FILEDESC/PATH/
GETPROC - at
ddname line number
Explanation:
The ALLOC MOD parameter cannot be combined with any of the parameters above. Either remove MOD or leave out the unsupported parameter.
Severity:
12
CKR0146 FILEDESC mutually exclusive with
VOL/UNIT and TYPE other than
OUTPUT or CKRCMD - at
ddname line
number
Explanation:
You can only specify FILEDESC on an
ALLOC TYPE=OUTPUT or TYPE=CKRCMD. Also it is mutually exclusive with VOL and UNIT.
Severity:
12
CKR0147 PATH/GETPROC mutually exclusive with VOL/UNIT - at
ddname line number
Explanation:
If you specify a UNIX pathname, then you cannot specify a volume serial or unit name.
Severity:
12
CKR0148
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE
PERMIT/USER command. It means that the undefined
identity occurs in the STUSER field of the STDATA segment of the indicated STARTED profile. To solve the condition an RALT command will be generated to remove this field from the profile.
Severity:
04
event stuser identity general resource
profile STARTED
profile
CKR0149
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE
PERMIT/GROUP command. It means that the undefined identity occurs in the STGROUP field of the
STDATA segment of the indicated STARTED profile. To solve the condition an RALT command will be generated to remove this field from the profile.
Severity:
04
event stgrp identity general resource
profile STARTED
profile
CKR0150 STARTED profile
profile revoked user id
not connected to group
group - "user" is
used.
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in
Chapter 5. CKR messages
133
CKR0151 • CKR0154
the indicated profile in the STARTED class: the user id in the STUSER field in the STDATA segment is not connected to the group in the STGROUP field, so that the undefined user ID user will be used, and furthermore the user id is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by CKR0575). This message indicates an error on the profile level, but no command is generated as it is unclear what the desired solution would be.
Severity:
08
CKR0151 STARTED profile
profile revoked user id
not connected to group
group - "user" is
used for
procedure volume dataset
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: the user id in the STUSER field in the STDATA segment is not connected to the group in the STGROUP field, so that the undefined user ID user will be used, and furthermore the user id is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by CKR0575). Note that the first qualifier of profile is generic, and either the user id or the group is specified as =MEMBER and thus evaluates to procedure, so that the main problem is not a condition on the profile level; no command is generated.
Severity:
08
CKR0152 No STUSER specified on STARTED profile
profile - ICHRIN03 is used - and
user id
id as STGROUP - changed to
newgroup
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: it does not contain an STUSER field in the STDATA segment, and the STGROUP field does not contain a valid group ID but username id instead. Because of the severe first condition, the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead.
No attempt is made to cure this condition, because it may be intentional. To cure the second problem, a command is generated: if newgroup is
group(=MEMBER)
, then the profile's first qualifier is a valid group ID, and STGROUP field is set to use that member name; otherwise, newgroup is NOGROUP and the STGROUP field will be removed from the STDATA segment, meaning that the default group (for the user when one is specified later) should be used. After correcting the second condition, a new run should
"only" yield CKR0564.
Severity:
08
CKR0153
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: it does not contain an STUSER field in the STDATA segment, and the STGROUP field does not contain a valid group ID but value id. Because of the severe first condition, the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead. No attempt is made to cure this condition, because it may be intentional. To cure the second problem, a command is generated: if newgroup is group(=MEMBER), then the profile's first qualifier is a valid group ID, and
STGROUP field is set to use that member name; otherwise, newgroup is NOGROUP and the STGROUP field will be removed from the STDATA segment, meaning that the default group (for the user when one is specified later) should be used. After correcting the second condition, a new run should "only" yield
CKR0564.
Severity:
08
No STUSER specified on STARTED profile
profile - ICHRIN03 is used - and
undefined STGROUP
id - changed to
newgroup
CKR0154 STARTED profile
profile contains group
id
id as STUSER and user id id2 as
STGROUP - "
user" is used - action to
newuser newgroup note
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the groupname id, and the STGROUP field does not contain a valid group ID but the username
id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to
=MEMBER
to use the member name, respectively; if not, they will be set to NOUSER and NOGROUP respectively to indicate the fields are to be deleted. If
newuser is user(=MEMBER) (and thus newgroup is
NOGROUP
), the identities are both fixed and the action will be correct, although you still may have to note
"but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if newuser is NOUSER the action will be change, there will be no note, and after the proposed change the profile would be so obviously unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile.
Severity:
08
134
Messages Guide
CKR0155
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the groupname id, and the STGROUP field does not contain a valid group ID but the value id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID
user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to =MEMBER to use the member name, respectively; if not, they will be set to NOUSER and
NOGROUP
respectively to indicate the fields are to be deleted. If newuser is user(=MEMBER) (and thus
newgroup is NOGROUP), the identities are both fixed and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by
CKR0575); if newuser is NOUSER the action will be
change
, there will be no note, and after the proposed change the profile would be so obviously unusable that
RACF would fall back on started procedure table
ICHRIN03, and a subsequent VERIFY STC would issue
CKR0564 for the profile.
Severity:
08
STARTED profile
profile contains group
id
id as STUSER and undefined
STGROUP
id2 - "user" is used - action to
newuser newgroup note
CKR0156 STARTED profile
profile has undefined
STUSER
id and user id id2 as STGROUP
- "
user" is used - action to newuser
newgroup note
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the value id, and the STGROUP field does not contain a valid group ID but the username id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID
user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to =MEMBER to use the member name, respectively; if not, they will be set to NOUSER and
NOGROUP
respectively to indicate the fields are to be deleted. If newuser is user(=MEMBER) (and thus
newgroup is NOGROUP), the identities are both fixed and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by
CKR0575); if newuser is NOUSER the action will be
change
, there will be no note, and after the proposed
CKR0155 • CKR0158
change the profile would be so obviously unusable that
RACF would fall back on started procedure table
ICHRIN03, and a subsequent VERIFY STC would issue
CKR0564 for the profile.
Severity:
08
CKR0157
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the value id, and the STGROUP field does not contain a valid group ID but the value id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID
user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to =MEMBER to use the member name, respectively; if not, they will be set to NOUSER and
NOGROUP
respectively to indicate the fields are to be deleted. If newuser is user(=MEMBER) (and thus
newgroup is NOGROUP), the identities are both fixed and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by
CKR0575); if newuser is NOUSER the action will be
change
, there will be no note, and after the proposed change the profile would be so obviously unusable that
RACF would fall back on started procedure table
ICHRIN03, and a subsequent VERIFY STC would issue
CKR0564 for the profile.
Severity:
08
STARTED profile
profile has undefined
STUSER
id and undefined STGROUP
id2 - "user" is used - action to newuser
newgroup note
CKR0158 STARTED profile
profile has STGROUP
=MEMBER, which is a userid, and revoked STUSER
id2 - "user" is used for
procedure volume dataset
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: the
STGROUP field in the STDATA segment contains
=MEMBER
but the indicated procedure in the indicated
data set is not a valid group ID, but a user ID, so that the undefined user ID user will be used, and the user
ID specified in the STUSER field is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by CKR0575). Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated.
Chapter 5. CKR messages
135
CKR0159 • CKR0167
Severity:
08
CKR0159 STARTED profile
profile has STGROUP
=MEMBER, which is undefined, and revoked STUSER
id2 - "user" is used for
procedure volume dataset
Explanation:
This message is produced by the VERIFY
STC command. It describes two separate problems in the indicated profile in the STARTED class: the
STGROUP field in the STDATA segment contains
=MEMBER
but the indicated procedure in the indicated data set is not a valid group ID, but undefined to RACF, so that the undefined user ID user will be used, and the user ID specified in the STUSER field is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by
CKR0575). Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated.
Severity:
08
CKR0160 Unsupported RACF database blksize
nnnnn (must be 1024 or 4096) on file
ddname dsname
Explanation:
The database to be read had an unsupported blocksize. This may happen if you transmit a database to another system and receive it there without explicitly requesting the proper blocksize; the system will select another blocksize in this case.
Severity:
16
CKR0161
Explanation:
A profile in a restructured database was read with a segment name that could not be found in the template for the indicated entity type. The message is followed by the exact source location of the profile to assist in further analysis.
Severity:
16
Segment name not in templates -
name
for entity type
xx
CKR0162 Entity type not found in BASE segment of
key
Explanation:
The entity type of the base segment of a profile in a restructured database was not found in the expected place in the profile. Contact IBM Software
Support if the profile can be displayed normally by
RACF commands.
Severity:
16
CKR0163
Explanation:
This message indicates that a non-base segment was encountered for which the entity type could not be determined. The message is issued only if
DEBUG SEGMENT has been issued. For RACF 1.9 and up, this can only occur for a DFP segment of a USER or
GROUP profile. For most purposes, this does not really matter, since they are treated the same most of the time
(i.e. as accessor ids). However, if you request a LIST with CLASS, then the class may erroneously show
USER.
Severity:
00
Entity type user assumed - segment
segname of key
CKR0164 Segment name
segname not in segment
table for entity type
xx
Explanation:
A profile segment in a restructured database was read with a segment name that could not be found in the segment table for the indicated entity type. The message is followed by the exact source location of the profile to assist in further analysis.
Severity:
16
CKR0165 Template not found for entity type
xx
Explanation:
A profile in a restructured RACF database was read with the indicated entity type. The
ICB did not contain a template pointer for the indicated entity type. The message is followed by the exact source location of the profile to assist in further analysis.
Severity:
16
CKR0166 Conditional access list refers to unknown class "
class" in class key
Explanation:
A general resource profile in a restructured RACF database contained a conditional access list containing a reference to a class not found in the class descriptor table. This message is given only once per "class".
Severity:
08
CKR0167 Grouping resource in conditional access list not supported -
class key
Explanation:
A general resource profile in a restructured database contained a conditional access list with a reference to a grouping class. The program supports only non-grouping classes in the conditional access list.
Severity:
16
136
Messages Guide
CKR0168 Maximum profile length on
complex is
nnnnn bytes for class key
Explanation:
This informational message details the maximum profile length found in your RACF database on the indicated complex. It can be used to determine how near you are to problems. For non-restructured databases, the maximum length is 64KB.
Severity:
00
CKR0169 Cluster protection undecidable (not in any catalog or VVDS)
clustername
Explanation:
The indicated cluster cannot be represented properly in the reports, because the VVDS or catalog information is missing.
Severity:
08
CKR0170 Selection in restricted mode is not allowed on restricted field
field at ddname
line
number
Explanation:
When the program is running in restricted or PADS mode, selection on the indicated field is not allowed. The program is running in restricted mode either because of a reason shown in a
CKR0031 message or because SIMULATE RESTRICT was specified. This condition is considered a syntax error (severity 12). If an ALLOWRESTRICT modifier explicitly indicates that the query must be executed anyway, this message is issued as a warning (severity
4) to remind you that the indicated field is treated as missing. The restrictions that apply to this field can be viewed in the "Restrictions" column of the output from the primary command FIELD after zooming in through
BUILTIN and RACF, provided the command is also issued in restricted mode (SIMULATE RESTRICT in
SETUP PREAMBLE will ensure this).
Note:
If the restriction is to OWNER or CKGOWNR and use of the restricted field is in a SELECT statement,
message “CKR2463” on page 306 is issued instead.
Severity:
04 or 12
CKR0171 Class not in descriptor table, default properties assumed -
class
Explanation:
The indicated class (or its 4 character prefix in non-RDS databases) was present in the database, but not in the class descriptor table. Hence, the program cannot know which properties the class has and may use it incorrectly. This may for instance happen if you process a RACF database from a different system, or if classes were deleted from the class descriptor table without first removing all profiles in these classes. The message is followed by an indication which profile was first encountered with the offending class. To find all profiles you can use the
SELECT CLASS= command.
CKR0168 • CKR0176
Severity:
08 (unless changed by the MSGRC parameter of the OPTION statement)
CKR0172 ICHCNX00 returns qualifier "
qual1" for
internal but "
qual2" for external format
of
dsname
Explanation:
The installation exit returns different qualifiers for the internal and external formats of the data set name, both of which are unequal to the first qualifier of the data set name. The program will choose the external one. The message can be suppressed by the command SUPPRESS MSG=172.
Severity:
16 (unless changed by the MSGRC parameter of the OPTION statement)
CKR0173 ICHCNX00 returns qualifier "
qual1" for
internal but "
qual2" for external format
of
dsname
Explanation:
The installation exit returns different qualifiers for the internal and external formats of the data set name. The program will choose the external one. This message is issued only if the DEBUG QUAL command was issued.
Severity:
00
CKR0174 No support for
n>1 associations in
UCAT alias
alias in BCS system volume
dsn
Explanation:
This message indicates that an unexpected condition was found in a usercatalog alias entry. Contact IBM Software Support.
Severity:
20
CKR0175 Unsupported number of qualifiers in usercat alias
alias in BCS system volume
dsn
Explanation:
This message indicates that an alias entry in the catalog contained more than 4 qualifiers.
Contact IBM Software Support.
Severity:
20
CKR0176 Unexpected volume cell
volser in BCS
record cluster
dsname
Explanation:
This message indicates that an unexpected condition was found in an ICF catalog record. Contact IBM Software Support.
Severity:
04
Chapter 5. CKR messages
137
CKR0177 • CKR0188
CKR0177 VERIFY NONEMPTY not performed on complex
complex due to missing catalog
information
Explanation:
This message indicates that catalog information about VSAM data sets was missing from the CKFREEZE file(s) for the indicated complex, possibly because they were created without APF authorization. VERIFY NONEMPTY depends on completeness of the information and hence refuses to operate.
Severity:
08
CKR0178 No CKFREEZE file for system
name in
SIMULATE SHARED VOLUME=
volser
command
Explanation:
This message indicates that you used a system name that was not found in the CKFREEZE files. Possibly you mistyped the system name, or forgot to allocate the CKFREEZE file.
Severity:
12
CKR0179 Conflicting share information for volume
volume on system system
Explanation:
The SIMULATE commands are inconsistent with respect to the specified system/volume combination.
Severity:
12
CKR0180 No CKFREEZE file for system
name in
SIMULATE (NON)SHARED
SYSTEM=
name command
Explanation:
This message indicates that you used a system name that was not found in the CKFREEZE files. Possibly you mistyped the system name, or forgot to allocate the CKFREEZE file.
Severity:
12
CKR0181 Unknown subparameter -
parm
Explanation:
This message indicates that the program does not recognize the specified parameter, at least not in this place.
Severity:
12
CKR0182 Field
name flag value must be GLOBAL,
GENERAL or SPECIFIC - "
value" at
ddname line number
Explanation:
This message indicates that for field
name only the values GLOBAL, GENERAL and
SPECIFIC can be specified.
Severity:
12
CKR0183 Simulation not supported -
parm
Explanation:
This message indicates that the specified parameter was recognized but is not supported for simulation.
Severity:
12
CKR0184 Conflicting options SHARED and
NONSHARED
Explanation:
This message indicates that you tried to define all volumes in all systems as both shared and unshared.
Severity:
12
CKR0185 SIMULATE SHARE VOL=list should include the system names system
system
has to share the volume(s) with
Explanation:
This message indicates, that if you specify a system list for a volume, then it should contain a list of systems sharing the volume. You specified only one system, which is not sufficient to define the sharing relationship. If you meant that the volume is shared among all your systems, then you must completely omit the SYSTEM parameter.
Severity:
12
CKR0186 Conflicting SHARE/NONSHARE for volume
name on system system
Explanation:
This message indicates that you tried to define the volume name in system system as both shared and unshared on different SIMULATE commands.
Severity:
12
CKR0187 Field
name value string type not
supported - '
value' at ddname line number
Explanation:
The only valid string types are X for hex,
B for bit(mask), and C for character string (which is the same as omitting the type).
Severity:
12
CKR0188 Field
name value invalid - bit string may
only contain 0, 1, or . - "
value" at ddname
line
number
Explanation:
This message indicates that the string of type B (bitmask) contains an invalid character. Specify 0 or 1 for an exact match on a bit, and dot "." for a do not care.
Severity:
12
138
Messages Guide
CKR0189 • CKR0197
CKR0189 Field
name flag value must be FORCE or
NOFORCE - "
value" at ddname line
number
Explanation:
This message indicates that an improper value was specified for the XRFSOFF flag.
Severity:
12
CKR0190
Explanation:
This message indicates that you tried to use a bitmask input string with more than 32 binary digits. This is not supported.
Severity:
12
Field
name value invalid - maximum bit
string length is 32 at
ddname line number
CKR0191 Field
name flag value must be hex,
binary, YES, NO, ON, OFF, or a bit mask "
value" at ddname line number
Explanation:
This message indicates that a value for a flag field was not recognized.
Severity:
12
CKR0192
Explanation:
This message indicates that you specified an invalid PAGELENGTH value. The page length includes all page headers and titles. Since these are printed on each page, there is a minimum page length of five (toptitle, title, subtitle, empty line, column header). If you do not want any headers, specify
NOPAGE. If you just want one header per
NEWLIST/SORTLIST, specify PAGELENGTH=0.
Severity:
12
PAGELEN=
nn must be larger than 5, or
0 to suppress page separators
CKR0193
activereason using system name iplvol
volume running operating system release
with
prod release
Explanation:
This message indicates that the active system settings are used. If activereason contains the text
No configuration file
, this is because no CKFREEZE file was present. If activereason shows Active
configuration
this is because of an explicit allocation request. Required information about system control blocks normally taken from the CKFREEZE file, like the
RACF Class Descriptor Table (when processing a RACF database) will be taken from the current system. The message also indicates the security product prod (RACF,
ACF2, or TSS) and its release level.
Severity:
00
CKR0194 Volume cell missing from connector entry for
dsname in catalog catname
Explanation:
This message indicates that an unexpected condition was found in an ICF catalog record. Contact IBM Software Support.
Severity:
20
CKR0195 SIMULATE RESTRICT not possible on this system
Explanation:
This message indicates that it is not possible to simulate restricted PADS mode for a RACF database that does not have your current user ID defined in it.
Severity:
12
CKR0196 Unload not allowed during PADS access to
ddname volume dsn
Explanation:
This message indicates that the program is operating in restricted or PADS mode and will not allow you to make an unload file, since this would allow you to see information beyond your scope of authority. Note that even profiles 'in your scope' contain information that is not 'in your scope' to see since you are not given access to it by RACF itself.
Severity:
12
CKR0196 Unload not allowed during program pathing access to
ddname volume dsn
Explanation:
This message indicates that the program is operating in restricted or program pathing mode and will not allow you to make an unload file, since this would allow you to see information beyond your scope of authority. Note that even records 'in your scope' contain information that is not 'in your scope' to see since you are not given access to it by ACF2 itself.
Severity:
12
CKR0197 Unload not allowed with PADS access to configuration dataset
Explanation:
This message indicates that the program is operating in restricted or PADS mode and will not allow you to make an unload file. While this may not be strictly necessary in the case of PADS access to a
CKFREEZE file, the program has only one restricted mode of operation, independently of exactly which input file was accessed through PADS mode.
Severity:
12
Chapter 5. CKR messages
139
CKR0197 • CKR0207
CKR0197 Unload not allowed with program pathing access to configuration dataset
Explanation:
This message indicates that the program is operating in restricted or program pathing mode and will not allow you to make an unload file. While this may not be strictly necessary in the case of program pathing access to a CKFREEZE file, the program has only one restricted mode of operation, independently of exactly which input file was accessed through program pathing mode.
Severity:
12
CKR0198 Option not allowed in restricted mode -
option
Explanation:
This message indicates that the program is operating in restricted or PADS mode and will not
Messages from 200 to 299
CKR0200 Duplicate NONVSAM profile volume
volser dataset datasetname
Explanation:
Two identical profile keys were found for the same volume. This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition.
Severity:
20
CKR0201 Duplicate TAPEDSN profile volume
volser dataset datasetname
Explanation:
Two identical profile keys were found for the same volume, and both with DSTYPE=TAPE.
This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition.
Severity:
20
CKR0202
Explanation:
Two identical profile keys were found for the same volume and both with DSTYPE=VSAM.
This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition.
Severity:
20
Duplicate VSAM profile volume
volser
cluster
datasetname
CKR0203 Duplicate MODEL profile
datasetname
Explanation:
Two identical profile keys were found, both for a model data set. This is an anomaly in the
RACF database. Only the first profile will be used in the program, and no support is present to remove the condition.
140
Messages Guide allow you to use the indicated option or command, since it might influence access control decisions. If
option is "DEBUG other than RESTRICT PERFORM
DICT CPIC ACTION OUNIT" the severity of this message will be zero.
Severity:
12
CKR0199 REPORT [SCOPE|PERMIT]=
idname not
allowed, id is not in your scope on complex
complex version
Explanation:
This message indicates that the program is operating in restricted or PADS mode and will not allow you to request a scope or permit report for a user or group that is considered to be outside your scope of authority.
Severity:
12
Severity:
20
CKR0204 Duplicate generic dataset profile base
datasetname
Explanation:
Two identical profile keys were found, both for a generic data set profile. This is an anomaly in the RACF database. Only the first profile will be used, and no support is present to remove the condition.
Severity:
20
CKR0205
field not found in profile datasetname
complex
complex version
Explanation:
Here field can be DSTYPE or
MODELNAM. While searching the data set profile indicated for the specified field, end-of-profile was reached or the template did not contain the field. If the error is reproducible, contact IBM Software Support.
Severity:
20
CKR0206
Explanation:
Two identical GLOBAL profiles for the indicated class were found. This is an anomaly in the
RACF database. Only the first profile will be used, and no support is present to remove the condition.
Severity:
20
Duplicate GLOBAL profile
classname
complex
complex version
CKR0207 Model name length
length too long on
profile
identity complex complex version
Explanation:
The model profile name on a user or group profile is length characters long. The maximum length for a model profile is 44 characters, minus the length of the high level qualifier prefix (the user or
CKR0208 • CKR0218
group ID followed by a dot).
The program provides no support for this condition.
Severity:
20
CKR0208
Explanation:
Here type can be DATASET or
GENERAL, and field can be UNIVACS, UACC, FLAG1,
AUDIT, AUDITQS, AUDITQF, GAUDITQS or
GAUDITQF. Contact IBM Software Support.
Severity:
20
field not found in type profile.complex
complex version
CKR0209
Explanation:
The indicated identity was found as a profile in the class USER as well as the class GROUP.
No support exists to handle this condition.
Severity:
20
identity defined as both USER and
GROUP
CKR0210 USER "
identity" doubly defined
Explanation:
Two user profiles were encountered with identical keys. Possibly you combined two copies of the same database in one run.
Severity:
20
CKR0211 GROUP "
identity" doubly defined
Explanation:
Two group profiles were encountered with identical keys. Possibly you combined two copies of the same database in one run.
Severity:
20
CKR0212 Numeric or flag field
fldname exceeds
supported length (4 byte) for profile
key
Explanation:
This message indicates that during
SELECT or EXCLUDE processing a profile was encountered with the field length for the indicated field exceeding 4 bytes. The program assumes that all numeric fields are 4 bytes or less in length.
Severity:
20
CKR0213 Missing master catalog for system
name
Explanation:
This message indicates that the
CKFREEZE files did not contain a catalog dump of the master catalog for the indicated system, or that it was not clear which catalog was the master catalog.
Severity:
16
CKR0214 CKFREEZE file required for selected options
Explanation:
This message indicates that you requested program functions that require the presence of a CKFREEZE file. However, no CKFREEZE or
CKRCKF0n file was found allocated.
Severity:
12
CKR0215
Explanation:
This message indicates that the program is operating in restricted or PADS mode and will not allow you to request access to a field that is marked
masked in the database templates.
Severity:
12
Non-PADS run required to access masked field
field
CKR0216
event permit identity whenclass
whenprofile(1-15) class key
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE
PERMIT/USER/GROUP command, with event equal to
Redundant
due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list of a general resource profile. Only the first 15 characters of the key in the conditional permit are shown. For (RE)MOVE or VERIFY a PERMIT DELETE
WHEN(...()) command is generated to remove the conditional permit. For COPY a PERMIT WHEN(...()) command is generated to create the conditional permit.
Severity:
04
CKR0217 Audit authority required to access
field
Explanation:
This message indicates that the program is operating in restricted or PADS mode and will not allow you to request access to a field that is reserved for users with the auditor or group-auditor attribute.
The ALLOWRESTRICT modifier causes the severity of this message to drop to 4, thus allowing the program to finish the query. The offending field will be shown blank.
Severity:
12 or 04
CKR0218 Field
field of length field-length extends
number chars beyond target line length
line-length - ddname line number
Explanation:
This message indicates that you requested more fields than will fit into the output line buffer, which has maximum length line-length. The indicated field (of length field-length) would extend
number characters beyond the end of the output line.
The requested field will be truncated automatically.
Chapter 5. CKR messages
141
CKR0219 • CKR0227
Severity:
12
CKR0219 ICHCNX00 exit abend
sssuuu now
activating SUPPRESS ICHCNX00
Explanation:
This message indicates that an abend condition was intercepted while calling the current system's RACF exit ICHCNX00. This may easily happen if the exit requires supervisor state, key zero operation, or other authorized functions. The abend code was system abend sss (hexadecimal) or user abend
uuu (hexadecimal). Calls to the exit will be suppressed for the remainder of the run.
Severity:
16
CKR0220
Explanation:
This message is issued when trying to format a variable length date field with an unsupported length. The field name from the template is indicated in the message, as well as the profile in which the condition was found, either in the format
profile
key or in the format connect user to group.
Severity:
20
Unsupported date length for
fieldname
location complex complex version
CKR0221
Explanation:
This message indicates that you requested a report concerning PROGRAM protection.
Profiles were found in the class PROGRAM, but the system-wide option SETROPTS WHEN(PROGRAM) is
not in effect. This means that the profiles will not be used by RACF, and will not be present on the
REPORT AC1 and REPORT PADS output, unless you include a SIMULATE SETROPTS WHEN(PROGRAM) command.
Severity:
00
Warning: program profiles present but program control not active in system
sys
complex
complex version
CKR0222
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER command. The superior group field will be changed by an ALG command to the indicated group.
Severity:
04
event supgrp identity of group name -
make
name
CKR0223 Invalid PRINT/NEWLIST output file -
file
Explanation:
This message indicates that the indicated filename or DDname is not valid as a target for a
NEWLIST or PRINT command. The following reserved
142
Messages Guide
DDnames may not be specified: CKRUNLIN,
CKRUNLOU, STEPLIB, SYSABEND, SYSUDUMP,
SYSMDUMP, CKRCARLA, CKRTSPRT, XMLIN,
XMLOUT, CKRACF*, CKRSMF*, and all redirections for those files. For additional information, see the
OPTION command documentation in the IBM Security
zSecure: CARLa Command Reference.
Severity:
12
CKR0224
Explanation:
This message is only issued for a
Restructured Data Set and indicates the number of profiles (base segments) and non-base segments that were read and the numbers that were selected. The percentage is based on the sum of profiles and non-base segments. The number selected for a run that only uses merge will be zero. If other TYPE=RACF newlists, reports or verify commands are used, those will determine the number of selected profiles / segments.
Severity:
00
nn profiles and nn segments read, nn
profiles and
nn segments selected (nn%)
for
complex [version]
CKR0225 DMS default setting not supported -
ppppppppv on complex complex system
system
Explanation:
This message indicates that the indicated setting v for a DMS parameter pppppppp is not supported - results may be unpredictable. It can happen that the indicated parameter setting was assumed as a default by the program (because it is the default in DMS) if the actual value was missing in the
CKFREEZE file.
Severity:
16
CKR0226 Invalid sysid (must be lower or equal to
4 characters)
Explanation:
This message indicates a system name was found in a conditional access list entry that had more than 4 characters. This is not supported. contact
IBM Software Support.
Severity:
16
CKR0227
length must be in range n..32767
Explanation:
This message indicates that the page or line length you supplied does not fall in the allowed interval 0..32767 for PL or 1..32767 for LL. If you want to prevent paginating the output, you should use PL=0 or NOPAGE.
Severity:
12
CKR0228 Modifiers (SUB/TOP)TITLE cannot be combined with WRAP/MORE/HOR field
field at ddname line number
Explanation:
This message indicates that a modifier was specified that changes the appearance of a repeated field on the overview line but is not supported for page titles.
Severity:
12
CKR0229 Modifiers (SUB/TOP) TITLE are mutually exclusive - field
field at ddname
line
number
Explanation:
A field must be either part of the title or the toptitle. But you can specify the field twice with one of the modifiers on each.
Severity:
12
CKR0230 Modifier PAGE not allowed after variable field without PAGE - field
field
at
ddname line number
Explanation:
Fields that cause a page boundary when their value changes must be higher in the sort hierarchy than fields that do not have the page modifier.
Severity:
12
CKR0231 (SUB/TOP)TITLE must occur before fields on output line - field
field at
ddname line number
Explanation:
Fields that are to be reported in a page title must be higher in the sort hierarchy than fields that do not have a (top)title modifier.
Severity:
12
CKR0232 KEY must occur before any non-key fields on display - field
field at ddname
line
number
Explanation:
The KEY modifier can only be used in a set of contiguous columns on the left of the display.
This defines the part of the display that cannot be scrolled horizontally.
Severity:
12
CKR0233 Modifiers (SUB/TOP)TITLE not valid with length 0 - field
field at ddname line
number
Explanation:
The field that is to be reported in a page title must have a fixed length.
Severity:
12
CKR0228 • CKR0239
CKR0234
option modifier invalid on LIST
command, use SORTLIST before
token at
ddname line number
Explanation:
Use SORTLIST if you want to use the
PAGE, SUBTITLE, TITLE, or TOPTITLE modifier.
Severity:
12
CKR0235
Explanation:
This message is issued due to a
(RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field.
Severity:
04
Replace notify
identity on non-VSAM
DATASET profile
volume datasetname -
with
newnotify
CKR0236
Explanation:
This message is issued due to a
(RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field.
Severity:
04
Replace notify
identity on VSAM
DATASET profile
volume datasetname -
with
newnotify
CKR0237
Explanation:
This message is issued due to a
(RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field.
Severity:
04
Replace notify
identity on generic
DATASET profile
datasetname - with
newnotify
CKR0238
Explanation:
This message is issued due to a
(RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field.
Severity:
04
Replace notify
identity of model
DATASET profile
datasetname - with
newnotify
CKR0239 Change notify
identity to id2 profile class
key
Explanation:
This message is issued for a PROGRAM or GLOBAL profile due to a (RE)MOVE NOTIFY/
PERMIT/USER, NEWNOTIFY= command. In response, an RALTER NOTIFY() command will be generated to change the notify field.
Severity:
04
Chapter 5. CKR messages
143
CKR0240 • CKR0249
CKR0240
Explanation:
This message is issued due to a
VERIFY INDICATED command.
Severity:
04
BCS RACF indicator set but no discrete
VSAM profile
volser clustername
CKR0241 Discrete VSAM profile but BCS RACF indicator not set
volser clustername
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. The volume indicated is the volume of the catalog (BCS) that contained an ownership cell with the RACF indicator bit off for the indicated cluster. To solve the error condition a
DELDSD NOSET command will be generated.
Severity:
04
CKR0242 Discrete VSAM profile present but no cluster found
volser clustername
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. The volume indicated is the volume of the catalog that did not contain the cluster. To solve the error condition a DELDSD NOSET command will be generated.
Severity:
04
CKR0243 Discrete VSAM profile but BCS volume not mounted
volser clustername
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. The profile indicates a volume that is not mounted. To solve the error condition a DELDSD NOSET command will be generated.
Severity:
04
CKR0244
Explanation:
This message is issued due to a
(RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field.
Severity:
04
Replace notify
identity on tape
DATASET profile
volser datasetname -
with
newnotify
CKR0245
event qualif identity of tape DATASET
profile
volser datasetname - output
DELDSD
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the
144
Messages Guide condition, a DELDSD VOL() command will be generated. The message and action may be suppressed by means of a SUPPRESS command.
Severity:
04
CKR0246
event qualif identity of non-VSAM
DATASET profile
volser datasetname -
output DELDSD
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD VOL() command will be generated. The message and action may be suppressed by means of a SUPPRESS command.
Severity:
04
CKR0247
event qualif identity of VSAM DATASET
profile
volser datasetname - output
DELDSD
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD VOL() command will be generated. The message and action may be suppressed by means of a SUPPRESS command.
Severity:
04
CKR0248
event qualif identity of generic DATASET
profile
datasetname - output DELDSD
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD command will be generated. The message and action may be suppressed by means of a
SUPPRESS command.
Severity:
04
CKR0249
event qualif identity of model DATASET
profile
datasetname - output DELDSD
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD command will be generated. The
message and action may be suppressed by means of a
SUPPRESS command.
Severity:
04
CKR0250
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. To solve the error condition a ALTDSD DELVOL command will be generated.
Severity:
04
Multivolume discrete profile but no
RACF indicator
volser datasetname
CKR0251
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. To solve the error condition a ALTDSD DELVOL command will be generated.
Severity:
04
Multivolume discrete profile but data set not found
volser datasetname
CKR0252
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. To solve the error condition a ALTDSD DELVOL command will be generated.
Severity:
04
Multivolume discrete profile but volume not mounted
volser datasetname
CKR0253 Cluster indicator unknown due to undumped catalog on
volume clustername
Explanation:
The program was unable to determine whether the indicated cluster was RACF indicated or not, since the catalog in which it was cataloged according to the VVDS, was not present in the catalog dump.
Severity:
08
CKR0254 Discrete profile not used because GDG model present
volser datasetname
Explanation:
This message is issued due to a
VERIFY ONVOLUME command. It indicates that a discrete profile is present for a GDG generation, while at the same time a discrete non-VSAM or model profile exists for the GDG base name, and GDG modelling is active. To solve the error condition a DELDSD NOSET command will be generated. However, if the generation has already been rolled off the GDG, the command may be rejected with the error message "NOT FOUND
IN CATALOG". In this case, the profile can only be removed by deactivating the system-wide
MODEL(GDG) option before issuing the command.
Severity:
04
CKR0250 • CKR0259
CKR0255
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a
COPY PERMIT/USER command. To solve the error condition an ALTDSD VOL() NONOTIFY command will be generated.
Severity:
04
event notify identity on non-VSAM
DATASET profile
volser datasetname
CKR0256
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a
COPY PERMIT/USER command. To solve the error condition an ALTDSD VOL() NONOTIFY command will be generated.
Severity:
04
event notify identity on VSAM DATASET
profile
volser datasetname
CKR0257
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a
COPY PERMIT/USER command. To solve the error condition an ALTDSD NONOTIFY command will be generated.
Severity:
04
event notify identity on generic
DATASET profile
datasetname
CKR0258
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a
COPY PERMIT/USER command. To solve the error condition an ALTDSD NONOTIFY command will be generated.
Severity:
04
event notify identity of model DATASET
profile
datasetname
CKR0259
event notify identity general resource
profile
class name
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command, and
Chapter 5. CKR messages
145
CKR0260 • CKR0267
with event equal to Replace due to a
COPY PERMIT/USER command. To solve the error condition a RALT NONOTIFY command will be generated.
Severity:
04
CKR0260
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
(RE)MOVE PERMIT/USER command. This message is only issued for the NODES resource class. To solve the condition an RDEL command will be generated to remove the entire profile.
Severity:
04
event member identity general resource
profile
class key
CKR0261 Key with unknown
identity general
resource profile
class key
Explanation:
This message is issued due to a
VERIFY PERMIT or (RE)MOVE PERMIT/USER command. This message is only issued for resource classes where some qualifier can be a user ID or group, like VMMDISK, VMBATCH, DLFDATA, JESJOBS,
NODES, JESSPOOL, PROPCNTL, VMEVENT, and
VMXEVENT. To solve the condition an RDEL command will be generated to remove the profile.
Severity:
04
CKR0262
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE
PERMIT/USER command. It means that the identity to be removed defines the OMVS default UID, and that the error condition is not resolved. This error condition is not resolved when the default GID specification is present and not to be removed; if there would not have been a default GID specification to be kept, the condition would have been resolved by removing the specification(s), and CKR0298 would have been issued instead.
Severity:
08
event user identity - defines OMVS
default UID in BPX.DEFAULT.USER
CKR0263
event notify identity general resource
profile
class key
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a
COPY PERMIT/USER command. To solve the condition a RALTER NONOTIFY command will be generated to remove the notify field.
146
Messages Guide
Severity:
04
CKR0264
event R-ownr identity on non-VSAM
DATASET profile
volser datasetname
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the
RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated.
Severity:
04
CKR0265
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the
RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated.
Severity:
04
event R-ownr identity on VSAM
DATASET profile
volser datasetname
CKR0266
event R-ownr identity on generic
DATASET profile
datasetname
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the
RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated.
Severity:
04
CKR0267
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the
RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated.
Severity:
04
event R-ownr identity of model
DATASET profile
datasetname
CKR0268 • CKR0274
CKR0268
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list of a general resource profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated.
Severity:
04
event permit identity whenclass
whenprofile(1-15) class key
CKR0269
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list
WHEN(SYSID(smfid)) clause of a PROGRAM profile. To solve the condition a
PERMIT DELETE WHEN(SYSID(smfid)) command will be generated.
Severity:
04
event permit identity SYSID smfid
PROGRAM
profile
CKR0270
event permit identity whenclass
whenprofile(1-15) PROGRAM profile
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list clause of a PROGRAM profile other than
WHEN(SYSID(...)). Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated.
Severity:
04
CKR0271
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE VOL() command will be generated.
Severity:
04
event permit identity in access list of tape
dsn
volser datasetname
CKR0272 Remove raclink
node.id with id2 - output
RACLINK UNDEFINE
Explanation:
This message is issued due to a
REMOVE USER= command. In order to remove id2, its raclinks must be deleted first, hence RACLINK
UNDEFINEs are generated for each.
Severity:
00
CKR0273
event owner identity of tape DATASET
profile
volser datasetname - make
newowner
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
(RE)MOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a
COPY PERMIT/USER/GROUP command. To solve the error condition a ALTDSD VOL() OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT
OWNER= command. The new owner selected is shown in the message.
Severity:
04
CKR0274
event notify identity on tape DATASET
profile
volser datasetname
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command. To solve the error condition a
ALTDSD VOL() NONOTIFY command will be generated.
Severity:
04
Chapter 5. CKR messages
147
CKR0275 • CKR0286
CKR0275
Explanation:
This message is issued due to a
VERIFY PROTECTALL or VERIFY INDICATED command. To solve the error condition an
ADDSD NOSET command will be generated, but only if VERIFY INDICATED was not specified. Note that adding the profile may not be enough, you might want to enhance the access list, or use a generic profile instead.
Severity:
04
Inaccessible cluster (RACF indicated and no profile)
volser datasetname
CKR0276 Unprotected cluster (not
RACF-indicated, no generic)
volser datasetname
Explanation:
This message is issued due to a
VERIFY PROTECTALL command in NOPROTECTALL or PROTECTALL(WARN) environment. No command is generated.
Severity:
08
CKR0277
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
(RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the
RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated.
Severity:
04
event R-ownr identity on tape DATASET
profile
volser datasetname
CKR0278 Revoke for user
identity requested
Explanation:
This message is issued due to a
(RE)MOVE USER=, REVOKE command. In response, an ALTUSER REVOKE command will be generated.
Severity:
00
CKR0279
Explanation:
This message is issued due to a
MOVE USER=, TOGROUP= command. In response, a
CONNECT command will be generated.
Severity:
00
Connect user
identity to group identity as
requested - output CONNECT
CKR0280 Default group of
identity becomes
identity because removing former default
Explanation:
This message is issued due to a
MOVE USER=, TOGROUP= command. In response, an
ALTUSER DFLTGRP() command will be generated.
148
Messages Guide
Severity:
00
CKR0281 Remove user
identity from identity as
requested - output REMOVE
Explanation:
This message is issued due to a
MOVE USER=, TOGROUP= command. In response, a
REMOVE command will be generated.
Severity:
00
CKR0282
Explanation:
This message is issued due to a
VERIFY PROTECTALL command in a
PROTECTALL(FAIL) environment. No command is generated.
Severity:
04
Inaccessible cluster (not indicated and no generic)
volser datasetname
CKR0283 Delete userid
identity group identity as
requested - output DELUSER
Explanation:
This message is issued due to a
REMOVE USER= command. In response, a DELUSER command will be generated.
Severity:
00
CKR0284 Delete group
identity of depth depth -
output DELGROUP
Explanation:
This message is issued due to a
REMOVE GROUP= command. In response, a
DELGROUP command will be generated for the indicated group with the indicated depth.
Severity:
00
CKR0285
Explanation:
This message is issued due to a
(RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, a RALTER NOTIFY() command will be generated to change the notify field.
Severity:
04
Replace notify
identity general resource
profile
class key by newnotify
CKR0286 No VTOC and no VVDS entry for cluster component on
volser datasetname
Explanation:
This message is issued if a cluster component is referred to by a catalog entry or system control block, but could not be found in either the
VTOC or the VVDS.
Severity:
08
CKR0287 Non-restorable dataset, indic, no generic at archive
volser datasetname of seq
Explanation:
This message is issued if the DMSFILES data set contains a DSNINDEX and RACFENCD record for a version of data set datasetname that was RACF indicated and protected by a discrete profile at the time of the archive operation, but the discrete RACF profile
(with the encoded name) is not found in the RACF database anymore. According to the DMS documentation, this means that it is impossible to restore the data set without first changing the
DSNINDEX records. If this message keeps occurring after repeating the zSecure Collect run, you should follow the procedures in the DMS documentation (for example, RACFCHK1) to reconcile the relationship between DMS and RACF.
Severity:
08
CKR0288
Explanation:
This message is issued if the DMSFILES data set contains a DSNINDEX record for a version of data set datasetname that was RACF indicated and protected by a discrete profile at the time of the archive operation, but does not contain a corresponding
RACFENCD record. According to the DMS documentation, this means that it is impossible to restore the data set without first changing the
DSNINDEX records. If this message keeps occurring after repeating the zSecure Collect run, you should follow the procedures in the DMS documentation (for example, RACFCHK1) to reconcile the relationship between DMS and RACF.
Severity:
08
Non-restorable data set, RACFENCD record missing for
volser datasetname of
seq
CKR0289 Orphan RACFENCD record,
DSNINDEX record missing for
datasetname of seq
Explanation:
This message is issued if the DMSFILES data set contains a RACFENCD record for a version of the indicated data set without a corresponding
DSNINDEX record. Possibly this may correspond to an
'orphan' discrete profile, this is currently not checked by the program. If this message keeps occurring after repeating the zSecure Collect run, you should follow the procedures in the DMS documentation (for example, RACFCHK1) to reconcile the relationship between DMS and RACF.
Severity:
08
CKR0287 • CKR0294
CKR0290
Explanation:
This message is issued if a DSNINDEX record in the DMSFILES data set indicates that a version of the indicated data set was non-indicated and protected by a discrete profile at the same time (during the archive operation). This contradictory bit setting is not supported by the program.
Severity:
08
Discrete profile at archive non indicated data set
volser datasetname of seq
CKR0291 RACFENCD record found but
DSNINDEX discrete flag off
volser
datasetname of seq
Explanation:
This message is issued if a RACFENCD record has been found in the DMSFILES data set for a version of the data set datasetname (originally residing on volume volser) that also has a DSNINDEX record which tells that the data set was not protected by a discrete at the time of the archive. This contradictory bit setting is not supported by the program.
Severity:
08
CKR0292
Explanation:
This message is issued if one of the system's master catalogs contains a usercatalog connector entry pointing to a catalog datasetname that could not be found.
Severity:
08
Connected catalog not found on any volume
datasetname
CKR0293 Volume not mounted on any system for cluster comp on
volser datasetname
Explanation:
This message is issued if a catalog or system control block refers to a VSAM component on a volume that was not present in any of the CKFREEZE files.
Severity:
08
CKR0294 Cluster cataloged but not in proper ctlg on any system
volser datasetname
Explanation:
This message is issued because this cluster is present in a catalog, but not in such a way that it can be accessed directly on any system for which a CKFREEZE was supplied, since there is no ALIAS for the HLQ of the cluster or for the dsname of the cluster in the master catalog. This means that on these systems this cluster can only be accessed from a batch job that uses a STEPCAT/JOBCAT allocation. If the cluster is not intended to be accessed from another system where an ALIAS is correctly defined, you should define an alias or delete the cluster. If this condition is intentional, you can suppress the message from the report with a SUPPRESS MSG=294 command.
Chapter 5. CKR messages
149
CKR0295 • CKR0301
Severity:
04
CKR0295 Component part of two clusters on one system
volser datasetname
Explanation:
This points to a maintenance issue with catalogs: the same VSAM component is defined in two
(master or connected) catalogs on one system. You should investigate which definition is correct for this system, and whether the other definition is not used on another system. You can fix this error by uncataloging the component (or the whole cluster) from one of the catalogs.
Severity:
08
CKR0296 PROGRAM profile w/o load module but info missing
complex program Reason
Explanation:
This message is issued by the VERIFY
PGMEXIST function because the indicated PROGRAM profile does not seem to cover any load module from any system in the complex, but some information necessary to be sure is missing. The message is followed by one or more Reason lines with one of the following detail explanations: v Not all VTOCs in CKFREEZE to search for data set
without volser
dsname
v Mig. catlg not in CKFREEZE to check data set any
system
dsname
v PDS dir. not available for migrated data set
syst dsname
v VTOC is not in CKFREEZE to check data set
syst volser
v Mig. catlg not in CKFREEZE to check data set
syst volume dsname
v PDS dir. not available for migrated data set
syst volume dsname
v PDS directory not in CKFREEZE for data set
syst volser dsname
If you are using zSecure Admin or Audit for RACF, see the documentation for the VERIFY PGMEXIST,
PROGRAMNONEMPTY, PROGRAMNOTEMPTY,
PGMNONEMPTY, PGMNOTEMPTY commands in the
IBM Security zSecure: CARLa Command Reference for more information about missing VTOCs, missing migration catalogs, and missing PDS directory information. If a CKRCMD file is allocated for the
Messages from 300 to 399
CKR0300 Tape volume
vvvvvv part of TAPEVOL
profile
key1 as well as key2 complex
complex version
Explanation:
This message is issued if a volume serial is part of more than one TAPEVOL profile. This might complex, a commented-out RDELETE command is generated to remove the PROGRAM profile.
Severity:
04
CKR0297 Obsolete PROGRAM, load module not in libraries
complex program
Explanation:
This message is issued by the VERIFY
PGMEXIST function because the indicated PROGRAM profile does not cover any load module from any system in the complex. If a CKRCMD file is allocated for the complex, an RDELETE command is generated to remove the PROGRAM profile.
Severity:
04
CKR0298
event user identity - defines OMVS
default UID in BPX.DEFAULT.USER output RALTER
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE
PERMIT/USER command. It means that the identity to be removed defines the OMVS default UID, and that the error condition is resolved by removing the specification. If there was a default GID specification, it was to be removed as well; no separate message is shown. If there had been a default GID specification that should not be removed, the error condition would have been considered unresolvable and CKR0262 would have been issued instead.
Severity:
04
CKR0299
event group identity - defines OMVS
default GID in BPX.DEFAULT.USER output RALTER
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE
PERMIT/GROUP command. It means that the identity to be removed defines the OMVS default GID, and that the error condition is resolved by removing the specification. It also means that the default UID specification was to be kept; otherwise CKR0298 would have been issued instead.
Severity:
04 be caused by running with split databases and an incorrect range table.
Severity:
20
CKR0301
event permit identity whenclass
whenprofile(1-15) - volume dsname
150
Messages Guide
CKR0302 • CKR0309
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. It indicates that the identity was found in the conditional access list of a discrete data set profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated.
Severity:
04
CKR0302
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command, and with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command. It indicates that the identity was found in the conditional access list of a generic data set profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated.
Severity:
04
event permit identity whenclass
whenprofile(1-15) dataset dsname
CKR0303
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, with
event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command, and with
event equal to Redundant due to a REMOVE
REDUNDANT_PERMIT command. It indicates that the identity was found in the conditional access list of a model data set profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated.
Severity:
04
event permit identity whenclass
whenprofile(1-15) model dsname
CKR0304
Explanation:
This message is issued if one tape catalog entry for volser indicates that it is a scratch volume, while another one indicates that it is not. It will be treated as a scratch volume.
Severity:
08
Tape information inconsistent on scratch status for volume
volser datasetname
CKR0305 Catalog entry conflicts with tape management system
volser datasetname
file
seq
Explanation:
This message is issued if an ICF catalog and a tape catalog indicate different data set names for the same file sequence number on the same volume serial. The tape catalog is assumed to be correct, the
ICF catalog entry will be ignored.
Severity:
8
CKR0306
Explanation:
This message is issued if a TVTOC entry in the RACF database and a tape catalog entry indicate different data set names for the same file sequence number on the same volume serial. The tape catalog is assumed to be correct, the TVTOC entry will be ignored.
Severity:
08
TVTOC entry conflicts with tape management system
volser datasetname
file
seq
CKR0307 Conflicting tape management information for file
volser datasetname file
seq
Explanation:
This message is issued if two tape catalog entries indicate different data set names for the same file sequence number on the same volume serial.
There is no way to determine which is correct.
Severity:
08
CKR0308 Catalog entry same fileseq as other catalog entry
volser datasetname file seq
Explanation:
This message is issued if two ICF catalog entries indicate different data set names for the same file sequence number on the same volume serial. There is no way to determine which is correct.
Severity:
08
CKR0309
Explanation:
This message is issued if an ICF catalog and a TVTOC entry in the RACF database indicate different data set names for the same file sequence number on the same volume serial. The TVTOC is assumed to be correct, the ICF catalog entry will be ignored.
Severity:
08
Catalog entry conflicts with TVTOC
volser datasetname file seq
Chapter 5. CKR messages
151
CKR0310 • CKR0319
CKR0310
Explanation:
This message is issued if vol2 is declared as the volume directly preceding volser, while volser already precedes vol2. source is either TVTOC, to indicate that the error was detected while processing the RACF database, or CKFREEZE, to indicate that the error was detected while processing the ICF and tape catalogs. The new link is not established; any TVTOC entries are processed first.
Severity:
08
Adding previous volume pointer would create a loop
volser datasetname previous
vol2, reading source
CKR0311
Explanation:
This message is issued if two tape management catalog entries indicate different previous volumes for the same volume serial. There is no way to determine which is correct.
Severity:
08
Conflicting tape management info on volume chaining
volser datasetname
previous
vol2
CKR0312
Explanation:
This message is issued if a TVTOC entry in the RACF database conflicts with the tape management catalog as to the previous volume for the indicated volume serial. The tape management catalog will be considered correct, and the TVTOC entry will be ignored.
Severity:
08
TVTOC chaining conflict with tape management system
volser datasetname
previous
vol2
CKR0313
Explanation:
This message is issued if two ICF catalog entries indicate different previous volumes for the same tape volume serial. There is no way to determine which is correct; vol2 is the ignored link.
Severity:
08
Catalog entries disagree on the previous volume of
volser datasetname previous
vol2
CKR0314 Catalog vol chaining conflicts with tape management
volser datasetname previous
vol2
Explanation:
This message is issued if an ICF catalog entry conflicts with the tape management catalog as to the previous volume for the indicated volume serial.
The tape management catalog will be considered correct, and the information from the catalog entry will be ignored.
Severity:
08
CKR0315
Explanation:
This message is issued if an ICF catalog entry conflicts with a TAPEVOL TVTOC entry in the
RACF database as to the previous volume for the indicated volume serial. The TVTOC will be considered correct, and the information from the catalog entry will be ignored.
Severity:
08
Catalog vol chaining conflicts with
TVTOC
volser datasetname previous vol2
CKR0316 Imbedded ISPF variable not found -
name at ddname line number
Explanation:
This message indicates that an INCLUDE or IMBED command was given for an ISPF variable, but the variable was not present in either the implicit function pool, the shared variable pool, or the profile variable pool.
Severity:
12
CKR0317 Open failed [
type abend rc-rr
(
interpretation)] for imbedded file ddname
dataset
dsname at ddname2 line number
Explanation:
This message indicates that an INCLUDE or IMBED command was given for a file, but the file could not be opened. If an abend occurred, the abend code, reason code and interpretation are given. Review the job log for messages with additional information. If no abend information is present in the message, a preceding CKR message should indicate the reason for the failure.
Severity:
12
CKR0318
Explanation:
This message indicates an error in the contents of the Started Procedure Table ICHRIN03 on the indicated system sys. The generic entry must be the last entry to be handled as a generic entry by RACF. It appears that the generic entry in your ICHRIN03 is not the last entry.
Severity:
08
ICHRIN03 generic entry is not the last one, ignored
sys entry "procname userid
grpname"
CKR0319 ICHRIN03 generic entry allows masquerading any user
sys entry
"
procname userid grpname"
Explanation:
This message indicates an undesirable effect of the contents of the Started Procedure Table
ICHRIN03 on the indicated system sys. The generic entry allows persons with UPDATE access to a started task procedure library or JES2 parameter data set to masquerade as any user in the system by creating a procedure member with a name equal to the user ID to masquerade. The recommended form of the generic
152
Messages Guide
entry is to include in the generic entry a nonblank group name that is specifically meant to contain only the user IDs allowed to run as started tasks.
Severity:
08
CKR0320 Option only valid behind NEWLIST -
option at ddname line
Explanation:
This message indicates that the indicated
option was included on a BUNDLE, OPTION or PRINT command, but this option is only allowed on the
NEWLIST. Examples are RDS, NONRDS, and RETAIN.
Note that most PRINT options are also allowed on the
NEWLIST command.
Severity:
12
CKR0321
Explanation:
This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the
RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a user ID that is not defined in the
RACF database; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use
ICHRIN03.
Severity:
08
ICHRIN03 undefined user
id procedure
procname volume dsn status system
CKR0322 ICHRIN03 undefined group
id
procedure
procname volume dsn status system
Explanation:
This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the
RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a connect group that is not defined in the RACF database; hence the procedure will run with the default authority, the undefined RACF user "*". If
status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use
ICHRIN03.
Severity:
08
CKR0323 ICHRIN03 no connect
uid to group id
proc
procname volume dsn status system
Explanation:
This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the
RACF database on system system. If status is system,
CKR0320 • CKR0326
the indicated procedure in the indicated procedure library maps to a user ID/group combination that has no connect defined in the RACF database; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03.
Severity:
08
CKR0324
Explanation:
This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the
RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a user ID that is not defined as user in the RACF database, but as a group; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03.
Severity:
08
ICHRIN03 contains group
id as user -
procname volume dsn status system
CKR0325
Explanation:
This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the
RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a group name that is not defined as group in the RACF database, but as a user; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03.
Severity:
08
ICHRIN03 contains userid
id as group -
procname volume dsn status system
CKR0326 Started task runs with default authority
procname volume dsn status system
Explanation:
If status is system, this message identifies a started task that runs with the default RACF user
(USER=*) on system system. This may be correct (if the task does not need any higher access than the UACC of the data sets accessed). On the other hand, often a number of procedures can be identified which will fail if started with this (lack of) authority. If status is
fallback
, the indicated procedure has the same
Chapter 5. CKR messages
153
CKR0327 • CKR0333
problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use
ICHRIN03. If you are not interested in the latter kind of potential problems, add SUPPRESS FALLBACK to the command input. To suppress all messages concerning the default user ID, you can add
SUPPRESS ID=* (for ICHRIN03) and SUPPRESS
ID=++++++++ (for the STARTED class) to the command input. To suppress only this message, add
SUPPRESS MSG=326 to the command input.
Severity:
00
CKR0327
sys ICHRIN03 entry unused (subsys no
proc)
procname
Explanation:
This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the active procedure libraries. The indicated procedure name in ICHRIN03 does not cover any procedure in any of the MSTR and JES2 procedure libraries used for started tasks in any of the systems. Note: This message may also be issued if a CKFREEZE file is used that was produced by running zSecure Collect from an unauthorized library. If zSecure Collect is run with APF authorization, it will use cross memory functions to find the data sets allocated to STCPROC (or PROC00 if there's no STCPROC). Subsequently, it will read the
PDS directory of each of these proclibs. Note that it is insufficient to tell zSecure Collect to dump the directories of the PDS data sets in an unauthorized run, because they will not be known as proclibs.
Severity:
08
CKR0328 Obsolete permit
identity unknown
program
program - in model datasetprofile
Explanation:
This message is issued due to a
VERIFY PADS command while RACF runs in Basic program security mode. A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause.
Severity:
04
CKR0329
Explanation:
This message is issued due to a
VERIFY PADS command while RACF runs in Basic program security mode (RACF pre-z/OS 1.4 or specifically defined in later RACF releases). A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause.
Severity:
04
Obsolete permit
identity unknown
program
program generic datasetprofile
CKR0330
Explanation:
This message indicates that an INCLUDE or IMBED command was given for a member, but the member could not be opened in the data set allocated to the file. If an abend occurred, the abend code, reason code and interpretation are given. Review the job log for messages with additional information. If no abend information is present in the message, a preceding CKR message should indicate the reason for the failure.
Severity:
12
Open failed [
type abend rc-rr
(
interpretation)] for imbedded member
member of file ddname dataset dsname at
ddname2 line number
CKR0331 STC default authority - procname is a group
procname volume dsn system system
Explanation:
This message indicates a mismatch for a specific procedure library member between the generic entry in the Started Procedure Table ICHRIN03 and the
RACF database on system system. The indicated procedure in the indicated procedure library maps to a user ID that is not defined as a user in the RACF database, but as a group. Hence the procedure will be assigned the undefined RACF user "*" when started.
Severity:
08
CKR0332 STC revoked connect
user to group -
procname volume dsn status system
Explanation:
If status is system, this message indicates a procedure on system system that cannot be started.
The indicated procedure in the indicated procedure library maps to a user ID/group combination that has a connect defined in the RACF database, but the connect has been revoked. Consequently, the procedure is not startable. If status is fallback, the indicated procedure has the same problem, but is currently unused. If no procedure library is indicated, there is no task by that name. If a library is indicated, the task is covered by a valid profile in the STARTED class and does not use
ICHRIN03.
Severity:
08
CKR0333 Revoked started task uid
userid
procedure
procname volume dsn status system
Explanation:
If status is system, this message indicates a nonstartable procedure on system system. The indicated procedure in the indicated procedure library maps to a user ID that is defined in the RACF database, but the user ID has been revoked.
Consequently, the procedure is not startable. If status is
fallback
, the indicated procedure has the same problem, but is currently unused. If no procedure library is indicated, there is no task by that name. If a library is indicated, the task is covered by a valid
154
Messages Guide
profile in the STARTED class and does not use
ICHRIN03.
Severity:
08
CKR0334 JCL member hidden (duplicate) for procedure
procname volume dsn
Explanation:
This message indicates a nonstartable procedure member. The indicated procedure in the indicated procedure library cannot be started, because it is part of a concatenation. The library prior to it in the concatenation has the same member defined.
Consequently, this JCL member cannot be started.
Severity:
00
CKR0335 Copy
id1 to id2 adds discrete resource
class key
Explanation:
This message indicates that a command was generated in the CKRCMD file to add a discrete general resource profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command.
Severity:
04
CKR0336 Copy
id1 to id2 adds generic resource
class key
Explanation:
This message indicates that a command was generated in the CKRCMD file to add a generic general resource profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command.
Severity:
04
CKR0337
Explanation:
This message indicates that a command was generated in the CKRCMD file to add a generic data set profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command.
Severity:
04
Copy
id1 to id2 adds generic DATASET
profile
dsn
CKR0338
Explanation:
This message indicates that a command was generated in the CKRCMD file to add a model data set profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command.
Severity:
04
Copy
id1 to id2 adds model DATASET
profile
dsn
CKR0334 • CKR0343
CKR0339 Replace owner
id1 of new generic
DATASET profile
dsn - make id2
Explanation:
This message indicates that a command was generated in the CKRCMD file to change the owner of a generic data set profile specific to id2 from
id1 to id2. The message is issued as the result of a
COPY command.
Severity:
04
CKR0340 Replace owner
id1 of new model
DATASET profile
dsn - make id2
Explanation:
This message indicates that a command was generated in the CKRCMD file to change the owner of a model data set profile specific to id2 from
id1 to id2. The message is issued as the result of a
COPY command.
Severity:
04
CKR0341 Unsupported copy
id for tape DATASET
profile
volser dsn
Explanation:
This message indicates that no command was generated in the CKRCMD file to copy the user-specific or group-specific discrete profile. The message is issued as the result of a COPY command.
Severity:
08
CKR0342 Unsupported copy
id non-VSAM
DATASET profile
volser dsn
Explanation:
This message indicates that no command was generated in the CKRCMD file to copy the user-specific or group-specific discrete profile. The message is issued as the result of a COPY command. If the COPY is issued as preparation to a rename operation, then a RENAME of the data set would automatically accomplish the rename of the discrete profile.
Severity:
08
CKR0343 Unsupported copy
id for VSAM
DATASET profile
volser dsn
Explanation:
This message indicates that no command was generated in the CKRCMD file to copy the user-specific or group-specific discrete profile. The message is issued as the result of a COPY command. If the COPY is issued as preparation to a rename operation, then a RENAME of the data set would automatically accomplish the rename of the discrete profile.
Severity:
08
Chapter 5. CKR messages
155
CKR0344 • CKR0355
CKR0344 Unsupported copy
id for member of
profile
class key
Explanation:
This message indicates that no command was generated in the CKRCMD file to copy the function of the user-specific entry in the member list of the indicated profile. The message is issued as the result of a COPY command.
Severity:
08
CKR0345
Explanation:
This message indicates that a command was given implying that the ID id is a group. However,
id is defined as a user ID in the RACF database. Most commands will not be processed any further.
Severity:
12
Group implied in command input is a user -
id
CKR0346 User implied in command input is a group -
id
Explanation:
This message indicates that a command was given implying that the ID id is a user ID.
However, id is defined as a group in the RACF database. Most commands will not be processed any further.
Severity:
12
CKR0347
event owner id1 by id2 in resource class
key
Explanation:
This message indicates that a command was generated in the CKRCMD file to change the owner of a general resource profile specific to id2 from
id1 to id2. The message is issued as the result of a
COPY command.
Severity:
04
CKR0348
parameter must come behind TOUSER
Explanation:
The order of the parameters on the
COPY or MOVE command is invalid. The parameter indicated is only valid behind the TOUSER parameter.
Severity:
12
CKR0349
parameter only valid behind COPY
Explanation:
The parameter is not valid on the current
MOVE or REMOVE command, but only on a COPY command.
Severity:
12
CKR0350
Explanation:
This message gives the number of permits and other references to users and groups that have been processed. It can be used as a measure for the complexity of your database and the IBM Security zSecure Admin and Audit for RACF command processed.
Severity:
00
Number of permits/references processed on
complex [version] is number
CKR0351
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a
REMOVE PERMIT/USER command. Both the owner and the superior group field will be changed by an
ALG command to the indicated group.
Severity:
04
event owner identity on group name -
make
name
CKR0352 Add user
id1 to group id2 as requested -
output ADDUSER
Explanation:
This message indicates that a command was generated in the CKRCMD file to add the user ID
id1 with group id2 as its default group. The message is issued as the result of a COPY USER= command.
Severity:
00
CKR0353
Explanation:
This message indicates that a command was generated in the CKRCMD file to add the group
id1 as a subgroup of id2. The message is issued as the result of a COPY USER= command.
Severity:
00
Add group
id1 to group id2 at depth
depth as requested - output ADDGROUP
CKR0354
parameter only valid behind USER= or
COPY PERMIT/GROUP=
Explanation:
The parameter is not valid on the current
MOVE or REMOVE command, or the order of the parameters is invalid.
Severity:
12
CKR0355 PERMIT/USER/GROUP/NOTIFY are mutually exclusive operands that can occur once per command
Explanation:
Only one of the indicated operands is allowed per MOVE, REMOVE, or COPY command.
Severity:
12
156
Messages Guide
CKR0356 • CKR0365
CKR0356 Not adding user
userid as requested
because all connects omitted by request
- specify TOGROUP
Explanation:
This message indicates that a COPY request was given for a user userid, but the user could not be added since by your request (for example,
FROMGROUP parameter or by means of SELECT commands) all connects would be omitted. In order to add a user ID, at least one connect group is required.
Severity:
12
CKR0357 Procedure name not a userid - uses default
procname volume dsn system
system
Explanation:
This message identifies a started task that runs with the default RACF user (USER=*), because the user ID implied in the Started Procedure
Table through the generic entry "* =" is not defined in the RACF database on system system. This may be correct (if the task does not need any higher access than the UACC of the data sets accessed). On the other hand, often a number of procedures can be identified which will fail if started with this (lack of) authority. To suppress all messages concerning the default user ID, you can add SUPPRESS ID=* (for ICHRIN03) and
SUPPRESS ID=++++++++ (for the STARTED class) to the command input. To suppress only this message, add SUPPRESS MSG=357 to the command input.
Severity:
00
CKR0358 ICHRIN03 generic entry is privileged
sys Entry "procname userid grpname"
Explanation:
This message indicates an undesirable feature of the Started Procedure Table ICHRIN03 on the indicated system sys. The generic entry has the privileged attribute, allowing any started task that is newly added to a procedure library to run with unaudited bypass of the access control decisions. This attribute is normally needed only by a few selected tasks, not by almost all started tasks.
Severity:
08
CKR0359 ICHRIN03 generic entry is trusted
sys
Entry "
procname userid grpname"
Explanation:
This message indicates an undesirable feature of the Started Procedure Table ICHRIN03 on the indicated system sys. The generic entry has the trusted attribute, allowing any started task that is newly added to a procedure library to run with bypass of the access control decisions. This attribute is normally needed only by a few selected tasks, not by almost all started tasks.
Severity:
08
CKR0360 GROUP invalid behind MOVE
Explanation:
The parameter is not valid on the MOVE command. Use USER, PERMIT or NOTIFY to move a user or replace a permit or notify.
Severity:
12
CKR0361 TOGROUP required with MOVE
USER/PERMIT
Explanation:
The parameter TOGROUP is missing from the MOVE command. Use this parameter to indicate to which group the user must be moved.
Severity:
12
CKR0362 Delete of userid
userid not requested,
but removal of all connects implied
Explanation:
The REMOVE or MOVE commands for user IDs and groups results in removal of all connects for the indicated user ID. However, no REMOVE of this user ID was requested. The user ID will not be deleted by the generated commands. You can either specify a
TOGROUP for the user, add a REMOVE for the user, or change the current commands. You can also use the
'Delete all USERs connected to GROUP' option when running with the ISPF interface.
Severity:
12
CKR0363
parameter only valid behind PERMIT=
Explanation:
The parameter indicated is not valid on the current command, or the order of the parameters is incorrect.
Severity:
12
CKR0364 Duplicate name for security level
nn
"
name1" and "name2" complex complex
version
Explanation:
The member list of the SECLEVEL profile in the class SECDATA defining the names of the security levels contains more than one name for the same level. This may happen if the database has more than one SECLEVEL profile.
Severity:
20
CKR0365 Duplicate name for security category
nn
"
name1" and "name2" in complex complex
version
Explanation:
The member list of the CATEGORY profile in the class SECDATA defining the names of the security categories contains more than one name for the same internal representation of a category. This may happen if the database has more than one CATEGORY profile.
Chapter 5. CKR messages
157
CKR0366 • CKR0378
Severity:
20
CKR0366 The following profiles have no data rule specified - current settings used:
Explanation:
This message indicates that the profiles following the colon exist in both the source and the current database, containing different data. However, a mergerule prescribing a data policy was not found.
Severity:
08
CKR0367
Explanation:
This message indicates that the profiles following the colon exist in both the source and the current database, containing different security related data. However, a mergerule prescribing an authority policy was not found.
Severity:
08
The following profiles have no auth rule specified - source settings used:
CKR0368 The following users have no auth rule specified - revoke status unpredictable
Explanation:
This message indicates that the profiles following the colon exist in both the source and the current database, containing different security related data. However, no mergerule prescribing an authority policy could be found.
Severity:
08
CKR0369
number logonid records read for complex
[
version]
Explanation:
This message is only issued for an ACF2 logon ID database and indicates the number of records that were read.
Severity:
00
CKR0370
Explanation:
The indicated indirect reference from:field is not supported.
Severity:
12
Indirect field reference to
field is not
supported at
ddname line number
CKR0371 Field reference by : operator invalid on
LIST command, use
SORTLIST/DISPLAY -
type "value" at
ddname line number
Explanation:
In the NEWLIST TYPE=RACF, an indirect field reference from:field is only valid on the
SORTLIST and DISPLAY commands, not on the LIST command.
Severity:
12
CKR0372 Formats SECLEVEL and CATEGORY invalid on LIST command, use
SORTLIST -
type "value" at ddname line
number
Explanation:
A security level or category format is only valid on the SORTLIST and DISPLAY commands, not on the LIST command.
Severity:
12
CKR0373 Scan operator : only valid with "=" or
"<>" - before
delimiter "value" at ddname
line
number
Explanation:
The field value scan operator : is only valid when the field value comparator indicates equal or unequal.
Severity:
12
CKR0374 Field scan for string type
t is not
supported
Explanation:
You can only scan for a character string.
Severity:
12
CKR0375
Explanation:
The indicated value could not be converted to the internal format required for field name.
Severity:
12
Conversion error for selection of field
name value "value" at ddname line number
CKR0376
Explanation:
The output modifier (for example,
EXPLODE or SCOPE) cannot be used with field name or output format.
Severity:
12
Modifier
modifier invalid for field name
at
ddname line number
CKR0377
Explanation:
This message indicates a failure during
EXCP mode processing. Contact IBM Software Support.
The message can be circumvented by adding the command BDAMQSAM to the input.
Severity:
20
TTR Conversion routine fails on
track
R
n for ddname volser dsname
CKR0378 PROFLIST must refer to a previously defined NEWLIST NAME= parameter
Explanation:
PROFLIST accepts the name of a preceding NEWLIST as its value. The value you passed was not defined as the NAME of a NEWLIST.
Severity:
12
158
Messages Guide
CKR0379 • CKR0387
CKR0379
option only valid in scope of a NEWLIST
command
Explanation:
The indicated option can only be specified on a command following NEWLIST.
Severity:
12
CKR0380 Action for user
userid requested, but
userid not defined
Explanation:
The REMOVE, MOVE, or COPY command for the indicated user cannot complete successfully, since the user does not exist. Check for typing errors or for SELECT statements that exclude part of the database.
Severity:
12
CKR0381 Action for group
grpid requested, but
group not defined
Explanation:
The REMOVE or COPY command for the indicated group cannot complete successfully, since the group does not exist. Check for typing errors or for
SELECT statements that exclude part of the database.
Severity:
12
CKR0382
name field invalid on LIST command,
use SORTLIST - at
ddname line number
Explanation:
The field name is only valid on the
SORTLIST and DISPLAY commands, not on the LIST command.
Severity:
12
CKR0383 Non-PADS access required to process
RACF database of complex
complex
[
version] without your userid userid
Explanation:
When in restricted access mode, the security database you process must contain a user ID equal to your user ID on the current system. No such user ID was found in the security database for the indicated complex. The run will be terminated.
Severity:
12
CKR0383 Unrestricted access required to process
ACF2 database of complex
complex
[
version] without your logonid logonid
Explanation:
When in restricted access mode, the security database you process must contain a logon ID equal to your logon ID on the current system. No such logon ID was found in the security database for the indicated complex. The run is terminated.
Severity:
12
CKR0384 Non-PADS run required to access restricted field
field
Explanation:
This message indicates that the program is operating in restricted or PADS mode and will not allow you to request access to a field that is not normally displayable by RACF commands. This condition is considered a syntax error (severity 12) unless an ALLOWRESTRICT modifier explicitly indicates that the query should be executed anyway; if the latter is the case, this message is issued as a warning (severity 4) to remind you that no output will be generated for the indicated field.
Severity:
04 or 12
CKR0385
event member resource(1-33) class profile
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. It indicates that the identity was found in a discrete member of a general resource profile in a grouping class. Only the first 33 characters of the member resource name are shown. To solve the condition a RALT DELMEM(...()) or RALT ADDMEM(...()) command will be generated.
Severity:
04
CKR0386
event member resource(1-33) class profile
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. It indicates that the identity was found in a generic member of a general resource profile in a grouping class. Only the first 33 characters of the member resource name are shown. To solve the condition a RALT DELMEM(...()) or RALT ADDMEM(...()) command will be generated.
Severity:
04
CKR0387
event member resource(1-33) GLOBAL
DATASET
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a
REMOVE PERMIT/USER/GROUP command, and with event equal to Copy or Replace due to a
COPY PERMIT/USER/GROUP command. It indicates that the identity was found in a data set name present as member of a GLOBAL DATASET profile. Only the first 33 characters of the member resource name are shown. To solve the condition a RALT DELMEM(...()) or RALT ADDMEM(...()) command will be generated.
Chapter 5. CKR messages
159
CKR0388 • CKR0399
Severity:
04
CKR0388 ISPLINK module missing, variable not available -
varname at ddname line number
Explanation:
An IMBED or INCLUDE statement requested input from an ISPF variable, but the ISPF interface module ISPLINK could not be found.
Severity:
12
CKR0389 ISPLINK module missing, no ISPF functions possible
Explanation:
A command requested ISPF functions, but no ISPF interface module ISPLINK was found, neither with BLDL nor linked into the CKRCARLA load module.
Severity:
12
CKR0390 No active ISPF environment, no ISPF functions possible
Explanation:
A command requested ISPF functions, but the ISPLINK return code indicates it is incapable of performing ISPF commands.
Severity:
12
CKR0391 Duplicate NEWLIST NAME=
name at
ddname line number, already defined at
ddname2 line number2
Explanation:
Two NEWLISTs have the same
NAME=name parameter. This is not allowed.
Severity:
12
CKR0392 DDNAME parameter required on
UNLOAD in the scope of a NEWLIST
Explanation:
When an UNLOAD command is used in the scope of a NEWLIST command, the output file must be specified using the DDNAME= parameter or its equivalent (DD=, FILE=, F=).
Severity:
12
CKR0393 Invalid DEBUG option -
option
Explanation:
An invalid DEBUG option was used.
Severity:
12
CKR0394 More than 16 SMF exits per subsystem not supported - system
system-name
Explanation:
System system-name has more than 16
SMF exits for one or more SMF subsystems. This is not supported in current versions of MVS and zSecure.
Severity:
16
160
Messages Guide
CKR0395
Explanation:
This message indicates an error with the use of the WRAP or WORDWRAP. These output modifiers cannot be used on a column with the indicated output format.
Severity:
12
Modifier WRAP cannot be combined with the
format format - field name at
ddname line number
CKR0396
Explanation:
This message is only issued for an ACF2 rule database and indicates the number of records that were read, as well as the total number of rule lines that were present in those records.
Severity:
00
nn rule records containing a total of nn
entries read for
complex [version]
CKR0397 Field
name of length field-length truncated
to
new-length to fit in line length
line-length at ddname line number
Explanation:
This message indicates that field name did not fit on the output line and was truncated to fit the line length. It does not indicate an error condition.
Severity:
00
CKR0398 Maximum of 255 merged NEWLISTSs exceeded before
type "value" at ddname
line
number
Explanation:
The number of NEWLIST statements between a MERGELIST and ENDMERGE pair exceeded 255. Reduce the number of NEWLISTs, or split the report into several MERGELIST/ENDMERGE pairs.
Severity:
12
CKR0399 SUMMARY must be the last command in a NEWLIST body, only one per
NEWLIST
Explanation:
This message indicates that a
SUMMARY or DSUMMARY command was followed by another command from the LIST family within the same NEWLIST. This is not allowed.
Severity:
12
CKR0400 • CKR0411
Messages from 400 to 499
CKR0400 AND requires prior clause
Explanation:
A syntax error was detected in the input.
The program thinks it has encountered an AND in an
AND/OR list in a SELECT or EXCLUDE command, but has not encountered the previous clause.
Severity:
12
CKR0401 OR requires prior clause
Explanation:
A syntax error was detected in the input.
The program thinks it has encountered an OR in an
AND/OR list in a SELECT or EXCLUDE command, but has not encountered the previous clause.
Severity:
12
CKR0402
Explanation:
This message indicates that the program has interpreted the previous token as a NOT in a
SELECT or EXCLUDE command and is now expecting a clause within parentheses.
Severity:
12
NOT clause expects parentheses instead of
type "value" at ddname line number
CKR0403 LIKELIST must refer to a previously defined NEWLIST type=
type NAME=
parameter
Explanation:
This message indicates that a LIKELIST was used that did not refer to an existing NEWLIST name of the same type (indicated by type). A LIKELIST target must be the name of a NEWLIST of the same type that must come earlier in the input. There must be a LIST, SORTLIST/DISPLAY, or (D)SUMMARY command in the NEWLIST that is referred to. If you suppress this message all LIKELIST clauses which do not refer to a preceding NEWLIST select all records.
Severity:
12
CKR0404 Expected valid year value instead of
value
Explanation:
This message indicates that you specified a value for the YEAR keyword of the SELECT or
EXCLUDE command that is out of range. Valid year values are in the range 0 to 99 (with 1900 added implicitly), or 1900 and higher.
Severity:
12
CKR0405 Range error in
type
Explanation:
This message indicates that you specified a range (two values separated by a colon) of type in the
SELECT or EXCLUDE command that is not valid. The start value in a range must be lower than or equal to the end value. The only exception is a range of weekday values, which should have a start value different from the end value (a weekday range can handle wrap-arounds).
Severity:
12
CKR0406 Error during conversion of string
string
Explanation:
This message indicates that an error occurred during the conversion of string string from hexadecimal, decimal or binary. Check string for characters invalid in the specified conversion type.
Severity:
12
CKR0407
Explanation:
This message indicates that you specified a value for the MONTHDAY keyword of the SELECT or EXCLUDE command that is out of range. Valid monthday values are in the range 1 to 31.
Severity:
12
Expected valid monthday value instead of
value
CKR0408 Unknown event name
name
Explanation:
This message indicates that you specified an event name for the EVENT keyword of a SELECT or
EXCLUDE command that is unknown. Either specify an event by name or use an event number.
Severity:
12
CKR0409 Substring selection only allowed with =,
<> and ¬=
Explanation:
This message indicates that the <, >, <= or >= relational operator was used for a substring scan
(indicated by a colon ":" after the relational operator).
This is not allowed; only the equal and not-equal operations are defined for a substring scan.
Severity:
12
CKR0410
Explanation:
This message indicates that the <, >, <= or >= relational operator was followed by an opening parenthesis indicating the start of a list of values. This is not allowed; only the equal and not-equal operations are defined for a list of values.
Severity:
12
Value list only allowed with =, <> and
¬ =
CKR0411 Expected valid time value instead of
value
Explanation:
This message indicates that you specified
Chapter 5. CKR messages
161
CKR0412 • CKR0421
a value for the TIME keyword of a SELECT or
EXCLUDE command that is out of range. Valid time values are in the range 0000 to 2359; minute values of
60 or higher are not allowed. Warning: specifying
TIME=10:00 would indicate an (invalid) time range from 0010 to 0000. Use TIME=1000 instead.
Severity:
12
CKR0412 String longer than expected size
value
Explanation:
This message indicates that you specified a string value that is longer than allowed for this keyword of the SELECT or EXCLUDE command. The allowed maximum length for this keyword is included in the message.
Severity:
12
CKR0413 List not allowed for FIELDVAL type
type
Explanation:
This message indicates that you used a value list with the NEWLIST TYPE=SMF FIELDVAL type MASK1 or MASK2. These FIELDVAL types can only be used with a single value.
Severity:
12
CKR0414 Ignored empty list of
type
Explanation:
This warning message indicates that you specified a keyword but no type value or list of values in the SELECT or EXCLUDE command. zSecure has ignored the keyword and will continue input processing. This message may also occur when a list contains only invalid values.
Severity:
00
CKR0415 Duplicate event
event while parsing
eventname
Explanation:
While parsing a "select event<>" clause the indicated event was found to be specified twice. The second specification was eventname. This happens most often when an event was specified both by name or number, or as part of a predefined group of events (for example, ALLSVC). If it is unclear which other specification eventname is in conflict with, you can move the eventname specification to the beginning of the clause, and run the query again. The resulting
CKR0415 message should then show the other
eventname in the conflict. If the duplicate specification is intended (for example, event<>(ALLSVC(success),RACINIT(warning))), you should move one of the two to a separate event<> clause in your select.
Severity:
12
CKR0416 Duplicate type number
value
Explanation:
This message indicates that a type code was used twice in a value list of the TYPE keyword of the SELECT or EXCLUDE command.
Severity:
12
CKR0417 Expected ( or =, ¬= or <> relational operator before
type "value" at ddname
line
number
Explanation:
This message indicates that the program did not find the relational operator =, ¬=, or <> or the opening parenthesis of a value list in a SELECT or
EXCLUDE command. Larger than/smaller than operators, and field-compare operators, are not allowed here.
Severity:
12
CKR0418 SMF input terminated, limit SMFIN reached
Explanation:
This message indicates that zSecure
Audit has stopped reading SMF records because the input limit defined by the SMFIN parameter of the
LIMIT command has been reached. This message is for informational purposes only and does not indicate an error.
Severity:
00
CKR0419 SMF input terminated, all OUTLIM limits reached
Explanation:
This message indicates that zSecure
Audit has stopped reading SMF records because the output limit defined by the OUTLIM parameter of the
NEWLIST command has been reached for all
NEWLISTS of TYPE=SMF.
Severity:
00
CKR0420
Explanation:
The NJE node on the ALLOC statement will be used instead of the actual node. This means that the commands will not be routed to the node they have been generated for, unless you are quite sure the node is now called by the name specified on the ALLOC statement.
Severity:
00
Warning: ALLOC NJENODE=
node1
differs from CKFREEZE node
node2 for
complex
complex
CKR0421 Pattern
pattern not allowed at ddname
line
number
Explanation:
This message indicates a string containing wildcard characters was used where it is not allowed, for example, for a substring scan or a field for
162
Messages Guide
CKR0422 • CKR0431
which pattern searches are not supported.
Severity:
12
CKR0422 Expected clause following
operator
Explanation:
This message indicates that a select clause ended with operator, where operator is AND or
OR. An AND or an OR should be followed by another select clause.
Severity:
12
CKR0423 List of
type values not allowed
Explanation:
This message indicates that a list of values was used with the type (TIME or DATETIME) keyword of the SELECT or EXCLUDE command. This is not allowed; use a range of values (two values separated by a colon) or multiple clauses concatenated by ORs instead.
Severity:
12
CKR0424 Warning: Ambiguous AND/OR usage, please use parentheses to indicate desired grouping
Explanation:
This message indicates that a
SELECT/EXCLUDE or WHERE clause was ambiguous, and will be resolved left to right. This may not be desired; use parentheses around AND/OR clauses to indicate the desired grouping.
Severity:
04
CKR0425
Explanation:
The output field you requested on the
LIST, SORTLIST, DISPLAY, or SUMMARY command has not been defined for the NEWLIST of type list-type.
Verify the spelling. If list-type is equal to deftype, then that is not the newlist type itself, but indicates that the error occurred in a newlist defined with a DEFTYPE statement.
Severity:
12
Field "
field-name" to be processed not
valid for NEWLIST TYPE=
list-type at
ddname line number
CKR0426 Unknown descriptor type
hex-value in
CKASMFI
Explanation:
This message indicates that an internal error occurred in the selection of fields in a SMF record.
Contact IBM Software Support.
Severity:
08
CKR0427
nn SMF records read, nn SMF records
selected (
nn%)
Explanation:
This message indicates the number of
SMF records read and the number and percentage that were selected.
Severity:
00
CKR0428 [
reason] input OPEN failed ddname volser
datasetname
Explanation:
This message indicates that ddname was allocated but could not be opened for input. Check the
DD statement for ddname, correct the error and submit the job again. The type shown is the newlist type for which the file was required; it is either SMF or the name of a newlist type defined with a DEFTYPE statement. For a DEFTYPE type file, no automatic scoping of the file contents is supported. Therefore, unconditional access to the file is required. If it can only be read via PADS, the reason will indicate that.
Severity:
16
CKR0429
Explanation:
This message indicates that ddname was allocated but could not be opened for output. Check the DD statement for ddname, correct the error and submit the job again.
Severity:
16
SMF unload OPEN failed
ddname volser datasetname
CKR0430 No
type input files could be opened
Explanation:
This message indicates that no input files could be opened for newlist type type, either because no ddnames were allocated or because none of the allocated ddnames could be opened for input. Check the DD statements and submit the job again. The type shown is either SMF or the name of a newlist type defined with a DEFTYPE statement.
Note that this message can also occur when
ALLOCATE SMF ACTIVE was specified and system runs without active SMF recording.
Severity:
12
CKR0431 Error in conversion of bitfield
string
Explanation:
This message indicates that an error occurred during conversion of a bitfield. Bitfields may consist of the characters 0, 1, and "." (don't-care).
Severity:
12
Chapter 5. CKR messages
163
CKR0432 • CKR0442
CKR0432 Field type
type not supported for field
field
Explanation:
This message indicates that the indicated
field was used for SELECT/EXCLUDE processing; the field can only be used for output in the current
NEWLIST type. The NEWLIST types for which this error message may occur support the selection of strings, bitfields, and numbers. Some field types like time zones can only be used for output.
Severity:
12
CKR0433 SUMMARY and LIST type commands without a prior NEWLIST are not supported for
program product code code
Explanation:
SUMMARY, DSUMMARY, DISPLAY,
LIST and SORTLIST commands are only valid within the context of a NEWLIST, unless the program is enabled to read a RACF database.
If you are using the IBM Security zSecure Manager for
RACF z/VM product and this error occurs, contact IBM
Software Support.
Severity:
12
CKR0434 Expected decimal value instead of
type
"
value" at ddname line number
Explanation:
This message indicates that a non-decimal value was encountered where a decimal value was expected.
Severity:
12
CKR0435
Explanation:
This message indicates that a number was read that is too large to fit the field. zSecure either read the decimal number number or converted a quoted string (from hexadecimal or binary) that has decimal value number.
Severity:
12
Value
number (decimal) above maximum
of
maximum
CKR0436 Meaning of DDNAME keyword has changed, use SMFDD instead - at
ddname line number
Explanation:
This message indicates that a query used the NEWLIST TYPE=SMF keyword DDNAME. The meaning of this keyword has changed; use SMFDD instead.
Severity:
12
CKR0437 SMF input terminated by user attention request
Explanation:
This message indicates that input processing for NEWLIST TYPE=SMF was terminated because the user pressed the attention key. Output will be generated for the records processed so far.
Severity:
00
CKR0438 SMF input terminated: out of memory
Explanation:
This message indicates that input processing for NEWLIST TYPE=SMF was terminated because the program ran out of memory. Output will be generated for the records processed so far. To process more input, either create more restrictive
SELECT/EXCLUDE statements, or increase the
REGION size.
Severity:
08 (unless changed by the MSGRC parameter of the OPTION statement)
CKR0439 PERMISSIONS of ALLOW and LOG are mutually exclusive with PREVENT
Explanation:
Selection of ACF2 data set access rules on an access level of PREVENT cannot be combined with selection on other access levels, at least not on the same PERMISSIONS keyword.
Severity:
12
CKR0440 Field '
field-name' may not be used for
select/exclude processing, use
'
field-name2' instead
Explanation:
This message indicates that a select clause for the NEWLIST TYPE=SMF tried to use the field field-name, which can only be used for output. In some cases, an alternative field field-name2 is suggested.
Severity:
12
CKR0441 Field '
field' may not be used in compare
operations
Explanation:
The indicated field may not be used in a field vs field compare operation in the NEWLIST
TYPE=SMF. Normal field-value comparisons are allowed.
Severity:
12
CKR0442 Resource deletion: Migrated related name MIGRAT
dsname catalog
Explanation:
This message indicates that a migrated data set name present in the HSM MCDS has a high level qualifier that should be deleted. It is however a related name for another data set name, that usually will have the same first qualifier. Any non-VSAM entries in the catalog for this name should be deleted
164
Messages Guide
CKR0443 • CKR0453
automatically by HSM when the base name is deleted.
No specific command is being generated.
Severity:
00
CKR0443
event appdat identity general resource
profile
class key
Explanation:
This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE
PERMIT/USER command. It means that the identity to be removed occurs in the APPLDATA field. This message is only issued for the TMEADMIN class. To solve the condition an RDEL command will be generated to remove the entire profile.
Severity:
04
CKR0444 ACL field invalid on
SUMMARY/DSUMMARY, use USERID
- at
ddname line number
Explanation:
This message indicates that a summary cannot be performed on the special-purpose field ACL.
Severity:
12
CKR0444
field field invalid on
SUMMARY/DSUMMARY - at
ddname
line
number
Explanation:
This message indicates that a summary should not be performed on the special-purpose field
field.
Severity:
12
CKR0445 Expansion for static system symbol too long:
hex
Explanation:
This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support.
Severity:
20
CKR0446 Expansion for static system symbol exceeds record:
hex
Explanation:
This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support.
Severity:
20
CKR0447 Name of static symbol too long:
hex
Explanation:
This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support.
Severity:
20
CKR0448 Name of static system symbol exceeds record:
hex
Explanation:
This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support.
Severity:
20
CKR0449 Duplicate static system symbol definition:
var already val ; dupval
ignored.
Explanation:
This message indicates that a duplicate system symbol definition was encountered. The new value is ignored. Contact IBM Software Support.
Severity:
20
CKR0450
Explanation:
This message indicates that processing of
SMF or Top Secret Security ATF input file ddname has started. In addition, it can indicate in pads by the text
PADS that access to the data was allowed by virtue of a conditional access. If this is the case, then zSecure
Audit will restrict functionality to the user's scope.
Severity:
00
Started processing
type pads file ddname
volser dsn
CKR0451 SMF processing at DDname
ddname and
RecNo
recno
Explanation:
This message is printed in case of an abend. It indicates the ddname and record-number of the record being processed at the time of the abend.
Severity:
00
CKR0452 SMF records were processed for the following systems:
version complex-name
system-name from start-date start-time to
end-date end-time note
Explanation:
This multiple-line message is printed after SMF processing has finished; it indicates the date and time of the earliest and latest records processed for each system-id encountered. A note with the text (No
CKFREEZE file)
may be shown if no CKFREEZE file was related to the SMF ID. The note can also indicate the number of records processed. This message is for informational purposes only and does not indicate an error.
Severity:
00
CKR0453 Static system symbol table skipped :
num entries claimed, but record too
small
Explanation:
This message indicates that the system symbol table had a length that did not fit the
Chapter 5. CKR messages
165
CKR0454 • CKR0463
CKFREEZE record length. Run zSecure Collect again with a greater LRECL for the CKFREEZE data set. If this is at the maximum, contact IBM Software Support.
Severity:
20
CKR0454 SMFCACHE job tag system enabled but not useful - now disabled
Explanation:
This message indicates that the job tag system was turned off because it was not useful: the
JOBID, USER, GROUP and TERMINAL keywords were not used in the selection (SELECT, EXCLUDE) or display (LIST, SORTLIST, DISPLAY) commands.
Severity:
00
CKR0455 SMFCACHE used
size KB but had to
skip
skipped-number records and still had
cached-number records cached for number
out of
full-number job tags
Explanation:
This message indicates that the job tag system was turned on during SMF processing; it also prints the amount of memory used, the number of records skipped because the cache was full, the number of records left incompleted after the last record was read, the number of incomplete job tags, and the overall number of job tags. Refer to the SMFCACHE command for more information. The records left incomplete and skipped were processed without RACF information.
Severity:
00
CKR0456
Explanation:
This message is due to
SMFCACHE VERBOSE. One of these messages is printed for each job tag incomplete at the end of SMF processing. It indicates the job affected, the amount of records cached at end-of-file and the amount of records skipped because the cache was full (these records were processed without RACF information).
Severity:
00
SMFCACHE incomplete job tag
job-tag
with
cached-num records cached and
skipped-num skipped
CKR0457 SMFCACHE completed job tag
job-tag
with
cached-num records cached and
skipped-num skipped
Explanation:
This message is due to
SMFCACHE VERBOSE. One of these messages is printed for every job tag that is complete and has cached some records. skipped-num indicates the amount of records skipped because the cache was full; these records were processed without RACF information.
Severity:
00
CKR0458 SMF RACF command
item display
truncated at
ddname record number
Explanation:
The display indicated is too large for its buffer; this can be either a command or a command
parameter
display as indicated by item.
Severity:
08
CKR0459
Explanation:
This message indicates a failure in the simulation of the naming convention table, ICHNCV00.
Contact IBM Software Support.
Severity:
12
ICHNCV00 simulate (system=
sys)
internal error:
message
CKR0460 Horizontal and dump format cannot be combined on one field -
field at ddname
line
number
Explanation:
The DUMP output modifier and the
HORIZONTAL output modifier may not be combined.
Severity:
12
CKR0461
number SMF [type rectype] records were
lost on system
system-id from date time
Explanation:
This message is printed when an SMF record of type 7 is processed. It indicates that SMF records were lost on the system that generated the SMF file. It does not indicate an error in zSecure Audit or in
SMF processing. If rectype is present, type rectype records were dropped due to SMF record flood options.
Because some records were lost, the input to zSecure
Audit might be incomplete. Any events that occurred during the recording gap cannot be audited.
Severity:
00
CKR0462
Explanation:
This message indicates that zSecure did not find the relational operator =, ¬= or <>, the field-compare operator ==, <<>>, or ¬==, or the opening parenthesis of a value list in a SELECT or
EXCLUDE command. Larger than/smaller than operators are not allowed here.
Severity:
12
Expected ( or =, ¬=, <>, ==, ¬==, or <<>> relational operator before
type "value" at
ddname line number
CKR0463 Expected ( or =, ¬=, <>, <, >, <=, or >= relational operator before
type "value" at
ddname line number
Explanation:
This message indicates that zSecure did not find the relational operator =, ¬=, <>, <, >, <=, or
>=, or the opening parenthesis of a value list in a
SELECT or EXCLUDE command. Field-compare
166
Messages Guide
CKR0464 • CKR0471
operators are not allowed here. For additional information, see the SELECT/EXCLUDE- Field compare documentation in the user reference manual for your zSecure product.
Severity:
12
CKR0464 Substring offset must be >= 1
Explanation:
This message indicates that zSecure found an invalid substring offset in a SELECT or
EXCLUDE command. The SUBSTRING operation requires an offset (the second SUBSTRING parameter) of at least 1.
Severity:
12
CKR0465 Substring maxlen may not be zero
Explanation:
This message indicates that zSecure found an invalid substring maximum length in a
SELECT or EXCLUDE command. If a maximum length is specified with a SUBSTRING operation, for example,
SUBSTRING(field,offset,maxlen), the maximum length must be at least 1. Omit the maximum length altogether to select until the end of the field, for example, SUBSTRING(field,offset).
Severity:
12
CKR0466 Substring endpos may not be before start
Explanation:
This message indicates that zSecure found an invalid substring end position in a SELECT or
EXCLUDE command. If a maximum length is specified with a SUBSTRING operation, for example,
SUBSTRING(field,offset:endpos), the end position must be equal to, or larger than, the start position (offset). Omit the end position altogether to select until the end of the field, for example, SUBSTRING(field,offset).
Severity:
12
CKR0467
operations not allowed with format field
name at ddname line number
Explanation:
This message indicates that zSecure found a manipulation operation that is specified for a field value that does not have the right format. An
EXTRACTDN operation can be applied only to a distinguished name in X.509-DN format. The other operations can be applied only to character-format fields.
Note:
When field value operation functions are nested, the format that is shown might be an intermediate result. For example, the resulting format after
EXTRACTDN is Char, so the function can be applied only once.
Severity:
12
CKR0468 DDNAME
ddname is in NOA status, and
cluster name
cluster name is not defined
in the FDR - allocation failed
Explanation:
During an attempt to dynamically allocate an active ACF2 backup data set, the program found that the data set was not allocated by ACF2 because it had been overridden by a DD DUMMY specification in the ACF2 startup JCL. When subsequently trying to retrieve the data set name from the eligible ACF2 database clusters defined in the
ACFDR, the program discovered that either the currently active database cluster was not defined in the
ACFDR, or the indicated cluster did not have a data set defined for the function indicated by ddname. This implies that the program cannot determine which data set to allocate.
Severity:
16
CKR0469
Explanation:
This message indicates that the program found an invalid compare operation in a SELECT or
EXCLUDE command. When two fields are compared
(i.e. a field-field compare instead of a field-constant compare), at most one of the fields may be a repeat-group field. The compare operation attempted to compare two repeated fields, which is not supported.
Severity:
12
Compare fields may not both be repeated [ -
field1 and field2 ] at ddname
line
number
CKR0470 Fields to be compared must have the same format [ -
field1 and field2 ] at
ddname line number
Explanation:
This message indicates that the program found an invalid compare operation in a SELECT or
EXCLUDE command. When two fields are compared
(i.e. a field-field compare instead of a field-constant compare), the fields must have an equivalent format, for example, both character-format or both numerical.
The compare operation attempted to compare two fields with a different format, which is not supported.
Severity:
12
CKR0471 Duplicate data set on SMS managed volumes
volser dsname
Explanation:
During the comparison of library versions the same data set name was encountered on more than one SMS managed volume. This is not supported.
Severity:
08
Chapter 5. CKR messages
167
CKR0472 • CKR0480
CKR0472 Conversion to SMS managed assumed for data set
dsname
Explanation:
During the comparison of library versions in multiple CKFREEZE files a data set name was encountered first on a non-SMS managed volume and later on an SMS managed volume. It is assumed that the volume or data set was converted to SMS.
Severity:
00
CKR0473 READ-sensitive DATASET protection not CS1-compliant
dsname - change
profile
Explanation:
A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to adjust the protection to the required level while minimizing the impact on other data sets; a fully qualified generic is used to achieve this. Note that this may imply a reduction of the UACC.
Severity:
04
CKR0474
Explanation:
A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to adjust the protection of the discrete profile to the required level. Note that this may imply a reduction of the UACC.
Severity:
04
READ-sensitive DATASET protection not CS1-compliant
volser dsname
CKR0475 UPDATE-sensitive DATASET protection not CS1-compliant
dsname - modify
profile
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to updates through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to adjust the protection to the required level while minimizing the impact on other data sets; a fully qualified generic is used to achieve this. Note that this may imply a reduction of the UACC.
Severity:
04
CKR0476 UPDATE-sensitive DATASET protection not CS1-compliant
volser dsname -
modify profile
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to updates
168
Messages Guide through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to adjust the protection of the discrete profile to the required level. Note that this may imply a reduction of the UACC.
Severity:
04
CKR0477
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. Usually this is limited to
ICF catalogs. A command is generated to adjust the protection to the required level while minimizing the impact on other data sets; a fully qualified generic is used to achieve this. Note that this may imply a reduction of the UACC.
Severity:
04
ALTER-sensitive DATASET protection not CS1-compliant
dsname - modify
profile
CKR0478
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. Usually this is limited to
ICF catalogs. A command is generated to adjust the protection of the discrete profile to the required level.
Note that this may imply a reduction of the UACC.
Severity:
04
ALTER-sensitive DATASET protection not CS1-compliant
volser dsname -
modify profile
CKR0479 Global access to sensitive dataset not
CS1-compliant
volser dsname
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile, because the access granted through the Global Access Table is too high. A command is generated to adjust the Global Access Table to the highest level still allowed. Note that this will imply a reduction of the availability of the data set to users.
Severity:
04
CKR0480 READ-sensitive DATASET protection not CS1-compliant
volser dsname - add
profile
Explanation:
A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not
protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to create a new fully qualified generic profile, using the current generic profile covering the data set; the protection of the new profile is adjusted to the required level. Note that this may imply a reduction of the
UACC.
Severity:
04
CKR0481 UPDATE-sensitive DATASET protection not CS1-compliant
volser dsname - add
profile
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to updates through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to create a new fully qualified generic profile, using the current generic profile covering the data set; the protection of the new profile is adjusted to the required level. Note that this may imply a reduction of the
UACC.
Severity:
04
CKR0482 ALTER-sensitive DATASET protection not CS1-compliant
volser dsname - add
profile
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. Usually this is limited to
ICF catalogs. A command is generated to create a new fully qualified generic profile, using the current generic profile covering the data set; the protection of the new profile is adjusted to the required level. Note that this may imply a reduction of the UACC.
Severity:
04
CKR0483 READ-sensitive data set unprotected
volser dsname - add profile
Explanation:
A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to create a new fully qualified generic profile; the protection of the new profile is set to the required level.
Severity:
04
CKR0484 UPDATE-sensitive data set unprotected
volser dsname - add profile
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to updates through the SIMULATE SENSITIVE command is not
CKR0481 • CKR0488
protected as prescribed by the CS1 (Commercial
Security 1) protection profile. A command is generated to create a new fully qualified generic profile; the protection of the new profile is set to the required level.
Severity:
04
CKR0485 ALTER-sensitive data set unprotected
volser dsname - add profile
Explanation:
A data set containing part of the Trusted
Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial
Security 1) protection profile. Usually this is limited to
ICF catalogs. A command is generated to create a new fully qualified generic profile; the protection of the new profile is set to the required level.
Severity:
04
CKR0486 FIELDVAL may only be used for
Select/Exclude - at
ddname line number
Explanation:
The FIELDVAL field in
NEWLIST TYPE=SMF may only be used for
SELECT/EXCLUDE processing; it was used in a LIST,
SORTLIST, or (D)SUMMARY command, which is not allowed.
Severity:
12
CKR0487 Defined variable
name (type=type) is not
boolean/as/true, may not be used in clause
Explanation:
The indicated variable was used in a
SELECT/EXCLUDE or WHERE clause, but was not a boolean or field-based define. This is not allowed.
Severity:
12
CKR0488 Newlist [name=
name] type=type
suppressed for
reason at ddname line
number
Explanation:
The indicated NEWLIST is suppressed for the indicated reason:
restricted mode
A NEWLIST with option UNRESTRICTED is run by a user in restricted mode.
not being auditor
A NEWLIST with option RESTRICT_AUDITOR is run by a user who is not a system-wide auditor.
Processing for the not-suppressed NEWLISTs will continue.
Severity:
00
Chapter 5. CKR messages
169
CKR0489 • CKR0499
CKR0489 NEWLIST TYPE=PPT request for system
system not supported for live system or
non-APF CKFREEZE
Explanation:
The NEWLIST TYPE=PPT for the indicated system could not generate any output; this
NEWLIST type requires a CKFREEZE file generated by an APF-authorized run of zSecure Collect.
Severity:
00
CKR0490
Explanation:
The NEWLIST TYPE=JOBCLASS does not support the JES2 $CAT table size found. Contact
IBM Software Support and submit an error report containing the indicated size and your MVS and JES2 levels.
Severity:
16
$CAT size
size (decimal) not supported
in newlist type=JOBCLASS
CKR0491 Repeated substring not allowed in
TYPE=RACF clause - variable
name
Explanation:
Nested substring requests are not allowed for NEWLIST TYPE=RACF clauses.
Severity:
12
CKR0492 Field value manipulation or lookup not allowed in TYPE=RACF select clause variable
name
Explanation:
Certain field value manipulations
(CONVERT, PARSE, WORD) and field lookups are not allowed on select/exclude statements in NEWLIST
TYPE=RACF if similar or other field value manipulations are also present in the DEFINE for the variable. Note that using SUBSTRING is allowed.
User response:
Move all the manipulations to one
DEFINE.
Severity:
12
CKR0493
Explanation:
While a boolean variable may be used in a SELECT statement, it may not be used at the right-hand side of a field-field compare.
Severity:
12
Boolean variable
name may not be used
as right-hand side of compare
CKR0494
Explanation:
A substring function cannot operate on a defined variable of type BOOLEAN.
Severity:
12
Substring operation not allowed on boolean variable
name
CKR0495 Concatenation of unloads in file
ddname
is not supported - stopping after 1st one
Explanation:
Multiple unloads must be allocated to separate ddnames, they cannot be concatenated.
Severity:
12
CKR0496 Warning: database for
complex processed
with settings from system
system
[
version]
Explanation:
The RACF database of complex does not match the system to which the in-storage settings used for it refer. (This message only pertains to
FUNCTION=MAIN or FUNCTION=BASE.)
Severity:
00
CKR0497 Restricted mode does not allow using settings from any other system than
complex
Explanation:
The RACF database of complex does not match the system to which the in storage setting used for it refer, and this is not allowed in restricted mode.
Severity:
12
CKR0498 Warning: database for
complex processed
with settings from
system
Explanation:
The RACF database of complex does not match the system to which the in storage settings used for it refer. (This message only pertains to
FUNCTION=MERGE.)
User response:
Explicitly partition the input data sets through use of the COMPLEX and VERSION keywords to represent the actual configurations in use.
Severity:
00
CKR0499 Invalid cell in VVDS record for
component cluster name
Explanation:
Parsing unexpectedly encountered the end of a VVDS cell.
Severity:
08
170
Messages Guide
CKR0500 • CKR0511
Messages from 500 to 599
CKR0500 Define for variable
variable (type=type) at
ddname line number conflicts with define
at
ddname line number
Explanation:
This error message indicates that two statistic variables with identical names were defined within the same NEWLIST. This is not allowed.
Severity:
12
CKR0501
Explanation:
This warning message indicates that a statistic variable was defined within a NEWLIST that has the same name as a statistic variable defined in a previous NEWLIST. The new definition overrides the old one; this may not be intended.
Severity:
00
Define for variable
variable (type=type) at
ddname line number overrides define at
ddname line number
CKR0502 DISPLAY only contains repeat or detail fields, 1st level display would be empty for newlist at
ddname line number
Explanation:
This error message indicates that a
DISPLAY command did not contain any fields that could be displayed at the 1st level display. This is not allowed; include a non-repeated or non-detail field in the DISPLAY. If you specified the NEWLIST parameter
DETAIL, use the output modifier NODETAIL on at least one non-repeated field.
Severity:
12
CKR0503 Duplicate threshold specification before
token at ddname line number
Explanation:
This error message indicates that more than one threshold output modifier was used for the same field. This is not allowed.
Severity:
12
CKR0504 Summary invalid in merged newlist at
ddname line number
Explanation:
In the current version of zSecure, a
SUMMARY command may not be used in a merged
NEWLIST.
Severity:
12
CKR0505 Compound summary at level
number
cannot contain repeat group value
"
field-name" at ddname line number
Explanation:
In the current version of zSecure, a compound summary key must consist of non-repeat groups. This error message indicates that the repeat-group field of type field-name is part of a compound summary key.
Severity:
12
CKR0506 Variable
name at ddname line number
defined with lookup - invalid with type=RACF LIST commands
Explanation:
Variable name was defined using a lookup operator. For NEWLIST TYPE=RACF, such variables may not be used in LIST commands. Use
SORTLIST or DISPLAY instead.
Severity:
12
CKR0507 Asterisk list operator is only valid on
SUMMARY commands
Explanation:
This error message indicates that the asterisk (*) list operator was used in a LIST, SORTLIST, or DISPLAY command. It may only be used in a
SUMMARY or DSUMMARY command.
Severity:
12
CKR0508 ENDMERGE missing
Explanation:
This error message indicates that a merged NEWLIST was started but not ended.
Severity:
12
CKR0509 ENDMERGE without MERGELIST
Explanation:
This error message indicates that an
ENDMERGE command was found (which normally ends a merged NEWLIST), but no previous
MERGELIST command was found to start the merged
NEWLISTs.
Severity:
12
CKR0510 Target field
field-name (type=type)
undefined for define
statistic-name at
ddname line number
Explanation:
This error message indicates that a statistic variable was defined that has a target field which does not exist or has not been defined.
Severity:
12
CKR0511 ENDMERGE missing before
ENDBUNDLE
Explanation:
This error message indicates that an
ENDBUNDLE command was found, in a sequence of
BUNDLE - MERGELIST - ENDBUNDLE. There should be an ENDMERGE command in this sequence.
Chapter 5. CKR messages
171
CKR0512 • CKR0520
Severity:
12
CKR0512 Target field
field-name (type=type) found
at
ddname line number does not have the
required where clause for define
statistic-name at ddname line number
Explanation:
This error message indicates that the statistic variable defined as the target for another variable does not have a WHERE clause. Since the purpose of a target variable is that WHERE clauses are shared, the target must have such a clause.
Severity:
12
CKR0513 Use of
function is not licensed for IBM
Security zSecure product code
code
Explanation:
The function indicated (either a command or a parameter) is not licensed for the product used. For example, if IBM Security zSecure
Admin is running without zSecure Audit on a z/OS system, this configuration is not licensed to use the
NEWLIST TYPE=SMF command. For a description of the product codes, see the documentation for the
NEWLIST LICENSE parameter in the IBM Security
zSecure Admin and Audit for RACF: User Reference
Manual.
Severity:
12
CKR0514 Variable
statistic-name at ddname line
number not defined as Boolean,
Subselect, or As - invalid on LIST commands
Explanation:
This error message indicates that a summary statistic variable was used on a LIST,
SORTLIST, or DISPLAY command. This is not allowed; these variables may only be used with (D)SUMMARY.
Severity:
12
CKR0515 WHERE clause invalid for define
statistic-name (type=type) at ddname line
number because target target-variable
already has one
Explanation:
This error message indicates that a statistic variable with a target variable also has its own
WHERE clause. This is not allowed; if the target variable has a WHERE clause it is automatically inherited, and cannot be overridden. To create two variables with differing WHERE clauses, write two separate defines, both with a WHERE clause, and remove the WHERE clause from the target variable.
Severity:
12
CKR0516 Summary level
number must have at
least one summary key and key cannot be a defined var or lookup - newlist at
ddname line number
Explanation:
This error message indicates that the
(D)SUMMARY command of the indicated NEWLIST contained a summary level without a key-variable. This is only allowed in the topmost (leftmost) summary level. Valid summary key-variables are fields, not defined statistics and lookup-variables.
Severity:
12
CKR0517 WRAP invalid because column length 0 and not the last in line or column floating - field
field-name at ddname line
number
Explanation:
This error message indicates that the
WRAP output modifier was used in combination with an overriding length of zero for a column not last in line, or where another column with overriding length 0
(i.e. variable length) was present on the line. Since the purpose of FIELD(WRAP,0) is to fill up the rest of the output line, this is only allowed for the last column in a line.
Severity:
12
CKR0518 LIST not allowed for NEWLIST
option
Explanation:
This error message indicates that a LIST command was used with NEWLIST option. This is not allowed with the NEWLIST option indicated; use
SORTLIST or DISPLAY instead.
Severity:
12
CKR0519 Option only allowed for (D)SUMMARY
-
option-name at ddname line number
Explanation:
This error message indicates that summary option option-name was used with a LIST,
SORTLIST or DISPLAY command. The indicated option may only be used with the SUMMARY and
DSUMMARY commands.
Severity:
12
CKR0520 Merged NEWLIST at
ddname line number
must use same LIST family member as
NEWLIST at
ddname line number
Explanation:
All NEWLISTs within a
MERGELIST/ENDLIST pair should use the same output command: either DISPLAY or SORTLIST. This was not the case for the two newlists indicated.
Severity:
12
172
Messages Guide
CKR0521 • CKR0530
CKR0521
Explanation:
When a NEWLIST TYPE=SMF is used in restricted mode (i.e. in PADS mode, with a
NEWLIST SCOPE, or with SIMULATE RESTRICT), you may not use the SUPPRESS CKFREEZE command, because that would allow the user to circumvent restriction checking for VSAM components. Note that
IOCONFIG is an alias of CKFREEZE.
Severity:
00
SUPPRESS CKFREEZE ignored for restricted mode NEWLIST TYPE=SMF
CKR0522 Program was terminated by attention
Explanation:
The program was terminated because the
ATTN key was pressed.
Severity:
12
CKR0523 Group tree loop with
num elements
type1 id1 has type2 id2 as owner
Explanation:
This message is issued due to a
VERIFY GROUPTREE command. The message indicates the size of the loop in the group tree; the run-on messages indicate all users and groups in the loop; type is user or group, and id indicates the RACF user ID or group ID.
Severity:
08
CKR0524 Program was terminated due to storage shortage - increase REGION
Explanation:
The program was terminated because of a storage (memory) shortage. Try increasing the
REGION size and running the program again.
Severity:
12
CKR0525 Contents of CKRSITE module:
contents
Explanation:
This message is printed as the result of a
SHOW CKRSITE command. contents displays the relevant portions of the CKRSITE module.
Severity:
00
CKR0526
Explanation:
This message indicates that the class used for CKGRACF profiles, which is set in the
CKRSITE module, could not be found in the Class
Descriptor Table. Most likely, this indicates an installation error.
Severity:
12
CKRSITE class
class not found in CDT
for complex
complex
CKR0527 Subselect of field
field not supported
Explanation:
This message indicates that a variable was defined as a subselect of the indicated field, but that subselects of this field are not supported. In the current version of zSecure, the only fields where a subselect is allowed are ACL, CUSTOM_DATA, and
USR. See the DEFINE command for further information.
Severity:
12
CKR0528 Subselect of "
field" in "group" not
allowed
Explanation:
This message indicates that in a subselect of group (either ACL, CUSTOM_DATA, or USR), a field was used that is not supported in the subselect. See the
DEFINE command for a table of fields that are supported.
Severity:
12
CKR0529
Explanation:
The access value specified at the indicated ddname is invalid.
Severity:
12
Invalid ACCESS VALUE "
value" at
ddname line number
CKR0530
kind only valid in PARM string type
"
value" at ddname line number
Explanation:
The kind parameter of the ALLOCATE command must be specified in a parameter string. The
kind parameter can be any of these values:
ERRDD
INDD
LETRAPOFF
LETRAPON
NOCLEANUP
NOCLOSE
NODCBE
NODUMP
NOESTAE
NOLE
OUTDD
STORAGEGC
TEXTPIPE
UMASK
User response:
When specifying this parameter, include the ALLOCATE command in the PARM= parameter in the batch JCL.
Severity:
12
Chapter 5. CKR messages
173
CKR0531 • CKR0541
CKR0531
Explanation:
The EXPLODE output modifier may not be used in a (D)SUMMARY command. The RESOLVE and EFFECTIVE output modifiers (which are a different type of EXPLODE) may also not be used.
Severity:
12
Summary of exploded field "
field" not
allowed at
ddname line number
CKR0532 Warning: global define for variable
field
(type=
type) at ddname line number
overrides local define at
ddname line
number
Explanation:
This warning message indicates that a local define for the indicated variable field was overridden by a global define.
Severity:
00
CKR0533 Reporting on the in-storage resource rule directories is not supported for system
system
Explanation:
The required information cannot be accessed, because it is in fetch protected storage. As a partial circumvention, you can allocate a CKFREEZE created by an APF run of zSecure Collect. However, even such a CKFREEZE contains information about only a select few resource rule directories, so the report will be incomplete even in that case.
Severity:
04
CKR0534 Indent base
base not found behind field
at
ddname line number
Explanation:
The indicated base field used by the
INDENT output modifier was not specified on the same (SORT)LIST or DISPLAY command. It must be specified behind the indented field. The NONDISPL output modifier may be used to keep the base field from being printed.
Severity:
12
CKR0535 Create of group
group requested, but
group already defined
Explanation:
This message indicates that the indicated
group to be added by the COPY or MOVE command was already defined; no ADDGROUP command will be generated.
Severity:
12
CKR0536 Create of userid
user requested, but user
already defined
Explanation:
This message indicates that the indicated
user to be added by the COPY or MOVE command was
174
Messages Guide already defined; no ADDUSER command will be generated.
Severity:
12
CKR0537
Explanation:
During processing of group-tree depths, the maximum depth of 255 was reached for the indicated group. This may be caused by a loop in the group-tree structure, which can be found using
VERIFY GROUPTREE. It may also be caused by a group-tree that is more than 255 groups deep; this condition is not supported by IBM Security zSecure
Admin and Audit for RACF.
Severity:
16
Maximum group nesting depth of 255 exceeded at group
id - run VERIFY
GROUPTREE to check for group loops
CKR0538 Group SYS1 not found, check
SELECT/EXCLUDE statements
Explanation:
This message was issued due to a
VERIFY GROUPTREE command and indicates that group SYS1 was not found. The VERIFY command was not processed. This message may be due to global
SELECT/EXCLUDE processing, excluding group SYS1.
If not, it indicates a serious problem in the RACF database, since group SYS1 is required.
Severity:
12
CKR0539
Explanation:
This message indicates an invalid
ALLOC command. The options PRIMARY, BACKUP,
INACTIVE are all invalid with the type specified on the command. The only live option that is valid is
ACTIVE.
Severity:
12
ALLOC PRIMARY/BACKUP/INACTIVE invalid for specified type - before
token
at
ddname line number
CKR0540 OPEN
abend-type on file ddname
Explanation:
An abend of the indicated type occurred when opening a TYPE=CKFREEZE file with the indicated ddname.
Severity:
16
CKR0541 OPEN
abend-type on file ddname
Explanation:
An abend of the indicated type occurred when opening a TYPE=UNLOAD file with the indicated ddname.
Severity:
16
CKR0542 • CKR0552
CKR0542
Explanation:
The CONNECT field may not be used by itself in a (SORT)LIST or (D)SUMMARY command; if it is used, it must be based on an indirect reference to
USERID when displaying a group profile, or based on an indirect reference to CONGRPNM or CGGRPNM when displaying a user profile.
Severity:
12
CONNECT field must be used in a lookup - at
ddname line number
CKR0543 More than 7 JES subsystems not supported - VERIFY/REPORT STC in error
Explanation:
This message is generated by the
VERIFY STC
or REPORT STC command. It indicates that a system was analyzed with more than 7 JES2 or JES3 subsystems. zSecure does not support this.
Severity:
16
CKR0544 LX too high! LX=
val (dec); maximum is
val2 (dec)
Explanation:
This message is generated by the
NEWLIST TYPE=PC (Program Call report). It indicates an internal error, or an inconsistency in a CKFREEZE file. Contact IBM Software Support.
Severity:
20
CKR0545 NEWLIST TYPE=PC request for system
system, but no PC data available.
Perhaps old or non-APF CKFREEZE
Explanation:
This message is generated by the
NEWLIST TYPE=PC (Program Call report). It indicates that a Program Call report was requested for the indicated system, but that Program Call data were not available. Check the CKFREEZE file used; the Program
Call report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit.
Severity:
00
CKR0546 NEWLIST TYPE=PC CKFREEZE data incomplete for SYSTEM
system
Explanation:
This message is generated by the
NEWLIST TYPE=PC (Program Call report). It indicates that the CKFREEZE for that system was not made with a sufficiently recent zSecure Collect with support for
ASN-and-LX reuse support. When issued on a system running an older z/OS release, this indicates an internal error, or an inconsistency in a CKFREEZE file.
Severity:
20
CKR0547 NEWLIST TYPE=MSG requested but no
MPFT found. Possibly old CKFREEZE
Explanation:
This message is generated by the
NEWLIST TYPE=MSG (MPF report). It indicates that an MPF report was requested, but that MPF data were not available. Check the CKFREEZE file used; the MPF report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit.
Severity:
04
CKR0548 NEWLIST TYPE=MSG requested but no
MPFTENTY found
Explanation:
This message is generated by the
NEWLIST TYPE=MSG (MPF report). It indicates that an MPF report was requested, but that MPF data were not available. Check the CKFREEZE file used; the MPF report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit.
Severity:
04
CKR0549 NEWLIST TYPE=MSG requires
CKFREEZE
Explanation:
This message is generated by the
NEWLIST TYPE=MSG (MPF report). It indicates that an MPF report was requested, but that no CKFREEZE file was used. The MPF report requires a CKFREEZE file; check your JCL or your set of input files.
Severity:
08
CKR0550
Explanation:
This message is generated by the
NEWLIST TYPE=MSG (MPF report). It indicates an internal error condition. Contact IBM Software Support including your MVS level and both the version numbers indicated.
Severity:
20
NEWLIST TYPE=MSG unexpected
MPFTVRSN
version, expected version2
CKR0551 Expected MPFTs:
amount1; got amount2
Explanation:
This message is generated by the
NEWLIST TYPE=MSG (MPF report). It indicates an internal error condition. Contact IBM Software Support.
Severity:
20
CKR0552 No SMF subsystem information available for
system
Explanation:
This message is generated by the
NEWLIST TYPE=SMFOPT (SMF subsystem options report). It indicates no SMF subsystem information was available for the indicated system. Check your
CKFREEZE file; the report requires an APF-authorized
Chapter 5. CKR messages
175
CKR0553 • CKR0563
zSecure Collect run with a focus including zSecure
Audit.
Severity:
08
CKR0553
Explanation:
This message shows the amount of storage that the program needed to construct a working copy of the in-storage ACF2 resource rule directories and resource rule sets.
Severity:
00
Directories and resource rules use
nnnn
bytes for system
system
CKR0554 TCP/IP interface connection failed, error code
code
Explanation:
A failure occurred while trying to connect zSecure to the TCP/IP interface. The error code is documented under z/OS Communications Server: IP
and SNA Codes
in the z/OS information center. If the code is not listed there, it is documented as a return code under z/OS UNIX System Services: Messages
and Codes
.
See z/OS Internet Library to access the information center for your version of z/OS.
Severity:
04
CKR0555
Explanation:
A CARLa statement contains a bitmask value that is either empty or longer than 2048 symbols.
User response:
Review and correct the CARLa script.
Severity:
12
Bitmask cannot be empty or longer than
2048
CKR0556 Bitmask is not allowed
Explanation:
A CARLa statement contains a bitmask value that is not allowed.
User response:
Review and correct the CARLa script.
Severity:
12
CKR0557 Invalid IP address or network prefix
'
string' at ddname line number
Explanation:
This message indicates that a CARLa script has an IP address or network prefix specification
(either IPv4 or IPv6) that is not valid.
User response:
Adjust the corresponding CARLa script to supply a valid IP address or network prefix specification. A network prefix consists of an IP address, a slash character (/), and an integer denoting the prefix length. With an IPv4 address, the prefix length can be 32 at most. With an IPv6 address, the prefix length can be 128 at most.
176
Messages Guide
Severity:
12
CKR0558 CKRRMRG - Illegal eyecatcher
eyecatcher during logging
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0559 CKRRMRG - Nil pointer found
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0560 Profiles in STARTED class exist, but class not active - ICHRIN03 is used.
Explanation:
This message is produced by the
VERIFY STC command. It indicates that profiles in the
STARTED class exist, but that the class is not active. As a result, the profiles will be ignored, and the started procedure table ICHRIN03 will be used instead.
Severity:
00
CKR0561 STARTED class active, but no profiles found - ICHRIN03 is used
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the STARTED class is active, but does not contain any profiles. As a result, the started procedure table ICHRIN03 will be used instead.
Severity:
00
CKR0562 ALLOC PRIMARY/BACKUP/ACTIVE/
INACTIVE/SMF cannot be combined with other source identifiers - at
ddname
line
number
Explanation:
An ALLOC statement referring to a data source obtained from control blocks in storage cannot at the same time point to an external data source.
Severity:
12
CKR0563 STARTED profile
profile has no STDATA
segment - ICHRIN03 is used -
action to
newuser note
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the indicated profile in the STARTED class does not contain an STDATA segment. As a result the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead. A command is generated to create an
STDATA segment with an STUSER specification
newuser. If the profile's first qualifier is a valid user ID,
newuser will be user(=MEMBER) the action will be
correct
and the profile should then be usable, although you still may have to note "but userid still revoked",
meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if not, newuser will be
NOUSER
, the action will be change, and a subsequent
VERIFY STC would issue CKR0564 for the profile.
Severity:
08
CKR0564 No STUSER specified on STARTED profile
profile - ICHRIN03 is used
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the indicated profile in the STARTED class does not contain an STUSER field in the STDATA segment. As a result, the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead. No attempt is made to cure this condition, because it may be intentional.
Severity:
08
CKR0565 STARTED profile
profile contains group
id
group as STUSER - "user" is used -
action to newuser note
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the indicated profile in the STARTED class does not contain a valid user ID in the STUSER field in the STDATA segment, but the groupname id. As a result, the user specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a valid user, newuser will be set to
user(=MEMBER)
to use the member name and the
action will be correct, although you still may have to note "but userid still revoked," meaning that the started task would run with reduced authority and might still experience problems (as indicated by message CKR0575). If not, it will be set to NOUSER to indicate the field is to be deleted, the action will be
change
, there will be no note, and after the proposed change the profile would be so unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile.
Severity:
08
CKR0566 STARTED profile
profile has undefined
STUSER
id - "user" is used - action to
newuser note
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the user ID, id, is not valid in the STUSER field in the STDATA segment of the specified profile in the STARTED class. As a result, the user specified in the profile will be ignored, and the undefined user ID, user, will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a valid
CKR0564 • CKR0569
user, newuser will be set to user(=MEMBER) to use the member name and the action will be correct. However,
note might specify "but userid still revoked," which means that the started task will run with reduced authority and might experience problems (as indicated by message CKR0575). If not, newuser will be set to
NOUSER
to indicate that the field is to be deleted, the
action will be set to change, and note is not specified.
After the proposed change the profile would be so unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY
STC would issue CKR0564 for the profile.
Severity:
08
CKR0567 STARTED profile
profile has STUSER
=MEMBER, which is a groupid - "
user"
is used for
procedure volume dataset
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
profile in the STARTED class contains the value
=MEMBER
in the STUSER field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid user ID, but a group ID.
As a result, the procedure name will not be used as a user ID, and the undefined user ID user will be used instead. Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated.
Severity:
08
CKR0568 STARTED profile
profile has STUSER
=MEMBER, which is undefined - "
user"
is used for
procedure volume dataset
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
profile in the STARTED class contains the value
=MEMBER
in the STUSER field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid user ID. As a result, the procedure name will not be used as a user ID, and the undefined user ID user will be used instead. Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated.
Severity:
08
CKR0569 STARTED profile
profile has both
STUSER and STGROUP =MEMBER -
"
user" is used - action to deletions
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the indicated profile in the STARTED class has the value =MEMBER in both the STUSER and STGROUP fields in the STDATA segment. Since it is impossible for any procedure name
Chapter 5. CKR messages
177
CKR0570 • CKR0573
to match both a user ID and a group ID at the same time, this is an error on the profile level. As a result, the specifications in the profile will be ignored, and the undefined user ID user will be used instead. If the profile's first qualifier is discrete, it is checked whether it matches a user ID or a group ID or neither, and deletions will contain NOGROUP or NOUSER or both, respectively, to indicate which specifications are to be deleted. If the profile's first qualifier is generic, it is not possible to do such a check, and deletions will be
NOGROUP
, which is the only choice that might possibly fix the problem (for some matching procedures). Only when the problem has been fixed with certainty (discrete first qualifier that matches a valid user ID) action will be correct, otherwise it will be
change
.
Severity:
08
CKR0570
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the indicated profile in the STARTED class does not contain a valid group ID in the STGROUP field in the STDATA segment, but the groupname id. As a result, the user specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a valid group, newgroup will be set to
group(=MEMBER)
to use the member name; if not, it will be set to NOGROUP to indicate the field is to be deleted. Note indicates further problems with the user
ID id and newgroup, it may be "but still unconnected" to indicate that =MEMBER may be a valid group but still the profile specification would be ignored (as indicated by CKR0574), "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575), "but still unconnected, userid
still revoked
" if both problems remain (CKR0150), or it may be absent. The action will be correct if the resulting profile specifications would be usable (no missing connection) regardless of the user ID's revocation status, and change otherwise.
Severity:
08
STARTED profile
profile contains userid
id as STGROUP - "user" is used - action
to
newgroup note
CKR0571 STARTED profile
profile has undefined
STGROUP
id - "user" is used - action to
newgroup note
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the indicated profile in the STARTED class does not contain a valid group ID in the STGROUP field in the STDATA segment, but the value id. As a result, the user specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a
178
Messages Guide valid group, newgroup will be set to group(=MEMBER) to use the member name; if not, it will be set to
NOGROUP
to indicate the field is to be deleted. Note indicates further problems with the user ID id and
newgroup, it may be "but still unconnected" to indicate that =MEMBER may be a valid group but still the profile specification would be ignored (as indicated by
CKR0574), "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by
CKR0575), "but still unconnected, userid still revoked" if both problems remain (CKR0150), or it may be absent. The action will be correct if the resulting profile specifications would be usable (no missing connection) regardless of the user ID's revocation status, and
change
otherwise.
Severity:
08
CKR0572 STARTED profile
profile has STGROUP
=MEMBER, which is a userid - "
user" is
used for
procedure volume dataset
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
profile in the STARTED class contains the value
=MEMBER
in the STGROUP field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid group ID, but a user ID.
As a result, the user ID specified in the profile will not be used, and the undefined user ID user will be used instead. Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated.
Severity:
08
CKR0573
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
profile in the STARTED class contains the value
=MEMBER
in the STGROUP field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid group ID. As a result, the user ID specified in the profile will not be used, and the undefined user ID user will be used instead.
Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated.
Severity:
08
STARTED profile
profile has STGROUP
=MEMBER, which is undefined - "
user"
is used for
procedure volume dataset
CKR0574 • CKR0581
CKR0574 STARTED profile
profile user id not
connected to group
group - "user" is used
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
profile in the STARTED class contains a valid user and group, but that user id is not connected to group group.
As a result, the user ID specified in the profile will not be used, and the undefined user ID user will be used instead. This message indicates an error on the profile level, but no command is generated as it is unclear what the desired solution would be.
Severity:
08
CKR0575 STARTED profile
profile has revoked
userid
user - executes with reduced
access
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
profile in the STARTED class contains a valid user and group, but that user user is revoked. As a result, the user ID specified in the profile will be used, but the started task will run with reduced access, which may lead to problems. This message indicates an error on the profile level, but no command is generated as it is unclear what the desired solution would be.
Severity:
08
CKR0576 No STARTED profile found, ICHRIN03 is used -
procedure volume dataset
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
procedure in the indicated data set does not match any profile in the STARTED class. As a result, the started procedure table ICHRIN03 will be used instead.
Severity:
00
CKR0577 STARTED profile
profile not used by any
started procedure
Explanation:
This message is produced by the
VERIFY STC command. It indicates that the indicated
profile in the STARTED class is not used for any procedure. The profile may be redundant.
Note:
This message may also be issued if a CKFREEZE file is used that was produced by running zSecure
Collect from an unauthorized library. If zSecure Collect is run with APF authorization, it will use cross memory functions to find the data sets allocated to STCPROC
(or PROC00 if there's no STCPROC). Subsequently, it will read the PDS directory of each of these proclibs.
Note that it is insufficient to tell zSecure Collect to dump the directories of the PDS data sets in an unauthorized run, because they will not be known as proclibs.
Severity:
00
CKR0578 STARTED profile
profile user id not
connected to group
group - "user" is used
for
procedure volume dataset
Explanation:
This message is produced by the VERIFY
STC command. It describes a problem in the indicated
profile in the STARTED class: the user id in the STUSER field in the STDATA segment is not connected to the group in the STGROUP field, so that the undefined user ID user will be used. Note that the first qualifier of
profile is generic, and either the user id or the group is specified as =MEMBER and thus evaluates to procedure, so that the main problem is not a condition on the profile level; no command is generated.
Severity:
08
CKR0579 STARTED profile
profile has revoked
userid =MEMBER - reduced access for
procedure volume dataset
Explanation:
This message is produced by the VERIFY
STC command. It indicates that the indicated profile in the STARTED class has the value =MEMBER in the
STUSER field in the STDATA segment to indicate that the procedure should be used; however, although
procedure is a valid user ID, it is revoked, so that started task will run with reduced authority and might experience problems. Note that the first qualifier of
profile is generic, so that the problem is not a condition on the profile level; no command is generated.
Severity:
08
CKR0580 TSO user
user on system system not
subject to RACF password control -
volume dataset
Explanation:
This message is produced by the
VERIFY TSOALLRACF command. It indicates that on the system specified, the user indicated is included in the UADS data set indicated, but is not a valid RACF user ID. As a result, the user ID can logon using the password specified in the UADS data set, and is not subject to RACF control.
Severity:
08
CKR0581
Explanation:
This message is produced by the
VERIFY TSOALLRACF command. It indicates that on the system specified, the user indicated is included in the UADS data set indicated, is a valid RACF user ID, but does not have a TSO segment. The user ID is subject to RACF control, but takes its TSO attributes from the UADS data set, not the RACF database.
Severity:
08
TSO user
user on system system does not
have a TSO segment -
volume dataset
Chapter 5. CKR messages
179
CKR0582 • CKR0592
CKR0582 ALLOC SMF invalid for specified type before
token at ddname line number
Explanation:
This message indicates an invalid
ALLOC command. A new syntax command can only describe one input source per command.
Severity:
12
CKR0583 VSMLIST return code
value
Explanation:
This message can occur if a live MVS system is examined and the VSMLIST service returns an unsupported return code. Contact IBM Software
Support including the indicated value and your MVS level.
Severity:
08
CKR0584 System
system uses password hashing
Explanation:
This message is produced by the
VERIFY PASSWORD command. It indicates that on the
system specified, the password encryption method used is hashing. Any user with READ access to the RACF database or a copy/backup of the RACF database may be able to decode all passwords.
Severity:
00
CKR0585 Revoked user with weak password -
user
Explanation:
This message is produced by the
VERIFY PASSWORD command. It indicates that the revoked user indicated has a weak DES-encrypted password. The password is not included in the message.
Severity:
00
CKR0586 User with weak password -
user
Explanation:
This message is produced by the
VERIFY PASSWORD command. It indicates that the non-revoked user indicated has a weak DES-encrypted password. The password is not included in the message.
Severity:
00
CKR0587
Explanation:
This message is produced by the
VERIFY PASSWORD command. It indicates that the revoked user indicated has a hashed password, which can be decoded easily. The password is not included in the message.
Severity:
00
Revoked user with hashed password -
user
CKR0588 User with hashed password -
user
Explanation:
This message is produced by the
VERIFY PASSWORD command. It indicates that the non-revoked user indicated has a hashed password, which can be decoded easily. The password is not included in the message.
Severity:
00
CKR0589 Verify password result summary complex
complex [version]
Revoked users with hashed password:
num1
Non-revoked users with hashed password:
num2
Revoked users with weak DES password:
num3
Non-revoked users with weak DES password:
num4
Explanation:
This message is produced by the
VERIFY PASSWORD command. It provides a summary of the number of revoked and non-revoked users found with hashed or weak DES-encrypted passwords.
Severity:
00
CKR0590 Verify password requires RACF database, not unload for complex
complex [version]
Explanation:
This message is produced by the
VERIFY PASSWORD command. It indicates that the
VERIFY PASSWORD command was used with an unloaded RACF database, instead of a 'real' RACF database (primary, backup, or copy). Since an unloaded database does not contain password information, password verification cannot be performed.
Severity:
00
CKR0591
Explanation:
This message indicates that an
ICHNCV00 feature is supported, but will be simulated with some restrictions. The warning indicates the type of feature not supported; the feature is used in convention convention-name, in a SELECT or ACTION clause, as indicated by type and number. At this time, this message will be issued for use of the RACGPID and RACUID features. It can be suppressed.
Severity:
04
Warning in ICHNCV00 parse for
system :
warning in convention convention-name
type clause number
CKR0592 Error in ICHNCV00 parse for
system:
error in convention convention-name type
clause
number
Explanation:
This message indicates that ICHNCV00 could not be parsed, or an ICHNCV00 feature is not
180
Messages Guide
CKR0593 • CKR0602
supported. Because of this, the table will not be simulated. The error indicates the problem; if a feature is not supported, the message will optionally include the convention convention-name, and a SELECT or
ACTION clause, as indicated by type and number. This message can be suppressed.
Severity:
04
CKR0593 ICHNCV00 not used because of parse errors
Explanation:
This message indicates that ICHNCV00 will not be used, because it could not be parsed, or it used features not supported by zSecure. It has been preceded by one or more CKR0592 messages, which indicate the problem.
Severity:
00
CKR0594 System
system: using ICHNCV00 of date
time Cannot be simulated by zSecure
suppressed Reconstructed ICHNCV00
source code follows
contents
Explanation:
This message is generated by a SHOW
ICHNCV00 command. The second line reports whether zSecure can simulate the naming convention table. If so, not will be omitted (instead of not) and an extra line may show suppressed as But was suppressed by
SUPPRESS ICHNCV00
if applicable.
Severity:
00
CKR0595 Qualifier of length
size not supported in
ICHNCV00 simulation
Explanation:
This message is generated during simulation of ICHNCV00. It indicates that a source data set name used qualifiers of the indicated size, which either is zero or larger than 8. zSecure will not translate the data set name.
Severity:
00
Messages from 600 to 699
CKR0600 ENDBUNDLE without BUNDLE
Explanation:
This error message indicates that an
ENDBUNDLE command was found (which normally ends a bundle of NEWLISTs), but no previous
BUNDLE command was found to start the bundle.
Severity:
12
CKR0601 Nested BUNDLE not allowed, check missing ENDBUNDLE for BUNDLE at
ddname line number
Explanation:
This error message indicates that two
BUNDLE commands were found without an
CKR0596
Explanation:
This message is generated during simulation of ICHNCV00. It indicates that the naming convention table has an action that assigns to an output qualifier UQ beyond the last one in use, and beyond the first unused one, leaving a gap in the data set name. zSecure will not translate the data set name.
Severity:
00
Assignment beyond next empty qualifier not supported system
system
CKR0597 ALLOC PRIMARY/BACKUP/ACTIVE/
INACTIVE invalid for specified type before
token at ddname line number
Explanation:
This message indicates an invalid
ALLOC command. A live input source indicator was used with a type that does not support this.
Severity:
12
CKR0598 The value "none" is mutually exclusive with other scan_inst values
Explanation:
The value NONE for a SELECT of an instruction scan field was used in a list with other instruction scan values. This is not allowed. Use an explicit OR instead.
Severity:
12
CKR0599
Explanation:
If a variable is used as the BUNDLEBY value, then it must be a variable defined with
DEFINE AS and not a summary statistic, boolean, or
SMF field.
Severity:
12
DEFINE for BUNDLEBY=
field must be
of type AS for statement at
ddname line
number
intermediate ENDBUNDLE. BUNDLE commands may not be nested.
Severity:
12
CKR0602
Explanation:
This error message indicates that a
BUNDLE command was found, in a sequence of
MERGELIST - BUNDLE. There should be an
ENDMERGE command in this sequence. You can include a MERGELIST - ENDMERGE in a BUNDLE -
ENDBUNDLE sequence, but not the other way around.
Severity:
12
Issue ENDMERGE before BUNDLE at
ddname line number
Chapter 5. CKR messages
181
CKR0603 • CKR0613
CKR0603
Explanation:
This error message indicates that a
DISPLAY command was found within a BUNDLE -
ENDBUNDLE. The BUNDLE command is intended for printed output; no interactive displays are allowed.
Severity:
12
BUNDLE cannot contain DISPLAY - at
ddname line number
CKR0604 BUNDLEBY not on BUNDLE or
NEWLIST but required at
ddname line
number
Explanation:
The BUNDLE - ENDBUNDLE commands require a BUNDLEBY parameter on the
BUNDLE or on each NEWLIST in the bundle. In this case, the parameter was missing.
Severity:
12
CKR0605 More than 32767 user-defined SMF fields not possible
Explanation:
This message indicates that you have reached the internal limit on the number of user-defined fields for the SMF report. Reduce the number of DEFINE SMF_FIELD, SMF_SECTION, or
RACF_SECTION commands.
Severity:
12
CKR0606
Explanation:
The indicated field, which is SMF_FIELD,
SMF_SECTION, or RACF_SECTION, was used in an output command. These fields, which are used to create user-defined SMF fields, may not be used directly in output commands. However, you can use these fields with a DEFINE command to create a new variable, and use that variable in output commands.
Severity:
12
field may only be used in
Select/Exclude/Define-As - at
ddname
line
number
CKR0607
database class profile base segment
missing in complex
complex
Explanation:
During a merge, it was detected that the specified profile has no base segment. Database is either
Current
® or Source. This profile will be skipped in the merge process. After completion of the current phase, the program will stop. This message can be the result of your select and exclude specifications. Next, you should check whether the specified profile has been damaged. If the profile is not damaged, verify the correctness of the profile itself, and take actions to correct or remove any incomplete profiles.
Severity:
12
CKR0608 Use only one of DSN, DSNPREF,
CMSFILE, PATH, FILEDESC, or
GETPROC on ALLOC - at
ddname line
number
Explanation:
On an ALLOCATE command, at most one of the parameters DSN, DSNPREF, CMSFILE,
PATH, FILEDESC, and GETPROC may be specified.
Severity:
12
CKR0609 ALLOC uses both specific file format and specific option format keywords before
token at ddname line number
Explanation:
The ALLOCATE command has two distinct formats, called the option format and the file format. Each has keywords only valid in that format, which cannot be mixed with keywords that indicate the other format. The two formats are described in the
ALLOCATE command documentation in the user reference manual for your zSecure product.
Severity:
12
CKR0610 ALLOC in file format requires explicit
TYPE and input source specification before
token at ddname line number
Explanation:
The ALLOCATE command has two distinct formats, called the option format and the file format. When the latter is used without the SMF keyword (which specifies both at once), the TYPE keyword and one of the keywords DD, DSN, CMSFILE,
PATH, FILEDESC, PRIMARY, BACKUP, ACTIVE, or
INACTIVE are required. The two formats are described in the ALLOCATE command documentation in the user reference manual for your zSecure product.
Severity:
12
CKR0612 Tapevol
profile volumes not equal
Explanation:
During the merge of the mentioned tapevol profile it was discovered that the volume lists of the source and current versions are not equal. The profile will not be merged.
Severity:
04
CKR0613 Complex names missing for two or more security databases, specify COMPLEX= on ALLOC statement
Explanation:
The program tried to assign default
COMPLEX names to the security databases allocated, but could not decide which complex to assign to which database. Specify the COMPLEX parameter on all
ALLOC statements of TYPE=RACF.
Severity:
12
182
Messages Guide
CKR0614 • CKR0620
CKR0614 Warning: unload
ddname1 and ddname2
apply to same system
system
Explanation:
Two complexes were defined that turned out to have the same name. This means displays may be confusing since they show information from two databases under the same complex name. This can only happen if a TYPE=UNLOAD input file was used without an ALLOC COMPLEX parameter. It is better to rerun while specifying the COMPLEX parameter.
Severity:
00
CKR0615 Input system structure overview (default system
system complex complex
Explanation:
These messages give an overview of the allocated files and their use. These messages are mainly used to determine how zSecure will group different kinds of files (UNLOADs, CKFREEZEs) for multiple systems.
The complex message line shows the timestamp for the complex that is used in report headers. For implicit allocation, which automatically allocates the live RACF data base, prod shows the type of system, RACF, and the file name of the live data base. For explicit allocation, prod shows ???? and the file name is left blank.
The run-on messages describe in detail how each input file will be used. The system name for a CKFREEZE file or live system may be preceded by an equal sign
(=). This means that the system is primarily assigned to a different complex (where it does not have the equal sign), but it is also being used for this complex. This implies, for example, that SMF records with this system
ID will not be assigned the complex name where the system is being displayed with the equal sign in front.
Ver
ver
Complex Func
complex func
Prod
prod
System
system
Timestamp Filename
timestamp filename
Severity:
00
Volser
volser
Dsname
dsname
CKR0616 Missing
product security database for
system
name complex complex - not
allowed in restricted mode
Explanation:
This message indicates that in a restricted-mode (aka PADS) run, no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system name. This makes a restricted-mode run impossible.
Severity:
12
CKR0617
Explanation:
This message indicates that no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system name, while one or more reports require the security information. The reports that need this information may be incomplete; other reports will be unaffected.
Severity:
00
Warning: missing
product security
database for system
name complex
complex
CKR0618 Processing
product system system [version]
as if protected by
product2 complex
complex is not allowed in restricted
mode
Explanation:
This message indicates that no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system system. Usually, the indicated product2 security database for the complex
complex would have been used instead; but this is not allowed in restricted mode.
Severity:
12
CKR0619 Overriding COMPLEX=
complex for
system
name file ddname not allowed in
restricted mode unless equal to ZSECNODE, RRSF node, SYSPLEX, SYSNAME, or SMF id
Explanation:
This message indicates that a
COMPLEX= statement was used on the ALLOCATE command to override the complex used for the indicated file. This override is not allowed in restricted mode unless the value for this parameter is equal to
ZSECNODE, RRSF node, SYSPLEX, SYSNAME, or SMF id.
Severity:
12
CKR0620
kind database does not have id name
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The ID name, which is either SYS1 or IBMUSER, could not be found. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT.
Severity:
12
Chapter 5. CKR messages
183
CKR0621 • CKR0628
CKR0621
kind id name referred to but not defined
- assume user
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The ID with the indicated name was referred to (as owner, default-group, superior group, or in a user-group connection) but could not be found. As a work-around,
IBM Security zSecure Admin assumes it is a user. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a
SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT.
Severity:
04
CKR0622
kind id name defined as both user and
group
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The ID with the indicated name is known as both a user and as a group.
This is caused by a structural error in the database, which must be repaired before the ID can be merged.
You may be able to work around this problem by using global EXCLUDE commands.
Severity:
12
CKR0623
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The ID with the indicated name was found, but no owner could be determined. As a work-around, IBM Security zSecure
Admin assumes the owner is SYS1. This may be caused by a structural error in the database, or by a global
SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT.
Severity:
04
kind id name has no owner - assume
SYS1
CKR0624
kind user name has no default-group and
no connects
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. For the user with the indicated name, no default-group could be found, and no other connects could be found that would serve as fall-back. This may be caused by a structural error in
184
Messages Guide the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the
MERGE/ENDMERGE block, not by a global SELECT.
Severity:
12
CKR0625
kind group name has no superior-group -
assume SYS1
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The group with the indicated name was found, but no superior group could be determined. As a work-around, IBM Security zSecure Admin assumes the superior group is SYS1.
This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the
MERGE/ENDMERGE block, not by a global SELECT.
Severity:
04
CKR0626
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The group with the indicated name was found, and has different groups as superior-group and owner. As a work-around, zSecure
Audit assumes the superior group should also be used as the owner. This is caused by a structural error in the database.
Severity:
04
kind group name has supgrp<>owning
group, assuming owner should be set to supgrp
CKR0627
kind database has structural errors -
please run VERIFY CONNECT,PERMIT
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database was diagnosed in the preceding messages. Run VERIFY PERMIT and/or
VERIFY CONNECT.
Severity:
00
CKR0628 TVTOC merge not supported
Explanation:
During a merge, it was detected that some TAPEVOL profiles with a TVTOC are present in both source and current databases. This message serves to warn you that such profiles will not be merged.
Severity:
04
CKR0629
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The ID name, which is either SYS1 or IBMUSER, could be found, but was not of the correct kind (group for SYS1, user for IBMUSER).
This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the
MERGE/ENDMERGE block, not by a global SELECT.
Severity:
12
kind database has id name but is not a
user/group
CKR0630 Two merge sources not allowed
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates that two source RACF databases were found. The merge requires exactly one source and one current database. See the preceding CKR0615 message for an overview of the RACF databases and their function.
Severity:
12
CKR0631 Two merge currents not allowed
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates that two current RACF databases were found. The merge requires exactly one source and one current database. See the preceding
CKR0615 message for an overview of the RACF databases and their function.
Severity:
12
CKR0632 Merge requires source and current
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates that no source database, no current database, or no database at all was found. The merge requires exactly one source and one current database. See the preceding CKR0615 message for an overview of the RACF databases and their function.
Severity:
12
CKR0633 These src groups have a SUPGROUP rule but are not selected:
group ids
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of groups was found for which a MERGERULE SOURCEID SUPGROUP command was specified. However, the groups were not selected to be merged. This is an error: either select the groups to be merged, or omit the MERGERULE commands for the groups.
CKR0629 • CKR0638
Severity:
12
CKR0634
kind user name has no default-group,
using connect
group
Explanation:
This message is issued by the IBM
Security zSecure Admin database merge checking routines, and indicates a structural error in the kind
(Source or Current) database. The user with the indicated name was found, but no default-group could be determined. As a work-around, IBM Security zSecure Admin uses the existing connection to group.
This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the
MERGE/ENDMERGE block, not by a global SELECT.
Severity:
04
CKR0635 MERGE internal error:
description
Explanation:
An internal error occurred during a IBM
Security zSecure Admin database merge. Write down the indicated description and contact IBM Software
Support.
Severity:
16
CKR0636
Explanation:
An error occurred during pass number of a IBM Security zSecure Admin database merge. The error was described in the previous messages. Because of these errors, the IBM Security zSecure Admin database merge was unable to continue and stopped.
Severity:
12
Errors in merge phase
number - stopped
early
CKR0637 Merge requires a local current RACF database
Explanation:
A merge was specified, but an eligible database to merge into was not supplied. You cannot merge into a nonlocal database through the zSecure
Server network.
Severity:
12
CKR0638 Merge requires a local RACF source database
Explanation:
A merge was specified, but an eligible database to merge from was not supplied. You cannot merge from a nonlocal database through the zSecure
Server network.
Severity:
12
Chapter 5. CKR messages
185
CKR0639 • CKR0647
CKR0639 CKREFRI: command buffer overflow
Explanation:
This message indicates that one or more classes were left off from the SETROPTS REFRESH command.
Severity:
08
CKR0640 The following src ids have a rule but are not defined:
ids
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID commands was found that specified an nonexisting user or group ID. This is an error: either correct the user or group IDs, or omit the
MERGERULE commands for the indicated IDs.
Severity:
12
CKR0641
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID RENAME commands was found. The indicated IDs are valid user and group IDs on the
SOURCE system, but are not selected to be merged, so the commands cannot apply to SOURCE IDs. The new name specified with the RENAME option does not exist on the CURRENT system and will also not be created during the merge, so the commands cannot apply to references to the indicated IDs (for example, on access lists). This is an error: either select the user or group IDs to be merged, or omit the MERGERULE commands for the indicated IDs
Severity:
12
These src ids have a RENAME, are not selected, and do not exist in current:
ids
CKR0642 The following current ids are the target of > 1 rename:
ids
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID RENAME commands was found. Several of these commands renamed a SOURCE ID to the same
CURRENT id. This is not allowed. However, you can achieve the effect desired by merging the SOURCE database in multiple runs.
Severity:
12
CKR0643 The following users have a SUPGROUP rule:
ids
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID SUPGROUP commands was found that specified a user as SOURCEID. This is not allowed: a
SUPGROUP option can only apply to a group. Correct the MERGERULE commands.
Severity:
12
186
Messages Guide
CKR0644 A SUPGROUP rule for SYS1 is not allowed:
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID SUPGROUP commands was found that specified a superior group for a group that would be called SYS1 after the merge. This is not allowed: SYS1 should not have a superior group. The src-id shows the original group name (before any renames); the cur-id will be SYS1.
Orig
src-id
New
cur-id
Severity:
12
CKR0645 The following current ids are the target of src+rename:
ids
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID RENAME commands was found. One or more of these commands renamed a SOURCE ID to a
CURRENT ID that is also the target of a selected
SOURCE ID that was not renamed. This is not allowed.
However, you can achieve the effect desired by merging the SOURCE database in multiple runs.
Severity:
12
CKR0646 The following users were specified as a
SUPGROUP:
ids
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID SUPGROUP commands was found that specified a user as SUPGROUP. This is not allowed: a
SUPGROUP option must specify a group as new superior group. However, you can specify a user as owner for a group, using the MERGERULE SOURCEID
OWNER option. Correct the MERGERULE commands.
Severity:
12
CKR0647 Following groups found in source. They are users in current:
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of groups that were selected to be merged had the same name as a user on the CURRENT system (possibly after being renamed).
This is not allowed. The src-id column lists the users; the cur-id column lists the new name after the merge.
Correct the MERGERULE commands.
Source
src-id
Current
cur-id
Severity:
12
CKR0648 Following users found in source. They are groups in current:
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of users that are selected to be merged have the same name as a group on the CURRENT system (possibly after being renamed). This is not allowed. The src-id column lists the users; the cur-id column lists the new name after the merge. Correct the MERGERULE commands.
Source
src-id
Current
cur-id
Severity:
12
CKR0649
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID OWNER commands was found that specified a user or group that would be absent after the merge. This is an error. Correct the MERGERULE commands.
Severity:
12
Ids defined as owner, but not defined/selected:
ids
CKR0650 Ids defined as supgroup, but not defined/selected:
ids
Explanation:
During an IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE
SOURCEID SUPGROUP commands was found that specified a group that would be absent after the merge.
This is an error. Correct the MERGERULE commands.
Severity:
12
CKR0651
Explanation:
During an IBM Security zSecure Admin database merge, pass 3, it was determined that the group tree structure after the merge would result in a loop of the indicated groups. This is an error, and should be fixed by specifying or correcting
MERGERULE SOURCEID SUPGROUP commands.
Severity:
12
The following groups are part of a supgroup loop:
groups
CKR0652 The following groups are source-only; their src-only supgrp is not selected:
Explanation:
During an IBM Security zSecure Admin database merge, pass 3, a number of groups was found that were selected to be merged and do only exist on the SOURCE database. In addition, no SUPGROUP command was specified, and their superior groups on the SOURCE system were not selected to be merged.
This is an error, and should be fixed by selecting the source superior groups, not selecting the groups, or by
CKR0648 • CKR0655
specifying MERGERULE SOURCEID SUPGROUP commands.
Orig
src-grp
New
cur-grp
Orig-sup
src-supgroup
Severity:
12
CKR0653 The following groups have conflicting supgrps, and no command:
Explanation:
During an IBM Security zSecure Admin database merge, pass 3, a number of groups was found that were selected to be merged and do exist on both the SOURCE and the CURRENT database. In addition, the superior groups were different; the source superior group was also selected to be merged; and no command was specified that could resolve this conflict.
This is an error, and can be corrected in various ways:
(1) Changing the selection criteria; (2) specifying a
MERGERULE SOURCEID SUPGROUP command; (3) specifying a MERGERULE SOURCEID DATA command; (4) specifying a MERGERULE DEFAULT
DATA command.
Source Current Orig-s Orig-ren
src-grp cur-grp src-s renamed-src
Cur-sup
cur-supgroup
Severity:
12
CKR0654 Group SYS1 was renamed, and no superior group was specified
Explanation:
During an IBM Security zSecure Admin database merge, pass 3, it was detected that group
SYS1 from the SOURCE database was renamed using a
MERGERULE SOURCEID RENAME command.
However, the new group did not already exist on the
CURRENT database, and no new superior group was specified. This is an error, and can be corrected using
MERGERULE SOURCEID commands.
Severity:
12
CKR0655 These src-only users have an owner that is not selected:
Explanation:
During an IBM Security zSecure Admin database merge, pass 4, it was detected that one or more users that occurred only on the source database, have an owner that is not present on the current database, and is not selected to be merged. In addition, no MERGERULE SOURCEID OWNER command had been specified. This is an error, since no owner can be determined. Either specify the desired owner, or select the user's owner to be merged.
Source
src-user
Current
cur-user
Src-Owner
src-owner
Chapter 5. CKR messages
187
CKR0656 • CKR0662
Severity:
12
CKR0656 These users have conflicting owners, no command:
Explanation:
During an IBM Security zSecure Admin database merge, pass 4, it was detected that one or more users that are present on both source and current system have conflicting owners. In addition, no
MERGERULE SOURCEID OWNER, MERGERULE
SOURCEID DATA, or MERGEID DEFAULT DATA command had been specified. This is an error, since no owner can be determined.
Source
src-user
Current
cur-user
Src-Own
src-own
Cur-own
current-owner
Severity:
12
CKR0657 The following connects have conflicting attrs and no auth rule:
Explanation:
During an IBM Security zSecure Admin database merge, pass 5, one or more user-group connections were found that have conflicting attributes in the source and current version. In addition, no
MERGERULE SOURCEID AUTHORITY or
MERGERULE DEFAULT AUTHORITY was specified that could resolve the conflict. This is an error. For each conflicting user-group connection, the message lists the name of the user and group on the source and current databases.
Src-user
s-user
Src-grp
s-group
Cur-user
c-user
Cur-grp
c-group
Severity:
12
CKR0658 The following users have no connects after the merge:
Explanation:
During an IBM Security zSecure Admin database merge, pass 6, it was detected that one or more users did not have any group-connections after the merge. This is an error, which should be corrected by (1) deselecting the user; (2) selecting one or more of the connect-groups; or (3) renaming the user to a user already existing on the CURRENT system.
Source
src-id
Current
cur-id
Src-dfltgrp
source defaultgroup
Severity:
12
CKR0659 The following users have no dfltgrp, and > 1 copied connect:
Explanation:
During an IBM Security zSecure Admin database merge, pass 6, it was detected that one or more users did have two or more group-connections after the merge, but the source default group was not merged, and no default-group could be determined.
This is an error, which can be corrected in various ways, including: (1) deselecting the user; (2) selecting the source defaultgroup to be merged; or (3) renaming the user to a user already existing on the CURRENT system.
Source
src-id
Current
cur-id
Src-dfltgrp
source defaultgroup
Severity:
12
CKR0660 The following users have two dfltgrp candidates:
Explanation:
During an IBM Security zSecure Admin database merge, pass 6, it was detected that one or more users have two candidate default groups, and no
MERGERULE SOURCEID DATA or MERGERULE
DEFAULT DATA commands had been specified that could resolve the conflict. This is an error.
Source
src-id
Current
cur-id
Src-dflt
src-dflt
Cur-dflt
current defaultgroup
Severity:
12
CKR0661 Warning:
product system name now
processed as if protected by
product2
database of complex
name2
Explanation:
This message indicates that no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system name. The indicated product2 security database for the complex
name2 is used instead.
Severity:
00
CKR0662 Warning: RACF Class Descriptor Table for complex
name unknown, using
current system CDT
Explanation:
This message indicates that no RACF
Class Descriptor Table (CDT) could be found for the indicated system name. The current systems CDT is used instead.
Severity:
00
188
Messages Guide
CKR0663 Started task info missing, ICHRIN03 not in
ddname for system name complex
complex [version]
Explanation:
This message is issued by
VERIFY/REPORT STC. It indicates that though the
STARTED class will still be processed, the fallback started task information for the indicated system name is missing. The report may be incomplete.
Severity:
08
CKR0664 Two-pass BDAMQSAM read of RACF db not supported, use an unload [or no
BDAMQSAM] for complex
name
Explanation:
A RACF database (as opposed to an
UNLOAD) cannot be used in a two-pass read. Use an
UNLOAD instead. [Or do not include a BDAMQSAM command in the run.] This may be caused by including fields like ANYSUPGROUP (which needs to know the group structure to operate) in your query, or using lookups in a NEWLIST TYPE=RACF selection (for which, for example, ownership relations must be known ahead of time).
Severity:
12
CKR0665
Explanation:
The COMPLEX parameter on the
UNLOAD statement is meant to indicate which complex security database should be unloaded. An unload file can contain information of one complex only, while a NEWLIST can print information from multiple complexes. The COMPLEX parameter has no meaning for non-security database NEWLISTs and results in this error message.
Severity:
12
UNLOAD COMPLEX= parameter not valid for NEWLIST TYPE=
type
CKR0666 System
system complex complex NJE
node
node has been assigned free
CKRCMD file
ddname volume dsn
Explanation:
Command generation is done per complex. Each complex needs its own output file (since the commands must be sent to the proper complex).
These messages indicate which TYPE=CKRCMD file was used for which complex.
Severity:
00
CKR0667 Extra CNSX without class - file
ddname volume dsn
Explanation:
The Class Descriptor Table in the input source contains less class descriptors than CDT extension (CNSX) records. Possibly a record was truncated in the database unload file or something more serious is happening. Check that the file has DCB attributes RECFM=VBS,LRECL=X.
CKR0663 • CKR0672
Severity:
16
CKR0668 Class
name CNSX mismatch file ddname
Explanation:
The Class Descriptor Table in the input source contains other CNSX pointers than the CDT extension (CNSX) records themselves. Possibly a record was truncated in the database unload file or something more serious is happening. Check that the file has DCB attributes RECFM=VBS,LRECL=X.
Severity:
16
CKR0669
Explanation:
The unload file misses Class Descriptor
Table Extension (CNSX) records starting with the class indicated. Reports may be false.
Severity:
16
Class
name and higher miss CNSX on
file
ddname volume dsn - probably
unloaded with downlevel release
CKR0669 Class
name and higher miss CNSX on
file
ddname - downlevel CNFCOLL does
not support RACF 2.2
Explanation:
The CKFREEZE file misses Class
Descriptor Table Extension (CNSX) records starting with the class indicated. Reports may be false.
Severity:
16
CKR0670 Incompatible RCVT and CNST release -
NEWLIST TYPE=CLASS incomplete allocate proper CKFREEZE for
system
Explanation:
You cannot safely mix RACF 2.2 or higher unloads and CKFREEZEs with lower level
RACF ones for the same system. Consequently, the
NEWLIST TYPE=CLASS output cannot be trusted. Use a consistent input set (for example, an unload and
CKFREEZE produced on the same system).
Severity:
16
CKR0671
Explanation:
You specified a filename reserved for other purposes as the target for the unload. Specify another filename on the DDNAME parameter.
Severity:
12
DDNAME=
ddname is invalid on
UNLOAD
CKR0672 Only one MERGE allowed - previous ignored
Explanation:
More than one MERGE input command was specified. Only the last one specified will be used.
Multiple RACF database merge jobs should be split into multiple runs.
Chapter 5. CKR messages
189
CKR0673 • CKR0680
Severity:
04
CKR0673 Duplicate value for keyword
keyword for
source id
id
Explanation:
In the MERGE input commands, a
MERGERULE SOURCEID=id statement was used to set the option keyword. However, this option had already been set for the same ID in the preceding MERGERULE commands. This is an error.
Severity:
12
CKR0673
Explanation:
In the MERGE input commands, a
MERGERULE SOURCECLASS=class statement was used to set the option keyword. However, this option had already been set for the same general resource class in the preceding MERGERULE commands. This is an error.
Severity:
12
Duplicate value for keyword
keyword for
resource class
class
CKR0674 EOF without ENDMERGE...
ENDMERGE assumed
Explanation:
In the MERGE input commands, the input ended after a MERGE command was read, but before an ENDMERGE command was read. A closing
ENDMERGE is assumed.
Severity:
04
CKR0675 Warning: complex not processed for
ALLOC TYPE=CKRCMD FILE=
ddname
COMPLEX=
name
Explanation:
You specified a CKRCMD output file for the indicated complex, but this complex was not found in the input set. The output file will not be used.
Severity:
00
CKR0676 These groups have an OWNER pararameter that is not equal to the supgroup:
Explanation:
During an IBM Security zSecure Admin database merge, pass 4, it was detected that one or more groups have a MERGERULE SOURCEID
OWNER command. These commands specified a group as new owner; however, the owner specified was not equal to the superior group determined in the previous pass. This is an error. Either specify the desired owner as a superior group, or use a user as owner.
Source
src-grp
Current
cur-grp
New-sup Own-parm
supgrp owner specified
Severity:
12
190
Messages Guide
CKR0677 For the following source-only profiles no current owner could be found:
Explanation:
During an IBM Security zSecure Admin database merge, pass 7, it was detected that one or more data set or general resource profiles only occur on the source database. In addition, no owner could be found on the current database for these profiles: the source owner was not merged, and does not exist on the current database; and the high-level qualifier is not a valid ID on the current database. This is an error. It can often be resolved by selecting the indicated owner to be merged, or by specifying a MERGERULE
SOURCEID OWNER command for the profile's high-level qualifier.
S-owner
owner
Class
class
Profile
profile
Severity:
12
CKR0678 The following profiles have an unresolved access list because no policy was set:
Explanation:
During an IBM Security zSecure Admin database merge, pass 8, it was detected that the access list for one or more data set or general resource profiles contained differences that could not be resolved. This is an error. It can be resolved by specifying a
MERGERULE SOURCEID AUTHORITY command for the profile's high-level qualifier, or by a MERGERULE
DEFAULT AUTHORITY command.
Class
class
Current profile name
profile
Severity:
12
CKR0679
Explanation:
During an IBM Security zSecure Admin database merge, pass 8, an access list ID was encountered that did not exist in the RACF database.
This access list entry will not be merged. You may ignore this message; run VERIFY PERMIT to clean up the RACF database.
Severity:
04
Warning: skipped undefined id "
id"
during merge of access list Id occurred
number times
CKR0680 Skipping non-base segments for profiles
discrete-name
Explanation:
During an IBM Security zSecure Admin database merge, several discrete profiles had an identical name. In addition, non-base segments were found. The non-base segments cannot be assigned to a base segment and will be skipped.
CKR0681 • CKR0690
Severity:
04
CKR0681 General resource class
name is only
present on the source system
(Profiles are not merged)
ignored
Explanation:
During an IBM Security zSecure Admin database merge, pass 1, the general resource class name was encountered, which contains profiles which are selected to be merged. However, the class is only present on the source system. The profiles will not be merged. If a mergerule was specified for the class, a third line ignored will be shown with the format
MERGERULE SOURCECLASS=class ignored.
Severity:
00
CKR0682 General resource class
name is generic
on the source system, not on the current
(SETROPTS GENERIC written to
CKRCMD)
Explanation:
During an IBM Security zSecure Admin database merge, pass 1, the general resource class name was encountered, which contains generic profiles which are selected to be merged. However, generic processing for the class is only active on the source system. A
SETROPTS GENERIC command for the class has been written to CKRCMD. If this is not desired, exclude the class from the database merge.
Severity:
00
CKR0683 General resource class
name is active on
the source system, not on the current
Explanation:
During an IBM Security zSecure Admin database merge, pass 1, the general resource class name was encountered, which contains profiles which are selected to be merged. However, the class is only active on the source system. The profiles will be merged, but may not perform a useful function on the current system.
Severity:
00
CKR0684
Explanation:
During an IBM Security zSecure Admin database merge, pass 8, a conditional access list entry for user or group name was encountered that contains garbage. RACF PTF levels existed in the past that could create such invalid entries. The profiles will be merged, but may miss the remainder of the access list on the current system.
Severity:
08
Invalid conditional access list entry for id
name - skipped Profile: class key
CKR0685 File
filename effective linelength nn
conflicts with first CKRCMD linelength
mm used for NEWLIST DD=CKRCMD
Explanation:
If you use CKRCMD output and process the databases of more than one security complex, then output is not written to one file only. Instead, it is redirected automatically to one TYPE=CKRCMD file per complex. NEWLIST definitions are (can be) linelength-dependent. Because of this it is required that the effective linelength is identical for all these
TYPE=CKRCMD files. This requirement is not present if you do not use a NEWLIST DD=CKRCMD.
Severity:
12
CKR0686 ACF2_CHANGE
num reads beyond
end-of-record
Explanation:
An ACF2 SMF record for a logonid or infostorage change claimed to contain information beyond the end of the record. Possibly the record was truncated.
Severity:
08
CKR0687 Some ACF2_CHANGE values omitted
Explanation:
An ACF2 SMF record for a logonid or infostorage change contained more information than fit into internal zSecure Audit buffers. Some repeat group values will be missing.
Severity:
08
CKR0688 Unknown ACFATYPE
xx
Explanation:
An ACF2 SMF record contained an unsupported value for the field ACFATYPE. The unsupported value is given in hex.
Severity:
20
CKR0689 Unknown ACF2 subtype
xx
Explanation:
An ACF2 SMF record contained an unsupported value as the value for ACSMFREC (the record subtype). The unsupported value is given in hex.
Severity:
20
CKR0690 Unsupported ACF2 mode=x
xx
Explanation:
An ACF2 SMF record contained an unsupported value as the value for ACVMFTF. The unsupported value is given in hex.
Severity:
20
Chapter 5. CKR messages
191
CKR0691 • CKR0699
CKR0691 In
module - description
Explanation:
This is a progress indicator of the merge process.
Severity:
00
CKR0692 File
file additional snapshot was created
at
timestamp
Explanation:
This messages indicates that a
TYPE=CKFREEZE input file contained two concatenated system snapshots. This second snapshot is ignored by IBM Security zSecure.
Severity:
00
CKR0693 Two-pass read of merge source activated
Explanation:
This message indicates that the merge source database has to be read twice to minimize memory usage. This is usually caused by selection fields like ANYSUPGRP that need to know the group-structure to operate.
Severity:
00
CKR0694 Field
fieldaddr fieldname format
outputformat not supported for modify -
defined at
ddname line number
Explanation:
A field was modifiable in principle but the output format used is not supported for modification. If you did not specify an overriding format, then this is an internal error. Contact IBM
Software Support.
Severity:
24
CKR0695 Safety limit of 50 repeat commands exceeded
Explanation:
The MERGE command generation automatically splits commands in pieces of 16KB. After
50 such splits the command was still not complete.
Command generation has been abandoned, because it is highly probable that there is an internal error.
Contact IBM Software Support.
Severity:
08
CKR0696 No CKRCMD for merge
function
Explanation:
A merge was requested but no file was present to generate the commands for the specified database function (source or current).
Severity:
08
CKR0697 Unknown entity type
nn
Explanation:
The profile caching mechanism encountered an unsupported entity type. Contact IBM
Software Support.
Severity:
20
CKR0698 Duplicate connect
user / group
Explanation:
The profile caching mechanism encountered a duplicate connect in a non-RDS RACF database.
Severity:
20
CKR0699 MERGERULE SOURCECLASS specified for class
class but class not found in
source CDT
Explanation:
A MERGERULE SOURCECLASS was specified for a class that is not present in the class descriptor table of the source database. Make sure the class name is specified correctly.
Severity:
12
192
Messages Guide
CKR0700 • CKR0709
Messages from 700 to 799
CKR0700 First volume catalog entries conflict, file
seq volser datasetname first vol2
Explanation:
This message is issued if two ICF catalog entries indicate different first volumes for datasetname, sequence number seq on tape volume volser. There is no way to determine which one is correct; vol2 is the ignored indication.
Severity:
08
CKR0701 First volume conflict in tape mgmnt for file
seq volser datasetname first vol2
Explanation:
This message is issued if two tape catalog entries indicate different first volumes for
datasetname, sequence number seq on volume volser.
There is no way to determine which one is correct; vol2 is the ignored indication.
Severity:
08
CKR0702 First volume conflict tape mgmnt/TVTOC, file
seq volser
datasetname first vol2
Explanation:
This message is issued if a TVTOC entry in the RACF database conflicts with the tape management catalog as to the first volume for
datasetname, sequence number seq on volume volser. The tape management catalog will be considered correct, and the TVTOC indication, vol2, will be ignored.
Severity:
08
CKR0703 First volume conflict tape mgmnt/catlg, file
seq volser datasetname first vol2
Explanation:
This message is issued if an ICF catalog entry conflicts with the tape management catalog as to the first volume for datasetname, sequence number seq on volume volser. The tape management catalog will be considered correct, and the ICF catalog indication, vol2, will be ignored.
Severity:
08
CKR0704 First volume conflict with tape mgmnt, file
seq volser datasetname first vol2
Explanation:
This message is issued if an information source (probably ICF catalog, possibly TVTOC) conflicts with the tape management catalog as to the first volume for datasetname, sequence number seq on volume volser. The tape management catalog will be considered correct, and the other indication, vol2, will be ignored.
Severity:
08
CKR0705 First volume conflict with catalog for file
seq volser datasetname first vol2
Explanation:
This message is issued if an information source (probably ICF catalog, possibly TVTOC) conflicts with an ICF catalog entry as to the first volume for
datasetname, sequence number seq on volume volser. The earlier information will be considered correct, and the new ICF information, vol2, will be ignored.
Severity:
08
CKR0706 First volume conflict catalog/TVTOC for file
seq volser datasetname first vol2
Explanation:
This message is issued if an ICF catalog entry conflicts with a TVTOC entry in the RACF database as to the first volume for datasetname, sequence number seq on volume volser. The TVTOC information will be considered correct, and the ICF catalog indication, vol2, will be ignored.
Severity:
08
CKR0707 Erroneous count in multi-volume link table, complex
volser count count
Explanation:
This message is issued if the count field declaring the number of secondary volumes defined for the complex starting with volser in the ensuing link table is less than 1 or exceeds the maximum value, i.e.,
count is greater than 5 (for a TLMS base record) or 32
(for a TLMS multi-volume record). Any multi-volume link information in this record is ignored.
Severity:
08
CKR0708 Bad sequence number in multi-volume table of complex
volser sequence number
vseq
Explanation:
This message is issued if an entry in a table defining secondary volumes for the TLMS complex starting with volser contains a volume sequence number vseqless than 2. Such entries are skipped.
Severity:
08
CKR0709 CONVERSION
abend-type for TLMS
volume
volser
Explanation:
This message is issued when converting the volume sequence or volume count field in a
CKFREEZE entry representing a TLMS base record for volume volser from packed decimal to binary fails. Any multi-volume information in this record is ignored.
Severity:
20
Chapter 5. CKR messages
193
CKR0710 • CKR0720
CKR0710
Explanation:
This message is issued if vol2 was identified as the vseqth volume of the multi-volume complex starting with volser, but another volume had already been. The new link information is ignored.
Severity:
08
Volume sequence conflict in multi-volume complex
volser sequence
number
vseq ignored vol2
CKR0711 Secondary volume is scratch in nonscratch complex
volser volume vol2
Explanation:
This message is issued if vol2 is a scratch secondary volume in a complex starting with the nonscratch volume volser.
Severity:
08
CKR0712
Explanation:
This message is issued if a nonscratch volume vol2 was linked to a TLMS complex starting with volser, but volser was not identified as the start of a multi-volume complex by its base record or no base record was found for it.
Severity:
08
Alleged first volume denies involvement in complex
volser
referenced by
vol2
CKR0713 Orphan secondary volume in TLMS multi-volume complex
volser orphan
volume
vol2
Explanation:
This message is issued if a nonscratch volume vol2 refers to another volume volser as the first of its TLMS complex, but no appropriate link information was found.
Severity:
08
CKR0714 Multi-volume complex without any secondary volumes
volser count count
Explanation:
This message is issued if a volume volser was identified as the start of a multi-volume complex, but no valid link information was found for it at all.
count is the volume count as indicated in volser's base record.
Severity:
08
CKR0715 Missing secondary volume in multi-volume complex
volser sequence
number
vseq
Explanation:
This message is issued if volser was identified as the start of a multi-volume complex and some link information was found, but an intermediate volume is missing.
194
Messages Guide
Severity:
08
CKR0716 Non-VSAM data set found in VVDS but not in VTOC -
volser datasetname
Explanation:
Incidental cases may be the result of actions performed by the system between reading of the VTOC and the VVDS by zSecure Collect (opening the VVDS takes a considerable amount of time). If this message is reproducible for the same data set (run zSecure Collect again first), then a problem exists.
Perform the IDCAMS DIAGNOSE function on the
VVDS: maybe a DELETE NVR command will help.
Severity:
08
CKR0717 Non-VSAM data set found in VVDS multiple times -
volser datasetname
Explanation:
When deleting data sets a non-VSAM
SMS-managed data set will be DELETEd primarily via the catalog mentioned in the NVR and DELETEd
NOSCRATCH from other catalogs. This message indicates multiple NVRs were found, so the generated commands do not have the NOSCRATCH keyword for several catalogs for a single data set; this means one or more commands may fail. Be extra attentive when reviewing the generated commands.
Severity:
08
CKR0718 Resource deletion: DELETE non-VSAM
volser datasetname catalogname
Explanation:
This message indicates a DELETE was generated for a non-VSAM data set called datasetname.
If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed.
Severity:
00
CKR0719 Resource deletion: DELETE non-VSAM
NOSCRATCH
volser datasetname catalogname
Explanation:
This message indicates a DELETE
NOSCRATCH was generated for a non-VSAM data set called datasetname. If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed.
Severity:
00
CKR0720 Resource deletion: SUPPRESS del n-vsam noscr
volser datasetname catalogname
Explanation:
This message indicates a DELETE
NOSCRATCH would have been generated for a non-VSAM data set called datasetname if you would have allowed the generation of DELETE NOSCRATCH
commands. If catalogname equals default catalog no catalog keyword would have been specified, else the command would have been specifically directed to the catalog displayed.
Severity:
00
CKR0721
Explanation:
This message indicates a DELETE was generated for a VSAM cluster called datasetname. If
catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed.
Severity:
00
Resource deletion: DELETE cluster
datasetname catalogname
CKR0722 Resource deletion: DELETE cluster
NOSCRATCH
datasetname catalogname
Explanation:
This message indicates a DELETE
NOSCRATCH was generated for a VSAM cluster called
datasetname. If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed.
Severity:
00
CKR0723 Resource deletion: SUPPRESS delete cluster NOSCRATCH
datasetname catalogname
Explanation:
This message indicates a DELETE
NOSCRATCH would have been generated for a VSAM cluster called datasetname if you would have allowed the generation of DELETE NOSCRATCH commands. If
catalogname equals default catalog no catalog keyword would have been specified, else the command would have been specifically directed to the catalog displayed.
Severity:
00
CKR0724 Resource deletion: DELETE
GENERATIONDATAGROUP
datasetname catalogname
Explanation:
This message indicates a DELETE
GENERATIONDATAGROUP was generated for a GDG called datasetname. If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed.
Severity:
00
CKR0725 Resource deletion: DELETE ALIAS
aliasname catalogname
Explanation:
This message indicates a DELETE ALIAS was generated for a catalog alias called aliasname. If
catalogname equals master catalog no catalog keyword was specified, so the command will act on the active master catalog; else the command was specifically
CKR0721 • CKR0729
directed to the catalog displayed, normally a nonactive master catalog.
Severity:
00
CKR0726 Resource deletion: DELETE non-VSAM
DSCB from
volser datasetname reason
Explanation:
This message indicates a command sequence ALLOCATE - FREE DELETE was generated to delete the DSCB of a non-VSAM data set called
datasetname residing on volume volser because no suitable DELETE was possible. This is the case if the data set is cataloged on the default system, but not in any connected catalog, in which case reason will be
unconnected catalog
; or if it is only in catalogs on
DASD that is not shared with the default system, in which case reason will be remote catalog not shared; or if no catalog entry was found at all, in which case
reason will be not in any catalog anywhere.
Severity:
00
CKR0727 Resource deletion: orphan non-VSAM
DSCB kept
volser datasetname reason
Explanation:
This message indicates a command sequence ALLOCATE - FREE DELETE would have been generated to delete the DSCB of a non-VSAM data set called datasetname residing on volume volser if you would have allowed the generation of such sequences because no suitable DELETE was possible.
This is the case if the data set is cataloged on the default system, but not in any connected catalog, in which case reason will be unconnected catalog; or if it is only in catalogs on DASD that is not shared with the default system, in which case reason will be remote
catalog not shared
; or if no catalog entry was found at all, in which case reason will be not in any catalog
anywhere
.
Severity:
00
CKR0728
Explanation:
This message is issued if two ICF catalog entries indicate different previous volumes for the same disk volume serial. There is no way to determine which is correct; vol2 is the ignored link.
Severity:
08
Catalog entries disagree on the previous volume of
diskvolser datasetname previous
vol2
CKR0729 First volume of catalog entry is secondary in other
diskvolser datasetname
Explanation:
This message is issued if one ICF catalog entry indicates that disk volume diskvolser is the first volume of datasetname, while another indicates it is a secondary volume. The entry encountered first is considered correct, the other is ignored.
Chapter 5. CKR messages
195
CKR0730 • CKR0778
Severity:
08
CKR0730 Resource copying: DEFINE ALIAS
aliasname catalogname
Explanation:
This message indicates a DEFINE ALIAS was generated for a catalog alias called aliasname. If
catalogname equals master catalog no catalog keyword was specified, so the alias will be defined in the active master catalog; else the command was specifically directed to the catalog displayed, normally a nonactive master catalog. The new alias is related to the same catalog as the alias copied (not shown).
Severity:
00
CKR0731 RACFVARS profile key has no leading
'&':
profilename complex complex version
Explanation:
A general resource profile was encountered in class RACFVARS with an unexpected format.
Severity:
04
CKR0732 No CKFREEZE present, no resource
management commands are generated
Explanation:
This message indicates that certain types of commands pertaining to resources would have been generated if a CKFREEZE had been present.
management is equal to either deletion or copying if only resource deletion or copying commands would have been generated, or deletion and copying if both would have been. This message is also echoed to the
CKRCMD file. It is not issued when these functions are explicitly suppressed or not implied.
Severity:
00
CKR0733 VSM area conflict:
address is type1 name1
and
type2 name2
Explanation:
Contact IBM Software Support.
Severity:
16
CKR0734 Imbed failed, file
ddname1 not allocated
at
ddname2 line number
Explanation:
This message indicates that the external data source could not be imbedded, because the specified ddname, ddname1, was not allocated.
Severity:
12
CKR0735 IMBED parameters FILEDESC/PATH mutually exclusive with DD/MEM at
ddname line number
Explanation:
The imbed statement can only contain one external data source.
196
Messages Guide
Severity:
12
CKR0736
Explanation:
Use of the indicated field is not supported for this newlist type.
Severity:
12
field field invalid for NEWLIST TYPE=
type
CKR0737
Explanation:
This message is issued when the owner specified for a copy user action is not defined in the complex mentioned.
Severity:
12
Requested new owner
owner is
undefined on complex
complex
CKR0738 Requested new default group
group is
undefined on complex
complex
Explanation:
This message is issued when the default group specified for a copy user action is not defined in the complex mentioned.
Severity:
12
CKR0739 Resource deletion: DELETE migrated cluster MIGRAT
dsname catalog
Explanation:
This message indicates that a migrated
VSAM cluster data set name present in the HSM MCDS has a high level qualifier that should be deleted. A
DELETE PURGE command has been generated to accomplish a delete without automatic restore.
Severity:
00
CKR0740...CKR0777
message
Explanation:
All messages in this range are internal error messages generated as a result of internal consistency checking. Contact IBM Software Support.
Severity:
24
CKR0778
Explanation:
The PROTECTED parameter allows you to set up a user ID that cannot be used to log on. The
NEWPASSWORD and NEWPHRASE parameters are used to establish a password or password phrase for a user ID.
User response:
If you want to set up a user ID that has a password or password phrase, remove the
PROTECTED parameter. If you want to set up a user
ID that cannot be used to logon, remove the
NEWPASSWORD or NEWPHRASE parameters.
Severity:
12
The PROTECTED parameter cannot be used with either the NEWPASSWORD or NEWPHRASE parameters.
CKR0779...CKR0785 • CKR0799
CKR0779...CKR0785
message
Explanation:
All messages in this range are internal error messages generated as a result of internal consistency checking. Contact IBM Software Support.
Severity:
24
CKR0786 CKRXINIT.CKRDIDID: Identity filter name is longer than 246 -
name
Explanation:
The DMAPNAME field in a user profile contains an identity filter reference that exceeds the maximum length supported. The RACMAP_REGISTRY field might miss values.
Severity:
20
CKR0787
message
Explanation:
This internal-error message is generated as a result of internal consistency checking. Contact
IBM Software Support.
Severity:
24
CKR0788 Owner field for user
userid not filled in
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0789...CKR0791
message
Explanation:
All messages in this range are internal error messages generated as a result of internal consistency checking. Contact IBM Software Support.
Severity:
24
CKR0792 End of used area in middle of profile:
ddname block blockno segment offset
segno
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0793 Database conflict for
complex between
ddname1 and ddname2 - specify unique
complex names
Explanation:
Multiple security databases were found for the same complex name. This can be caused by a default complex name being derived (for example, from
ZSECSYS) that is the same as an explicitly specified complex name.
User response:
Make sure that you use a unique complex name for each security database.
Severity:
16
CKR0794 CKROUBU range error, TLHVIX=
num1
BUHD#TLHD=
num2
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0795 BUNDLEBY not found
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0796
Explanation:
This message indicates an internal error condition in the zSecure Audit Library Update report.
Contact IBM Software Support.
Severity:
24
CKACMEM: No dataset context available
CKR0797 CKACMEM: No TVOL for
dataset volume
Explanation:
This message indicates an internal error condition in the zSecure Audit Library Update report.
Contact IBM Software Support.
Severity:
24
CKR0798 CKACMEM: No CVOL for
dataset volume
Explanation:
This message indicates an internal error condition in the zSecure Audit Library Update report.
Contact IBM Software Support.
Severity:
24
CKR0799 CKACMEM: No CFIXB
dataset volume
Explanation:
This message indicates an internal error condition in the zSecure Audit Library Update report.
Contact IBM Software Support.
Severity:
24
Chapter 5. CKR messages
197
CKR0800...CKR0802 • CKR0842
Messages from 800 to 899
CKR0800...CKR0802
message
Explanation:
These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support.
Severity:
00
CKR0803
Explanation:
This message indicates that the RACF database data set specified above as a part of the VM installation process either does not exist or is not an OS formatted RACF database file. Check your VM installation to ensure that you specified the correct options.
Severity:
16
Invalid OS formatted RACF DB specified for ddname
data.set.name
CKR0804 Error OS formatted RACF DB has
nn
extents. Only able process if it has 1 extent
Explanation:
This message indicates that the RACF database data set specified above as a part of the VM installation process either does not exist or is not an OS formatted RACF database file. Check your VM installation to ensure that you specified the correct options.
Severity:
16
CKR0805 I/O error on device
nnnn cc=mm R15=nn
Explanation:
This message indicates that an I/O error occurred attempting to issue a DIAG A8 to return the sense information for the OS formatted RACF database.
Submit an error report to IBM Software Support.
Severity:
08
CKR0806
Explanation:
This message indicates that an error occurred during an attempt to issue a FILEDEF command either for a CMS file (fn ft fm) or for the OS formatted RACF database (data.set.name). Submit an error report to IBM Software Support.
Severity:
08
FILEDEF error RC=
nn for ddname fn ft
fm/data.set.name
CKR0807 Internal error CKRCCHH RC=16
Explanation:
This internal message indicates that an invalid relative track number was passed to the
CKRCCHH routine. Submit an error report to IBM
Software Support.
Severity:
08
198
Messages Guide
CKR0808
TTT conversion result CCCC HHHH
nnnn not in extent mmmm - ooooo for
pppExtent 0 range qqqq - rrrr
Explanation:
During an attempt to convert a relative track address to an absolute track address, the
CKRCCHH routine encountered an error. The error indicates that the relative track was outside extent for the OS formatted RACF database. Submit an error report to IBM Software Support.
Severity:
24
CKR0809...CKR0836
message
Explanation:
These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support.
Severity:
0
CKR0837 IDENTIFY RC=
n for CKRSRVIN at
address
Explanation:
This message indicates a failure of the
IDENTIFY service to establish the indicated module name at the indicated address.
User response:
See the MVS documentation for the
"IDENTIFY service."
Severity:
12
CKR0841 Severe SRVIN error PC RC=
n - issuing
user abend 841
Explanation:
While reading from a remote node, an error condition was returned by the Program Call interface of the server.
User response:
Verify that the server is active, then restart the server and try again.
Severity:
16
CKR0842 SPECPROC returned length out of range
R0=
xxxxxxx - issuing user abend 842
Explanation:
This message indicates that one of the internal interfaces related to the zSecure Server received an unexpected length and issued an abend.
User response:
Look for the message on the IBM support site. If no solution is posted, collect SYSPRINT on both the local and remote sides and contact IBM
Software Support.
Severity:
16
CKR0843 • CKR0875
CKR0843
Explanation:
This message indicates record recno of
UNIX file path in FILEDATA=RECORD format has bytes bytes. This value exceeds the maximum allowed number of bytes: max_bytes. This indicates that the file is corrupted. Consequently, no attempt is made to read further records from the file. The file is closed.
Severity:
08
FILEDATA=RECORD record
recno has
bytes bytes (hex), exceeding max_bytes
bytes; closing file
ddname path
CKR0844
Explanation:
This message indicates that an end-of-file was reached for UNIX file path in FILEDATA=RECORD format in the middle of a record. This is an indication that the file is corrupted.
Severity:
08
Last FILEDATA=RECORD record truncated by end-of-file
ddname path
CKR0845 CKNSRVIR queue
file message type from
zsecsys length length because waiting on
zsecsys2 file file2
Explanation:
This message is written only if requested by a DEBUG CKNSRVIR_POST statement. If you need information about this message, contact IBM Software
Support.
Severity:
0
CKR0846
Explanation:
This message is written only if requested by a DEBUG CKNSRVIR_POST statement. If you need information about this message, contact IBM Software
Support.
Severity:
0
CKNSRVIR return queued
file message
type from zsecsys length length
CKR0848 DTISPF.FMTVXML called but not yet enabled
Explanation:
This message indicates a problem with the routine to escape characters for XML output.
User response:
See the Electronic Support Web site for possible maintenance associated with this message. If you cannot find applicable maintenance, contact IBM
Software Support and provide a description of how to recreate this problem for analysis.
Severity:
24
CKR0849...CKR0850
message
Explanation:
These are messages from architectural subcomponents. If you need information about these messages, contact IBM Software Support.
Severity:
00
CKR0851
Explanation:
A program call to the zSecure Server program was attempted while it was performing a termination sequence.
User response:
No action is required. If you need assistance about this message, contact IBM Software
Support.
Severity:
00
Local CKNSERVE server no longer available (user abend 214 (x'0D6'))
CKR0874 RECFM=V(BS) RDW
hex exceeds
LRECL=
lrecl at record n ddname volser
dsname
Explanation:
This message indicates invalid record contents for a RECFM=V(B)(S) data set. The record descriptor word does not match the DCB parameters.
The Record Descriptor Word (RDW) is shown in hexadecimal. The first 2 bytes are the record length including the RDW. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
CKR0875 RECFM=V(BS) BDW
hex exceeds
BLKSIZE=
blksize at record n ddname
volser dsname
Explanation:
This message indicates invalid block contents for a RECFM=V(B)(S) data set. The block descriptor word does not match the DCB parameters.
The Block Descriptor Word (BDW) is shown in hexadecimal. The first 2 bytes are the block length including the BDW, unless the high order bit is on, in which case it can be a large block 4 byte length. This is handled as an end-of-file condition. The severity is 4 to avoid disrupting processes that might encounter empty data sets and need to continue.
User response:
Recreate the data set or omit the data set from the input.
Severity:
04
Chapter 5. CKR messages
199
CKR0876...CKR0899 • CKR0910
CKR0876...CKR0899
message
Explanation:
These are messages from architectural subcomponents. If you need information about these
Messages from 900 to 999
CKR0900
debug message
Explanation:
This debug message is only relevant for
IBM Software Support and is not present in any
Generally Available version of the software.
Severity:
00
CKR0901
Explanation:
This message indicates a problem in formatting the display. Unexpected data may be displayed.
User response:
Contact IBM Software Support and provide a description of how to recreate this problem for analysis.
Severity:
24
DTISPF internal error: MX#B >
DTLNLEN
CKR0902 ENDDTPRO error: written beyond
DTLNLEN
Explanation:
This message is followed by a user abend 902. It indicates that the program is terminating because of a problem.
User response:
Make sure you have no DEBUG command in your input and try again. If the problem persists without DEBUG options, contact IBM Software
Support.
Severity:
24
CKR0904
Explanation:
A data set to which only conditional
(PADS) access was granted was requested for SYSIN or
XMLIN input. Unconditional read access is needed to read this type of data. The data set is not processed.
Severity:
12
Unconditional access is required to read from file
file vol dsn(member)
CKR0905 A member name is required to read from file
ddname data set dsn
Explanation:
An imbed statement was present referring to a PDS(E) data set, but the member to be read from that data set was not specified. Add the correct member to the imbed statement and resubmit the query.
Severity:
12 messages, contact IBM Software Support.
Severity:
00
CKR0907 DYNALLOC trace: SVC 99 return code
nn - meaning
Explanation:
This message is issued either because of
DEBUG SVC99, or because of a failed SVC99 where
DAIRFAIL did not return a message text. It has continuation lines detailing the individual text units contents after SVC 99 (DYNALLOC) completion.
Severity:
00
CKR0908
Explanation:
CCSID conversion has failed (for details, see CKR0917). Fallback was allowed or forced by
SUPPRESS MSG=917, but there is no fallback support for this specific CCSID pair. This message is issued only once per CCSID pair.
Severity:
16
CCSID conversion from
nn to mm fails
and no fallback
CKR0908 CCSID conversion from
nn to mm
system abend 019-00 because z/OS V1R2 or higher is required
Explanation:
The Unicode services are required for the requested function or input, but not available on this operating system level. Hence the translation service issued a system abend 019 reason code 0 ("downlevel system" ). No fallback is possible. The program may subsequently terminate with another S019-00 abend.
Severity:
16
CKR0909 CCSID conversion from
nn to mm
fallback to simple low-128 character translation
Explanation:
CCSID conversion has failed (for details, see CKR0917). Fallback will be done because either there was no explicit request for UTF-8 output, or because message 917 was explicitly suppressed.
Fallback means that a simple ASCII translation will be done. This implies that any UTF-8 characters that are not the equivalent of the low 128 ASCII characters will be displayed as one or more dots (depending on the length of the UTF-8 character). Possibly whole names consist only of dots in this fallback mode. This message is issued only once per CCSID pair.
Severity:
00
CKR0910 HLLENQ status report
identifier
200
Messages Guide
CKR0911 • CKR0916
Explanation:
These messages are issued in response to
DEBUG ENQ.
Severity:
00
CKR0911
service RC=rc hex RSN=rsn hex [for
qname-scope rname]: explanation
Explanation:
A call to the indicated service (either
ENQ or ISGENQ) did not complete with RC=0. This may happen for a perfectly innocent reason, such as an
APF authorized program issuing an ENQ against the unauthorized QNAME CKRDSN. Hence, this message should be considered informational only.
Severity:
00
CKR0912 STIMERM error:
explanation
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0913 Serialization could not obtain all ENQs
Explanation:
The program could not obtain ENQs on all requested resources, and hence cannot continue. The resource for which no ENQ could be obtained has been identified in a preceding message CKR0911.
Severity:
16
CKR0913 Serialization encountered a serious error
Explanation:
The program attempted to obtain ENQs on all requested resources, but encountered an unexpected condition. The run cannot continue. Look for a preceding message CKR0911 to identify the exact cause of the failure.
Severity:
16
CKR0913 Serialization has obtained all ENQs
Explanation:
The program successfully obtained ENQs for all requested resources.
Severity:
00
CKR0913 Serialization starts waiting for ENQs
Explanation:
The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. The program will wait for the remaining resources to become available. Look for a preceding message CKR0911 to identify the resources that were not immediately available.
Severity:
04
CKR0913 Serialization WAIT timed out
Explanation:
The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. After waiting for the number of minutes specified on the MAXWAIT subparameter of the OPTION SERIALIZATION command, one or more required resources were still unavailable. The program gives up and aborts the run. Look for a preceding message CKR0911 to identify the unavailable resources.
Severity:
16
CKR0914 Multiple HLLQENQ
ACTION=xxx,ID=
id calls without an
intervening HLLQDEQ ID=
id or
HLLQDEQ ALL are not supported
Explanation:
Contact IBM Software Support.
Severity:
24
CKR0915 UNIX write record
nn failed RC nn
[
meaning] reason qqqq rrrrx [meaning] file
ddname path
Explanation:
This message indicates that a BPX1WRV call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the
IBM Unix System Services manual to look up other return and reason codes.
Severity:
16
CKR0915
Explanation:
This message indicates that the compression routines found a severe error. A user abend 915 is issued. Contact IBM Software Support.
Severity:
16
Deflate record
nn failed RC nn meaning,
file
ddname pathname
CKR0916 CCSID conversion from
nn to nn
warning RC=
nn reason rrrrrrrr x meaning
[Length left for source
nnn target nnn]
[Suspect length>16MB source
xxxxxxxx
target
xxxxxxxxx]
Explanation:
This message indicates a failure in conversion of character encoding between the indicated
CCSIDs. 1208 stands for UTF-8; 37, 1140, 1147 are typical EBDIC encodings. A common cause is printing into columns that are too small—while the UTF-8 representation can be wider than the EBCDIC representation—or trying to convert while a SET UNI command is in progress (for example, to load new conversion tables). The severity is 4 to indicate that the program continues operation.
Chapter 5. CKR messages
201
CKR0917 • CKR0925
The message can contain a subline about suspect length, followed by a user abend 916. If this occurs, contact IBM Software Support. This message (and the abend) is suppressible.
Severity:
04
CKR0917 CCSID conversion from
nn to nn error
RC=
nn reason nnnn x meaning [Suspect
length>16MB source
nnn target nnn]
Explanation:
This message indicates a severe failure in the conversion of character encoding between the indicated CCSIDs. 1208 stands for UTF-8; 37, 1140, 1147 are typical EBDIC encodings. Common causes are: the absence of the proper conversion image needed for conversion between the indicated CCSIDs, or no SET
UNI having been done at all to load conversion images
(on lower z/OS releases).
You may need to contact the person who maintains
Unicode support on your system.
The message can contain a subline about suspect length, followed by a user abend 917. If this occurs, contact IBM Software Support. This message (and the abend) is suppressible. If suppressed, fallback to a basic
ASCII translation will be attempted, but all non-US characters will translate to one or more dots.
Suppressing while ENCODING=UTF-8 is specified for an output file is not recommended, in the sense that the output is not guaranteed to conform to the UTF-8 standard.
The severity of this message is 4 if fallback was to be attempted and 16 if fallback was not allowed due to
ENCODING=UTF-8. If this message is explicitly suppressed by a SUPPRESS MSG=917 command, then fallback to an ASCII translation will be attempted even if an ENCODING=UTF-8 request is present. In case of a fallback attempt a message CKR0908 or CKR0909 will be issued.
Severity:
04 or 16
CKR0918 Uninitialized anchor passed to CCSID conversion
Explanation:
This message indicates a program failure where conversion is requested without first telling between which encodings. Contact IBM Software
Support.
A user abend 918 is issued. This message (and the abend) may be suppressed, but results are unpredictable.
Severity:
24
CKR0919 Record with negative length
length
directed to
ddname behind record recno
Explanation:
An invalid record was passed to the output routine. An empty record has been written instead. Contact IBM Software Support.
Severity:
24
CKR0920 DELDUP: Element size is
size - DICT
option ignored
Explanation:
A field with a specified or implied
NODUP option was handled incorrectly. This may appear as a storage leak. Contact IBM Software
Support.
Severity:
24
CKR0921 DELDUP: Called with element size 0
Explanation:
A field with a specified or implied
NODUP option was handled incorrectly. The field will not be sorted. Contact IBM Software Support.
Severity:
24
CKR0922 DELDUP: Called with NIL pointer
Explanation:
A field with a specified or implied
NODUP option was handled incorrectly. The field will not be sorted. Contact IBM Software Support.
Severity:
24
CKR0923 Input from a TSO/E terminal is not supported - DD
ddname
Explanation:
Input from a TSO/E terminal in line mode is not supported.
Severity:
20
CKR0924 DD
ddname DSN dsn invalid block size:
blksize
Explanation:
After ddname has successfully been
OPENed, its DCB must indicate a positive block size unless ddname is a DUMMY device.
Severity:
16
CKR0925 Member
member DDname ddname
DSname
dsn Problem description
Explanation:
The program received a non-zero return code from the FIND SVC when trying to locate the indicated member. The problem description on the second line gives the exact nature of the problem.
Severity:
16
202
Messages Guide
CKR0926 • CKR938I
CKR0926 LOAD of module
module failed
Explanation:
The program expected the module named to be available. However, it could not be found.
Contact IBM Software Support.
Severity:
16
CKR0927
Explanation:
This is an internal error that indicates that a subroutine could not be called via LE. Contact
IBM Software Support.
Severity:
20
CEEPIPI(call_sub) to
procedure failed:
reason
CKR0928 LE environment could not be
established|terminated, RC rc
Explanation:
This is an internal error in the Language
Environment
® processing. Contact IBM Software
Support.
Severity:
20
CKR0929
procedure call type type on ddname after
record
recno reports: msg
Explanation:
The specified procedure, used on an
ALLOCATE GETPROC= statement, issued a nonzero return code with explanation msg. If msg contains a
C2P message number, check the IBM Security zSecure
Alert: User Reference Manual. In other cases, contact IBM
Software Support. Recno indicates the number or records that were successfully obtained.
Severity:
08
CKR0930 Block count unequal - information may be missing for
ddname
Explanation:
This message can occur when reading from tape. It indicates that during End Of Volume processing of one or more tapes allocated to the ddname the block count as recorded in the DCB differs from the block count in the trailer label of the tape. The information read may not be complete.
Severity:
08
CKR0931
Explanation:
A buffer overrun occurred in the format procedure proc. This message will be followed by a user
ABEND 931. Contact IBM Software Support. It is possible to suppress the user ABEND 931 by specifying
SUPPRESS FMTABEND (see reference to Command
Language, SUPPRESS, FMTABEND), however this can result in corrupted output or other errors.
Severity:
24
proc: Buffer overrun - destinationlength
sourcelength:data
CKR0932
proc: Dictionary entry at address:
hash=
storedhash, should be actualhash for
value
Explanation:
The specified dictionary entry was damaged, which was noted by proc. Contact IBM
Software Support.
Severity:
24
CKR0933
Explanation:
A delete request for the dictionary entry at the indicated address and with the displayed characteristics returned a nonzero return code rc.
Contact IBM Software Support.
Severity:
24
DICTDEL: LISTDEL for
address. hash32
avll avlr bc llll returned RC=rc
CKR0934 Value
value too large
Explanation:
This message indicates that the input parser received a numerical value that was too large.
The maximum value that can be processed by the input parser is 2147483647.
Severity:
12
CKR0935
Dictionary Statistics
Explanation:
These messages are issued in response to
DEBUG DICT and can be used to determine the performance of the dictionary reference mechanism.
Severity:
00
CKR0936 DICTDEL called with NIL reference address
Explanation:
A dictionary reference delete request was issued that did not specify what reference to delete.
Contact IBM Software Support.
Severity:
24
CKR0937
routine internal error for string length
length
Explanation:
The indicated routine failed in an attempt to add a dictionary entry with the indicated characteristics. If routine is DICTNEW, this may be a request to add an entry that already existed. Contact
IBM Software Support.
Severity:
24
CKR938I Repeated ATTN, enter C(ont)
T(erminate) or A(bend) -
Explanation:
This interactive prompt offers the option to terminate or abend the program after a repeated attention.
Chapter 5. CKR messages
203
CKR0939 • CKR0951
CKR0939 Terminated due to repeated attention
Explanation:
Message written if T was selected at the
CKR0938 prompt.
Severity:
16
CKR0942 Environment mismatch for product code
code
Explanation:
This message indicates that while code for the product code identified was installed, it is not running in its proper environment. For instance, some product codes are limited to UNIX tasks under z/OS, some to non-UNIX tasks under z/OS, and some to z/VM.
Severity:
00
CKR0943 More than 10 files for TEXTPIPE, skipping file
name
Explanation:
The current implementation of ALLOC
TEXTPIPE is limited to a maximum of 10 files to be put into the pipe. The indicated file will be processed
'normally', i.e. without redirection to the textpipe.
Severity:
16
CKR0944 UNIX
type close RC nn [meaning] reason
qqq rrrr x [meaning] file ddname path
Explanation:
This message indicates that a BPX1CLO call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the
IBM Unix System Services manual to look up other return and reason codes.
The type can be 'wronly' or 'rdonly'.
Severity:
16
CKR0945 UNIX
action failed RC nn [meaning]
reason
qqq rrrr x [meaning] file ddname
path
Explanation:
This message indicates that a BPX1OPN,
BPX1FCR, BPX1FST, BPX1FCA, or BPX1FCT call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqq and reason code rrrr, both in hexadecimal format. For well-known return codes and reason codes, the numeric values are followed by an explanatory string.
Use the IBM Unix System Services manual to look up other return and reason codes.
The action can be 'wronly open', 'fchattr filefmt', 'fstat',
'fcntl filetag', 'fchaudit', or 'rdonly open'.
Severity:
16
204
Messages Guide
CKR0946 Unix record larger than buffer size
buflength- split
Explanation:
This message warns that a record that originally was very large is now processed as two separate records.
Severity:
04
CKR0947
Explanation:
This message indicates that a BPX1RED
(UNIX read) call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes, the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to look up other return and reason codes.
Severity:
16
Reading filedesc
off failed RC nn
[
meaning] reason qqqq rrrr x [meaning] file
ddname path
CKR0948 Enablement information corrupt for product code
code
Explanation:
This message shows a problem with product installation or entitlement.
User response:
Contact your system programmer to verify successful installation.
Severity:
16
CKR0949 Product code
code installed and non-APF
registration limit exceeded
Explanation:
This message is issued in response to
DEBUG LICENSE for products that are installed but cannot be registered because the MVS limit for product registration by non-APF programs has been exceeded.
Severity:
00
CKR0950 Code not installed here for product code
code
Explanation:
This indicates that you are attempting to run functionality for a product that is not installed here.
Severity:
16
CKR0951 system abend
code (desc) trying to load
module
module
Explanation:
This message indicates a failure to load a module and the reason. Abend 806 means the module could not be found. Abend 306 may mean that a controlled environment was present and the module to be loaded was not program controlled.
Severity:
08
CKR0953
Explanation:
This message indicates a failure reading the indicated VSAM data set.
Severity:
16
action RPL error rc=nn reason=nn for dd
dsn on vol after nn records
CKR0954
Explanation:
This message indicates a failure reading the indicated VSAM data set.
Severity:
16
action ACB error rc=nn code=nn for dd
dsn on vol
CKR0955
program task heap STORAGE REQUEST
ERROR: SIZE NOT POSITIVE
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
CKR0959
Explanation:
Restart ISPF and if the problem persists, contact IBM Software Support.
Severity:
08
type PQUERY area DTAREA on panel
panel return code rc
CKR0960 Written
command
Explanation:
This message is issued by the command-execution module. It means that the indicated command was successfully written to
CKRTSPRT.
Severity:
00
CKR0960 Successful
command; command2
Explanation:
This message is issued by the command-execution module. It means that the indicated command or commands were successfully executed.
Severity:
00
CKR0960 TSOCMD RC=
code (decimal) for
command; command2
Explanation:
This message is issued by the command-execution module. It means that the indicated command or commands were executed but returned the indicated result code. Typically, this indicates that an error occurred in the command. This
RC is the same as documented as CKX return code
under Chapter 7, “CKX messages,” on page 329.
CKR0953 • CKR962A
Severity:
00
CKR0961
function failed - error message
Explanation:
This message is issued by the command-execution module, and means that the ISPF
function (which can be BROWSE or LMFREE) failed.
The error message returned by the function is included.
Severity:
00
CKR0961 LMINIT failed -
error message
Explanation:
This message is issued by the command-execution module, and means that the ISPF
LMINIT function failed. The error message returned by the function is included.
Severity:
12
CKR0962 IKJTSOEV module not found
Explanation:
This message is issued by the command-execution module, and indicates a TSO/E environment could not be established because the
TSO/E environment module was not found. This can be caused by older TSO releases. This will cause return code 20 when encountered as part of an attempt to execute a TSO command, and otherwise 8.
Severity:
08
CKR0962 IKJTSOEV return code
cc reason code rr
service reason code
src (decimal)
Explanation:
This message is issued by the command-execution module, and indicates a TSO/E environment could not be established because the
TSO/E environment module failed with the indicated return and reason codes.
Severity:
08
CKR0962 SVC 202 return code
cc
Explanation:
This message is issued by the command-execution module, and indicates a failure to execute a CMS command.
Severity:
08
CKR962A Command terminated by attention
Explanation:
This message is issued by the command-execution module, and indicates a command was terminated by pressing the ATTN key.
Severity:
08
Chapter 5. CKR messages
205
CKR962B • CKR962S
CKR962B Command not supported in background
Explanation:
This message is issued by the command-execution module and indicates a command could not be executed through the TSO service facility.
This can be caused, for example, by not including
CKGRACF in the TSO authorized command list
(AUTHCMD) in PARMLIB member IKJTSOxx. You can activate changes to this member without an IPL by using the TSO PARMLIB command. For more information on the PARMLIB command, see the TSO/E
System Programming Command Reference.
Severity:
08
CKR962C Command failed
abend code
Explanation:
This message is issued by the command-execution module, and indicates a command ended abnormally with the indicated abend code.
Severity:
08
CKR962E Not running in a TSO/E environment
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because command environment was not TSO/E.
Severity:
08
CKR962F Command failed, return code
code
(decimal)
Explanation:
This message is issued by the command-execution module. It indicates a command was unsuccessful and returned the indicated result code.
If the message preceding this message is CKG740I, see the explanation of CKG740I. For all other situations, determine the command that was run and check the appropriate manual for possible return codes. For
RACF commands, possible return codes are documented in the RACF Command Language Reference.
Severity:
08
CKR962G CKGRACF command produced a warning; return code 4
Explanation:
The CKGRACF command was executed successfully but did produce a warning message.
Severity:
08
CKR962L Command could not be found in an authorized library.
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the
CKGRACF authorized component, which failed
206
Messages Guide because CKGRACF was not part of an authorized library in the linklist, or was not found in an
APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized.
Severity:
08
CKR962M Command may have failed, return code
<n>
Explanation:
This message indicates that a command returned a nonzero return code less than or equal to 4.
This message causes a minimum return code of 4. It depends on the command whether this is a partial failure or a warning.
Severity:
08
CKR962N Command not allowed from APF mode -
command
Explanation:
This message is issued by the command-execution module, and indicates that the indicated command is not in the TSO AUTHCMD list and also not in a built-in list of safe commands to be called from an APF authorized program. If the command was requested by yourself, try running it under IKJEFT01 or without APF authorization. If this message is in response to a function, call IBM Software
Support.
CKR962O Command has flushed TSO stack relogon required to close output trap file
Explanation:
This message is issued by the command-execution module. Generally this means that subsequent command output is not written to the
SYSPRINT file. It may be lost or shown in line mode after leaving zSecure. Depending on the z/OS release, it may be sufficient to leave and reenter ISPF to restore normal behavior. In the worst case, a relogon may be required.
CKR962P CLIST processing through % not supported
Explanation:
This message is issued by the command-execution module. It indicates an attempt to run an CLIST using the % operator. Execution of
CLISTs is not supported.
Severity:
08
CKR962S IKJEFTSR fails return code
error reason
code
reason
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed. The command returned the indicated error code and reason code.
Severity:
08
CKR962T Command failed, ATTACH rc
rc
(decimal)
Explanation:
This message is issued by the command-execution module, and indicates failure to attach a TSO command.
Severity:
08
CKR962U Unauthorized functions cannot be invoked from an authorized environment
Explanation:
This message should not occur. Contact
IBM Software Support.
Severity:
08
CKR962W Command not found
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the
CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the linklist, or was not found in an
APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized.
Severity:
08
CKR962X Syntax error in the command name
Explanation:
This message is issued by the command-execution module, and indicates a TSO command could not be executed, because the name was not syntactically correct.
Severity:
08
CKR962Y Authorized commands not supported in dynamic TSO environment - call from
IKJEFT01 instead
Explanation:
This is caused by a NEWLIST with the
CMD option running in an unauthorized environment.
When using the CMD option, an APF authorized environment is required, for instance by running under the TSO monitor program IKJEFT01, or by running under zSecure Alert. Note that the zSecure Audit main program CKRCARLA itself should not be installed as
APF-authorized. As an alternative to the CMD option, you may write the output to a file and run procedure
C2RCXTSO in a subsequent jobstep.
Severity:
08
CKR962T • CKR0969
CKR0963 Ambiguous
name "value"
Explanation:
This message indicates an ambiguous abbreviation was entered, i.e. two or more keywords could be indicated by the abbreviated value. Specify the keyword intended in more detail.
Severity:
12
CKR964I MEMBER NAME REQUIRED FOR
WRITES TO PDS(E) DATA SET
dsn
Explanation:
This message indicates that a member name is required, but not specified, for the data set with the indicated dsn. The program will issue user abend 964.
CKR965I MEMBER
mem CAN ONLY BE USED
WITH PDS(E); NOT FOR
dsn
Explanation:
This message indicates that a member name (mem) was specified, but not allowed, for the data set with the indicated dsn. The program will issue user abend 965.
CKR966I CANNOT USE MEMBER
mem ON
TERMINAL FILE
ddname
Explanation:
This message indicates that a member name (mem) was specified, but not allowed, for the terminal output file with the indicated ddname. The program will issue user abend 966.
CKR967I RECFM=F INVALID FOR
LRECL=X,RECFM=VBS PREFERRED
DATA SET
dsname
Explanation:
This message indicates that a fixed record format was specified but not allowed for the output file with the indicated ddname. This is not supported for the indicated data set. The program will issue user abend 967.
CKR0968 IFAEDDRG failed RC
nn decimal
Explanation:
This message indicates that an attempt to register a previously registered product failed.
User response:
Contact IBM Software Support.
Severity:
16
CKR0969 I/O error for
dsn: description
Explanation:
This message indicates that an I/O error occurred during normal QSAM or BSAM input processing for dsn. Operation will be continued, but an abend or other error message may follow because of the information missing due to the I/O error.
Severity:
8
Chapter 5. CKR messages
207
CKR970I • CKR0978
CKR970I
program task heap FREE STORAGE
ERROR:
message
Explanation:
This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact
IBM Software Support.
Severity:
16
CKR0971
Explanation:
The input contains a multiple-line string that is too long. Multiple-line strings (print tiles or quoted strings) have a maximum size len that was exceeded.
Severity:
12
Maximum length for this
field is len at
file line n
CKR0972 Enablement information missing for
product
Explanation:
This message indicates that the product cannot run because the load module is not complete.
User response:
Contact your system programmer to complete installation of the product.
Severity:
16
CKR0973 IBM Security product code
code disabled
or not installed
Explanation:
This indicates that you are attempting to run functionality for a product that is not installed here, or it is disabled for this system name, sysplex name, LPAR name, VM user ID, or hardware name.
User response:
Check the active IFAPRDxx members in your