IBM 1.12 Messages Guide Security zSecure Messages Guide
IBM Security zSecure 1.12 Messages Guide provides a user-friendly interface to help you understand the messages and return codes that you might receive when using the IBM Security zSecure 1.12 products. This guide will tell you what the messages mean and suggest how to fix any problems.
PDF
Download
Document
Advertisement
Advertisement
Security zSecure Version 1.12 Messages Guide SC27-2783-00 Security zSecure Version 1.12 Messages Guide SC27-2783-00 Note Before using this information and the product it supports, read the information in Appendix B, “Notices,” on page 581. October 2010 This edition applies to version 1, release 12, modification 0 of IBM Security zSecure products and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright IBM Corporation 2008, 2010. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents About this publication . . . . . . . . v Intended audience . . . . . . What this publication contains . . Publications . . . . . . . . IBM Security zSecure library . . Related Documentation . . . . Accessing terminology online . . Accessing zSecure publications . Ordering publications . . . . Accessibility . . . . . . . . Tivoli technical training . . . . Tivoli user groups . . . . . . Support for problem solving . . . Conventions used in this publication Typeface conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v . v . v . v viii viii viii viii . ix . ix . ix . ix . x . x Chapter 1. Introduction . . . . . . . . 1 Release information . . . . . . Overview of the zSecure products . zSecure message types . . . . . . . . . . . . . . . . . . . . . 1 . 1 . 2 Chapter 2. CKF Messages . . . . . . . 5 Messages Messages Messages Messages Messages Messages Messages Messages from from from from from from from from 0 to 99 . . 100 to 199. 200 to 299. 300 to 399. 400 to 499. 500 to 599. 700 to 799. 900 to 999. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . 19 . 33 . 43 . 55 . 55 . 56 . 59 . . . . . . . Chapter 3. CKG messages . . . . . . 69 Messages Messages Messages Messages Messages Messages Messages from from from from from from from 100 400 500 600 700 800 900 to to to to to to to 199. 499. 599. 699. 799. 899. 999. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 73 76 81 93 98 99 Chapter 4. CKN messages . . . . . . 109 Messages Messages Messages Messages Messages Messages Messages from from from from from from from 0 to 99 . 100 to 199 200 to 299 600 to 699 700 to 799 800 to 899 900 to 999 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 122 137 139 139 139 140 Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages Messages from from from from from from from from from from from from from from from from from from from from 400 to 499 . 500 to 599 . 600 to 699 . 700 to 799 . 800 to 899 . 900 to 999 . 1000 to 1099 1100 to 1199 1200 to 1299 1300 to 1399 1400 to 1499 1500 to 1599 1600 to 1699 1700 to 1799 1800 to 1899 1900 to 1999 2300 to 2399 2500 to 2599 2600 to 2699 2800 to 2899 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 212 226 241 247 249 264 276 289 304 317 331 335 335 347 348 358 364 367 367 Chapter 6. CKV Messages . . . . . . 371 Messages Messages Messages Messages Messages Messages Messages from 0 to 99 . from100 to 199 from 200 to 299 from 300 to 399 from 400 to 499 from 700 to 799 from 800 to 899 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 374 375 375 378 378 379 Chapter 7. CKX messages . . . . . . 381 Messages from 0 to 99 . . Messages from 800 to 899 . Messages from 900 to 999 . . . . . . . . . . . . . . . . . . . . . . . 381 . 383 . 384 Chapter 8. CQT messages . . . . . . 389 Chapter 9. C2E messages . . . . . . 411 Chapter 10. C2P messages . . . . . 423 Messages from space) . . . Messages from alerts) . . . Messages from alerts) . . . Messages from alerts) . . . 0 to 999 (zSecure Alert address . . . . . . . . . . . . 1000 to 1999 (Predefined RACF . . . . . . . . . . . . 2000 to 2999 (Predefined ACF2 . . . . . . . . . . . . 4000 to 6999 (Installation defined . . . . . . . . . . . . . 424 . 469 . 478 . 484 Chapter 5. CKR messages . . . . . . 143 Chapter 11. C2R messages . . . . . 485 Messages Messages Messages Messages Chapter 12. C2RU messages . . . . . 499 from from from from 0 to 99 . 100 to 199 200 to 299 300 to 399 . . . . . . . . © Copyright IBM Corp. 2008, 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 159 173 186 Chapter 13. C2RW messages . . . . 505 iii Chapter 14. C2X messages . . . . . 507 Chapter 15. C4R messages . . . . . 521 Chapter 16. BB messages . . . . . . 551 Chapter 17. B8R messages . . . . . 553 Chapter 18. ICH and IRR messages 571 Available technical resources . . . . . . . Searching with support tools . . . . . . . Searching tips . . . . . . . . . . . . Obtaining fixes . . . . . . . . . . . . . Receiving weekly support updates . . . . . . Registering with IBM Software Support . . . . Contacting IBM Software Support . . . . . . Determining the business impact . . . . . . Describing problems and gathering information Submitting problems . . . . . . . . . . 575 575 575 576 576 577 577 578 578 578 Chapter 19. Other error messages . . 573 Appendix B. Notices . . . . . . . . 581 C errors . . LC errors . . EPR errors . Index . . . . . . . . . . . . . . . 585 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 . 573 . 573 Appendix A. Support information . . . 575 Searching knowledge bases . iv . Version 1.12: Messages Guide . . . . . . . 575 Trademarks . . . . . . . . . . . . . . 583 About this publication This guide contains the messages and return codes that you might receive when using the IBM Security zSecure 1.12 products. It provides explanations for these messages and errors. The information in this guide that applies to zSecure Manager for RACF® z/VM® applies to version 1.11 of that product. Intended audience This guide is intended for the system administrators responsible for managing and troubleshooting the zSecure products. Readers must be familiar with the zSecure product concepts and commands. What this publication contains This guide includes the following information: v An introduction to the zSecure products and a description of what each product does v Lists of the messages and errors and their severity levels v An explanation for each individual message v Support information Publications IBM Security zSecure is a Tivoli® product. This section lists publications in the IBM Security zSecure library and related documents. The section also describes how to access and order IBM Security zSecure and other Tivoli publications online. Note: At the time of publication of the IBM Security zSecure 1.12 library, the version of zSecure Manager for RACF z/VM is 1.11. The information in this guide that applies to zSecure Manager for RACF z/VM applies to version 1.11 of that product. IBM Security zSecure library The following documents are available in the IBM Security zSecure library: v IBM Security zSecure: Release Information For each product release, the Release Information topics provide information about new features and enhancements, incompatibility warnings, and documentation update information for the IBM Security zSecure products. You can obtain the most current version of the release information from the IBM Security zSecure Information Center at http://publib.boulder.ibm.com/ infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.zsecure.doc_1.12/ welcome.htm. This information is also available on the IBM Security zSecure: Documentation CD, LCD7-1387-08. v IBM Security zSecure CARLa-Driven Components: Installation and Deployment Guide, SC27-2772-00 Provides information about installing and configuring the following IBM Security zSecure components: – IBM Security zSecure Admin – IBM Security zSecure Audit for RACF, ACF2 and Top Secret © Copyright IBM Corp. 2008, 2010 v – IBM Security zSecure Alert for RACF and ACF2 – IBM Security zSecure Visual for RACF – IBM Tivoli Compliance Insight Manager Enabler for z/OS v IBM Security zSecure Admin and Audit for RACF: Getting Started Guide, GI11-9355-00 Provides a hands-on guide introducing IBM Security zSecure Admin and IBM Security zSecure Audit product features and user instructions for performing standard tasks and procedures. This manual is intended to help new users develop both a working knowledge of the basic IBM Security zSecure Admin and Audit for RACF system functionality and the ability to explore the other product features that are available. v IBM Security zSecure Admin and Audit for RACF: User Reference Manual, LC27-2773-00 Describes the product features for IBM Security zSecure Admin and IBM Security zSecure Audit. Includes user instructions to run the features from ISPF panels, RACF administration and audit user documentation with both general and advanced user reference material for the CARLa command language and the SELECT/LIST fields. This manual also provides troubleshooting resources and instructions for installing the zSecure Collect for z/OS component. This publication is only available to licensed users. v IBM Security zSecure Audit for ACF2: User Reference Manual, LC27-2774-00 Explains how to use IBM Security zSecure Audit for ACF2 for mainframe security and monitoring. For new users, the guide provides an overview and conceptual information about using ACF2 and accessing functionality from the ISPF panels. For advanced users, the manual provides detailed reference information including message and return code lists, troubleshooting tips, information about using zSecure Collect for z/OS, and details about user interface setup. This publication is only available to licensed users. v IBM Security zSecure Audit for ACF2: Getting Started Guide, GI11-9356-00 Describes the IBM Security zSecure Audit for ACF2 product features and provides user instructions for performing standard tasks and procedures such as analyzing Logon IDs, Rules, and Global System Options, and running reports. The manual also includes a list of common terms for those not familiar with ACF2 terminology. v IBM Security zSecure Audit for Top Secret: User Reference Manual, LC27-2775-00 Describes the IBM Security zSecure Audit for Top Secret product features and provides user instructions for performing standard tasks and procedures. v IBM Security zSecure Alert: User Reference Manual, SC27-2776-00 Explains how to configure, use, and troubleshoot IBM Security zSecure Alert, a real-time monitor for z/OS® systems protected with the Security Server (RACF) or CA-ACF2. v IBM Security zSecure Visual: Client Manual, SC27-2778-00 Explains how to set up and use the IBM Security zSecure Visual Client to perform RACF administrative tasks from the Windows-based GUI. v IBM Security zSecure Command Verifier: User Guide, SC27-2779-00 Explains how to install and use IBM Security zSecure Command Verifier to protect RACF mainframe security by enforcing RACF policies as RACF commands are entered. v IBM Security zSecure CICS Toolkit: User Guide, SC27-2780-00 Explains how to install and use IBM Security zSecure CICS Toolkit to provide RACF administration capabilities from the CICS® environment. vi Version 1.12: Messages Guide v IBM Security zSecure: Messages Guide, SC27-2783-00 Provides a message reference for all IBM Security zSecure components. This guide describes the message types associated with each product or feature, and lists all IBM Security zSecure product messages and errors along with their severity levels sorted by message type. This guide also provides an explanation and any additional support information for each message. v IBM Security zSecure: Quick Reference, SC27-2785-00 This booklet summarizes the commands and parameters for the following IBM Security zSecure Suite components: Admin, Audit, Alert, Collect, and Command Verifier. Obsolete commands are omitted. v IBM Security zSecure: Documentation CD, LCD7-1387-08 Supplies the IBM Security zSecure Information Center, which contains the licensed and unlicensed product documentation. The IBM Security zSecure: Documentation CD is only available to licensed users. v Program Directory: IBM Security zSecure Suite CARLa-driven components This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of IBM Security zSecure CARLa-Driven Components: Admin, Audit, Visual, Alert, and the IBM Tivoli Compliance Insight Manager Enabler for z/OS. Program directories are provided with the product tapes. You can also download the latest copy from the IBM Security zSecure Information center available at http://publib.boulder.ibm.com/ infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.zsecure.doc_1.12/ welcome.htm. v Program Directory: IBM Security zSecure CICS Toolkit This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of IBM Security zSecure CICS Toolkit. Program directories are provided with the product tapes. You can also download the latest copy from the IBM Security zSecure Information center available at http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/ index.jsp?topic=/com.ibm.zsecure.doc_1.12/welcome.htm. v Program Directory: IBM Security zSecure Command Verifier This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of IBM Security zSecure Command Verifier. Program directories are provided with the product tapes. You can also download the latest copy from the IBM Security zSecure Information center available at http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/ index.jsp?topic=/com.ibm.zsecure.doc_1.12/welcome.htm. v Program Directory: IBM Security zSecure Admin RACF Offline This program directory is intended for the system programmer responsible for program installation and maintenance. It contains information concerning the material and procedures associated with the installation of the IBM Security zSecure Admin RACF Offline component of IBM Security zSecure Admin. Program directories are provided with the product tapes. You can also download the latest copy from the IBM Security zSecure Information center available at http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/ com.ibm.zsecure.doc_1.12/welcome.htm. About this publication vii Related Documentation More information about RACF and the types of events that may be reported via zSecure suite products can be found in several IBM® manuals. Information about the various types of events that are recorded by RACF can be found in the RACF Auditor's Guide. Table 1. Further information about RACF administration, auditing, programming, and commands Full title of manual Order number z/OS Security Server RACF Command Language Reference Guide SA22-7687 z/OS Security Server RACF System Administrator's Guide SA22-7683 z/OS Security Server RACF Auditor's Guide SA22-7684 z/OS Security Server RACF System Programmer's Guide SA22-7681 Accessing terminology online The IBM Terminology Web site consolidates the terminology from IBM product libraries in one convenient location. You can access the Terminology Web site at the following Web address: http://www.ibm.com/software/globalization/terminology Accessing zSecure publications The IBM Security zSecure: Documentation CD contains the publications that are in the product library. The format of the publications is PDF, HTML, or both. IBM posts publications for this and all other Tivoli products, as they become available and whenever they are updated, to the Tivoli Information Center Web site at http://www.ibm.com/tivoli/documentation. Note: If you print PDF documents on other than letter-sized paper, set the option in the File → Print window that allows Adobe Reader to print letter-sized pages on your local paper. Ordering publications You can order many Tivoli publications online at: http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss. You can also order by telephone by calling one of these numbers: v In the United States: 800-879-2755 v In Canada: 800-426-4968 In other countries, contact your software account representative to order Tivoli publications. To locate the telephone number of your local representative, perform the following steps: 1. Go to http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss. 2. Select your country from the list and click Go. 3. Click About this site in the main panel to see an information page that includes the telephone number of your local representative. viii Version 1.12: Messages Guide Licensed publications Licensed publications are indicated by a publication number that starts with L (for example, LC27-2773-00). To obtain PDF or printed copies of licensed publications, send an email requesting the publication to: [email protected] Include the following information: v IBM customer number v List of publication numbers that you want to order v Preferred contact information You will be contacted for further instructions for fulfilling your order. For details, see “Support for problem solving.” Accessibility Accessibility features help users who have a physical disability, such as restricted mobility or limited vision, to use software products successfully. For keyboard access in the zSecure z/OS products, standard shortcut and accelerator keys are used by the product, where applicable, and are documented by the operating system. Refer to the documentation provided by your operating system for more information. Visit the IBM Accessibility Center at http://www.ibm.com/alphaworks/topics/ accessibility/ for more information about IBM's commitment to accessibility. Tivoli technical training For Tivoli technical training information, refer to the following IBM Tivoli Education Web site at: http://www-01.ibm.com/software/tivoli/education/ Tivoli user groups Tivoli user groups are independent, user-run membership organizations that provide Tivoli users with information to assist them in the implementation of Tivoli Software solutions. Through these groups, members can share information and learn from the knowledge and experience of other Tivoli users. Tivoli user groups include the following members and groups: v 23,000+ members v 144+ groups Access the link for the Tivoli Users Group at http://www.tivoli-ug.org/. Support for problem solving If you have a problem with your IBM software, you want to resolve it quickly. IBM provides the following ways for you to obtain the support you need: Online Go to About this publication ix the IBM Software Support site at http://www.ibm.com/software/support/ probsub.html and follow the instructions. IBM Support Assistant The IBM Support Assistant (ISA) is a free local software serviceability workbench that helps you resolve questions and problems with IBM software products. The ISA provides quick access to support-related information and serviceability tools for problem determination. To install the ISA software, go to http://www.ibm.com/software/support/isa. For more information about IBM support, see Appendix A, “Support information,” on page 575. Conventions used in this publication This publication uses several conventions for special terms and actions and operating system-dependent commands and paths. Typeface conventions This publication uses the following typeface conventions: Bold v Lowercase commands and mixed case commands that are otherwise difficult to distinguish from surrounding text v Interface controls (check boxes, push buttons, radio buttons, spin buttons, fields, folders, icons, list boxes, items inside list boxes, multi-column lists, containers, choices, names, tabs, property sheets), labels (such as Tip:, and Operating system considerations:) v Keywords and parameters in text Italic v Citations (examples: titles of publications, diskettes, and CDs v Words defined in text (example: a nonswitched line is a point-to-point line) v Emphasis of words and letters (words as words example: "Use the word that to introduce a restrictive clause."; letters as letters example: "The LUN address must start with the letter L.") v New terms in text (except in a definition list): a view is a frame in a workspace that contains data. v Variables and values specified by the software: ... resource class name is.... Monospace v Examples and code examples v File names, programming keywords, and other elements that are difficult to distinguish from surrounding text v Message text and prompts addressed to the user v Text that the user must type v Values for arguments or command options x Version 1.12: Messages Guide Chapter 1. Introduction The IBM Security zSecure suite is a collection of products that improve the efficiency and maintainability of the mainframe security environment. These products can be used alone or in conjunction with the other zSecure products. The main products are zSecure Admin and zSecure Audit. The IBM Security zSecure products provide security, monitoring, auditing and alerting functionality on both the z/OS and z/VM platforms. The IBM Security zSecure: Messages Guide provides information about the messages that you might encounter when using the zSecure products. zSecure messages are usually categorized by a three-character prefix to identify the associated programs or components. For example, the CKF prefix identifies messages issued by the zSecure Collect for z/OS component, and CKG messages are issued by the CKGRACF program. This guide is organized by message prefixes that are associated with their programs or components. The following sections provide zSecure 1.12.0 release information, an overview of the zSecure products, and the types of messages that can be generated. Release information The zSecure Release Information topics includes details on new features and enhancements, incompatibility warnings, and documentation update information. You can download the most current version of the release information from the following link in the zSecure Information Center: http://publib.boulder.ibm.com/ infocenter/tivihelp/v2r1/topic/com.ibm.zsecure.doc/welcome.htm. This information is also available on the zSecure Documentation CD. Overview of the zSecure products The IBM Security zSecure includes the following products: zSecure Admin Provides a user-friendly layer in the form of an ISPF interface on top of RACF which enables security administration, user management and compliance management on the mainframe. It allows you to enter and process administrative commands more quickly, generate custom reports, and thoroughly clean up databases. Additionally, zSecure Admin provides administration authority in a more granular fashion so that users are only granted the specific amount of administration authority required for their job. zSecure Audit Compliance and audit solution that enables you to automatically analyze and report on security events and detect security exposures. It provides standard and customized reports that warn of policy exceptions or violations. This component is available for RACF, ACF2, and Top Secret. zSecure Alert Mainframe audit solution that enables you to detect and report security events and exposures on z/OS, DB2®, UNIX, RACF, ACF2, and Top Secret. IBM Security zSecure Alert is a real-time monitor, issuing alerts for security-related system events at the time they occur. © Copyright IBM Corp. 2008, 2010 1 zSecure Command Verifier Mainframe policy enforcement solution adds granular controls for RACF to help prevent errors and noncompliant commands. This product runs in the background to verify your RACF commands against company policies and procedures. If the command does not comply with the policy, it is blocked or fixed. It can run independently from the other zSecure components. zSecure Visual zSecure Visual client is a Windows-based graphical user interface for RACF administration. Using the Visual Server product establishes a secure connection directly with RACF to enable decentralized administration from a Windows environment. zSecure CICS Toolkit This component enables you to do most RACF administration from a CICS environment instead of TSO. zSecure Manager for RACF z/VM This product simplifies the process of managing mainframe security and enables you to quickly identify and fix problems in RACF on z/VM. It automates recurring and time-consuming security tasks. Note: At the time of publication of the zSecure 1.12 library, the current version of zSecure Manager for RACF z/VM is 1.11. The information in this guide that applies to zSecure Manager for RACF z/VM applies to version 1.11 of that product. zSecure message types zSecure messages are categorized by an alphanumeric prefix. Each prefix refers to the zSecure product function which the messages in that category are associated with. The following table lists the available zSecure message prefixes, their related functions, and the products that can display these messages: Table 2. zSecure product messages Message Prefix 2 Function Product Reference CKF zSecure Collect for z/OS (CKFCOLL) IBM Security zSecure Admin, IBM Security zSecure Audit Chapter 2, “CKF Messages,” on page 5 CKG CKGRACF program IBM Security zSecure Admin, IBM Security zSecure Visual Chapter 3, “CKG messages,” on page 69, CKN zSecure Server (network node) IBM Security zSecure Admin, IBM Security zSecure Audit, IBM Security zSecure Visual Chapter 4, “CKN messages,” on page 109 Version 1.12: Messages Guide Table 2. zSecure product messages (continued) Message Prefix Function Product Reference CKR CKRCARLA program IBM Security zSecure Admin, IBM Security zSecure Audit, IBM Security zSecure Visual, IBM Security zSecure Alert, zSecure Manager for RACF z/VM, IBM Tivoli Compliance Insight Manager Enabler Chapter 5, “CKR messages,” on page 143 CKV zSecure Collect for z/VM (CKVCOLL) Tivoli zSecure Manager for RACF z/VM Chapter 6, “CKV Messages,” on page 371 CKX TSO execution utility IBM Security zSecure program CKX or zSecure Admin Command Execution Utility Chapter 7, “CKX messages,” on page 381 CQT Module CQTPMSGE IBM Security zSecure CICS Toolkit Chapter 8, “CQT messages,” on page 389 C2E z/OS-component of IBM Tivoli Compliance Insight Manager IBM Tivoli Compliance Insight Manager Chapter 9, “C2E messages,” on page 411 C2P zSecure Alert address space, IBM Security zSecure Alert or IBM Security Predefined RACF alert, zSecure Admin Predefined ACF2 alert, Installation defined alert Chapter 10, “C2P messages,” on page 423 C2R NLS table processor C2RIMENU, XSLT stylesheet, or the installation customization REXX exec C2REUPDR IBM Security zSecure Chapter 11, “C2R messages,” on page 485 C2RU User interface IBM Security zSecure Visual Client Chapter 12, “C2RU messages,” on page 499 IBM Security zSecure Visual Server Chapter 13, “C2RW messages,” on page 505 C2RW C2X IBM Tivoli zSecure RACF Exit Activator component C2XACTV C4R BB BBRACF component IBM Security zSecure Chapter 14, “C2X Admin, IBM Security messages,” on page 507 zSecure Audit, IBM Security zSecure Alert, IBM Tivoli Compliance Insight Manager Enabler IBM Security zSecure Command Verifier Chapter 15, “C4R messages,” on page 521 IBM Security zSecure Visual Chapter 16, “BB messages,” on page 551 Chapter 1. Introduction 3 Table 2. zSecure product messages (continued) Message Prefix Function Product Reference Security zSecure Admin RACF Offline functions IBM Security zSecure Admin Chapter 17, “B8R messages,” on page 553 ICH and IRR RACF Chapter 18, “ICH and IRR messages,” on page 571 C IBM Security zSecure Visual Client Chapter 19, “Other error messages,” on page 573 B8R LC Communication layer between the client user interface and the c2ragent component IBM Security zSecure Visual Client Chapter 19, “Other error messages,” on page 573 EPR Communication layer between the c2ragent component and the server. Found also in the log-files called cesys and ceaud in the directory: ApplicationDirectory\ Servers\ServerName. Files cesys0..cesys9 and ceaud..ceaud9 are previous log-files. IBM Security zSecure Visual Client Chapter 19, “Other error messages,” on page 573 The following chapters of this guide provide a listing of each message prefix along with a detailed explanation and possible solutions. 4 Version 1.12: Messages Guide Chapter 2. CKF Messages zSecure Collect is a component of zSecure Admin and Audit and Tivoli zSecure Manager for RACF z/VM. It is used to collect system data and store that data in CKFREEZE data sets. The messages issued by zSecure Collect are the same for both products, but the message prefix is CKF for the z/OS product and CKV for the z/VM product. For example, if you are using zSecure Admin and Audit you might see message number of CKF970I. The same message issued by Tivoli zSecure Manager for RACF z/VM has the number CKV970I. The zSecure Collect messages for both products are documented in this section. Each message number has the form CKFnnnI or CKVnnnI where nnn is the message number. In addition to the message identifier, the program also issues a severity code. This code is derived from the program completion code that indicates the highest severity code encountered. The severity code can contain any of the following values: 00 Normal message, giving status or summary information. 04 Unusual condition found that may or may not result in missing information. 08 Unusual condition found that causes information that was requested to be missing. Subsequent processing may be impacted. 12 Unexpected condition during zSecure Collect processing. 16 Syntax error in command input or entitlement problem. 24 Internal error or other unexpected and unsupported condition in zSecure Collect detected. 28 Internal error or other unexpected and unsupported condition in zSecure Collect detected. A user abend will be issued to protect your system and force a dump. In the rest of this section, all error messages are listed with an explanation and possible actions to take. Messages are included in subsections, grouped by the hundred message-numbers. To locate documentation for a specific message, search this documentation for the message number, CKF970I or CKV970I, for example. Messages from 0 to 99 CKF000I Control block name omitted, because of reason Severity: 04 Explanation: This message is issued if the program fails to find an OS control block. This is not necessarily a problem, rather it notes the absence of some information which might have been useful, but which may not be available in your OS version at all. The name of the control block is given by name, the control block ID. The exact nature of the failure is given by reason, which may be: invalid block ID The control block ID is not found in its proper place. protection exception A protection exception occurred during the walk through the pointer chain leading to the control block. invalid length A protection exception occurred during access to the last-to-be-used byte of the control block. © Copyright IBM Corp. 2008, 2010 5 nil pointer The pointer to the control block was found to contain binary zeros. This message may very well occur after conversion to a new release of the OS. The resulting CKFREEZE file may still be usable for your purposes. Problems indicated with missing control block names include the following: STGS RMF™ is not active EDT device type information not retrieved IODN LCU and device number table missing (also RMF) IOCH Channel information missing (also RMF) LPBT Logical Path Block Table missing (SRM SP4) RCVT No RACF in system SSVT This may be seen if RMM is not active CKF001I No generic unit name for devclass unit dev devtype devtype Severity: 04 Explanation: This message indicates that your OS could not give a generic unit name for the device on address dev, and the device type (given as 8 hex digits) is also not available in the hardcoded device table in zSecure Collect. The device class is devclass. This is not a problem; it just warns you to expect question marks in the unit name fields. CKF002I LOCATE return code rc on type data set datasetname Severity: 04 Explanation: This message indicates that the data set datasetname (which is supposed to be a type data set) could not be found by the LOCATE service of MVS™. The return code returned by the service is rc. The volume will be left blank or zero in the CKFREEZE file. CKF003I DEVTYPE RC nonzero for unit dev Severity: 04 Explanation: The DEVTYPE SVC used to collect information on unit dev returned a nonzero return code. This may cause the device type record in the CKFREEZE file to be unusable. CKF004I Closed PDSE dev volume dsname read decnum bytes in decnum members Severity: 00 Explanation: This informational message indicates the amount of data read from the indicated PDSE. It is issued only if the INFO option was selected. CKF005I Please ignore CMD rejects Explanation: This message is displayed on the operator console to warn the operator that no action should be taken on the burst of IOS000I or IEA000I messages specifying a CMD reject on 3350 DASD devices. It is removed immediately after the program has finished processing the 3350 range of devices. It is displayed during authorized operation only. 6 Version 1.12: Messages Guide CKF006I CVAFDIR type error, R15=rc, CVSTAT=code on device dev volume volume Severity: 12 Explanation: During access to the VTOC index, the CVAFDIR type (READ or RLSE) service returned a nonzero return code rc accompanied by CVAF return code code. See the appropriate IBM manual for the meaning of these codes. If the type of access was READ, the VTOC was read completely without taking into account the used DSCB map in the VTOC index. CKF007I Task is not APF authorized - only non-protected information can be collected Severity: 00 Explanation: This message alerts you to the fact that the program could not obtain authorization. For additional information, see the section Authorized or unauthorized? in the zSecure Collect documentation available in the user reference manual for your zSecure product. CKF008I Number of DASD devices interrogated: nn Severity: 00 Explanation: This message gives the number of devices that have been allocated and interrogated. CKF009I Number of DSCB entries copied: nn Severity: 00 Explanation: This message gives the number of Data Set Control Blocks copied from VTOCs to the CKFREEZE file. It is somewhat larger than the number of data sets on the interrogated devices, because some extents are described in separate DSCBs for the same data set. Note that only used DSCBs are copied. CKF010I Number of VVDS datasets processed: nn Severity: 00 Explanation: This message gives the number of VVDS data sets for which an OPEN was attempted. Generally, this number is smaller than the number of DASD devices interrogated, because not every volume needs to have a VVDS. CKF011I Number of NVR/VVR entries copied: nn Severity: 00 Explanation: This messages gives the number of VVRs (VSAM volume records) and NVRs (non-VSAM volume records) copied to the CKFREEZE file. The number of VVRs is roughly two times the number of VSAM data sets on the processed volumes. NVRs are associated with SMS managed non-VSAM data sets. CKF012I Non-4K block size for VVDS not supported - volume volume Severity: 12 Explanation: This message indicates a VVDS was encountered on volume volume with a block size other than 4KB. This is not supported by this release of zSecure Collect. The VVDS has a 4KB block size if it has been made automatically on 3330/3350/3380/3390 DASD with at least DFP 1.0 through DFP 3.3. If you encounter this message, then the VVDS information for the specified volume will not be read, and you will only see component names mentioned in the VTOC, not the cluster names. CKF014I DASD Device dev online but not ready Severity: 04 Explanation: This message indicates the device number dev was included in the configuration because it was online, but could not be interrogated because it was not ready. Instead of scheduling an I/O request, zSecure Collect has skipped the device. This may result in incomplete information for your purpose. Chapter 2. CKF Messages 7 CKF015I SYSEVENT DONTSWAP failed, return code hex rc Severity: 08 Explanation: This message indicates that zSecure Collect failed to make itself nonswappable. As a result, no authorized I/Os can be scheduled and no cache size information and device level cache disablement information will be collected for 3880 devices. Neither will guaranteed device path I/O be used to eliminate WAITs. CKF016I Unsupported control block level hexnum for volume dsname Severity: 08 Explanation: This message indicates that a control block of an unsupported layout was returned by Directory Entry Services for the indicated PDSE. If control block is "DESB", checksum and IDR processing are skipped for the remainder of the PDSE; if it is "SMDE", processing is skipped for a single member only. CKF017I Path ch to type device dev volume not operational Severity: 04 Explanation: This message indicates that the installed physical channel (pre-XA) or channel path (XA) ch to the selected online and ready device number dev with volume serial volume was not operational. If this is not your normal working configuration, then you are measuring a reduced configuration with a higher contention than normal. Alternatively this may point at running MVS/370 under VM. CKF018I parameter Parameter invalid in non-XA system. Severity: 12 Explanation: The parameter specified is not applicable to pre-XA systems. CKF019I BFLHFCHN invalid for type device dev volser; VTOC processing skipped Severity: 12 Explanation: The forward chain pointer of next buffer list (BFLHFCHN) is not valid; i.e. no (more) VTOC information could be obtained for device dev. CKF020I Path information not gotten for unsupported device type type, device dev volume Severity: 08 Explanation: This message indicates that you requested configuration information for a device type type, which is not currently supported by zSecure Collect. Requests for support for other DASD types than 3350, 3380, 3390, and compatibles should be directed to IBM Software Support. CKF021I Storage director IDs unavailable for type device dev volume because unauthorized Severity: 08 Explanation: This message indicates that physical storage director IDs for device number dev with volume serial volume can only be extracted by authorized programs because its device type is type. The result is missing storage director information which may prevent an automatic deduction of the configuration. CKF022I Storage director ID not returned by IOS for path ch to type device dev volume Severity: 08 Explanation: This message indicates that the IOS version you have fails to return the complete sense information needed to find the storage director ID. The failure occurred on path ch to device number dev with volume serial volume. The device type is type. This message is issued for only one path, because zSecure Collect assumes the same failure will occur on the other paths to the device, and does not attempt I/O on these paths. 8 Version 1.12: Messages Guide CKF023I String controller ID not returned by IOS for path ch to type device dev volume Severity: 08 Explanation: This message indicates that the controller ID was not found in its proper place. This message is not issued if the storage director ID is also missing. Currently no software level is known which omits only controller information. Because of redundancy of information, you will probably not notice any effect on the reports. CKF024I Path information still incomplete after bs tries on type device dev volume: missing at least path ch Severity: 08 Explanation: This message indicates that after bs tries zSecure Collect still did not succeed in scheduling I/O along all paths to a device. This message only occurs if you specified or implied WAIT=NO and PATH=YES. The resulting CKFREEZE information will be incomplete. CKF025I Path information still incomplete after bn bs-try bursts on type device dev volume: missing at least path ch Severity: 08 Explanation: This message indicates that after bn bursts of bs tries with a 0.5 second WAIT interval between the bursts, zSecure Collect still did not succeed in scheduling I/O along all paths to a device. This may happen on very busy shared DASD systems and on very empty pre-XA systems that do not have channel rotation. The number of bursts, burst size, and inter-burst wait time can be adjusted by the appropriate BURSTxxxx parameters. CKF026I Unexpected IOS return code rc hex, CSW status hhhh sense ssss on path ch to cccc/mm for type/mm device dev volume Severity: 12 Explanation: This message indicates an unexpected error during EXCP processing. The IOS return codes are documented in the IBM debugging handbooks (IOB/IOSB) and in the appropriate DFP manuals. The cccc/mm and type/mm are the control unit type / model and unit type / model, respectively, as returned by the SenseId CCW. The resulting CKFREEZE file will probably be incomplete. CKF026I Unexpected IOS return code rc hex, CSW status hhhh sense ssss on path ch to 3350 device dev volume Severity: 12 Explanation: This message indicates an unexpected error during EXCP processing. The IOS return codes are documented in the IBM debugging handbooks (IOB/IOSB) and in the appropriate DFP manuals. The resulting CKFREEZE file will probably be incomplete. CKF027I Invalid DSCB FMTID=X'xx' on type device dev volser CCHHR=0000000000 DSN=dsname Severity: 04 Explanation: The VTOC for the indicated volume contained an invalid DSCB, with format X'xx'. The only valid types are X'F0' .. X'F6'. The DSCB record is included in the CKFREEZE file, but will not used. The dsname reported is the data set name field (key area) of the DSCB in error. This has no consequences for MVS if the DSCB is not in use according to the space map. CKF028I SVC 99 RC=n DAIRFAIL code xxxx xxxx on dev volser Severity: 08 Explanation: The device/volser may be absent. This message will be followed by an IKJ-message on the problem. The error occurred in dynamic allocation or unallocation of a VTOC or data set for device dev. This message has continuation lines detailing the individual text units contents after SVC 99 (DYNALLOC) completion. Chapter 2. CKF Messages 9 CKF029I DASD Device dev online, but not mounted Severity: 04 Explanation: Device dev was not mounted public, storage or private, zSecure Collect does not attempt to allocate the VTOC and VVDS data sets. CKF030I OPEN abend xxx-rc on device dev volume volser for dsname Severity: 08 Explanation: The data set named dsname could not be opened for input on device dev. The VTOC is indicated with ** VTOC volser **. If the error occurs for a VTOC, both the VTOC and the VVDS for the volume will be missing. If the error occurs for a VVDS, the VTOC information has been read properly. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF031I CKFCOLL runs on sid with osname oslevel DFSMS release JES2 release CPU model model CKF031I site-specific identification string running on where CPU-id CPUid CKF031I Last record written: ID=hh, contents start hexstring Severity: 00 Explanation: zSecure Collect abended while running on the indicated system (SMF id) and operating system release levels, under the focus and Products ids shown, on the CPU indicated, after writing the indicated record (this line is omitted if no records had been written yet). CKF032I Number of record(s) truncated: nn Severity: 08 Explanation: This message indicates that records were truncated on output. You might try increasing the record length, if problems arise. However, for most purposes the information needed is located at the beginning of the BCS records, and these truncated records therefore do not usually present a problem. CKF033I Module IGG019X1 missing, no configuration info for 3350 devices possible Severity: 08 Explanation: This message indicates that the appendage IGG019X1 could not be found. CKF034I [ Before MONITOR interval ] CKFCOLL used ss.t CPU seconds, ss elapsed seconds, and collected m.kkk MB (m.kkk MB/s) Written rectotal records to ddname volume dsname Region requested r,rrrKB, granted g,ggg+g,gggKB max used in jobstep u,uuu+u,uuuuKB Severity: 00 Explanation: This message details the TCB time used as well as the wall clock time. In addition, the amount of data collected (written to the CKFREEZE file) is summarized as well as the effective data rate. The effective data rate will be misleadingly low if CHECK=Y was specified, since that is a data reduction function. If MONITOR has been requested, then this message is issued twice, once before the monitoring starts, and once at the end of the program. The message at the end of the program also shows the region requested, granted, and used, both below and above the 16MB line. CKF035I Number of PDS directories processed: nn Severity: 00 Explanation: This messages gives the number of PDS (Partition Data Set) directories copied to the CKFREEZE file. 10 Version 1.12: Messages Guide CKF036I Information omitted for devn volser, SAF READ access required on FACILITY STGADMIN.IFG.READVTOC.volser if non-APF Severity: 04 Explanation: This message indicates that an attempt to read the VTOC resulted in an system abend 300, reason code 6, which means that name hiding was active, and you were not allowed to read the VTOC. In a RACF system, name hiding is activated with the command SETROPTS MLNAMES. If name hiding is active, a SAF resource check is done against the resource name indicated. CKF037I Unexpected abend condition dev devn volser during action Severity: 12 Explanation: This message indicates that an abend occurred during EXCP for a channel program attempting to perform the action indicated. Contact IBM Software Support if this message occurs to see if this can be prevented. CKF038I Unexpected abend during allocate of dsn Severity: 08 Explanation: This message indicates a failure to allocate (and possibly perform an automatic recall of) a VSAM cluster. An abend was encountered. The cluster will be skipped. If you think the program should have succeeded, contact IBM Software Support. CKF039I Running OS version DFSMS version JESn version VTAM version secp version RMF version TSO version HSM version [ under VM/version release ] Severity: 00 Explanation: This message indicates release levels or status of the software that zSecure Collect extracts information from. Instead of a version number, the keyword inactive, active, or unknown may be present to indicate respectively that the product is installed but not active, active but release could not be obtained, or control blocks present but of unsupported layout. secp is the detected security product, it can be RACF, ACF2, or TSS. CKF040I Unexpected abend during LISTCAT of dsn Severity: 08 Explanation: This message indicates a failure to locate a VSAM cluster name in the catalog; an abend was encountered. The cluster will be skipped. If you think the program should have found it, contact IBM Software Support. CKF041I Number of catalogs processed: nn Severity: 00 Explanation: This message gives the number of ICF and HSM catalogs for which an OPEN was attempted. CKF042I Number of BCS records copied: nn Severity: 00 Explanation: This messages gives the number of BCS (Basic Catalog Structure) records copied to the CKFREEZE file. CKF043I VVDS information not collected, catalogs cannot be dumped fast Severity: 00 Explanation: This message is issued if the VVDS data sets could not be accessed, but catalog processing was requested. zSecure Collect requires VVDS access to dump catalogs. Chapter 2. CKF Messages 11 CKF044I Name of master catalog not found in CAXWA. Abend 913-0C may result for unconnected catalogs Severity: 12 Explanation: This message indicates that the master catalog name or volume serial could not be determined. Consequently, it is impossible to determine which catalogs are connected. zSecure Collect will try to open all catalogs it encounters on the disks processed. This will result in abend 913-0C for each unconnected catalog. CKF045I Master catalog volume volume not selected. Abend 913-0C may result for unconnected catalogs Severity: 08 Explanation: This message indicates that the master catalog was not found on any of the disk volumes processed. Hence no user catalog connector information is accumulated by zSecure Collect. zSecure Collect will try to open all catalogs it encounters on the disks processed. This will result in abend 913-0C for each unconnected catalog. CKF046I Slowdown mode invoked because noimbed and multi-volume index for dsname Severity: 00 Explanation: This message indicates that normal VSAM processing was selected for this cluster because it has a multi-volume index component that is needed because of NOIMBED. CKF047I Data collection started on date time for node nodename sysname sysname sid smfid netid netid on a manufacturer typemodel model [ MVSCP conguration id xx ] [ logical partition LPARname ] [ virtual machine userid ] [ at sysid ] [ sysplex name ] Severity: 00 Explanation: This message indicates the timestamp marking the start of data collection. It can be used to find the proper zSecure Collect SYSPRINT output when presented with a specific CKFREEZE file. In addition, the various system identifiers are listed: the JES2 node name, the GRS system name, the SMF id, the VTAM® netid, and the processor type. The processor specifications are those returned by the CSRSI service. On older machines where that service is not yet available the type is the internal hexadecimal representation (devtype/model); for VM systems the real model byte is displayed if running APF authorized, otherwise it is FF. On the second line, optional configuration information may be present to indicate the MVSCP configuration id, the Logical Partition name, the VM virtual machine user ID, the VM system ID (as would be displayed in the lower right corner under CMS), and the SYSPLEX name. CKF048I ACB OPEN failed for type dev volser componentname rc=nn, code=nn cluster clustername Severity: 08 Explanation: This message indicates a failure to open the VSAM data set indicated and gives the return code and reason code. The type can be BCS for an ICF catalog, MCD for HSM MCDS, BCD for HSM BCDS, and RMM for the DFSMS RMM control data set. ACB OPENs for ICF catalogs are attempted only if the catalog has been defined with NOIMBED, if it has more than 16 extents on a pre-DFP V3 system, or if the run is unauthorized in a pre-DFP V3 system. CKF049I Internal error CKFCCHH RC=16 Severity: 24 Explanation: Contact IBM Software Support. CKF050I TTT Conversion fails on reltrk DEBNMEXT=nnn on dev volser Severity: 08 Explanation: This message indicates a failure to convert the indicated relative track number to an absolute cylinder and head address. The requested track will not be read. Generally this means that the internal structure of a data set was not understood properly, for example, because of a new version of the software maintaining that data set. Contact IBM Software Support. 12 Version 1.12: Messages Guide CKF051I EXCP failed on ddname, RC=hh, IOBSEEK=address device dev volser Severity: 12 Explanation: This message indicates an unexpected I/O failure on the indicated device and address. The return code is the EXCP return code in hex. CKF051I (ECKD) EXCP failed on ddname, Address CKFB: address, rc nnx, CSW=hhhhhhhhhhhhhh, IOBSEEK=address device dev volser Severity: 12 Explanation: This message indicates an unexpected ECKD™ I/O failure on the indicated device and address. The return code is the EXCP return code in hex. CKF051I Multiple track read EXCP failed on ddname, Number of reads hhhh, Address CKFB: address, rc nnx, CSW=hhhhhhhhhhhhhh, IOBSEEK=address device dev volser Severity: 12 Explanation: This message indicates an unexpected multitrack read I/O failure on the indicated device and address. The return code is the EXCP return code in hex. CKF052I Slowdown mode invoked because noimbed and index on volume for catname Severity: 00 Explanation: This message indicates that the requested ICF, HSM, or RMM catalog dump will be tried with VSAM, because the faster EXCP mode does not support NOIMBED with the index on a different volume than the data component. CKF053I Slowdown mode invoked because not APF-authorized, data set volume catname Severity: 00 Explanation: This message indicates that the requested catalog dump will be tried with VSAM, because the faster EXCP mode requires APF authorization that is not present. ALTER authority is required to read ICF catalogs without APF authorization on DFP systems below version 3. For DFP version 3 APF authorization is required to read ICF catalogs anyway and message CKF064I will be issued. READ authority is needed to read HSM catalogs. CKF054I Data set catname CA at rel track tt missing nn CIs in sequence set record Severity: 00 Explanation: This message indicates that the number of CIs described by the index sequence set record was not the number of CIs per CA. If the error message is reproducible, perform EXAMINE on the data set. If no strange things are found, contact IBM Software Support. CKF055I ACB OPEN type abend xxx-nn (explanation) for dev volume componentname of catalogname Severity: 08 Explanation: This message indicates an abend during an attempt to open the ICF, RMM, or HSM catalog indicated. CKF056I Slowdown mode invoked because more extents than EXCP supports (abend 013-E4) for vol cluster Severity: 00 Explanation: The maximum number of extents supported by an EXCP OPEN depends on the DFSMS release. This is reflected in the job log as an abend 013-E4 (or in older releases, 213-20). The CKF030I message is suppressed in this case. The abend is intercepted, and slowdown mode is invoked for this release. Chapter 2. CKF Messages 13 CKF057I type abend xxx-nn (explanation) on dev volser dsname Severity: 08 Explanation: A nonrecoverable abend occurred opening data set dsname for input on device dev. If the error occurs for a VTOC, the VTOC and all data sets on the volume will be missing. If the error occurs for a VVDS, the VTOC information has been read properly. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF058I Unexpected physical record length decnum in imbedded SSR with index blksize decnum for catname Severity: 12 Explanation: This message indicates that a physical record (i.e. block) was read from the imbedded index track with a block size different from the block size indicated in the information in the VVR. Results will be unpredictable. CKF059I NOIMBED not supported, data set catname on volser skipped Severity: 08 Explanation: This message indicates that for some reason the index was not read successfully. Consequently, the NOIMBED data set cannot be processed. CKF060I VVDS space map extension at RBA hexnum ignored - expecting hexnum Severity: 12 Explanation: zSecure Collect expects the space map chain to occur in order in the VVDS. CKF061I VVDS can only be accessed with APF authorization Severity: 04 Explanation: In DFP V3 systems, APF authorization is required to read the VVDS. CKF062I Connected catalog catname not found on volumes processed Severity: 08 Explanation: The master catalog processed contained a connector entry for catalog catname. However, the catalog was not found on the volumes processed. Catalog information may be incomplete. CKF063I Unexpected error: Master cat BCS not found on mastercat volume. Abend 913-0C may occur Severity: 08 Explanation: This message indicates that for some reason the master catalog was not found on the volume it was supposed to reside on. Consequently, it cannot be determined whether user catalogs are connected or not. Abend 913-0C results from trying to open an unconnected catalog if bypass-password processing is not being used. CKF064I Catalog cannot be dumped without APF authorization - catname Severity: 08 Explanation: On a DFP version 3 or higher system, APF authorization is required to dump ICF catalogs. CKF065I Slowdown mode invoked because primary data VVR not obtained for datacomponent Severity: 00 Explanation: To read VSAM data sets in EXCP mode, zSecure Collect needs the VSAM Volume Record (VVR) residing in the VVDS. This message is issued if the VVR of the data component was not encountered. 14 Version 1.12: Messages Guide CKF066I Slowdown mode invoked because noimbed and primary index VVR not obtained for datacomponent Severity: 00 Explanation: To read VSAM data sets with the NOIMBED attribute in EXCP mode, zSecure Collect needs the VSAM Volume Record (VVR) of the index residing in the VVDS. This message is issued if the VVR of the index component was not encountered. CKF067I Data set datacomponent error at CI num in CA at rel trk nnn type key Severity: 04 Explanation: Where key is the current record key (a data set name), and type can be one of the following error types: last segment missing - record skipped For a spanned record, the last segment was not found in the control area. The record will not be copied to CKFREEZE. orphan inner segment skipped A spanned record intermediate segment was encountered, but the first segment for the record was not found in the control area. The segment will be discarded. updated during copy A spanned record was encountered, but the segments did not have the same update count. This can happen if the record was updated between read instructions to the control area. The record may appear garbled in the CKFREEZE file. orphan last segment skipped The last segment of a spanned record was encountered, but the first segment for the record was not found in the control area. The segment will be discarded. CKF068I Cat rlen=xxxx (RDF=xxxxxx) at CI offset xxxx > used CI xxxxxx of CA at reltrk nnnnn in datacomponent Severity: 08 Explanation: The record length field in a catalog record (rlen) points beyond the end of the used bytes in a control interval. CKF069I Slowdown mode invoked for multi-volume cluster dsname Severity: 00 Explanation: This message indicates that normal VSAM processing was selected for this cluster because it has a multi-volume data component. CKF070I type abend xxx-nn (explanation) on dev volume dataset Severity: 08 Explanation: This message indicates a nonrecoverable abend occurred during OPEN of the indicated PDS(E). For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF071I Internal error IOBEXCP DEBNMEXT=0 Severity: 24 Explanation: This message indicates an unexpected condition; I/O was being attempted against an empty data set. Contact IBM Software Support. The message is suppressible. Chapter 2. CKF Messages 15 CKF072I Unexpected IOCINFO return code rc reason code rr (decimal) Severity: 08 Explanation: This message indicates that the IOCINFO service issued an unexpected return code. Results are unpredictable. CKF073I Dynamic configuration change occurred, UCB scan restarted - file may contain duplicate records Severity: 04 Explanation: This message indicates that the UCBSCAN service indicated a configuration change while scanning all UCBs. The scan will be restarted, but this may make the CKFREEZE file unusable if your application does not support duplicate information. In this case, you will have to rerun zSecure Collect. CKF074I Unexpected UCBSCAN return code rc reason code rr (decimal) Severity: 12 Explanation: This message indicates that the UCBSCAN service issued an unexpected return code. CKF075I Unexpected EDTINFO return code rc reason code rr (decimal) for dev volume devtype devtype Severity: 04 Explanation: This message indicates that the EDTINFO service issued an unexpected return code while trying to obtain the generic device type for a device. The field will be filled with a default value. CKF076I Unexpected UCBSCAN return code rc reason code rr (decimal) on dev volume Severity: 12 Explanation: This message indicates that the UCBSCAN service issued an unexpected return code when trying to obtain the last path used mask. CKF077I Unexpected UCBSCAN return code rc reason code rr (decimal) on dev volume Severity: 12 Explanation: This message indicates that the UCBSCAN service issued an unexpected return code while trying to pin and obtain the address of a UCB. The intended authorized I/O function will not be performed. CKF078I Unexpected UCBPIN UNPIN rc rc reason code rr (decimal) on dev volume Severity: 12 Explanation: This message indicates that the UCBPIN service issued an unexpected return code while trying to unpin an UCB after an authorized I/O operation. CKF080I Unexpected IXCQUERY return code rc reason code rr (decimal) Severity: 04 Explanation: This message indicates that the IXCQUERY service issued an unexpected return code. The XCF sysplex record will be missing from the file. CKF081I Unexpected IXCQUERY return code rc reason code rr (decimal) Severity: 04 Explanation: This message indicates that the IXCQUERY service issued an unexpected return code. The XCF sysplex record will be missing from the file. 16 Version 1.12: Messages Guide CKF082I Unexpected IXCQUERY type abend xxx-nn (explanation) Severity: 04 Explanation: This message indicates that the IXCQUERY service abended. The XCF sysplex record will be missing from the file. CKF083I Extent size discrepancy size DEBNMTRK=num on dev volser Severity: 20 Explanation: There is an unexpected difference in the low order two bytes of the number of tracks in an extent. The software uses DEBNMTRK (which may be too small). Contact IBM Software Support. CKF084I Internal error CKFCCHH RC=20 on dev volser Severity: 24 Explanation: Contact IBM Software Support. CKF085I TTT conversion result CCC HHHH cccc hhhh not in extent cccc hhhh - cccc hhhh for reltrk on dev volser Extent nn range cccc hhhh - cccc hhhh start reltrk size trks Severity: 08 Explanation: This message indicates a failure to convert the indicated relative track number to an absolute cylinder and head address. The requested track will not be read. Generally this means that the internal structure of a data set was not understood properly, for example, because of a new version of the software maintaining that data set. Contact IBM Software Support. CKF086I Member mem rel trk trk Rrec not in dev volser dsn size trks trk Severity: 04 Explanation: This message indicates that a PDS directory entry points to a member start (relative track and record number) beyond the end of the data set. A possible cause might be that the data set was truncated during a copy or restore operation. CKF087I Missing EOF in member mem rel trk trk Rrec in dev volser dsn size trks trk Severity: 04 Explanation: This message indicates that the last member physically present in a partitioned data set was truncated before it's End Of File marker. The member starts at the indicated relative track and record number. A possible cause might be that the data set was truncated during a copy or restore operation. There will be no checksum for this member. CKF088I Missing n out of total members in dev volser dsn size trks trk Severity: 04 Explanation: This message indicates that a Partitioned Data Set directory referred to members not physically present in the data set. A possible cause might be that the data set was truncated during a copy or restore operation. CKF089I Unexpected DMS subfile name name at record nnn of DMSU volume datasetname Severity: 08 Explanation: The data set indicated by the DMSUNL= keyword contains an unknown subfile name. The data set is not read any further. Chapter 2. CKF Messages 17 CKF090I type abend xxx-nn (explanation) on dev volume dataset Severity: 08 Explanation: This message indicates a nonrecoverable abend occurred during OPEN of the indicated TMC. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF091I TRKCALC for dsname gives RC=nn decimal Severity: 08 Explanation: The calculation of the number of blocks per track for the TMC, VMF or ACF failed with the indicated return code. As a consequence, no blocks will be read. CKF092I Opened type dev volume dataset, num by/bl num bl/tr num rc/bl num trk Severity: 00 Explanation: This message indicates that the type data set (TMC for CA1, VMF for CA-TLMS, or ABR for FDR/ABR) has just been opened, and shows the characteristics used for reading the TMC/VMF. It is issued only if the INFO option was specified. CKF093I Unexpected block length nnn at rel track nnn Rnn of type vol dataset Severity: 08 Explanation: This message indicates that a track read contained an unexpected block size. The remainder of the track is skipped. The current relative track number and physical record number are shown in decimal. The type can be TMC, VMF, or ABR. CKF093I Unexpected block prefix "ttttttt" at rel track nnn Rnn of ABR vol dataset Severity: 08 Explanation: This message indicates that an ABR track read contained an unexpected block prefix. The current relative track number and physical record number are shown in decimal. CKF094I Closed type dev volume dataset, read nnn tracks, copied nnn type and nnnn DSNB records Severity: 00 Explanation: This informational message indicates that the TMC/VMF/ABR data set was closed and shows the number of volume and data set records that were copied to CKFREEZE. It is issued only if the INFO option was specified. CKF095I Unsupported type blocksize nnn lrecl nnn for volume dataset Severity: 08 Explanation: For type equal to TMC this message indicates that the indicated data set had a record size (lrecl) different from 200 and 340 (CA1 5.0). For type equal to VMF this message indicates that the record size was different from 500. For type equal to ABR this indicates that the block size was smaller than 32 bytes. CKF096I type abend xxx-nn (explanation) on type dev volume dataset Severity: 08 Explanation: This message indicates a nonrecoverable abend occurred during OPEN of the indicated type data set (DMSU for DMSUNL, PDSE for PDS/E directory, or PDSM for DMS AUTHLIB). For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. 18 Version 1.12: Messages Guide CKF097I Opened type dev volume dataset, blksz nnnn, lrecl nnnn lasttrk nnnnn Severity: 00 Explanation: This message indicates that the indicated type data set (DMSU for DMSUNL, PDSE for PDS/E directory, or PDSM for DMS AUTHLIB) has just been opened, and shows the block size, record length, and last relative track number (decimal). It is issued only if the INFO option was specified. CKF098I Unexpected record length n at record nnn of DMSU volume dataset Severity: 08 Explanation: A record length smaller than 9 was encountered, this is not supported for a DMS unload (each record is expected to start with the 8 byte subfile name). The remainder of the data set will be skipped. CKF099I Closed type dev volume dataset read nnn records, copied nnn DSNINDEX and nnnn RACFENCD records Severity: 00 Explanation: This informational message indicates that the DMStype data set (DMSU for DMSUNL, PDSE for PDS/E directory, or PDSM for DMS AUTHLIB) was closed and shows the number of records read as well as the number of data set and RACF profile records that were copied to CKFREEZE. It is issued only if the INFO option was specified. Messages from 100 to 199 CKF100I Missing PDS directory end in dev vol dsn Severity: 08 Explanation: This message indicates that a data set that was supposed to have a Partitioned Data Set organization did not have a proper PDS directory (i.e. ending in a record with a key of high values). Possible causes are that the data set is not a PDS at all, or that the data set was truncated before the end of the PDS directory by a failed copy or restore operation. CKF101I Unexpected return code nn dec during LISTCAT of dsn Severity: 08 Explanation: This message indicates a failure to locate a VSAM cluster name in the catalog. The cluster will be skipped. If you think the program should have found it, contact IBM Software Support. CKF102I type catname on volume BLK decnum CISZ decnum, CASZ decnum byte, num CI/CA, num bl/CA, numtr/CA, nn bl/trk, nn bl/CI Severity: 00 Explanation: This informational message gives the control interval size, the number of bytes, blocks, and tracks in a control area, and the number of blocks per track and blocks per control intervals for the specified type VSAM data set (BCS for catalog, MCD for HSM migration Control Data set, BCD for HSM Backup Control Data set, RMM for DFSMS RMM control data set) immediately before it is opened. It is issued only if the INFO option is selected. CKF103I No imbed - index indexname on volume BLK decnum CISZ decnum Severity: 00 Explanation: This message indicates that the index component about to be opened has the NOIMBED attribute, which makes it necessary to process the index. The message indicates the index component data set name, as well as the physical block size and CI size. It is issued only if the INFO option is selected. Chapter 2. CKF Messages 19 CKF104I Closed IX dev volume catname index incore decnum bytes - indexname Severity: 00 Explanation: This informational message summarizes the number of bytes that were read from the catalog index component prior to closing. It is issued only if the INFO option was selected. CKF105I Opened type dev volser catname size num trk datacomponent Severity: 00 Explanation: This informational message contains the number of tracks in the data component of the type data set (see CKF102I) that has just been opened successfully. It is issued only if the INFO option was selected. CKF106I Master catalog is catname Severity: 00 Explanation: This informational message indicates the name of the master catalog. It is issued only if the INFO option was selected. CKF107I Opened ACB dev volume cluster component dsname Severity: 00 Explanation: This informational message indicates the successful opening of the ACB for the indicated VSAM data set. It is issued only if the INFO option was selected. CKF108I Closed ACB dev volume cluster copied decnum records datacomponent Severity: 00 Explanation: This informational message indicates the number of records read from the indicated VSAM data set. It is issued only if the INFO option was selected. CKF109I Opened dsntype dev volume dsname [ alloc size nn trk ] Severity: 00 Explanation: This informational message indicates the successful opening of the PDS(E) indicated, and, for a PDS, the size of the data set in tracks. It is issued only if the INFO option was selected. CKF110I Closed PDS dev volume dsname read decnum trks, copied decnum dir blks, scanned decnum byte in decnum members Severity: 00 Explanation: This informational message indicates the number of directory tracks and blocks read from the indicated PDS. It is issued only if the INFO option was selected. CKF111I Scheduler allocated decnum I/O executors Severity: 00 Explanation: This informational message shows the amount of parallelism introduced by the PARALLEL parameter or its default. It is issued only if the REPORT or INFO option was selected or defaulted. CKF112I Opened VTOC dev volume size decnum tracks Severity: 00 Explanation: This informational message indicates the successful opening of the VTOC for the indicated volume. It is issued only if the INFO option was selected. 20 Version 1.12: Messages Guide CKF113I Closed VTOC dev volume read num tracks, copied decnum DSCBs Severity: 00 Explanation: This informational message summarizes the number of tracks and records that were read from the VTOC prior to closing. It is issued only if the INFO option was selected. CKF114I Opened SYS1.VVDS.Vvolume size decnum tracks, nnn blk/trk Severity: 00 Explanation: This informational message indicates the successful opening of the indicated VVDS and the number of 4KB blocks per track. It is issued only if the INFO option was selected. CKF115I Closed SYS1.VVDS.Vvolume read num tracks, copied decnum NVR/VVRs Severity: 00 Explanation: This informational message summarizes the number of tracks and records that were read from the VVDS prior to closing. It is issued only if the INFO option was selected. CKF116I Closed type dev volume catname read num trks, copied decnum/decnum non/spanned records Severity: 00 Explanation: This informational message summarizes the number of tracks and records (both non-spanned and spanned) that were read from the data component of the type data set (see CKF102I) prior to closing. It is issued only if the INFO option was selected. CKF117I CP response truncated for command "command": response Severity: 12 Explanation: This message indicates that the response to the specified CP command issued while running under VM did not fit into the return area. The first 5 lines of the response are displayed. As a result, information collected by the command may be missing from the CKFREEZE file. CKF118I CP return code nn on command "command": response Severity: 12 Explanation: This message indicates the nonzero return code returned by CP on the specified command issued while running under VM. As a result, information collected by the command will be missing from the CKFREEZE file. CKF119I Q Vnnnn returns data for nnnn - possibly unsupported VM release Severity: 12 Explanation: While running an XA release of MVS under VM, the QUERY VIRTUAL command issued by zSecure Collect unexpectedly returned information from a different device. The information is not processed. CKF120I Unexpected IOS rc xx x, CSW stat xxxx sns xxxx id cccc/mm dddd/mm v/r=vv/rr dev dev volser during CCWname Severity: 08 Explanation: This message indicates a failed I/O operation of the type CCWname on the indicated device. The Channel Status Word and the first 2 bytes of the sense code are shown in hexadecimal, together with the hexadecimal controller type cccc and model mm and device type dddd and model mm, as returned by the Sense Id, and the Virtual and Physical controller type returned by the ReadDeviceCharacteristics. The latter are needed to determine the exact device type and mode of 3990 models and RAMAC devices. Check for a possible hardware defect. More diagnostic information might be available in a directly subsequent message CKF144I. Chapter 2. CKF Messages 21 CKF121I Unexpected nil name pointer in product Severity: 04 Explanation: This message has two forms. the first shows the name of a pointer that was unexpectedly found to be zero during access to a control block chain with cross memory services in an address space for the specified product (HSM, JES2, JES3, RMM, TLMS). CKF121I Unexpected null ASID for product Severity: 04 Explanation: The second form of this message shows that the Address Space Id was unexpectedly found to be zero during access to a control block chain with cross memory services in an address space for the specified product (HSM, JES2, JES3, RMM, TLMS). CKF122I Number of TAPE devices interrogated: nnn Severity: 00 Explanation: This message, shown if TAPE=YES was specified or implied, shows the number of tape devices that were interrogated. CKF123I Q V mmm query for device nnnn returns data for nnnn - possibly unsupported VM release Severity: 12 Explanation: While running a non-XA release of MVS under VM, the QUERY VIRTUAL command issued by zSecure Collect to the VM device number mmm on behalf of the nnnn device number in MVS, unexpectedly returned information from a different device. The information is not processed. CKF124I Non-SMS system Severity: 00 Explanation: This informational message is issued to indicate that the SMS subsystem is not defined on the system. CKF125I SMS is inactive Severity: 04 Explanation: This informational message is issued to indicate that the SMS subsystem is defined, but inactive. No SMS information will be present in the CKFREEZE file. CKF126I SMS IEFSSREQ RC=nn (decimal) for request SSSA1TYP=nn (decimal) Severity: 08 Explanation: This message indicates the failure of a SMS subsystem request. The requested SMS information will be missing from the CKFREEZE file. CKF127I SMS return code SSOBRETN=nn (decimal) reason code SSSARSN=nnn (decimal) for request SSSA1TYP=nn (decimal) Severity: 08 Explanation: This message indicates the failure of a SMS information request. The requested SMS information will be missing from the CKFREEZE file. 22 Version 1.12: Messages Guide CKF128I SMS returned reason code SSSARSN=nnn (decimal) and messages for request SSSA1TYP=nn (decimal): messages Severity: 04 Explanation: This message indicates the possible failure of a SMS information request. Informational or error messages returned by SMS follow this message. The requested SMS information may be missing from the CKFREEZE file. CKF129I Unexpected SMS call type abend xxx-nn (explanation) for request SSSA1TYP=nn (decimal) Severity: 08 Explanation: This message indicates the abend issued during a SMS information request. The requested SMS information will be missing from the CKFREEZE file. CKF130I SMS type name configuration description Severity: 00 Explanation: This informational message indicates that the complex of type type and name name has SMS active and shows the comment (description) field of the active configuration. CKF131I LCU selection not possible Severity: 12 Explanation: This message indicates that a LCU selection was given but no LCU information could be found in the system. The run is aborted. Possible reasons include: RMF was not active, running under a VM system, or an unsupported RMF release. CKF132I Tape management system CA1 v.r.nl Severity: 00 Explanation: This message indicates that CA1 was found to be active on the system, and shows the release in the form version.release.newsletter CKF133I FOCUS must precede parameters selecting additional information to be collected Severity: 12 Explanation: This message is issued if FOCUS was not the first parameter, and you specified a parameter that is not allowed under each focus before the FOCUS parameter. Move the FOCUS parameter in front. CKF134I Command not valid in current FOCUS - name Severity: 12 Explanation: This message indicates that a feature was requested that is invalid under the current focus combination. You can look up the command name in the index and read the restrictions. CKF135I site-specific identification string Runs on where CPU-id, source file ddname volser dsn Severity: 00 Explanation: This message shows the site-specific identification string, CPU-id, and relevant product numbers and names. Chapter 2. CKF Messages 23 CKF136I CLOSE abend xxx-rc on device dev volume volser for dsname Severity: 08 Explanation: The data set named dsname could not be closed on device dev. The VTOC is indicated with ** VTOC volser **. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF137I ACB CLOSE failed for type dev volume datacomp rc=nn code=code cluster dsname Severity: 08 Explanation: The VSAM data set data component datacomp could not be closed. See the appropriate DFP manual for the meaning of the codes. CKF138I GET RPL type dev volume datacomponent rc=nn reason=nnnn after nnnn records Severity: 08 Explanation: This messages indicates an unexpected return code and reason code (in decimal) from the VSAM GET macro after the indicated number of records. CKF139I TRKCALC for SYS1.VVDS.Vvolume gives RC=nn decimal Severity: 08 Explanation: The calculation of the number of blocks per track for the VVDS failed with the indicated return code. As a consequence, the space map will not be used and all tracks of the VVDS will be read. CKF140I Number of RACFENCD records copied: nnnn Severity: 00 Explanation: This message indicates the number of records copied from the RACFENCD subfiles of DMS DMSFILES and unloaded DMSFILES data sets. The RACFENCD subfile gives the relation between data set names of archived or backed-up data sets and the corresponding RACF profiles with an encoded name. CKF141I Number of DSNINDEX records copied: nnnn Severity: 00 Explanation: This message indicates the number of records copied from the RACFENCD subfiles of DMS DMSFILES and unloaded DMSFILES data sets. It includes all archived and backed-up data sets. CKF142I Number of MCD records copied: nnnnn Severity: 00 Explanation: This message indicates the number of records copied from HSM Migration Control Data sets. It is shown if the number is nonzero. CKF143I Number of BCD records copied: nnnnn Severity: 00 Explanation: This message indicates the number of records copied from HSM Backup Control Data sets. It is shown if the number is nonzero. CKF144I original rc nnx sense xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx Severity: 00 Explanation: This message occurs optionally behind message CKF120I or CKF051I. It indicates the original EXCP return code and sense code associated with a failing channel program, for example, a Unit Check. Check for a 24 Version 1.12: Messages Guide hardware defect or failure. If you cannot find one, contact IBM Software Support to report these messages and to determine whether they can be prevented. CKF145I CKFREEZE LRECL=nnn must at least be 23472, use half/full track as BLKSIZE and set LRECL 4 less, or use LRECL=X, RECFM=VBS Severity: 12 Explanation: This message indicates that the CKFREEZE file has an insufficient maximum record length. Check your JCL, if you did not specify a LRECL, check the BLKSIZE. If you did not specify either, try specifying BLKSIZE. If this does not work, try specifying both. If you specified both and SMS is active, contact your site's storage administrator how you can prevent the ACS routines from providing an insufficient overriding LRECL. CKF146I Number of TMC volume records copied: nnnn Severity: 00 Explanation: This message indicates the number of volume records copied from the CA1 TMC (Tape Management Catalog). CKF147I Number of DSNB records copied: nnnn Severity: 00 Explanation: This message indicates the number of secondary data set records (Data Set Name Blocks) copied from the CA1 TMC (Tape Management Catalog). CKF148I DMS records at level v.r.m Severity: 00 Explanation: This message indicates the highest DMS release number encountered in a DMSFILES record. CKF149I Number of SWCH devices interrogated: nnn Severity: 00 Explanation: This message, shown if SWCH=YES was specified or implied, shows the number of ESCON® directors that were interrogated. CKF150I type abend xxx-nn (explanation) on dev volser dsname Severity: 08 Explanation: This message indicates that the OPEN for a DMSFILES data set failed with the indicated abend code. No information will be present in the CKFREEZE file from this data set. CKF151I TRKCALC for dsname gives RC=nn decimal Severity: 08 Explanation: The calculation of the number of blocks per track for the DMSFILES data set failed with the indicated return code. As a consequence, no blocks will be read. CKF152I Opened DMSF dev volume dataset, nnn by/bl nn bl/tr nnn by/tr nnnn trk Severity: 00 Explanation: This message indicates that a DMSFILES data set has just been opened, and shows the characteristics used for reading the DMSFILES data set. It is issued only if the INFO option was specified. Chapter 2. CKF Messages 25 CKF153I Dataset has unsupported DMSFILES format - volser dsname Severity: 08 Explanation: This message indicates that the data set indicated does not conform to the supported layout of a DMSFILES data set. Specifically, the control record does not contain a correct control block id. The data set is not processed any further. CKF154I Dataset expects blksize nnnn but is nnnn for volser dsname Severity: 08 Explanation: The message indicates that the DMSFILES data set contains a physical block size in the DMS control record that differs from the physical block size in the format 1 DSCB in the VTOC. The data set is not processed any further. CKF155I Unexpected block length nnn at rel track nnn Rnn of DMSF vol dataset Severity: 08 Explanation: This message indicates that a DMSFILES track read contained an unexpected block size. The remainder of the data set is skipped. CKF156I DMSFILES error: reference to RBA xxxxxxxx and length nnnnn points beyond last rel track nnnn Severity: 08 Explanation: This message indicates an error during read of a DMSFILES data set. An index entry or file control block points to a block at a Relative Byte Address (hexadecimal) and with a length (decimal) that would extend beyond the last used track of the data set as shown in the F1 DSCB (last relative track number in decimal). The blocks beyond the last used track will not be read. CKF157I DMSFILES error: missing nnnn bytes at the end of logical block at RBA xxxxxxxx Severity: 08 Explanation: This message indicates that zSecure Collect expected additional bytes to complete a logical block when end-of-file processing was entered. CKF158I DMSFILES error: found BLK RBA xxxxxxxx but unexpected subfile name rel trk nnn Rnn Severity: 08 Explanation: This message indicates that a block, pointed to by the DSNINDEX or RACFENCD index was read at the specified RBA, but it contained records of a different subfile than DSNINDEX and RACFENCD. The current relative track number and physical record number are shown in decimal. CKF159I DMSFILES error: found IND RBA xxxxxxxx but unexpected subfile name rel trk nnn Rnn Severity: 08 Explanation: This message indicates that an index block, pointed to by the DSNINDEX or RACFENCD FCB was read at the specified RBA, but it contained the index of a different subfile than DSNINDEX and RACFENCD. The current relative track number and physical record number are shown in decimal. CKF160I DMSFILES error: found RBA xxxxxxxx but not a BLK or IND prefix, at rel trk nnn Rnn Severity: 08 Explanation: This message indicates that a block, pointed to by the DSNINDEX or RACFENCD FCB or index was read at the specified RBA, but it did not contain a BLK or IND prefix. The current relative track number and physical record number are shown in decimal. 26 Version 1.12: Messages Guide CKF161I DMSFILES error: RBA xxxxxxxx not found on block boundary, at RBA xxxxxxxx rel trk nnn Rnn Severity: 08 Explanation: This message indicates that the starting RBA of a logical block, pointed to by the DSNINDEX or RACFENCD FCB or index was not found on a physical block boundary. The current RBA, relative track number, and physical record number are shown in decimal. CKF162I DMSFILES error: missed block(s) starting at RBA xxxxxxxx Severity: 08 Explanation: This message indicates that zSecure Collect expected additional information starting at the specified RBA (pointed to by DSNINDEX or RACFENCD FCB or index) when end-of-file processing was entered. CKF163I Closed DMSF dev volume dataset, read nnn tracks, copied nnn DSNINDEX and nnnn RACFENCD records Severity: 00 Explanation: This informational message indicates that the DMSFILES data set was closed and shows the number of data set and RACF profile records that were copied to CKFREEZE. It is issued only if the INFO option was specified. CKF164I DMSFILES error: name subfile not found in FCBs Severity: 08 Explanation: This message indicates that zSecure Collect failed to find the specified subfile definition in the File Control Blocks. Information from the subfile will be missing from the CKFREEZE file. CKF165I DMSFILES error: no or invalid IND/BLK RBA in FCBs Severity: 08 Explanation: This message indicates that zSecure Collect failed to find valid RBAs in the DSNINDEX and RACFENCD File Control Blocks. No information from this DMSFILES data set will be copied to the CKFREEZE file. CKF166I Message number to be suppressed must be in range 0..999 Severity: 12 Explanation: The form of the message suppression command SUPMSG and its aliases is a list of decimal numbers separated by commas and enclosed in parentheses, or a single number. It may not be left blank. CKF167I Volume not mounted for expected data set volume dsname Severity: 04 Explanation: This message indicates that zSecure Collect wants to extract information from the indicated data set, but the volume was not mounted. CKF168I Restore not successful for expected data set on volume volume dsname Severity: 04 Explanation: This message indicates that zSecure Collect wants to extract information from the indicated data set, but the OPEN attempt was not successful. This text of the message can only occur if RESTORE=YES or RECALL=YES was specified or implied. Chapter 2. CKF Messages 27 CKF168I RESTORE=NO and expected data set not on volume volume dsname Severity: 04 Explanation: This form of the message indicates that zSecure Collect wants to extract information from the indicated data set, but the data set was not found in the VTOC, and RESTORE=NO (same as RECALL=NO) was specified or implied. CKF169I Volume [excluded or] not mounted for requested data set volume dsname Severity: 08 Explanation: This message indicates that you requested an action for a data set, but the volume was not mounted or excluded by your SELECT and EXCLUDE commands. CKF170I Restore not successful for requested data set on volume volume dsname Severity: 08 Explanation: This message indicates that you requested an action for a data set, but the OPEN attempt was not successful. This text of the message can only occur if RESTORE=YES (same as RECALL=YES) was specified or implied. CKF170I RESTORE=NO and requested data set not on volume volume dsname Severity: 08 Explanation: This form of the message indicates that you requested an action for a data set, but the data set was not found in the VTOC, and RESTORE=NO was specified or implied. CKF171I Restore not successful for expected data set on any volume - dsname Severity: 04 Explanation: This message indicates that zSecure Collect wants to extract information from the indicated data set, but the ALLOCATE attempt was not successful. This text of the message can only occur if RESTORE=YES was specified or implied. CKF171I RESTORE=NO and expected data set not on any volume dsname Severity: 04 Explanation: This form of the message indicates that zSecure Collect wants to extract information from the indicated data set, but the data set was not found in any VTOC, and RESTORE=NO (same as RECALL=NO) was specified or implied. CKF172I Restore not successful for requested data set on any [included] volume - dsname Severity: 08 Explanation: This message indicates that you requested an action for a data set, but the data set was not found on the volume or the volume was not included by your SELECT and EXCLUDE statements. This text of the message can only occur if RESTORE=NO was specified or implied. CKF172I RESTORE=NO and expected data set not on any [included] volume dsname Severity: 08 Explanation: This form of the message indicates that you requested an action for a VSAM data set, but the data set was not found in any VTOC included by your SELECT and EXCLUDE statements, and RESTORE=NO was specified or implied. 28 Version 1.12: Messages Guide CKF173I Volume not mounted for expected VSAM data set volume dsname Severity: 04 Explanation: This message indicates that zSecure Collect wants to extract information from the indicated VSAM data set, but the volume was not mounted. CKF174I Restore not successful for expected VSAM data set on volume volume dsname Severity: 04 Explanation: This message indicates that zSecure Collect wants to extract information from the indicated VSAM data set, but the OPEN attempt was not successful. This text of the message can only occur if RESTORE=YES (same as RECALL=YES) was specified or implied. CKF174I RESTORE=NO and expected VSAM data set not on volume volume dsname Severity: 04 Explanation: This form of the message indicates that zSecure Collect wants to extract information from the indicated VSAM data set, but the data set was not found in the VTOC, and RESTORE=NO (same as RECALL=NO) was specified or implied. CKF175I Volume [excluded or] not mounted for requested VSAM data set volume dsname Severity: 08 Explanation: This message indicates that you requested an action for a VSAM data set, but the volume was not mounted or excluded by your SELECT and EXCLUDE commands. CKF176I Restore not successful for requested VSAM data set on volume volume dsname Severity: 08 Explanation: This message indicates that you requested an action for a VSAM data set, but the OPEN attempt was not successful. This text of the message can only occur if RESTORE=YES (same as RECALL=YES) was specified or implied. CKF176I RESTORE=NO and requested VSAM data set not on volume volume dsname Severity: 08 Explanation: This form of the message indicates that you requested an action for a VSAM data set, but the data set was not found in the VTOC, and RESTORE=NO (same as RECALL=NO) was specified or implied. CKF177I Restore not successful for expected VSAM data set on any volume - dsname Severity: 04 Explanation: This message indicates that zSecure Collect wants to extract information from the indicated VSAM data set, but the ALLOCATE attempt was not successful. This text of the message can only occur if RESTORE=YES was specified or implied. CKF177I RESTORE=NO and expected VSAM data set not on any volume dsname Severity: 04 Explanation: This form of the message indicates that zSecure Collect wants to extract information from the indicated VSAM data set, but the data set was not found in any VTOC, and RESTORE=NO was specified or implied. Chapter 2. CKF Messages 29 CKF178I Restore not successful for requested VSAM data set on any [included] volume - dsname Severity: 08 Explanation: This message indicates that you requested an action for a VSAM data set, but the ALLOCATE attempt was not successful or the volume was not included by your SELECT and EXCLUDE statements. This text of the message can only occur if RESTORE=YES (same as RECALL=YES) was specified or implied. CKF178I RESTORE=NO and expected VSAM data set not on any [included] volume dsname Severity: 08 Explanation: This form of the message indicates that you requested an action for a VSAM data set, but the data set was not found in any VTOC included by your SELECT and EXCLUDE statements, and RESTORE=NO (same as RECALL=NO) was specified or implied. CKF179I Unsupported MPFT level xx Severity: 08 Explanation: This message indicates that a newer control block layout was encountered than currently supported for the Message Processing Facility. Information on message suppression will be missing from the CKFREEZE file. Contact IBM Software Support. CKF180I Device dev volume has no VTOC Severity: 04 Explanation: This message indicates that the indicated volume had no VTOC at the time of the last IPL or VARY command. Processing is skipped for this volume. CKF181I Device dev volume has VTOC on track 0 record n - not supported Severity: 04 Explanation: This message indicates that the indicated volume had a VTOC on track 0 at the indicated record. This format is not recognized by zSecure Collect. Processing is skipped for this volume (the VTOC will not be dumped). CKF182I Options for this run are: FOCUS=(focus) IO=Y/N,DASD=Y/N,TAPE=Y/N,SWCH=Y/N,PATH=Y/N, VTOC=Y/N,VVDS=Y/N,PDS=Y/N,MCAT=Y/N/MCAT,MCD=Y/N, BCD=Y/N,DMS=Y/N,ABR=Y/ N,TMC=Y/N,RMM=Y/N, VMF=Y/N,UNIX=Y/N[,UNIXCLIENT=Y/N] RECALL=Y/ N[,AUTOMOUNT=N],SHARED=Y/N,OFFLINE=Y/N, SMS=Y/N,STATS=Y/N,IDR=Y/N,CHECK=Y/ N,SCAN=Y/N PARALLEL=NONE/PATHGROUP/PATH,[NO]REPORT[,ALLRECS], WAIT=Y/N [,BURSTS=num,BURSTWAIT=num,BURSTSIZE=num ], [NO]KEY0,[NO]BYPASS,[NO]SIO,[NO]XMEM, [NO]DIAG,[NO]UID0[,UNCONNECTED] [,SLOWDOWN] [,FREE][,MONITOR=num] [,INTERVAL=num], ENQ=Y/N, IOTIMEOUT=nn,PDSEBUFSIZE=num SERIALIZATION(NOENQ|ENQ(SYSDSN/CKRDSN/SYSDSN,CKRDSN) [,WAIT,MAXWAIT(nn)|,FAIL][,VOLSER][,UNIT], SIGVER=Y/N) Severity: 00 Explanation: This message lists the basic options (options that are not a combination of others) that are currently in effect. CKF183I Device dev volume CP-formatted VTOC not supported Severity: 04 Explanation: This message indicates that the volume has the VTOC in a position as for a CP-formatted volume (for use by VM). Processing is skipped for this volume (the VTOC will not be dumped). 30 Version 1.12: Messages Guide CKF184I Device dev volume AIX-formatted VTOC not supported Severity: 04 Explanation: This message indicates that the volume has the VTOC in a position as for an AIX-formatted volume (for use by AIX/ESA®). Processing is skipped for this volume (the VTOC will not be dumped). CKF185I Error reading rel trk nnn in dev volume dsname directory Severity: 08 Explanation: This message indicates that an I/O error occurred while processing a track in a PDS directory. CKF185I Error reading rel trk nnn in dev volume dsname(member) Severity: 08 Explanation: This message indicates that an I/O error occurred while processing a track in a PDS member. CKF186I Unexpected CSVAPF return code xxxxxxxx hex, reason code xxxxxxxx hex Severity: 08 Explanation: This message indicates that the CSVAPF service returned an unexpected return code. Contact IBM Software Support. CKF187I Unexpected CSVDYNL return code xxxxxxxx hex, reason code xxxxxxxx hex Severity: 08 Explanation: This message indicates that the CSVDYNL service returned an unexpected return code. Contact IBM Software Support. CKF188I Unexpected CSVDYNL return data Severity: 08 Explanation: This message indicates that the CSVDYNL service returned unexpected data (no sets at all). Contact IBM Software Support. CKF189I Exit same ptr for module1 and module2 ASID=aaaa tag=xx and ASID=bbbb tag=yy Severity: 04 Explanation: This message indicates that two module major names were found that both claimed to reside at the same address. Only one of the names will be the 'official' name in the CKFREEZE file. CKF190I Slowdown mode invoked because VVDS volser has no index for bcsname Severity: 00 Explanation: An error was found in the VVDS (it will show up on an IDCAMS DIAGNOSE). This error made it impossible to use fast I/O routines. Slowdown mode was invoked instead. CKF191I NOCLOSE only valid in PARM string Severity: 16 Explanation: This message indicates that the NOCLOSE parameter does not work unless present in the parameter string. Chapter 2. CKF Messages 31 CKF192I NODCBE only valid in PARM string Severity: 16 Explanation: This message indicates that the NODCBE parameter does not work unless present in the parameter string. CKF193I NODUMP only valid in PARM string Severity: 16 Explanation: This message indicates that the NODUMP parameter does not work unless present in the parameter string. CKF194I Unexpected return code hhhhhhhh from IARV64 REQUEST=LIST for xxxx memory Severity: 08 Explanation: An IARV64 REQUEST=LIST macro failed with return code hhhhhhhh. In the message, xxxx can be either XSHR or XCOM. IARV64 REQUEST=LIST is used to retrieve information about 64-bit memory objects. There are two types of memory objects for which CKFCOLL will request information. These are Shared Memory Objects which zSecure refers to as XSHR objects, and Common Memory Objects which zSecure refers to as XCOM objects. As a result of this error, it is likely that information about Shared or Common memory objects will be missing from the CKFREEZE file. User response: This error might be caused by running zSecure on an operating system that is not supported, or by recent maintenance to the operating system which might have affected IARV64. It might also be caused by a memory corruption. For further information about the error, refer to the return codes for IARV64, which are documented in the MVS Programming: Authorized Assembler Services Reference manuals, SA22-7609 to SA22-7612. If the problem persists, contact IBM Software Support. CKF195I tttt abend xxx-nn (description) in IARV64 REQUEST=LIST processing. xxxx info missing Severity: 08 Explanation: An abend occurred while processing an IARV64 REQUEST=LIST macro . In the message, v tttt will be either System or User, that is, the type of abend v description describes the abend v xxxx will be either XSHR or XCOM. IARV64 REQUEST=LIST is used to retrieve information about 64-bit memory objects. There are two types of memory objects for which CKFCOLL will request information. These are Shared Memory Objects which zSecure refers to as XSHR objects, and Common Memory Objects which zSecure refers to as XCOM objects. As a result of this error, it is likely that information about Shared or Common memory objects will be missing from the CKFREEZE file. User response: This error might be caused by running zSecure on an operating system that is not supported, or by recent maintenance to that operating system, which might have affected IARV64. It might also be caused by a memory corruption. For further information about the error, refer to the return codes for IARV64 documented in the series of manuals "MVS Programming: Authorized Assembler Services Reference SA22-7609 to SA22-7612 ". If the problem remains, contact IBM Software Support. CKF196I Unexpected IXCCPLX processing type abend xxx-nn (explanation) Severity: 04 Explanation: This message indicates that an abend occurred while processing the IXCCPLX. The couple data set definition records will be missing from the file. CKF197I Unexpected type abend xxx-nn (explanation) during IEEQEMCS Severity: 12 Explanation: This message indicates that an unexpected abend condition was encountered while executing 32 Version 1.12: Messages Guide IEEQEMCS. This may be accompanied by a system dump. Information on EMCS consoles will be missing from the CKFREEZE file. Contact IBM Software Support. CKF198I Unexpected IEEQEMCS RC=nn RSN=nn Severity: 12 Explanation: This message indicates that an unexpected return code and reason code was returned by the IEEQEMCS service. Information on EMCS consoles will be missing from the CKFREEZE file. Contact IBM Software Support. CKF199I Unsupported UCM level xx Severity: 08 Explanation: This message indicates that a newer control block layout was encountered than currently supported for analyzing consoles. Information on consoles will be missing from the CKFREEZE file. Contact IBM Software Support. Messages from 200 to 299 CKF201I Access denied to one or more APF authorized features - adjust FOCUS or drop APF authorization Severity: 12 Explanation: This message indicates that the user has insufficient authority on the proper resource. He either has to change the requested function, obtain a READ permit to the proper CKF.focus resource, or drop APF authorization (for example, by adding a non-authorized STEPLIB). CKF202I Resource profile does not permit use of FOCUS=AUDIT* - class CKF.AUDIT Severity: 12 Explanation: This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8). AUDIT* means either AUDITACF2, AUDITRACF or AUDITTSS. CKF204I Resource not defined - class profile Severity: 00 Explanation: This message indicates that the indicated profile cannot be found (RACF return code 4 while class is active). Message CKF211I will follow. CKF205I ESM return code nnnnnnnn hex, reason code nnnnnnnn hex class profile Severity: 12 Explanation: This message indicates the ESM return code and reason code returned in the first two fullwords of the RACROUTE REQUEST=AUTH parameter list by SAF. Generally, the meaning is explained in additional messages, or, for return code 8, in an ICH408I message issued by RACF in the job log. This message is mainly for debugging purposes. The meanings of the reason codes are documented in the ESM documentation. CKF206I ESM not installed, no authorization check possible Severity: 00 Explanation: This message indicates that no resource access control is present on the system, as indicated by return code 24 on the RACSTAT macro. All operations requested will be allowed. Chapter 2. CKF Messages 33 CKF207I ESM inactive, no authorization check possible Severity: 00 Explanation: This message indicates that no resource access control is active on the system. All operations requested will be allowed. CKF208I SAF class class not defined in CDT, no authorization check possible Severity: 00 Explanation: This message indicates that the resource class indicated is not defined in the SAF Class Descriptor Table. All operations requested will be allowed. CKF209I SAF class class not active, no authorization check possible Severity: 00 Explanation: This message indicates that protection for the resource class indicated has not been activated on the system. This message will be followed by message CKF210I or CKF214I indicating the focus for which an authorization check was requested. CKF210I Authorization checking for class class must be active to use FOCUS=focus Severity: 12 Explanation: This message explains that zSecure Collect will refuse to collect protected auditing information specifically requested by FOCUS=focus for a user unless this is specifically allowed by a security resource. The focus can be ALERT*, AUDIT*, or TCIM*. To be able to check the resource, the indicated class must be activated. CKF211I Resource profile must be present to use FOCUS=AUDIT* - class CKF.AUDIT Severity: 12 Explanation: This message explains that zSecure Collect will refuse to collect auditing information specifically requested by FOCUS=AUDIT* for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. CKF214I Authorization checking for class class must be active to use FOCUS=focus Severity: 12 Explanation: This message explains that zSecure Collect. will refuse to collect protected auditing information specifically requested by FOCUS=focus for a user unless this is specifically allowed by a security resource. To be able to check the resource, the indicated class must be activated. The focus can be ADMIN* or VISUAL. CKF215I Resource profile must be present to use FOCUS=ADMIN* - class CKF.ADMIN Severity: 12 Explanation: This message explains that zSecure Collect will refuse to collect auditing information specifically requested by any of the ADMIN* FOCUS specifications for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. CKF216I Resource profile does not permit use of FOCUS=ADMIN* - class CKF.ADMIN Severity: 12 Explanation: This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8). 34 Version 1.12: Messages Guide CKF221I Unexpected CSVDYNEX return code nnn reason code nnn (decimal) Severity: 04 Explanation: This message is issued if the CSVDYNEX LIST service fails. The return codes are documented in your MVS system in the macro CSVEXRET. If the return code is 8 and the reason code 2052 decimal, then this means that the caller was not APF-authorized and did not have a READ permit on FACILITY CSVDYNEX.LIST. CKF222I RMF not active or running under VM - LCU selection invalid Severity: 16 Explanation: This message is issued if the RMF control blocks used for LCU processing cannot be found. This can be caused by a system without RMF or under a VM release that does not allow service processor diagnose instructions. CKF225I SVC number to scan for must be in range 0..255 Severity: 12 Explanation: This message is issued if the SCANSVC parameter contains a list entry with a value that is not in the range 0 though 255. CKF226I Number of RMM control records copied: nnn Severity: 00 Explanation: This message, shown if RMM=YES was specified or implied, shows the number of records copied from the RMM control data set. CKF227I Disk data records checked: nnn MB in nnn members Severity: 00 Explanation: This message, shown if CHECK=YES was specified or implied, shows the number of megabytes of data that were read and summarized by the checksum algorithms, as well as the number of PDS members that contained this data. CKF228I Unsupported IDENTIFY IDR data in dev volume dsname(member) Severity: 04 Explanation: This message indicates that the format of IDENTIFY IDR data for the specified load library member could not be recognized. PTF level information may be missing or incomplete for this member. CKF229I PDS dirblk key/data len kk/nnn instead of 8/256 for dev volume dsname rel track nnnn Severity: 08 Explanation: This message indicates that the format of a directory block for the specified load library member was not supported. The rest of the track is skipped. Possibly the data set has DSORG=PO but no initialized directory. CKF230I Number of TLMS base records copied: nnn Severity: 00 Explanation: This message, shown if VMF=YES was specified or implied, shows the number of volume base records copies from the TLMS volume master file. Chapter 2. CKF Messages 35 CKF231I Number of TLMS data set cells copied: nnn Severity: 00 Explanation: This message, shown if VMF=YES was specified or implied, shows the number of data set records copied from the TLMS volume master file. CKF232I Number of ABR archive records copied: nnn Severity: 00 Explanation: This message, shown if ABR=YES was specified or implied, shows the number of records copied from the ABR archive control file. CKF233I Unexpected CSRSI return code xxxxxxxx Severity: 00 Explanation: This message indicates that the CSRSI service returned an unexpected return code. As a result, less CPU detail information will be dumped. CKF234I No valid data found on track nnn Severity: 08 Explanation: This message is shown if I/O was done to a track but nothing was found on the track. This is not a normal situation, contact IBM Software Support. CKF235I MON msg nnn: text Severity: 08 Explanation: This message is shown during MONITOR processing. The number nnn corresponds to a proper zSecure Collect message. See the appropriate CKFnnnI message for an explanation. CKF236I CKFCMON internal error on text Severity: 24 Explanation: This message is shown during MONITOR processing. Contact IBM Software Support. CKF237I type abend xxx-nn (explanation) during ERBSMFI processing Severity: 08 Explanation: This message is shown if ERBSMFI, the RMF interface module was abnormally terminated during MONITOR processing. Contact IBM Software Support if you cannot find an obvious cause. CKF238I parm must be less than 1440 (1 day) Severity: 12 Explanation: The MONITOR or INTERVAL parameter was specified as a number of minutes greater than 1440. Both parameters must be less than 1 day. CKF242I Dynamic exit info omitted, SAF READ access required on FACILITY class entity CSVDYNEX.LIST if non-APF Severity: 04 Explanation: This message is issued if the CSVDYNEX LIST service fails. The CSVDYNEX return code was 8 and the reason code 2052 decimal. This is documented in your MVS system in the macro CSVEXRET. It means that the caller was not APF-authorized and did not have a READ permit on FACILITY CSVDYNEX.LIST. 36 Version 1.12: Messages Guide CKF245I Unexpected block length nnn at rel track nnn Rnn of type vol dataset Severity: 08 Explanation: This message indicates that a track read contained an unexpected block size. The remainder of the track is skipped. The current relative track number and physical record number are shown in decimal. The type can be TMC, or VMF. This message is only issued for a TMC or VMF when the block length reported is an integer multiple of the record length, so that the block would have been valid for a last block; however, this was not the last block. CKF246I Empty tracks in CA not skipped, more than 32 blocks in CI - nn blk/CI cluster dsname Severity: 04 Explanation: This message indicates that the internal I/O optimization algorithm could not finish processing because it only supports 32 physical blocks per control interval. Instead, it will always read all tracks of a control area, even if some tracks are empty. This slightly reduces the I/O performance, it does not indicate any loss of data. CKF247I Invalid index record header for catname on volser Severity: 08 Explanation: This message occurs if the vertical pointer mask conflicts with the number of CI pointers. CKF248I OPEN abend 213-04 on device dev volume volser for dsname Severity: 04 Explanation: The data set named dsname could not be opened for input on device dev. zSecure Collect issues this message (instead of CKR030I) when it was looking for an APF library the user did not explicitly indicate, and the library apparently is not physically present on the volser. The sensitivity report produced by zSecure Audit for RACF will properly show this, and there is no reason to assume any reports will be invalidated by this condition. CKF249I Empty tracks in CA not skipped, more than 2048 blocks in CA - nnn blk/CA cluster dsname Severity: 04 Explanation: This message indicates that the internal I/O optimization algorithm could not finish processing because it only supports 2048 physical blocks per control area. Instead, it always reads all tracks of a control area, even if some tracks are empty. This slightly reduces the I/O performance; it does not indicate any loss of data. Consider reviewing whether the data set should be reblocked, because more than 2048 blocks per CA means that it has an extremely inefficient blocking factor. CKF250I Skipping VSAM extent slack n trk of extentsize at rel trk nnn in vol dsname Severity: 00 Explanation: This message indicates that a VSAM data set had slack space at the end of an extent. It was skipped. If you want, you can reallocate the data set to reclaim wasted space and get rid of this message. If the message persists even after reallocation, contact IBM Software Support. CKF251I Slowdown mode invoked for vol dsname Severity: 00 Explanation: This message indicates that a VSAM data set will be read with the slower method, but no more specific error message as to the reason is available. CKF252I Open failed for ACF2 Unload file ddname Severity: 00 Explanation: This message indicates that the ACF2 Unload file mentioned could not be opened. Chapter 2. CKF Messages 37 CKF253I type abend xxx-nn (explanation) on dev volser dsname Severity: 08 Explanation: An abend that could not be handled by the OPEN abend exit occurred during opening of the data set dsname on the volume and device indicated. CKF254I type abend xxx-nn (explanation) on dev volser dsname Severity: 08 Explanation: An abend that could not be handled by the OPEN abend exit occurred during opening of the data set dsname on the volume and non-DASD device indicated. CKF255I type abend xxx-nn (explanation) on dev volser dsname Severity: 08 Explanation: An abend that could not be handled by the OPEN abend exit occurred during opening of the DASD catalog index dsname on the volume and device indicated. CKF256I Slowdown mode invoked because Extended Format vol dsname Severity: 00 Explanation: This message indicates that a VSAM data set will be read with the slower method, because it is an Extended Format data set. CKF257I RACROUTE type abend xxx-nn (explanation) Severity: 08 Explanation: An unexpected RACROUTE abend occurred. CKF258I STATUS=ACCESS not allowed for this user (system abend 047) Severity: 00 Explanation: The current non-APF run of zSecure Collect does not run under a logon ID that is authorized to do RACROUTE STATUS=ACCESS calls. This can be remedied by using the NOAPFCHK keyword on a SAFDEF record that describes the zSecure Collect environment. INSERT SAFDEF.APF PROGRAM(CKFCOLL) RB(CKFCOLL) NOAPFCHK RACROUTE (REQUEST=AUTH,CLASS=DATASET, STATUS=ACCESS) CKF259I No storage available for I/O buffer Severity: 12 Explanation: zSecure Collect did not have enough storage available to create an I/O buffer of adequate size. This will result in program termination. Allocate a larger region for the zSecure Collect run to avoid this problem. CKF260I UCBSCAN does not return device hhhh volser Severity: 12 Explanation: This message indicates that the UCBSCAN service did not return information for the indicated device. The intended authorized I/O function will not be performed. This may be due to a dynamic change during the zSecure Collect run. If this error recurs in another run, contact IBM Software Support. 38 Version 1.12: Messages Guide CKF261I Corrupted length found while reading IX on dev volser dsname Severity: 08 Explanation: While reading the index of the data set mentioned conflicting length specifications were found. This is usually indicative of a corrupted data set. Further processing for this data set will be skipped. CKF262I Not a cluster or component name -- dsn Severity: 08 Explanation: This message indicates that a name was passed as if it were a VSAM cluster or data component name, but it is neither a cluster name nor a data component name. CKF263I Unexpected return code nn dec during LISTCAT VOL of dsn Severity: 08 Explanation: This message indicates a failure to locate a VSAM data component name in the catalog. The component will be skipped. If you think the program should have found it, contact IBM Software Support. CKF264I Unexpected type abend xxx-nn (explanation) during LISTCAT VOL of dsn Severity: 08 Explanation: This message indicates an a failure to locate a VSAM data component name in the catalog; an abend was encountered. The component will be skipped. If you think the program should have found it, contact IBM Software Support. CKF267I Unexpected eye catcher eye catcher for program object header of volume dsname(member) Severity: 08 Explanation: The indicated program object has an unknown layout. Checksum and IDR processing are skipped for this member. CKF268I Program object header length hexnum larger than blocksize hexnum for volume dsname(member) Severity: 08 Explanation: Checksum and IDR processing for PDSEs requires the complete header of a program object to be present within the first block read. If this is not the case, processing is skipped. CKF269I Unsupported program object level hexnum for volume dsname(member) Severity: 08 Explanation: The indicated program object has an unknown layout. Checksum and IDR processing are skipped for this member. CKF270I PDSE processing requires BPAM Severity: 08 Explanation: NOBSAMBPAM has been specified in the PARM string, specifying that the program should not use BPAM. However, checksum processing and IDR processing for PDSEs require BPAM. This processing will be skipped for all PDSEs. CKF271I NOBSAMBPAM only valid in PARM string Severity: 16 Explanation: This message indicates that the NOBSAMBPAM parameter does not work unless present in the parameter string. Chapter 2. CKF Messages 39 CKF272I RACSTAT unexpected RC. CLASS='class' SAFRC=safrc RACFRC=racfrc RSNCODE=rsn Severity: 04 Explanation: While retrieving the dynamic class descriptor table from the system using RACROUTE REQUEST=STAT calls, the program received a return code indicating an error. zSecure Collect will stop processing the dynamic CDT. To determine the cause of the error, you can look up the return codes in the RACROUTE macro reference. Note that if the error occurs halfway through processing the CDT (class will be other than all blanks) zSecure Collect will store part of the CDT in the CKFREEZE file. This partial dynamic CDT will be used by zSecure Admin and Audit. If the error happens before any class setting is returned (which is more probable) zSecure Collect does not store the dynamic CDT at all. In that case, zSecure Admin and Audit will use the static CDT for processing. CKF273I ddname volser dsname(member) - problem description Severity: 04 Explanation: The program encountered an unexpected condition while processing the IDRDATA of a program object. If problem description indicates that the IDRDATA was truncated, it turned out that the program object contained more IDRDATA than the amount buffered (as governed by the PDSEBUFSIZE parameter). In this case, the IDRDATA written to the CKFREEZE will be incomplete for the indicated member. Any other value of problem description indicates an unknown layout of the program object, in which case all IDRDATA information for this member will be missing from the CKFREEZE. CKF274I ddname volser dsname(member) has code size 0 Severity: 00 Explanation: The indicated program object does not actually contain anything in binder class B_TEXT. Checksum processing is completed really fast for this member. This informational message is issued only if the INFO option was selected. CKF275I PDSE buffer size decnum must lie between 1 and 1024 Severity: 16 Explanation: The PDSEBUFSIZE parameter accepts only values in the range of 1 to 1024, inclusive. CKF276I CKFREEZE file could not be opened Severity: 12 Explanation: The program failed to open the CKFREEZE file. Verify that a CKFREEZE DD statement is present, and that the allocation parameters are correct. CKF277I Device dev volser does not respond within nn seconds during CCW opcode Severity: 08 Explanation: This message indicates that a missing interrupt was detected for I/O of the indicated type. If this was the first I/O (SenseId) to the device during an APF authorized run, no attempt will be made to dynamically allocate the volume with SVC 99, and the run will continue without hanging. If the run was not APF authorized, or if this was not the SenseId I/O, then the run may hang in subsequent processing performed by the operating system. CKF278I Device dev volser has stopped responding within nn seconds on ddname during CCW opcode Severity: 08 Explanation: This message indicates that a missing interrupt was detected for a track read of an already open data set. The run will attempt to recover, but probably the data set close will hang as well. 40 Version 1.12: Messages Guide CKF279A Respond 'U' to terminate hang test on volume VOLUME Explanation: This WTOR on the operator console indicates that the DEBUGHANGVOLUME parameter was used to test error recovery behavior. CKF280I Unexpected returncode rc in IFAEDLIS call, no enable information dumped. Severity: 08 Explanation: No information on the enablement of products and features on this system could be collected because the call to the IFAEDLIS service failed. The return codes are documented on your MVS system in macro IFAEDIDF. CKF281I ACF2 resident resource rules are not processed. Severity: 00 Explanation: Since the program is not running APF, it cannot access information in fetch protected storage. CKF282I Resource profile must be present to use FOCUS=ALERT - CLASS CKF.ALERT Severity: 12 Explanation: This message explains that zSecure Collect will refuse to collect auditing information specifically requested by any of the ALERT* FOCUS specifications for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. The check for CKF.ALERT will not be done if an AUDIT* focus is also specified or implied. CKF283I Resource profile does not permit use of FOCUS=ALERT - class CKF.ALERT Severity: 12 Explanation: This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8). The check for CKF.ALERT will not be done if an AUDIT* is also specified or implied. In that case a permit on CKF.AUDIT is also sufficient. CKF284I Resource profile must be present to use FOCUS=TCIM - class CKF.TCIM Severity: 12 Explanation: This message explains that zSecure Collect will refuse to collect auditing information specifically requested by any of the TCIM* FOCUS specifications for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. The check for CKF.TCIM will not be done if an AUDIT* focus is also specified or implied. CKF285I Resource profile does not permit use of FOCUS=TCIM - class CKF.TCIM Severity: 12 Explanation: This message indicates that the user has insufficient authority on the indicated recourse (SAF return code 8). The check for CKF.TCIM will not be done if an AUDIT* focus is also specified or implied. In that case a permit on CKF.AUDIT is also sufficient. CKF286I Resource profile must be present to use FOCUS=VISUAL - class CKF.VISUAL Severity: 12 Explanation: This message explains that zSecure Collect will refuse to collect auditing information specifically requested by FOCUS=VISUAL for a user unless this is specifically allowed by a security resource. To be able to check the resource, a profile must be defined that covers the resource. The check for CKF.VISUAL will not be done if FOCUS=ADMINRACF is also specified or implied. Chapter 2. CKF Messages 41 CKF287I Resource profile does not permit use of FOCUS=VISUAL - class CKF.VISUAL Severity: 12 Explanation: This message indicates that the user has insufficient authority on the indicated resource (SAF return code 8). The check for CKF.VISUAL will not be done if FOCUS=ADMINRACF is also specified or implied. In that case a permit on CKF.ADMIN is also sufficient. CKF288I STORAGEGC only valid in PARM string Severity: 16 Explanation: This message indicates that the STORAGEGC parameter does not work unless present in the parameter string. CKF289I Entry point address not in extent for control block module[/module] Severity: 04 Explanation: When examining an LPDE or CDE control block describing the indicated in-storage module, it was found that the module's entry point is outside the storage range where the module allegedly resides. This condition is most likely a by-product of front-ending. Since in this situation there is no way to determine where the module resides, the information regarding this routine that is written to the CKFREEZE will be incomplete. CKF290I LICENSE must precede FOCUS and licensed parameters Severity: 12 Explanation: This message indicates that a specification of the LICENSE data set name must precede any use of a licensed parameter or the FOCUS keyword. Note that this keyword is now deprecated and no longer functional. CKF291I SERIALIZATION options option1 and option2 are mutually exclusive Severity: 16 Explanation: You cannot both WAIT and FAIL if the ENQ request cannot be immediately satisfied. Neither can you request that the program issue an ENQ and not issue an ENQ (NOENQ) at the same time. CKF292I Unsupported value nn for MAXWAIT: not in the range 1..59 Severity: 16 Explanation: SERIALIZATION=(MAXWAIT) supports only values in the range of 1 through 59, inclusive. CKF293I Program not authorized. Disabled APF serialization options UNIT, VOLSER, ENQ(SYSDSN), and MAXWAIT Severity: 04 Explanation: SERIALIZATION was specified with at least one of the following parameters: UNIT, VOLSER, ENQ(SYSDSN), or MAXWAIT. Having dynamic allocation wait until the unit or volser becomes available requires APF authorization. The same is true for requesting an ENQ on QNAME SYSDSN, and for specifying a maximum time to wait until the ENQ request can be specified. Because the program lacks this authorization, it will not wait for units or volsers, will not request ENQs on SYSDSN, and will ignore the specified value for MAXWAIT. CKF294I Symbol symbol was unknown, treated as empty. [ IF result: result ] Severity: 00 Explanation: The tested symbol could not be found in the Static System Symbol table, nor was it SMFID. For the purposes of resolving the IF statement, it is considered to contain an empty string. The IF statement evaluated to result (either true or false). When syntax or entitlement errors have been found earlier in the run, the latter part of the message is not shown, since the correct evaluation of the IF cannot be guaranteed. 42 Version 1.12: Messages Guide CKF295I IF statements might not evaluate correctly Severity: 08 Explanation: This message is preceded by a CKF000I message, indicating an error addressing the symt control block (Static System Symbol table). This table could not be read completely. IF statements in the input might not be correctly resolved. If this error occurs consistently, contact IBM Software Support. This error is only issued when IF statements are present in the input, and can be suppressed. CKF296I Symbol symbol resolved to "value". IF result: result Severity: 00 Explanation: The tested symbol was found to have value value. The IF statement evaluated to result (either true or false). This message is not issued if syntax or entitlement errors have been found earlier in the run, since the correct evaluation of the IF cannot be guaranteed. CKF297I Number of allocations: static sss dynamic nnn, freed fff, max allowed mmm due to TIOT SIZE(ss) Severity: 00 Explanation: This message indicates how many static DDName allocations were present, how many SVC 99 calls were made for dynamic allocations, and how many files were freed individually to make room because the maximum was about to be reached. The maximum is determined by the TIOT SIZE() parameter in PARMLIB member ALLOCxx (this determines the physical number of bytes available for DDnames, it varies depending on the number of (candidate) volsers per DDname), and to a much lesser extent by the actual DYNAMNBR which determines how many unused files may be around. zSecure Collect always deallocates files it frees, so that it does not create additional not-in-use DDnames. The relation between TIOT SIZE and the number of DDnames is approximately as follows: v SIZE(16) means 819 ddnames v SIZE(32) means 1635 ddnames v SIZE(64) means 3273 ddnames For more details on TIOT SIZE, see the ALLOCxx parmlib member in the z/OS MVS Initialization and Tuning Reference. CKF298I Need DDname slot, [premature free of ddname [vol] dsn | nothing to free] Severity: 04 Explanation: This message warns of imminent problems due to unsufficient TIOT size. If it says it freed a file, then this is a file that would have been better to leave allocated (because of performance and because of serialization with a.o. DFHSM). If it says 'nothing to free', then this or subsequent runs of zSecure Collect may easily fail (the headroom is less than 10 files) with a message like IKJ56866I FILE ddname ALLOCATED NOT DATA SET, CONCURRENT ALLOCATIONS EXCEEDED. Find message 297 at the end of the SYSPRINT for the overall picture. CKF299I Need DDname slot, freeing ddname Severity: 04 Explanation: This message is issued in response to an INFO request and reflects normal reuse of a DD name (TIOT) slot. Messages from 300 to 399 CKF300I BPX1GMN failed rc=hexrc reason=reason Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1GMN. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. Chapter 2. CKF Messages 43 CKF301I BPX1OPD failed rc=hexrc reason=reason for 'path' depth depth Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1OPD. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. CKF302I BPX1RD2 failed rc=hexrc reason=reason path 'path' Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1RD2. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. For debugging purposes a hex dump of the UIO control block is printed. This area is mapped by the BPXYFUIO macro, and described in the UNIX System Services Assembler Callable Services manual. CKF303I BPX1CLD failed rc=hexrc reason=reason path 'path' Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1CLD. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. CKF304I BPX1CHD failed rc=hexrc reason=reason for .. before path Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1CHD. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. CKF305I BPX1CHD failed rc=hexrc reason=reason for 'path' depth depth Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1CHD. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. CKF306I Unexpected current depth depth for dirdepth 'path' Severity: 08 Explanation: This message indicates that the directory mentioned, at nesting level dirdepth was scheduled to be read. However, the current nesting level is different from the one needed. Contact IBM Software Support. CKF307I Number of Unix directory entries copied: nn from nn directories in nn file systems Severity: 00 Explanation: This message, shown if UNIX=Y was specified or implied, shows the number of Unix directories read and dumped by zSecure Collect. CKF308I OMVS is inactive Severity: 00 Explanation: This informational message indicates that UNIX System Services is not active on this system. 44 Version 1.12: Messages Guide CKF309I BPX1RDX failed rc=hexrc reason=reason on 'path' Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1RDX. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. CKF310I BPX1RDL failed rc=hexrc reason=reason on 'path' Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1RDL. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. CKF311I BPX1GMN failed retval=retval rc=rc reason=reason for device number Severity: 08 Explanation: This message indicates that an error occurred during the execution of BPX1GMN for the indicated device. The reason code consists of two halfwords; the first is the reason code qualifier, the second the reason code. The return code and reason code together describe the problem that occurred and are documented in the UNIX System Services Messages and Codes manual. CKF312I Symlink crosses automount point 'mountpoint' for 'target': Severity: 00 Explanation: This informational message indicates that while processing the symlink to target, an automountpoint was passed. This message is issued only if the INFO option is selected. CKF313I Extra MNTE needed for device device of 'target' Severity: 00 Explanation: This informational message indicates that an extra mountpoint control block is needed for the reading of the contents of the target directory on device. It is issued only if the INFO option was selected. CKF314I DIRSRCH (x) not allowed on directory 'target' Severity: 00 Explanation: zSecure Collect was not allowed to search the target directory. No information on the contents of this directory will be dumped. CKF315I OPENDIR (r) not allowed on directory 'target' Severity: 00 Explanation: zSecure Collect was not allowed to open the target directory. No information on the contents of this directory will be dumped. CKF316I type abend xxx-nn (explanation) during Unix processing Severity: 08 Explanation: This message indicates that a nonrecoverable abend occurred during Unix processing. The Unix File System information might not be complete. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. Chapter 2. CKF Messages 45 CKF317I Internal error: no MNTP for 'directory' Severity: 24 Explanation: Contact IBM Software Support. CKF318I CATALOG OBTAIN return code hex rc probably failed automount of 'target' Severity: 00 Explanation: An error occurred during the CATALOG OBTAIN for the target directory. No information on the contents of this directory will be dumped. CKF319I Automount attempted for 'target' Severity: 00 Explanation: This informational message indicates that an automount for the directory mentioned will be attempted. It is issued only if the INFO option was selected. CKF320I type abend xxx-nn (explanation) during geteuid - unable to perform UNIX=Y processing Severity: 08 Explanation: This message indicates that a nonrecoverable abend occurred during geteuid processing. No Unix File System information will be dumped. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF321I Switched to effective UID 0 Severity: 00 Explanation: This informational message indicates that a seteuid 0 call was successful. It is issued only if the INFO option was selected. CKF322I Switched to effective UID uid Severity: 00 Explanation: This informational message indicates that a seteuid uid call was successful. It is issued only if the INFO option was selected. CKF323I Seteuid 0 failed rc=hexrc reason=reason Severity: 04 Explanation: This message indicates that an error occurred during the execution of the seteuid 0 command. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. UNIX information will be dumped only partially. CKF324I Seteuid uid failed rc=hexrc reason=reason Severity: 08 Explanation: This message indicates that an error occurred during the execution of the seteuid uid command. This can mean that zSecure Collect will continue running under an effective UID of 0. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. 46 Version 1.12: Messages Guide CKF325I AUTOMOUNT=N and directory not mounted 'target' Severity: 00 Explanation: This informational message indicates that contents of directory target will not be dumped because the directory is not mounted and AUTOMOUNT=NO was specified. CKF326I Schedule MNTE device number DIRP path Severity: 00 Explanation: This informational message indicates that the directory mounted on the indicated path is scheduled to be read. It is issued only if the INFO option was selected. CKF327I Schedule link DIRP target Severity: 00 Explanation: This informational message indicates that the directory specified in target is scheduled to be read. It is issued only if the DEBUG option was enabled. CKF328I Start on DIRP path depth depth Severity: 00 Explanation: This informational message indicates that zSecure Collect starts reading the mentioned directory at nesting level depth. It is issued only if the INFO option was selected. CKF329I Postpone dir device device for 'target' Severity: 00 Explanation: This informational message indicates that the reading of the target directory on device is postponed. It is issued only if the INFO option was selected. CKF330I type abend xxx-nn (explanation) during LOAD of exit exit from device volume ddname Severity: 08 Explanation: This message indicates that a nonrecoverable abend occurred during a LOAD of the indicated exit. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF330I type abend xxx-nn (explanation) returned by LOAD of exit exit from device Severity: 08 Explanation: This message indicates that the LOAD of exit has recovered from an abend. For information about the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF331I type abend xxx-nn (explanation) during DELETE of exit exit from device volume ddname Severity: 08 Explanation: This message indicates that a nonrecoverable abend occurred during a DELETE of the indicated exit. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF332I BPX1PCT: List aggregates failed. RC=rc reason=reason Severity: 04 Explanation: This message indicates that an error occurred during the execution of the BPX1PCT "List Attached Aggregate Names" function. This is not necessarily wrong. This message can for instance also be generated on Chapter 2. CKF Messages 47 systems that do not have the zFS file system running. The reason code given consists of two half words. The first is the reason code qualifier. The second is the reason code as described in the UNIX System Services Messages and Codes manual. CKF333I BPX1PCT: List aggregate status failed. RC=rc reason=reason Severity: 08 Explanation: This message indicates that an error occurred during the execution of the BPX1PCT "List Aggregate Status" function. The reason code given consists of two halfwords. The first is the reason code qualifier. The second is the reason code as described in the UNIX System Services Messages and Codes manual. CKF334I BPX1PCT: List file systems failed. RC=rc reason=reason Severity: 08 Explanation: This message indicates that an error occurred during the execution of the BPX1PCT "List File System Names" function. The reason code given consists of two halfwords. The first is the reason code qualifier. The second is the reason code as described in the UNIX System Services Messages and Codes manual. CKF335I BPX1PCT: List file system status failed. RC=rc reason=reason Severity: 08 Explanation: This message indicates that an error occurred during the execution of the BPX1PCT "List File System Status" function. The reason code given consists of two halfwords. The first is the reason code qualifier. The second is the reason code as described in the UNIX System Services Messages and Codes manual. CKF336I Unexpected DESERV return_code_description reason_code_description Severity: 08 Explanation: A call to Directory Entry Services returned the indicated unexpected error. All checksum and IDR processing for the offending PDSE is skipped. Specify the INFO option to capture enough information in SYSPRINT to determine which PDSE caused the problem. CKF337I Task is not APF authorized, but APF authorization needed Severity: 12 Explanation: This message alerts you to the fact that the program could not obtain authorization while the APF keyword was specified, indicating that authorization is considered essential. The resulting CKFREEZE only contains a zSecure Collect identification record. For additional information, see the section Authorized or unauthorized? in the zSecure Collect documentation available in the user reference manual for your zSecure product. CKF338I Number of UNIX ACL records copied: num access ACLs, num directory default ACLs, num file default ACLs Severity: 00 Explanation: This message, shown if UNIXACL=Y was specified or implied, shows the number of UNIX ACL records dumped by zSecure Collect. CKF339I BPX1PIO failed rc=hexrc reason=reason for type type on 'path' Severity: 08 Explanation: This messages indicates that an error occurred during the execution of BPX1PIO. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Messages and Codes manual. The type shown can be 1 for an access ACL, 2 for a file model ACL or 3 for a directory model ACL. 48 Version 1.12: Messages Guide CKF340I DIRP for MNTP device device mountpoint Severity: 00 Explanation: This informational message indicates that the directory on the mountpoint and device mentioned will be read. It is issued only if the INFO option was selected. CKF341I Empty pathname MNTE for device device FS name file_system_name Severity: 04 Explanation: This message indicates that the w_getmntent (BPX1GMN) service returned an empty pathname (MNTENTMOUNTPOINT). This can occur if the user running zSecure Collect lacks search authorization to one or more of the directories in the mount point, or if the file system is mounted asynchronously. A mount point entry is written, but the device is not processed further. A UNIX mount report generated from the resulting CKFREEZE will show the mount point empty for the reported file system. A UNIX file report does not show the file system at all. CKF342I Schedule DIRP target depth depth Severity: 00 Explanation: This informational message indicates that the target directory mentioned at nesting level depth is scheduled to be read. It is issued only if the INFO option was selected. CKF343I Successful cd .. to depth depth Severity: 00 Explanation: This informational message indicates that a successful directory switch upwards to nesting level depth has been done. It is issued only if the INFO option was selected. CKF344I Successful cd target depth depth Severity: 00 Explanation: This informational message indicates that a successful directory switch to target on nesting level depth has been done. It is issued only if the INFO option was selected. CKF345I Success opendir 'target' Severity: 00 Explanation: This informational message indicates that a successful directory open on target was performed. It is issued only if the INFO option was selected. CKF346I Perform closedir 'target' Severity: 00 Explanation: This informational message indicates that a close on the target directory will be performed. It is issued only if the INFO option was selected. CKF347I Duplicate pathname MNTE devices device1 and device2 FS name file_system_name mountpoint mountpoint Severity: 08 Explanation: This message indicates that a second device device2 is mounted at the same mount point as an earlier device device1. The second device for the indicated file system is not processed. zSecure Audit may flag this condition again with message CKR1064. Chapter 2. CKF Messages 49 CKF348I Duplicate MNTE for device device mountpoint mountpoint Severity: 04 Explanation: This message indicates that the mount entry for the indicated device was found twice. It is processed only once. zSecure Audit may flag this condition again with message CKR1064. CKF349I BPX1LST failed rc=hexrc reason=reason for 'pathname' depth depth Severity: 08 Explanation: The lstat() call for the indicated pathname failed. The reason code consists of two halfwords. The first is the reason code qualifier, the second the reason code as described in the UNIX System Services Message and Codes manual. The directory is not processed. CKF350I Device number olddev changed to newdev during run for 'mountpoint' Severity: 08 Explanation: The lstat() call for the indicated mount point returned another device number than was seen when the file system dump was scheduled. This is not properly supported. The zSecure report will show the old device number and mount information that was associated with the old device number, together with the files associated with the new device number. If this is a recurring problem, contact IBM Software Support. CKF351I Device number dev assigned to 'mountpoint' Severity: 00 Explanation: This informational message indicates that a mount point was encountered that was not present in the mount point table at the start of the zSecure Collect run, and was not seen in its parent directory either. This typically happens when a symlink crosses an automount point into an unmounted directory. This message is only issued if the INFO option was selected. CKF352I The ZFS file system has not been started. Severity: 00 Explanation: This message indicates that no valid ZFS system was found. Therefore, no data on ZFS file systems and aggregates is dumped. CKF353I PC LPA not in common storage, but at address target ASID address space ID Severity: 00 Explanation: The Latent Parameter Address passed to a PC (Program Call) routine is not in common storage. The value of the Latent Parameter will not be dumped. CKF354I type abend xxx-nn (explanation) during WRTAGGR processing Severity: 08 Explanation: This message indicates that a nonrecoverable abend occurred during ZFS Aggregate processing. Information on ZFS Aggregates might not be complete. For information on the common abend codes, see the zSecure Collect documentation in the user reference manual for your zSecure product. CKF355I BPX1PIO returned a returnedtype ACL - corrected to a requestedtype ACL Severity: 04 Explanation: The ACL returned by the w_pioctl service (BPX1PIO) did not match the requested ACL type. This might, for example, occur if your z/OS image does not have the service for IBM APAR OW57201 applied. zSecure Collect attempts to correct this error by setting the ACL type to the requested type in the record before writing it to the CKFREEZE file. This may prevent zSecure from issuing CKR1761. The types shown can be access, fdefault, or default for an access ACL, file model ACL or directory model ACL, respectively. 50 Version 1.12: Messages Guide CKF356I No READ access to data set volser dsn Severity: 04 Explanation: This message indicates that the user does not have read access to the indicated non-VSAM data set, and hence it will be skipped for processing. CKF357I Task terminating due to EXIT request Severity: variable Explanation: During input parsing an EXIT statement was read. The program terminates with the return code specified on the EXIT statement. This message has a severity equal to the value specified in the RC parameter of the EXIT statement. CKF358I RC should be a number between 0 and 99 Severity: 16 Explanation: The RC keyword of the EXIT command was specified, but did not fall in the supported range. Numbers below zero and above 99 are not supported. CKF359I Unable to dump master catalog, see other messages Severity: 08 Explanation: The program terminates without having dumped the master catalog as requested. For the cause, look back for DAIRFAIL messages, for instance IKJ56866I FILE ddname ALLOCATED NOT DATA SET, CONCURRENT ALLOCATIONS EXCEEDED. Also look for CKF297I at the bottom to see if the number of DDnames might be the problem. Occurrence of CKF298I may also point to a TIOT size problem. CKF361I Signature verification action for volser dsn(mem) Severity: 00 Explanation: Signature verification was requested by the SIGVER=YES parameter and the module named in the library either failed verification (action=fails) or passed verification (action=success). User response: If the verification failed, look for operator messages ICH44x or run a newlist type=smf report and select on type=80, event=86(1:7) to obtain additional information about the failure. Some possible causes for failure are: v The module has a bad signature. v The module has no signature but the RACF profile for the program requires a signature. v The module has a valid signature but the certificate chain is not valid. CKF362I SIGVER=YES is invalid on a system that does not support signature verification Severity: 12 Explanation: Signature verification, requested by the SIGVER=YES parameter, cannot be performed on the current system because the system on which CKFCOLL is running does not support signature verification. User response: Remove the SIGVER=YES parameter and rerun the CKFCOLL job. CKF372I Running an unsupported version vv.rr.mm of z/OS, results are unpredictable - please upgrade Severity: 04 Explanation: This message indicates that zSecure is being run on an operating system level that it is not supported on. The results are unpredictable. Upgrade zSecure to the proper version. Chapter 2. CKF Messages 51 CKF375I Unexpected IEFPRMLB result, RC hexrc RSN hexreason Severity: 08 Explanation: The IEFPRMLB service unexpectedly returned the indicated return and reason codes. This can result in missing information about parmlib concatenations activated after IPL. Contact IBM Software Support. CKF376I Parmlib data set dsname not found on volume volume Severity: 04 Explanation: The parmlib data set indicated was not found on the volume where it was expected. No attempt is made to restore it, and further processing for this data set is skipped. CKF377I Exactly one DD/DDPREF/DSN/DSNPREF keyword should be specified Severity: 12 Explanation: A CHECK= statement was read, which did not specify YES/NO, and did not contain a single keyword DD, DDPREF, DSN or DSNPREF. Fix your command parameters, and retry the job. CKF378I TCP/IP stack configuration data cannot be collected on this z/OS level Severity: 00 Explanation: zSecure Collect can only collect TCP/IP stack configuration data for systems running z/OS V1R11 or higher. User response: If you are running zSecure on a z/OS system that is V1R10 or lower, you can prevent this message by making sure that the zSecure Collect TCPIP parameter is set to NO. For information about setting this parameter, see the zSecure Collect Appendix in IBM Security zSecure Admin and Audit for RACF: User Reference Manual. CKF379I Unexpected abend during LISTCAT of DSNPREF=dsnpref Severity: 12 Explanation: This message indicates a failure to locate data set names matching the indicated prefix in the catalog; an abend was encountered. This CHECK statement will be ignored. If you think the program should have found data sets, contact IBM Software Support. CKF380I Unexpected return code nn dec during LISTCAT of DSNPREF=dsnpref Severity: 12 Explanation: : This message indicates a failure to locate data set names matching the indicated prefix in the catalog. This CHECK statement will be ignored. If you think the program should have found data sets, contact IBM Software Support. CKF381I No matching data sets for CHECK statement Severity: 08 Explanation: No data sets were found that matched the statement indicated. If you think the program should have found data sets, contact IBM Software Support. CKF382I DD/DDPREF do not support DSORG= Severity: 12 Explanation: Additional DSORG selection is not supported in combination with the DD and DDPREF keywords on the CHECK statement. Fix your command parameters, and retry the job. 52 Version 1.12: Messages Guide CKF383I DD ddname concatenations with tape data sets are not supported Severity: 12 Explanation: The ddname indicated is a concatenation that contains at least one tape data set. This is not supported. Split the concatenation in such a way that each DD statement contains either a concatenation of DASD data sets, or a single tape data set, and retry the job. CKF384I DD ddname checksum of a single member is not supported Severity: 12 Explanation: The indicated ddname contains the allocation of a single member of a PDS(E). This is not supported. Remove the member specification from the allocation statement, and retry the job. A checksum will be computed for all members of the PDS(E) and as well as for the data set in its entirety. CKF385I Using SAF class class for resource checks Severity: 00 Explanation: The resource class indicated is the one previously configured in the Site module, see Appendix A: The Site module in IBM Security zSecure CARLa-Driven Components: Installation and Deployment Guide. CKF386I IFAQUERY return area too small. Omitted nnn log stream records. Severity: 08 Explanation: Even after passing the required length in a second call, there is still not sufficient space to store the SMF log stream data. Contact IBM Software Support. CKF387I Unexpected return code from IFAQUERY. SMF log stream information is not collected. rc=hhhhhhhhhhh hex rsn=hhhhhhhhhhh hex Severity: 12 Explanation: Failure to obtain SMF log stream data. Contact IBM Software Support. CKF388I Unexpected IXGQUERY RC xxxxxxxx hex reason yyyyyyyy hex; data sets will be missing for stream name. Severity: 08 Explanation: This message indicates failure to obtain information from a successfully connected SMF log stream. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Please contact IBM Software Support. CKF389I Unexpected IXGQUERY RC xxxxxxxx hex reason yyyyyyyy hex; data sets will be missing for stream name. Severity: 08 Explanation: This message indicates failure to obtain information from a successfully connected SMF log stream. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Please contact IBM Software Support. CKF390I Unexpected IXGCONN disconnect RC xxxxxxxx hex reason yyyyyyyy hex for stream name Severity: 04 Explanation: This message indicates failure to disconnect from a successfully connected SMF log stream. Contact IBM Software Support. Chapter 2. CKF Messages 53 CKF391I type abend code-reason (explanation) during IXGCONN connect for stream name Severity: 08 Explanation: This message indicates failure to connect to an SMF log stream. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Contact IBM Software Support if you cannot resolve the abend. CKF392I Unexpected log stream DSN format dsname for stream name Severity: 08 Explanation: This message indicates the log stream data set name format is not recognized and hence not further analyzed. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Contact IBM Software Support. CKF393I Unexpected RC nn dec during LISTCAT of "level" for stream name Severity: 08 Explanation: This message indicates a failure trying to find any VSAM cluster names for log stream data sets. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Contact IBM Software Support. CKF394I type abend code-reason (explanation) during LISTCAT of "level" for stream name Severity: 08 Explanation: This message indicates a failure while trying to find VSAM cluster names for log stream data sets. Data set names backing this log stream will be missing from sensitive data and trust analysis reports. Contact IBM Software Support if you cannot resolve the abend. CKF395I An unexpected return code was received from IEFSSREQ SSI=54. Subsys=jjjj, R15=nn, SSOBRETN=ss. Severity: 08 Explanation: An IEFSSREQ request type 54 for subsystem jjjj ended with nn for Register 15 and ss for the SSOBRETN field, where: v jjjj is the name of the subsystem that is queried. v nn is the value of R15 returned from IEFSSREQ. v ss is the value of the SSOBRETN field returned by IEFSSREQ. If this error occurs, a record containing the results of the IEFSSREQ SSI=54 has not been written to the CKFREEZE data set. If you are running z/OS version 1.8 or later, this error can also result in additional errors related to JES2 exit processing. In order to process these exits, the zSecure Collect program CKFCOLL must know whether JES2 dynamic exits are supported. Normally, the call to IEFSSREQ returns information about the JES2 level which is used to determine whether the JES2 dynamic exits are supported. If this information is not returned, CKFCOLL might not be able to determine whether JES2 dynamic exits are supported and so might produce errors when processing the exits. User response: This error might be caused by running zSecure on an operating system that is not supported, or by recent maintenance to that operating system that might have affected the IEFSSREQ service. For further information about the error, see the documented return code values for IEFSSREQ and SSOBRETN in z/OS MVS Using the Subsystem Interface SA22-7642. If you cannot resolve the problem, contact IBM Customer Support. 54 Version 1.12: Messages Guide CKF398I GetProfile NMI error with TCP/IP stack name: rc return code (hex), reason reason code (hex) Severity: 08 Explanation: Contact IBM Software Support. CKF399I Could not action amount of storage to read TCP/IP stack name configuration Severity: 08 Explanation: If action=obtain, zSecure Collect does not have enough storage available to read the configuration data of TCP/IP stack name. Allocate a larger region for the zSecure Collect run to avoid this problem. If action=release, zSecure could not release the storage used to read the TCP/IP stack. An internal processing problem might have occurred. Messages from 400 to 499 CKF4xxI message Severity: 00 Explanation: These messages are issued as the result of debugging commands that are not described in this manual. Messages from 500 to 599 CKF500I INDD, OUTDD, and ERRDD only valid in PARM string type "value" at ddname line number Severity: 16 Explanation: The INDD, OUTDD, and ERRDD parameters can be used only as calling parameters (the PARM keyword in JCL), and cannot be used as commands in an input file. CKF501I TCP/IP stack images cannot be retrieved. GETIBMOPT: RC=xxxxxxxx ERRNO:yyyyyyyy Severity: 08 Explanation: This message is triggered by a failure at the EZASMI call with function GETIBMOPT, where xxxxxxxx is the return code and the yyyyyyyy indicates the error number. User response: Complete these steps: 1. Convert the hexadecimal value that is supplied as the ERRNO return code from hexadecimal format to decimal format. For example, hexadecimal value ERRNO=000027EA converts to decimal value 10218. 2. Go to the z/OS information center for your version of z/OS: z/OS V1R11.0 information center http://publib.boulder.ibm.com/infocenter/zos/v1r11/index.jsp z/OS V1R10.0 information center http://publib.boulder.ibm.com/infocenter/zos/v1r10/index.jsp 3. Click Communications server. 4. Expand IP Sockets Application Programming Interface Guide and Reference > Appendixes > Appendix B. socket call error return codes > Additional return codes. 5. Click Sockets extended ERRNOs. 6. Locate the explanation for the corresponding decimal value in the list of error codes. You can also look up the error codes in the Communications Server IP Sockets Application Programming Interface Guide and Reference (SC31-8788-xx). Chapter 2. CKF Messages 55 CKF553I POINT RPL type dev volume datacomponent rc=nn reason=nnnn Severity: 8 Explanation: This messages indicates an unexpected return code and reason code (in decimal) from the VSAM POINT macro. CKF554I IFAQUERY return area too small. Omitted SMF Flood policy records. Severity: 8 Explanation: A second call was issued to pass the required length needed to store the SMF flood policy data, but the space is not sufficient to store the data. Contact IBM Software Support. CKF555I CKF555I Unexpected return code from IFAQUERY. SMF flood policy information will be missing. rc=hhhhhhhhhhh hex rsn=hhhhhhhhhhh hex Severity: 12 Explanation: The SMF flood policy data could not be returned because the available space is too small. Contact IBM Software Support. Messages from 700 to 799 CKF700I Internal error: CKFALLOC called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 700 will be issued. Contact IBM Software Support. CKF701I CKFAXCP: data areas too large, on dev volume - user abend 701 Severity: 28 Explanation: This message indicates an internal error: the data areas requested by the channel program passed to the I/O driver are too large. User abend 701 will be issued. Contact IBM Software Support. CKF702I I/O routine type abend xxx-nn (explanation)on dev volume - user abend 702 Severity: 28 Explanation: This message indicates an internal error: the data areas requested by the channel program passed to the I/O driver are too large. User abend 702 will be issued. Contact IBM Software Support. CKF703I CKFCAT called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 703 will be issued. Contact IBM Software Support. CKF704I Internal error: BCS bcsvol on IOXC ioxcvol-key Severity: 24 Explanation: This message indicates a serious internal error. The catalog will be skipped. Contact IBM Software Support. 56 Version 1.12: Messages Guide CKF705I Internal error: CKFPATH called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 705 will be issued. Contact IBM Software Support. CKF706I CKFPDS(E) called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 706 will be issued. Contact IBM Software Support. CKF707I Internal error: PDS on wrong IOXC Severity: 24 Explanation: This message indicates a serious internal error. The PDS will be skipped. Contact IBM Software Support. CKF708I CKFSCHED Internal error: hung I/O executor Severity: 24 Explanation: This message indicates a serious internal error. A user abend 708 will be issued. Contact IBM Software Support. CKF709I Internal error: CKFVTOC called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 709 will be issued. Contact IBM Software Support. CKF710I Internal error: CKFVVDS called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 710 will be issued. Contact IBM Software Support. CKF711I FREEMAIN for 4K SQA at address xxxxxxxx failed with return code nn hex after I/O on dev volumeuser abend 711 Severity: 28 Explanation: This message indicates that zSecure Collect failed to free its 4KB SQA area at the specified address. To prevent further SQA pollution, the program issues a user abend 711. Contact IBM Software Support. CKF712I Unexpected GETMAIN return code nn hex Severity: 24 Explanation: This message indicates that zSecure Collect failed to obtain a page-aligned work area for the VM DIAGNOSE buffers. No diagnose will be issued. Contact IBM Software Support. CKF713I Unexpected PGSER/PGFIX return code nnn hex Severity: 24 Explanation: This message indicates that an unexpected return code was encountered for the PGFIX (non-XA) or PGSER (XA) service. Contact IBM Software Support. Chapter 2. CKF Messages 57 CKF714I Unexpected PGSER/PGFREE return code nnn hex Severity: 24 Explanation: This message indicates that an unexpected return code was encountered for the PGFREE (non-XA) or PGSER (XA) service. Contact IBM Software Support. CKF715I CKFAXVM recovered from unexpected type abend xxx-nn (explanation) Severity: 24 Explanation: This message indicates that an unexpected abend was encountered during VM diagnose processing. VM information may be missing. Contact IBM Software Support. CKF716I CKFAXVM internal error: AXVM pointer xxxxxxx at address xxxxxxxx invalid Severity: 24 Explanation: Contact IBM Software Support. CKF717I CKFCAT invalid VSAM data set type type Severity: 24 Explanation: This message indicates a serious internal error. Contact IBM Software Support. CKF718I CKFTMC called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 718 will be issued. Contact IBM Software Support. CKF719I Internal error: type on wrong IOXC Severity: 24 Explanation: This message indicates a serious internal error. The type data set (TMC/VMF/ABR) will be skipped. Contact IBM Software Support. CKF720I CKFDSN called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 720 will be issued. Contact IBM Software Support. CKF721I Internal error: type on wrong IOXC Severity: 24 Explanation: This message indicates a serious internal error. The indicated type of data set (DMSU for DMSUNL, PDSE for PDS/E directory, or PDSM for AUTHLIB) will be skipped. Contact IBM Software Support. CKF722I CKFDMSF called in invalid state Severity: 24 Explanation: This message indicates a serious internal error. User abend 722 will be issued. Contact IBM Software Support. 58 Version 1.12: Messages Guide CKF723I Internal error: type on wrong IOXC Severity: 24 Explanation: This message indicates a serious internal error. The data set of type type will be skipped. The type can be DMSF for DMSFILES. Contact IBM Software Support. CKF724I CBVER RESET missed for ID=cccc at CBVER ID=cccc CKF724I Missing CBVER RESET after proc Severity: 24 Explanation: This message indicates a serious internal error. Contact IBM Software Support. CKF725I Internal error: unexpected concatenation after type device volume dataset Severity: 24 Explanation: This message indicates a serious internal error. Contact IBM Software Support. CKF726I Internal error: ADDDD called for concatenation with tape Severity: 24 Explanation: This message indicates a serious internal error. Contact IBM Software Support. Messages from 900 to 999 CKF900I debug message Severity: 00 Explanation: This debug message is only relevant for IBM Software Support and is not present in any Generally Available version of the software. CKF906I Type abend xxx-nn (explanation) reading REAL storage identifier Severity: 04 Explanation: This error message indicates that an abend occurred during an attempt to obtain information from real storage. If the identifier is LST, this indicates that one of the Linkage Second Tables could not be read (in its entirety). Program Call reports based on this data will not be complete. CKF907I DYNALLOC trace: SVC 99 return code nn - meaning Severity: 00 Explanation: This message is issued because of DEBUG or because of a failed SVC99 where DAIRFAIL did not return a message text. It has continuation lines detailing the individual text units contents after SVC 99 (DYNALLOC) completion. CKF910I HLLENQ status report identifier Severity: 00 Explanation: These messages are issued in response to DEBUG. Chapter 2. CKF Messages 59 CKF911I service RC=rc hex RSN=rsn hex [for qname-scope rname]: explanation Severity: 00 Explanation: A call to the indicated service (either ENQ or ISGENQ) did not complete with RC=0. This message does not necessarily indicate a need for action, for example, an APF authorized program can issue an ENQ against the unauthorized QNAME CKRDSN. Hence, this message should be considered informational only. CKF912I STIMERM error: explanation Severity: 24 Explanation: Contact IBM Software Support. CKF913I Serialization could not obtain all ENQs Severity: 16 Explanation: The program could not obtain ENQs on all requested resources, and cannot continue. The resource for which no ENQ could be obtained has been identified in a preceding message CKF911I. CKF913I Serialization encountered a serious error Severity: 16 Explanation: The program attempted to obtain ENQs on all requested resources, but encountered an unexpected condition. The run cannot continue. Look for a preceding message CKF911I to identify the exact cause of the failure. CKF913I Serialization has obtained all ENQs Severity: 00 Explanation: The program successfully obtained ENQs for all requested resources. CKF913I Serialization starts waiting for ENQs Severity: 04 Explanation: The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. The program will wait for the remaining resources to become available. Look for a preceding message CKF911I to identify the resources that were not immediately available. CKF913I Serialization WAIT timed out Severity: 16 Explanation: The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. After waiting for the number of minutes specified on the MAXWAIT subparameter of the SERIALIZATION command, one or more required resources were still unavailable. The program gives up and aborts the run. Look for a preceding message CKF911I to identify the unavailable resources. CKF914I Multiple HLLQENQ ACTION=xxx,ID=id calls without an intervening HLLQDEQ ID=id or HLLQDEQ ALL are not supported Severity: 24 Explanation: Contact IBM Software Support. CKF915I UNIX write record nn failed RC nn [meaning] reason qqqq rrrrx [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1WRV call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return 60 Version 1.12: Messages Guide codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. CKF919I Record with negative length length directed to ddname behind record recno Severity: 24 Explanation: An invalid record was passed to the output routine. An empty record has been written instead. Contact IBM Software Support. CKF923I Input from a TSO/E terminal is not supported - DD ddname Severity: 20 Explanation: Input from a TSO/E terminal in line mode is not supported. CKF924I DD ddname DSN dsn invalid block size: blksize Severity: 16 Explanation: After ddname has successfully been opened (using OPEN), its DCB must indicate a positive block size unless ddname is a DUMMY device. CKF925I Member member DDname ddname DSname dsn Problem description Severity: 08 Explanation: The program received a non-zero return code from the FIND SVC when trying to locate the indicated member. The problem description on the second line gives the exact nature of the problem. CKF931I or CKV931I proc: Buffer overrun - destinationlength sourcelength:data Severity: 24 Explanation: A buffer overrun occurred in the format procedure proc. This message will be followed by a user ABEND 931. Contact IBM Software Support. CKF942I or CKV942I Environment mismatch for product code code Severity: 00 Explanation: This message indicates that while code for the product code identified was installed, it is not running in its proper environment. For instance, some product codes are limited to UNIX tasks under z/OS, some to non-UNIX tasks under z/OS, and some to z/VM. CKF944I or CKV944I UNIX type close RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1CLO call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes, the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to look up other return and reason codes. The type can be 'wronly' or 'rdonly'. CKF945I or CKV945I UNIX action failed RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1OPN or BPX1FCT call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. Chapter 2. CKF Messages 61 The action can be wronly open, fcntl filetag, or rdonly open. CKF947I or CKV947I Reading filedesc off failed RC nn [meaning] reason qqqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1RED (UNIX read) call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. CKF948I or CKV948I Enablement information corrupt for product code code Severity: 16 Explanation: This message shows a problem with product installation or entitlement. User response: Contact your system programmer to verify successful installation. CKF949I or CKV949I Product code code installed and non-APF registration limit exceeded Severity: 00 Explanation: This message is issued for products that are installed but cannot be registered because the MVS limit for product registration by non-APF programs has been exceeded. CKF950I or CKV950I Code not installed here for product code code Severity: 16 Explanation: This indicates that you are attempting to run functionality for a product that is not installed here. CKF955I or CKV955I program task heap STORAGE REQUEST ERROR: SIZE NOT POSITIVE Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKF963I or CKV963I Ambiguous name "value" Severity: 16 Explanation: This message indicates that an ambiguous abbreviation was entered, i.e. two or more different keywords could be meant by the abbreviated value. Specify the keyword intended in more detail. CKF964I or CKV964I MEMBER NAME REQUIRED FOR WRITES TO PDS(E) DATA SET dsn Severity: 16 Explanation: This message indicates that a member name is required, but not specified, for the indicated data set. CKF967I or CKV967I RECFM=F INVALID FOR LRECL=X,RECFM=VBS PREFERRED DATA SET dsn Severity: 16 Explanation: This message indicates that a RECFM=F data set was encountered on a file that is to receive variable spanned unlimited length records by preference. Although downward compatibility is maintained to non-spanned and limited-record length records, the code cannot write RECFM=F records. 62 Version 1.12: Messages Guide CKF968I or CKV968I IFAEDDRG failed RC nn decimal Severity: 16 Explanation: This message indicates that an attempt to register a previously registered product failed. User response: Contact IBM Software Support. CKF969I or CKV969I I/O error: description Severity: 08 Explanation: This message indicates that an I/O error occurred during normal QSAM or BSAM input processing. Operation will be continued, but an abend or other error message may follow because of the information missing due to the I/O error. CKF970I or CKV970I program task heap FREE STORAGE ERROR: message Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKF971I or CKV971I Maximum length for this field is len at file line n Severity: 16 Explanation: The input contains a multiple-line string that is too long. The maximum length for the string is indicated in the message. CKF972I or CKV972I Enablement information missing for product Severity: 16 Explanation: This message indicates that the product cannot run because the load module is not complete. User response: Contact your system programmer to complete installation of the product. CKF973I or CKV973I IBM Tivoli product code code disabled or not installed Severity: 16 Explanation: This indicates that you are attempting to run functionality for a product that is not installed here, or it is disabled for this system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKF974I or CKV974I IBM Tivoli product disabled or not installed here for requested focus Severity: 16 Explanation: Either the product is not installed here, or the requested focus is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKF975I or CKV975I IBM Tivoli product disabled or not installed Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. Chapter 2. CKF Messages 63 User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKF976I or CKV976I Code or enablement for product product or feature is missing Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKF976I or CKV976I IBM Tivoli <product or feature> disabled or not installed here Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKF977I or CKV977I Installed PRODUCT OWNER('IBM CORP') ID(id) NAME('name') FEATURE('feature') VER(version) REL(release) MOD(modification) Product action RC 0 decimal Severity: 00 Explanation: This message is issued for products that are installed. The return code is for IFAEDREG, documented in the manual "MVS Product Registration." No return code is shown if the product is not being registered (because of CKF979I, for example). action can be "registration" or "status". CKF978I or CKV978I Product code code has been disabled in PARMLIB Severity: 00 Explanation: This message is issued for products that have been disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name by an entry in IFAPRDxx in your z/OS PARMLIB. User response: Run the product somewhere else, or ask your system programmer for enablement. CKF979I or CKV979I Product code code implied by other Severity: 00 Explanation: This message is issued for products that are not being registered because their entitlement is implied by a more encompassing entitlement. CKF980I Type abend xxx-nn (explanation) trying to access fieldname in jobname Severity: 04 Explanation: This error message indicates that an abend occurred during an attempt to obtain the specified field through cross-memory services. A common cause has its own message text with the same message number. CKF980I Omitted fieldname because address space jobname swapped out Severity: 04 Explanation: This error message indicates that an 05D abend occurred during an attempt to obtain the specified field through cross-memory services. This means the address space was swapped out. CKFCOLL does not currently cause swap-in of other address spaces (to prevent bogging down the system with swap-in requests). Usually production systems have the address spaces that CKFCOLL wants to see defined as nonswappable. So you will most often see this message on test systems, or on production systems for test-subsystems (for example, test DB2). For the 64 Version 1.12: Messages Guide purpose of auditing PC calls, it useful to know that the PC call is also unavailable to the user while the address space is swapped out. CKF981I or CKV981I Invalid type "value" Severity: 16 Explanation: This message indicates that the text value is not a valid value in the context type. CKF982I or CKV982I Internal error: unknown error code at ddname line number Severity: 16 Explanation: The input parser error routine encountered an invalid error code. Contact IBM Software Support. CKF983I or CKV983I Expecting list separator/terminator instead of type"value" at ddname line number Severity: 16 Explanation: This message indicates that the input parser expected a list separator or terminator for the current list (this can for instance be a comma, blank, or end-of-line, depending on the context). Instead, it encountered the indicated token type type(and text value, if available). The input parser skips all input until it encounters a valid list separator or terminator for the current list. CKF984I or CKV984I Invalid type list element type type "value" at ddname line number Severity: 16 Explanation: This message indicates that the input parser expected a list element of the specified type, but found a token of a type not supported as a list element in this context. If available, the offending text value is also listed in the message. The input parser skips all input until it encounters a valid list separator or terminator for the current list. CKF985I or CKV985I Required list element/parameter "value" missing at ddname line number Severity: 16 Explanation: This message indicates that the input parser detected a missing required parameter or element in the list at the indicated line. CKF986I or CKV986I Duplicate parameter value at ddname line number Severity: 16 Explanation: This message indicates that the input parser detected a duplicate occurrence of the parameter or list element value at the indicated line. CKF987I or CKV987I Syntax error: type1 expected instead of type2 at "value" on ddname line number Severity: 16 Explanation: This message indicates that the input parser expected a specific token type type1 in the current context. Instead of this, it found the token type type2 (at the text value, if available) on the indicated input line. CKF988I or CKV988I Syntax error: "c" expected instead of type at "value" on ddname line number Severity: 16 Explanation: This message indicates that the input parser expected a specific character "c" (presumably a delimiter) in the current context. Instead of this, it found the token type type (at the text value, if available) on the indicated input line. Chapter 2. CKF Messages 65 CKF989I or CKV989I Unexpected type ["value"] [for element] at ddname line number CKF989I Skipping to EOL at unexpected type ["value"] at ddname line number Severity: 12 Explanation: This message indicates that the input parser expected one of a number of specific token types, but found a different token type instead. If available, the offending text value and the element for which it is read are also listed in the message. The parser will either continue with the next token, or skip directly to the end of the line. CKF991I or CKV991I ESTAE return code rc Severity: 04 Explanation: This message indicates that the program failed to establish an abend exit linkage. CKF993I or CKV993I DIAGNOSTIC DUMP SUPPRESSED FOR program TASK taskname type ABEND xxx Explanation: This message indicates that the program abend exit did not attempt to make a diagnostic summary dump. This is done to prevent recursive abend conditions involving the print file. The task name is PROGRAM for the main task or for the only task in a program. For a multi-tasking program, program might identify one of the subtasks. CKF995I or CKV995I LRECL INVALID; NOT OVERRULED FOR PARTITIONED DATA SET Explanation: This message indicates that the print file open routine detected an invalid record length for the output file. This would have been overruled with a correct length for a Physical Sequential data set, but this is not done for Partitioned Data Sets to prevent making any existing PDS members inaccessible. Subsequent 013 or 002 abnormal ends (abends) can result from the invalid record length. CKF996I or CKV979I MFREE: NO LENGTH FOUND IN BLOCK FOR STACK name Severity: 04 Explanation: This message indicates an internal stack error. It will be followed by a user abend 16. Contact IBM Software Support. CKF997I or CKV997I STACK ERROR - ELEMENT POPPED IS NOT ON TOP OF STACK name Severity: 16 Explanation: This message indicates an internal stack error. It will be followed by a user abend 16. Contact IBM Software Support. CKF998I or CKV998I STACK OVERFLOW FOR STACK tasklevel stackname IN program Severity: 16 Explanation: This message indicates an internal stack error. It is followed by a user abend 16. Contact IBM Software Support. CKF999I or CKV999I STORAGE SHORTAGE FOR TASK taskname HEAP heapname IN program - INCREASE REGION Severity: 16 Explanation: This message indicates that the program needs more storage. If the heap name is LOWHEAP, then the request is for storage below the 16MB line. User response: Look in message CKF034I to determine what region was requested and what was granted to the job step. Increase the REGION value on the JOB or STEP card. It can also be beneficial to use the STORAGEGC command, though this will increase CPU usage. If the problem heap was LOWHEAP, there was not enough storage available below the line. Increasing the REGION might still help, if there was not enough storage above the line so 66 Version 1.12: Messages Guide that LOWHEAP storage was used instead. If there is a true storage shortage below the line, you could reduce I/O parallelism with the PARALLEL option or force the immediate freeing of allocations with the FREE option. Chapter 2. CKF Messages 67 68 Version 1.12: Messages Guide Chapter 3. CKG messages This chapter describes messages issued by the CKGRACF program on the mainframe. The CKGRACF program is part of zSecure Admin. It is used for handling Queued commands (like temporary access), revoke or resume schedules, User data fields and various other functions that require updating RACF profiles. This program is also used by zSecure Visual. The CKG messages have a message prefix in the form CKGnnnI where nnn is the message number. The message identifier is followed by a severity code. The program returns as completion code the highest severity code encountered. The general meaning of the CKGRACF message numbers is as follows: 100-399 400-499 500-599 600-699 700-799 800-899 900-999 Normal message, giving status or summary information. Debugging messages due to a DEBUG command Normal message, giving status or summary information. Error condition during execution. Error during the parsing of input, before any command is executed. Messages issued by architectural subcomponents. Messages issued by architectural subcomponents. The general meaning of the CKGRACF severity codes and hence of the completion code is as follows: 00 Normal message, giving status or summary information. 04 Warning: a condition occurred which may cause the command to have an unexpected effect. For example, a queued command was executed that applied the default password, but the default password had changed during the queuing period. 08 Error condition found during processing. For example, a profile could not be found, or access was denied. 12 Syntax error in command input, or an invalid format of USR data in the RACF database. 16 Entitlement problem or invalid or unsupported files connected to CKGRACF. 20 Unsupported condition found in RACF database, or installation error. 24 Internal error or other unexpected and unsupported condition in CKGRACF detected. Messages are included in subsections, grouped by the hundred message-numbers. Messages from 100 to 199 CKG100I Contents of CKRSITE module: contents Severity: 00 Explanation: This message is printed as the result of a SHOW CKRSITE command. contents displays the relevant portions of the CKRSITE module. © Copyright IBM Corp. 2008, 2010 69 CKG101I Authority requirement for user user is setting Severity: 00 Explanation: This message is printed as the result of an AUTHORITY LIST command. It displays the multiple-authority requirement for user user. CKG102I Authority requirement for user user is the system default (setting) Severity: 00 Explanation: This message is printed as the result of an AUTHORITY LIST command. It displays the system-wide default multiple-authority requirement, which applies to user user. CKG103I field is value Severity: 00 Explanation: This message is printed as the result of a FIELD LIST command. It displays the value of the indicated field. CKG104I No userdata elements with index 'index' found Severity: 00 Explanation: This message is printed as the result of a USRDATA LIST command. It indicates the USR field did not contain entries with the indicated index. CKG105I Userdata with index 'index' is 'value' Severity: 00 Explanation: This message is printed as the result of a USRDATA LIST command. It displays the USRDATA part of one USR entry with the indicated index. CKG106I Starting command: command Severity: 00 Explanation: This message is printed at the start of each command. It displays the next command to be executed. CKG107I Command ended with result code code Severity: code Explanation: This message is issued at the end of a command if it did not end successfully. It displays the command's result code. This result code is the same as documented as CKX return code under Chapter 7, “CKX messages,” on page 381. The command is listed in the previous CKG106I message. CKG108I Serious command error; terminating CKGRACF Severity: 00 Explanation: This message is issued at the end of a command if ended with a result code larger than 8, which indicates a serious processing, RACF, or internal error. CKGRACF command processing is terminated; no further commands will be executed. The command is listed in the previous CKG106I message. CKG109I Please enter new [default] password for user user Severity: 00 Explanation: This message prompts to enter a new password or new default password for user user. 70 Version 1.12: Messages Guide CKG110I Please reenter new [default] password for user user Severity: 00 Explanation: This message prompts to reenter a new password or new default password for user user. CKG111I Highest result code was value Severity: value Explanation: This message is issued after the command processing; it lists the highest command result code of the command stream executed. Each command with a result code other than zero (which indicates success) will have issued message CKG107I. CKG112I No CKGRACF-reserved userdata entries found Severity: 00 Explanation: This message indicates that the LIST command did not find any CKGRACF-reserved USR entries. CKG115I Default password set by author at date time Severity: 00 Explanation: This message indicates a default password was set for the target user. It includes the user who caused the setting to be made, and the date and time it was set. The default password is not included in the message. CKG116I Scheduled type action for schedule on date by user on date time Reason: reason Deleted by user on date time Delete reason: reason Severity: 00 Explanation: This message is printed by the LIST command and lists a single scheduled revoke/resume action. The optional run-on messages indicate the revoke/resume reason, and, for a wiped action, the user that wiped the scheduled action. CKG117I --- Overall revoke/resume status --- Revoke from date Resume from date Severity: 00 Explanation: This message is printed by the LIST command. It is printed after the scheduled actions; the run-on messages list the overall revoke/resume schedule for the user. CKG118I Stopped due to attention Severity: 00 Explanation: This message indicates that CKGRACF was stopped due to an attention. It will only be issued at the end of the command during which the ATTN key was pressed; commands will not be stopped halfway through. CKG119I Command request has been queued Severity: 00 Explanation: This message indicates that a USER REQUEST command for a multiple-authority user ID was queued. The command must be approved by another user before it will be executed. CKG120I User user not resumed due to scheduled actions Severity: 08 Explanation: This message indicates that a USER RESUME command for the indicated user did not resume the user ID, since the scheduled actions for the user indicate the user should be revoked. If the user really should be resumed, use the USER SCHEDULE command to alter the scheduled revoke/resume actions. Chapter 3. CKG messages 71 CKG121I User user set to status after wipe Severity: 0 Explanation: This message indicates that a USER SCHEDULE WIPE command for scheduled actions that applied to past dates caused the indicated user's revoke status to be changed to status (revoked or resumed). This may be due to a changed overall schedule, or because a previous ALTUSER REVOKE or ALTUSER RESUME command was overridden by the scheduled revoke status. CKG122I User user left status after wipe Severity: 00 Explanation: This message indicates that a USER SCHEDULE WIPE command for scheduled actions that applied to past dates did not cause the indicated user's revoke status to be changed; it was left status (revoked or resumed). This may be because the overall schedule has not changed, or because a previous ALTUSER REVOKE or ALTUSER RESUME command agrees with the changed overall schedule. CKG123I User user left revoked after wipe, resumed due to RESUME Severity: 00 Explanation: This message indicates that a USER SCHEDULE WIPE command for scheduled actions that applied to past dates did not cause the indicated user's revoke status to be changed; it was left revoked. However, a subsequent RESUME subcommand in the same USER command will set the user's revoke status to resumed. CKG126I Only PERMIT/CONNECT/REMOVE/DELDSD/RDELETE allowed for ASK/REQ Severity: 08 Explanation: The only supported commands for ASK/REQ (and thus queuing) are PERMIT/CONNECT/REMOVE/ DELDSD/RDELETE. This message is issued if another RACF command is given. CKG127I Failed to lock profile class profile Severity: 08 Explanation: Locking of the specified target profile failed. No profile data can be read; the command can not be executed. CKG128I Error in handling of queued command Severity: 08 Explanation: An error occurred while trying to process the next stage of a queued command. CKG129I Failed to store command Severity: 08 Explanation: Writing a queued command failed. This error can have multiple causes, for example, the profile cannot be written to or the USRDATA field in the profile is full. CKG130I Failed to unlock profile class profile Severity: 12 Explanation: The specified target profile could not be freed. Other programs will not be able to use this profile if it is not unlocked. 72 Version 1.12: Messages Guide CKG131I Error in handling of queued command Severity: 08 Explanation: An error occurred while trying to process the next stage of a queued command. CKG132I No CKGRACF queued command entries found Severity: 00 Explanation: This message indicates that the LIST command did not find any CKGRACF created queued command entries in the profile being listed. CKG133I No CKGRACF schedule data entries found Severity: 00 Explanation: This message indicates that the LIST command did not find any CKGRACF created schedule entries in the profile being listed. CKG135I parameter only valid in PARM string Severity: 12 Explanation: The parameter NOCLOSE, NODUMP or TEXTPIPE is only valid in the parameter string, not in an included file. Messages from 400 to 499 CKG400I message Severity: 00 Explanation: Results from a variety of debugging commands not described in this manual. CKG401I Request=audit: SAF RC (hex) value; RACF RC (hex) value; RACF reason (hex) value Severity: 00 Explanation: This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a RACROUTE REQUEST=AUDIT call. All values are in hexadecimal. CKG402I Checking for level access to class resource Severity: 00 Explanation: This message is due to a DEBUG RACHECK command and indicates the resource name and access level that will be checked. CKG403I Request=type: SAF RC (hex) value; RACF RC (hex) value; RACF reason (hex) value Severity: 00 Explanation: This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a RACROUTE REQUEST= type call. All values are in hexadecimal. CKG404I Request=extract,user: SAF RC (hex) value; RACF RC (hex) value; RACF reason (hex) value Severity: 00 Explanation: This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a RACROUTE REQUEST=EXTRACT call for a user profile. All values are in hexadecimal. Chapter 3. CKG messages 73 CKG405I Request=extract,owner: SAF RC (hex) value; RACF RC (hex) value; RACF reason (hex) value Severity: 00 Explanation: This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a RACROUTE REQUEST=EXTRACT call that attempted to find the profile's owner. All values are in hexadecimal. CKG406I Request=extract,encrypt: SAF RC (hex) value; RACF RC (hex) value; RACF reason (hex) value Severity: 00 Explanation: This message is due to a DEBUG SAFRC command and indicates the SAF and RACROUTE result and reason codes for a RACROUTE REQUEST=EXTRACT,TYPE=ENCRYPT call that attempted to encrypt a password. All values are in hexadecimal. CKG407I ICHEINTY type RC (hex) value; reason (hex) value (explanation) Severity: 00 Explanation: This message is due to a DEBUG ICHEINTY command and indicates the ICHEINTY result and reason codes and a short explanation for a failed ICHEINTY call that attempted to read a profile. All values are in hexadecimal. This message immediately follows CKG661I, which indicates the class and profile name. CKG408I ICHEINTY CKGIWRT write RC (hex) value; reason (hex) value (explanation) Severity: 00 Explanation: This message is due to a DEBUG ICHEINTY command and indicates the ICHEINTY result and reason codes and a short explanation for a failed ICHEINTY call that attempted to write to a profile. All values are in hexadecimal. This message immediately follows CKG662I, which indicates the class and profile name. CKG409I ICHEINTY type delete RC (hex) value; reason (hex) value (explanation) Severity: 00 Explanation: This message is due to a DEBUG ICHEINTY command and indicates the ICHEINTY result and reason codes and a short explanation for a failed ICHEINTY call that attempted to delete a profile. All values are in hexadecimal. This message immediately follows CKG663I, which indicates the class and profile name. CKG410I Request=verify,create: RAF RC (hex) value; RACF RC (hex) value; RACF reason (hex) value Severity: 00 Explanation: This message is issued when DEBUG SAFRC is active. CKG411I Request=verify,delete: RAF RC (hex) value; RACF RC (hex) value; RACF reason (hex) value Severity: 00 Explanation: This message is issued when DEBUG SAFRC is active. CKG415I Checking access for id on class profile Severity: 00 Explanation: This message indicates that the access of a user or group on a resource is being checked. CKG416I RACF profile: class profile Severity: 00 Explanation: This message is issued when DEBUG RACHECK is activated, and contains the matching profile for the RACHECK. 74 Version 1.12: Messages Guide CKG417I user is [not] resource OWNER Severity: 00 Explanation: This message indicates that a user is [not] the owner of the resource indicated by the preceding CKG415I message. CKG418I user is [not] resource HLQ Severity: 00 Explanation: This message indicates that a user ID is [not] equal to the HLQ of the resource indicated by the preceding CKG415I message. CKG419I user is user attribute Severity: 00 Explanation: This message indicates that a user is SPECIAL, OPERATIONS, or AUDITOR. CKG420I user is not SPECIAL(, OPERATIONS, or AUDITOR) Severity: 00 Explanation: This message indicates that a user is not SPECIAL. If read access to the resource was asked, the message also indicates that the user is not OPERATIONS or AUDITOR. The resource is indicated by the preceding CKG415I message. CKG421I user is group attribute in group in the resource group owner chain Severity: 00 Explanation: This message indicates that a user is GROUP SPECIAL, GROUP OPERATIONS, or GROUP AUDITOR in a group in the resource group owner chain. The resource is indicated by the preceding CKG415I message. CKG422I user is not GROUP SPECIAL(, GROUP OPERATIONS, or GROUP AUDITOR) in the resource group owner chain Severity: 00 Explanation: This message indicates that a user is not GROUP SPECIAL in any group in the resource group owner chain. If read access to the resource was asked, the message also indicates that the user is not GROUP OPERATIONS or GROUP AUDITOR in any group in the resource group owner chain. The resource is indicated by the preceding CKG415I message. CKG423I user is group attribute in group in the resource HLQ group owner chain Severity: 00 Explanation: This message indicates that a user is GROUP SPECIAL, GROUP OPERATIONS, or GROUP AUDITOR in a group in the resource HLQ group owner chain. The resource is indicated by the preceding CKG415I message. CKG424I user is not GROUP SPECIAL(, GROUP OPERATIONS, or GROUP AUDITOR) in the resource HLQ group owner chain Severity: 00 Explanation: This message indicates that a user is not GROUP SPECIAL in any group in the resource HLQ group owner chain. If read access to the resource was asked, the message also indicates that the user is not GROUP OPERATIONS or GROUP AUDITOR in any group in the resource HLQ group owner chain. The resource is indicated by the preceding CKG415I message. Chapter 3. CKG messages 75 Messages from 500 to 599 CKG500I Connect revoke/resume is not supported in combination with UNTIL/FOR/LEN Severity: 08 Explanation: The REVOKE, NOREVOKE, RESUME, and NORESUME parameters are not allowed on a CONNECT command for temporary commands (commands with UNTIL/LEN/FOR specified). CKG501I Unable to read connect information Severity: 08 Explanation: CKGRACF was unable to read the connect information of a connect profile. Maybe this profile was garbled. CKG502I class not a valid class for command Severity: 12 Explanation: You tried to specify USER/GROUP/CONNECT for a command command. CKG503I class profile profile for command not found Severity: 08 Explanation: The profile for the command command could not be found, because it was not (properly) specified. For fully qualified generics, check that you specified generic. CKG504I class profile profile for command not found Severity: 08 Explanation: The profile for the command command could not be found, because it was not (properly) specified. CKG505I Failed to parse queued command Severity: 12 Explanation: An already stored queued command could not be parsed during reading. It was changed after queuing. CKG506I CMD subcommand not supported Severity: 12 Explanation: The RACF command you specified for CMD is not supported. CKG507I CMD subcommand parsing error Severity: 12 Explanation: The syntax of the RACF command given to CMD was incorrect. Check the syntax of the command. CKG508I Internal error in IKJPARS Severity: 20 Explanation: An error occurred during parsing of the specified RACF command. Check the syntax of the command. 76 Version 1.12: Messages Guide CKG509I Could not prompt for parameters Severity: 12 Explanation: The RACF command given to CMD needs further input, which could not be given in a noninteractive session. CKG510I ATTN pressed Severity: 12 Explanation: The ATTN key was pressed during the parsing of the specified RACF command. CKG511I Unknown RACF parse error Severity: 20 Explanation: An error was issued during parsing of the RACF command that is unknown to either the parser or CKGRACF. CKG512I FROM not allowed for UNTIL/FOR/LEN Severity: 12 Explanation: The FROM parameters on the PERMIT command are not supported for temporary commands (commands with UNTIL/LEN/FOR specified). Request the reverse commands yourself through CMD AT. CKG513I WHEN is not supported with UNTIL/FOR/LEN Severity: 12 Explanation: Modifying the conditional access list of a profile is not supported for temporary commands (commands with UNTIL/LEN/FOR specified). Request the reverse commands yourself through CMD AT. CKG514I RESET not allowed for UNTIL/FOR/LEN Severity: 12 Explanation: Resetting the access list is not allowed for temporary commands (commands with UNTIL/LEN/FOR specified). Issue the reverse commands through extra CMD commands. CKG515I Only one ID supported for UNTIL/FOR/LEN Severity: 12 Explanation: The ID() parameter for the PERMIT command can only have one ID specified for temporary commands (commands with UNTIL/LEN/FOR specified). Issue multiple CMD commands. CKG516I Access EXECUTE only allowed for classes DATASET and PROGRAM Severity: 08 Explanation: The access level of EXECUTE for the PERMIT command is only allowed with the classes DATASET and PROGRAM. CKG517I Only one userid supported for CONNECT/REMOVE Severity: 12 Explanation: The user ID parameter of a CONNECT or REMOVE command can only have one user ID specified. Issue multiple CMD commands. Chapter 3. CKG messages 77 CKG518I UNTIL/FOR/LEN only allowed with PERMIT/CONNECT/REMOVE, and not with command Severity: 12 Explanation: The only supported commands for UNTIL/FOR/LEN are PERMIT/CONNECT/REMOVE. CKG530I INDD, OUTDD, and ERRDD only valid in the parameter string. Severity: 12 Explanation: An occurrence of INDD, OUTDD, or ERRDD was encountered outside of a PARM string. CKG569I Specified ID id not USER or GROUP Severity: 08 Explanation: The user ID specified on the ACCESS command was neither a user nor a group. The syntax is CKGRACF ACCESS <ID> <CLASS> <RESOURCE>. CKG570I Class class is not active Severity: 00 Explanation: The requested ACCESS is undecided, because the class is not active. Most applications allow access in this case. CKG571I Class class is not defined to RACF Severity: 00 Explanation: The requested ACCESS is undecided, because the class is not defined in the class descriptor table. Most applications allow access in this case. CKG572I RACF is inactive Severity: 00 Explanation: The requested ACCESS is undecided, because RACF is not active. Most applications allow access in this case. CKG573I RACF is inactive and class class is not active Severity: 00 Explanation: The requested ACCESS is undecided, because RACF is not active and the class is also inactive. Most applications allow access in this case. CKG574I RACF is not installed, or has an insufficient level Severity: 00 Explanation: The requested ACCESS is undecided, because RACF was not installed or is not at a sufficient level to support the CKGRACF query. Most applications allow access in this case. CKG575I Unsupported STAT return code. SAF (hex) nn; RACF (hex) nn Severity: 00 Explanation: The requested ACCESS is undecided. A RACSTAT call was done for the class, but the return code has no built-in interpretation. Most applications allow access in this case. 78 Version 1.12: Messages Guide CKG576I Current status: status Severity: 00 Explanation: This message is printed in case of an abend. During command processing, it may be followed by message CKG952I. status gives a rough indication of the program's activity at the time of the abend. CKG577I Current command: command Severity: 00 Explanation: This message is printed in case of an abend, if the abend occurs during command processing. It follows message CKG951I. command indicates the current command being processed. CKG578I class profile contains a TVTOC Severity: 00 Explanation: The ACCESS command issued this unexpected response. CKG579I class profile can contain a TVTOC, but currently does not Severity: 00 Explanation: The ACCESS command issued this unexpected response. CKG580I class profile does not contain a TVTOC Severity: 00 Explanation: The ACCESS command issued this unexpected response. CKG581I New password phrase prepared for RRSF propagation Severity: 00 Explanation: This message notifies the user that CKGRACF concluded that a password synchronization package was in control and required password phrases to be passed in clear text. The only commands that can be synchronized are PWSET PHRASE and PWSET PASSWORD. Password phrases in queued PWSET PHRASE commands are two-way encrypted (hashed) with a fixed key. When such a command is being completed, its password phrase is decrypted and then sent as clear text with ENCRYPT=YES. CKG582I type has level access to class profile Severity: 00 Explanation: This is a response to the ACCESS command. The user or group (type) has access level level to the specified profile in class class. CKG583I class profile is unprotected, protectall in warning mode Severity: 00 Explanation: This is a response to the ACCESS command. The user or group can access the data set freely because there is no generic profile for the specified resource and RACF operates in PROTECTALL(WARNING) mode. A warning message will be issued, but access will be allowed. There is one exception: if there is a discrete data set profile, the resource might in fact be protected. The current ACCESS command does not support discrete data set profiles. Chapter 3. CKG messages 79 CKG584I class profile is protected by protectall fail mode Severity: 00 Explanation: This is a response to the ACCESS command. The user or group cannot access the data set because there is no generic profile for the specified resource and RACF operates in PROTECTALL(FAIL) mode. There is one exception: if there is a discrete data set profile, the resource might in fact be accessible. The current ACCESS command does not support discrete data set profiles. CKG585I class profile is unprotected because of noprotectall Severity: 00 Explanation: This is a response to the ACCESS command. The user or group can access the data set freely because there is no generic profile for the specified resource and RACF operates in NOPROTECTALL mode. There is one exception: if there is a discrete data set profile, the resource might in fact be protected. The current ACCESS command does not support discrete data set profiles. CKG586I class profile protection undecided by SAF, application decides Severity: 00 Explanation: The requested ACCESS is undecided. The class is active but no matching profile was found. Some applications allow access in this case, some do not. CKG587I type is not authorized to class profile Severity: 00 Explanation: This is a response to the ACCESS command. The user or group cannot access the resource. CKG588I type is not authorized to use volume volser Severity: 00 Explanation: This is a response to the ACCESS command. The user or group cannot access the resource. CKG589I type is not authorized to use class profile Severity: 00 Explanation: This is a response to the ACCESS command. The user or group (type) cannot access the resource. CKG590I type is not authorized to open non-cataloged dataset Severity: 00 Explanation: This is a response to the ACCESS command. The user or group (type) cannot access the resource because of the CATDSNS setting. CKG591I type is not authorized when system is in tranquil state Explanation: This is a response to the ACCESS command. The user or group (type) cannot access the resource because the system is in MLQUIET tranquilized state. CKG592I type has EXECUTE access to class profile Severity: 00 Explanation: This is a response to the ACCESS command. Generally you will not see this message. 80 Version 1.12: Messages Guide CKG593I class profile seclabel not dominated by user Severity: 00 Explanation: This is a response to the ACCESS command. The user or group (type) cannot access the resource because the resource has a seclabel that is not dominated by the user. CKG594I class profile seclabel cannot be dominated by user Explanation: This is a response to the ACCESS command. The user or group (type) cannot access the resource because the resource has a seclabel that is not dominated by the user. CKG595I class profile required seclabel missing Severity: 00 Explanation: This is a response to the ACCESS command. The user or group (type) cannot access the resource because either the resource or the user has a seclabel and the other does not. CKG596I REQUEST=VERIFY was failed by exit Severity: 00 Explanation: This is a response to the ACCESS command. Access checking failed because a site exit prevented a security environment to be established for CKGRACF. CKG597I type has been revoked Severity: 00 Explanation: This is a response to the ACCESS command. Access checking failed because a security environment cannot to be established for CKGRACF. This happens because the user is currently revoked. CKG598I type has insufficient or no seclabel Severity: 00 Explanation: This is a response to the ACCESS command. Access checking fails because a security environment cannot to be established for CKGRACF. This happens because the user seclabel is missing or insufficient. CKG599I Unsupported AUTH return code: SAF RC (hex) nn; RACF RC (hex) nn; RACF reason (hex) nn; Class class; Profile profile Severity: 00 Explanation: This is a response to the ACCESS command. It is a catchall message for SAF and RACF return codes that are not interpreted into text messages by CKGRACF. Messages from 600 to 699 CKG600I Profile class profile not found Severity: 08 Explanation: The indicated profile was specified as the target of the current command, but does not exist. The current command cannot be performed. Use DEBUG RACROUTE to view the RACROUTE return codes; message CKG404I (for USER profiles) or CKG405I (for all other profile types) indicates the RACROUTE,REQUEST=EXTRACT return codes. Chapter 3. CKG messages 81 CKG601I Owner of profile class profile (ID=owner) not found Severity: 04 Explanation: The owner of the indicated profile is owner; this is neither a user ID nor a group ID. This indicates an error in the RACF database; run the VERIFY PERMIT command. CKG602I Profile class profile leads to owner loop Severity: 20 Explanation: The owner of the indicated profile is a group whose owner tree leads to a loop. This indicates an error in the RACF database; run the VERIFY GROUPTREE command. CKG603I Scope profile too long for class profile Severity: 08 Explanation: The scope resource name for the indicated profile cannot be constructed, since it would be over 255 characters. The scope check for the indicated profile will always fail. This can be solved by simplifying the group tree structure in your RACF database. CKG604I Access access to command resource class resource denied for command at file line n Severity: 08 Explanation: Access to the command at input file file, line n, required access access to the command resource resource. Access was denied; the command will not be executed. CKG605I Profile class profile not in scope for command at file line n Severity: 08 Explanation: Access to the target profile class profile for the command at input file file, line n, was denied after both the SCP profiles had been checked. The command will not be executed. To determine the cause of this message, you can use the "Show CKGRACF command flow" in SETUP TRACE when in IBM Security zSecure Admin and Audit for RACF, or use the CKGRACF DEBUG command directly. This will show the access checks that are performed, so that you can examine the situation, and possibly request additional authorities. CKG606I Access to userdata failed for class profile and index 'index' for command at file line n Severity: 08 Explanation: Access to the USR entries with the indicated index of the target profile class profile for the command at input file file, line n, was denied. The USRDATA command will not be executed. CKG607I type password occurs in password history Severity: 08 Explanation: The new password or new default password specified by type occurs in the user's password history. No new password or default password will be set. CKG608I Open failed for imbedded member member of file ddname dataset dsname Severity: 12 Explanation: This message indicates that an INCLUDE or IMBED command was given for a member, but the member could not be opened in the data set allocated to the file. Review the job log for a MVS/DFP message or abend code. 82 Version 1.12: Messages Guide CKG609I Open failed for imbedded file ddname dataset dsname Severity: 12 Explanation: This message indicates that an INCLUDE or IMBED command was given for a file, but the file could not be opened. Review the job log for a message or abend code. CKG610I action action for field failed Severity: 08 Explanation: This message indicates that an action for field failed for the FIELD command. CKG611I PWCONVERT command refused - user not SPECIAL Severity: 08 Explanation: This message indicates that a PWCONVERT command was not executed, since the user did not have SPECIAL authority. CKG612I Password for user user is not hashed Severity: 08 Explanation: This message indicates that a PWCONVERT command for target user user was not executed, since the target user's current password was not hashed. CKG613I Could not convert password for user user Severity: 08 Explanation: This message indicates that a PWCONVERT command for target user user was not executed, since the target user's de-hashed password could not be encrypted using the installation's encryption method. This may be due to the installation's password-encryption exit ICHDEX01 or ICHDEX11. Use DEBUG SAFRC to view the RACROUTE return codes; message CKG406I i indicates the RACROUTE encryption return codes. CKG614I RDELETE command refused - user not SPECIAL Severity: 08 Explanation: This message indicates that an RDELETE command was not executed, since the user did not have SPECIAL authority. CKG615I Command action invalid for user user with 'authority' requirement; command at file line n Severity: 08 Explanation: This message indicates that a USER command was used with a queued-command action invalid for user with multiple-authority requirement authority. CKG616I No default password found - prompting Severity: 00 Explanation: This message indicates that a USER PWSET DEFAULT command was used and no default password was found. (This may be due to a USER PWDEFAULT DELETE subcommand in the same USER command.) CKGRACF will try to prompt for a new password. If this fails, message CKG618I will be issued. CKG617I Prompting for default password failed Severity: 08 Explanation: This message indicates that a USER PWDEFAULT PROMPT command was used. CKGRACF tried to prompt for a default password, but this failed. This may be due to the user's profile settings, for example, Chapter 3. CKG messages 83 PROFILE NOPROMPT. The USER command will not be executed. CKG618I Prompting for password failed Severity: 08 Explanation: This message indicates that a USER PWSET PROMPT command was used, or that the USER PWSET DEFAULT command was used and no default password was found. CKGRACF tried to prompt for a password, but this failed. This may be due to the user's profile settings, for example, PROFILE NOPROMPT. The USER command will not be executed. CKG619I Could not read previous password Severity: 08 Explanation: This message indicates that a USER PWSET PREVIOUS command was used, but the previous password could not be read. The USER command will not be executed. CKG620I Requested command was already in queue Severity: 08 Explanation: This message indicates that a USER command was used with the REQUEST option, but that the requested command was already in the target command queue. The previously queued command must be completed, denied, or withdrawn before the request can be allowed. Remember that the target profile for CONNECT and REMOVE is the GROUP profile, not the USER profile. CKG620I Requested/asked command was already in queue Severity: 08 Explanation: This message indicates that a USER command was used with the REQUEST or ASK option, but that the requested command was already in the target command queue. The previously queued command must be completed, denied, or withdrawn before the request can be allowed. Remember that the target profile for CONNECT and REMOVE is the GROUP profile, not the USER profile. CKG621I Command not found in queue Severity: 08 Explanation: This message indicates that a USER command was used with the WITHDRAW, SECOND, or COMPLETE option, but that the requested command was not found in the user's command queue or had already been made inactive. CKG622I Could not replace userdata with index 'index': old data not found Severity: 08 Explanation: This message indicates that a USRDATA REPLACE command failed for USR entries with the indicated index; there was no entry with the old value. CKG623I type password not allowed by password rules Severity: 08 Explanation: This message indicates that a new password or new default password indicated by type failed to match any of the system's password rules. The new password or new default password will not be used. CKG624I ABEND in PWDX exit - suppressed from now on Severity: 08 Explanation: This message indicates an abend occurred during the call to the installation's new-password exit ICHPWX01. The exit will not be called again during the current run of CKGRACF. 84 Version 1.12: Messages Guide CKG625I Could not prompt for password Severity: 08 Explanation: This message indicates that a prompt to enter or reenter a new password failed. This can be due to the user's profile settings (for example, PROFILE NOPROMPT). CKG626I Passwords are not identical - prompting again Severity: 00 Explanation: This message indicates that the passwords entered and reentered at the prompt do not match. Another attempt will be made to prompt for a password. Enter an empty password twice to exit the prompting. CKG627I Reason does not fit in USRDATA; truncated Severity: 04 Explanation: This message indicates that the reason field specified with a USER SCHEDULE command to be queued does not fit in the USRDATA repeat-group. The part of the reason that does fit will be included; the rest will be lost. This message can only occur if the active or backup RACF database is non-restructured. CKG628I Action 'requested-action' not allowed; last action 'action'; authority 'setting' Severity: 08 Explanation: This message indicates that the queued-command action requested-action was specified. This action is not allowed after the indicated previous action for a user ID with multiple-authority requirement setting. CKG629I Action 'requested-action' not allowed; you performed 'action' Severity: 08 Explanation: This message indicates that the queued-command action requested-action was specified. This action is not allowed because the user performed the earlier action indicated. Each queued-command command action must be performed by a different user. CKG630I Action not allowed; command has expired Severity: 08 Explanation: This message indicates a queued-command action was specified that is not allowed because the queued command has expired. CKG631I Unknown CKGRACF-reserved entry with index 'index' Severity: 08 Explanation: This message indicates the LIST command encountered an unknown CKGRACF-reserved USR entry with the indicated index. This may be due to settings not made by CKGRACF, or due to settings made with a newer CKGRACF release during, for example, a trial install. These entries can be deleted using WIPE UNDEFINED. CKG632I Could not delete userdata elements with index 'index'. Severity: 08 Explanation: This message indicates the USRDATA command could not delete an USR entry elements with the indicated index. Either no such elements could be found, or the specified USRDATA value for the USR entry did not match. Chapter 3. CKG messages 85 CKG633I Access to schedule 'schedule' denied for command at file line n Severity: 08 Explanation: Access to the indicated schedule was denied for the USER SCHEDULE command. CKG634I Authority setting has a wrong format Severity: 12 Explanation: This message indicates that a multiple-authority setting was encountered that has a wrong format. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use AUTHORITY DELETE or WIPE AUTHORITY to delete the multiple-authority setting from the target user ID; if the error occurs again, contact IBM Software Support. CKG635I Default-password setting has a wrong format Severity: 12 Explanation: This message indicates that a default-password setting was encountered that has a wrong format. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use USER PWDEFAULT DELETE or WIPE DEFAULTPW to delete the default-password setting from the target user ID; if the error occurs again, contact IBM Software Support. CKG636I Wrong length size specified for field 'description' Severity: 08 Explanation: This message indicates that the value specified for the field with the indicated description to be replaced or deleted had the wrong size indicated. The reference for the FIELD command specifies the size that must be used. CKG637I Field 'description' not available. Severity: 08 Explanation: This message indicates that the field with the indicated description to be displayed, replaced or deleted was not available. If this message is not printed as the result of a FIELD command, it indicates an internal error condition; contact IBM Software Support. CKG638I Values for field 'description' do not match Severity: 08 Explanation: This message indicates that the field with the indicated description to be replaced or deleted does not match the value supplied. It is issued as a result of the FIELD command. CKG639I Queued command has a wrong format Severity: 12 Explanation: This message indicates that a queued command was encountered that has a wrong format. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the target user ID; if the error occurs again, contact IBM Software Support. CKG640I Could not encrypt type password for user user Severity: 08 Explanation: This message indicates that a USER command for target user user was not executed, since the new password or new default password (indicated by type) could not be encrypted using the installation's encryption method. This may be due to the installation's password-encryption exit ICHDEX01 or ICHDEX11. Use 86 Version 1.12: Messages Guide DEBUG SAFRC to view the RACROUTE return codes; message CKG406I indicates the RACROUTE encryption return codes. CKG641I type password not allowed by new-password exit Severity: 08 Explanation: This message indicates that a new password or new default password indicated by type was not allowed by the installation's new-password exit ICHPWX01. The new password or new default password will not be used. CKG642I Scheduled action has a wrong format Severity: 12 Explanation: This message indicates that a scheduled revoke/resume action was encountered that has a wrong format. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE SCHEDULE to delete the scheduled actions from the target user ID; if the error occurs again, contact IBM Software Support. CKG643I Press enter twice for no action Severity: 00 Explanation: This message does not indicate an error. It is printed before a password is prompted, and indicates that password prompting can be ended by pressing Enter twice. CKG644I No password entered Severity: 08 Explanation: This message indicates that two empty passwords were entered at the prompt. This ends prompting; since no password was entered, the USER command will not be executed. CKG645I Previous password changed during queuing Severity: 04 Explanation: This warning message indicates that, during the execution of a queued USER PWSET PREVIOUS command, it was discovered that the previous password had changed during queuing. The USER command will apply the previous password as it was when the command was requested and first queued. CKG646I Default password changed during queuing Severity: 04 Explanation: This warning message indicates that, during the execution of a queued USER PWSET DEFAULT or queued USER PWRESET command, it was discovered that the default password had been changed during queuing or (USER PWRESET only) had been deleted during queuing. The USER command will apply the default password as it was when the command was requested and first queued. CKG647I Field "field" is read only Severity: 08 Explanation: An unexpected return code was returned by ICHEINTY. Contact IBM Software Support. CKG648I Password change will not be sent to package partner nodes Severity: 04 Explanation: This warning indicates that the changes made will not be available in RACF nodes synchronized by the indicated subsystems - the only commands that will be synchronized are PWSET PASSWORD and PWSET PHRASE. Chapter 3. CKG messages 87 CKG649I type password prepared for RRSF propagation Severity: 00 Explanation: This messages notifies the user that CKGRACF concluded that a password synchronization package was in control that required passwords to be passed in clear text. The only commands that can be synchronized are PWSET PASSWORD and PWSET PHRASE. Passwords in queued PWSET PASSWORD commands are two-way encrypted (hashed) with a fixed key. When such a command is being completed, its password is decrypted and then sent as clear text with ENCRYPT=YES. CKG650I Encountered timestamp from future date Severity: 12 Explanation: This message indicates that a queued command contained a timestamp from a future date. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support. CKG651I Encountered unknown queued-command code Severity: 12 Explanation: This message indicates that a queued command contained unknown data. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support. CKG652I Encountered unknown queued-command status Severity: 12 Explanation: This message indicates that a queued command contained an unknown status flag. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support. CKG653I No default password available Severity: 08 Explanation: A USER PWRESET command failed because there was no default password available. This can be due to a PWDEFAULT DELETE subcommand in the same USER command, or because there was no default password in the target user's USR field. CKG654I Password in queued command two-way encrypted with unknown method Severity: 12 Explanation: This message indicates that a queued command contained unusable data. This may indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID; if the error occurs again, contact IBM Software Support. CKG661I Could not read profile data from class profile Severity: 08 Explanation: This message indicates that (part of) the indicated profile could not be read. The profile exists but may lack a specific segment. For example, a BINDPW field is addressed but the profile does not have a PROXY segment. Use DEBUG ICHEINTY to view more detailed information. 88 Version 1.12: Messages Guide CKG662I Could not write profile data to class profile Severity: 08 Explanation: This message indicates that the indicated profile could not be updated. This may be because the target profile does not exist, or because the profile has become too large due to many CKGRACF USRDATA entries. Use DEBUG ICHEINTY to view more detailed information. If the profile is too large, consider running a WIPE command possibly followed by re-adding still relevant commands. For information, see the WIPE command documentation in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. If this message is issued for more than one profile, or if it reoccurs on a regular basis, the period during which CKGRACF keeps expired commands in the profiles for auditing purposes might be too long. This setting can be verified with the SHOW CKRSITE command. For information on the SHOW command, see the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. For information on changing the value for the CKRSITE Keep Command parameter, see the IBM Security zSecure CARLa-Driven Components: Installation and Deployment Guide. CKG663I Could not delete profile class profile [ vol(volser) ] Severity: 08 Explanation: This message indicates that the indicated profile could not be deleted. This may be because the target profile does not exist. Use DEBUG ICHEINTY to view more detailed information. CKG664I Profile class profile not found Severity: 08 Explanation: This message indicates that the indicated profile could not be found. Probably the profile does exist; you may have made a typing error. Use DEBUG ICHEINTY to view more detailed information. CKG665I Unable to determine CKGAUTH for class and index "profile" for command Severity: 00 Explanation: The internal multiple authority requirement for the specified profile could not be determined. CKG666I Unable to execute timed temporary command because UNTIL date is already past Severity: 08 Explanation: A temporary command was scheduled for a time period from AT date to UNTIL date, but was not executed before the UNTIL date passed. This command can not be executed anymore, and will be forcibly expired. CKG667I RACF command execution failed Severity: 08 Explanation: A queued command could not be executed during a REFRESH. This could mean that a temporary command will not be undone! Check the profile manually for the failed command. CKG668I Unable to reverse command command Severity: 08 Explanation: The indicated command was to be issued temporarily. However, an attempt to reverse the meaning of the command has failed. Reversal may have to be done manually. CKG669I Internal error in procedure name; reason: reason Severity: 24 Explanation: This message indicates that an internal error occurred. Note the procedure name and, if present, the reason, and contact IBM Software Support. Chapter 3. CKG messages 89 CKG670I Access to racfdata failed for class prefix and index index for command command Severity: 08 Explanation: A racfdata profile does not allow the user to specify a certain RACF parameter or value. The index indicates the parameter. For information on the indices, refer to the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. CKG671I Command already deleted Severity: 04 Explanation: Occurs when multiple identical commands have to be deleted, for example, due to expiration. CKG672I Scheduled event already deleted. Severity: 04 Explanation: This message indicates that a duplicate scheduled event has been deleted. CKG673I IMBED parameters FILEDESC/PATH mutually exclusive with DD/MEM Severity: 12 Explanation: This message indicates that a FILEDESC/PATH parameter has been used in conjunction with a DD/MM parameter. CKG674I Answer to question Qnn hashed with unknown function Severity: 08 Explanation: The answer to question Qnn has an unknown format because it has been hashed with an unknown function CKG675I Question Qnn is question Severity: 00 Explanation: This message shows question nn. CKG676I Authentication by questions failed Severity: 08 Explanation: Some answers are wrong. CKG677I Authentication by questions succeeded Severity: 00 Explanation: All answers are right. CKG678I Could not list question Qnn Severity: 04 Explanation: Question nn cannot be listed because it does not exist. CKG679I Could not delete question Qnn Severity: 08 Explanation: Question nn cannot be deleted because it does not exist. 90 Version 1.12: Messages Guide CKG680I Could not verify question Qnn Severity: 08 Explanation: Question nn cannot be verified because it does not exist. CKG681I User or group profile profile not found Severity: 04 Explanation: The user or group profile profile does not exist. CKG682I Password phrase change will not be sent to package partner nodes. Severity: 04 Explanation: This message indicates that the changes made will not be available in RACF nodes synchronized by the indicated subsystems. The only commands that will be synchronized are PWSET PHRASE and PWSET PASSWORD. CKG683I Password phrase has fewer than minimum characters Severity: 08 Explanation: The password phrase must have at least 9 characters when the new-password-phrase exit (ICHPWX11) is present. The password phrase must have at least 14 characters when ICHPWX11 is not present. CKG684I Password phrase contains more than 2 consecutive characters that are identical. Severity: 08 Explanation: The password phrase must not contain more than 2 consecutive characters that are identical. CKG685I Password phrase must contain at least 2 alphabetic characters. Severity: 08 Explanation: The password phrase must contain at least 2 alphabetic characters, for example, A - Z or a - z. CKG686I Password phrase must contain at least 2 non-alphabetic characters. Severity: 08 Explanation: The password phrase must contain at least 2 non-alphabetic characters, for example, numerics, punctuation, or special characters. CKG687I Password phrase contains the user ID. Severity: 08 Explanation: The password phrase must not contain the user ID as sequential uppercase or sequential lowercase characters. CKG688I ABEND in new-password-phrase exit - suppressed from now on. Severity: 08 Explanation: An abend occurred during the call to the installation’s new-password-phrase exit ICHPWX11. The exit will not be called again during the current run of CKGRACF. Chapter 3. CKG messages 91 CKG689I Password phrase in queued command two-way encrypted with unknown method. Severity: 12 Explanation: A queued command contains unusable data. This might indicate a bug in CKGRACF or that the USR field of the target user ID was altered by a different, incompatible command. Try to use WIPE QUEUE to delete the queued commands from the user ID. If the error occurs again, contact IBM Software Support. CKG690I Could not encrypt new password phrase for user user. Severity: 08 Explanation: A USER command for target user user was not executed, since the new password phrase could not be encrypted. Use DEBUG SAFRC to view the RACROUTE return codes; message CKG406I indicates the RACROUTE encryption return codes. CKG691I New password phrase occurs in password phrase history. Severity: 08 Explanation: The new password phrase occurs in the password phrase history of the user. No new password phrase will be set. CKG692I New password phrase not allowed by new-password-phrase exit. Severity: 08 Explanation: A new password phrase was not allowed by the installation’s new-password-phrase exit ICHPWX11. The new password phrase will not be used. CKG693I RACLINK ID(userid) UNDEFINE(node.id) failed - no association found Severity: 08 Explanation: A user ID association between user userid on the local node and user id on node node was not found in the userid profile. Consequently, the specified association was not undefined. CKG695I There is no server active with SERVERTOKEN=name Severity: 0 Explanation: This message indicates that the CARLa query could have a benefit from accessing the zSecure Server, but did not find an active server with the indicated server token. User response: Verify that the server token is correct in SETUP RUN when running the ISPF user interface. If the token is correct, ensure that the server is still running. Restart the server if it is not running. CKG696I Client connection to server failed RC=decnum Severity: 0 Explanation: This message indicates that the CARLa query could have a benefit from accessing the zSecure Server, but the attempt to contact the server failed with the indicated return code. For example, some fields might have been specified but could not be verified. Return code values: 2 See the prior server-error CKN message. The message is prefixed by the ZSECSYS name of the server. 4 Did not all fit in buffer 8 Unsupported function 12 Caller not authorized as client 16 Parameters not valid 92 Version 1.12: Messages Guide User response: Look for CKN* server messages before this message, and follow their guidance. For return codes greater than 2, search the support site for information on CKR1494 and the indicated return code. Restart the server to see if the problem disappears. Messages from 700 to 799 CKG700I Expected decimal value instead of type "value" at file line number Severity: 12 Explanation: This message indicates that a non-decimal value was encountered where a decimal value was expected. CKG701I Value value (decimal) too large Severity: 12 Explanation: This message indicates that a value was read that is too large to fit in the field. value indicates the value read after conversion to decimal. CKG702I Value value (decimal) less than minimum minimum Severity: 12 Explanation: This message indicates that a value was read that is less than the indicated minimum value for the field. value indicates the value read after conversion to decimal. CKG703I Value value (decimal) larger than maximum maximum Severity: 12 Explanation: This message indicates that a value was read that is larger than the indicated maximum value for the field. value indicates the value read after conversion to decimal. CKG704I Error during 'character' conversion of string string Severity: 12 Explanation: This message indicates an error during the conversion of a string from binary, decimal, or hexadecimal. character indicates the type of conversion attempted; if omitted, an abend occurred during conversion. CKG705I Invalid conversion character 'character' Severity: 12 Explanation: This message indicates that a quoted string was followed by a conversion character not supported by the current command. The only conversion characters supported for the current command are ' X' (convert from hexadecimal) and 'C' (keep case as-is). CKG706I String with length length is longer than expected size size Severity: 12 Explanation: This message indicates that a string was read with the indicated length. The string is too large to fit in the field, which has a maximum size of size. CKG707I Keyword 'keyword' not allowed at file line number Severity: 12 Explanation: This message indicates that a keyword was encountered that was recognized as a valid option for the current command, but is not allowed at the current position. Chapter 3. CKG messages 93 CKG708I Keywords 'keyword one' and 'keyword two' are mutually exclusive at file line number Severity: 12 Explanation: This message indicates that two keywords were encountered that are both valid options for the current command, but that are mutually exclusive. The indicated position is that of the second keyword. CKG709I Class 'class' not allowed at file line number Severity: 12 Explanation: This message indicates that a class was specified that is not allowed with the current command. CKG710I 'string' is not a valid user/groupid, size > 8 Severity: 12 Explanation: This message indicates that a user or group ID was specified that is not valid, since it is more than 8 characters long. CKG711I Invalid profile type 'character' Severity: 12 Explanation: This message indicates that an invalid conversion character was specified with the RDELETE or USRDATA command. Valid conversion characters for either command are 'D' (discrete) and 'G' (generic). Valid conversion characters for the RDELETE command only are 'C' (keep case as-is) and 'X' (convert from hexadecimal). CKG712I Interval value larger than SETROPTS maximum maximum Severity: 12 Explanation: This message indicates that an interval was specified with the USER command that is larger than the system-defined maximum set by the SETROPTS PASSWORD(INTERVAL) command. CKG713I Keyword 'keyword' not allowed in batch or APPC mode Severity: 12 Explanation: The keyword specified is not allowed in batch mode. CKG714I PWDEFAULT default option 'PROMPT' not allowed in batch or APPC mode Severity: 12 Explanation: The default option of the USER PWDEFAULT command is not allowed in batch mode. CKG715I CNG* USRNM values are reserved Severity: 12 Explanation: The USRDATA command was specified with an index value starting with CNG. These indexes are reserved for use by CKGRACF and cannot be accessed using the USRDATA command. CKGRACF settings can be listed using the LIST command. CKG716I Start-date must be earlier than end-date Severity: 08 Explanation: In the USER SCHEDULE command, the start-date specified must be earlier than the end-date specified. 94 Version 1.12: Messages Guide CKG717I Left margin cannot exceed right margin Severity: 12 Explanation: In the MARGINS(x,y) command, x (the left margin) cannot exceed y (the right margin). CKG718I CKGRACF terminated due to input errors Severity: 12 Explanation: Previous messages indicate an error in the program parameters or command input file. CKGRACF does not perform any command if the input is not syntactically correct. Correct the errors and run the program again. CKG719I Schedule date must be today or in the future Severity: 12 Explanation: You specified a past schedule date with a USER SCHEDULE REQUEST command. Requested schedule dates must be today or lie in the future. Note that a date entered in an invalid format may cause this message to be issued, since it is read as zero (01JAN1900). CKG720I Invalid date 'date' Severity: 12 Explanation: The specified date has an invalid format or contains an invalid date. Dates must have the format 01jan2000 (ISO-date) or 2001/365 (Julian date). An invalid date would be to specify February 29 in a non-leap year. CKG721I Discrete dataset profiles not allowed Severity: 12 Explanation: You specified the "D" conversion character for a data set profile with the USRDATA command. The USR field of discrete data set profiles is not supported by CKGRACF. CKG722I Password value must be specified for password request Severity: 12 Explanation: You specified the USER PWSET PASSWORD or USER PWDEFAULT PASSWORD command for a request. In this case, you must specify a password value between parentheses after the PASSWORD option, for example, PASSWORD(SECRET). The password value is only optional for an action other than REQUEST. CKG723I Only option QUEUE or TAG allowed with CLASS class Severity: 12 Explanation: For all classes except USER, only the options QUEUE and TAG are allowed with the LIST command. The QUEUE option will be the default for these classes. CKG724I No command specified for CMD Severity: 12 Explanation: The CMD command could not find any RACF command in its command-line. CKG725I Start-date cannot be earlier than today Severity: 08 Explanation: You specified an AT date on a CMD command that was already past. Chapter 3. CKG messages 95 CKG726I No active commands specified, CKGRACF terminated Severity: 12 Explanation: You didn't specify any active commands on input to CKGRACF. Non-active commands are DEBUG, INCLUDE and SUPPRESS. CKG727I At least one option is required for the command command Severity: 12 Explanation: The command command requires at least one option, which isn't provided. CKG728I PWNO* keywords require an additional keyword Severity: 12 Explanation: This message is issued when PWNOEXIT, PWNOHIST or PWNORULE are defined as the only keywords on a USER command. These keywords require another keyword (for example, PWSET) to be effective and useful. CKG729I Date value 'value' 2-digit year is ambiguous Severity: 12 Explanation: This suppressible message indicates that a 2-digit year was encountered. By default, this is not allowed to prevent any year-2000 related confusion. In case this is a problem for backward compatibility, the message can be suppressed. In this case the 2-digit years are all interpreted as lying in the 20th century (i.e. they are prefixed with 19, being backward compatible). CKG730I Date 'date' is beyond the year 2069 Severity: 04 Explanation: This message is issued when a date beyond the year 2069 has been encountered. Such a late date probably results from a typo. CKG731I Question identifier expected Severity: 12 Explanation: The word, if any, after a QUESTION action (SET, VERIFY, LIST, or DELETE) must be a question identifier Qnn, where nn is a nonnegative integer below 100. CKG732I Password phrase value must be specified for password phrase request. Severity: 12 Explanation: You specified the USER PWSET PHRASE command for a request. In this case, you must specify a password phrase value between parentheses after the PHRASE option, for example, PHRASE('This is a secret'). The password phrase value is only optional for an action other than REQUEST. CKG733I Field field not supported on z/OS v.r and below - field ignored Severity: 04 Explanation: The field field in the USER profile is not supported on z/OS version v release r and below. Reading or setting this field using the CKGRACF FIELD command is ignored. 96 Version 1.12: Messages Guide CKG734I Password string longer than 8 bytes Severity: 12 Explanation: The password entered on a CKGRACF USER PWDEFAULT or CKGRACF USER PWSET command is longer than 8 bytes. RACF only supports passwords with a length smaller or equal to 8 bytes. Choose a shorter password. CKG735I CKGRACF does not run under CMS Severity: 20 Explanation: CKGRACF only runs under z/OS. If this message is shown under z/OS, contact IBM Software Support. CKG736I Invalid multiple-authority requirement value Severity: 20 Explanation: The multiple-authority requirement set in the CKRSITE module is set to the unknown value value. This indicates an error in installation. CKG737I Queued command expiration time (value) larger than auditing period (value) Severity: 20 Explanation: The queued-command expiration time and the auditing period set in the CKRSITE module are in conflict. This indicates an error in installation. CKG738I explanation; RACROUTE REQUEST=STAT returned with SAFRC=safrc RACFRC=racfrc RSNCODE=rsncode Severity: 20 Explanation: The RACROUTE REQUEST=STAT call to determine whether the class set in the CKRSITE module is available, indicates that RACF or the class is not available. explanation contains a human-readable explanation of the return codes shown in the message (in hex). CKG739I RACF >= 1.8 required Severity: 20 Explanation: A RACF version before 1.8 is active. CKGRACF requires RACF version 1.8 or later. CKG740I CKGRACF must run APF-authorized Severity: 20 Explanation: CKGRACF must run APF-authorized. This may for instance be caused by not adding CKGRACF to the TSO authorized command table (AUTHCMD parameter in SYS1.PARMLIB member IKJTSOxx). CKG741I No ACEE could be found from TCB or ASXB Severity: 20 Explanation: CKGRACF could not find an ACEE for the current user. CKG742I Neither CKGPRINT nor SYSTERM allocated and no TSO; CKGRACF terminated Severity: 16 Explanation: This message is printed when CKGPRINT and SYSTERM are not allocated. In this case, CKGRACF is unable to generate any output, and will terminate before parsing or executing any commands. To send the output directly to the TSO terminal, issue the TSO command ALLOC FILE(CKGPRINT) DA(*) before Chapter 3. CKG messages 97 giving the CKGRACF command. You may free CKGPRINT afterwards with FREE FILE(CKGPRINT). CKG743I No SYSTERM allocated Severity: 00 Explanation: This message is issued when SYSTERM is not allocated. All output will still appear on CKGPRINT. CKG744I Profile name contains invalid character character at position position Severity: 12 Explanation: The input string for the profile name is not valid because it contains a character that is not allowed in profile names. CKG745I Password phrase must be enclosed in single quotes. Severity: 12 Explanation: There must be single quotes around the password phrase value in the PWSET PHRASE option, as in PHRASE('This is a secret'). If a single quotation mark is intended to be part of the password phrase, you must use two single quotation marks together for each single quotation mark, as in PHRASE('This is a ''quoted'' secret'). CKG746I Password phrase has more than maximum characters. Severity: 12 Explanation: A password phrase can have at most maximum characters. CKG747I Password phrase has fewer than minimum characters Severity: 12 Explanation: A password phrase must have at least minimum characters. CKG748I UNDEF parameter must be '(NODE_NAME.USERID)' Severity: 12 Explanation: The UNDEF parameter of a USER userid RACLINK UNDEF command was followed by something other than (node.id). Note that there must be no spaces in UNDEF(node.id). There must be a dot (.) between node node and user id. Messages from 800 to 899 CKG841I Severe SRVIN error PC RC=n - issuing user abend 841 Severity: 16 Explanation: While reading from a remote node, an error condition was returned by the Program Call interface of the server. User response: Verify that the server is active, then restart the server and try again. CKG842I SPECPROC returned length out of range R0=xxxxxxx - issuing user abend 842 Severity: 16 Explanation: This message indicates that one of the internal interfaces related to the zSecure Server received an unexpected length and issued an abend. User response: Look for the message on the IBM support site. If no solution is posted, collect SYSPRINT on both the local and remote sides and contact IBM Software Support. 98 Version 1.12: Messages Guide Messages from 900 to 999 CKG904I Unconditional access is required to read from file file vol dsn(member) Severity: 12 Explanation: A data set to which only conditional (PADS) access was granted was requested for SYSIN input. Unconditional read access is needed to read this type of data. The data set is not processed. CKG905I A member name is required to read from file ddname data set dsn Severity: 12 Explanation: An imbed statement was present referring to a PDS(E) data set, but the member to be read from that data set was not specified. Add the correct member to the imbed statement and resubmit the query. CKG907I DYNALLOC trace: SVC 99 return code nn - meaning Severity: 00 Explanation: This message is issued because of a failed SVC99 where DAIRFAIL did not return a message text. It has continuation lines detailing the individual text units contents after SVC 99 (DYNALLOC) completion. CKG915I UNIX write record nn failed RC nn [meaning] reason qqqq rrrrx [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1WRV call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. CKG919I Record with negative length length directed to ddname behind record recno Severity: 24 Explanation: An invalid record was passed to the output routine. An empty record has been written instead. Contact IBM Software Support. CKG931I proc: Buffer overrun - destinationlength sourcelength: data Severity: 24 Explanation: A buffer overrun occurred in the format procedure proc. This message will be followed by a user ABEND 931. Contact IBM Software Support. CKG934I Value value too large Severity: 12 Explanation: This message indicates that the input parser received a numerical value that was too large. The maximum value that can be processed by the input parser is 2147483647. CKG938I Repeated ATTN, enter C(ont) T(erminate) or A(bend) - Explanation: This interactive prompt offers the option to terminate or abend the program after a repeated attention. CKG939I Terminated due to repeated attention Severity: 16 Explanation: Message written if T was selected at the CKR938I prompt. Chapter 3. CKG messages 99 CKG942I Environment mismatch for product code code Severity: 00 Explanation: This message indicates that while code for the product code identified was installed, it is not running in its proper environment. For instance, some product codes are limited to UNIX tasks under z/OS, some to non-UNIX tasks under z/OS, and some to z/VM. CKG944I UNIX type close RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1CLO call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. The type can be 'wronly' or 'rdonly'. CKG945I UNIX action failed RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1OPN or BPX1FCT call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. The action can be 'wronly open', 'fcntl filetag', or 'rdonly open'. CKG947I Reading filedesc off failed RC nn [meaning] reason qqqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1RED (UNIX read) call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. CKG948I Enablement information corrupt for product code code Severity: 16 Explanation: This message shows a problem with product installation or entitlement. User response: Contact your system programmer to verify successful installation. CKG949I Product code code installed and non-APF registration limit exceeded Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that are installed but cannot be registered because the MVS limit for product registration by non-APF programs has been exceeded. User response: CKGRACF should run authorized. CKG950I Code not installed here for product code code Severity: 16 Explanation: This indicates that you are attempting to run functionality for a product that is not installed here. 100 Version 1.12: Messages Guide CKG951I system abend code (desc) trying to load modulemodulett Severity: 08 Explanation: This message indicates a failure to load a module and the reason. Abend 806 means the module could not be found. Abend 306 may mean that a controlled environment was present and the module to be loaded was not program controlled. CKG955I program task heap STORAGE REQUEST ERROR: SIZE NOT POSITIVE Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKG962A Command terminated by attention Severity: 10 Explanation: This message is issued by the command-execution module, and indicates a command was terminated by pressing the ATTN key. CKG962B Command not supported in background Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a command could not be executed through the TSO service facility. Typically, this is because the CKGRACF authorized component is not part of the AUTHCMD list in IKJTSOxx, see message CKR962F. CKG962C Command failed abend code Severity: 12 Explanation: This message is issued by the command-execution module, and indicates a command ended abnormally with the indicated abend code. CKG962E Not running in a TSO/E environment Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because command environment was not TSO/E. CKG962F Command failed, return code code (decimal) Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a command was unsuccessful, and returned the indicated result code. If the previous message was CKG740I 20, check that CKGRACF is part of the AUTHCMD list in SYS1.PARMLIB member IKJTSOxx. This member can be updated without an IPL through the TSO PARMLIB command. CKG962I IKJTSOEV module not found Severity: 08 Explanation: An attempt was made to establish a TSO environment, but the TSO environment initialization routine IKJTSOEV could not be found. Normally IKJTSOEV is in the link list. This will cause return code 20 when encountered as part of an attempt to execute a TSO command, and otherwise 8. Chapter 3. CKG messages 101 CKG962I IKJTSOEV return code xx reason code yy service reason code zz (decimal) Severity: 08 Explanation: This will cause return code 20 when encountered as part of an attempt to execute a TSO command. CKG962I SVC 220 return code hh (hex) on command Severity: 08 Explanation: This will cause return code 20 when encountered as part of an attempt to execute a RACF or CMS command. CKG962L Command could not be found in an authorized library. Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the link list, or was not found in an APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized. CKG962M Command may have failed, return code n Severity: 04 Explanation: This message indicates that a command returned a nonzero return code less than or equal to 4. This message causes a minimum return code of 4. It depends on the command whether this is a partial failure or a warning. CKG962N Command not allowed from APF mode - command Severity: 16 Explanation: This message is issued by the command-execution module, and indicates that the indicated command is not in the TSO AUTHCMD list and also not in a built-in list of safe commands to be called from an APF authorized program. If the command was requested by yourself, try running it under IKJEFT01 or without APF authorization. If this message is in response to a built-in function, contact IBM Software Support. CKG962O Command has flushed TSO stack - relogon required to close output trap file Severity: 00 Explanation: This message is issued by the command-execution module. Generally this means that subsequent command output is not written to the CKGPRINT file. It might be lost or shown in line mode after leaving CKGRACF. Depending on the z/OS release, it might be sufficient to leave and reenter ISPF to restore normal behavior. In the worst case, a relogon is required. CKG962P CLIST processing through % not supported Severity: 16 Explanation: This message is issued by the command-execution module. It indicates an attempt to run an CLIST using the % operator. Execution of CLISTs is not supported. CKG962S IKJEFTSR fails return code error reason code reason Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed. The command returned the indicated error code and reason code. 102 Version 1.12: Messages Guide CKG962T Command failed, ATTACH rc rc (decimal) Severity: 16 Explanation: This message is issued by the command-execution module, and indicates failure to attach a TSO command. CKG962U Unauthorized functions cannot be invoked from an authorized environment Severity: 16 Explanation: This message should not occur. Contact IBM Software Support. CKG962W Command not found Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the link list, or was not found in an APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized. CKG962X Syntax error in the command name Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because the name was not syntactically correct. CKG963I Ambiguous name "value" Severity: 12 Explanation: This message indicates an ambiguous abbreviation was entered, i.e. two or more keywords could be indicated by the abbreviated value. Specify the keyword intended in more detail. CKG968I IFAEDDRG failed RC nn decimal Severity: 16 Explanation: This message indicates that an attempt to register a previously registered product failed. User response: Contact IBM Software Support. CKG969I I/O error: description Severity: 08 Explanation: This message indicates that an I/O error occurred. CKGRACF will continue operation, but any abend may follow as a result of the I/O error. The description is the message returned by the operating system in response to a SYNADAF call. CKG970I program task heap FREE STORAGE ERROR: message Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKG971I Maximum length for this field is len at file line n Severity: 12 Explanation: The input contains a multiple-line string that is too long. Multiple-line strings (print titles or quoted strings) have a maximum size len that was exceeded. Chapter 3. CKG messages 103 CKG972I Enablement information missing for product Severity: 16 Explanation: This message indicates that the product cannot run because the load module is not complete. User response: Contact your system programmer to complete installation of the product. CKG973I IBM Tivoli product code code disabled or not installed Severity: 16 Explanation: This indicates that you are attempting to run functionality for a product that is not installed here, or it is disabled for this system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKG974I IBM Tivoli product disabled or not installed here for requested focus Severity: 16 Explanation: Either the product is not installed here, or the requested focus is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKG975I IBM Tivoli product disabled or not installed Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKG976I Code or enablement for product code code is missing Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKG976I IBM Tivoli <product or feature> disabled or not installed here Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKG977I Installed PRODUCT OWNER('IBM CORP') ID(5655-T01) NAME('name') FEATURE('feature') VER(version) REL(release) MOD(modification) Product action RC 0 decimal Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that are installed. The return code is for IFAEDREG, documented in the manual "MVS Product Registration". No return code is show if the product is not being registered (for example, because of CKR0979). action can be "registration" or "status". 104 Version 1.12: Messages Guide CKG978I Product code code has been disabled in PARMLIB Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that have been disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name by an entry in IFAPRDxx in your z/OS PARMLIB. User response: Run the product somewhere else, or ask your system programmer for enablement. CKG979I Product code code implied by other Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that are not being registered because their entitlement is implied by a more encompassing entitlement. CKG981I Invalid type "value" Severity: 12 Explanation: This message indicates that the text value is not a valid value in the context type. CKG982I Internal error: unknown error code at ddname line number Severity: 24 Explanation: The input parser error routine encountered an invalid error code. Contact IBM Software Support. CKG983I Expecting typ1 list separator/terminator instead of type "value" at ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a list separator or terminator for the current list of the indicated type (this can for instance be a comma, blank, or end-of-line, depending on the context). Instead, it encountered the indicated token type type (and text value, if available). The input parser skips all input until it encounters a valid list separator or terminator for the current list. CKG984I Invalid type list element type type "value" at ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a list element of the specified type, but found a token of a type not supported as a list element in this context. If available, the offending text value is also listed in the message. The input parser skips all input until it encounters a valid list separator or terminator for the current list. CKG985I Required list element/parameter "value" missing at ddname line number Severity: 12 Explanation: This message indicates that the input parser detected a missing required parameter or element in the list at the indicated line. CKG986I Duplicate parameter value at ddname line number Severity: 12 Explanation: This message indicates that the input parser detected a duplicate occurrence of the parameter or list element value at the indicated line. Chapter 3. CKG messages 105 CKG987I Syntax error: type1 expected instead of type2at "value" on ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a specific token type type1 in the current context. Instead of this, it found the token type type2 (at the text value, if available) on the indicated input line. CKG988I Syntax error: "c" expected instead of typeat "value" on ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a specific character "c" (presumably a delimiter) in the current context. Instead of this, it found the token type type (at the text value, if available) on the indicated input line. CKG989I Unexpected type ["value"] [for element] at ddname line number CKG989I Skipping to EOL at unexpected type ["value"] at ddname line number Severity: 12 Explanation: This message indicates that the input parser expected one of a number of specific token types, but found a different token type instead. If available, the offending text value and the element for which it is read are also listed in the message. The parser will either continue with the next token, or skip directly to the end of the line. CKG991I ESTAE return code rc Severity: 04 Explanation: This message indicates that the program failed to establish an abend exit linkage. CKG993I DIAGNOSTIC DUMP SUPPRESSED FOR program TASK taskname type ABEND xxx Explanation: This message indicates that the program abend exit did not attempt to make a diagnostic summary dump. This is done to prevent recursive abend conditions involving the print file. The task name is PROGRAM for the main task or for the only task in a program. For a multi-tasking program, program might identify one of the subtasks. CKG994I Last record truncated by end-of-file ddname Severity: 16 Explanation: This message indicates that end-of-file was reached for a RECFM=VBS input file in the middle of a multi-segment record. CKG995I LRECL INVALID; NOT OVERRULED BECAUSE PARTITIONED Explanation: This message indicates that the print file open routine detected an invalid record length for the output file. This would have been overruled with a correct length for a Physical Sequential data set, but this is not done for Partitioned data sets to prevent making any existing PDS members inaccessible. Subsequent 013 or 002 abends may be caused by the invalid record length. CKG996I MFREE: NO LENGTH FOUND IN BLOCK FOR STACK name Severity: 04 Explanation: This message indicates an internal stack error. It will be followed by a user ABEND 16. Contact IBM Software Support. 106 Version 1.12: Messages Guide CKG997I STACK ERROR - ELEMENT POPPED IS NOT ON TOP OF STACK name Severity: 16 Explanation: This message indicates an internal stack error. It will be followed by a user ABEND 16. Contact IBM Software Support. CKG998I STACK OVERFLOW FOR STACK tasklevel stackname IN program Severity: 16 Explanation: This message indicates an internal stack error. It is followed by a user abend 16. Contact IBM Software Support. CKG999I STORAGE SHORTAGE FOR TASK taskname HEAP heapname IN program - INCREASE REGION Severity: 16 Explanation: This message indicates that the program needs more storage. It is followed by a user abend 16. If the heap name is LOWHEAP or SYSSTACK, then the request is for storage below the 16MB line. If the name is MAINHEAP, then the request is for storage anywhere. Increase the region (for a batch job) or SIZE (for a TSO command) and try again. Chapter 3. CKG messages 107 108 Version 1.12: Messages Guide Chapter 4. CKN messages This chapter describes messages that are issued by the CKNSERVE program. The CKNSERVE program is the zSecure Server. zSecure Servers (usually one per system) form a network of peer nodes that can remotely fill requests from CKRCARLA, CKX, and CKGRACF. The following severity level codes are used by the the CKNSERVE program: I Informational message. W Warning message. The task continues, but an error occurred. E Error message. The task may end immediately, or may attempt to continue. S Severe error message. A Action message. Operator action is needed to correct the situation. The CKN message numbers are grouped according to these categories: 100-399 400-499 500-599 600-699 700-799 800-899 900-999 Normal message, giving status or summary information. Debugging messages due to a DEBUG command Normal message, giving status or summary information. Error condition during execution. Error during the parsing of input, before any command is executed. Messages issued by architectural subcomponents. Messages issued by architectural subcomponents. The general meaning of the CKNJES severity codes and hence of the completion code is as follows: 00 Normal message, giving status or summary information. 04 Warning: a condition occurred which may cause the command to have an unexpected effect. 08 Error condition found during processing. 12 Syntax error in command input, or an invalid format of USR data. 16 Entitlement problem or invalid or unsupported files. 20 Unsupported condition found or installation error. 24 Internal error or other unexpected and unsupported condition in CKNJES was detected. Messages from 0 to 99 CKN000I Local hostname obtained from gethostname is HOSTNAME Severity: 0 Explanation: This message indicates the local hostname that is returned from the gethostname service. This can be of interest if the server is not using the ZSECSYS configuration statement you expect. © Copyright IBM Corp. 2008, 2010 109 CKN001I BPX1HST gethostname failed unix error Severity: 12 Explanation: This message indicates the server failed to obtain the local hostname. The zSecure Server cannot operate without one. User response: Check the TCP/IP configuration. Ensure there is a global default or connect a TCPIPDATA file. If either of these is specified, see the UNIX System Services Messages and Codes manual for guidance. CKN002I BPX1GAI getaddrinfo for hostname failed unix error Severity: 12 Explanation: This message indicates the server failed to obtain the canonical domain name. The zSecure Server cannot operate without one. User response: Check the TCP/IP configuration. Ensure there is a global default or connect a TCPIPDATA file. If either of these is specified, see the UNIX System Services Messages and Codes manual for guidance. CKN003I Canonical domain name is DNAMNAME Severity: 0 Explanation: This message indicates the canonical domain returned by the getaddrinfo service. This can be of interest if the server is not using the ZSECSYS configuration statement you expect. If you do not specify an OPTION OWNSYS in the CKNIN input file, the server selects the first ZSECSYS that matches this name in its IPADDR parameter. CKN004I BPX1SOC system TCP socket family ai_family abend Severity: 12 Explanation: This message indicates a failure to obtain a socket of the indicated family type. The preferred type is 19 (AF_INIT6), but if that is inactive, fallback to family 2 (AF_INET) is expected. The use of any other family number is a software defect. The system is either a ZSECSYS name or the word "Server." User response: See z/OS MVS System Codes to determine the cause and actions. CKN005I BPX1SOC system TCP socket failed - unix error family ai_family socktype ai_socktype Severity: 12 Explanation: This message indicates a failure to obtain a socket of the indicated family type. The preferred type is 19 (AF_INIT6), but if that is inactive, fallback to family 2 (AF_INET) is expected. The use of any other family number is a software defect. The system is either a ZSECSYS name or the word "Server." User response: See your UNIX system codes book to determine the cause and actions. CKN006I system TCP socket family ai_family established stream socket SOCKDESC Severity: 0 Explanation: This informational message indicates for which system a specific socket descriptor number was established. You can use it to link subsequent error messages involving socket numbers to a specific system. The system is either a ZSECSYS name or the word "Server." CKN007I BPX1BND bind call for port PORT socket SOCKDESC abend Severity: 12 Explanation: This message indicates that an abend occurred during a bind call to establish a listener on the indicated port on the indicated socket. User response: See z/OS MVS System Codes to determine the cause and actions. 110 Version 1.12: Messages Guide CKN008I BPX1BND bind call for port PORT socket SOCKDESC failed unix error Severity: 12 Explanation: This message indicates that a UNIX error occurred during a bind call to establish a listener on the indicated port on the indicated socket. User response: See your UNIX system codes book to determine the cause and actions. CKN009I Server socket SOCKDESC bound to port PORT Severity: 0 Explanation: This message documents which socket number is used to listen to the indicated port number. CKN010I BPX1LSN listen on socket SOCKDESC abend Severity: 12 Explanation: This message indicates that an abend occurred during a listen call on the indicated socket. User response: See z/OS MVS System Codes to determine the cause and actions. CKN011I BPX1LSN listen failed on socket SOCKDESC unix error Severity: 12 Explanation: This message indicates that a UNIX error occurred during a listen call on the indicated socket. User response: See your UNIX system codes book to determine the cause and actions. CKN012I Server now listening on socket SOCKDESC to port PORT with max queue depth BACKLOG Severity: 0 Explanation: This message indicates that the server is now listening to the indicated port using the indicated socket number. CKN013I BPX1AIO accept on socket SOCKDESC abend Severity: 12 Explanation: This message indicates that an abend occurred during an asyncio accept call on the indicated socket. User response: See z/OS MVS System Codes to determine the cause and actions. CKN014I BPX1AIO accept failed on socket SOCKDESC unix error Severity: 12 Explanation: This message indicates that a UNIX error occurred during an asyncio accept call on the indicated socket. User response: See your UNIX system codes book to determine the cause and actions. CKN015I CKNCOMR unknown WKQRTYPE=xx on WKQR address Severity: 16 Explanation: This message indicates the communication task received an unknown request type. User response: Determine if this is a known problem with a specified fix. If so, apply the fix. If not, contact IBM Software Support. Chapter 4. CKN messages 111 CKN016I BPX1AIO connect on socket SOCKET abend Severity: 12 Explanation: This message indicates that an abend occurred during an asyncio connect call on the indicated socket. User response: See z/OS MVS System Codes to determine the cause and actions. CKN017I BPX1AIO connect failed on socket SOCKET unix error port PORT of IPADDRESS Severity: 12 Explanation: This message indicates that a UNIX error occurred during an asyncio connect call on the indicated socket for the indicated port and IP address. User response: See your UNIX system codes book to determine the cause and actions. CKN018I BPX1AIO receive on socket SOCKDESC abend Severity: 12 Explanation: This message indicates that an abend occurred during an asyncio receive call on the indicated socket. User response: See z/OS MVS System Codes to determine the cause and actions. CKN019I BPX1AIO receive failed on socket SOCKDESC unix error Severity: 12 Explanation: This message indicates that a UNIX error occurred during an asyncio receive call on the indicated socket. User response: See your UNIX system codes book to determine the cause and actions. CKN020I BPX1AIO send number byte TYPE msg on socket SOCKDESC abend Severity: 12 Explanation: This message indicates that an abend occurred during an asyncio send call on the indicated socket for the indicated message type. User response: See z/OS MVS System Codes to determine the cause and actions. CKN021I BPX1AIO send NUMBER byte TYPE msg failed on socket SOCKDESC unix error Severity: 12 Explanation: This message indicates that a UNIX error occurred during an asyncio send call on the indicated socket for the indicated message type. User response: See your UNIX system codes book to determine the cause and actions. CKN022I Send failed on socket SOCKDESC unix error , closing socket Severity: 4 Explanation: This error might be caused by a firewall action blocking the communication link from this server to the peer server. If the peer server is the managing node and this server is the managed node and the connection is successful, this is not necessarily a problem. If it is a problem, you must configure one or more of the firewalls to at least allow the connection to be established in one direction, from managing node to managed node. User response: See your UNIX system codes book to determine the cause and actions. 112 Version 1.12: Messages Guide CKN023I Send failed because socket SOCKDESC closed Severity: 8 Explanation: This message indicates the socket was closed before a scheduled send action was ready. This might be caused by a server shutting down, or by a firewall terminating a connection. User response: If neither the local nor the remote server was shutting down, verify the configuration members for errors relating to the node this socket was connected to, and verify that the connection path is still working, CKN024I Receive failed on socket SOCKDESC unix error Severity: 4 Explanation: This message indicates that a UNIX error occurred during a send call on the indicated socket. This might be caused by a firewall action in the path and is not a problem if a connection the other way still exists, or if there is no client that needs the connection. User response: If there is not a problem with a client, ignore the message. If a client needs to be active, see your UNIX system codes book and follow its guidance. CKN025I Receive failed because socket SOCKDESC closed Severity: 8 Explanation: This message indicates the socket was closed before a scheduled receive action was ready. This might be caused by a server shutting down, or by a firewall terminating a connection. User response: If neither the local nor the remote server was shutting down, verify the configuration members for errors relating to the node this socket was connected to, and verify the connection path is still working. CKN026I Negative message length field hexnum received on socket SOCKDESC Severity: 8 Explanation: This message indicates a protocol error. Presumably the server was contacted by a service that uses a different protocol. User response: Determine who is connected on the indicated socket and verify it has the right port number configured for what it is trying to do. CKN027I Unknown message id TYPE received on socket SOCKDESC starts "string" Severity: 8 Explanation: This message indicates a protocol version error. Presumably the server is contacted by a newer zSecure Server that is not compatible with the version of the current server. User response: Determine who is connected on this socket and verify it has the right port number configured for what it is trying to do. CKN028I Unsupported TYPE level xx instead of xx received on socket SOCKDESC Severity: 8 Explanation: This message indicates a protocol version error. Presumably the server is contacted by a newer zSecure Server that is not compatible with the version of the current server. User response: Ensure that all configured servers are on compatible levels. For example, follow a more gradual upgrade path. Chapter 4. CKN messages 113 CKN029I Unexpected TYPE length length found instead of length expected received on socket SOCKDESC Severity: 8 Explanation: This message indicates a protocol error. Presumably the server is contacted by a service that uses a different protocol. User response: Determine who is connected on this socket and verify it has the right port number configured for what it is trying to do. If it is a zSecure Server, verify that the version is compatible. If the versions is documented as compatible, look for a problem solution for this message ID on the support web site. If you cannot find a solution, contact IBM Software Support. CKN030I CKNRMSG called with invalid message id type len length for socket SOCKDESC Severity: 24 Explanation: This message indicates a software problem. User response: Save the server CKNPRINT output. Search for the message ID on the IBM support web site. If you cannot find a solution, contact IBM Software Support. CKN031I BPX1CLO failed close socket sockdesc unix error Severity: 4 Explanation: This message documents a problem that occurred during the close of a socket. User response: See the UNIX System Services Messages and Codes manual and follow its guidance. CKN032I BPX1FAI freeaddrinfo for domain failed unix error Severity: 12 Explanation: This message indicates that a UNIX error occurred during a freeaddrinfo call. Probably there is no impact on the server operation. User response: Save the CKNPRINT file and contact IBM Software Support. CKN033I BPX1GAI getaddrinfo ZSECSYS failed unix error for IPADDR Severity: 8 Explanation: This message indicates that a UNIX error occurred during a getaddrinfo call for the indicated IP address. User response: See your UNIX system codes book to determine the cause and actions. CKN034I ZSECSYS ZSECSYS getaddrinfo resolves IPADDR to NUMIP Severity: 0 Explanation: This informational message shows which IP address will be used to attempt to connect to the indicated ZSECSYS. CKN035I CKNCLNR unknown WKQRTYPE=xx on WKQR address Severity: 16 Explanation: This message indicates that the communication task received an unknown request type. User response: Determine if this is a known problem with a specified fix. If so, apply the fix. If not, contact IBM Software Support. 114 Version 1.12: Messages Guide CKN036I Connect to zsecsys failed on socket SOCKDESC unix error Severity: 12 Explanation: This message indicates that a connect call to the specified server failed. The server configuration file might not be accurate, a required network link might be down, or the remote server might not be active. User response: Determine if the remote server is active and restart it if it is not. See your UNIX system codes book for more information on the error. CKN037I Attempt to connect from zsecsys=ZSECSYS zsecnode=ZSECNODE smfid=name but not defined in configuration file Severity: 8 Explanation: This message indicates that the local server was contacted by the specified remote server, but the server is not defined in the server configuration file. User response: If you want the remote server to connect, update the server configuration. Otherwise, research who mimics a remote server because the connection attempt might constitute an attack. CKN038I IPADDR connected to is zsecsys=ZSECSYS zsecnode=ZSECNODE smfid=name but not SYSNAME/ZSYSNODE as defined in configuration file Severity: 8 Explanation: This message indicates that the local server is contacting a remote server but the connection returns a different name than the name defined in the local server configuration file. User response: Verify that this connection is intended to work. If so, change one or both of the configuration files. CKN040I Duplicate ZSECNODE NAME(ZSECNODE) definition Severity: 12 Explanation: This message indicates an error in the server configuration file; a ZSECNODE is defined multiple times. User response: Change or delete one of the node definitions. CKN041I Duplicate ZSECSYS NAME(ZSECSYS) definition Severity: 12 Explanation: This message indicates an error in the server configuration file; a ZSECSYS name is defined multiple times. A ZSECSYS name must be unique. User response: Change or delete one of the system definitions. CKN042I NO ZSECNODE NAME(ZSECSYS) defined Severity: 12 Explanation: This message is issued if a ZSECSYS statement refers to an as yet undefined ZSECNODE. You must define a ZSECNODE before you define the ZSECSYS statement that refers to it. User response: Move or add a ZSECNODE statement, or correct a mistake in the node name. CKN044I No valid ZSECSYS defined in parameters Severity: 12 Explanation: The server configuration file must contain ZSECNODE and ZSECSYS statements. A valid ZSECSYS statement was not found. User response: Create a valid server configuration file. Chapter 4. CKN messages 115 CKN045I ZSECSYS statement missing for ZSECSYS specified on OPTION OWNSYS Severity: 12 Explanation: A ZSECSYS statement was found missing, or the OPTION OWNSYS contains a mistake. User response: Correct the server conguration file so that OWNSYS refers to a defined ZSECSYS. CKN046I IPADDR for own ZSECSYS differs from domain name Severity: 4 Explanation: This message indicates the canonical name for the current system does not match the IPADDR on the SECSYS statement for the system on OPTION OWNSYS. This mismatch might cause remote systems to fail to connect to the current system. User response: Verify the DNS name for the current system name and update the configuration file. CKN047I Port number IPPORT not possible, must be in range 1..65535 Severity: 12 Explanation: The IP port specification is not valid. The number must be between 1 and 65535. User response: Correct the IPPORT specification. CKN048I Message number to be suppressed must be in range 0...999 Severity: 12 Explanation: An OPTION MSGSUP specification contains a message number that is not valid. The number must be between 0 and 999. User response: Correct the MSGSUP specification. CKN050I Server requires z/OS 1.9 or higher Severity: 16 Explanation: This message indicates that the zSecure Server is not running on a supported z/OS release. Note that this message is suppressible but running zSecure Server this way is not supported. User response: Upgrade the z/OS release to a supported release if you need to use the zSecure Server on this system. CKN051I Server must run APF authorized Severity: 16 Explanation: The server needs APF authorization to set up client communication and get RACF information. Note that this message is suppressible but running without APF authorization has very limited functionality as a non-client endpoint server, and is not supported. User response: Add the load library to the APF list. CKN052I Server with servertoken SERVERTOKEN seems to be active already Severity: 16 Explanation: This message indicates that a server is already running and using the indicated server token. That is not supported; only one server can be active per system at any time with a specific server token. User response: Change the server token if you intend to start a parallel server on the same system. Stop the first server instance if you intend to restart the server. 116 Version 1.12: Messages Guide CKN053I Message received from ZSECSYS on socket SOCKET for client number that is no longer present Severity: 4 Explanation: This message indicates that communication was received from a remote server intended for a local client that has terminated already. User response: Determine if the client termination was as intended. CKN054I Unexpected IEANTRT return code rc Severity: 16 Explanation: This message lists an unexpected return code from the z/OS name token request service. User response: Try to restart the server. If the problem persists, see the IEANTRT return code documentation and follow its guidance. If you cannot resolve the problem, check whether this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN055I Servertoken token is defined for an incompatible version version this server uses version Severity: 16 Explanation: This message documents that a server token was found with an incompatible version. User response: Use a different server token or use a different version of the client software. CKN056I CKNSERVE first start after IPL with servertoken token Severity: 0 Explanation: This message documents that a new name token was added to the system for the indicated server token. CKN057I SYSEVENT DONTSWAP failed, return code rc Severity: 16 Explanation: This message lists an unexpected return code from the SYSEVENT DONTSWAP call. User response: Try to restart the server. If the problem persists, see the SYSEVENT return code documentation and follow its guidance. CKN058I Using existing LX heXLX from servertoken Severity: 0 Explanation: This informational progress message documents which Linkage Index is being reused by the server. CKN059I Obtaining new LX Severity: 0 Explanation: This informational progress message documents that a Linkage Index is needed by the server. CKN060I Obtained new LX hex lx Severity: 0 Explanation: This informational progress message documents which new Linkage Index was acquired by the server. Chapter 4. CKN messages 117 CKN061I IDENTIFY RC=decrc for CKNSVPC at address Severity: 8 Explanation: This message lists an unexpected return code from the IDENTIFY call. User response: Try to restart the server. If the problem persists, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN062I Obtaining new ET Severity: 0 Explanation: This informational progress message documents that an Entry Table is needed by the server. CKN063I Obtained new ET with token TOKEN Severity: 0 Explanation: This informational progress message documents which new Entry Table token was acquired by the server. CKN064I Address spaces now connected to ET Severity: 0 Explanation: This informational progress message documents that clients can now connect to the server though the Program Call. CKN065I Unexpected IEANTCR return code decrc creating NAMETOKEN Severity: 16 Explanation: This message lists an unexpected return code from the z/OS name token create service that occurred while trying to create a persistent server name token. User response: Try to restart the server. If the problem persists, see the IEANTCR return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN066I Persistent server name token NAMETOKEN created successfully Severity: 0 Explanation: This informational progress message documents which persistent name token was created. CKN067I Unexpected IEANTCR return code decrc creating NAMETOKEN Severity: 16 Explanation: This message lists an unexpected return code from the z/OS name token create service that occurred while trying to cerate a nonpersistent server name token. User response: Try to restart the server. If the problem persists, see the IEANTCR return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN068I Non-persistent server name token NAMETOKEN created successfully Severity: 0 Explanation: This informational progress message documents which nonpersistent name token was created. 118 Version 1.12: Messages Guide CKN069I Removing Entry Table Severity: 0 Explanation: This informational progress message documents that the server is attempting to remove an Entry Table. CKN070I Entry Table removed while connections existed Severity: 0 Explanation: This informational progress message documents that the server removed an Entry Table, but connections are still active. This might, for instance, cause 0D6 abends in clients. CKN072I Entry Table removed succesfully Severity: 0 Explanation: This informational progress message documents that the server removed an Entry Table, and no connections were active. CKN073I SYSEVENT OKSWAP failed, return code decrc Severity: 4 Explanation: This message lists an unexpected return code from the SYSEVENT OKSWAP call. There might be no impact on the server. User response: Try to restart the server and see if the error occurs again. CKN080I Problem copying to address1 len length1 at address2 writing address3 len length2 from address4 - abend Severity: 8 Explanation: This message indicates that the PC call made by the server was passed a buffer address or length that was not valid. User response: Fix the calling problem or, if the caller is IBM software, look for the message ID on the support web site. CKN081I Invalid PLIST pointer passed address - abend Severity: 8 Explanation: This message indicates that the PC call made by the server was passed a parameter list address that was not valid. User response: Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site. CKN082I Invalid BUFLEN pointer passed address - abend Severity: 8 Explanation: This message indicates that the PC call made by the server was passed a buffer length address that was not valid. User response: Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site. CKN083I Invalid token pointer passed address - abend Severity: 8 Explanation: This message indicates that the PC call made by the server was passed a token address that was not valid. Chapter 4. CKN messages 119 User response: Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site. CKN084I Invalid or expired token passed address cbid from jobname ASID asid user userid Severity: 8 Explanation: This message indicates that the server does not know the token passed in a PC call. In rare cases this can occur if a server is restarted while a client is operating. It can also occur by sending a client end request and then sending another request like a remote file close. User response: If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site. CKN085I Expired token passed old client number now new client number from jobname ASID asid user userid Severity: 8 Explanation: This message indicates that the server does not know the token passed in a PC call. In rare cases this can occur if a server is restarted while a client is operating. User response: If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site. CKN086I Token passed belongs to job jobname ASID asid user userid; caller is jobname ASID asid user userid Severity: 8 Explanation: This message indicates that the server was passed a client number in a PC call that belongs to another client. In rare cases this can occur if a server is restarted while a client is operating. User response: If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site. CKN087I Invalid token passed address - abend from jobname ASID asid user userid Severity: 8 Explanation: This message indicates that the server does not know the token passed in a PC call. In rare cases this can occur if a server is restarted while a client is operating. It can also occur by sending a client end request and then sending another request like a remote file close. User response: If the server was restarted, ignore and restart the client operation. Otherwise, fix the calling program, or if the caller is IBM software, look for the message ID on the support web site CKN088I No userid found, cannot identify Severity: 8 Explanation: This message indicates that the server cannot identify the SAF user ID of the unit of work issuing the PC call. Consequently, it denies access. User response: Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site CKN089I Error updating token address - abend Severity: 8 Explanation: This message indicates the server cannot update the token, presumably because it is not located in key 8 storage. User response: Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site 120 Version 1.12: Messages Guide CKN090I Invalid FUNCTION pointer passed address - abend Severity: 8 Explanation: This message indicates that the PC call made by the server was passed a function pointer that was not valid. User response: Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site CKN091I Unsupported FUNCTION level xx instead of yy received from jobname ASID asid user userid Severity: 8 Explanation: This message indicates that the server does not support the version of the function passed to the PC call. Presumably you are using a new client with an old server in an unsupported combination. User response: Connect to a newer server or use an older client. CKN092I Unsupported FUNCTION length len1 instead of len2 received from jobname ASID asid user userid Severity: 8 Explanation: This message indicates that the PC call made by the server was passed a message length for the specified function that was not valid. User response: Fix the calling program, or if the caller is IBM software, look for the message ID on the support web site CKN093I ZSECSYS ZSECSYS not defined to server; call from jobname ASID asid user userid Severity: 4 Explanation: This message indicates an action was directed to a server name that was not defined in the configuration file for the server. User response: Specify a different target system in the client, or update the server configuration file with a definition for the desired system and restart the server. CKN094I Task task IEAVAPE failed RC=dec Severity: 12 Explanation: This message indicates a failure to allocate a pause element. User response: Try to restart the server and redo the client action. If the problem persists, see the IEAVAPE return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN095I Task task IEAVPSE failed RC=dec Severity: 12 Explanation: This message indicates a failure to wait on a pause element. User response: Try to restart the server and redo the action. If the problem persists, see the IEAVPSE return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN096I Task task IEAVDPE failed RC=dec Severity: 12 Explanation: This message indicates a failure to deallocate a pause element. User response: Try to restart the server and redo the action. If the problem persists, see the IEAVDPE return code documentation and follow its guidance. If you cannot resolve the problem, determine if this is a known problem with Chapter 4. CKN messages 121 an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN097I Task task instance TCB address unrecognized request function from client client number job jobname ASID asid user userid Severity: 8 Explanation: This message indicates that the server does not support the request passed to the PC call. Presumably you are using a new client with an old server in an unsupported combination. User response: Use the server token for a newer server or use an older client. CKN098I ZSECNODE ZSECNODE not defined to server; call from jobname ASID asid user userid Severity: 4 Explanation: This message indicates an action was directed to a server node that was not defined in the server configuration file. User response: Specify a different target node in the client, or update the server configuration file with a definition for the desired node and restart the server. CKN099I ZSECSYS ZSECSYS not part of node ZSECNODE, call from jobname ASID asid user userid Severity: 4 Explanation: This message indicates an action was directed to a server name and node combination that is not defined in the server's configuration file. The specified ZSECSYS must be a member of the specified ZSECNODE. User response: Specify a different target system or node in the client, or update the server configuration file with a matching definition for the desired system and node and restart the server. Messages from 100 to 199 CKN100I Unexpected STIMERM SET RC=nn Severity: 16 Explanation: This message indicates that the STIMERM service received an unexpected return code. User response: Refer to the appropriate z/OS MVS manual and follow its guidance. CKN101I START command received from console user userid command Severity: 0 Explanation: This informational message confirms that an operator START command was received with the indicated positional parameters. CKN102I STCOM command received from console user userid command Severity: 0 Explanation: This informational message confirms that an operator START command was received with the indicated keyword parameters. CKN103I MODIFY command received from console user userid command Severity: 0 Explanation: This informational message confirms that the indicated operator MODIFY command was received. 122 Version 1.12: Messages Guide CKN104I STOP command received from console user userid Severity: 0 Explanation: This informational message confirms that an operator STOP command was received. CKN105I Unexpected QEDIT RC=nn Severity: 8 Explanation: This message indicates that the QEDIT service received an unexpected return code. User response: Refer to the appropriate z/OS MVS manual. CKN106I Cleanup and terminating due to abend Severity: 16 Explanation: This message indicates the an abend in the main task was intercepted and resource cleanup is taking place. Cleanup can be suppressed with OPTION NOCLEANUP but this might result in a non-reusable address space User response: Look up the abend in z/OS MVS System Codes to determine the cause and actions. CKN107I IEAVRLS failed RC=nn WKQR address Severity: 16 Explanation: This message indicates that the IEAVRLS service to release a paused client received an unexpected return code. User response: Try to restart the server and redo the action. See the IEAVRLS return code documentation and follow its guidance if the problem persists. If you cannot resolve the problem, determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN108I CKNRCLR unknown WKQRTYPE=nn on WKQR address Severity: 16 Explanation: This message indicates the remote client handler task received an unknown request type. User response: Determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN109I Task TASK ignoring ALLOC after END Severity: 8 Explanation: This message indicates that a remote server was passed an ALLOC request for a client that is already terminating. In rare cases this can occur if a server is shutting down while a client is operating. User response: If the server was shutting down, ignore the message and restart the client operation. Otherwise, fix the calling program. If the caller is IBM software, look for the message ID on the support web site. CKN0110I Task TASK ignoring DOIO after END from socket SOCKET Severity: 8 Explanation: This message indicates that a remote server was passed an I/O request for a client that is already terminating. In rare cases this can occur if a server is shutting down while a client is operating. User response: If the server was shutting down, ignore the message and restart the client operation. Otherwise, fix calling program. If the caller is IBM software, look for the message ID on the support web site. Chapter 4. CKN messages 123 CKN111I Task TASK ignoring DOIO for non-initialized client CLNTNO from socket SOCKDESC Severity: 8 Explanation: This message indicates that a remote server was passed an I/O request for a client without having received an ALLOC request. In rare cases this can occur if a local server is shutting down while a client is operating. User response: If a server was restarted, ignore the message and restart the client operation. Otherwise, fix calling program. If the caller is IBM software, look for the message ID on the support web site. CKN112I ALLO (allocate) received from unconfigured ZSECSYS on socket SOCKDESC - ignored Severity: 8 Explanation: This message indicates that an ALLOC request was received on an unconfirmed connection. This message is accompanied by earlier messages that show the probable cause of the problem. User response: Change the server configuration file to define the indicated system. CKN113I DOIO received from unconfigured ZSECSYS on socket SOCKDESC - ignored Severity: 8 Explanation: This message indicates that an I/O request was received on an unconfirmed connection. This message is accompanied by earlier messages that show the probable cause of the problem. User response: Change the server configuration file to define the indicated system. CKN114I ENDC received from unconfigured ZSECSYS on socket SOCKDESC - ignored Severity: 8 Explanation: This message indicates that an end-client request was received on an unconfirmed connection. This message is accompanied by earlier messages that show the probable cause of the problem. User response: Change the server configuration file to define the indicated system. CKN115I CKNDOIR unknown WKQRTYPE=xx on WKQR address Severity: 16 Explanation: This message indicates the remote worker task received an unknown request type. User response: Determine if this is a known problem with an applicable fix. If so, apply the fix. If not, contact IBM Software Support. CKN116I RACF initialization failed for RACF initialization failed for USERID RC=hexnum RC=hexnum hex; notifying ZSECSYS job JOBNAME user USERID client CLNTNO Severity: 8 Explanation: This message indicates that the remote mapped execution user ID failed to initialize with the indicated SAF return code and reason code. User response: Look up the indicated SAF return code and reason code for RACROUTE REQUEST=VERIFY in the Security Server RACROUTE documentation. CKN117I Task restart limit reached, shutting down Severity: 16 Explanation: This message indicates that a server task failed and was restarted more than once, up to the maximum restart limit. The server is shutting down. User response: Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages. 124 Version 1.12: Messages Guide CKN118I Task CKNCOMT restart initiated Severity: 8 Explanation: The server communication task was found to be inactive and a restart is being attempted. User response: Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages. CKN119I Task CKNCLNT restart initiated Severity: 8 Explanation: The local client handler task was found to be inactive and a restart is being attempted. User response: Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages. CKN120I Task CKNRCLT restart initiated Severity: 8 Explanation: The remote client handler task was found to be inactive and a restart is being attempted. User response: Review CKNPRINT and the job log for messages showing the initial error and follow the guidance for those messages. CKN121I Duplicate request for file CLNT_DDNM received from ZSECSYS client CLNTNO job JOBNAME user USERID Severity: 8 Explanation: This message indicates that two ALLOC requests were received for the same client file name. User response: Fix the calling program. If the caller is IBM software, look for the message ID on the support web site. CKN122I Allocated serverdd dsname member to clientdd of ZSECSYS client nn job JOBNAME ASID ASID user USERID Severity: 0 Explanation: This informational message is issued to note the successful allocation of a server side data set for a remote client. CKN123I Unsupported request for file clientdd received from ZSECSYS client nn job JOBNAME ASID ASID user USERID Severity: 8 Explanation: This message indicates a protocol error. User response: Ensure that the server version supports the client version. If it does not, upgrade the downlevel version or use a different server. CKN124I I/O request but alloc failed for clientdd received from ZSECSYS client nn job JOBNAME ASID ASID user USERID Severity: 8 Explanation: This message indicates a protocol error. User response: Look for one or more messages about a failure and continue there. If no messages are recorded, restart the client and try again. If that does not help, restart the server and try again. If that does not help, fix the protocol error in the client. Chapter 4. CKN messages 125 CKN125I I/O request without alloc for clientdd received from ZSECSYS client nn job JOBNAME ASID ASID user USERID Severity: 8 Explanation: This message indicates a protocol error. User response: Look for one or more messages about a failure and continue there. If no messages are recorded, restart the client and try again. If that does not help, restart the server and try again. If that does not help, fix the protocol error in the client. CKN126I Open serverdd abend for clientdd received from ZSECSYS client nn job JOBNAME ASID ASID user USERID Severity: 8 Explanation: This message indicates an abend occurred while trying to open the indicated DD name on the server on behalf of the client file indicated. User response: See the MVS system codes for the indicated abend code and follow the guidance. CKN127I Open failed for clientdd received from ZSECSYS client nn job JOBNAME ASID ASID user USERID Severity: 8 Explanation: This message indicates the indicated client file could not be opened on the server. User response: Look for a message in the server job log about the data set being requested. CKN128I Get for unopened file clientdd received from ZSECSYS client nn job JOBNAME ASID ASID user USERID Severity: 8 Explanation: This message indicates a protocol error from a client. The client application tried to obtain a record from a file it had not opened successfully. User response: Look for open abend or open failure messages and follow the guidance. CKN129I Alloc missing ZSECSYS/NODE; call from JOBNAME ASID ASID user USERID Severity: 4 Explanation: This message indicates that the server received an allocation request without a target system or node; this is a client API error. User response: Fix the calling program. If the caller is IBM software, look for the message ID on the support web site. CKN130I Node ZSECNODE not currently connected; call from JOBNAME ASID ASID user USERID Severity: 4 Explanation: This message indicates an attempt to access a remote server that is currently unavailable. User response: Try again later or verify why the connection cannot be created and remedy the cause. CKN131I System ZSECSYS not currently connected; call from JOBNAME ASID ASID user USERID Severity: 4 Explanation: This message indicates an attempt to access a remote server that is currently unavailable. User response: Try again later or verify why the connection cannot be created and remedy the cause. Alternatively, use a ZSECNODE instead of a ZSECSYS to let the system find an active system on the node. 126 Version 1.12: Messages Guide CKN132I Message DATA received from ZSECSYS on socket SOCKDESC for client nn that is no longer present Severity: 4 Explanation: This message indicates a protocol error occurred while using the server. User response: Check the calling program and ensure that it does not wait excessively long during server interaction. CKN133I RACF initialization failed for USERID abend Severity: 8 Explanation: An abend occurred during a RACOUTE REQUEST=VERIFY for a local user ID that is the partner (peer) user ID for a remote client. User response: See the MVS system codes for the indicated abend code and follow the guidance. CKN134I Task TASK ignores ALLOC after failed initialization Severity: 4 Explanation: This message indicates a protocol error occurred while using the server. User response: Fix the calling program. Consider discontinuing the call after a failure. If the caller is IBM software, look for the message ID on the support web site. CKN135I Problem copying from address FUNCTION len hexlen - abend Severity: 8 Explanation: This message indicates an abend occurred while returning data to the storage of the caller. User response: See the MVS system codes for the indicated abend code and follow the guidance. CKN136I Open/get/close without alloc for clientdd from JOBNAME ASID ASID user USERID Severity: 8 Explanation: This message indicates a protocol error in using the server. User response: Fix the calling program. If the caller is IBM software, look for the message ID on the support web site. CKN137I Read number records from ddname dataset Severity: 0 Explanation: This message indicates how many records were read from this data set on behalf of a remote client. CKN138I Communication task status SCKD address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN139I TASK subtask status TSKD address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. Chapter 4. CKN messages 127 User response: No user action is required. CKN140I Main task status RACF address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN141I Main task status ZNOD address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN142I Main task status ZSYS address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN143I Main task status ZSCS address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN144I Main task status DNAM address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN145I Main task status INFO address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. 128 Version 1.12: Messages Guide CKN146I Client handler task status for ZSECSYS CLNT address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN147I Local file name status for ZSECSYS client nn LFIL address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN148I Remote client handler task status for SYSNAME RCLN address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN149I Work queue header WKQH address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN150I Work queue element WKQR address type status dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN151I Wait element WKQR address type status dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN152I Client status RLNK address dump Severity: 0 Chapter 4. CKN messages 129 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN153I Client handler task status for ZSECSYS client NO RFIL address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN154I Notify client nn of failing server Severity: 0 Explanation: This message is sent to a waiting client as a surrogate reply to the request the client was waiting on that could not be completed. User response: Restart the server or wait until the server is restarted and try again. CKN155I Notify client nn of stopping server Severity: 0 Explanation: This message is sent to a waiting client as a surrogate reply to the request the client was waiting on. The request could not be completed because the server received a STOP request from the operator. User response: Restart the server or wait until the server is restarted and try again. CKN156I Server stopping - socket SOCKDESC wait cancelled Severity: 0 Explanation: This message is sent to a waiting client as a surrogate reply to the request the client was waiting on. The request could not be completed because the server received a STOP request from the operator. User response: Restart the server or wait until the server is restarted and try again. CKN157I Server failing - socket SOCKDESC wait cancelled Severity: 0 Explanation: This message is sent to a waiting client as a surrogate reply to the request the client was waiting on that could not be completed. User response: Restart the server or wait until the server is restarted and try again. CKN158I activity on SYSNAME(name) SYSPLEX(name) [ LPARNAME(name) ] [ VMUSERID(name) ] [ HWNAME(name) ] CPU-id CPUid Product codes codes Products Severity: 00 Explanation: This message shows the system, sysplex, LPAR, VM user ID, and hardware where it is running, and which IBM Security zSecure suite products are installed and not disabled through IFAPRDxx for use in this program. For a description of the product codes, see the License names table in any of the zSecure Admin and Audit user reference manuals. Each line in the "Products" section shows a product ID and the full name of a particular product feature, for example, 5655-T02 IBM Security zSecure Audit for RACF for code AUDITRACF. activity can be Runs or UNIX depending on the calling environment used. 130 Version 1.12: Messages Guide CKN159I Contents of CKRSITE module: Class: setting Severity: 00 Explanation: This message is issued in response to OPTION DEBUG command. setting displays the relevant class name, for example, XFACILIT. CKN160I Connection dropped socket SOCKDESC wait cancelled Severity: 0 Explanation: This message indicates a remote server connection was lost and a paused client was released. User response: Restore the network connection and try the operation again. CKN161I zSecure Server zsecnode/zsecsys token servertoken shutdown complete Severity: 0 Explanation: This message indicates that the main task is ready with shutdown and is terminating. CKN162I Unsecured connection rejected on socket sockdesc from/to zsecnode/zsecsys sysplex.clone.sysname njenode.smfid rrsfnode Severity: 0 Explanation: An attempt was made to connect to or from a remote server, but the connection was not protected by AT-TLS. The server does not allow unsecured connections. Unsecured connections can be allowed using the OPTION statement. User response: Set up an AT-TLS protection between the servers with the policy agent. See the Installation and Deployment Guide for instructions. CKN163I [Unsecured|Secured] connection on socket sockdesc from/to zsecnode/zsecsys sysplex.clone.sysname njenode.smfid rrsfnode Severity: 0 Explanation: This message indicates that the zSecure Server has successfully established a connection with a peer zSecure Server. CKN164I Client number job jobname user userid Severity: 0 Explanation: This message is written to record the first request of a local client program to the zSecure Server. As long as the client requests pass the same token and are issued from the same userid and jobname (and the server has not restarted), the client is considered the same client. CKN165I zSecure Server zsecnode/zsecsys lost last connection to zsecnode/zsecsys Severity: 0 Explanation: This message indicates that the last TCP connection to a partner zSecure Server was dropped. The connection remains dropped until a new allocation request is received. CKN166I An unexpected return code was received from IEFSSREQ SSI=54, Subsys=subsys, R15=rc, SSOBRETN=rsn Severity: 08 Explanation: An IEFSSREQ request type 54 for subsystem subsys ended with return code rc for Register 15 and reason code rsn for the SSOBRETN field, where: Chapter 4. CKN messages 131 v subsys is the name of the subsystem being queried, either JES2 or JES3. v rc is the value of Register 15 returned from IEFSSREQ. v rsn is the IEFSSREQ reason code obtained from SSOBRETN. If a subsystem request using IEFSSREQ is issued, the CKN166I message is generated if an error occurs. If you are running z/OS version 1.8 or later, additional errors related to the JES node processing can occur. Normally, the call to IEFSSREQ returns information about the primary JES2 or JES3 subsystem that obtains the JES2 own node or JES3 home node. If this information is not returned, CKNSERVE cannot determine the name of the local JES node. User response: This error might be caused by running zSecure on an operating system that is not supported, or by recent maintenance to the operating system that might affect the IEFSSREQ service. For further information about the error, see the documented return code values for IEFSSREQ and SSOBRETN in z/OS MVS Using the Subsystem Interface SA22-7642. If you cannot resolve the problem, contact IBM Customer Support. CKN167I Error locating JES node, Subsys=subsys version Severity: 08 Explanation: The CKN167I message is issued if the JES node cannot be determined from the IEFSSREQ subsystem request, where: v subsys is the name of the JES2 or JES3 primary subsystem. v version is the JES2 or JES3 version (for example, SP 1.8.0) User response: This error might be caused by recent maintenance to the operating system that might affect the IEFSSREQ service. Ensure that the primary JES2 or JES3 subsystem has initialized and try to restart the zSecure multisystem server. If you cannot resolve the problem, contact IBM Customer Support. CKN168I subsys node is node Severity: 00 Explanation: During multisystem server initialization, this informational message is issued after the JES node is resolved, where: v subsys is the name of the primary subsystem, either JES2 or JES3. v node is the own node name (JES2) or home node name (JES3). CKN169I Ignoring request id after an end-client request CKNE Severity: 4 Explanation: This message indicates that a local server was passed the indicated request type for a client that is already terminating. This can occur, for example, if remote-files close requests are sent after and end-client request. User response: Ignore or fix the calling program. If the caller is IBM software, look for the message ID on the support web site. CKN170I BPX1CLO failed close listening socket SOCKDESC UNIX_ERROR Severity: 4 Explanation: This message indicates that an attempt to close a socket failed. User response: See your UNIX system codes book to determine the cause and actions. CKN171I Close after reading number records from ddname volser dsname Severity: 0 Explanation: This message documents how many records were read from the indicated data source. 132 Version 1.12: Messages Guide CKN172I Cannot open clntddnm twice; request by zsecsys client number job jobname user userid Severity: 8 Explanation: This message indicates that two open requests were received for the same client file name User response: Fix the calling program. If the caller is IBM software, look for the message ID on the support web site. CKN173I Userid mapping not allowed for client-userid to target-userid, notifying zsecsys job jobname user client-userid client client-id Severity: 8 Explanation: The target-userid does not have an approved PEER or MANAGED-BY association with client-userid, use of the target-userid is denied. User response: Add a CKNUMAP profile to define a user ID mapping or establish a user ID association through RACLINK. CKN174I Userid mapping not implemented for client-userid, notifying zsecsys job jobname user client-userid client client-id Severity: 8 Explanation: The client-userid does not have a mapping profile to determine the user ID to be used on the target system. Data access and command execution is denied. User response: Add a CKNUMAP profile to define a user ID mapping or establish a user ID association through RACLINK. CKN175I RACF EXTRACT of CKNUMAP profile failed abendcode, use identity mapping Severity: 8 Explanation: An abend occurred while attempting to verify access to an RRSFDATA resource User response: User action: Follow abend code guidance in MVS system codes. See z/OS MVS System Codes to determine the cause of the abend and possible actions. CKN176I Task task ignoring DOIO after lost socket sockdesc Severity: 8 Explanation: This message indicates that the server is discarding remote I/O requests because the connection to the remote server was lost. User response: When the remote server has restarted, run the query again. CKN177I Task task ignoring ALLO after lost socket sockdesc Severity: 8 Explanation: This message indicates the server is discarding remote file allocation requests because the connection to the remote server was lost. User response: When the remote server has restarted, run the query again. CKN178I Remote command file rmtfile dsname [member] for localfile of zsecsys client n job jobname user userid Severity: 0 Explanation: This informational message documents which remote file name is used to funnel the remote command screen from the indicated client local file name. Chapter 4. CKN messages 133 CKN179I CKNDOIA unknown WKQRTYPE=xx on WKQR address Severity: 16 Explanation: This message indicates that an unexpected condition was found in routine CKNDOIA. The task is terminated with user abend 179. User response: Look for the message number on the IBM support web site. If you do not find a solution, contact IBM Software Support. CKN180I Put for unopened file localfile received from zsecsys client n job jobname user userid Severity: 8 Explanation: This message indicates a protocol error; a PUT I/O is being received for a file that is not open. User response: Stop and restart the client program. If the problem persists, restart the local and remote servers. If the problem still persists, fix the client program or, if the client is IBM software, search for the message on the IBM support web site. CKN181I Put for unsupported file localfile received from zsecsys client n job jobname user userid Severity: 8 Explanation: This message indicates a protocol error; a PUT I/O is being received for a filetype that does not support it. User response: Fix the client program. If the client is IBM software, search for the message on the IBM support web site. If you do not find a solution, contact IBM Software Support. CKN182I Client n job jobname user userid passed m records to remote program via file remotefile Severity: 0 Explanation: This informational message documents how many records were passed from the client to the remote program for the indicated remote file. CKN183I Connection lost to server zsecsys during I/O on file ddname; from jobname ASID xxxx user userid Severity: 8 Explanation: This message notifies the user that the connection to the remote server was lost during I/O operations on the indicated file name. User response: Wait until the connection to the target zsecsys or zsecnode is reestablished (ask for the remote server to be restarted or let the system select another zsecsys in the target zsecnode), and run the query again. CKN184I Failure during type access verification abendcode Severity: 8 Explanation: An abend occurred while attempting to verify access to the indicated resource type. The resource type can have a value of CKNADMIN or DIRECT: CKNADMIN Refers to the site SAF class profiles CKNADMIN.TONODE.zsecnode DIRECT Refers to the RRSFDATA profile DIRECT.rrsfnode User response: See z/OS MVS System Codes to determine the cause of the abend and possible actions. 134 Version 1.12: Messages Guide CKN185I Not authorized to access zsecnode , insufficient access to RRSFDATA DIRECT.zsecnode RC=retcode RN=reascde job jobname user userid client clientid Severity: 8 Explanation: The indicated userid does not have sufficient access to the RRSFDATA DIRECT.zsecnode resource. Data sets and commands directed to zsecnode are not allowed. User response: Look up the indicated SAF return code and reason code in the Security Server RACROUTE documentation. Give the user a permit if the user needs permission to route commands to the indicated node. CKN186I Failure during CKNADMIN access verification abendcode, disallow use Severity: 8 Explanation: An abend occurred while attempting to verify access to the CKNADMIN resource that controls access to the current node. Access to the system is not allowed. User response: See z/OS MVS System Codes to determine the cause of the abend and possible actions. CKN187I Not authorized to access current-node from source-node RC=retcde RSN=reascde job jobname user userid client clientid Severity: 8 Explanation: The indicated userid does not have sufficient access to the resource CKNADMIN.FROMNODE zsecnode, which controls access to the current node. Data sets and commands directed to current-node are not allowed. User response: Look up the indicated SAF return code and reason code in the Security Server RACROUTE documentation. Give the user a permit if the user needs permission to route commands to the indicated node, or add a CKNUNMAP mapping to a user ID that does exist. CKN188I RACF Retrieval of RACLINK data failed abendcode, disallow use Severity: 8 Explanation: An abend occurred while attempting to retrieve user ID mapping data. The RACLINK user ID association is not used. Data sets and commands directed to the system are not allowed. User response: See z/OS MVS System Codes to determine the cause of the abend and possible actions. CKN189I Connection lost to server ZSECSYS during ALLOC of file CLNTDDNM, job jobname user userid client clientno Severity: 8 Explanation: This message indicates that during an ALLOC request the connection to the remote (target) server was lost, either through a failing network connection or because the server was shutting down or had other problems. User response: Retry the action after reestablishing the connection or after restarting the remote server. CKN190I program ended abend Severity: 4 Explanation: This message indicates that a program that was started on behalf of a client has terminated with the indicated abend. User response: See z/OS MVS System Codes to determine the cause of the abend and possible actions. CKN191I program ended RC number Severity: 0 Explanation: This informational message shows that a program started on behalf of a client terminated with the indicated return code. Chapter 4. CKN messages 135 CKN192I Excessive wait time n minutes for client clientno job jobname ASID asid; attempting release Severity: 4 Explanation: This message shows that a client was waiting for a reply from a remote server longer than is reasonable. The action is terminated. This action might cause follow-on error messages. User response: Look in CKNPRINT and the job log of the local server and remote server. If any problems are noted, restart the server associated with the problem. CKN193I Invalid TYPE=type specification "string" for CLNTDDNM of ZSECSYS client clientno job jobname user userid Severity: 8 Explanation: This message indicates a protocol error. Presumably the server was contacted by a client that uses a more recent version of the protocol User response: Ensure the client and server are on compatible levels. Maybe use a different server token to contact a server supporting the required level. CKN194I Too many files at the same time for CLNTDDNM of ZSECSYS client clientno job jobname user userid Severity: 8 Explanation: This message indicates an unsupported number of information requests are routed to the same remote program instance. User response: Try to simplify the query. CKN195I Invalid TYPE=CKFREEZE specification "string" for CLNTDDNM of ZSECSYS client clientno job jobname user userid Severity: 8 Explanation: This message indicates a protocol error. Presumably the server is contacted by a client that uses a more recent version of the protocol. User response: Ensure the client and server are on compatible levels. Maybe use a different server token to contact a server supporting the required level. CKN196I Remote server file name RMTFILE not allocated for TYPE=CKFREEZE spec or CLNTDDNM of ZSECSYS client clientno job jobname user userid Severity: 8 Explanation: This message indicates that an allocation is missing from the server for the indicated CKFREEZE file. User response: Restart the server. If that does not correct the problem, fix the calling program. If the caller is IBM software, look for the message ID on the support web site. CKN197I Remote server file name RMTFILE used for TYPE=CKFREEZE spec or CLNTDDNM of ZSECSYS client clientno job jobname user userid Severity: 0 Explanation: This informational message documents which remote file is used to satisfy the CKFREEZE request from the client. CKN198I Stopping server because program ended abend_or_RC Severity: 16 Explanation: This message indicates that a requisite task terminated either with an abend or a nonzero return code. The server is shutting down. 136 Version 1.12: Messages Guide User response: Look in the job log and CKNPRINT of the local server and remote server. If you note any problems, resolve them and restart the server associated with the problem. CKN199I Failure during CKNDSN access verification abend Severity: 8 Explanation: An abend occurred during a RACROUTE REQUEST=AUTH authorization check. The access is not allowed. User response: See z/OS MVS System Codes to determine the cause of the abend and possible actions. Messages from 200 to 299 CKN200I Not authorized to access dsname, insufficient access to resource RC=hexrc RSN=hexrsn hex; client clientno job jobname user userid Severity: 8 Explanation: No permission exists on the indicated resource. Consequently, the indicated data set cannot be read. User response: Look up the indicated SAF return code and reason code in the Security Server RACROUTE documentation for RACROUTE REQUEST=AUTH. CKN201I Not authorized to use dsname from ZSECSYS client clientno job jobname user userid Severity: 8 Explanation: This message is passed back to the client to notify it of insufficient authorization on the remote node. User response: If you need more information, look for CKN200I or CKN199I in the remote server CKNPRINT. CKN202I Allocate failed RMTDDNM dsname [member] to CLNTDDNM of ZSECSYS client clientno job jobname user userid Severity: 8 Explanation: This message is passed back to the client for a failed allocation in the remote server. User response: If you need more information, look for IKJ* messages preceding this message in the remote server CKNPRINT file and follow the guidance. CKN203I OPTION name only valid in PARM string Severity: 12 Explanation: The indicated option can be specified only on the PARM string, not in the CKNIN file. User response: Move the option to the PARM string and try the operation again. CKN204I Answer queue for WKQH address dump Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. Chapter 4. CKN messages 137 CKN205I ABEND authorizing class 'resource': abend Severity: 8 Explanation: The indicated abend was encountered during a RACROUTE REQUEST=AUTH for the indicated resource. User response: See z/OS MVS System Codes to determine the cause of the abend and possible actions. CKN206I [Unsecured|Secured] connection not authorized on socket SOCKDESC [from|to] zsecnode/zsecsys sysplexclone.sysname njenode.smfid rrsfnode Severity: 8 Explanation: An attempt was made to connect to or from a remote server, but the connection was not protected by AT-TLS. The server task is not authorized to the unsecured exception resource "CKNADM.INSECURE.secsys". User response: Set up an AT-TLS protection between the servers with the policy agent. See the Installation and Deployment Guide for information. CKN207I Partner cert name invalid on socket SOCKDESC [from|to] zsecnode/zsecsys sysplexclone.sysname njenode.smfid rrsfnode Severity: 8 Explanation: The hostname DOMAIN name value in the ALTNAME extension of the peer certificate (certificate hostname) does not match the ZSECSYS name. Because the certificate is used as proof that the partner server is the real ZSECSYS partner node and not a masquerading attacker, this constitutes an identification-and-authentication failure. Neither was there a permit on the exception resource "CKNADM.CERTOKAY.secsys" which can be used to disable this identification-and-authentication feature. User response: Generate a certificate for the proper (remote) ZSECSYS name in the proper (local) key ring. See the Installation and Deployment Guide for information. CKN208I Socket active WKQR address type status Severity: 0 Explanation: This message is part of a summary dump written in case of problems. User response: No user action is required. CKN209I CKFREEZE ddname still in use. Refresh delayed Severity: 8 Explanation: A refresh of the automatic snapshot file is needed but the file is still in use. User response: Ignore a single occurrence of this message. If the problem persists, restart the server. If that does not help, look for problems in the CKNPRINT output that might cause the delay in completing the client interaction and solve them. CKN212I Server zsecnode/zsecsys token servertoken now listening on port n Severity: 0 Explanation: This message indicates that the server is now listening to connections from peer servers. It is issued both as a print message and as a WTO. CKN213I Server zsecnode/zsecsys token servertoken stopping abend Severity: 16 Explanation: This message warns that the server is stopping in response to an abend condition. It is issued both as a print message and as a WTO, 138 Version 1.12: Messages Guide Messages from 600 to 699 CKN600...CKN699 message Explanation: Messages in the range CKN600-CKN699 are internal error messages that are not individually documented. If you need information about a message in this range, contact IBM Software Support. Messages from 700 to 799 CKN700...CKN799 message Explanation: Messages in the range CKN700-CKN799 are trace messages that are not individually documented. If you need information about a message in this range, contact IBM Software Support. Messages from 800 to 899 CKN893 Task task TCB addr ATTACH RC=n dec attempting to attach task ep Severity: 16 Explanation: This message documents a failure to attach a new task task ep from the indicated TCB instance of a task called task. User response: Review the description of the ATTACH return code and take the appropriate action. For example, the return code might indicate a storage shortage. CKN894I Task task TCB taskaddr DETACH of task ep instance TCB subtaskaddr RC=nn dec Severity: 04 Explanation: This message indicates a failure to cleanly remove the indicated TCB instance of subtask task ep by the indicated owning instance TCB taskaddr of task task. The RC value is a nonzero DETACH return code. User response: Review the description of the DETACH return code and take the appropriate action. CKN895I Task task TCB addr subtask task ep instance TCB subtaskaddr failed abend Severity: 04 Explanation: This message documents that a DETACH task failed with the indicated abend code. The failure occurred in the daughter task instance TCB subtaskaddr of task ep of the indicated mother TCB instance of a task called task. User response: Review the meaning of the abend code and take the appropriate action. For example, the return code might indicate a storage shortage or an input or output-file-related failure. If it is a user abend code, there should be a message either in the print file or in a WTO in the job log or system log with the same decimal message number as the user abend code. If the user abend code is 16, then the message number might be different, for example, 999. Look up the message and follow its guidance. CKN896I Task task TCB addr zero ECB wait Severity: 16 Explanation: This is an internal error message that indicates a problem in the software. User response: Look for the message number on the IBM support web site. If you do not find a solution, save the CKNPRINT and contact IBM Software Support. Chapter 4. CKN messages 139 CKN897I HMALLOC CALL ERROR: NON-THREADSAFE task1 heap from task2 Severity: 16 Explanation: This is an internal error message that indicates a problem in the software. User response: Save the SYSPRINT and other relevant files and contact IBM Software Support. CKN898I program Recursive abend percolated Severity: I Explanation: This WTO message warns that a recursive abend condition occurred. Probably the attempt to provide a summary dump or an attempt to recover failed. User response: Resolve the initial abend. Messages from 900 to 999 CKN941I DIAGNOSTIC DUMP SUPPRESSED FOR program BECAUSE GLOBAL AREA OR GLBLREG GARBLE AT xxxxxxxx Severity: I Explanation: This WTO message explains why there is no diagnostic dump. A regular dump will be needed to analyze the problem. CKN942 Request to write record with negative length hexnum to ddname behind record decnum - user abend 942 Severity: 16 Explanation: This messages indicates either a software problem or an attempt to connect input files to the wrong DD names. User abend 942 is issued. This message is suppressible and results in the record being skipped. However, the resulting output file might be unusable and can give rise to follow-on errors. Suppressing this message is not recommended except as directed by IBM Software Support. User response: Check allocations and the validity of the connected data sets. If your checks do not reveal errors, contact IBM Software Support with relevant documentation. CKN955I program task heap STORAGE REQUEST ERROR: SIZE NOT POSITIVE Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKN970I program task heap FREE STORAGE ERROR: message Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKN993I DIAGNOSTIC DUMP SUPPRESSED FOR program TASK taskname type ABEND xxx Explanation: This message indicates that the program abend exit did not attempt to make a diagnostic summary dump. This is done to prevent recursive abend conditions involving the print file. The task name is PROGRAM for the main task or for the only task in a program. For a multi-tasking program, program might identify one of the subtasks. 140 Version 1.12: Messages Guide CKN998I STACK OVERFLOW FOR STACK tasklevel stackname IN program Severity: 16 Explanation: This message indicates an internal stack error. It is followed by a user abend 16. Contact IBM Software Support. CKN999I STORAGE SHORTAGE FOR TASK taskname HEAP heapname IN program - INCREASE REGION Severity: 16 Explanation: This message indicates that the program needs more storage. If the heap name is LOWHEAP, then the request is for storage below the 16MB line. User response: Look in message CKF034I to determine what region was requested and what was granted to the job step. Increase the REGION value on the JOB or STEP card. It can also be beneficial to use the STORAGEGC command, though this will increase CPU usage. If the problem heap was LOWHEAP, there was not enough storage available below the line. Increasing the REGION might still help, if there was not enough storage above the line so that LOWHEAP storage was used instead. If there is a true storage shortage below the line, you could reduce I/O parallelism with the PARALLEL option or force the immediate freeing of allocations with the FREE option. Chapter 4. CKN messages 141 142 Version 1.12: Messages Guide Chapter 5. CKR messages The CKRCARLA program is the main program in zSecure products. Using the special-purpose Auditing and Reporting language (CARLa), the CKRCARLA program processes RACF, SMF, and other types of information. This program is used by the products such as zSecure Admin and Audit, zSecure Alert, zSecure Visual, and Tivoli Compliance Insight Manager Enabler for z/OS. This chapter describes messages issued by the CKRCARLA program on the mainframe. These messages are prefixed with unique message identifiers in the form CKRnnnn or CKRnnnI, where nnnn and nnn indicate the unique message value. The message identifier is followed by a severity code. Note: The return code from the program is normally set to the maximum value of the return codes from any messages. If an OPTION NOWARNING is coded, the 04 return code from the program is reset to 00. The general meaning of the zSecure severity codes and the completion code are: 00 Normal message, giving status or summary information, or a message indicating a decision taken. 04 Can be a general warning, or an error condition found as a result of VERIFY or REPORT processing. Removal of the error condition can be attempted by means of a command generated by zSecure (if CKRCMD was allocated). 08 Error condition usually found as a result of VERIFY or REPORT processing. No commands can be generated by zSecure to remove the error. 12 Syntax error in the command input. 16 Entitlement problem or invalid or unsupported files connected to zSecure. 20 Unsupported condition found in security database, VTOC or VVDS. 24 Internal error or other unexpected and unsupported condition detected in zSecure. 32 RETURN or JUMP key used. Messages are included in subsections, grouped by the hundred message-numbers. v “Messages from 0 to 99” on page 144 v “Messages from 100 to 199” on page 159 v “Messages from 200 to 299” on page 173 v “Messages from 300 to 399” on page 186 v v v v v v “Messages “Messages “Messages “Messages “Messages “Messages from from from from from from 400 500 600 700 800 900 to to to to to to 499” 599” 699” 799” 899” 999” on on on on on on page page page page page page 199 212 226 241 247 249 v “Messages from 1000 to 1099” on page 264 v “Messages from 1200 to 1299” on page 289 v “Messages from 1300 to 1399” on page 304 © Copyright IBM Corp. 2008, 2010 143 v v v v v “Messages “Messages “Messages “Messages “Messages from from from from from 1400 1500 1600 1700 1800 to to to to to 1499” 1599” 1699” 1799” 1899” on on on on on page page page page page 317 331 335 335 347 v “Messages from 1900 to 1999” on page 348 v “Messages from 2500 to 2599” on page 364 v “Messages from 2800 to 2899” on page 367 Messages from 0 to 99 CKR0000 program terminated due to input errors Severity: 12 Explanation: Previous messages indicate an error in the parameters or command input file. The program does not perform any commands if the command input is not syntactically correct. Correct the errors and submit the job again. CKR0001 No UNLOAD, SHOW, LIST, DISPLAY, (D)SUMMARY, REPORT, VERIFY, COPY, REMOVE, MOVE or MERGE specified Severity: 12 Explanation: No commands were given or implied that would result in any output. Specify one of the commands indicated in the message. CKR0002 Output file open failed - [(redirected virtualdd)] ddname [ path | dsname volser ] Severity: 16 Explanation: The OPEN for the indicated file (for example, CKRUNLOU or CKRCMD) failed. If you are running a batch job, refer to the job log for an abend code and reason code (the abend code is probably 013). If no abend and reason code is present, the DDname is probably not allocated. If you are running TSO interactively and no abend code is listed on your terminal, try specifying PROFILE WTPMSG and try it again. The ddname field in the CKR0002 message may contain garbage. The meaning of the abend code and reason code can be found in the MVS system messages and codes manuals. The message may indicate two DD names, the actual ddname and the dd= parameter referred to in the CARLa (virtualdd). CKR0003 Open for input failed on file ddname volser dsn Severity: 16 Explanation: Check the DD statement for the indicated file and any ALLOC DD=ddname command. Correct the error and submit the job again. CKR0004 Processing started for [complex] pads ddname volume dsn Unloaded by program program v.l.m date time job name at date time on system name [ Complex name complex assigned ] Source type dataset i was volume datasetname databaseformat template level level Severity: 00 Explanation: This message indicates the version of the program that created the unloaded security database, as well as the date and time the database was unloaded, and the SMF ID of the tCKRsystem on which the unload was performed. For each unloaded RACF or ACF2 data set contained in the file, the original volume and data set name are listed. For ACF2 the type of data set is indicated as well: LID, RULE or INFO. For RACF the database format is shown on the last line in the format formattype database format release, where formattype is Restructured or Non-restructured and release, if present, has the form RACF release FMID (v.r.m for older releases). The template level, if present, is the FMID or APAR number that last changed the templates, followed by numerical indicators of 144 Version 1.12: Messages Guide release level and APAR level, if this information is available. If the message contains the text PADS for pads, then this indicates that access allowed to the databases by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope. If the message contains the text program pathing for pads, then that access to the database was allowed by virtue of conditional access by this program. CKR0005 nnnnnn profiles read, yyyy profiles selected (pp%) for complex Severity: 00 Explanation: This message is written at the end of the profile input phase. During this phase SELECT, EXCLUDE, LIST and UNLOAD commands are processed and information is stored for the other commands. The total number of profiles in use in the RACF database is listed, as well as the number of profiles selected by the SELECT and EXCLUDE commands. This does not apply to SELECT and EXCLUDE in the scope of a NEWLIST command. CKR0006 nn profiles truncated on ddname [path | volser dsname] Severity: 08 Explanation: Due to the insufficient record length of output file ddname, profiles were truncated. This may result in erroneous error messages with respect to the truncated profiles if subsequent processing is done on the unloaded file, but this is not necessarily the case. For instance, truncated group profiles will cause spurious error messages if you try or imply the VERIFY CONNECT command, but in general it will not cause any other trouble, due to the redundancy in the database. CKR0007 File is empty - ddname volume dsn Severity: 16 Explanation: The specified TYPE=UNLOAD file was allocated, but contained no records. CKR0008 End-of-file before type record - ddname volume dsn Severity: 16 Explanation: The specified TYPE=UNLOAD file contained some status records, but the indicated record type was not present. The indicated type can be ICB for the first RACF database record, CRDB for an origin database record, or FDR for the ACF2 FDR records. Probably the unload failed, or the system catalog points to a previous version of your unloaded data set (see CKR0014 for a possible cause for this problem). CKR0009 siteidentifier activity on SYSNAME(name) SYSPLEX(name) [ LPARNAME(name) ] [ VMUSERID(name) ] [ HWNAME(name) ] CPU-id CPUid Product codes codes Products Severity: 00 Explanation: This message shows a site-specific string, the system, sysplex, LPAR, VM user ID, and hardware where it is running, and which IBM Security zSecure suite products are installed and not disabled through IFAPRDxx for use in this program. For a description of the product codes, see the License names table in any of the zSecure Admin and Audit user reference manuals. Each line in the "Products" section shows a product ID and the full name of a particular product feature, for example, 5655-T02 IBM Security zSecure Audit for RACF for code AUDITRACF. activity can be Runs or UNIX depending on the calling environment used. CKR0010 OPEN abend hhh-hh on file ddname Severity: 16 Explanation: The OPEN for the indicated file (CKRACFnn, or redirected database ddname) failed. If you are running a batch job, refer to the job log for an abend code and reason code (the abend code is probably 013). If you are running TSO interactively and no abend code is listed on your terminal, try specifying PROFILE WTPMSG and try it again. The ddname field in the CKR0010 message probably contains garbage. Chapter 5. CKR messages 145 CKR0011 I/O error: synadaf message Severity: 16 Explanation: An I/O error occurred on one of the CKRACFnn files. Check that the file allocated is indeed a RACF database with RECFM=F and LRECL=1024 for a non-restructured database and LRECL=4096 for a restructured database. On a VM system, it may also occur for a database on an OS formatted minidisk; in this case you can process the database by copying it to a temporary CMS formatted minidisk and process this copy. CKR0012 More than 90 RACF data sets parallel not supported - use separate runs Severity: 12 Explanation: This version of the program does not support processing more than 90 databases at the same time. Use the ALLOC DB= command to select 90 or less databases for processing. If your site requires operation on more than 90 data sets, contact IBM Software Support. CKR0013 No file unload-ddname or db-ddname preallocated Severity: 16 Explanation: No source of RACF profiles was found in implicit allocation mode. Normally the current RACF database would be allocated dynamically, but you are running on a CMS system, or on an MVS system without RACF active. Allocate the database you want to process explicitly to the CKRACF01 file (and if the database is split, to the CKRACFnn files) or use an ALLOC TYPE=RACF or ALLOC TYPE=UNLOAD command. CKR0014 File does not start with CRCF record - ddname volume dsn Severity: 16 Explanation: This message indicates that the CKRUNLIN file, i.e. the security database UNLOAD file, contains invalid information. There are two common reasons: v the UNLOAD data set was not filled by zSecure v the UNLOAD data set has incompatible/invalid DCB characteristics. You can check this by looking at the DCB info using ISPF option 3.2. They should be Organization Record format Record length Block size . . . . . . . . . . . . . : : : : PS VBS 32768 27998 If you find a record format U or data set organization PO, then your installation probably has an ACS routine, i.e. an SMS routine to set default data set characteristics, that assumes that any data set with the letters LOAD in the last qualifier is a load module data set. We recommend that you specify the DCB characteristics in the JCL of CKRJCPYR: //CKRUNLOU DD ...., // DSORG=PS,RECFM=VBS,LRECL=X,BLKSIZE=27998 CKR0015 Open failed of [complex] primary RACF DB db file ddname data set dsname on volume Severity: 16 Explanation: Refer to CKR0002 and CKR0010 for a discussion. CKR0016 Open failed of [complex] secondary RACF DB db file ddname data set dsname on volume Severity: 16 Explanation: Refer to CKR0002 and CKR0010 for a discussion. 146 Version 1.12: Messages Guide CKR0017 Processing started for [complex] DB db pads ddname volume datasetname CKR0017 File ddname complex has databaseformat release template level level Severity: 00 Explanation: The TYPE=RACF data set open was successful for the file indicated, and input of the database was started. The database format is shown on the second line in the format formattype database format release, where formattype is restructured or non-restructured and release if present has the form RACF release FMID (v.r.m for older releases). The template level, if present, is the FMID or APAR number that last changed the templates, followed by numerical indicators of release level and APAR level if this information is available. If the message contains the text PADS for pads, then this indicates that access to the data set was allowed by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope. CKR0018 No extents present for ddname volume datasetname Severity: 16 Explanation: The file indicated was opened successfully, but no extents were present (the data set is empty). CKR0019 ALLOC PRIMARY/BACKUP/ACTIVE/INACTIVE/DB invalid if CKRACF01 pre-allocated Severity: 16 Explanation: An ALLOCATE command for implicit allocation mode was present in the commands as well as a preallocated database. Either remove the ALLOCATE command or remove the CKRACFC01 file. CKR0020 Type input terminated, LIMIT lim reached Severity: 00 Explanation: The OUT or IN limit you specified on a LIMIT command has been reached, no more profiles or records (type) will be read. CKR0021 Unsupported BAM format: 1st block on odd nibble, block number nnnn, database num Severity: 20 Explanation: During input of the Block Availability Map (BAM) an unsupported format was detected (a nibble is four bit and describes the segments of one block in non-RDS format). If no other errors are found and the error is reproducible, contact IBM Software Support. CKR0022 Unsupported BAM format: odd # blks in other than last BAM block - block number nnnn db num Severity: 20 Explanation: During input of the Block Availability Map (BAM) an unsupported format was detected. If no other errors are found and the error is reproducible, contact IBM Software Support. CKR0023 OPEN for input with QSAM failed for file ddname dataset dsn on vol Severity: 16 Explanation: While using BDAMQSAM processing (currently this is the default mode), after conclusion of BDAM processing the data set could not be opened again with QSAM processing. Possibly other error messages were issued to indicate what went wrong. CKR0024 Index marker not on block boundary: ddname block nnnn segment offset off Severity: 20 Explanation: The RACF database was found to start an index block at an other segment than the first in a block. This format is not supported. If the problem is reproducible, run IRRUT200. If no errors are revealed, contact IBM Software Support. Chapter 5. CKR messages 147 CKR0025 Index block with invalid length: ddname block nnnn length len Severity: 20 Explanation: The RACF database was found to contain an index block with a length unequal to 1024 for non-RDS and 4096 for RDS. This format is not supported. Contact IBM Software Support. CKR0026 End of file in 2nd segment of profile: ddname block nnnn segment offset off Severity: 20 Explanation: At the specified position in the RACF database a profile was being read and not complete at the end of the data set. Contact IBM Software Support. CKR0027 Unused segment instead of profile continuation: ddname block nnnn segment offset off Severity: 20 Explanation: At the specified position in the RACF database a profile was being read and not complete according to the physical profile length field, but the block availability map indicates that the next segment is not occupied. This may happen because of update activity on the database while performing the read. If the problem and the place where it occurs is reproducible, run IRRUT200 to analyze the database. If still no errors are revealed or, if the problem is intermittent and annoying, contact IBM Software Support. The developers never experienced trouble serious enough to justify an enqueue on the database against updates. CKR0028 File ddname extended nn block for profile at blk nnnn segment offset off needs yyy segments extra Severity: 20 Explanation: At the specified position nnnn/off in the RACF database a profile was being read and not complete at the logical end of the data set (i.e. the end according to the BAM blocks). The logical end of the database was automatically extended with nn blocks to get a complete profile. This may happen if a large new record was added to the RACF database during the database read. CKR0029 Segment type X'hh' not supported - ddname block nnnn segment offset off Severity: 20 Explanation: An unknown database segment type was encountered. If the problem is reproducible at the same place, run IRRUT200. If this does not reveal structural errors, contact IBM Software Support. CKR0030 Unsupported template addr. hexvalue len ll searching fldname in entity type n ICB at addr Severity: 20 Explanation: While using the templates to scan a profile, an unsupported kind of template was encountered. If the error is reproducible, contact IBM Software Support. CKR0031 Restricted mode active by installation option Severity: 00 Explanation: This message indicates that the product was installed with restricted mode active. The restricted mode setting is specified by the RESTRICT installation option in the CKRSITE module. For details on the CKRSITE module and installation options, see IBM Security zSecure CARLa-Driven Components: Installation and Deployment Guide. CKR0031 Restricted mode active because of pads Severity: 00 Explanation: This message indicates that one or more of the input files could only be processed because of read access granted to the program. In that case, restricted mode processing is automatically activated. The message contains either the text PADS or the text program pathing for pads. 148 Version 1.12: Messages Guide CKR0031 Restricted mode active, no READ access to class CKR.READALL Severity: 00 Explanation: Through a profile covering the CKR.READALL resource in the class specified in the CKRSITE area it is possible to define which users can read the full database (READ access) and those that will run in restricted mode (covering profile exists and NONE access). The current user has no READ access. CKR0031 Unrestricted mode active, READ access to class CKR.READALL Severity: 00 Explanation: Through a profile covering the CKR.READALL resource in the class specified in the CKRSITE area it is possible to define which users can read the full database (READ access) and those that will run in restricted mode (covering profile exists and NONE access). The current user has READ access. CKR0031 Unrestricted mode active Severity: 00 Explanation: This message indicated that the product defaults to unrestricted mode because it is not installed with the installation option RESTRICT, the input files can be processed without requiring read access granted to the program, and a profile covering the CKR.READALL resource in the class specified in the CKRSITE area is not defined. CKR0032 File ddname not allocated Severity: 12 Explanation: The filename requested on a PRINT command was not found allocated. Review your JCL. CKR0033 [complex] DB db datasetname has number segments (of 256 byte) in use, number segments free (pp% used) Index uses pp%. Unusedspace. Using readmethod. Statistics Severity: 00 Explanation: This message reports on the contents of a RACF data set. Each segment is 256 byte. Free space can be present at the end of the database (never used), or fragmented through the database. If all space is fragmented, Unusedspace will contain the text Free space completely fragmented, otherwise it will show Space beyond pp% never used. The data set is read without use of the index; readmethod can be BDAMQSAM, multitrack ECKD EXCP, or full-track EXCP. If either EXCP method was used, a third line is shown in the format Read number blocks from a total of number in number IOs. Cache hit was pp%. CKR0034 Action for id id requested, but no occurrences were found Severity: 00 Explanation: The REMOVE or MOVE command for the indicated user or group did not result in any commands being generated, since no permits or notifies to be moved exist. Check for typing errors or for SELECT statements that exclude part of the database. CKR0035 at ddname record nnnnn, originally DB seq i RBA hexnum for complex complex Severity: 00 Explanation: This message gives the location in a TYPE=UNLOAD file where a previous error message occurred. CKR0036 at ddname block nnnn segment offset i DB seq j RBA hexnum for complex complex Severity: 00 Explanation: This message gives the location in a TYPE=RACF file where a previous error message occurred. Chapter 5. CKR messages 149 CKR0037 Allocation failed for DDNAME ddname source=source DSN=dsname status=ERR Severity: 16 Explanation: During an attempt to dynamically allocate an active ACF2 (backup) data set, the program found that it could not succeed in doing so, because the requested data set was marked ERR by ACF2. This implies that ACF2 itself could not allocate the data set either, probably because the data set does not exist. The ddname indicates the type of data set for which the allocation failed. CKR0038 Warning: RACF Range Table for complex complex unknown, SUPPRESS ICHRRNG implied Severity: 00 Explanation: This message indicates that the proper CKFREEZE file for the security complex complex was missing or did not contain the range table needed. The program will proceed as if all profiles are in their proper RACF data set. CKR0039 product used cc.c CPU seconds, nn,nnnKB and took ss wall clock seconds Region requested rr,rrrKB, granted g,ggg+gg,ggggKB max used in jobstep uu,uuu+uu,uuuKB Errortrapcount Severity: 00 Explanation: This message is indicates the resource usage as well as the elapsed time for this run. If the run terminated unsuccessfully, the storage part is omitted. For TSO users, the CPU seconds include any work that was done on other ISPF logical screens under TSO while interactively displaying zSecure output screens. The second message line lists the region requested by the user, and the region granted to the job step by the installation. The third message line shows the actual maximum used during the job step. This includes any other tasks running in the job step, i.e. for TSO users it will include TSO and ISPF storage and anything else that has run on ISPF logical screens since logon. Region sizes can be formatted as below+above, where the first number is the region below the 16MB boundary and the second number is the region above the 16MB boundary, both in kilobyte units. If any errors were trapped, a fourth line will be shown in the format Error trap count is number. CKR0040 RACF indicator set but no discrete profile found for volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY INDICATED command. To solve this error condition a command sequence consisting of an ADDSD NOSET followed by a DELDSD for the profile is generated. CKR0041 Discrete profile found but RACF indicator not set volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. To solve the error condition a DELDSD NOSET command will be generated. CKR0042 Discrete profile present but no dataset on volume volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. To solve the error condition a DELDSD NOSET command will be generated. CKR0043 Discrete profile present but volume not mounted volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. To solve the error condition a DELDSD NOSET command will be generated. 150 Version 1.12: Messages Guide CKR0044 PROGRAM dsn/vol obsolete complex program - volser dsname Reason Severity: 04 Explanation: This message is issued due to a VERIFY PROGRAM function because the indicated data set does not exist on the indicated volume for any system in the complex. For each system a Reason line follows with one of the following detail explanations: v Volume is not mounted on system syst volser v VTOC is not readable on system syst volser v Data set does not exist on volume of syst volser dsname v Data set is not partitioned on volume of syst volser dsname If a CKRCMD file is allocated for the complex, an RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR0045 Obsolete permit identity unknown program program - volser datasetprofile Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Basic program security mode. A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause. CKR0046 event permit identity in access list of non-VSAM volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE VOL() command will be generated. CKR0047 PROGRAM dsn/vol redundant, covered by dsn w/o vol complex program - volser dsname Severity: 04 Explanation: This message is issued by the VERIFY PROGRAM function because the indicated volume-specific PROGRAM profile member is covered by a PROGRAM profile member without volume specification, and is, therefore, redundant. If a CKRCMD file is allocated for the complex, a commented-out RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR0048 event permit identity in access list VSAM profil volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE VOL() command will be generated. CKR0049 Duplicate range in ICHRRNG complex complex key key Severity: 08 Explanation: This message indicates that a RACF range table was encountered with the same range present twice. The program will use the first definition and ignore subsequent ones. Chapter 5. CKR messages 151 CKR0050 event permit identity in access list generic dataset datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT GENERIC DELETE command will be generated. CKR0051 Date value "value" 2-digit year is ambiguous Severity: 12 Explanation: This suppressible message indicates that a 2-digit year was encountered. By default, this is not allowed to prevent any year-2000 related confusion. In case this is a problem for backward compatibility, you can suppress the message. In this case the 2-digit years are all interpreted as lying in the 20th century (they are prefixed with 19, being backward compatible). No cut-off dates or windows are used because this would be newlist-type and fieldname-dependent and is not backward compatible. CKR0052 event permit identity in access list model dataset datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE command will be generated. CKR0053 Field field value "value" 2-digit year ambiguous at ddname line number Severity: 12 Explanation: This suppressible message indicates that a 2-digit year was encountered in a newlist type=RACF. By default, this is not allowed to prevent any year-2000 related confusion. In case this is a problem for backward compatibility, the message can be suppressed. In this case the 2-digit years are all interpreted as lying in the 20th century (they are prefixed with 19, being backward compatible). No cut-off dates or windows are used because this would be newlist-type and fieldname-dependent and is not backward compatible. CKR0054 event permit identity general resource profile class progname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE command will be generated. CKR0055 event owner identity of non-VSAM dataset profile volser datasetname - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition an ALTDSD VOL() OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT OWNER= command. The new owner selected is shown in the message. 152 Version 1.12: Messages Guide CKR0056 event owner identity of VSAM dataset profile volser datasetname - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a ALTDSD VOL() OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT OWNER= command. The new owner selected is shown in the message. CKR0057 event owner identity of generic dataset profile datasetname - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a ALTDSD GENERIC OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT OWNER= command. The new owner selected is shown in the message. CKR0058 event owner identity of model dataset profile datasetname - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a ALTDSD OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT OWNER= command. The new owner selected is shown in the message. CKR0059 event owner identity general resource profile progname - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a RALTER OWNER() command will be generated with the default owner selected with DEFAULT OWNER=. The new owner selected is shown in the message. CKR0060 event owner identity on user userid - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. To solve the error condition an ALTUSER OWNER() command will be generated with the default owner selected with DEFAULT OWNER= as the new owner. The new owner selected is shown in the message. CKR0061 event owner identity on group group - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. To solve the error condition an ALTGROUP OWNER() command will be generated with the default owner selected as the new owner. The new owner selected is shown in the message. Chapter 5. CKR messages 153 CKR0062 event owner identity connect userid to group Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. To solve the error condition a CONNECT OWNER() command will be generated with the connect group as the new owner. CKR0063 event owner identity general resource profile class key Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a RALTER OWNER() command will be generated with the default owner selected. CKR0064 event permit identity general resource profile class key Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Copy or Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE command will be generated. CKR0065 Missing userid userid on group group Severity: 08 Explanation: This message is issued due to a VERIFY CONNECT command. It indicates that the indicated user ID is not found in the USERID repeat group of the indicated GROUP profile, or that there is no such group profile at all. Also, the group is not universal, or the group is universal but the connect has a connect attribute of SPECIAL, OPERATIONS, or AUDITOR, or a connect authority other than USE. Connect information should be present in three places in the RACF databases, and for each of those places a message CKR0065, CKR0066, or CKR0067 is issued if it was missing that specific piece. No support is present to remove this condition. CKR0066 Missing group group on user userid Severity: 08 Explanation: This message is issued due to a VERIFY CONNECT command. It indicates that the indicated group was not found in the CONGRPNM repeat group of the indicated USER profile, or that there is no such user profile at all. Connect information should be present in three places in the RACF databases, and for each of those places a message CKR0065, CKR0066, or CKR0067 is issued if it was missing that specific piece. No support is present to remove this condition. CKR0067 Missing connect userid to group group Severity: 08 Explanation: This message is issued due to a VERIFY CONNECT command. It indicates that the indicated group was not found in the CGGRPNM repeat group of the indicated USER profile, or that there is no such user profile at all. Connect information should be present in three places in the RACF databases, and for each of those places a message CKR0065, CKR0066, or CKR0067 is issued if it was missing that specific piece. No support is present to remove this condition. 154 Version 1.12: Messages Guide CKR0068 event id - identity referenced number times Severity: 00 Explanation: This message summarizes the erroneous references found by the VERIFY PERMIT or MOVE/REMOVE/COPY PERMIT/USER/GROUP/NOTIFY commands for each undefined or removed/copied identity. CKR0069 No system has non-directed ctlg entry for cluster on volser clustername Severity: 04 Explanation: This message indicates that a cluster clustername with at least one component on volume volser was cataloged in such a way that a STEPCAT or JOBCAT DD statement is needed to access it on all systems sharing the volume volser. In addition, there is no alias on any of the systems for the first qualifier(s), otherwise message CKR0294 would be issued instead. CKR0070 Component name found twice in VTOC - volser datasetname Severity: 08 Explanation: Two identical format 1 DSCB keys in the VTOC are not supported. If the error is reproducible (run zSecure Collect again first), the condition may be resolved by letting the VTOC index (if present) decide which one is in use, and modifying the DSCB of the other one to another name (if you want to keep the data) or to a format 0 DSCB. If you modify the DSCB, you will have to rebuild the VTOC index. CKR0071 Component name found in VVDS but not in VTOC - volser datasetname Severity: 08 Explanation: Incidental cases may be the result of actions performed by the system between reading of the VTOC and the VVDS by zSecure Collect (opening the VVDS takes a considerable amount of time). If this message is reproducible for the same component (run zSecure Collect again first), then a problem exists. Perform the IDCAMS DIAGNOSE function on the VVDS: maybe a DELETE CLUSTER or DELETE VVR command will help. CKR0072 Catalog not found on any volume for cluster name datasetname Severity: 04 Explanation: This message is issued together with CKR0073 to indicate that the VVDS points to a catalog that was not found in the CKFREEZE file. This message lists the cluster name that was cataloged in the now-unavailable catalog. This need not be a problem if the data set was cataloged in another catalog, available through the regular search sequence. CKR0073 Catalog not found on any volume on any system datasetname Severity: 08 Explanation: This message is issued to indicate that references were found from the VVDS to the catalog indicated. The cluster names that were cataloged in the now-unavailable catalog are listed by separate CKR0072 and CKR0169 messages. CKR0074 Discrete profile for VVDS present (not used by DFP) volser datasetname Severity: 04 Explanation: DFP does not consult RACF for operations on the VVDS. Instead, APF authorization is required to open it. Therefore, the VVDS profile gives a false picture of the access requirements of the VVDS. For a pure RACF/DFP combination it should be deleted to avoid misleading data. However, you might want to verify that your non-IBM storage management products are properly using DASDVOL class and not using a VVDS data set profile. Chapter 5. CKR messages 155 CKR0075 Inaccessible dataset (RACF indicated and no profile) volser datasetname Severity: 04 Explanation: An indicated data set exists that is not protected by any (discrete or generic) profile. This message is issued by the VERIFY PROTECTALL function. Since the data set is indicated (the DSCBIND bit in the VTOC, that tells RACF that this data set is protected by a discrete profile, is on), we expect a discrete profile. This situation may be acceptable when in your installation user data sets are only accessible to the user himself, and therefore there is no need to register PERMITs or audit requirements. An ADDSD NOSET command is generated to solve this error condition, unless VERIFY INDICATED was also specified: then a message CKR0040 was already issued, with the appropriate command sequence (see CKR0040). Note that adding the profile may not be enough, you might want to enhance the access list, or use a generic profile instead. CKR0076 Unprotected dataset (not RACF indicated, no generic) volser datasetname Severity: 08 Explanation: This message is issued due to a VERIFY PROTECTALL command in NOPROTECTALL or PROTECTALL(WARN) environment. No command is generated. CKR0077 Generic profile without matching datasets datasetname Severity: 04 Explanation: The generic profile indicated appears not to protect any data sets. This message is issued by the VERIFY NOTEMPTY function and accompanied by a DELDSD GENERIC command for the profile in the CKRCMD. There could be several situations in which this message is issued while the profile still performs a valid function. It could be there to disallow allocation, it might protect data sets that are only temporarily present (maybe during a periodic batch run, or they are created and deleted regularly by TSO users), or the VERIFY NOTEMPTY run did not use a recent CKFREEZE data set as input. To check for temporary file existence, for example, during batch job run, it is recommended that you use SMF reporting and JCL library searches before deciding to delete an empty profile. After verification you can use the editor to delete any undesired commands before executing the CKRCMD results. CKR0078 Redundant non-VSAM dataset profile volser datasetname Severity: 04 Explanation: This message is issued due to the REMOVE REDUNDANT command. The command generated is DELDSD VOL(). CKR0079 Redundant VSAM dataset profile volser datasetname Severity: 04 Explanation: This message is issued due to the REMOVE REDUNDANT command. The command generated is DELDSD VOL(). CKR0080 Redundant TAPE dataset profile volser datasetname Severity: 04 Explanation: This message is issued due to the REMOVE REDUNDANT command. The command generated is DELDSD VOL(). CKR0081 Redundant MODEL dataset profile datasetname Severity: 04 Explanation: This message is issued due to the REMOVE REDUNDANT command. The command generated is DELDSD. 156 Version 1.12: Messages Guide CKR0082 Inaccessible dataset (not indicated and no generic) volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY PROTECTALL command in a PROTECTALL(FAIL) environment. No command is generated. CKR0083 Redundant generic dataset profile datasetname Severity: 04 Explanation: This message is issued due to the REMOVE REDUNDANT command. The command generated is DELDSD. CKR0084 Component name found in VTOC but not in VVDS - volser datasetname Severity: 08 Explanation: Incidental cases can result from actions that are performed by the system between readings of the VTOC and the VVDS by zSecure Collect (opening the VVDS takes a considerable amount of time). First, run IBM zSecure Collect again. If this message is reproduced for the same component, then a problem exists. Perform the IDCAMS DIAGNOSE function on the VVDS. CKR0085 Duplicate cluster entry found in 1 catalog on volume volser datasetname Severity: 08 Explanation: This message indicates that the configuration input file CKFREEZE contains a catalog dump for a catalog on volume volser with the same cluster entry datasetname appearing twice. This might happen if you concatenate two CKFREEZE files containing dumps of the same catalog. CKR0086 Ownership cell not found for cluster cataloged on volser datasetname Severity: 08 Explanation: This message indicates that the configuration input file CKFREEZE contains a catalog dump from a catalog on volume volser with a cluster entry datasetname for which the ownership cell was not found. Check whether the record length of the CKFREEZE file is sufficient for your catalog records. CKR0087 Number of detail messages is nnn Severity: 00 Explanation: This message summarizes the total number of detail messages that will subsequently be issued. CKR0088 Id based suppress or limit request(s) - nnn detail message(s) suppressed Severity: 00 Explanation: This message summarizes the number of suppressed messages due to the SUPPRESS ID= and LIMIT ID= commands. Note that these two commands will only limit the number of messages issued, not the work performed by the VERIFY and REMOVE commands (use SELECT QUAL= for this if applicable). CKR0089 Cluster not in any connected catalog, component on volser datasetname Severity: 08 Explanation: The indicated cluster (datasetname) was referred to from MVS control blocks or from a VVDS, but the cluster was not part of any catalog connected to the master catalog on any system. Possibly, the volume was shared with a system for which you did not include a CKFREEZE file, or the master catalog for one of your systems was switched without it being synchronized with the old one first. The cluster will not be normally accessible. Chapter 5. CKR messages 157 CKR0090 volser suppress request - nnn detail message(s) suppressed Severity: 00 Explanation: This message summarizes the result of the SUPPRESS VOL= command per volume. CKR0091 volser message limit exceeded - nnn detail message(s) suppressed Severity: 08 Explanation: This message summarizes the result of the LIMIT MSG= command per volume. CKR0092 volser has nnn RACF indicated dataset(s) without profile Severity: 00 Explanation: This message summarizes the result of the VERIFY INDICATED command per volume. CKR0093 volser has nnn discrete profile(s) for non-RACF indicated datasets Severity: 00 Explanation: This message (with CKR0094 and CKR0095) summarizes the result of the VERIFY ONVOLUME command per volume. CKR0094 volser has nnn discrete profile(s) without dataset on the volume Severity: 00 Explanation: This message (with CKR0093 and CKR0095) summarizes the result of the VERIFY ONVOLUME command per volume. CKR0095 volser has nnn discrete profile(s) but volume not mounted Severity: 00 Explanation: This message (with CKR0093 and CKR0094) summarizes the result of the VERIFY ONVOLUME command per volume. CKR0096 volser has nnn inaccessible dataset(s) (RACF indicated, no profile) Severity: 00 Explanation: This message (with CKR0097 and CKR0098) summarizes the result of the VERIFY PROTECTALL command per volume. CKR0097 volser has nnn inaccessible dataset(s) (not indicated, no profile) Severity: 00 Explanation: This message (with CKR0096 and CKR0098) summarizes the result of the VERIFY PROTECTALL command per volume in a PROTECTALL(FAIL) environment. CKR0098 volser has nnn unprotected datasets (not indicated, no profile) Severity: 00 Explanation: This message (with CKR0097 and CKR0098) summarizes the result of the VERIFY PROTECTALL command per volume in a NOPROTECTALL or PROTECTALL(WARN) environment. 158 Version 1.12: Messages Guide CKR0099 nnn messages suppressed for catalog catalog name Severity: 00 Explanation: This message summarizes the result of the SUPPRESS CAT= or LIMIT MSG= command. Messages from 100 to 199 CKR0100 Duplicate request for ID=name Severity: 12 Explanation: More than one specific and incompatible request was made for one identity. Remove duplicates and use separate runs for conflicting requests. CKR0101 Duplicate REPORT PERMIT/SCOPE=id Severity: 12 Explanation: An identity occurred twice in the indicated commands. Remove duplicates. CKR0102 The parameters OUTOFGROUP, NONDEFAULT and (NON)REDUNDANT are mutually exclusive Severity: 12 Explanation: You must use separate runs for each of these REPORT options. CKR0103 Field "fldname" to be processed not found in any template Severity: 12 Explanation: The field you requested on the LIST, SORTLIST, DISPLAY, or (D)SUMMARY command was neither a NEWLIST TYPE=RACF built-in field, nor found in the templates for any type of entity. Verify the spelling in the CARLa Command Language reference chapter in the user reference manual. CKR0103 Field "fldname" to be processed unknown Severity: 12 Explanation: The field you requested on the LIST, SORTLIST, DISPLAY, or (D)SUMMARY command was not a built-in field. Verify the spelling in Verify the spelling in the CARLa Command Language reference chapter in the user reference manual. CKR0104 FIELD must be specified with either SCAN or FIELDVALUE Severity: 12 Explanation: Both the field to be used as selection criterion and the exact or substring scan value for it must be specified. CKR0105 Volume "volser" specified more than once Severity: 12 Explanation: The same volume was mentioned more than once for the same function. Possibly you used the repeat command of the editor and intended to change it to another volume. CKR0106 Catalog "catname" specified more than once Severity: 12 Explanation: The same catalog was mentioned more than once for the same function. Possibly you used the repeat command of the editor and intended to change it to another name. Chapter 5. CKR messages 159 CKR0107 The parameters PROFILE, MASK/FILTER, MATCH and BESTMATCH are mutually exclusive Severity: 12 Explanation: On the SELECT or EXCLUDE command only one selection option based on the profile key can be given. CKR0108 Left margin cannot exceed right margin at ddname line number Severity: 12 Explanation: In the MARGINS(x,y) command, x (the left margin) cannot exceed y (the right margin). If possible, the dataset and line number where this occurred are specified. CKR0109 BY= must precede PAGEBY= Severity: 12 Explanation: The PAGEBY value must be the first in the BY list and the BY list must be in front of the PAGEBY option. CKR0110 PAGEBY and BY combination implies page per profile Severity: 12 Explanation: The combination of BY and PAGEBY parameter as specified or implied would result in a new page for each profile. This is probably not what you meant. CKR0111 DB=1 must be included because it is the master database Severity: 12 Explanation: The master database must always be included in the databases selected because it contains the RACF options to be used. CKR0112 DB numbers only supported in range 1..64 Severity: 12 Explanation: Selection by sequence number is only supported for sequence number 1 through 64. To use higher sequence numbers, you must preallocate CKRACFnn files. CKR0113 LIST commands must be followed by at least one parameter or NEWLIST must be a LIKELIST target Severity: 12 Explanation: The LIST command may not be specified without any operands, since this would result in an empty line for each selected profile or record. The exception to this rule is a LIST command in a NEWLIST that is the target of a LIKELIST; presumably, the NEWLIST will have OUTLIM set to zero. CKR0114 Value selection for field field not supported at ddname line number Severity: 12 Explanation: The specified field has internally coded field values. This type is not supported, and can only be used for output. CKR0115 option only valid behind USER/PERMIT= Severity: 12 Explanation: The option indicated is only valid behind COPY, MOVE or REMOVE options USER= or PERMIT=. Possibly you only need to change the order of the parameters. 160 Version 1.12: Messages Guide CKR0116 option only valid behind USER/GROUP= Severity: 12 Explanation: The option indicated is only valid behind COPY, MOVE or REMOVE options USER= or GROUP=. Possibly you only need to change the order of the parameters. CKR0117 option only valid behind (RE)MOVE TOGROUP= Severity: 12 Explanation: The option indicated is only valid behind MOVE or REMOVE option TOGROUP=. Possibly you only need to change the order of the parameters. CKR0118 option only valid behind USER/GROUP/NOTIFY/PERMIT= Severity: 12 Explanation: The option indicated is only valid behind COPY, MOVE or REMOVE options USER= or GROUP=. Possibly you only need to change the order of the parameters. CKR0119 option only valid behind USER= Severity: 12 Explanation: The option indicated is only valid behind COPY, MOVE or REMOVE options USER=. Possibly you only need to change the order of the parameters. CKR0120 option not valid with COPY Severity: 12 Explanation: The option indicated is only valid behind MOVE or REMOVE commands, not behind COPY. CKR0121 Print options behind NEWLIST must be specified before the (SORT)LIST Severity: 12 Explanation: In the scope of a NEWLIST command, the print and selection options must be specified before the LIST, SORTLIST, DISPLAY, or (D)SUMMARY command(s). Change the order of your commands, and run the job again. CKR0122 Selection behind NEWLIST must be specified before the (SORT)LIST or (D)SUMMARY Severity: 12 Explanation: In the scope of a NEWLIST command, the print and selection options must be specified before the LIST, SORTLIST, DISPLAY, or (D)SUMMARY command(s). Change the order of your commands, and run the job again. CKR0123 Field "name" is not a segment or entity name - ddname line number Severity: 12 Explanation: A segment or entity is expected, but a field of another type was specified instead. CKR0124 Field field value "value" invalid at ddname line number Use DDMMMYYY, YYYY-MM-DD, YYYY/DDD, TODAY, DUMPDATE, optionally suffixed "-nn" Severity: 12 Explanation: A date is expected but the format is not recognized. The program supports an ISO-format date (for example, 01OCT1999), a julian date (for example, 1999/274), and the two keywords TODAY and DUMPDATE. You Chapter 5. CKR messages 161 can add an -xx suffix to the keywords to indicate a date that is xx days earlier (for example, TODAY-7). In addition, you can specify the value NEVER to indicate no date. Note: Not all date fields support DUMPDATE. For example, the certificate fields CERTSTRT and CERTEND do not allow it to be specified. CKR0125 Message number to be suppressed must be in range 0..1999 - nnnn Severity: 12 Explanation: This message indicates that the message number validation failed. Type a decimal number without CKR prefix, or a list of such numbers enclosed in parentheses and separated by commas. CKR0126 Invalid date value before type "value" at ddname line number Severity: 12 Explanation: This message indicates that the date value encountered before the place indicated in the input is incorrect. This can be due to invalid month names, year formats, day numbers, invalid separators, etc. For valid date formats, see the date field parameter descriptions in the zSecure user reference manuals. CKR0127 The access value ALTER-O was not expected before type "value" at ddname line number Severity: 12 Explanation: This message indicates that the program has interpreted the previous token as the access value ALTER-O, but this value is considered not applicable in this context. CKR0128 Expecting relational operator or "(" instead of type "value" at ddname line number Severity: 12 Explanation: This message indicates that the program has interpreted the previous token as a fieldname and is now expecting the rest of the expression to test a field value. Possibly, you mistyped the keyword just before the indicated string. CKR0129 Value list only valid with "=" or "<>" - value Severity: 12 Explanation: This message indicates that you specified a value list with a relational operator including 'less than' or 'greater than'. This is not allowed with a value list, only with a single value. CKR0130 OPEN failed for ddname volume dsn Severity: 16 Explanation: Refer to CKR0002 and CKR0010 for a discussion. CKR0131 File empty - ddname volume dsn Severity: 16 Explanation: Refer to CKR0002 and CKR0010 for a discussion. CKR0132 Reading configuration for system name iplvol volume from pads file volume dsn running OS version activeproducts Created by program progname job jobname at dd mmm yyyy hh:mm::ss:cc (runtype) Severity: 00 Explanation: This message indicates when, where and how the CKFREEZE file for an MVS system was created, and on what version of what operating system. In activeproducts the following products may be listed: DFP version JES2 version ESM version TSO version HSM version, where ESM may be RACF, ACF2 or TSS, and DFP may be DFP or DFSMS; for DFSMS active components may be listed after the version number (for example, DFSMS 2.10.0 hsm 162 Version 1.12: Messages Guide rmm). The runtype used may be APF or non-APF; if it was non-APF some information will not be contained in the CKFREEZE. If the message contains the text PADS for pads, then this indicates that access to the data set was allowed by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope. CKR0132 Reading configuration for system name from pads file volume dsn created by progname job jobname at ddmmmyyyy hh:mm:ss.ffffff Severity: 00 Explanation: This message indicates when, where and how the CKFREEZE file for a VM system was created. If the message contains the text PADS for pads, then this indicates that access to the data set was allowed by virtue of conditional access by this program. In this case, the program will restrict its functionality to the user's scope. CKR0133 VERIFY PERMIT and COPY/MOVE/REMOVE are mutually exclusive Severity: 12 Explanation: The VERIFY PERMIT and COPY/MOVE/REMOVE commands cannot both be specified (since both commands use the same method internally). CKR0134 Default system viewpoint name1 not found, using name2 instead Severity: 04 Explanation: This message indicates that you specified a DEFAULT SYSTEM=name1 command. However, the system name1 is not present in the CKFREEZE files read by the program. Operation will continue with name2 instead. CKR0135 Concatenation of system sysid data behind system on file ddname invalid, use separate CKRCKFnn file for each system Severity: 16 Explanation: This message indicates that it detected two concatenated CKFREEZE data sets in one input file. This is not supported. Use separate DDnames or multiple ALLOC TYPE=CKFREEZE commands. This message can also be issued when multiple zSecure Collect jobs have written to the same data set. CKR0136 Indirect volser on VSAM profile not supported for multiple systems - datasetname Severity: 08 Explanation: This message indicates that the database contains a discrete VSAM data set profile with an indirect volser ('******'). The program does not support this with more than one system. The indirect volser would imply that the profile may cover more than one data set at the same time (seen from different systems). CKR0137 Field name value is not an access or authority - "value" at ddname line number Severity: 12 Explanation: This message indicates that the program expects NONE, READ, EXECUTE, UPDATE, ALTER, USE, CREATE, CONNECT, or JOIN. CKR0138 Audit access must be ALTER, CONTROL, UPDATE, READ, or NONE - "value" at ddname line number Severity: 12 Explanation: This message indicates that the value you specified for a field did not match the field type expected by the program. Chapter 5. CKR messages 163 CKR0139 Audit event must be ALL, SUCCESS, FAILURE, or NONE - "value" at ddname line number Severity: 12 Explanation: This message indicates that the value you specified for a field did not match the field type expected by the program. CKR0140 Number of profiles referring outside group is number for complex Severity: 00 Explanation: This message summarizes the number of profiles listed by a REPORT OUTOFGROUP command. CKR0141 Number of non-default profiles found is number for complex Severity: 00 Explanation: This message summarizes the number of profiles listed by a REPORT NONDEFAULT command. CKR0142 Of the xxxx profiles tested yyyy are redundant (pp%) for complex Severity: 00 Explanation: This message gives the number of profiles considered redundant by a REPORT NONREDUNDANT or REPORT REDUNDANT command. In addition, it compares this to the total number of profiles tested for redundancy. CKR0143 Number of profiles and qualifiers in selected scope is number for complex Severity: 00 Explanation: This message summarizes the number of profiles and qualifiers listed by a REPORT SCOPE= or REPORT PERMIT= command. CKR0144 MOD only valid with TYPE=CKRCMD/OUTPUT at file line n Severity: 12 Explanation: You specified MOD on an ALLOC statement with a TYPE other than CKRCMD or OUTPUT. This is not supported. Remove the MOD from the ALLOC statement. CKR0145 MOD mutually exclusive with VOL/UNIT/MEMBER/FILEDESC/PATH/GETPROC at file line n Severity: 12 Explanation: The ALLOC MOD parameter cannot be combined with any of the parameters above. Either remove MOD or leave out the unsupported parameter. CKR0146 FILEDESC mutually exclusive with VOL/UNIT and TYPE other than OUTPUT or CKRCMD at file line n Severity: 12 Explanation: You can only specify FILEDESC on an ALLOC TYPE=OUTPUT or TYPE=CKRCMD. Also it is mutually exclusive with VOL and UNIT. CKR0147 PATH/GETPROC mutually exclusive with VOL/UNIT at file line n Severity: 12 Explanation: If you specify a UNIX pathname, then you cannot specify a volume serial or unit name. 164 Version 1.12: Messages Guide CKR0148 event stuser identity general resource profile STARTED profile Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER command. It means that the undefined identity occurs in the STUSER field of the STDATA segment of the indicated STARTED profile. To solve the condition an RALT command will be generated to remove this field from the profile. CKR0149 event stgrp identity general resource profile STARTED profile Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/GROUP command. It means that the undefined identity occurs in the STGROUP field of the STDATA segment of the indicated STARTED profile. To solve the condition an RALT command will be generated to remove this field from the profile. CKR0150 STARTED profile profile revoked user id not connected to group group - "user" is used. Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the user id in the STUSER field in the STDATA segment is not connected to the group in the STGROUP field, so that the undefined user ID user will be used, and furthermore the user id is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by CKR0575). This message indicates an error on the profile level, but no command is generated as it is unclear what the desired solution would be. CKR0151 STARTED profile profile revoked user id not connected to group group - "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the user id in the STUSER field in the STDATA segment is not connected to the group in the STGROUP field, so that the undefined user ID user will be used, and furthermore the user id is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by CKR0575). Note that the first qualifier of profile is generic, and either the user id or the group is specified as =MEMBER and thus evaluates to procedure, so that the main problem is not a condition on the profile level; no command is generated. CKR0152 No STUSER specified on STARTED profile profile - ICHRIN03 is used - and user id id as STGROUP - changed to newgroup Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: it does not contain an STUSER field in the STDATA segment, and the STGROUP field does not contain a valid group ID but username id instead. Because of the severe first condition, the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead. No attempt is made to cure this condition, because it may be intentional. To cure the second problem, a command is generated: if newgroup is group(=MEMBER), then the profile's first qualifier is a valid group ID, and STGROUP field is set to use that member name; otherwise, newgroup is NOGROUP and the STGROUP field will be removed from the STDATA segment, meaning that the default group (for the user when one is specified later) should be used. After correcting the second condition, a new run should "only" yield CKR0564. CKR0153 No STUSER specified on STARTED profile profile - ICHRIN03 is used - and undefined STGROUP id - changed to newgroup Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the Chapter 5. CKR messages 165 indicated profile in the STARTED class: it does not contain an STUSER field in the STDATA segment, and the STGROUP field does not contain a valid group ID but value id. Because of the severe first condition, the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead. No attempt is made to cure this condition, because it may be intentional. To cure the second problem, a command is generated: if newgroup is group(=MEMBER), then the profile's first qualifier is a valid group ID, and STGROUP field is set to use that member name; otherwise, newgroup is NOGROUP and the STGROUP field will be removed from the STDATA segment, meaning that the default group (for the user when one is specified later) should be used. After correcting the second condition, a new run should "only" yield CKR0564. CKR0154 STARTED profile profile contains group id id as STUSER and user id id2 as STGROUP - "user" is used - action to newuser newgroup note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the groupname id, and the STGROUP field does not contain a valid group ID but the username id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to =MEMBER to use the member name, respectively; if not, they will be set to NOUSER and NOGROUP respectively to indicate the fields are to be deleted. If newuser is user(=MEMBER) (and thus newgroup is NOGROUP), the identities are both fixed and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if newuser is NOUSER the action will be change, there will be no note, and after the proposed change the profile would be so obviously unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile. CKR0155 STARTED profile profile contains group id id as STUSER and undefined STGROUP id2 - "user" is used - action to newuser newgroup note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the groupname id, and the STGROUP field does not contain a valid group ID but the value id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to =MEMBER to use the member name, respectively; if not, they will be set to NOUSER and NOGROUP respectively to indicate the fields are to be deleted. If newuser is user(=MEMBER) (and thus newgroup is NOGROUP), the identities are both fixed and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if newuser is NOUSER the action will be change, there will be no note, and after the proposed change the profile would be so obviously unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile. CKR0156 STARTED profile profile has undefined STUSER id and user id id2 as STGROUP - "user" is used action to newuser newgroup note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the value id, and the STGROUP field does not contain a valid group ID but the username id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to =MEMBER to use the member name, respectively; if not, they will be set to NOUSER and NOGROUP respectively to indicate the fields are to be deleted. If newuser is user(=MEMBER) (and thus newgroup is NOGROUP), the identities are both fixed and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if newuser is NOUSER the action will be change, there will be no note, and after the proposed change the profile would be so obviously unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile. 166 Version 1.12: Messages Guide CKR0157 STARTED profile profile has undefined STUSER id and undefined STGROUP id2 - "user" is used action to newuser newgroup note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the STUSER field in the STDATA segment does not contain a valid user ID, but the value id, and the STGROUP field does not contain a valid group ID but the value id2. As a result of these errors, the user and group specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specifications. If the profile's first qualifier is a valid user or group, newuser or newgroup will be set to =MEMBER to use the member name, respectively; if not, they will be set to NOUSER and NOGROUP respectively to indicate the fields are to be deleted. If newuser is user(=MEMBER) (and thus newgroup is NOGROUP), the identities are both fixed and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if newuser is NOUSER the action will be change, there will be no note, and after the proposed change the profile would be so obviously unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile. CKR0158 STARTED profile profile has STGROUP =MEMBER, which is a userid, and revoked STUSER id2 "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the STGROUP field in the STDATA segment contains =MEMBER but the indicated procedure in the indicated data set is not a valid group ID, but a user ID, so that the undefined user ID user will be used, and the user ID specified in the STUSER field is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by CKR0575). Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated. CKR0159 STARTED profile profile has STGROUP =MEMBER, which is undefined, and revoked STUSER id2 "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes two separate problems in the indicated profile in the STARTED class: the STGROUP field in the STDATA segment contains =MEMBER but the indicated procedure in the indicated data set is not a valid group ID, but undefined to RACF, so that the undefined user ID user will be used, and the user ID specified in the STUSER field is revoked, so that even after curing the first problem the started task would run with reduced authority and might still experience problems (as indicated by CKR0575). Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated. CKR0160 Unsupported RACF database blksize nnnnn (must be 1024 or 4096) on file ddname dsname Severity: 16 Explanation: The database to be read had an unsupported blocksize. This may happen if you transmit a database to another system and receive it there without explicitly requesting the proper blocksize; the system will select another blocksize in this case. CKR0161 Segment name not in templates - name for entity type xx Severity: 16 Explanation: A profile in a restructured database was read with a segment name that could not be found in the template for the indicated entity type. The message is followed by the exact source location of the profile to assist in further analysis. Chapter 5. CKR messages 167 CKR0162 Entity type not found in BASE segment of key Severity: 16 Explanation: The entity type of the base segment of a profile in a restructured database was not found in the expected place in the profile. Contact IBM Software Support if the profile can be displayed normally by RACF commands. CKR0163 Entity type user assumed - segment segname of key Severity: 00 Explanation: This message indicates that a non-base segment was encountered for which the entity type could not be determined. The message is issued only if DEBUG SEGMENT has been issued. For RACF 1.9 and up, this can only occur for a DFP segment of a USER or GROUP profile. For most purposes, this does not really matter, since they are treated the same most of the time (i.e. as accessor ids). However, if you request a LIST with CLASS, then the class may erroneously show USER. CKR0164 Segment name segname not in segment table for entity type xx Severity: 16 Explanation: A profile segment in a restructured database was read with a segment name that could not be found in the segment table for the indicated entity type. The message is followed by the exact source location of the profile to assist in further analysis. CKR0165 Template not found for entity type xx Severity: 16 Explanation: A profile in a restructured RACF database was read with the indicated entity type. The ICB did not contain a template pointer for the indicated entity type. The message is followed by the exact source location of the profile to assist in further analysis. CKR0166 Conditional access list refers to unknown class "class" in class key Severity: 08 Explanation: A general resource profile in a restructured RACF database contained a conditional access list containing a reference to a class not found in the class descriptor table. This message is given only once per "class". CKR0167 Grouping resource in conditional access list not supported - class key Severity: 16 Explanation: A general resource profile in a restructured database contained a conditional access list with a reference to a grouping class. The program supports only non-grouping classes in the conditional access list. CKR0168 Maximum profile length on complex is nnnnn bytes for class key Severity: 00 Explanation: This informational message details the maximum profile length found in your RACF database on the indicated complex. It can be used to determine how near you are to problems. For non-restructured databases, the maximum length is 64KB. CKR0169 Cluster protection undecidable (not in any catalog or VVDS) clustername Severity: 08 Explanation: The indicated cluster cannot be represented properly in the reports, because the VVDS or catalog information is missing. 168 Version 1.12: Messages Guide CKR0170 Selection in restricted mode is not allowed on restricted field field at ddname line number Severity: 04 or 12 Explanation: When the program is running in restricted or PADS mode, selection on the indicated field is not allowed. The program is running in restricted mode either because of a reason shown in a CKR0031 message or because SIMULATE RESTRICT was specified. This condition is considered a syntax error (severity 12). If an ALLOWRESTRICT modifier explicitly indicates that the query must be executed anyway, this message is issued as a warning (severity 4) to remind you that the indicated field is treated as missing. The restrictions that apply to this field can be viewed in the "Restrictions" column of the output from the primary command FIELD after zooming in through BUILTIN and RACF, provided the command is also issued in restricted mode (SIMULATE RESTRICT in SETUP PREAMBLE will ensure this). CKR0171 Class not in descriptor table, default properties assumed - class Severity: 08 (unless changed by the MSGRC parameter of the OPTION statement) Explanation: The indicated class (or its 4 character prefix in non-RDS databases) was present in the database, but not in the class descriptor table. Hence, the program cannot know which properties the class has and may use it incorrectly. This may for instance happen if you process a RACF database from a different system, or if classes were deleted from the class descriptor table without first removing all profiles in these classes. The message is followed by an indication which profile was first encountered with the offending class. To find all profiles you can use the SELECT CLASS= command. CKR0172 ICHCNX00 returns qualifier "qual1" for internal but "qual2" for external format of dsname Severity: 16 (unless changed by the MSGRC parameter of the OPTION statement) Explanation: The installation exit returns different qualifiers for the internal and external formats of the data set name, both of which are unequal to the first qualifier of the data set name. The program will choose the external one. The message can be suppressed by the command SUPPRESS MSG=172. CKR0173 ICHCNX00 returns qualifier "qual1" for internal but "qual2" for external format of dsname Severity: 00 Explanation: The installation exit returns different qualifiers for the internal and external formats of the data set name. The program will choose the external one. This message is issued only if the DEBUG QUAL command was issued. CKR0174 No support for n>1 associations in UCAT alias alias in BCS system volume dsn Severity: 20 Explanation: This message indicates that an unexpected condition was found in a usercatalog alias entry. Contact IBM Software Support. CKR0175 Unsupported number of qualifiers in usercat alias alias in BCS system volume dsn Severity: 20 Explanation: This message indicates that an alias entry in the catalog contained more than 4 qualifiers. Contact IBM Software Support. CKR0176 Unexpected volume cell volser in BCS record cluster dsname Severity: 04 Explanation: This message indicates that an unexpected condition was found in an ICF catalog record. Contact IBM Software Support. Chapter 5. CKR messages 169 CKR0177 VERIFY NONEMPTY not performed on complex complex due to missing catalog information Severity: 08 Explanation: This message indicates that catalog information about VSAM data sets was missing from the CKFREEZE file(s) for the indicated complex, possibly because they were created without APF authorization. VERIFY NONEMPTY depends on completeness of the information and hence refuses to operate. CKR0178 No CKFREEZE file for system name in SIMULATE SHARED VOLUME= volser command Severity: 12 Explanation: This message indicates that you used a system name that was not found in the CKFREEZE files. Possibly you mistyped the system name, or forgot to allocate the CKFREEZE file. CKR0179 Conflicting share information for volume volume on system system Severity: 12 Explanation: The SIMULATE commands are inconsistent with respect to the specified system/volume combination. CKR0180 No CKFREEZE file for system name in SIMULATE (NON)SHARED SYSTEM=name command Severity: 12 Explanation: This message indicates that you used a system name that was not found in the CKFREEZE files. Possibly you mistyped the system name, or forgot to allocate the CKFREEZE file. CKR0181 Unknown subparameter - parm Severity: 12 Explanation: This message indicates that the program does not recognize the specified parameter, at least not in this place. CKR0182 Field name flag value must be GLOBAL, GENERAL or SPECIFIC - "value" at ddname line number Severity: 12 Explanation: This message indicates that for field name only the values GLOBAL, GENERAL and SPECIFIC can be specified. CKR0183 Simulation not supported - parm Severity: 12 Explanation: This message indicates that the specified parameter was recognized but is not supported for simulation. CKR0184 Conflicting options SHARED and NONSHARED Severity: 12 Explanation: This message indicates that you tried to define all volumes in all systems as both shared and unshared. CKR0185 SIMULATE SHARE VOL=list should include the system names system system has to share the volume(s) with Severity: 12 Explanation: This message indicates, that if you specify a system list for a volume, then it should contain a list of systems sharing the volume. You specified only one system, which is not sufficient to define the sharing relationship. 170 Version 1.12: Messages Guide If you meant that the volume is shared among all your systems, then you must completely omit the SYSTEM parameter. CKR0186 Conflicting SHARE/NONSHARE for volume name on system system Severity: 12 Explanation: This message indicates that you tried to define the volume name in system system as both shared and unshared on different SIMULATE commands. CKR0187 Field name value string type not supported - 'value' at ddname line number Severity: 12 Explanation: The only valid string types are X for hex, B for bit(mask), and C for character string (which is the same as omitting the type). CKR0188 Field name value invalid - bit string may only contain 0, 1, or . - "value" at ddname line number Severity: 12 Explanation: This message indicates that the string of type B (bitmask) contains an invalid character. Specify 0 or 1 for an exact match on a bit, and dot "." for a do not care. CKR0189 Field name flag value must be FORCE or NOFORCE - "value" at ddname line number Severity: 12 Explanation: This message indicates that an improper value was specified for the XRFSOFF flag. CKR0190 Field name value invalid - maximum bit string length is 32 at ddname line number Severity: 12 Explanation: This message indicates that you tried to use a bitmask input string with more than 32 binary digits. This is not supported. CKR0191 Field name flag value must be hex, binary, YES, NO, ON, OFF, or a bit mask "value" at ddname line number Severity: 12 Explanation: This message indicates that a value for a flag field was not recognized. CKR0192 PAGELEN=nn must be larger than 5, or 0 to suppress page separators Severity: 12 Explanation: This message indicates that you specified an invalid PAGELENGTH value. The page length includes all page headers and titles. Since these are printed on each page, there is a minimum page length of five (toptitle, title, subtitle, empty line, column header). If you do not want any headers, specify NOPAGE. If you just want one header per NEWLIST/SORTLIST, specify PAGELENGTH=0. CKR0193 activereason using system name iplvol volume running operating system release with prod release Severity: 00 Explanation: This message indicates that the active system settings are used. If activereason contains the text No configuration file, this is because no CKFREEZE file was present. If activereason shows Active configuration this is because of an explicit allocation request. Required information about system control blocks normally taken from the CKFREEZE file, like the RACF Class Descriptor Table (when processing a RACF database) will be taken from the current system. The message also indicates the security product prod (RACF, ACF2, or TSS) and its release level. Chapter 5. CKR messages 171 CKR0194 Volume cell missing from connector entry for dsname in catalog catname Severity: 20 Explanation: This message indicates that an unexpected condition was found in an ICF catalog record. Contact IBM Software Support. CKR0195 SIMULATE RESTRICT not possible on this system Severity: 12 Explanation: This message indicates that it is not possible to simulate restricted PADS mode for a RACF database that does not have your current user ID defined in it. CKR0196 Unload not allowed during PADS access to ddname volume dsn Severity: 12 Explanation: This message indicates that the program is operating in restricted or PADS mode and will not allow you to make an unload file, since this would allow you to see information beyond your scope of authority. Note that even profiles 'in your scope' contain information that is not 'in your scope' to see since you are not given access to it by RACF itself. CKR0196 Unload not allowed during program pathing access to ddname volume dsn Severity: 12 Explanation: This message indicates that the program is operating in restricted or program pathing mode and will not allow you to make an unload file, since this would allow you to see information beyond your scope of authority. Note that even records 'in your scope' contain information that is not 'in your scope' to see since you are not given access to it by ACF2 itself. CKR0197 Unload not allowed with PADS access to configuration dataset Severity: 12 Explanation: This message indicates that the program is operating in restricted or PADS mode and will not allow you to make an unload file. While this may not be strictly necessary in the case of PADS access to a CKFREEZE file, the program has only one restricted mode of operation, independently of exactly which input file was accessed through PADS mode. CKR0197 Unload not allowed with program pathing access to configuration dataset Severity: 12 Explanation: This message indicates that the program is operating in restricted or program pathing mode and will not allow you to make an unload file. While this may not be strictly necessary in the case of program pathing access to a CKFREEZE file, the program has only one restricted mode of operation, independently of exactly which input file was accessed through program pathing mode. CKR0198 Option not allowed in restricted mode - option Severity: 12 Explanation: This message indicates that the program is operating in restricted or PADS mode and will not allow you to use the indicated option or command, since it might influence access control decisions. If option is "DEBUG other than RESTRICT PERFORM DICT CPIC ACTION OUNIT" the severity of this message will be zero. CKR0199 REPORT SCOPE=idname not allowed, id is not in your scope Severity: 12 Explanation: This message indicates that the program is operating in restricted or PADS mode and will not allow you to request a scope report for a user or group that is considered to be outside your scope of authority. 172 Version 1.12: Messages Guide Messages from 200 to 299 CKR0200 Duplicate NONVSAM profile volume volser dataset datasetname Severity: 20 Explanation: Two identical profile keys were found for the same volume. This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition. CKR0201 Duplicate TAPEDSN profile volume volser dataset datasetname Severity: 20 Explanation: Two identical profile keys were found for the same volume, and both with DSTYPE=TAPE. This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition. CKR0202 Duplicate VSAM profile volume volser cluster datasetname Severity: 20 Explanation: Two identical profile keys were found for the same volume and both with DSTYPE=VSAM. This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition. CKR0203 Duplicate MODEL profile datasetname Severity: 20 Explanation: Two identical profile keys were found, both for a model data set. This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition. CKR0204 Duplicate generic dataset profile base datasetname Severity: 20 Explanation: Two identical profile keys were found, both for a generic data set profile. This is an anomaly in the RACF database. Only the first profile will be used, and no support is present to remove the condition. CKR0205 field not found in profile datasetname Severity: 20 Explanation: Here field can be DSTYPE or MODELNAM. While searching the data set profile indicated for the specified field, end-of-profile was reached or the template did not contain the field. If the error is reproducible, contact IBM Software Support. CKR0206 Duplicate GLOBAL profile classname Severity: 20 Explanation: Two identical GLOBAL profiles for the indicated class were found. This is an anomaly in the RACF database. Only the first profile will be used, and no support is present to remove the condition. CKR0207 Model name too long on profile identity Severity: 20 Explanation: The model profile name on a user or group profile contained more than 44 characters including the prefix. The program provides no support for this condition. Chapter 5. CKR messages 173 CKR0208 field not found in type profile Severity: 20 Explanation: Here type can be DATASET or GENERAL, and field can be UNIVACS, UACC, FLAG1, AUDIT, AUDITQS, AUDITQF, GAUDITQS or GAUDITQF. Contact IBM Software Support. CKR0209 identity defined as both USER and GROUP Severity: 20 Explanation: The indicated identity was found as a profile in the class USER as well as the class GROUP. No support exists to handle this condition. CKR0210 USER "identity" doubly defined Severity: 20 Explanation: Two user profiles were encountered with identical keys. Possibly you combined two copies of the same database in one run. CKR0211 GROUP "identity" doubly defined Severity: 20 Explanation: Two group profiles were encountered with identical keys. Possibly you combined two copies of the same database in one run. CKR0212 Numeric or flag field fldname exceeds supported length (4 byte) for profile key Severity: 20 Explanation: This message indicates that during SELECT or EXCLUDE processing a profile was encountered with the field length for the indicated field exceeding 4 bytes. The program assumes that all numeric fields are 4 bytes or less in length. CKR0213 Missing master catalog for system name Severity: 16 Explanation: This message indicates that the CKFREEZE files did not contain a catalog dump of the master catalog for the indicated system, or that it was not clear which catalog was the master catalog. CKR0214 CKFREEZE file required for selected options Severity: 12 Explanation: This message indicates that you requested program functions that require the presence of a CKFREEZE file. However, no CKFREEZE or CKRCKF0n file was found allocated. CKR0215 Non-PADS run required to access masked field field Severity: 12 Explanation: This message indicates that the program is operating in restricted or PADS mode and will not allow you to request access to a field that is marked masked in the database templates. CKR0216 event permit identity whenclass whenprofile(1-15) class key Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY 174 Version 1.12: Messages Guide PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list of a general resource profile. Only the first 15 characters of the key in the conditional permit are shown. For (RE)MOVE or VERIFY a PERMIT DELETE WHEN(...()) command is generated to remove the conditional permit. For COPY a PERMIT WHEN(...()) command is generated to create the conditional permit. CKR0217 Audit authority required to access field Severity: 12 or 04 Explanation: This message indicates that the program is operating in restricted or PADS mode and will not allow you to request access to a field that is reserved for users with the auditor or group-auditor attribute. The ALLOWRESTRICT modifier causes the severity of this message to drop to 4, thus allowing the program to finish the query. The offending field will be shown blank. CKR0218 Field field of length field-length extends number chars beyond target line length line-length - ddname line number Severity: 12 Explanation: This message indicates that you requested more fields than will fit into the output line buffer, which has maximum length line-length. The indicated field (of length field-length) would extend number characters beyond the end of the output line. The requested field will be truncated automatically. CKR0219 ICHCNX00 exit abend sssuuu now activating SUPPRESS ICHCNX00 Severity: 16 Explanation: This message indicates that an abend condition was intercepted while calling the current system's RACF exit ICHCNX00. This may easily happen if the exit requires supervisor state, key zero operation, or other authorized functions. The abend code was system abend sss (hexadecimal) or user abend uuu (hexadecimal). Calls to the exit will be suppressed for the remainder of the run. CKR0220 Unsupported date length for fieldname location Severity: 20 Explanation: This message is issued when trying to format a variable length date field with an unsupported length. The field name from the template is indicated in the message, as well as the profile in which the condition was found, either in the format profile key or in the format connect user to group. CKR0221 Warning: program profiles present but program control not active Severity: 00 Explanation: This message indicates that you requested a report concerning PROGRAM protection. Profiles were found in the class PROGRAM, but the system-wide option SETROPTS WHEN(PROGRAM) is not in effect. This means that the profiles will not be used by RACF, and will not be present on the REPORT AC1 and REPORT PADS output, unless you include a SIMULATE SETROPTS WHEN(PROGRAM) command. CKR0222 event supgrp identity of group name - make name Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER command. The superior group field will be changed by an ALG command to the indicated group. CKR0223 Invalid PRINT/NEWLIST output file - file Severity: 12 Explanation: This message indicates that the indicated filename or DDname is not valid as a target for a NEWLIST or PRINT command. The following reserved DDnames may not be specified: CKRUNLIN, CKRUNLOU, STEPLIB, SYSABEND, SYSUDUMP, SYSMDUMP, CKRCARLA, CKRTSPRT, XMLIN, XMLOUT, CKRACF*, CKRSMF*, and all Chapter 5. CKR messages 175 redirections for those files. For additional information, see the OPTION command documentation in the user reference manual. CKR0224 nn profiles and nn segments read, nn profiles and nn segments selected (nn%) for complex Severity: 00 Explanation: This message is only issued for a Restructured Data Set and indicates the number of profiles (base segments) and non-base segments that were read and the numbers that were selected. The percentage is based on the sum of profiles and non-base segments. The number selected for a run that only uses merge will be zero. If other TYPE=RACF newlists, reports or verify commands are used, those will determine the number of selected profiles / segments. CKR0225 DMS default setting not supported - ppppppppv on complex complex system system Severity: 16 Explanation: This message indicates that the indicated setting v for a DMS parameter pppppppp is not supported results may be unpredictable. It can happen that the indicated parameter setting was assumed as a default by the program (because it is the default in DMS) if the actual value was missing in the CKFREEZE file. CKR0226 Invalid sysid (must be lower or equal to 4 characters) Severity: 16 Explanation: This message indicates a system name was found in a conditional access list entry that had more than 4 characters. This is not supported. contact IBM Software Support. CKR0227 length must be in range n..32767 Severity: 12 Explanation: This message indicates that the page or line length you supplied does not fall in the allowed interval 0..32767 for PL or 1..32767 for LL. If you want to prevent paginating the output, you should use PL=0 or NOPAGE. CKR0228 Modifiers TITLE and TOPTITLE cannot be combined with WRAP/MORE/HOR - field field at ddname line number Severity: 12 Explanation: This message indicates that a modifier was specified that changes the appearance of a repeated field on the overview line but is not supported for page titles. CKR0229 Modifiers TITLE and TOPTITLE are mutually exclusive - field field at ddname line number Severity: 12 Explanation: A field must be either part of the title or the toptitle. But you can specify the field twice with one of the modifiers on each. CKR0230 Modifier PAGE not allowed after variable field without PAGE - field field at ddname line number Severity: 12 Explanation: Fields that cause a page boundary when their value changes must be higher in the sort hierarchy than fields that do not have the page modifier. CKR0231 (TOP)TITLE must occur before fields on output line - field field at ddname line number Severity: 12 Explanation: Fields that are to be reported in a page title must be higher in the sort hierarchy than fields that do not have a (top)title modifier. 176 Version 1.12: Messages Guide CKR0232 KEY must occur before any non-key fields on display - field field at ddname line number Severity: 12 Explanation: The KEY modifier can only be used in a set of contiguous columns on the left of the display. This defines the part of the display that cannot be scrolled horizontally. CKR0233 Modifiers TITLE and TOPTITLE not valid with length 0 - field field at ddname line number Severity: 12 Explanation: The field that is to be reported in a page title must have a fixed length. CKR0234 option modifier invalid on LIST command, use SORTLIST - at file file line n Severity: 12 Explanation: Use SORTLIST if you want to use the TOPTITLE, TITLE or PAGE modifier. CKR0235 Replace notify identity on non-VSAM dataset profil volume datasetname - with newnotify Severity: 04 Explanation: This message is issued due to a (RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field. CKR0236 Replace notify identity on VSAM dataset profile volume datasetname - with newnotify Severity: 04 Explanation: This message is issued due to a (RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field. CKR0237 Replace notify identity on generic dataset profile datasetname - with newnotify Severity: 04 Explanation: This message is issued due to a (RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field. CKR0238 Replace notify identity of model dataset profile datasetname - with newnotify Severity: 04 Explanation: This message is issued due to a (RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field. CKR0239 Change notify identity to id2 profile class key Severity: 04 Explanation: This message is issued for a PROGRAM or GLOBAL profile due to a (RE)MOVE NOTIFY/PERMIT/ USER, NEWNOTIFY= command. In response, an RALTER NOTIFY() command will be generated to change the notify field. CKR0240 BCS RACF indicator set but no discrete VSAM profile volser clustername Severity: 04 Explanation: This message is issued due to a VERIFY INDICATED command. Chapter 5. CKR messages 177 CKR0241 Discrete VSAM profile but BCS RACF indicator not set volser clustername Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. The volume indicated is the volume of the catalog (BCS) that contained an ownership cell with the RACF indicator bit off for the indicated cluster. To solve the error condition a DELDSD NOSET command will be generated. CKR0242 Discrete VSAM profile present but no cluster found volser clustername Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. The volume indicated is the volume of the catalog that did not contain the cluster. To solve the error condition a DELDSD NOSET command will be generated. CKR0243 Discrete VSAM profile but BCS volume not mounted volser clustername Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. The profile indicates a volume that is not mounted. To solve the error condition a DELDSD NOSET command will be generated. CKR0244 Replace notify identity on tape dataset profile volser datasetname - with newnotify Severity: 04 Explanation: This message is issued due to a (RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, an ALTDSD NOTIFY() command will be generated to change the notify field. CKR0245 event qualif identity of tape dataset profile volser datasetname - output DELDSD Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD VOL() command will be generated. The message and action may be suppressed by means of a SUPPRESS command. CKR0246 event qualif identity of non-VSAM dataset profil volser datasetname - output DELDSD Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD VOL() command will be generated. The message and action may be suppressed by means of a SUPPRESS command. CKR0247 event qualif identity of VSAM dataset profile volser datasetname - output DELDSD Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD VOL() command will be generated. The message and action may be suppressed by means of a SUPPRESS command. CKR0248 event qualif identity of generic dataset profile datasetname - output DELDSD Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD command will be 178 Version 1.12: Messages Guide generated. The message and action may be suppressed by means of a SUPPRESS command. CKR0249 event qualif identity of model dataset profile datasetname - output DELDSD Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command. It indicates that the data set profile has a first qualifier that is undefined or to be removed. To solve the condition, a DELDSD command will be generated. The message and action may be suppressed by means of a SUPPRESS command. CKR0250 Multivolume discrete profile but no RACF indicator volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. To solve the error condition a ALTDSD DELVOL command will be generated. CKR0251 Multivolume discrete profile but dataset not found volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. To solve the error condition a ALTDSD DELVOL command will be generated. CKR0252 Multivolume discrete profile but volume not mounted volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. To solve the error condition a ALTDSD DELVOL command will be generated. CKR0253 Cluster indicator unknown due to undumped catalog on volume clustername Severity: 08 Explanation: The program was unable to determine whether the indicated cluster was RACF indicated or not, since the catalog in which it was cataloged according to the VVDS, was not present in the catalog dump. CKR0254 Discrete profile not used because GDG model present volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY ONVOLUME command. It indicates that a discrete profile is present for a GDG generation, while at the same time a discrete non-VSAM or model profile exists for the GDG base name, and GDG modelling is active. To solve the error condition a DELDSD NOSET command will be generated. However, if the generation has already been rolled off the GDG, the command may be rejected with the error message "NOT FOUND IN CATALOG". In this case, the profile can only be removed by deactivating the system-wide MODEL(GDG) option before issuing the command. CKR0255 event notify identity on non-VSAM dataset profil volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a COPY PERMIT/USER command. To solve the error condition an ALTDSD VOL() NONOTIFY command will be generated. Chapter 5. CKR messages 179 CKR0256 event notify identity on VSAM dataset profile volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a COPY PERMIT/USER command. To solve the error condition an ALTDSD VOL() NONOTIFY command will be generated. CKR0257 event notify identity on generic dataset profile datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a COPY PERMIT/USER command. To solve the error condition an ALTDSD NONOTIFY command will be generated. CKR0258 event notify identity of model dataset profile datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a COPY PERMIT/USER command. To solve the error condition an ALTDSD NONOTIFY command will be generated. CKR0259 event notify identity general resource profile class name Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a COPY PERMIT/USER command. To solve the error condition a RALT NONOTIFY command will be generated. CKR0260 event member identity general resource profile class key Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a (RE)MOVE PERMIT/USER command. This message is only issued for the NODES resource class. To solve the condition an RDEL command will be generated to remove the entire profile. CKR0261 Key with unknown identity general resource profile class key Severity: 04 Explanation: This message is issued due to a VERIFY PERMIT or (RE)MOVE PERMIT/USER command. This message is only issued for resource classes where some qualifier can be a user ID or group, like VMMDISK, VMBATCH, DLFDATA, JESJOBS, NODES, JESSPOOL, PROPCNTL, VMEVENT, and VMXEVENT. To solve the condition an RDEL command will be generated to remove the profile. CKR0262 event user identity - defines OMVS default UID in BPX.DEFAULT.USER Severity: 08 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER command. It means that the identity to be removed defines the OMVS default UID, and that the error condition is not resolved. This error condition is not resolved when the default GID specification is present and not to be removed; if there would not have been a default GID specification to be kept, the condition would have been resolved by removing the specification(s), and CKR0298 would have been issued instead. 180 Version 1.12: Messages Guide CKR0263 event notify identity general resource profile class key Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command, and with event equal to Replace due to a COPY PERMIT/USER command. To solve the condition a RALTER NONOTIFY command will be generated to remove the notify field. CKR0264 event R-ownr identity on non-VSAM dataset profil volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated. CKR0265 event R-ownr identity on VSAM dataset profile volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated. CKR0266 event R-ownr identity on generic dataset profile datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated. CKR0267 event R-ownr identity of model dataset profile datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated. CKR0268 event permit identity whenclass whenprofile(1-15) class key Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list of a general resource profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated. CKR0269 event permit identity SYSID smfid PROGRAM profile Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list Chapter 5. CKR messages 181 WHEN(SYSID(smfid)) clause of a PROGRAM profile. To solve the condition a PERMIT DELETE WHEN(SYSID(smfid)) command will be generated. CKR0270 event permit identity whenclass whenprofile(1-15) PROGRAM profile Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that identity was found in the conditional access list clause of a PROGRAM profile other than WHEN(SYSID(...)). Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated. CKR0271 event permit identity in access list of tape dsn volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a PERMIT DELETE VOL() command will be generated. CKR0272 Remove raclink node.id with id2 - output RACLINK UNDEFINE Severity: 00 Explanation: This message is issued due to a REMOVE USER= command. In order to remove id2, its raclinks must be deleted first, hence RACLINK UNDEFINEs are generated for each. CKR0273 event owner identity of tape dataset profile volser datasetname - make newowner Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a (RE)MOVE PERMIT/USER/GROUP command, and with event equal to Replace due to a COPY PERMIT/USER/GROUP command. To solve the error condition a ALTDSD VOL() OWNER() command will be generated. The new owner will be the HLQ of the profile, unless that is identical to identity. In that case it will be the name specified on the DEFAULT OWNER= command. The new owner selected is shown in the message. CKR0274 event notify identity on tape dataset profile volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command. To solve the error condition a ALTDSD VOL() NONOTIFY command will be generated. CKR0275 Inaccessible cluster (RACF indicated and no profile) volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY PROTECTALL or VERIFY INDICATED command. To solve the error condition an ADDSD NOSET command will be generated, but only if VERIFY INDICATED was not specified. Note that adding the profile may not be enough, you might want to enhance the access list, or use a generic profile instead. 182 Version 1.12: Messages Guide CKR0276 Unprotected cluster (not RACF-indicated, no generic) volser datasetname Severity: 08 Explanation: This message is issued due to a VERIFY PROTECTALL command in NOPROTECTALL or PROTECTALL(WARN) environment. No command is generated. CKR0277 event R-ownr identity on tape dataset profile volser datasetname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a (RE)MOVE NOTIFY/PERMIT/USER command. It means that the identity to be removed was found in the RESOWNER field of the DFP segment. To solve the error condition an ALTDSD VOL() NODFP command will be generated. CKR0278 Revoke for user identity requested Severity: 00 Explanation: This message is issued due to a (RE)MOVE USER=, REVOKE command. In response, an ALTUSER REVOKE command will be generated. CKR0279 Connect user identity to group identity as requested - output CONNECT Severity: 00 Explanation: This message is issued due to a MOVE USER=, TOGROUP= command. In response, a CONNECT command will be generated. CKR0280 Default group of identity becomes identity because removing former default Severity: 00 Explanation: This message is issued due to a MOVE USER=, TOGROUP= command. In response, an ALTUSER DFLTGRP() command will be generated. CKR0281 Remove user identity from identity as requested - output REMOVE Severity: 00 Explanation: This message is issued due to a MOVE USER=, TOGROUP= command. In response, a REMOVE command will be generated. CKR0282 Inaccessible cluster (not indicated and no generic) volser datasetname Severity: 04 Explanation: This message is issued due to a VERIFY PROTECTALL command in a PROTECTALL(FAIL) environment. No command is generated. CKR0283 Delete userid identity group identity as requested - output DELUSER Severity: 00 Explanation: This message is issued due to a REMOVE USER= command. In response, a DELUSER command will be generated. CKR0284 Delete group identity of depth depth - output DELGROUP Severity: 00 Explanation: This message is issued due to a REMOVE GROUP= command. In response, a DELGROUP command will be generated for the indicated group with the indicated depth. Chapter 5. CKR messages 183 CKR0285 Replace notify identity general resource profile class key by newnotify Severity: 04 Explanation: This message is issued due to a (RE)MOVE NOTIFY/PERMIT/USER, NEWNOTIFY= command. In response, a RALTER NOTIFY() command will be generated to change the notify field. CKR0286 No VTOC and no VVDS entry for cluster component on volser datasetname Severity: 08 Explanation: This message is issued if a cluster component is referred to by a catalog entry or system control block, but could not be found in either the VTOC or the VVDS. CKR0287 Non-restorable dataset, indic, no generic at archive volser datasetname of seq Severity: 08 Explanation: This message is issued if the DMSFILES data set contains a DSNINDEX and RACFENCD record for a version of data set datasetname that was RACF indicated and protected by a discrete profile at the time of the archive operation, but the discrete RACF profile (with the encoded name) is not found in the RACF database anymore. According to the DMS documentation, this means that it is impossible to restore the data set without first changing the DSNINDEX records. If this message keeps occurring after repeating the zSecure Collect run, you should follow the procedures in the DMS documentation (for example, RACFCHK1) to reconcile the relationship between DMS and RACF. CKR0288 Non-restorable dataset, RACFENCD record missing for volser datasetname of seq Severity: 08 Explanation: This message is issued if the DMSFILES data set contains a DSNINDEX record for a version of data set datasetname that was RACF indicated and protected by a discrete profile at the time of the archive operation, but does not contain a corresponding RACFENCD record. According to the DMS documentation, this means that it is impossible to restore the data set without first changing the DSNINDEX records. If this message keeps occurring after repeating the zSecure Collect run, you should follow the procedures in the DMS documentation (for example, RACFCHK1) to reconcile the relationship between DMS and RACF. CKR0289 Orphan RACFENCD record, DSNINDEX record missing for datasetname of seq Severity: 08 Explanation: This message is issued if the DMSFILES data set contains a RACFENCD record for a version of the indicated data set without a corresponding DSNINDEX record. Possibly this may correspond to an 'orphan' discrete profile, this is currently not checked by the program. If this message keeps occurring after repeating the zSecure Collect run, you should follow the procedures in the DMS documentation (for example, RACFCHK1) to reconcile the relationship between DMS and RACF. CKR0290 Discrete profile at archive non indicated dataset volser datasetname of seq Severity: 08 Explanation: This message is issued if a DSNINDEX record in the DMSFILES data set indicates that a version of the indicated data set was non-indicated and protected by a discrete profile at the same time (during the archive operation). This contradictory bit setting is not supported by the program. CKR0291 RACFENCD record found but DSNINDEX discrete flag off volser datasetname of seq Severity: 08 Explanation: This message is issued if a RACFENCD record has been found in the DMSFILES data set for a version of the data set datasetname (originally residing on volume volser) that also has a DSNINDEX record which tells that the data set was not protected by a discrete at the time of the archive. This contradictory bit setting is not supported by the program. 184 Version 1.12: Messages Guide CKR0292 Connected catalog not found on any volume datasetname Severity: 08 Explanation: This message is issued if one of the system's master catalogs contains a usercatalog connector entry pointing to a catalog datasetname that could not be found. CKR0293 Volume not mounted on any system for cluster comp on volser datasetname Severity: 08 Explanation: This message is issued if a catalog or system control block refers to a VSAM component on a volume that was not present in any of the CKFREEZE files. CKR0294 Cluster cataloged but not in proper ctlg on any system volser datasetname Severity: 04 Explanation: This message is issued because this cluster is present in a catalog, but not in such a way that it can be accessed directly on any system for which a CKFREEZE was supplied, since there is no ALIAS for the HLQ of the cluster or for the dsname of the cluster in the master catalog. This means that on these systems this cluster can only be accessed from a batch job that uses a STEPCAT/JOBCAT allocation. If the cluster is not intended to be accessed from another system where an ALIAS is correctly defined, you should define an alias or delete the cluster. If this condition is intentional, you can suppress the message from the report with a SUPPRESS MSG=294 command. CKR0295 Component part of two clusters on one system volser datasetname Severity: 08 Explanation: This points to a maintenance issue with catalogs: the same VSAM component is defined in two (master or connected) catalogs on one system. You should investigate which definition is correct for this system, and whether the other definition is not used on another system. You can fix this error by uncataloging the component (or the whole cluster) from one of the catalogs. CKR0296 PROGRAM profile w/o load module but info missing complex program Reason Severity: 04 Explanation: This message is issued by the VERIFY PGMEXIST function because the indicated PROGRAM profile does not seem to cover any load module from any system in the complex, but some information necessary to be sure is missing. The message is followed by one or more Reason lines with one of the following detail explanations: v Not all VTOCs in CKFREEZE to search for data set without volser dsname v Mig. catlg not in CKFREEZE to check data set any system dsname v PDS dir. not available for migrated data set syst dsname v VTOC is not in CKFREEZE to check data set syst volser v Mig. catlg not in CKFREEZE to check data set syst volume dsname v PDS dir. not available for migrated data set syst volume dsname v PDS directory not in CKFREEZE for data set syst volser dsname If you are using zSecure Admin or Audit for RACF, see the documentation for the VERIFY PGMEXIST, PROGRAMNONEMPTY, PROGRAMNOTEMPTY, PGMNONEMPTY, PGMNOTEMPTY commands in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual for more information about missing VTOCs, missing migration catalogs, and missing PDS directory information. If a CKRCMD file is allocated for the complex, a commented-out RDELETE command is generated to remove the PROGRAM profile. CKR0297 Obsolete PROGRAM, load module not in libraries complex program Severity: 04 Explanation: This message is issued by the VERIFY PGMEXIST function because the indicated PROGRAM profile does not cover any load module from any system in the complex. If a CKRCMD file is allocated for the complex, an Chapter 5. CKR messages 185 RDELETE command is generated to remove the PROGRAM profile. CKR0298 event user identity - defines OMVS default UID in BPX.DEFAULT.USER - output RALTER Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER command. It means that the identity to be removed defines the OMVS default UID, and that the error condition is resolved by removing the specification. If there was a default GID specification, it was to be removed as well; no separate message is shown. If there had been a default GID specification that should not be removed, the error condition would have been considered unresolvable and CKR0262 would have been issued instead. CKR0299 event group identity - defines OMVS default GID in BPX.DEFAULT.USER - output RALTER Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/GROUP command. It means that the identity to be removed defines the OMVS default GID, and that the error condition is resolved by removing the specification. It also means that the default UID specification was to be kept; otherwise CKR0298 would have been issued instead. Messages from 300 to 399 CKR0300 Tape volume vvvvvv part of TAPEVOL profile key1 as well as key2 Severity: 20 Explanation: This message is issued if a volume serial is part of more than one TAPEVOL profile. This might be caused by running with split databases and an incorrect range table. CKR0301 event permit identity whenclass whenprofile(1-15) - volume dsname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that the identity was found in the conditional access list of a discrete data set profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated. CKR0302 event permit identity whenclass whenprofile(1-15) dataset dsname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command, and with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command. It indicates that the identity was found in the conditional access list of a generic data set profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a PERMIT DELETE WHEN(...()) command will be generated. CKR0303 event permit identity whenclass whenprofile(1-15) model dsname Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command, and with event equal to Redundant due to a REMOVE REDUNDANT_PERMIT command. It indicates that the identity was found in the conditional access list of a model data set profile. Only the first 15 characters of the key in the conditional permit are shown. To solve the condition a 186 Version 1.12: Messages Guide PERMIT DELETE WHEN(...()) command will be generated. CKR0304 Tape information inconsistent on scratch status for volume volser datasetname Severity: 08 Explanation: This message is issued if one tape catalog entry for volser indicates that it is a scratch volume, while another one indicates that it is not. It will be treated as a scratch volume. CKR0305 Catalog entry conflicts with tape management system volser datasetname file seq Severity: 8 Explanation: This message is issued if an ICF catalog and a tape catalog indicate different data set names for the same file sequence number on the same volume serial. The tape catalog is assumed to be correct, the ICF catalog entry will be ignored. CKR0306 TVTOC entry conflicts with tape management system volser datasetname file seq Severity: 08 Explanation: This message is issued if a TVTOC entry in the RACF database and a tape catalog entry indicate different data set names for the same file sequence number on the same volume serial. The tape catalog is assumed to be correct, the TVTOC entry will be ignored. CKR0307 Conflicting tape management information for file volser datasetname file seq Severity: 08 Explanation: This message is issued if two tape catalog entries indicate different data set names for the same file sequence number on the same volume serial. There is no way to determine which is correct. CKR0308 Catalog entry same fileseq as other catalog entry volser datasetname file seq Severity: 08 Explanation: This message is issued if two ICF catalog entries indicate different data set names for the same file sequence number on the same volume serial. There is no way to determine which is correct. CKR0309 Catalog entry conflicts with TVTOC volser datasetname file seq Severity: 08 Explanation: This message is issued if an ICF catalog and a TVTOC entry in the RACF database indicate different data set names for the same file sequence number on the same volume serial. The TVTOC is assumed to be correct, the ICF catalog entry will be ignored. CKR0310 Adding previous volume pointer would create a loop volser datasetname previous vol2, reading source Severity: 08 Explanation: This message is issued if vol2 is declared as the volume directly preceding volser, while volser already precedes vol2. source is either TVTOC, to indicate that the error was detected while processing the RACF database, or CKFREEZE, to indicate that the error was detected while processing the ICF and tape catalogs. The new link is not established; any TVTOC entries are processed first. CKR0311 Conflicting tape management info on volume chaining volser datasetname previous vol2 Severity: 08 Explanation: This message is issued if two tape management catalog entries indicate different previous volumes for the same volume serial. There is no way to determine which is correct. Chapter 5. CKR messages 187 CKR0312 TVTOC chaining conflict with tape management system volser datasetname previous vol2 Severity: 08 Explanation: This message is issued if a TVTOC entry in the RACF database conflicts with the tape management catalog as to the previous volume for the indicated volume serial. The tape management catalog will be considered correct, and the TVTOC entry will be ignored. CKR0313 Catalog entries disagree on the previous volume of volser datasetname previous vol2 Severity: 08 Explanation: This message is issued if two ICF catalog entries indicate different previous volumes for the same tape volume serial. There is no way to determine which is correct; vol2 is the ignored link. CKR0314 Catalog vol chaining conflicts with tape management volser datasetname previous vol2 Severity: 08 Explanation: This message is issued if an ICF catalog entry conflicts with the tape management catalog as to the previous volume for the indicated volume serial. The tape management catalog will be considered correct, and the information from the catalog entry will be ignored. CKR0315 Catalog vol chaining conflicts with TVTOC volser datasetname previous vol2 Severity: 08 Explanation: This message is issued if an ICF catalog entry conflicts with a TAPEVOL TVTOC entry in the RACF database as to the previous volume for the indicated volume serial. The TVTOC will be considered correct, and the information from the catalog entry will be ignored. CKR0316 Imbedded ISPF variable not found - name at ddname line number Severity: 12 Explanation: This message indicates that an INCLUDE or IMBED command was given for an ISPF variable, but the variable was not present in either the implicit function pool, the shared variable pool, or the profile variable pool. CKR0317 Open failed [type abend rc-rr (interpretation)] for imbedded file ddname dataset dsname at ddname2 line number Severity: 12 Explanation: This message indicates that an INCLUDE or IMBED command was given for a file, but the file could not be opened. If an abend occurred, the abend code, reason code and interpretation are given. Review the job log for messages with additional information. If no abend information is present in the message, a preceding CKR message should indicate the reason for the failure. CKR0318 ICHRIN03 generic entry is not the last one, ignored sys entry "procname userid grpname" Severity: 08 Explanation: This message indicates an error in the contents of the Started Procedure Table ICHRIN03 on the indicated system sys. The generic entry must be the last entry to be handled as a generic entry by RACF. It appears that the generic entry in your ICHRIN03 is not the last entry. CKR0319 ICHRIN03 generic entry allows masquerading any user sys entry "procname userid grpname" Severity: 08 Explanation: This message indicates an undesirable effect of the contents of the Started Procedure Table ICHRIN03 on the indicated system sys. The generic entry allows persons with UPDATE access to a started task procedure library or JES2 parameter data set to masquerade as any user in the system by creating a procedure member with a name equal to the user ID to masquerade. The recommended form of the generic entry is to include in the generic 188 Version 1.12: Messages Guide entry a nonblank group name that is specifically meant to contain only the user IDs allowed to run as started tasks. CKR0320 Option only valid behind NEWLIST - option at ddname line Severity: 12 Explanation: This message indicates that the indicated option was included on a BUNDLE, OPTION or PRINT command, but this option is only allowed on the NEWLIST. Examples are RDS, NONRDS, and RETAIN®. Note that most PRINT options are also allowed on the NEWLIST command. CKR0321 ICHRIN03 undefined user id procedure procname volume dsn status system Severity: 08 Explanation: This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a user ID that is not defined in the RACF database; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03. CKR0322 ICHRIN03 undefined group id procedure procname volume dsn status system Severity: 08 Explanation: This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a connect group that is not defined in the RACF database; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03. CKR0323 ICHRIN03 no connect uid to group id proc procname volume dsn status system Severity: 08 Explanation: This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a user ID/group combination that has no connect defined in the RACF database; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03. CKR0324 ICHRIN03 contains group id as user - procname volume dsn status system Severity: 08 Explanation: This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a user ID that is not defined as user in the RACF database, but as a group; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03. CKR0325 ICHRIN03 contains userid id as group - procname volume dsn status system Severity: 08 Explanation: This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the RACF database on system system. If status is system, the indicated procedure in the indicated procedure library maps to a group name that is not defined as group in the RACF database, but as a user; hence the procedure will run with the default authority, the undefined RACF user "*". If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, Chapter 5. CKR messages 189 the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03. CKR0326 Started task runs with default authority procname volume dsn status system Severity: 00 Explanation: If status is system, this message identifies a started task that runs with the default RACF user (USER=*) on system system. This may be correct (if the task does not need any higher access than the UACC of the data sets accessed). On the other hand, often a number of procedures can be identified which will fail if started with this (lack of) authority. If status is fallback, the indicated procedure has the same problem, but is currently unused; if no procedure library is indicated, there is no task by that name; if a library is indicated, the task is covered by a valid profile in the STARTED class and hence does not use ICHRIN03. If you are not interested in the latter kind of potential problems, add SUPPRESS FALLBACK to the command input. To suppress all messages concerning the default user ID, you can add SUPPRESS ID=* (for ICHRIN03) and SUPPRESS ID=++++++++ (for the STARTED class) to the command input. To suppress only this message, add SUPPRESS MSG=326 to the command input. CKR0327 ICHRIN03 entry unused (no proc any subsys) procname Severity: 08 Explanation: This message indicates a mismatch between the Started Procedure Table ICHRIN03 and the active procedure libraries. The indicated procedure name in ICHRIN03 does not cover any procedure in any of the MSTR and JES2 procedure libraries used for started tasks in any of the systems. Note: This message may also be issued if a CKFREEZE file is used that was produced by running zSecure Collect from an unauthorized library. If zSecure Collect is run with APF authorization, it will use cross memory functions to find the data sets allocated to STCPROC (or PROC00 if there's no STCPROC). Subsequently, it will read the PDS directory of each of these proclibs. Note that it is insufficient to tell zSecure Collect to dump the directories of the PDS data sets in an unauthorized run, because they will not be known as proclibs. CKR0328 Obsolete permit identity unknown program program - in model datasetprofile Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Basic program security mode. A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause. CKR0329 Obsolete permit identity unknown program program generic datasetprofile Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Basic program security mode (RACF pre-z/OS 1.4 or specifically defined in later RACF releases). A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause. CKR0330 Open failed [type abend rc-rr (interpretation)] for imbedded member member of file ddname dataset dsname at ddname2 line number Severity: 12 Explanation: This message indicates that an INCLUDE or IMBED command was given for a member, but the member could not be opened in the data set allocated to the file. If an abend occurred, the abend code, reason code and interpretation are given. Review the job log for messages with additional information. If no abend information is present in the message, a preceding CKR message should indicate the reason for the failure. CKR0331 STC default authority - procname is a group procname volume dsn system system Severity: 08 Explanation: This message indicates a mismatch for a specific procedure library member between the generic entry in the Started Procedure Table ICHRIN03 and the RACF database on system system. The indicated procedure in the indicated procedure library maps to a user ID that is not defined as a user in the RACF database, but as a group. 190 Version 1.12: Messages Guide Hence the procedure will be assigned the undefined RACF user "*" when started. CKR0332 STC revoked connect user to group - procname volume dsn status system Severity: 08 Explanation: If status is system, this message indicates a procedure on system system that cannot be started. The indicated procedure in the indicated procedure library maps to a user ID/group combination that has a connect defined in the RACF database, but the connect has been revoked. Consequently, the procedure is not startable. If status is fallback, the indicated procedure has the same problem, but is currently unused. If no procedure library is indicated, there is no task by that name. If a library is indicated, the task is covered by a valid profile in the STARTED class and does not use ICHRIN03. CKR0333 Revoked started task uid userid procedure procname volume dsn status system Severity: 08 Explanation: If status is system, this message indicates a nonstartable procedure on system system. The indicated procedure in the indicated procedure library maps to a user ID that is defined in the RACF database, but the user ID has been revoked. Consequently, the procedure is not startable. If status is fallback, the indicated procedure has the same problem, but is currently unused. If no procedure library is indicated, there is no task by that name. If a library is indicated, the task is covered by a valid profile in the STARTED class and does not use ICHRIN03. CKR0334 JCL member hidden (duplicate) for procedure procname volume dsn Severity: 00 Explanation: This message indicates a nonstartable procedure member. The indicated procedure in the indicated procedure library cannot be started, because it is part of a concatenation. The library prior to it in the concatenation has the same member defined. Consequently, this JCL member cannot be started. CKR0335 Copy id1 to id2 adds discrete resource class key Severity: 04 Explanation: This message indicates that a command was generated in the CKRCMD file to add a discrete general resource profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command. CKR0336 Copy id1 to id2 adds generic resource class key Severity: 04 Explanation: This message indicates that a command was generated in the CKRCMD file to add a generic general resource profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command. CKR0337 Copy id1 to id2 adds generic dataset profile dsn Severity: 04 Explanation: This message indicates that a command was generated in the CKRCMD file to add a generic data set profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command. CKR0338 Copy id1 to id2 adds model dataset profile dsn Severity: 04 Explanation: This message indicates that a command was generated in the CKRCMD file to add a model data set profile specific to id2 mimicking a similar existing profile for id1. The message is issued as the result of a COPY command. Chapter 5. CKR messages 191 CKR0339 Replace owner id1 of new generic dataset profile dsn - make id2 Severity: 04 Explanation: This message indicates that a command was generated in the CKRCMD file to change the owner of a generic data set profile specific to id2 from id1 to id2. The message is issued as the result of a COPY command. CKR0340 Replace owner id1 of new model dataset profile dsn - make id2 Severity: 04 Explanation: This message indicates that a command was generated in the CKRCMD file to change the owner of a model data set profile specific to id2 from id1 to id2. The message is issued as the result of a COPY command. CKR0341 Unsupported copy id for tape dataset profile volser dsn Severity: 08 Explanation: This message indicates that no command was generated in the CKRCMD file to copy the user-specific or group-specific discrete profile. The message is issued as the result of a COPY command. CKR0342 Unsupported copy id non-VSAM dataset profile volser dsn Severity: 08 Explanation: This message indicates that no command was generated in the CKRCMD file to copy the user-specific or group-specific discrete profile. The message is issued as the result of a COPY command. If the COPY is issued as preparation to a rename operation, then a RENAME of the data set would automatically accomplish the rename of the discrete profile. CKR0343 Unsupported copy id for VSAM dataset profile volser dsn Severity: 08 Explanation: This message indicates that no command was generated in the CKRCMD file to copy the user-specific or group-specific discrete profile. The message is issued as the result of a COPY command. If the COPY is issued as preparation to a rename operation, then a RENAME of the data set would automatically accomplish the rename of the discrete profile. CKR0344 Unsupported copy id for member of profile class key Severity: 08 Explanation: This message indicates that no command was generated in the CKRCMD file to copy the function of the user-specific entry in the member list of the indicated profile. The message is issued as the result of a COPY command. CKR0345 Group implied in command input is a user - id Severity: 12 Explanation: This message indicates that a command was given implying that the ID id is a group. However, id is defined as a user ID in the RACF database. Most commands will not be processed any further. CKR0346 User implied in command input is a group - id Severity: 12 Explanation: This message indicates that a command was given implying that the ID id is a user ID. However, id is defined as a group in the RACF database. Most commands will not be processed any further. 192 Version 1.12: Messages Guide CKR0347 event owner id1 by id2 in resource class key Severity: 04 Explanation: This message indicates that a command was generated in the CKRCMD file to change the owner of a general resource profile specific to id2 from id1 to id2. The message is issued as the result of a COPY command. CKR0348 parameter must come behind TOUSER Severity: 12 Explanation: The order of the parameters on the COPY or MOVE command is invalid. The parameter indicated is only valid behind the TOUSER parameter. CKR0349 parameter only valid behind COPY Severity: 12 Explanation: The parameter is not valid on the current MOVE or REMOVE command, but only on a COPY command. CKR0350 Number of permits/references processed is number Severity: 00 Explanation: This message gives the number of permits and other references to users and groups that have been processed. It can be used as a measure for the complexity of your database and the IBM Security zSecure Admin and Audit for RACF command processed. CKR0351 event owner identity on group name - make name Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER command. Both the owner and the superior group field will be changed by an ALG command to the indicated group. CKR0352 Add user id1 to group id2 as requested - output ADDUSER Severity: 00 Explanation: This message indicates that a command was generated in the CKRCMD file to add the user ID id1 with group id2 as its default group. The message is issued as the result of a COPY USER= command. CKR0353 Add group id1 to group id2 at depth depth as requested - output ADDGROUP Severity: 00 Explanation: This message indicates that a command was generated in the CKRCMD file to add the group id1 as a subgroup of id2. The message is issued as the result of a COPY USER= command. CKR0354 parameter only valid behind USER= or COPY PERMIT/GROUP= Severity: 12 Explanation: The parameter is not valid on the current MOVE or REMOVE command, or the order of the parameters is invalid. CKR0355 PERMIT/USER/GROUP/NOTIFY are mutually exclusive operands that can occur once per command Severity: 12 Explanation: Only one of the indicated operands is allowed per MOVE, REMOVE, or COPY command. Chapter 5. CKR messages 193 CKR0356 Not adding user userid as requested because all connects omitted by request - specify TOGROUP Severity: 12 Explanation: This message indicates that a COPY request was given for a user userid, but the user could not be added since by your request (for example, FROMGROUP parameter or by means of SELECT commands) all connects would be omitted. In order to add a user ID, at least one connect group is required. CKR0357 Procedure name not a userid - uses default procname volume dsn system system Severity: 00 Explanation: This message identifies a started task that runs with the default RACF user (USER=*), because the user ID implied in the Started Procedure Table through the generic entry "* =" is not defined in the RACF database on system system. This may be correct (if the task does not need any higher access than the UACC of the data sets accessed). On the other hand, often a number of procedures can be identified which will fail if started with this (lack of) authority. To suppress all messages concerning the default user ID, you can add SUPPRESS ID=* (for ICHRIN03) and SUPPRESS ID=++++++++ (for the STARTED class) to the command input. To suppress only this message, add SUPPRESS MSG=357 to the command input. CKR0358 ICHRIN03 generic entry is privileged sys Entry "procname userid grpname" Severity: 08 Explanation: This message indicates an undesirable feature of the Started Procedure Table ICHRIN03 on the indicated system sys. The generic entry has the privileged attribute, allowing any started task that is newly added to a procedure library to run with unaudited bypass of the access control decisions. This attribute is normally needed only by a few selected tasks, not by almost all started tasks. CKR0359 ICHRIN03 generic entry is trusted sys Entry "procname userid grpname" Severity: 08 Explanation: This message indicates an undesirable feature of the Started Procedure Table ICHRIN03 on the indicated system sys. The generic entry has the trusted attribute, allowing any started task that is newly added to a procedure library to run with bypass of the access control decisions. This attribute is normally needed only by a few selected tasks, not by almost all started tasks. CKR0360 GROUP invalid behind MOVE Severity: 12 Explanation: The parameter is not valid on the MOVE command. Use USER, PERMIT or NOTIFY to move a user or replace a permit or notify. CKR0361 TOGROUP required with MOVE USER/PERMIT Severity: 12 Explanation: The parameter TOGROUP is missing from the MOVE command. Use this parameter to indicate to which group the user must be moved. CKR0362 Delete of userid userid not requested, but removal of all connects implied Severity: 12 Explanation: The REMOVE or MOVE commands for user IDs and groups results in removal of all connects for the indicated user ID. However, no REMOVE of this user ID was requested. The user ID will not be deleted by the generated commands. You can either specify a TOGROUP for the user, add a REMOVE for the user, or change the current commands. You can also use the 'Delete all USERs connected to GROUP' option when running with the ISPF interface. 194 Version 1.12: Messages Guide CKR0363 parameter only valid behind PERMIT= Severity: 12 Explanation: The parameter indicated is not valid on the current command, or the order of the parameters is incorrect. CKR0364 Duplicate name for security level nn "name1" and "name2" Severity: 20 Explanation: The member list of the SECLEVEL profile in the class SECDATA defining the names of the security levels contains more than one name for the same level. This may happen if the database has more than one SECLEVEL profile. CKR0365 Duplicate name for security category nn "name1" and "name2" Severity: 20 Explanation: The member list of the CATEGORY profile in the class SECDATA defining the names of the security categories contains more than one name for the same internal representation of a category. This may happen if the database has more than one CATEGORY profile. CKR0366 The following profiles have no data rule specified - current settings used: Severity: 08 Explanation: This message indicates that the profiles following the colon exist in both the source and the current database, containing different data. However, a mergerule prescribing a data policy was not found. CKR0367 The following profiles have no auth rule specified - source settings used: Severity: 08 Explanation: This message indicates that the profiles following the colon exist in both the source and the current database, containing different security related data. However, a mergerule prescribing an authority policy was not found. CKR0368 The following users have no auth rule specified - revoke status unpredictable Severity: 08 Explanation: This message indicates that the profiles following the colon exist in both the source and the current database, containing different security related data. However, no mergerule prescribing an authority policy could be found. CKR0369 number logonid records read for complex Severity: 00 Explanation: This message is only issued for an ACF2 logon ID database and indicates the number of records that were read. CKR0370 Indirect field reference to field is not supported at ddname line number Severity: 12 Explanation: The indicated indirect reference from:field is not supported. Chapter 5. CKR messages 195 CKR0371 Field reference by : operator invalid on LIST command, use SORTLIST/DISPLAY - type "value" at ddname line number Severity: 12 Explanation: In the NEWLIST TYPE=RACF, an indirect field reference from:field is only valid on the SORTLIST and DISPLAY commands, not on the LIST command. CKR0372 Formats SECLEVEL and CATEGORY invalid on LIST command, use SORTLIST - type "value" at ddname line number Severity: 12 Explanation: A security level or category format is only valid on the SORTLIST and DISPLAY commands, not on the LIST command. CKR0373 Scan operator : only valid with "=" or "<>" - type "value" at ddname line number Severity: 12 Explanation: The field value scan operator : is only valid when the field value comparator indicates equal or unequal. CKR0374 Field scan for string type t is not supported Severity: 12 Explanation: You can only scan for a character string. CKR0375 Conversion error for selection of field name value "value" at ddname line number Severity: 12 Explanation: The indicated value could not be converted to the internal format required for field name. CKR0376 Modifier modifier invalid for field name at ddname line number Severity: 12 Explanation: The output modifier (for example, EXPLODE or SCOPE) cannot be used with field name or output format. CKR0377 TTR Conversion routine fails on track Rn for ddname volser dsname Severity: 20 Explanation: This message indicates a failure during EXCP mode processing. Contact IBM Software Support. The message can be circumvented by adding the command BDAMQSAM to the input. CKR0378 PROFLIST must refer to a previously defined NEWLIST NAME= parameter Severity: 12 Explanation: PROFLIST accepts the name of a preceding NEWLIST as its value. The value you passed was not defined as the NAME of a NEWLIST. CKR0379 option only valid in scope of a NEWLIST command Severity: 12 Explanation: The indicated option can only be specified on a command following NEWLIST. 196 Version 1.12: Messages Guide CKR0380 Action for user userid requested, but userid not defined Severity: 12 Explanation: The REMOVE, MOVE, or COPY command for the indicated user cannot complete successfully, since the user does not exist. Check for typing errors or for SELECT statements that exclude part of the database. CKR0381 Action for group grpid requested, but group not defined Severity: 12 Explanation: The REMOVE or COPY command for the indicated group cannot complete successfully, since the group does not exist. Check for typing errors or for SELECT statements that exclude part of the database. CKR0382 name field invalid on LIST command, use SORTLIST - at ddname line number Severity: 12 Explanation: The field name is only valid on the SORTLIST and DISPLAY commands, not on the LIST command. CKR0383 Non-PADS access required to process RACF database of system complex without your userid Severity: 12 Explanation: When in restricted access mode, the security database you process must contain a user ID equal to your user ID on the current system. No such user ID was found in the security database for the indicated complex. The run will be terminated. CKR0383 Unrestricted access required to process ACF2 database of system complex without your logonid logonid Severity: 12 Explanation: When in restricted access mode, the security database you process must contain a logon ID equal to your logon ID on the current system. No such logon ID was found in the security database for the indicated complex. The run is terminated. CKR0384 Non-PADS run required to access restricted field field Severity: 04 or 12 Explanation: This message indicates that the program is operating in restricted or PADS mode and will not allow you to request access to a field that is not normally displayable by RACF commands. This condition is considered a syntax error (severity 12) unless an ALLOWRESTRICT modifier explicitly indicates that the query should be executed anyway; if the latter is the case, this message is issued as a warning (severity 4) to remind you that no output will be generated for the indicated field. CKR0385 event member resource(1-33) class profile Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that the identity was found in a discrete member of a general resource profile in a grouping class. Only the first 33 characters of the member resource name are shown. To solve the condition a RALT DELMEM(...()) or RALT ADDMEM(...()) command will be generated. CKR0386 event member resource(1-33) class profile Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that the identity was found in a generic member of a Chapter 5. CKR messages 197 general resource profile in a grouping class. Only the first 33 characters of the member resource name are shown. To solve the condition a RALT DELMEM(...()) or RALT ADDMEM(...()) command will be generated. CKR0387 event member resource(1-33) GLOBAL DATASET Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, with event equal to Remove due to a REMOVE PERMIT/USER/GROUP command, and with event equal to Copy or Replace due to a COPY PERMIT/USER/GROUP command. It indicates that the identity was found in a data set name present as member of a GLOBAL DATASET profile. Only the first 33 characters of the member resource name are shown. To solve the condition a RALT DELMEM(...()) or RALT ADDMEM(...()) command will be generated. CKR0388 ISPLINK module missing, variable not available - varname at ddname line number Severity: 12 Explanation: An IMBED or INCLUDE statement requested input from an ISPF variable, but the ISPF interface module ISPLINK could not be found. CKR0389 ISPLINK module missing, no ISPF functions possible Severity: 12 Explanation: A command requested ISPF functions, but no ISPF interface module ISPLINK was found, neither with BLDL nor linked into the CKRCARLA load module. CKR0390 No active ISPF environment, no ISPF functions possible Severity: 12 Explanation: A command requested ISPF functions, but the ISPLINK return code indicates it is incapable of performing ISPF commands. CKR0391 Duplicate NEWLIST NAME=name at ddname line number, already defined at ddname2 line number2 Severity: 12 Explanation: Two NEWLISTs have the same NAME=name parameter. This is not allowed. CKR0392 DDNAME parameter required on UNLOAD in the scope of a NEWLIST Severity: 12 Explanation: When an UNLOAD command is used in the scope of a NEWLIST command, the output file must be specified using the DDNAME= parameter or its equivalent (DD=, FILE=, F=). CKR0393 Invalid DEBUG option - option Severity: 12 Explanation: An invalid DEBUG option was used. CKR0394 More than 16 SMF exits per subsystem not supported - system system-name Severity: 16 Explanation: System system-name has more than 16 SMF exits for one or more SMF subsystems. This is not supported in current versions of MVS and zSecure. 198 Version 1.12: Messages Guide CKR0395 Modifier WRAP cannot be combined with the format format - field name at ddname line number Severity: 12 Explanation: This message indicates an error with the use of the WRAP or WORDWRAP. These output modifiers cannot be used on a column with the indicated output format. CKR0396 nn rule records containing a total of nn entries read for complex Severity: 00 Explanation: This message is only issued for an ACF2 rule database and indicates the number of records that were read, as well as the total number of rule lines that were present in those records. CKR0397 Field name of length field-length truncated to new-length to fit in line length line-length at ddname line number Severity: 00 Explanation: This message indicates that field name did not fit on the output line and was truncated to fit the line length. It does not indicate an error condition. CKR0398 Maximum of 255 merged NEWLISTSs exceeded before type "value" at ddname line number Severity: 12 Explanation: The number of NEWLIST statements between a MERGELIST and ENDMERGE pair exceeded 255. Reduce the number of NEWLISTs, or split the report into several MERGELIST/ENDMERGE pairs. CKR0399 SUMMARY must be the last command in a NEWLIST body, only one per NEWLIST Severity: 12 Explanation: This message indicates that a SUMMARY or DSUMMARY command was followed by another command from the LIST family within the same NEWLIST. This is not allowed. Messages from 400 to 499 CKR0400 AND requires prior clause Severity: 12 Explanation: A syntax error was detected in the input. The program thinks it has encountered an AND in an AND/OR list in a SELECT or EXCLUDE command, but has not encountered the previous clause. CKR0401 OR requires prior clause Severity: 12 Explanation: A syntax error was detected in the input. The program thinks it has encountered an OR in an AND/OR list in a SELECT or EXCLUDE command, but has not encountered the previous clause. CKR0402 NOT clause expects parentheses instead of type "value" at ddname line number Severity: 12 Explanation: This message indicates that the program has interpreted the previous token as a NOT in a SELECT or EXCLUDE command and is now expecting a clause within parentheses. Chapter 5. CKR messages 199 CKR0403 LIKELIST must refer to a previously defined NEWLIST type=type NAME= parameter Severity: 12 Explanation: This message indicates that a LIKELIST was used that did not refer to an existing NEWLIST name of the same type (indicated by type). A LIKELIST target must be the name of a NEWLIST of the same type that must come earlier in the input. There must be a LIST, SORTLIST/DISPLAY, or (D)SUMMARY command in the NEWLIST that is referred to. If you suppress this message all LIKELIST clauses which do not refer to a preceding NEWLIST select all records. CKR0404 Expected valid year value instead of value Severity: 12 Explanation: This message indicates that you specified a value for the YEAR keyword of the SELECT or EXCLUDE command that is out of range. Valid year values are in the range 0 to 99 (with 1900 added implicitly), or 1900 and higher. CKR0405 Range error in type Severity: 12 Explanation: This message indicates that you specified a range (two values separated by a colon) of type in the SELECT or EXCLUDE command that is not valid. The start value in a range must be lower than or equal to the end value. The only exception is a range of weekday values, which should have a start value different from the end value (a weekday range can handle wrap-arounds). CKR0406 Error during conversion of string string Severity: 12 Explanation: This message indicates that an error occurred during the conversion of string string from hexadecimal, decimal or binary. Check string for characters invalid in the specified conversion type. CKR0407 Expected valid monthday value instead of value Severity: 12 Explanation: This message indicates that you specified a value for the MONTHDAY keyword of the SELECT or EXCLUDE command that is out of range. Valid monthday values are in the range 1 to 31. CKR0408 Unknown event name name Severity: 12 Explanation: This message indicates that you specified an event name for the EVENT keyword of a SELECT or EXCLUDE command that is unknown. Either specify an event by name or use an event number. CKR0409 Substring selection only allowed with =, <> and ¬= Severity: 12 Explanation: This message indicates that the <, >, <= or >= relational operator was used for a substring scan (indicated by a colon ":" after the relational operator). This is not allowed; only the equal and not-equal operations are defined for a substring scan. CKR0410 Value list only allowed with =, <> and ¬= Severity: 12 Explanation: This message indicates that the <, >, <= or >= relational operator was followed by an opening parenthesis indicating the start of a list of values. This is not allowed; only the equal and not-equal operations are defined for a list of values. 200 Version 1.12: Messages Guide CKR0411 Expected valid time value instead of value Severity: 12 Explanation: This message indicates that you specified a value for the TIME keyword of a SELECT or EXCLUDE command that is out of range. Valid time values are in the range 0000 to 2359; minute values of 60 or higher are not allowed. Warning: specifying TIME=10:00 would indicate an (invalid) time range from 0010 to 0000. Use TIME=1000 instead. CKR0412 String longer than expected size value Severity: 12 Explanation: This message indicates that you specified a string value that is longer than allowed for this keyword of the SELECT or EXCLUDE command. The allowed maximum length for this keyword is included in the message. CKR0413 List not allowed for FIELDVAL type type Severity: 12 Explanation: This message indicates that you used a value list with the NEWLIST TYPE=SMF FIELDVAL type MASK1 or MASK2. These FIELDVAL types can only be used with a single value. CKR0414 Ignored empty list of type Severity: 00 Explanation: This warning message indicates that you specified a keyword but no type value or list of values in the SELECT or EXCLUDE command. zSecure has ignored the keyword and will continue input processing. This message may also occur when a list contains only invalid values. CKR0415 Duplicate event event while parsing eventname Severity: 12 Explanation: While parsing a "select event<>" clause the indicated event was found to be specified twice. The second specification was eventname. This happens most often when an event was specified both by name or number, or as part of a predefined group of events (for example, ALLSVC). If it is unclear which other specification eventname is in conflict with, you can move the eventname specification to the beginning of the clause, and run the query again. The resulting CKR0415 message should then show the other eventname in the conflict. If the duplicate specification is intended (for example, event<>(ALLSVC(success),RACINIT(warning))), you should move one of the two to a separate event<> clause in your select. CKR0416 Duplicate type number value Severity: 12 Explanation: This message indicates that a type code was used twice in a value list of the TYPE keyword of the SELECT or EXCLUDE command. CKR0417 Expected ( or =, ¬= or <> relational operator before type "value" at ddname line number Severity: 12 Explanation: This message indicates that the program did not find the relational operator =, ¬=, or <> or the opening parenthesis of a value list in a SELECT or EXCLUDE command. Larger than/smaller than operators, and field-compare operators, are not allowed here. CKR0418 SMF input terminated, limit SMFIN reached Severity: 00 Explanation: This message indicates that zSecure Audit has stopped reading SMF records because the input limit Chapter 5. CKR messages 201 defined by the SMFIN parameter of the LIMIT command has been reached. This message is for informational purposes only and does not indicate an error. CKR0419 SMF input terminated, all OUTLIM limits reached Severity: 00 Explanation: This message indicates that zSecure Audit has stopped reading SMF records because the output limit defined by the OUTLIM parameter of the NEWLIST command has been reached for all NEWLISTS of TYPE=SMF. CKR0420 Warning: ALLOC NJENODE= node1 differs from CKFREEZE node node2 for complex complex Severity: 00 Explanation: The NJE node on the ALLOC statement will be used instead of the actual node. This means that the commands will not be routed to the node they have been generated for, unless you are quite sure the node is now called by the name specified on the ALLOC statement. CKR0421 Pattern pattern not allowed at ddname line number Severity: 12 Explanation: This message indicates a string containing wildcard characters was used where it is not allowed, for example, for a substring scan or a field for which pattern searches are not supported. CKR0422 Expected clause following operator Severity: 12 Explanation: This message indicates that a select clause ended with operator, where operator is AND or OR. An AND or an OR should be followed by another select clause. CKR0423 List of type values not allowed Severity: 12 Explanation: This message indicates that a list of values was used with the type (TIME or DATETIME) keyword of the SELECT or EXCLUDE command. This is not allowed; use a range of values (two values separated by a colon) or multiple clauses concatenated by ORs instead. CKR0424 Warning: Ambiguous AND/OR usage, please use parentheses to indicate desired grouping Severity: 04 Explanation: This message indicates that a SELECT/EXCLUDE or WHERE clause was ambiguous, and will be resolved left to right. This may not be desired; use parentheses around AND/OR clauses to indicate the desired grouping. CKR0425 Field "field-name" to be processed not valid for NEWLIST TYPE=list-type at ddname line number Severity: 12 Explanation: The output field you requested on the LIST, SORTLIST, DISPLAY, or SUMMARY command has not been defined for the NEWLIST of type list-type. Verify the spelling. If list-type is equal to deftype, then that is not the newlist type itself, but indicates that the error occurred in a newlist defined with a DEFTYPE statement. CKR0426 Unknown descriptor type hex-value in CKASMFI Severity: 08 Explanation: This message indicates that an internal error occurred in the selection of fields in a SMF record. Contact IBM Software Support. 202 Version 1.12: Messages Guide CKR0427 nn SMF records read, nn SMF records selected (nn%) Severity: 00 Explanation: This message indicates the number of SMF records read and the number and percentage that were selected. CKR0428 [reason] input OPEN failed ddname volser datasetname Severity: 16 Explanation: This message indicates that ddname was allocated but could not be opened for input. Check the DD statement for ddname, correct the error and submit the job again. The type shown is the newlist type for which the file was required; it is either SMF or the name of a newlist type defined with a DEFTYPE statement. For a DEFTYPE type file, no automatic scoping of the file contents is supported. Therefore, unconditional access to the file is required. If it can only be read via PADS, the reason will indicate that. CKR0429 SMF unload OPEN failed ddname volser datasetname Severity: 16 Explanation: This message indicates that ddname was allocated but could not be opened for output. Check the DD statement for ddname, correct the error and submit the job again. CKR0430 No type input files could be opened Severity: 12 Explanation: This message indicates that no input files could be opened for newlist type type, either because no ddnames were allocated or because none of the allocated ddnames could be opened for input. Check the DD statements and submit the job again. The type shown is either SMF or the name of a newlist type defined with a DEFTYPE statement. Note that this message can also occur when ALLOCATE SMF ACTIVE was specified and system runs without active SMF recording. CKR0431 Error in conversion of bitfield string Severity: 12 Explanation: This message indicates that an error occurred during conversion of a bitfield. Bitfields may consist of the characters 0, 1, and "." (don't-care). CKR0432 Field type type not supported for field field Severity: 12 Explanation: This message indicates that the indicated field was used for SELECT/EXCLUDE processing; the field can only be used for output in the current NEWLIST type. The NEWLIST types for which this error message may occur support the selection of strings, bitfields, and numbers. Some field types like time zones can only be used for output. CKR0433 SUMMARY and LIST type commands without a prior NEWLIST are not supported for program Severity: 12 Explanation: SUMMARY, DSUMMARY, DISPLAY, LIST and SORTLIST commands are only valid within the context of a NEWLIST, unless the program is enabled to read a RACF database. If you are using the IBM Tivoli zSecure Manager for RACF z/VM product, you should not get this message. Contact IBM Software Support. Chapter 5. CKR messages 203 CKR0434 Expected decimal value instead of type "value" at ddname line number Severity: 12 Explanation: This message indicates that a non-decimal value was encountered where a decimal value was expected. CKR0435 Value number (decimal) above maximum of maximum Severity: 12 Explanation: This message indicates that a number was read that is too large to fit the field. zSecure either read the decimal number number or converted a quoted string (from hexadecimal or binary) that has decimal value number. CKR0436 Meaning of DDNAME keyword has changed, use SMFDD instead - at ddname line number Severity: 12 Explanation: This message indicates that a query used the NEWLIST TYPE=SMF keyword DDNAME. The meaning of this keyword has changed; use SMFDD instead. CKR0437 SMF input terminated by user attention request Severity: 00 Explanation: This message indicates that input processing for NEWLIST TYPE=SMF was terminated because the user pressed the attention key. Output will be generated for the records processed so far. CKR0438 SMF input terminated: out of memory Severity: 08 (unless changed by the MSGRC parameter of the OPTION statement) Explanation: This message indicates that input processing for NEWLIST TYPE=SMF was terminated because the program ran out of memory. Output will be generated for the records processed so far. To process more input, either create more restrictive SELECT/EXCLUDE statements, or increase the REGION size. CKR0439 PERMISSIONS of ALLOW and LOG are mutually exclusive with PREVENT Severity: 12 Explanation: Selection of ACF2 data set access rules on an access level of PREVENT cannot be combined with selection on other access levels, at least not on the same PERMISSIONS keyword. CKR0440 Field 'field-name' may not be used for select/exclude processing, use 'field-name2' instead Severity: 12 Explanation: This message indicates that a select clause for the NEWLIST TYPE=SMF tried to use the field field-name, which can only be used for output. In some cases, an alternative field field-name2 is suggested. CKR0441 Field 'field' may not be used in compare operations Severity: 12 Explanation: The indicated field may not be used in a field vs field compare operation in the NEWLIST TYPE=SMF. Normal field-value comparisons are allowed. CKR0442 Resource deletion: Migrated related name MIGRAT dsname catalog Severity: 00 Explanation: This message indicates that a migrated data set name present in the HSM MCDS has a high level qualifier that should be deleted. It is however a related name for another data set name, that usually will have the same first qualifier. Any non-VSAM entries in the catalog for this name should be deleted automatically by HSM 204 Version 1.12: Messages Guide when the base name is deleted. No specific command is being generated. CKR0443 event appdat identity general resource profile class key Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE PERMIT/USER command. It means that the identity to be removed occurs in the APPLDATA field. This message is only issued for the TMEADMIN class. To solve the condition an RDEL command will be generated to remove the entire profile. CKR0444 ACL field invalid on SUMMARY/DSUMMARY, use USERID - at ddname line number Severity: 12 Explanation: This message indicates that a summary cannot be performed on the special-purpose field ACL. CKR0444 field field invalid on SUMMARY/DSUMMARY - at ddname line number Severity: 12 Explanation: This message indicates that a summary should not be performed on the special-purpose field field. CKR0445 Expansion for static system symbol too long: hex Severity: 20 Explanation: This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support. CKR0446 Expansion for static system symbol exceeds record: hex Severity: 20 Explanation: This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support. CKR0447 Name of static symbol too long: hex Severity: 20 Explanation: This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support. CKR0448 Name of static system symbol exceeds record: hex Severity: 20 Explanation: This message indicates that an unexpected layout of the system symbol table was encountered. Contact IBM Software Support. CKR0449 Duplicate static system symbol definition: var already val ; dupval ignored. Severity: 20 Explanation: This message indicates that a duplicate system symbol definition was encountered. The new value is ignored. Contact IBM Software Support. CKR0450 Started processing type pads file ddname volser dsn Severity: 00 Explanation: This message indicates that processing of SMF or Top Secret Security ATF input file ddname has started. In addition, it can indicate in pads by the text PADS that access to the data was allowed by virtue of a conditional Chapter 5. CKR messages 205 access. If this is the case, then zSecure Audit will restrict functionality to the user's scope. CKR0451 SMF processing at DDname ddname and RecNo recno Severity: 00 Explanation: This message is printed in case of an abend. It indicates the ddname and record-number of the record being processed at the time of the abend. CKR0452 SMF records were processed for the following systems: System system-name from start-date start-time to end-date end-time note Severity: 00 Explanation: This multiple-line message is printed after SMF processing has finished; it indicates the date and time of the earliest and latest records processed for each system-id encountered. A note with the text (No CKFREEZE file) may be shown if no CKFREEZE file was related to the SMF file. This message is for informational purposes only and does not indicate an error. CKR0453 Static system symbol table skipped : num entries claimed, but record too small Severity: 20 Explanation: This message indicates that the system symbol table had a length that did not fit the CKFREEZE record length. Run zSecure Collect again with a greater LRECL for the CKFREEZE data set. If this is at the maximum, contact IBM Software Support. CKR0454 SMFCACHE job tag system enabled but not useful - now disabled Severity: 00 Explanation: This message indicates that the job tag system was turned off because it was not useful: the JOBID, USER, GROUP and TERMINAL keywords were not used in the selection (SELECT, EXCLUDE) or display (LIST, SORTLIST, DISPLAY) commands. CKR0455 SMFCACHE used size KB but had to skip skipped-number records and still had cached-number records cached for number out of full-number job tags Severity: 00 Explanation: This message indicates that the job tag system was turned on during SMF processing; it also prints the amount of memory used, the number of records skipped because the cache was full, the number of records left incompleted after the last record was read, the number of incomplete job tags, and the overall number of job tags. Refer to the SMFCACHE command for more information. The records left incomplete and skipped were processed without RACF information. CKR0456 SMFCACHE incomplete job tag job-tag with cached-num records cached and skipped-num skipped Severity: 00 Explanation: This message is due to SMFCACHE VERBOSE. One of these messages is printed for each job tag incomplete at the end of SMF processing. It indicates the job affected, the amount of records cached at end-of-file and the amount of records skipped because the cache was full (these records were processed without RACF information). CKR0457 SMFCACHE completed job tag job-tag with cached-num records cached and skipped-num skipped Severity: 00 Explanation: This message is due to SMFCACHE VERBOSE. One of these messages is printed for every job tag that is complete and has cached some records. skipped-num indicates the amount of records skipped because the cache was full; these records were processed without RACF information. 206 Version 1.12: Messages Guide CKR0458 SMF RACF command item display truncated at ddname record number Severity: 08 Explanation: The display indicated is too large for its buffer; this can be either a command or a command parameter display as indicated by item. CKR0459 ICHNCV00 simulate (system=sys) internal error: message Severity: 12 Explanation: This message indicates a failure in the simulation of the naming convention table, ICHNCV00. Contact IBM Software Support. CKR0460 Horizontal and dump format cannot be combined on one field - field at ddname line number Severity: 12 Explanation: The DUMP output modifier and the HORIZONTAL output modifier may not be combined. CKR0461 number SMF [type rectype] records were lost on system system-id from date time Severity: 00 Explanation: This message is printed when an SMF record of type 7 is processed. It indicates that SMF records were lost on the system that generated the SMF file. It does not indicate an error in zSecure Audit or in SMF processing. If rectype is present, type rectype records were dropped due to SMF record flood options. Because some records were lost, the input to zSecure Audit might be incomplete. Any events that occurred during the recording gap cannot be audited. CKR0462 Expected ( or =, ¬=, <>, ==, ¬==, or <<>> relational operator before type "value" at ddname line number Severity: 12 Explanation: This message indicates that zSecure did not find the relational operator =, ¬= or <>, the field-compare operator ==, <<>>, or ¬==, or the opening parenthesis of a value list in a SELECT or EXCLUDE command. Larger than/smaller than operators are not allowed here. CKR0463 Expected ( or =, ¬=, <>, <, >, <=, or >= relational operator before type "value" at ddname line number Severity: 12 Explanation: This message indicates that zSecure did not find the relational operator =, ¬=, <>, <, >, <=, or >=, or the opening parenthesis of a value list in a SELECT or EXCLUDE command. Field-compare operators are not allowed here. For additional information, see the SELECT/EXCLUDE- Field compare documentation in the user reference manual for your zSecure product. CKR0464 Substring offset must be >= 1 Severity: 12 Explanation: This message indicates that zSecure found an invalid substring offset in a SELECT or EXCLUDE command. The SUBSTRING operation requires an offset (the second SUBSTRING parameter) of at least 1. CKR0465 Substring maxlen may not be zero Severity: 12 Explanation: This message indicates that zSecure found an invalid substring maximum length in a SELECT or EXCLUDE command. If a maximum length is specified with a SUBSTRING operation, for example, SUBSTRING(field,offset,maxlen), the maximum length must be at least 1. Omit the maximum length altogether to select until the end of the field, for example, SUBSTRING(field,offset). Chapter 5. CKR messages 207 CKR0466 Substring endpos may not be before start Severity: 12 Explanation: This message indicates that zSecure found an invalid substring end position in a SELECT or EXCLUDE command. If a maximum length is specified with a SUBSTRING operation, for example, SUBSTRING(field,offset:endpos), the end position must be equal to, or larger than, the start position (offset). Omit the end position altogether to select until the end of the field, for example, SUBSTRING(field,offset). CKR0467 operations not allowed with format field name at ddname line number Severity: 12 Explanation: This message indicates that zSecure found one of a number of operations that are not valid there in a SELECT or EXCLUDE command. These operations may only be performed on character-format fields, and the field selected is not considered a character-format field by zSecure. CKR0468 DDNAME ddname is in NOA status, and cluster name cluster name is not defined in the FDR allocation failed Severity: 16 Explanation: During an attempt to dynamically allocate an active ACF2 backup data set, the program found that the data set was not allocated by ACF2 because it had been overridden by a DD DUMMY specification in the ACF2 startup JCL. When subsequently trying to retrieve the data set name from the eligible ACF2 database clusters defined in the ACFDR, the program discovered that either the currently active database cluster was not defined in the ACFDR, or the indicated cluster did not have a data set defined for the function indicated by ddname. This implies that the program cannot determine which data set to allocate. CKR0469 Compare fields may not both be repeated [ - field1 and field2 ] at ddname line number Severity: 12 Explanation: This message indicates that the program found an invalid compare operation in a SELECT or EXCLUDE command. When two fields are compared (i.e. a field-field compare instead of a field-constant compare), at most one of the fields may be a repeat-group field. The compare operation attempted to compare two repeated fields, which is not supported. CKR0470 Fields to be compared must have the same format [ - field1 and field2 ] at ddname line number Severity: 12 Explanation: This message indicates that the program found an invalid compare operation in a SELECT or EXCLUDE command. When two fields are compared (i.e. a field-field compare instead of a field-constant compare), the fields must have an equivalent format, for example, both character-format or both numerical. The compare operation attempted to compare two fields with a different format, which is not supported. CKR0471 Duplicate dataset on SMS managed volumes volser dsname Severity: 08 Explanation: During the comparison of library versions the same data set name was encountered on more than one SMS managed volume. This is not supported. CKR0472 Conversion to SMS managed assumed for dataset dsname Severity: 00 Explanation: During the comparison of library versions in multiple CKFREEZE files a data set name was encountered first on a non-SMS managed volume and later on an SMS managed volume. It is assumed that the volume or data set was converted to SMS. 208 Version 1.12: Messages Guide CKR0473 READ-sensitive dataset protection not CS1-compliant dsname - change profile Severity: 04 Explanation: A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to adjust the protection to the required level while minimizing the impact on other data sets; a fully qualified generic is used to achieve this. Note that this may imply a reduction of the UACC. CKR0474 READ-sensitive dataset protection not CS1-compliant volser dsname Severity: 04 Explanation: A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to adjust the protection of the discrete profile to the required level. Note that this may imply a reduction of the UACC. CKR0475 UPDATE-sensitive dataset protection not CS1-compliant dsname - modify profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to updates through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to adjust the protection to the required level while minimizing the impact on other data sets; a fully qualified generic is used to achieve this. Note that this may imply a reduction of the UACC. CKR0476 UPDAT-sensitive dataset protection not CS1-compliant volser dsname - modify profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to updates through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to adjust the protection of the discrete profile to the required level. Note that this may imply a reduction of the UACC. CKR0477 ALTER-sensitive dataset protection not CS1-compliant dsname - modify profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. Usually this is limited to ICF catalogs. A command is generated to adjust the protection to the required level while minimizing the impact on other data sets; a fully qualified generic is used to achieve this. Note that this may imply a reduction of the UACC. CKR0478 ALTER-sensitive dataset protection not CS1-compliant volser dsname - modify profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. Usually this is limited to ICF catalogs. A command is generated to adjust the protection of the discrete profile to the required level. Note that this may imply a reduction of the UACC. CKR0479 Global access to sensitive dataset not CS1-compliant volser dsname Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile, because the access granted through the Global Access Table is too high. A command is generated to adjust the Chapter 5. CKR messages 209 Global Access Table to the highest level still allowed. Note that this will imply a reduction of the availability of the data set to users. CKR0480 READ-sensitive dataset protection not CS1-compliant volser dsname - add profile Severity: 04 Explanation: A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to create a new fully qualified generic profile, using the current generic profile covering the data set; the protection of the new profile is adjusted to the required level. Note that this may imply a reduction of the UACC. CKR0481 UPDAT-sensitive dataset protection not CS1-compliant volser dsname - add profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to updates through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to create a new fully qualified generic profile, using the current generic profile covering the data set; the protection of the new profile is adjusted to the required level. Note that this may imply a reduction of the UACC. CKR0482 ALTER-sensitive dataset protection not CS1-compliant volser dsname - add profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. Usually this is limited to ICF catalogs. A command is generated to create a new fully qualified generic profile, using the current generic profile covering the data set; the protection of the new profile is adjusted to the required level. Note that this may imply a reduction of the UACC. CKR0483 READ-sensitive dataset unprotected volser dsname - add profile Severity: 04 Explanation: A data set with confidential data part of the Trusted Computing Base or designated as sensitive through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to create a new fully qualified generic profile; the protection of the new profile is set to the required level. CKR0484 UPDATE-sensitive dataset unprotected volser dsname - add profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to updates through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. A command is generated to create a new fully qualified generic profile; the protection of the new profile is set to the required level. CKR0485 ALTER-sensitive dataset unprotected volser dsname - add profile Severity: 04 Explanation: A data set containing part of the Trusted Computing Base or designated as sensitive to ALTER access through the SIMULATE SENSITIVE command is not protected as prescribed by the CS1 (Commercial Security 1) protection profile. Usually this is limited to ICF catalogs. A command is generated to create a new fully qualified generic profile; the protection of the new profile is set to the required level. 210 Version 1.12: Messages Guide CKR0486 FIELDVAL may only be used for Select/Exclude - at ddname line number Severity: 12 Explanation: The FIELDVAL field in NEWLIST TYPE=SMF may only be used for SELECT/EXCLUDE processing; it was used in a LIST, SORTLIST, or (D)SUMMARY command, which is not allowed. CKR0487 Defined variable name (type=type) is not boolean/as/true, may not be used in clause Severity: 12 Explanation: The indicated variable was used in a SELECT/EXCLUDE or WHERE clause, but was not a boolean or field-based define. This is not allowed. CKR0488 Newlist name=name type=type suppressed for restricted mode at ddname line number Severity: 00 Explanation: The indicated NEWLIST is not allowed in restricted mode and has been suppressed. Processing for the not-suppressed NEWLIST types will continue. CKR0489 NEWLIST TYPE=PPT request for system system not supported for live system or non-APF CKFREEZE Severity: 00 Explanation: The NEWLIST TYPE=PPT for the indicated system could not generate any output; this NEWLIST type requires a CKFREEZE file generated by an APF-authorized run of zSecure Collect. CKR0490 $CAT size size (decimal) not supported in newlist type=JOBCLASS Severity: 16 Explanation: The NEWLIST TYPE=JOBCLASS does not support the JES2 $CAT table size found. Contact IBM Software Support and submit an error report containing the indicated size and your MVS and JES2 levels. CKR0491 Repeated substring not allowed in TYPE=RACF clause - variable name Severity: 12 Explanation: Nested substring requests are not allowed for NEWLIST TYPE=RACF clauses. CKR0492 Field value manipulation or lookup not allowed in TYPE=RACF select clause - variable name Severity: 12 Explanation: Certain field value manipulations (CONVERT, PARSE, WORD) and field lookups are not allowed on select/exclude statements in NEWLIST TYPE=RACF. Note that using SUBSTRING is allowed. CKR0493 Boolean variable name may not be used as right-hand side of compare Severity: 12 Explanation: While a boolean variable may be used in a SELECT statement, it may not be used at the right-hand side of a field-field compare. CKR0494 Substring operation not allowed on boolean variable name Severity: 12 Explanation: A substring function cannot operate on a defined variable of type BOOLEAN. Chapter 5. CKR messages 211 CKR0495 Concatenation of unloads in file ddname is not supported - stopping after 1st one Severity: 12 Explanation: Multiple unloads must be allocated to separate ddnames, they cannot be concatenated. CKR0496 Warning: database for complex processed with settings from system Severity: 00 Explanation: The RACF database of complex does not match the system to which the in storage settings used for it refer. (This message pertains to FUNCTION=MAIN only.) CKR0497 Restricted mode does not allow using settings from any other system than complex Severity: 12 Explanation: The RACF database of complex does not match the system to which the in storage setting used for it refer, and this is not allowed in restricted mode. CKR0498 Warning: database for complex processed with settings from system Severity: 00 Explanation: The RACF database of complex does not match the system to which the in storage settings used for it refer. (This message pertains to FUNCTION=MERGE only.) CKR0499 Invalid cell in VVDS record for component cluster name Severity: 08 Explanation: Parsing unexpectedly encountered the end of a VVDS cell. Messages from 500 to 599 CKR0500 Define for variable variable (type=type) at ddname line number conflicts with define at ddname line number Severity: 12 Explanation: This error message indicates that two statistic variables with identical names were defined within the same NEWLIST. This is not allowed. CKR0501 Define for variable variable (type=type) at ddname line number overrides define at ddname line number Severity: 00 Explanation: This warning message indicates that a statistic variable was defined within a NEWLIST that has the same name as a statistic variable defined in a previous NEWLIST. The new definition overrides the old one; this may not be intended. CKR0502 DISPLAY only contains repeat or detail fields, 1st level display would be empty for newlist at ddname line number Severity: 12 Explanation: This error message indicates that a DISPLAY command did not contain any fields that could be displayed at the 1st level display. This is not allowed; include a non-repeated or non-detail field in the DISPLAY. If you specified the NEWLIST parameter DETAIL, use the output modifier NODETAIL on at least one non-repeated field. 212 Version 1.12: Messages Guide CKR0503 Duplicate threshold specification type at ddname line number Severity: 12 Explanation: This error message indicates that more than one threshold output modifier was used for the same field. This is not allowed. CKR0504 Summary invalid in merged newlist at ddname line number Severity: 12 Explanation: In the current version of zSecure, a SUMMARY command may not be used in a merged NEWLIST. CKR0505 Compound summary key cannot contain repeat group value "field-name" at ddname line number Severity: 12 Explanation: In the current version of zSecure, a compound summary key must consist of non-repeat groups. This error message indicates that the repeat-group field of type field-name is part of a compound summary key. CKR0506 Variable name at ddname line number defined with lookup - invalid with type=RACF LIST commands Severity: 12 Explanation: Variable name was defined using a lookup operator. For NEWLIST TYPE=RACF, such variables may not be used in LIST commands. Use SORTLIST or DISPLAY instead. CKR0507 Asterisk list operator is only valid on SUMMARY commands Severity: 12 Explanation: This error message indicates that the asterisk (*) list operator was used in a LIST, SORTLIST, or DISPLAY command. It may only be used in a SUMMARY or DSUMMARY command. CKR0508 ENDMERGE missing Severity: 12 Explanation: This error message indicates that a merged NEWLIST was started but not ended. CKR0509 ENDMERGE without MERGELIST Severity: 12 Explanation: This error message indicates that an ENDMERGE command was found (which normally ends a merged NEWLIST), but no previous MERGELIST command was found to start the merged NEWLISTs. CKR0510 Target field field-name (type=type) undefined for define statistic-name at ddname line number Severity: 12 Explanation: This error message indicates that a statistic variable was defined that has a target field which does not exist or has not been defined. CKR0511 ENDMERGE missing before ENDBUNDLE Severity: 12 Explanation: This error message indicates that an ENDBUNDLE command was found, in a sequence of BUNDLE MERGELIST - ENDBUNDLE. There should be an ENDMERGE command in this sequence. Chapter 5. CKR messages 213 CKR0512 Target field field-name (type=type) found at ddname line number does not have the required where clause for define statistic-name at ddname line number Severity: 12 Explanation: This error message indicates that the statistic variable defined as the target for another variable does not have a WHERE clause. Since the purpose of a target variable is that WHERE clauses are shared, the target must have such a clause. CKR0513 Use of function is not licensed for IBM Security zSecure product code code Severity: 12 Explanation: The function indicated (either a command or a parameter) is not licensed for the product used. For example, if IBM Security zSecure Admin is running without zSecure Audit on a z/OS system, this configuration is not licensed to use theNEWLIST TYPE=SMF command. For a description of the product codes, see the documentation for the NEWLIST LICENSE parameter in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. CKR0514 Variable statistic-name at ddname line number not defined as Boolean, Subselect, or As - invalid on LIST commands Severity: 12 Explanation: This error message indicates that a summary statistic variable was used on a LIST, SORTLIST, or DISPLAY command. This is not allowed; these variables may only be used with (D)SUMMARY. CKR0515 WHERE clause invalid for define statistic-name (type=type) at ddname line number because target target-variable already has one Severity: 12 Explanation: This error message indicates that a statistic variable with a target variable also has its own WHERE clause. This is not allowed; if the target variable has a WHERE clause it is automatically inherited, and cannot be overridden. To create two variables with differing WHERE clauses, write two separate defines, both with a WHERE clause, and remove the WHERE clause from the target variable. CKR0516 Summary level must have at least one summary key and key cannot be a defined var or lookup newlist at ddname line number Severity: 12 Explanation: This error message indicates that the (D)SUMMARY command of the indicated NEWLIST contained a summary level without a key-variable. This is only allowed in the topmost (leftmost) summary level. Valid summary key-variables are fields, not defined statistics and lookup-variables. CKR0517 WRAP invalid because column length 0 and not the last in line or column floating - field field-name at ddname line number Severity: 12 Explanation: This error message indicates that the WRAP output modifier was used in combination with an overriding length of zero for a column not last in line, or where another column with overriding length 0 (i.e. variable length) was present on the line. Since the purpose of FIELD(WRAP,0) is to fill up the rest of the output line, this is only allowed for the last column in a line. CKR0518 LIST not allowed for NEWLIST option Severity: 12 Explanation: This error message indicates that a LIST command was used with NEWLIST option. This is not allowed with the NEWLIST option indicated; use SORTLIST or DISPLAY instead. 214 Version 1.12: Messages Guide CKR0519 Option only allowed for (D)SUMMARY - option-name at ddname line number Severity: 12 Explanation: This error message indicates that summary option option-name was used with a LIST, SORTLIST or DISPLAY command. The indicated option may only be used with the SUMMARY and DSUMMARY commands. CKR0520 Merged NEWLIST at ddname line number must use same LIST family member as NEWLIST at ddname line number Severity: 12 Explanation: All NEWLISTs within a MERGELIST/ENDLIST pair should use the same output command: either DISPLAY or SORTLIST. This was not the case for the two newlists indicated. CKR0521 SUPPRESS CKFREEZE ignored for restricted mode NEWLIST TYPE=SMF Severity: 00 Explanation: When a NEWLIST TYPE=SMF is used in restricted mode (i.e. in PADS mode, with a NEWLIST SCOPE, or with SIMULATE RESTRICT), you may not use the SUPPRESS CKFREEZE command, because that would allow the user to circumvent restriction checking for VSAM components. Note that IOCONFIG is an alias of CKFREEZE. CKR0522 Program was terminated by attention Severity: 12 Explanation: The program was terminated because the ATTN key was pressed. CKR0523 Group tree loop with num elements type1 id1 has type2 id2 as owner Severity: 08 Explanation: This message is issued due to a VERIFY GROUPTREE command. The message indicates the size of the loop in the group tree; the run-on messages indicate all users and groups in the loop; type is user or group, and id indicates the RACF user ID or group ID. CKR0524 Program was terminated due to storage shortage - increase REGION Severity: 12 Explanation: The program was terminated because of a storage (memory) shortage. Try increasing the REGION size and running the program again. CKR0525 Contents of CKRSITE module: contents Severity: 00 Explanation: This message is printed as the result of a SHOW CKRSITE command. contents displays the relevant portions of the CKRSITE module. CKR0526 CKRSITE class class not found in CDT for complex complex Severity: 12 Explanation: This message indicates that the class used for CKGRACF profiles, which is set in the CKRSITE module, could not be found in the Class Descriptor Table. Most likely, this indicates an installation error. Chapter 5. CKR messages 215 CKR0527 Subselect of field field not supported Severity: 12 Explanation: This message indicates that a variable was defined as a subselect of the indicated field, but that subselects of this field are not supported. In the current version of zSecure, the only fields where a subselect is allowed are ACL, CUSTOM_DATA, and USR. See the DEFINE command for further information. CKR0528 Subselect of "field" in "group" not allowed Severity: 12 Explanation: This message indicates that in a subselect of group (either ACL, CUSTOM_DATA, or USR), a field was used that is not supported in the subselect. See the DEFINE command for a table of fields that are supported. CKR0529 Invalid ACCESS VALUE "value" at ddname line number Severity: 12 Explanation: The access value specified at the indicated ddname is invalid. CKR0530 kind only valid in PARM string type "value" at ddname line number Severity: 12 Explanation: The kind parameter of the ALLOCATE command, which can be NODCBE, NOCLOSE, ERRDD, INDD, OUTDD, LETRAPON, LETRAPOFF, NOLE, NOESTAE, NODUMP, NOCLEANUP, TEXTPIPE, and STORAGEGC, may only be used in the parameter string. CKR0531 Summary of exploded field "field" not allowed at ddname line number Severity: 12 Explanation: The EXPLODE output modifier may not be used in a (D)SUMMARY command. The RESOLVE and EFFECTIVE output modifiers (which are a different type of EXPLODE) may also not be used. CKR0532 Warning: global define for variable field (type=type) at ddname line number overrides local define at ddname line number Severity: 00 Explanation: This warning message indicates that a local define for the indicated variable field was overridden by a global define. CKR0533 Reporting on the in-storage resource rule directories is not supported for system system Severity: 04 Explanation: The required information cannot be accessed, because it is in fetch protected storage. As a partial circumvention, you can allocate a CKFREEZE created by an APF run of zSecure Collect. However, even such a CKFREEZE contains information about only a select few resource rule directories, so the report will be incomplete even in that case. CKR0534 Indent base base not found behind field at ddname line number Severity: 12 Explanation: The indicated base field used by the INDENT output modifier was not specified on the same (SORT)LIST or DISPLAY command. It must be specified behind the indented field. The NONDISPL output modifier may be used to keep the base field from being printed. 216 Version 1.12: Messages Guide CKR0535 Create of group group requested, but group already defined Severity: 12 Explanation: This message indicates that the indicated group to be added by the COPY or MOVE command was already defined; no ADDGROUP command will be generated. CKR0536 Create of userid user requested, but user already defined Severity: 12 Explanation: This message indicates that the indicated user to be added by the COPY or MOVE command was already defined; no ADDUSER command will be generated. CKR0537 Maximum group nesting depth of 255 exceeded at group id - run VERIFY GROUPTREE to check for group loops Severity: 16 Explanation: During processing of group-tree depths, the maximum depth of 255 was reached for the indicated group. This may be caused by a loop in the group-tree structure, which can be found using VERIFY GROUPTREE. It may also be caused by a group-tree that is more than 255 groups deep; this condition is not supported by IBM Security zSecure Admin and Audit for RACF. CKR0538 Group SYS1 not found, check SELECT/EXCLUDE statements Severity: 12 Explanation: This message was issued due to a VERIFY GROUPTREE command and indicates that group SYS1 was not found. The VERIFY command was not processed. This message may be due to global SELECT/EXCLUDE processing, excluding group SYS1. If not, it indicates a serious problem in the RACF database, since group SYS1 is required. CKR0539 ALLOC PRIMARY/BACKUP/INACTIVE invalid for specified type - before token at ddname line number Severity: 12 Explanation: This message indicates an invalid ALLOC command. The options PRIMARY, BACKUP, INACTIVE are all invalid with the type specified on the command. The only live option that is valid is ACTIVE. CKR0540 OPEN abend-type on file ddname Severity: 16 Explanation: An abend of the indicated type occurred when opening a TYPE=CKFREEZE file with the indicated ddname. CKR0541 OPEN abend-type on file ddname Severity: 16 Explanation: An abend of the indicated type occurred when opening a TYPE=UNLOAD file with the indicated ddname. CKR0542 CONNECT field must be used in a lookup - at ddname line number Severity: 12 Explanation: The CONNECT field may not be used by itself in a (SORT)LIST or (D)SUMMARY command; if it is used, it must be based on an indirect reference to USERID when displaying a group profile, or based on an indirect reference to CONGRPNM or CGGRPNM when displaying a user profile. Chapter 5. CKR messages 217 CKR0543 More than 7 JES subsystems not supported - VERIFY/REPORT STC in error Severity: 16 Explanation: This message is generated by the VERIFY STC or REPORT STC command. It indicates that a system was analyzed with more than 7 JES2 or JES3 subsystems. zSecure does not support this. CKR0544 LX too high! LX=val (dec); maximum is val2 (dec) Severity: 20 Explanation: This message is generated by the NEWLIST TYPE=PC (Program Call report). It indicates an internal error, or an inconsistency in a CKFREEZE file. Contact IBM Software Support. CKR0545 NEWLIST TYPE=PC request for system system, but no PC data available. Perhaps old or non-APF CKFREEZE Severity: 00 Explanation: This message is generated by the NEWLIST TYPE=PC (Program Call report). It indicates that a Program Call report was requested for the indicated system, but that Program Call data were not available. Check the CKFREEZE file used; the Program Call report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit. CKR0546 NEWLIST TYPE=PC CKFREEZE data incomplete for SYSTEM system Severity: 20 Explanation: This message is generated by the NEWLIST TYPE=PC (Program Call report). It indicates that the CKFREEZE for that system was not made with a sufficiently recent zSecure Collect with support for ASN-and-LX reuse support. When issued on a system running an older z/OS release, this indicates an internal error, or an inconsistency in a CKFREEZE file. CKR0547 NEWLIST TYPE=MSG requested but no MPFT found. Possibly old CKFREEZE Severity: 04 Explanation: This message is generated by the NEWLIST TYPE=MSG (MPF report). It indicates that an MPF report was requested, but that MPF data were not available. Check the CKFREEZE file used; the MPF report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit. CKR0548 NEWLIST TYPE=MSG requested but no MPFTENTY found Severity: 04 Explanation: This message is generated by the NEWLIST TYPE=MSG (MPF report). It indicates that an MPF report was requested, but that MPF data were not available. Check the CKFREEZE file used; the MPF report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit. CKR0549 NEWLIST TYPE=MSG requires CKFREEZE Severity: 08 Explanation: This message is generated by the NEWLIST TYPE=MSG (MPF report). It indicates that an MPF report was requested, but that no CKFREEZE file was used. The MPF report requires a CKFREEZE file; check your JCL or your set of input files. CKR0550 NEWLIST TYPE=MSG unexpected MPFTVRSN version, expected version2 Severity: 20 Explanation: This message is generated by the NEWLIST TYPE=MSG (MPF report). It indicates an internal error condition. Contact IBM Software Support including your MVS level and both the version numbers indicated. 218 Version 1.12: Messages Guide CKR0551 Expected MPFTs: amount1; got amount2 Severity: 20 Explanation: This message is generated by the NEWLIST TYPE=MSG (MPF report). It indicates an internal error condition. Contact IBM Software Support. CKR0552 No SMF subsystem information available for system Severity: 08 Explanation: This message is generated by the NEWLIST TYPE=SMFOPT (SMF subsystem options report). It indicates no SMF subsystem information was available for the indicated system. Check your CKFREEZE file; the report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit. CKR0554 TCP/IP interface connection failed, error code code Severity: 04 Explanation: A failure occurred while trying to connect zSecure to the TCP/IP interface. The error code is provided for further diagnosis. CKR0555 Bitmask cannot be empty or longer than 2048 Severity: 12 Explanation: A CARLa statement contains a bitmask value that is either empty or longer than 2048 symbols. User response: Review and correct the CARLa script. CKR0556 Bitmask is not allowed Severity: 12 Explanation: A CARLa statement contains a bitmask value that is not allowed. User response: Review and correct the CARLa script. CKR0557 Invalid IP address 'address' at ddname line number Severity: 12 Explanation: This message indicates that a CARLa script has an IP address specification (either IPv4 or IPv6) that is not valid. User response: Adjust the corresponding CARLa script to supply a valid IP address specification (either IPv4 or IPv6). CKR0558 CKRRMRG - Illegal eyecatcher eyecatcher during logging Severity: 24 Explanation: Contact IBM Software Support. CKR0559 CKRRMRG - Nil pointer found Severity: 24 Explanation: Contact IBM Software Support. Chapter 5. CKR messages 219 CKR0560 Profiles in STARTED class exist, but class not active - ICHRIN03 is used. Severity: 00 Explanation: This message is produced by the VERIFY STC command. It indicates that profiles in the STARTED class exist, but that the class is not active. As a result, the profiles will be ignored, and the started procedure table ICHRIN03 will be used instead. CKR0561 STARTED class active, but no profiles found - ICHRIN03 is used Severity: 00 Explanation: This message is produced by the VERIFY STC command. It indicates that the STARTED class is active, but does not contain any profiles. As a result, the started procedure table ICHRIN03 will be used instead. CKR0562 ALLOC PRIMARY/BACKUP/ACTIVE/INACTIVE/SMF cannot be combined with other source identifiers - at file line n Severity: 12 Explanation: An ALLOC statement referring to a data source obtained from control blocks in storage cannot at the same time point to an external data source. CKR0563 STARTED profile profile has no STDATA segment - ICHRIN03 is used - action to newuser note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class does not contain an STDATA segment. As a result the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead. A command is generated to create an STDATA segment with an STUSER specification newuser. If the profile's first qualifier is a valid user ID, newuser will be user(=MEMBER) the action will be correct and the profile should then be usable, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if not, newuser will be NOUSER, the action will be change, and a subsequent VERIFY STC would issue CKR0564 for the profile. CKR0564 No STUSER specified on STARTED profile profile - ICHRIN03 is used Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class does not contain an STUSER field in the STDATA segment. As a result, the profile indicated will be ignored, and the started procedure table ICHRIN03 will be used instead. No attempt is made to cure this condition, because it may be intentional. CKR0565 STARTED profile profile contains group id group as STUSER - "user" is used - action to newuser note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class does not contain a valid user ID in the STUSER field in the STDATA segment, but the groupname id. As a result, the user specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a valid user, newuser will be set to user(=MEMBER) to use the member name and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if not, it will be set to NOUSER to indicate the field is to be deleted, the action will be change, there will be no note, and after the proposed change the profile would be so obviously unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile. 220 Version 1.12: Messages Guide CKR0566 STARTED profile profile has undefined STUSER id - "user" is used - action to newuser note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class does not contain a valid user ID in the STUSER field in the STDATA segment does not contain a valid user ID, but the value id. As a result, the user specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a valid user, newuser will be set to user(=MEMBER) to use the member name and the action will be correct, although you still may have to note "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575); if not, it will be set to NOUSER to indicate the field is to be deleted, the action will be change, there will be no note, and after the proposed change the profile would be so obviously unusable that RACF would fall back on started procedure table ICHRIN03, and a subsequent VERIFY STC would issue CKR0564 for the profile. CKR0567 STARTED profile profile has STUSER =MEMBER, which is a groupid - "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class contains the value =MEMBER in the STUSER field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid user ID, but a group ID. As a result, the procedure name will not be used as a user ID, and the undefined user ID user will be used instead. Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated. CKR0568 STARTED profile profile has STUSER =MEMBER, which is undefined - "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class contains the value =MEMBER in the STUSER field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid user ID. As a result, the procedure name will not be used as a user ID, and the undefined user ID user will be used instead. Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated. CKR0569 STARTED profile profile has both STUSER and STGROUP =MEMBER - "user" is used - action to deletions Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class has the value =MEMBER in both the STUSER and STGROUP fields in the STDATA segment. Since it is impossible for any procedure name to match both a user ID and a group ID at the same time, this is an error on the profile level. As a result, the specifications in the profile will be ignored, and the undefined user ID user will be used instead. If the profile's first qualifier is discrete, it is checked whether it matches a user ID or a group ID or neither, and deletions will contain NOGROUP or NOUSER or both, respectively, to indicate which specifications are to be deleted. If the profile's first qualifier is generic, it is not possible to do such a check, and deletions will be NOGROUP, which is the only choice that might possibly fix the problem (for some matching procedures). Only when the problem has been fixed with certainty (discrete first qualifier that matches a valid user ID) action will be correct, otherwise it will be change. CKR0570 STARTED profile profile contains userid id as STGROUP - "user" is used - action to newgroup note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class does not contain a valid group ID in the STGROUP field in the STDATA segment, but the groupname id. As a result, the user specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a valid Chapter 5. CKR messages 221 group, newgroup will be set to group(=MEMBER) to use the member name; if not, it will be set to NOGROUP to indicate the field is to be deleted. Note indicates further problems with the user ID id and newgroup, it may be "but still unconnected" to indicate that =MEMBER may be a valid group but still the profile specification would be ignored (as indicated by CKR0574), "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575), "but still unconnected, userid still revoked" if both problems remain (CKR0150), or it may be absent. The action will be correct if the resulting profile specifications would be usable (no missing connection) regardless of the user ID's revocation status, and change otherwise. CKR0571 STARTED profile profile has undefined STGROUP id - "user" is used - action to newgroup note Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class does not contain a valid group ID in the STGROUP field in the STDATA segment, but the value id. As a result, the user specified in the profile will be ignored, and the undefined user ID user will be used instead. A command is generated to remove the erroneous specification. If the profile's first qualifier is a valid group, newgroup will be set to group(=MEMBER) to use the member name; if not, it will be set to NOGROUP to indicate the field is to be deleted. Note indicates further problems with the user ID id and newgroup, it may be "but still unconnected" to indicate that =MEMBER may be a valid group but still the profile specification would be ignored (as indicated by CKR0574), "but userid still revoked", meaning that the started task would run with reduced authority and might still experience problems (as indicated by CKR0575), "but still unconnected, userid still revoked" if both problems remain (CKR0150), or it may be absent. The action will be correct if the resulting profile specifications would be usable (no missing connection) regardless of the user ID's revocation status, and change otherwise. CKR0572 STARTED profile profile has STGROUP =MEMBER, which is a userid - "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class contains the value =MEMBER in the STGROUP field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid group ID, but a user ID. As a result, the user ID specified in the profile will not be used, and the undefined user ID user will be used instead. Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated. CKR0573 STARTED profile profile has STGROUP =MEMBER, which is undefined - "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class contains the value =MEMBER in the STGROUP field in the STDATA segment, but that the indicated procedure in the indicated data set is not a valid group ID. As a result, the user ID specified in the profile will not be used, and the undefined user ID user will be used instead. Note that the first qualifier of profile is generic, so that it may apply to different procedures as well; therefore, it is unclear how this should be cured, and no command is generated. CKR0574 STARTED profile profile user id not connected to group group - "user" is used Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class contains a valid user and group, but that user id is not connected to group group. As a result, the user ID specified in the profile will not be used, and the undefined user ID user will be used instead. This message indicates an error on the profile level, but no command is generated as it is unclear what the desired solution would be. 222 Version 1.12: Messages Guide CKR0575 STARTED profile profile has revoked userid user - executes with reduced access Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class contains a valid user and group, but that user user is revoked. As a result, the user ID specified in the profile will be used, but the started task will run with reduced access, which may lead to problems. This message indicates an error on the profile level, but no command is generated as it is unclear what the desired solution would be. CKR0576 No STARTED profile found, ICHRIN03 is used - procedure volume dataset Severity: 00 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated procedure in the indicated data set does not match any profile in the STARTED class. As a result, the started procedure table ICHRIN03 will be used instead. CKR0577 STARTED profile profile not used by any started procedure Severity: 00 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class is not used for any procedure. The profile may be redundant. Note: This message may also be issued if a CKFREEZE file is used that was produced by running zSecure Collect from an unauthorized library. If zSecure Collect is run with APF authorization, it will use cross memory functions to find the data sets allocated to STCPROC (or PROC00 if there's no STCPROC). Subsequently, it will read the PDS directory of each of these proclibs. Note that it is insufficient to tell zSecure Collect to dump the directories of the PDS data sets in an unauthorized run, because they will not be known as proclibs. CKR0578 STARTED profile profile user id not connected to group group - "user" is used for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It describes a problem in the indicated profile in the STARTED class: the user id in the STUSER field in the STDATA segment is not connected to the group in the STGROUP field, so that the undefined user ID user will be used. Note that the first qualifier of profile is generic, and either the user id or the group is specified as =MEMBER and thus evaluates to procedure, so that the main problem is not a condition on the profile level; no command is generated. CKR0579 STARTED profile profile has revoked userid =MEMBER - reduced access for procedure volume dataset Severity: 08 Explanation: This message is produced by the VERIFY STC command. It indicates that the indicated profile in the STARTED class has the value =MEMBER in the STUSER field in the STDATA segment to indicate that the procedure should be used; however, although procedure is a valid user ID, it is revoked, so that started task will run with reduced authority and might experience problems. Note that the first qualifier of profile is generic, so that the problem is not a condition on the profile level; no command is generated. CKR0580 TSO user user on system system not subject to RACF password control - volume dataset Severity: 08 Explanation: This message is produced by the VERIFY TSOALLRACF command. It indicates that on the system specified, the user indicated is included in the UADS data set indicated, but is not a valid RACF user ID. As a result, the user ID can logon using the password specified in the UADS data set, and is not subject to RACF control. Chapter 5. CKR messages 223 CKR0581 TSO user user on system system does not have a TSO segment - volume dataset Severity: 08 Explanation: This message is produced by the VERIFY TSOALLRACF command. It indicates that on the system specified, the user indicated is included in the UADS data set indicated, is a valid RACF user ID, but does not have a TSO segment. The user ID is subject to RACF control, but takes its TSO attributes from the UADS data set, not the RACF database. CKR0582 ALLOC SMF invalid for specified type - before token at ddname line number Severity: 12 Explanation: This message indicates an invalid ALLOC command. A new syntax command can only describe one input source per command. CKR0583 VSMLIST return code value Severity: 08 Explanation: This message can occur if a live MVS system is examined and the VSMLIST service returns an unsupported return code. Contact IBM Software Support including the indicated value and your MVS level. CKR0584 System system uses password hashing Severity: 00 Explanation: This message is produced by the VERIFY PASSWORD command. It indicates that on the system specified, the password encryption method used is hashing. Any user with READ access to the RACF database or a copy/backup of the RACF database may be able to decode all passwords. CKR0585 Revoked user with weak password - user Severity: 00 Explanation: This message is produced by the VERIFY PASSWORD command. It indicates that the revoked user indicated has a weak DES-encrypted password. The password is not included in the message. CKR0586 User with weak password - user Severity: 00 Explanation: This message is produced by the VERIFY PASSWORD command. It indicates that the non-revoked user indicated has a weak DES-encrypted password. The password is not included in the message. CKR0587 Revoked user with hashed password - user Severity: 00 Explanation: This message is produced by the VERIFY PASSWORD command. It indicates that the revoked user indicated has a hashed password, which can be decoded easily. The password is not included in the message. CKR0588 User with hashed password - user Severity: 00 Explanation: This message is produced by the VERIFY PASSWORD command. It indicates that the non-revoked user indicated has a hashed password, which can be decoded easily. The password is not included in the message. 224 Version 1.12: Messages Guide CKR0589 Verify password result summary Revoked users with hashed password: num1 Non-revoked users with hashed password: num2 Revoked users with weak DES password: num3 Non-revoked users with weak DES password: num4 Severity: 00 Explanation: This message is produced by the VERIFY PASSWORD command. It provides a summary of the number of revoked and non-revoked users found with hashed or weak DES-encrypted passwords. CKR0590 Verify password requires RACF database, not unload Severity: 00 Explanation: This message is produced by the VERIFY PASSWORD command. It indicates that the VERIFY PASSWORD command was used with an unloaded RACF database, instead of a 'real' RACF database (primary, backup, or copy). Since an unloaded database does not contain password information, password verification cannot be performed. CKR0591 Warning in ICHNCV00 parse for system : warning in convention convention-name type clause number Severity: 04 Explanation: This message indicates that an ICHNCV00 feature is supported, but will be simulated with some restrictions. The warning indicates the type of feature not supported; the feature is used in convention convention-name, in a SELECT or ACTION clause, as indicated by type and number. At this time, this message will be issued for use of the RACGPID and RACUID features. It can be suppressed. CKR0592 Error in ICHNCV00 parse for system: error in convention convention-name type clause number Severity: 04 Explanation: This message indicates that ICHNCV00 could not be parsed, or an ICHNCV00 feature is not supported. Because of this, the table will not be simulated. The error indicates the problem; if a feature is not supported, the message will optionally include the convention convention-name, and a SELECT or ACTION clause, as indicated by type and number. This message can be suppressed. CKR0593 ICHNCV00 not used because of parse errors Severity: 00 Explanation: This message indicates that ICHNCV00 will not be used, because it could not be parsed, or used features not supported by zSecure. It has been preceded by one or more CKR0592 messages, which indicate the problem. CKR0594 System system: using ICHNCV00 of date time Cannot be simulated by zSecure suppressed Reconstructed ICHNCV00 source code follows contents Severity: 00 Explanation: This message is generated by a SHOW ICHNCV00 command. The second line reports whether zSecure can simulate the naming convention table. If so, not will be omitted (instead of not) and an extra line may show suppressed as But was suppressed by SUPPRESS ICHNCV00 if applicable. CKR0595 Qualifier of length size not supported in ICHNCV00 simulation Severity: 00 Explanation: This message is generated during simulation of ICHNCV00. It indicates that a source data set name used qualifiers of the indicated size, which either is zero or larger than 8. zSecure will not translate the data set name. Chapter 5. CKR messages 225 CKR0596 Assignment beyond next empty qualifier not supported Severity: 00 Explanation: This message is generated during simulation of ICHNCV00. It indicates that the naming convention table has an action that assigns to an output qualifier UQ beyond the last one in use, and beyond the first unused one, leaving a 'gap' in the data set name. zSecure will not translate the data set name. CKR0597 ALLOC PRIMARY/BACKUP/ACTIVE/INACTIVE invalid for specified type - before token at ddname line number Severity: 12 Explanation: This message indicates an invalid ALLOC command. A live input source indicator was used with a type that does not support this. CKR0598 The value "none" is mutually exclusive with other scan_inst values Severity: 12 Explanation: The value NONE for a SELECT of an instruction scan field was used in a list with other instruction scan values. This is not allowed. Use an explicit OR instead. CKR0599 DEFINE for BUNDLEBY=field must be of type AS for statement at ddname line number Severity: 12 Explanation: If a variable is used as the BUNDLEBY value, then it must be a variable defined with DEFINE AS and not a summary statistic, boolean, or SMF field. Messages from 600 to 699 CKR0600 ENDBUNDLE without BUNDLE Severity: 12 Explanation: This error message indicates that an ENDBUNDLE command was found (which normally ends a bundle of NEWLISTs), but no previous BUNDLE command was found to start the bundle. CKR0601 Nested BUNDLE not allowed, check missing ENDBUNDLE for BUNDLE at ddname line number Severity: 12 Explanation: This error message indicates that two BUNDLE commands were found without an intermediate ENDBUNDLE. BUNDLE commands may not be nested. CKR0602 Issue ENDMERGE before BUNDLE at ddname line number Severity: 12 Explanation: This error message indicates that a BUNDLE command was found, in a sequence of MERGELIST BUNDLE. There should be an ENDMERGE command in this sequence. You can include a MERGELIST ENDMERGE in a BUNDLE - ENDBUNDLE sequence, but not the other way around. CKR0603 BUNDLE cannot contain DISPLAY - at ddname line number Severity: 12 Explanation: This error message indicates that a DISPLAY command was found within a BUNDLE - ENDBUNDLE. The BUNDLE command is intended for printed output; no interactive displays are allowed. 226 Version 1.12: Messages Guide CKR0604 BUNDLEBY not on BUNDLE or NEWLIST but required at ddname line number Severity: 12 Explanation: The BUNDLE - ENDBUNDLE commands require a BUNDLEBY parameter on the BUNDLE or on each NEWLIST in the bundle. In this case, the parameter was missing. CKR0605 More than 32767 user-defined SMF fields not possible Severity: 12 Explanation: This message indicates that you have reached the internal limit on the number of user-defined fields for the SMF report. Reduce the number of DEFINE SMF_FIELD, SMF_SECTION, or RACF_SECTION commands. CKR0606 field may only be used in Select/Exclude/Define-As - at ddname line number Severity: 12 Explanation: The indicated field, which is SMF_FIELD, SMF_SECTION, or RACF_SECTION, was used in an output command. These fields, which are used to create user-defined SMF fields, may not be used directly in output commands. However, you can use these fields with a DEFINE command to create a new variable, and use that variable in output commands. CKR0607 database class profile base segment missing in complex complex Severity: 12 Explanation: During a merge, it was detected that the specified profile has no base segment. Database is either Current® or Source. This profile will be skipped in the merge process. After completion of the current phase, the program will stop. This message can be the result of your select and exclude specifications. Next, you should check whether the specified profile has been damaged. If it is undamaged, contact IBM Software Support. CKR0608 Use only one of DSN, DSNPREF, CMSFILE, PATH, FILEDESC, or GETPROC on ALLOC - at ddname line number Severity: 12 Explanation: On an ALLOCATE command, at most one of the parameters DSN, DSNPREF, CMSFILE, PATH, FILEDESC, and GETPROC may be specified. CKR0609 ALLOC uses both specific file format and specific option format keywords - before token at ddname line number Severity: 12 Explanation: The ALLOCATE command has two distinct formats, called the option format and the file format. Each has keywords only valid in that format, which cannot be mixed with keywords that indicate the other format. The two formats are described in the ALLOCATE command documentation in the user reference manual for your zSecure product. CKR0610 ALLOC in file format requires explicit TYPE and input source specification - before token at ddname line number Severity: 12 Explanation: The ALLOCATE command has two distinct formats, called the option format and the file format. When the latter is used without the SMF keyword (which specifies both at once), the TYPE keyword and one of the keywords DD, DSN, CMSFILE, PATH, FILEDESC, PRIMARY, BACKUP, ACTIVE, or INACTIVE are required. The two formats are described in the ALLOCATE command documentation in the user reference manual for your zSecure product. Chapter 5. CKR messages 227 CKR0612 Tapevol profile volumes not equal Severity: 04 Explanation: During the merge of the mentioned tapevol profile it was discovered that the volume lists of the source and current versions are not equal. The profile will not be merged. CKR0613 Complex names missing for two or more security databases, specify COMPLEX= on ALLOC statement Severity: 12 Explanation: The program tried to assign default COMPLEX names to the security databases allocated, but could not decide which complex to assign to which database. Specify the COMPLEX parameter on all ALLOC statements of TYPE=RACF. CKR0614 Warning: unload ddname1 and ddname2 apply to same system system Severity: 00 Explanation: Two complexes were defined that turned out to have the same name. This means displays may be confusing since they show information from two databases under the same complex name. This can only happen if a TYPE=UNLOAD input file was used without an ALLOC COMPLEX parameter. It is better to rerun while specifying the COMPLEX parameter. CKR0615 Ver Input system structure overview (default system system complex complex) Complex complex Func func Prod prod System system Timestamp timestamp Filename filename Volser volser Dsname dsname Severity: 00 Explanation: This message gives an overview of the allocated files and their use. It is mainly used to determine how zSecure will group different kinds of files (UNLOADs, CKFREEZEs) for multiple systems. The run-on messages describe in detail how each input file will be used. The system name for a CKFREEZE file or live system may be preceded by an equal sign (=). This means that the system is primarily assigned to a different complex (where it does not have the equal sign), but that it is also being used for this complex. This implies, for example, that SMF records with this system ID will not be assigned the complex name where the system is being displayed with the equal sign in front. CKR0616 Missing product security database for system name complex complex - not allowed in restricted mode Severity: 12 Explanation: This message indicates that in a restricted-mode (aka PADS) run, no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system name. This makes a restricted-mode run impossible. CKR0617 Warning: missing product security database for system name complex complex Severity: 00 Explanation: This message indicates that no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system name, while one or more reports require the security information. The reports that need this information may be incomplete; other reports will be unaffected. CKR0618 Processing product system name as if protected by product2 complex name2 is not allowed in restricted mode Severity: 12 Explanation: This message indicates that no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system name. Usually, the indicated product2 security database for the complex name2 228 Version 1.12: Messages Guide would have been used instead; but this is not allowed in restricted mode. CKR0619 Overriding COMPLEX=complex for system name file ddname not allowed in restricted mode Severity: 12 Explanation: This message indicates that a COMPLEX= statement was used on the ALLOCATE command to override the complex used for the indicated file. This is not allowed in restricted mode. CKR0620 kind database does not have id name Severity: 12 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The ID name, which is either SYS1 or IBMUSER, could not be found. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT. CKR0621 kind id name referred to but not defined - assume user Severity: 04 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The ID with the indicated name was referred to (as owner, default-group, superior group, or in a user-group connection) but could not be found. As a work-around, IBM Security zSecure Admin assumes it is a user. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT. CKR0622 kind id name defined as both user and group Severity: 12 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The ID with the indicated name is known as both a user and as a group. This is caused by a structural error in the database, which must be repaired before the ID can be merged. You may be able to work around this problem by using global EXCLUDE commands. CKR0623 kind id name has no owner - assume SYS1 Severity: 04 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The ID with the indicated name was found, but no owner could be determined. As a work-around, IBM Security zSecure Admin assumes the owner is SYS1. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT. CKR0624 kind user name has no default-group and no connects Severity: 12 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. For the user with the indicated name, no default-group could be found, and no other connects could be found that would serve as fall-back. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT. Chapter 5. CKR messages 229 CKR0625 kind group name has no superior-group - assume SYS1 Severity: 04 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The group with the indicated name was found, but no superior group could be determined. As a work-around, IBM Security zSecure Admin assumes the superior group is SYS1. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT. CKR0626 kind group name has supgrp<>owning group, assuming owner should be set to supgrp Severity: 04 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The group with the indicated name was found, and has different groups as superior-group and owner. As a work-around, zSecure Audit assumes the superior group should also be used as the owner. This is caused by a structural error in the database. CKR0627 kind database has structural errors - please run VERIFY CONNECT,PERMIT Severity: 00 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database was diagnosed in the preceding messages. Run VERIFY PERMIT and/or VERIFY CONNECT. CKR0628 TVTOC merge not supported Severity: 04 Explanation: During a merge, it was detected that some TAPEVOL profiles with a TVTOC are present in both source and current databases. This message serves to warn you that such profiles will not be merged. CKR0629 kind database has id name but is not a user/group Severity: 12 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The ID name, which is either SYS1 or IBMUSER, could be found, but was not of the correct kind (group for SYS1, user for IBMUSER). This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT. CKR0630 Two merge sources not allowed Severity: 12 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates that two source RACF databases were found. The merge requires exactly one source and one current database. See the preceding CKR0615 message for an overview of the RACF databases and their function. CKR0631 Two merge currents not allowed Severity: 12 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates that two current RACF databases were found. The merge requires exactly one source and one current database. See the preceding CKR0615 message for an overview of the RACF databases and their function. 230 Version 1.12: Messages Guide CKR0632 Merge requires source and current Severity: 12 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates that no source database, no current database, or no database at all was found. The merge requires exactly one source and one current database. See the preceding CKR0615 message for an overview of the RACF databases and their function. CKR0633 These src groups have a SUPGROUP rule but are not selected: group ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of groups was found for which a MERGERULE SOURCEID SUPGROUP command was specified. However, the groups were not selected by be merged. This is an error: either select the groups to be merged, or omit the MERGERULE commands for the groups. CKR0634 kind user name has no default-group, using connect group Severity: 04 Explanation: This message is issued by the IBM Security zSecure Admin database merge checking routines, and indicates a structural error in the kind (Source or Current) database. The user with the indicated name was found, but no default-group could be determined. As a work-around, IBM Security zSecure Admin uses the existing connection to group. This may be caused by a structural error in the database, or by a global SELECT or EXCLUDE statement. The profiles that should be merged should be selected by a SELECT statement within the MERGE/ENDMERGE block, not by a global SELECT. CKR0635 MERGE internal error: description Severity: 16 Explanation: An internal error occurred during a IBM Security zSecure Admin database merge. Write down the indicated description and contact IBM Software Support. CKR0636 Errors in merge phase number - stopped early Severity: 12 Explanation: An error occurred during pass number of a IBM Security zSecure Admin database merge. The error was described in the previous messages. Because of these errors, the IBM Security zSecure Admin database merge was unable to continue and stopped. CKR0637 Merge requires a local current RACF database Severity: 12 Explanation: A merge was specified, but an eligible database to merge into was not supplied. You cannot merge into a nonlocal database through the zSecure Server network. CKR0638 Merge requires a local RACF source database Severity: 12 Explanation: A merge was specified, but an eligible database to merge from was not supplied. You cannot merge from a nonlocal database through the zSecure Server network. CKR0639 CKREFRI: command buffer overflow Severity: 08 Explanation: This message indicates that one or more classes were left off from the SETROPTS REFRESH command. Chapter 5. CKR messages 231 CKR0640 The following src ids have a rule but are not defined: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID commands was found that specified an unexisting user or group id. This is an error: either correct the user or group ids, or omit the MERGERULE commands for the indicated ids. CKR0641 These src ids have a RENAME, are not selected, and do not exist in current: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID RENAME commands was found. The indicated ids are valid user and group ids on the SOURCE system, but are not selected to be merged, so the commands cannot apply to SOURCE ids. The new name specified with the RENAME option does not exist on the CURRENT system and will also not be created during the merge, so the commands cannot apply to references to the indicated ids (for example, on access lists). This is an error: either select the user or group ids to be merged, or omit the MERGERULE commands for the indicated ids. CKR0642 The following current ids are the target of > 1 rename: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID RENAME commands was found. Several of these commands renamed a SOURCE ID to the same CURRENT id. This is not allowed. However, you can achieve the effect desired by merging the SOURCE database in multiple runs. CKR0643 The following users have a SUPGROUP rule: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID SUPGROUP commands was found that specified a user as SOURCEID. This is not allowed: a SUPGROUP option can only apply to a group. Correct the MERGERULE commands. CKR0644 A SUPGROUP rule for SYS1 is not allowed: Orig src-id New cur-id Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID SUPGROUP commands was found that specified a superior group for a group that would be called SYS1 after the merge. This is not allowed: SYS1 should not have a superior group. The src-id shows the original group name (before any renames); the cur-id will be SYS1. CKR0645 The following current ids are the target of src+rename: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID RENAME commands was found. One or more of these commands renamed a SOURCE ID to a CURRENT ID that is also the target of a selected SOURCE ID that was not renamed. This is not allowed. However, you can achieve the effect desired by merging the SOURCE database in multiple runs. CKR0646 The following users were specified as a SUPGROUP: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID SUPGROUP commands was found that specified a user as SUPGROUP. This is not allowed: a SUPGROUP option must specify a group as new superior group. However, you can specify a user as owner for a group, using the 232 Version 1.12: Messages Guide MERGERULE SOURCEID OWNER option. Correct the MERGERULE commands. CKR0647 Following groups found in source. They are users in current: Source src-id Current cur-id Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of groups that are selected to be merged have the same name as a user on the CURRENT system (possibly after being renamed). This is not allowed. The src-id column lists the users; the cur-id column lists the new name after the merge. Correct the MERGERULE commands. CKR0648 Following users found in source. They are groups in current: Source src-id Current cur-id Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of users that are selected to be merged have the same name as a group on the CURRENT system (possibly after being renamed). This is not allowed. The src-id column lists the users; the cur-id column lists the new name after the merge. Correct the MERGERULE commands. CKR0649 Ids defined as owner, but not defined/selected: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID OWNER commands was found that specified a user or group that would be absent after the merge. This is an error. Correct the MERGERULE commands. CKR0650 Ids defined as supgroup, but not defined/selected: ids Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 2, a number of MERGERULE SOURCEID SUPGROUP commands was found that specified a group that would be absent after the merge. This is an error. Correct the MERGERULE commands. CKR0651 The following groups are part of a supgroup loop: groups Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 3, the group tree structure after the merge would result in a loop of the indicated groups. This is an error, and should be fixed by specifying or correcting MERGERULE SOURCEID SUPGROUP commands. CKR0652 Orig src-grp The following groups are source-only; their src-only supgrp is not selected: New cur-grp Orig-sup src-supgroup Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 3, a number of groups was found that were selected to be merged and do only exist on the SOURCE database. In addition, no SUPGROUP command was specified, and their superior groups on the SOURCE system were not selected to be merged. This is an error, and Chapter 5. CKR messages 233 should be fixed by selecting the source superior groups, not selecting the groups, or by specifying MERGERULE SOURCEID SUPGROUP commands. CKR0653 Source src-grp The following groups have conflicting supgrps, and no command: Current cur-grp Orig-s src-s Orig-ren renamed-src Cur-sup cur-supgroup Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 3, a number of groups was found that were selected to be merged and do exist on both the SOURCE and the CURRENT database. In addition, the superior groups were different; the source superior group was also selected to be merged; and no command was specified that could resolve this conflict. This is an error, and can be corrected in various ways: (1) Changing the selection criteria; (2) specifying a MERGERULE SOURCEID SUPGROUP command; (3) specifying a MERGERULE SOURCEID DATA command; (4) specifying a MERGERULE DEFAULT DATA command. CKR0654 Group SYS1 was renamed, and no superior group was specified Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 3, it was detected that group SYS1 from the SOURCE database was renamed using a MERGERULE SOURCEID RENAME command. However, the new group did not already exist on the CURRENT database, and no new superior group was specified. This is an error, and can be corrected using MERGERULE SOURCEID commands. CKR0655 These src-only users have an owner that is not selected: Source src-user Current cur-user Src-Owner src-owner Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 4, it was detected that one or more users that occurred only on the source database, have an owner that is not present on the current database, and is not selected to be merged. In addition, no MERGERULE SOURCEID OWNER command had been specified. This is an error, since no owner can be determined. Either specify the desired owner, or select the user's owner to be merged. CKR0656 Source src-user These users have conflicting owners, no command: Current cur-user Src-Own src-own Cur-own current-owner Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 4, it was detected that one or more users that are present on both source and current system have conflicting owners. In addition, no MERGERULE SOURCEID OWNER, MERGERULE SOURCEID DATA, or MERGEID DEFAULT DATA command had been specified. This is an error, since no owner can be determined. CKR0657 Src-user s-user The following connects have conflicting attrs and no auth rule: Src-grp s-group Cur-user c-user Cur-grp c-group Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 5, one or more user-group connections were found that have conflicting attributes in the source and current version. In addition, no MERGERULE 234 Version 1.12: Messages Guide SOURCEID AUTHORITY or MERGERULE DEFAULT AUTHORITY was specified that could resolve the conflict. This is an error. For each conflicting user-group connection, the message lists the name of the user and group on the source and current databases. CKR0658 The following users have no connects after the merge: Source src-id Current cur-id Src-dfltgrp source defaultgroup Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 6, it was detected that one or more users did not have any group-connections after the merge. This is an error, which should be corrected by (1) deselecting the user; (2) selecting one or more of the connect-groups; or (3) renaming the user to a user already existing on the CURRENT system. CKR0659 The following users have no dfltgrp, and > 1 copied connect: Source src-id Current cur-id Src-dfltgrp source defaultgroup Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 6, it was detected that one or more users did have two or more group-connections after the merge, but the source default group was not merged, and no default-group could be determined. This is an error, which can be corrected in various ways, including: (1) deselecting the user; (2) selecting the source defaultgroup to be merged; or (3) renaming the user to a user already existing on the CURRENT system. CKR0660 Source src-id The following users have two dfltgrp candidates: Current cur-id Src-dflt src-dflt Cur-dflt current defaultgroup Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 6, it was detected that one or more users have two candidate default groups, and no MERGERULE SOURCEID DATA or MERGERULE DEFAULT DATA commands had been specified that could resolve the conflict. This is an error. CKR0661 Warning: product system name now processed as if protected by product2 database of complex name2 Severity: 00 Explanation: This message indicates that no product security database (which can be RACF, ACF2, or TSS) was available for the indicated system name. The indicated product2 security database for the complex name2 is used instead. CKR0662 Warning: RACF Class Descriptor Table for complex name unknown, using current system CDT Severity: 00 Explanation: This message indicates that no RACF Class Descriptor Table (CDT) could be found for the indicated system name. The current systems CDT is used instead. Chapter 5. CKR messages 235 CKR0663 Started task info missing, ICHRIN03 not in ddname for system name Severity: 08 Explanation: This message is issued by VERIFY/REPORT STC. It indicates that though the STARTED class will still be processed, the fallback started task information for the indicated system name is missing. The report may be incomplete. CKR0664 Two-pass read of RACF db not supported, use an unload for complex name Severity: 12 Explanation: A RACF database (as opposed to an UNLOAD) cannot be used in a two-pass read. Use an UNLOAD instead. This may be caused by including fields like ANYSUPGROUP (which needs to know the group structure to operate) in your query, or using lookups in a NEWLIST TYPE=RACF selection (for which, for example, ownership relations must be known ahead of time). CKR0665 UNLOAD COMPLEX= parameter not valid for NEWLIST TYPE=type Severity: 12 Explanation: The COMPLEX parameter on the UNLOAD statement is meant to indicate which complex security database should be unloaded. An unload file can contain information of one complex only, while a NEWLIST can print information from multiple complexes. The COMPLEX parameter has no meaning for non-security database NEWLISTs and results in this error message. CKR0666 System system complex complex NJE node node has been assigned free CKRCMD file ddname volume dsn Severity: 00 Explanation: Command generation is done per complex. Each complex needs its own output file (since the commands must be sent to the proper complex). These messages indicate which TYPE=CKRCMD file was used for which complex. CKR0667 Extra CNSX without class - file ddname volume dsn Severity: 16 Explanation: The Class Descriptor Table in the input source contains less class descriptors than CDT extension (CNSX) records. Possibly a record was truncated in the database unload file or something more serious is happening. Check that the file has DCB attributes RECFM=VBS,LRECL=X. CKR0668 Class name CNSX mismatch file ddname Severity: 16 Explanation: The Class Descriptor Table in the input source contains other CNSX pointers than the CDT extension (CNSX) records themselves. Possibly a record was truncated in the database unload file or something more serious is happening. Check that the file has DCB attributes RECFM=VBS,LRECL=X. CKR0669 Class name and higher miss CNSX on file ddname volume dsn - probably unloaded with downlevel release Severity: 16 Explanation: The unload file misses Class Descriptor Table Extension (CNSX) records starting with the class indicated. Reports may be false. 236 Version 1.12: Messages Guide CKR0669 Class name and higher miss CNSX on file ddname - downlevel CNFCOLL does not support RACF 2.2 Severity: 16 Explanation: The CKFREEZE file misses Class Descriptor Table Extension (CNSX) records starting with the class indicated. Reports may be false. CKR0670 Incompatible RCVT and CNST release - NEWLIST TYPE=CLASS incomplete - allocate proper CKFREEZE for system Severity: 16 Explanation: You cannot safely mix RACF 2.2 or higher unloads and CKFREEZEs with lower level RACF ones for the same system. Consequently, the NEWLIST TYPE=CLASS output cannot be trusted. Use a consistent input set (for example, an unload and CKFREEZE produced on the same system). CKR0671 DDNAME=ddname is invalid on UNLOAD Severity: 12 Explanation: You specified a filename reserved for other purposes as the target for the unload. Specify another filename on the DDNAME parameter. CKR0672 Only one MERGE allowed - previous ignored Severity: 04 Explanation: More than one MERGE input command was specified. Only the last one specified will be used. Multiple RACF database merge jobs should be split into multiple runs. CKR0673 Duplicate value for keyword keyword for source id id Severity: 12 Explanation: In the MERGE input commands, a MERGERULE SOURCEID=id statement was used to set the option keyword. However, this option had already been set for the same ID in the preceding MERGERULE commands. This is an error. CKR0673 Duplicate value for keyword keyword for resource class class Severity: 12 Explanation: In the MERGE input commands, a MERGERULE SOURCECLASS=class statement was used to set the option keyword. However, this option had already been set for the same general resource class in the preceding MERGERULE commands. This is an error. CKR0674 EOF without ENDMERGE... ENDMERGE assumed Severity: 04 Explanation: In the MERGE input commands, the input ended after a MERGE command was read, but before an ENDMERGE command was read. A closing ENDMERGE is assumed. CKR0675 Warning: complex not processed for ALLOC TYPE=CKRCMD FILE=ddname COMPLEX=name Severity: 00 Explanation: You specified a CKRCMD output file for the indicated complex, but this complex was not found in the input set. The output file will not be used. Chapter 5. CKR messages 237 CKR0676 Source src-grp These groups have an OWNER pararameter that is not equal to the supgroup: Current cur-grp New-sup supgrp Own-parm owner specified Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 4, it was detected that one or more groups have a MERGERULE SOURCEID OWNER command. These commands specified a group as new owner; however, the owner specified was not equal to the superior group determined in the previous pass. This is an error. Either specify the desired owner as a superior group, or use a user as owner. CKR0677 For the following source-only profiles no current owner could be found: S-owner owner Class class Profile profile Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 7, it was detected that one or more data set or general resource profiles only occur on the source database. In addition, no owner could be found on the current database for these profiles: the source owner was not merged, and does not exist on the current database; and the high-level qualifier is not a valid ID on the current database. This is an error. It can often be resolved by selecting the indicated owner to be merged, or by specifying a MERGERULE SOURCEID OWNER command for the profile's high-level qualifier. CKR0678 The following profiles have an unresolved access list because no policy was set: Class class Current profile name profile Severity: 12 Explanation: During a IBM Security zSecure Admin database merge, pass 8, it was detected that the access list for one or more data set or general resource profiles contained differences that could not be resolved. This is an error. It can be resolved by specifying a MERGERULE SOURCEID AUTHORITY command for the profile's high-level qualifier, or by a MERGERULE DEFAULT AUTHORITY command. CKR0679 Warning: skipped undefined id "id" during merge of access list Id occurred number times Severity: 04 Explanation: During a IBM Security zSecure Admin database merge, pass 8, an access list ID was encountered that did not exist in the RACF database. This access list entry will not be merged. You may ignore this message; run VERIFY PERMIT to clean up the RACF database. CKR0680 Skipping non-base segments for profiles discrete-name Severity: 04 Explanation: During a IBM Security zSecure Admin database merge, several discrete profiles had an identical name. In addition, non-base segments were found. The non-base segments cannot be assigned to a base segment and will be skipped. CKR0681 General resource class name is only present on the source system (Profiles are not merged) ignored Severity: 00 238 Version 1.12: Messages Guide Explanation: During a IBM Security zSecure Admin database merge, pass 1, the general resource class name was encountered, which contains profiles which are selected to be merged. However, the class is only present on the source system. The profiles will not be merged. If a mergerule was specified for the class, a third line ignored will be shown with the format MERGERULE SOURCECLASS=class ignored. CKR0682 General resource class name is generic on the source system, not on the current (SETROPTS GENERIC written to CKRCMD) Severity: 00 Explanation: During a IBM Security zSecure Admin database merge, pass 1, the general resource class name was encountered, which contains generic profiles which are selected to be merged. However, generic processing for the class is only active on the source system. A SETROPTS GENERIC command for the class has been written to CKRCMD. If this is not desired, exclude the class from the database merge. CKR0683 General resource class name is active on the source system, not on the current Severity: 00 Explanation: During a IBM Security zSecure Admin database merge, pass 1, the general resource class name was encountered, which contains profiles which are selected to be merged. However, the class is only active on the source system. The profiles will be merged, but may not perform a useful function on the current system. CKR0684 Invalid conditional access list entry for id name - skipped Profile: class key Severity: 08 Explanation: During a IBM Security zSecure Admin database merge, pass 8, a conditional access list entry for user or group name was encountered that contains garbage. RACF PTF levels existed in the past that could create such invalid entries. The profiles will be merged, but may miss the remainder of the access list on the current system. CKR0685 File filename effective linelength nn conflicts with first CKRCMD linelength mm used for NEWLIST DD=CKRCMD Severity: 12 Explanation: If you use CKRCMD output and process the databases of more than one security complex, then output is not written to one file only. Instead, it is redirected automatically to one TYPE=CKRCMD file per complex. NEWLIST definitions are (can be) linelength-dependent. Because of this it is required that the effective linelength is identical for all these TYPE=CKRCMD files. This requirement is not present if you do not use a NEWLIST DD=CKRCMD. CKR0686 ACF2_CHANGE num reads beyond end-of-record Severity: 08 Explanation: An ACF2 SMF record for a logonid or infostorage change claimed to contain information beyond the end of the record. Possibly the record was truncated. CKR0687 Some ACF2_CHANGE values omitted Severity: 08 Explanation: An ACF2 SMF record for a logonid or infostorage change contained more information than fit into internal zSecure Audit buffers. Some repeat group values will be missing. CKR0688 Unknown ACFATYPE xx Severity: 20 Explanation: An ACF2 SMF record contained an unsupported value for the field ACFATYPE. The unsupported value is given in hex. Chapter 5. CKR messages 239 CKR0689 Unknown ACF2 subtype xx Severity: 20 Explanation: An ACF2 SMF record contained an unsupported value as the value for ACSMFREC (the record subtype). The unsupported value is given in hex. CKR0690 Unsupported ACF2 mode=xxx Severity: 20 Explanation: An ACF2 SMF record contained an unsupported value as the value for ACVMFTF. The unsupported value is given in hex. CKR0691 In module - description Severity: 00 Explanation: This is a progress indicator of the merge process. CKR0692 File file additional snapshot was created at timestamp Severity: 00 Explanation: This messages indicates that a TYPE=CKFREEZE input file contained two concatenated system snapshots. This second snapshot is ignored by IBM Security zSecure. CKR0693 Two-pass read of merge source activated Severity: 00 Explanation: This message indicates that the merge source database has to be read twice to minimize memory usage. This is usually caused by selection fields like ANYSUPGRP that need to know the group-structure to operate. CKR0694 Field fieldaddr fieldname format outputformat not supported for modify - defined at ddname line number Severity: 24 Explanation: A field was modifiable in principle but the output format used is not supported for modification. If you did not specify an overriding format, then this is an internal error. Contact IBM Software Support. CKR0695 Safety limit of 50 repeat commands exceeded Severity: 08 Explanation: The MERGE command generation automatically splits commands in pieces of 16KB. After 50 such splits the command was still not complete. Command generation has been abandoned, because it is highly probable that there is an internal error. Contact IBM Software Support. CKR0696 No CKRCMD for merge function Severity: 08 Explanation: A merge was requested but no file was present to generate the commands for the specified database function (source or current). CKR0697 Unknown entity type nn Severity: 20 Explanation: The profile caching mechanism encountered an unsupported entity type. Contact IBM Software Support. 240 Version 1.12: Messages Guide CKR0698 Duplicate connect user / group Severity: 20 Explanation: The profile caching mechanism encountered a duplicate connect in a non-RDS RACF database. CKR0699 MERGERULE SOURCECLASS specified for class class but class not found in source CDT Severity: 12 Explanation: A MERGERULE SOURCECLASS was specified for a class that is not present in the class descriptor table of the source database. Make sure the class name is specified correctly. Messages from 700 to 799 CKR0700 First volume catalog entries conflict, file seq volser datasetname first vol2 Severity: 08 Explanation: This message is issued if two ICF catalog entries indicate different first volumes for datasetname, sequence number seq on tape volume volser. There is no way to determine which one is correct; vol2 is the ignored indication. CKR0701 First volume conflict in tape mgmnt for file seq volser datasetname first vol2 Severity: 08 Explanation: This message is issued if two tape catalog entries indicate different first volumes for datasetname, sequence number seq on volume volser. There is no way to determine which one is correct; vol2 is the ignored indication. CKR0702 First volume conflict tape mgmnt/TVTOC, file seq volser datasetname first vol2 Severity: 08 Explanation: This message is issued if a TVTOC entry in the RACF database conflicts with the tape management catalog as to the first volume for datasetname, sequence number seq on volume volser. The tape management catalog will be considered correct, and the TVTOC indication, vol2, will be ignored. CKR0703 First volume conflict tape mgmnt/catlg, file seq volser datasetname first vol2 Severity: 08 Explanation: This message is issued if an ICF catalog entry conflicts with the tape management catalog as to the first volume for datasetname, sequence number seq on volume volser. The tape management catalog will be considered correct, and the ICF catalog indication, vol2, will be ignored. CKR0704 First volume conflict with tape mgmnt, file seq volser datasetname first vol2 Severity: 08 Explanation: This message is issued if an information source (probably ICF catalog, possibly TVTOC) conflicts with the tape management catalog as to the first volume for datasetname, sequence number seq on volume volser. The tape management catalog will be considered correct, and the other indication, vol2, will be ignored. CKR0705 First volume conflict with catalog for file seq volser datasetname first vol2 Severity: 08 Explanation: This message is issued if an information source (probably ICF catalog, possibly TVTOC) conflicts with an ICF catalog entry as to the first volume for datasetname, sequence number seq on volume volser. The earlier information will be considered correct, and the new ICF information, vol2, will be ignored. Chapter 5. CKR messages 241 CKR0706 First volume conflict catalog/TVTOC for file seq volser datasetname first vol2 Severity: 08 Explanation: This message is issued if an ICF catalog entry conflicts with a TVTOC entry in the RACF database as to the first volume for datasetname, sequence number seq on volume volser. The TVTOC information will be considered correct, and the ICF catalog indication, vol2, will be ignored. CKR0707 Erroneous count in multi-volume link table, complex volser count count Severity: 08 Explanation: This message is issued if the count field declaring the number of secondary volumes defined for the complex starting with volser in the ensuing link table is less than 1 or exceeds the maximum value, i.e., count is greater than 5 (for a TLMS base record) or 32 (for a TLMS multi-volume record). Any multi-volume link information in this record is ignored. CKR0708 Bad sequence number in multi-volume table of complex volser sequence number vseq Severity: 08 Explanation: This message is issued if an entry in a table defining secondary volumes for the TLMS complex starting with volser contains a volume sequence number vseqless than 2. Such entries are skipped. CKR0709 CONVERSION abend-type for TLMS volume volser Severity: 20 Explanation: This message is issued when converting the volume sequence or volume count field in a CKFREEZE entry representing a TLMS base record for volume volser from packed decimal to binary fails. Any multi-volume information in this record is ignored. CKR0710 Volume sequence conflict in multi-volume complex volser sequence number vseq ignored vol2 Severity: 08 Explanation: This message is issued if vol2 was identified as the vseqth volume of the multi-volume complex starting with volser, but another volume had already been. The new link information is ignored. CKR0711 Secondary volume is scratch in nonscratch complex volser volume vol2 Severity: 08 Explanation: This message is issued if vol2 is a scratch secondary volume in a complex starting with the nonscratch volume volser. CKR0712 Alleged first volume denies involvement in complex volser referenced by vol2 Severity: 08 Explanation: This message is issued if a nonscratch volume vol2 was linked to a TLMS complex starting with volser, but volser was not identified as the start of a multi-volume complex by its base record or no base record was found for it. CKR0713 Orphan secondary volume in TLMS multi-volume complex volser orphan volume vol2 Severity: 08 Explanation: This message is issued if a nonscratch volume vol2 refers to another volume volser as the first of its TLMS complex, but no appropriate link information was found. 242 Version 1.12: Messages Guide CKR0714 Multi-volume complex without any secondary volumes volser count count Severity: 08 Explanation: This message is issued if a volume volser was identified as the start of a multi-volume complex, but no valid link information was found for it at all. count is the volume count as indicated in volser's base record. CKR0715 Missing secondary volume in multi-volume complex volser sequence number vseq Severity: 08 Explanation: This message is issued if volser was identified as the start of a multi-volume complex and some link information was found, but an intermediate volume is missing. CKR0716 Non-VSAM data set found in VVDS but not in VTOC - volser datasetname Severity: 08 Explanation: Incidental cases may be the result of actions performed by the system between reading of the VTOC and the VVDS by zSecure Collect (opening the VVDS takes a considerable amount of time). If this message is reproducible for the same data set (run zSecure Collect again first), then a problem exists. Perform the IDCAMS DIAGNOSE function on the VVDS: maybe a DELETE NVR command will help. CKR0717 Non-VSAM data set found in VVDS multiple times - volser datasetname Severity: 08 Explanation: When deleting data sets a non-VSAM SMS-managed data set will be DELETEd primarily via the catalog mentioned in the NVR and DELETEd NOSCRATCH from other catalogs. This message indicates multiple NVRs were found, so the generated commands do not have the NOSCRATCH keyword for several catalogs for a single data set; this means one or more commands may fail. Be extra attentive when reviewing the generated commands. CKR0718 Resource deletion: DELETE non-VSAM volser datasetname catalogname Severity: 00 Explanation: This message indicates a DELETE was generated for a non-VSAM data set called datasetname. If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed. CKR0719 Resource deletion: DELETE non-VSAM NOSCRATCH volser datasetname catalogname Severity: 00 Explanation: This message indicates a DELETE NOSCRATCH was generated for a non-VSAM data set called datasetname. If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed. CKR0720 Resource deletion: SUPPRESS del n-vsam noscr volser datasetname catalogname Severity: 00 Explanation: This message indicates a DELETE NOSCRATCH would have been generated for a non-VSAM data set called datasetname if you would have allowed the generation of DELETE NOSCRATCH commands. If catalogname equals default catalog no catalog keyword would have been specified, else the command would have been specifically directed to the catalog displayed. CKR0721 Resource deletion: DELETE cluster datasetname catalogname Severity: 00 Explanation: This message indicates a DELETE was generated for a VSAM cluster called datasetname. If catalogname Chapter 5. CKR messages 243 equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed. CKR0722 Resource deletion: DELETE cluster NOSCRATCH datasetname catalogname Severity: 00 Explanation: This message indicates a DELETE NOSCRATCH was generated for a VSAM cluster called datasetname. If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed. CKR0723 Resource deletion: SUPPRESS delete cluster NOSCRATCH datasetname catalogname Severity: 00 Explanation: This message indicates a DELETE NOSCRATCH would have been generated for a VSAM cluster called datasetname if you would have allowed the generation of DELETE NOSCRATCH commands. If catalogname equals default catalog no catalog keyword would have been specified, else the command would have been specifically directed to the catalog displayed. CKR0724 Resource deletion: DELETE GENERATIONDATAGROUP datasetname catalogname Severity: 00 Explanation: This message indicates a DELETE GENERATIONDATAGROUP was generated for a GDG called datasetname. If catalogname equals default catalog no catalog keyword was specified, else the command was specifically directed to the catalog displayed. CKR0725 Resource deletion: DELETE ALIAS aliasname catalogname Severity: 00 Explanation: This message indicates a DELETE ALIAS was generated for a catalog alias called aliasname. If catalogname equals master catalog no catalog keyword was specified, so the command will act on the active master catalog; else the command was specifically directed to the catalog displayed, normally a nonactive master catalog. CKR0726 Resource deletion: DELETE non-VSAM DSCB from volser datasetname reason Severity: 00 Explanation: This message indicates a command sequence ALLOCATE - FREE DELETE was generated to delete the DSCB of a non-VSAM data set called datasetname residing on volume volser because no suitable DELETE was possible. This is the case if the data set is cataloged on the default system, but not in any connected catalog, in which case reason will be unconnected catalog; or if it is only in catalogs on DASD that is not shared with the default system, in which case reason will be remote catalog not shared; or if no catalog entry was found at all, in which case reason will be not in any catalog anywhere. CKR0727 Resource deletion: orphan non-VSAM DSCB kept volser datasetname reason Severity: 00 Explanation: This message indicates a command sequence ALLOCATE - FREE DELETE would have been generated to delete the DSCB of a non-VSAM data set called datasetname residing on volume volser if you would have allowed the generation of such sequences because no suitable DELETE was possible. This is the case if the data set is cataloged on the default system, but not in any connected catalog, in which case reason will be unconnected catalog; or if it is only in catalogs on DASD that is not shared with the default system, in which case reason will be remote catalog not shared; or if no catalog entry was found at all, in which case reason will be not in any catalog anywhere. 244 Version 1.12: Messages Guide CKR0728 Catalog entries disagree on the previous volume of diskvolser datasetname previous vol2 Severity: 08 Explanation: This message is issued if two ICF catalog entries indicate different previous volumes for the same disk volume serial. There is no way to determine which is correct; vol2 is the ignored link. CKR0729 First volume of catalog entry is secondary in other diskvolser datasetname Severity: 08 Explanation: This message is issued if one ICF catalog entry indicates that disk volume diskvolser is the first volume of datasetname, while another indicates it is a secondary volume. The entry encountered first is considered correct, the other is ignored. CKR0730 Resource copying: DEFINE ALIAS aliasname catalogname Severity: 00 Explanation: This message indicates a DEFINE ALIAS was generated for a catalog alias called aliasname. If catalogname equals master catalog no catalog keyword was specified, so the alias will be defined in the active master catalog; else the command was specifically directed to the catalog displayed, normally a nonactive master catalog. The new alias is related to the same catalog as the alias copied (not shown). CKR0731 RACFVARS profile key has no leading '&': profilename Severity: 04 Explanation: A general resource profile was encountered in class RACFVARS with an unexpected format. CKR0732 No CKFREEZE present, no resource management commands are generated Severity: 00 Explanation: This message indicates that certain types of commands pertaining to resources would have been generated if a CKFREEZE had been present. management is equal to either deletion or copying if only resource deletion or copying commands would have been generated, or deletion and copying if both would have been. This message is also echoed to the CKRCMD file. It is not issued when these functions are explicitly suppressed or not implied. CKR0733 VSM area conflict: address is type1 name1 and type2 name2 Severity: 16 Explanation: Contact IBM Software Support. CKR0734 Imbed failed, file ddname not allocated at ddname line number Severity: 12 Explanation: This message indicates that imbed could not open the external data source as requested. CKR0735 IMBED parameters FILEDESC/PATH mutually exclusive with DD/MEM at ddname line number Severity: 12 Explanation: The imbed statement can only contain one external data source. CKR0736 field field invalid for NEWLIST TYPE= type Severity: 12 Explanation: Use of the indicated field is not supported for this newlist type. Chapter 5. CKR messages 245 CKR0737 Requested new owner owner is undefined on complex complex Severity: 12 Explanation: This message is issued when the owner specified for a copy user action is not defined in the complex mentioned. CKR0738 Requested new default group group is undefined on complex complex Severity: 12 Explanation: This message is issued when the default group specified for a copy user action is not defined in the complex mentioned. CKR0739 Resource deletion: DELETE migrated cluster MIGRAT dsname catalog Severity: 00 Explanation: This message indicates that a migrated VSAM cluster data set name present in the HSM MCDS has a high level qualifier that should be deleted. A DELETE PURGE command has been generated to accomplish a delete without automatic restore. CKR0740...CKR0777 message Severity: 24 Explanation: All messages in this range are internal error messages generated as a result of internal consistency checking. Contact IBM Software Support. CKR0778 The PROTECTED parameter cannot be used with either the NEWPASSWORD or NEWPHRASE parameters. Severity: 12 Explanation: The PROTECTED parameter allows you to set up a user ID that cannot be used to log on. The NEWPASSWORD and NEWPHRASE parameters are used to establish a password or password phrase for a user ID. User response: If you want to set up a user ID that has a password or password phrase, remove the PROTECTED parameter. If you want to set up a user ID that cannot be used to logon, remove the NEWPASSWORD or NEWPHRASE parameters. CKR0779...CKR0785, CKR0787 message Severity: 24 Explanation: All messages in this range are internal error messages generated as a result of internal consistency checking. Contact IBM Software Support. CKR0786 CKRXINIT.CKRDIDID: Identity filter name is longer than 246 - name Severity: 20 Explanation: The DMAPNAME field in a user profile contains an identity filter reference that exceeds the maximum length supported. The RACMAP_REGISTRY field might miss values. CKR0788 Owner field for user userid not filled in Severity: 24 Explanation: Contact IBM Software Support. 246 Version 1.12: Messages Guide CKR0789...CKR0791 message Severity: 24 Explanation: All messages in this range are internal error messages generated as a result of internal consistency checking. Contact IBM Software Support. CKR0792 End of used area in middle of profile: ddname block blockno segment offset segno Severity: 24 Explanation: Contact IBM Software Support. CKR0793 Database conflict for complex between ddname1 and ddname2 Severity: 24 Explanation: Contact IBM Software Support. CKR0794 CKROUBU range error, TLHVIX=num1 BUHD#TLHD=num2 Severity: 24 Explanation: Contact IBM Software Support. CKR0795 BUNDLEBY not found Severity: 24 Explanation: Contact IBM Software Support. CKR0796 CKACMEM: No dataset context available Severity: 24 Explanation: This message indicates an internal error condition in the zSecure Audit Library Update report. Contact IBM Software Support. CKR0797 CKACMEM: No TVOL for dataset volume Severity: 24 Explanation: This message indicates an internal error condition in the zSecure Audit Library Update report. Contact IBM Software Support. CKR0798 CKACMEM: No CVOL for dataset volume Severity: 24 Explanation: This message indicates an internal error condition in the zSecure Audit Library Update report. Contact IBM Software Support. CKR0799 CKACMEM: No CFIXB dataset volume Severity: 24 Explanation: This message indicates an internal error condition in the zSecure Audit Library Update report. Contact IBM Software Support. Messages from 800 to 899 Chapter 5. CKR messages 247 CKR0800...CKR0802 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. CKR0803 Invalid OS formatted RACF DB specified for ddname data.set.name Severity: 16 Explanation: This message indicates that the RACF database data set specified above as a part of the VM installation process either does not exist or is not an OS formatted RACF database file. Check your VM installation to ensure that you specified the correct options. CKR0804 Error OS formatted RACF DB has nn extents. Only able process if it has 1 extent Severity: 16 Explanation: This message indicates that the RACF database data set specified above as a part of the VM installation process either does not exist or is not an OS formatted RACF database file. Check your VM installation to ensure that you specified the correct options. CKR0805 I/O error on device nnnn cc=mm R15=nn Severity: 08 Explanation: This message indicates that an I/O error occurred attempting to issue a DIAG A8 to return the sense information for the OS formatted RACF database. Submit an error report to IBM Software Support. CKR0806 FILEDEF error RC=nn for ddname fn ft fm/data.set.name Severity: 08 Explanation: This message indicates that an error occurred during an attempt to issue a FILEDEF command either for a CMS file (fn ft fm) or for the OS formatted RACF database (data.set.name). Submit an error report to IBM Software Support. CKR0807 Internal error CKRCCHH RC=16 Severity: 08 Explanation: This internal message indicates that an invalid relative track number was passed to the CKRCCHH routine. Submit an error report to IBM Software Support. CKR0808 TTT conversion result CCCC HHHH nnnn not in extent mmmm - ooooo for ppp Extent 0 range qqqq - rrrr Severity: 24 Explanation: During an attempt to convert a relative track address to an absolute track address, the CKRCCHH routine encountered an error. The error indicates that the relative track was outside extent for the OS formatted RACF database. Submit an error report to IBM Software Support. CKR0809...CKR0837 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. 248 Version 1.12: Messages Guide CKR0841 Severe SRVIN error PC RC=n - issuing user abend 841 Severity: 16 Explanation: While reading from a remote node, an error condition was returned by the Program Call interface of the server. User response: Verify that the server is active, then restart the server and try again. CKR0842 SPECPROC returned length out of range R0=xxxxxxx - issuing user abend 842 Severity: 16 Explanation: This message indicates that one of the internal interfaces related to the zSecure Server received an unexpected length and issued an abend. User response: Look for the message on the IBM support site. If no solution is posted, collect SYSPRINT on both the local and remote sides and contact IBM Software Support. CKR0843 FILEDATA=RECORD record recno has bytes bytes (hex), exceeding max_bytes bytes; closing file ddname path Severity: 8 Explanation: This message indicates record recno of UNIX file path in FILEDATA=RECORD format has bytes bytes. This value exceeds the maximum allowed number of bytes: max_bytes. This indicates that the file is corrupted. Consequently, no attempt is made to read further records from the file. The file is closed. CKR0844 Last FILEDATA=RECORD record truncated by end-of-file ddname path Severity: 8 Explanation: This message indicates that an end-of-file was reached for UNIX file path in FILEDATA=RECORD format in the middle of a record. This is an indication that the file is corrupted. Messages from 900 to 999 CKR0900 debug message Severity: 00 Explanation: This debug message is only relevant for IBM Software Support and is not present in any Generally Available version of the software. CKR0901 DTISPF internal error: MX#B > DTLNLEN Severity: 24 Explanation: This message indicates a problem in formatting the display. Unexpected data may be displayed. User response: Contact IBM Software Support and provide a description of how to recreate this problem for analysis. CKR0902 ENDDTPRO error: written beyond DTLNLEN Severity: 24 Explanation: This message is followed by a user abend 902. It indicates that the program is terminating because of a problem. User response: Make sure you have no DEBUG command in your input and try again. If the problem persists without DEBUG options, contact IBM Software Support. Chapter 5. CKR messages 249 CKR0904 Unconditional access is required to read from file file vol dsn(member) Severity: 12 Explanation: A data set to which only conditional (PADS) access was granted was requested for SYSIN or XMLIN input. Unconditional read access is needed to read this type of data. The data set is not processed. CKR0905 A member name is required to read from file ddname data set dsn Severity: 12 Explanation: An imbed statement was present referring to a PDS(E) data set, but the member to be read from that data set was not specified. Add the correct member to the imbed statement and resubmit the query. CKR0907 DYNALLOC trace: SVC 99 return code nn - meaning Severity: 00 Explanation: This message is issued either because of DEBUG SVC99, or because of a failed SVC99 where DAIRFAIL did not return a message text. It has continuation lines detailing the individual text units contents after SVC 99 (DYNALLOC) completion. CKR0908 CCSID conversion from nn to mm fails and no fallback Severity: 16 Explanation: CCSID conversion has failed (for details, see CKR0917). Fallback was allowed or forced by SUPPRESS MSG=917, but there is no fallback support for this specific CCSID pair. This message is issued only once per CCSID pair. CKR0908 CCSID conversion from nn to mm system abend 019-00 because z/OS V1R2 or higher is required Severity: 16 Explanation: The Unicode services are required for the requested function or input, but not available on this operating system level. Hence the translation service issued a system abend 019 reason code 0 ("downlevel system" ). No fallback is possible. The program may subsequently terminate with another S019-00 abend. CKR0909 CCSID conversion from nn to mm fallback to simple low-128 character translation Severity: 00 Explanation: CCSID conversion has failed (for details, see CKR0917). Fallback will be done because either there was no explicit request for UTF-8 output, or because message 917 was explicitly suppressed. Fallback means that a simple ASCII translation will be done. This implies that any UTF-8 characters that are not the equivalent of the low 128 ASCII characters will be displayed as one or more dots (depending on the length of the UTF-8 character). Possibly whole names consist only of dots in this fallback mode. This message is issued only once per CCSID pair. CKR0910 HLLENQ status report identifier Severity: 00 Explanation: These messages are issued in response to DEBUG ENQ. CKR0911 service RC=rc hex RSN=rsn hex [for qname-scope rname]: explanation Severity: 00 Explanation: A call to the indicated service (either ENQ or ISGENQ) did not complete with RC=0. This may happen for a perfectly innocent reason, such as an APF authorized program issuing an ENQ against the unauthorized QNAME CKRDSN. Hence, this message should be considered informational only. 250 Version 1.12: Messages Guide CKR0912 STIMERM error: explanation Severity: 24 Explanation: Contact IBM Software Support. CKR0913 Serialization could not obtain all ENQs Severity: 16 Explanation: The program could not obtain ENQs on all requested resources, and hence cannot continue. The resource for which no ENQ could be obtained has been identified in a preceding message CKR0911. CKR0913 Serialization encountered a serious error Severity: 16 Explanation: The program attempted to obtain ENQs on all requested resources, but encountered an unexpected condition. The run cannot continue. Look for a preceding message CKR0911 to identify the exact cause of the failure. CKR0913 Serialization has obtained all ENQs Severity: 00 Explanation: The program successfully obtained ENQs for all requested resources. CKR0913 Serialization starts waiting for ENQs Severity: 04 Explanation: The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. The program will wait for the remaining resources to become available. Look for a preceding message CKR0911 to identify the resources that were not immediately available. CKR0913 Serialization WAIT timed out Severity: 16 Explanation: The program attempted to obtain ENQs on all requested resources, but not all resources were immediately available. After waiting for the number of minutes specified on the MAXWAIT subparameter of the OPTION SERIALIZATION command, one or more required resources were still unavailable. The program gives up and aborts the run. Look for a preceding message CKR0911 to identify the unavailable resources. CKR0914 Multiple HLLQENQ ACTION=xxx,ID=id calls without an intervening HLLQDEQ ID=id or HLLQDEQ ALL are not supported Severity: 24 Explanation: Contact IBM Software Support. CKR0915 UNIX write record nn failed RC nn [meaning] reason qqqq rrrrx [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1WRV call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. Chapter 5. CKR messages 251 CKR0915 Deflate record nn failed RC nn meaning, file ddname pathname Severity: 16 Explanation: This message indicates that the compression routines found a severe error. A user abend 915 is issued. Contact IBM Software Support. CKR0916 CCSID conversion from nn to nn warning RC=nn reason rrrrrrrr x meaning [Length left for source nnn target nnn] [Suspect length>16MB source xxxxxxxx target xxxxxxxxx] Severity: 04 Explanation: This message indicates a failure in conversion of character encoding between the indicated CCSIDs. 1208 stands for UTF-8; 37, 1140, 1147 are typical EBDIC encodings. A common cause is printing into columns that are too small—while the UTF-8 representation can be wider than the EBCDIC representation—or trying to convert while a SET UNI command is in progress (for example, to load new conversion tables). The severity is 4 to indicate that the program continues operation. The message can contain a subline about suspect length, followed by a user abend 916. If this occurs, contact IBM Software Support. This message (and the abend) is suppressible. CKR0917 CCSID conversion from nn to nn error RC=nn reason nnnn x meaning [Suspect length>16MB source nnn target nnn] Severity: 04 or 16 Explanation: This message indicates a severe failure in the conversion of character encoding between the indicated CCSIDs. 1208 stands for UTF-8; 37, 1140, 1147 are typical EBDIC encodings. Common causes are: the absence of the proper conversion image needed for conversion between the indicated CCSIDs, or no SET UNI having been done at all to load conversion images (on lower z/OS releases). You may need to contact the person who maintains Unicode support on your system. The message can contain a subline about suspect length, followed by a user abend 917. If this occurs, contact IBM Software Support. This message (and the abend) is suppressible. If suppressed, fallback to a basic ASCII translation will be attempted, but all non-US characters will translate to one or more dots. Suppressing while ENCODING=UTF-8 is specified for an output file is not recommended, in the sense that the output is not guaranteed to conform to the UTF-8 standard. The severity of this message is 4 if fallback was to be attempted and 16 if fallback was not allowed due to ENCODING=UTF-8. If this message is explicitly suppressed by a SUPPRESS MSG=917 command, then fallback to an ASCII translation will be attempted even if an ENCODING=UTF-8 request is present. In case of a fallback attempt a message CKR0908 or CKR0909 will be issued. CKR0918 Uninitialized anchor passed to CCSID conversion Severity: 24 Explanation: This message indicates a program failure where conversion is requested without first telling between which encodings. Contact IBM Software Support. A user abend 918 is issued. This message (and the abend) may be suppressed, but results are unpredictable. CKR0919 Record with negative length length directed to ddname behind record recno Severity: 24 Explanation: An invalid record was passed to the output routine. An empty record has been written instead. Contact IBM Software Support. 252 Version 1.12: Messages Guide CKR0920 DELDUP: Element size is size - DICT option ignored Severity: 24 Explanation: A field with a specified or implied NODUP option was handled incorrectly. This may appear as a storage leak. Contact IBM Software Support. CKR0921 DELDUP: Called with element size 0 Severity: 24 Explanation: A field with a specified or implied NODUP option was handled incorrectly. The field will not be sorted. Contact IBM Software Support. CKR0922 DELDUP: Called with NIL pointer Severity: 24 Explanation: A field with a specified or implied NODUP option was handled incorrectly. The field will not be sorted. Contact IBM Software Support. CKR0923 Input from a TSO/E terminal is not supported - DD ddname Severity: 20 Explanation: Input from a TSO/E terminal in line mode is not supported. CKR0924 DD ddname DSN dsn invalid block size: blksize Severity: 16 Explanation: After ddname has successfully been OPENed, its DCB must indicate a positive block size unless ddname is a DUMMY device. CKR0925 Member member DDname ddname DSname dsn Problem description Severity: 16 Explanation: The program received a non-zero return code from the FIND SVC when trying to locate the indicated member. The problem description on the second line gives the exact nature of the problem. CKR0926 LOAD of module module failed Severity: 16 Explanation: The program expected the module named to be available. However, it could not be found. Contact IBM Software Support. CKR0927 CEEPIPI(call_sub) to procedure failed: reason Severity: 20 Explanation: This is an internal error that indicates that a subroutine could not be called via LE. Contact IBM Software Support. CKR0928 LE environment could not be established|terminated, RC rc Severity: 20 Explanation: This is an internal error in the Language Environment® processing. Contact IBM Software Support. Chapter 5. CKR messages 253 CKR0929 procedure call type type on ddname after record recno reports: msg Severity: 08 Explanation: The specified procedure, used on an ALLOCATE GETPROC= statement, issued a nonzero return code with explanation msg. If msg contains a C2P message number, check the IBM Security zSecure Alert: User Reference Manual. In other cases, contact IBM Software Support. Recno indicates the number or records that were successfully obtained. CKR0930 Block count unequal - information may be missing for ddname Severity: 08 Explanation: This message can occur when reading from tape. It indicates that during End Of Volume processing of one or more tapes allocated to the ddname the block count as recorded in the DCB differs from the block count in the trailer label of the tape. The information read may not be complete. CKR0931 proc: Buffer overrun - destinationlength sourcelength:data Severity: 24 Explanation: A buffer overrun occurred in the format procedure proc. This message will be followed by a user ABEND 931. Contact IBM Software Support. It is possible to suppress the user ABEND 931 by specifying SUPPRESS FMTABEND (see reference to Command Language, SUPPRESS, FMTABEND), however this can result in corrupted output or other errors. CKR0932 proc: Dictionary entry at address: hash=storedhash, should be actualhash for value Severity: 24 Explanation: The specified dictionary entry was damaged, which was noted by proc. Contact IBM Software Support. CKR0933 DICTDEL: LISTDEL for address. hash32 avll avlr bc llll returned RC=rc Severity: 24 Explanation: A delete request for the dictionary entry at the indicated address and with the displayed characteristics returned a nonzero return code rc. Contact IBM Software Support. CKR0934 Value value too large Severity: 12 Explanation: This message indicates that the input parser received a numerical value that was too large. The maximum value that can be processed by the input parser is 2147483647. CKR0935 Dictionary Statistics Severity: 00 Explanation: These messages are issued in response to DEBUG DICT and can be used to determine the performance of the dictionary reference mechanism. CKR0936 DICTDEL called with NIL reference address Severity: 24 Explanation: A dictionary reference delete request was issued that did not specify what reference to delete. Contact IBM Software Support. 254 Version 1.12: Messages Guide CKR0937 routine internal error for string length length Severity: 24 Explanation: The indicated routine failed in an attempt to add a dictionary entry with the indicated characteristics. If routine is DICTNEW, this may be a request to add an entry that already existed. Contact IBM Software Support. CKR938I Repeated ATTN, enter C(ont) T(erminate) or A(bend) - Explanation: This interactive prompt offers the option to terminate or abend the program after a repeated attention. CKR0939 Terminated due to repeated attention Severity: 16 Explanation: Message written if T was selected at the CKR0938 prompt. CKR0942 Environment mismatch for product code code Severity: 00 Explanation: This message indicates that while code for the product code identified was installed, it is not running in its proper environment. For instance, some product codes are limited to UNIX tasks under z/OS, some to non-UNIX tasks under z/OS, and some to z/VM. CKR0943 More than 10 files for TEXTPIPE, skipping file name Severity: 16 Explanation: The current implementation of ALLOC TEXTPIPE is limited to a maximum of 10 files to be put into the pipe. The indicated file will be processed 'normally', i.e. without redirection to the textpipe. CKR0944 UNIX type close RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1CLO call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. The type can be 'wronly' or 'rdonly'. CKR0945 UNIX action failed RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1OPN, BPX1FCR, BPX1FST, or BPX1FCT call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqq and reason code rrrr, both in hexadecimal format. For well-known return codes and reason codes, the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to look up other return and reason codes. The action can be 'wronly open', 'fchattr filefmt', 'fstat', 'fcntl filetag', or 'rdonly open'. CKR0946 Unix record larger than buffer size buflength- split Severity: 04 Explanation: This message warns that a record that originally was very large is now processed as two separate records. Chapter 5. CKR messages 255 CKR0947 Reading filedesc off failed RC nn [meaning] reason qqqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1RED (UNIX read) call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. CKR0948 Enablement information corrupt for product code code Severity: 16 Explanation: This message shows a problem with product installation or entitlement. User response: Contact your system programmer to verify successful installation. CKR0949 Product code code installed and non-APF registration limit exceeded Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that are installed but cannot be registered because the MVS limit for product registration by non-APF programs has been exceeded. CKR0950 Code not installed here for product code code Severity: 16 Explanation: This indicates that you are attempting to run functionality for a product that is not installed here. CKR0951 system abend code (desc) trying to load module module Severity: 08 Explanation: This message indicates a failure to load a module and the reason. Abend 806 means the module could not be found. Abend 306 may mean that a controlled environment was present and the module to be loaded was not program controlled. CKR0953 action RPL error rc=nn reason=nn for dd dsn on vol after nn records Severity: 16 Explanation: This message indicates a failure reading the indicated VSAM data set. CKR0954 action ACB error rc=nn code=nn for dd dsn on vol Severity: 16 Explanation: This message indicates a failure reading the indicated VSAM data set. CKR0955 program task heap STORAGE REQUEST ERROR: SIZE NOT POSITIVE Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKR0959 type PQUERY area DTAREA on panel panel return code rc Severity: 08 Explanation: Restart ISPF and if the problem persists, contact IBM Software Support. 256 Version 1.12: Messages Guide CKR0960 Written command Severity: 00 Explanation: This message is issued by the command-execution module. It means that the indicated command was successfully written to CKRTSPRT. CKR0960 Successful command; command2 Severity: 00 Explanation: This message is issued by the command-execution module. It means that the indicated command or commands were successfully executed. CKR0960 TSOCMD RC=code (decimal) for command; command2 Severity: 00 Explanation: This message is issued by the command-execution module. It means that the indicated command or commands were executed but returned the indicated result code. Typically, this indicates that an error occurred in the command. This RC is the same as documented as CKX return code under Chapter 7, “CKX messages,” on page 381. CKR0961 function failed - error message Severity: 00 Explanation: This message is issued by the command-execution module, and means that the ISPF function (which can be BROWSE or LMFREE) failed. The error message returned by the function is included. CKR0961 LMINIT failed - error message Severity: 12 Explanation: This message is issued by the command-execution module, and means that the ISPF LMINIT function failed. The error message returned by the function is included. CKR0962 IKJTSOEV module not found Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a TSO/E environment could not be established because the TSO/E environment module was not found. This can be caused by older TSO releases. This will cause return code 20 when encountered as part of an attempt to execute a TSO command, and otherwise 8. CKR0962 IKJTSOEV return code cc reason code rr service reason code src (decimal) Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a TSO/E environment could not be established because the TSO/E environment module failed with the indicated return and reason codes. CKR0962 SVC 202 return code cc Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a failure to execute a CMS command. CKR962A Command terminated by attention Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a command was terminated by pressing the ATTN key. Chapter 5. CKR messages 257 CKR962B Command not supported in background Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a command could not be executed through the TSO service facility. Typically, this is because the CKGRACF authorized component is not part of the AUTHCMD list in IKJTSOxx, see message CKR962F. CKR962C Command failed abend code Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a command ended abnormally with the indicated abend code. CKR962E Not running in a TSO/E environment Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because command environment was not TSO/E. CKR962F Command failed, return code code (decimal) Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a command was unsuccessful, and returned the indicated result code. If the previous message was CKG740I 20, check that CKGRACF is part of the AUTHCMD list in SYS1.PARMLIB member IKJTSOxx. This member can be updated without an IPL through the TSO PARMLIB command. CKR962G CKGRACF command produced a warning; return code 4 Severity: 08 Explanation: The CKGRACF command was executed successfully but did produce a warning message. CKR962L Command could not be found in an authorized library. Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the linklist, or was not found in an APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized. CKR962M Command may have failed, return code <n> Severity: 08 Explanation: This message indicates that a command returned a nonzero return code less than or equal to 4. This message causes a minimum return code of 4. It depends on the command whether this is a partial failure or a warning. CKR962N Command not allowed from APF mode - command Explanation: This message is issued by the command-execution module, and indicates that the indicated command is not in the TSO AUTHCMD list and also not in a builtin list of safe commands to be called from an APF authorized program. If the command was requested by yourself, try running it under IKJEFT01 or without APF authorization. If this message is in response to a builtin function, call IBM Software Support. 258 Version 1.12: Messages Guide CKR962O Command has flushed TSO stack - relogon required to close output trap file Explanation: This message is issued by the command-execution module. Generally this means that subsequent command output is not written to the SYSPRINT file. It may be lost or shown in line mode after leaving zSecure. Depending on the z/OS release, it may be sufficient to leave and reenter ISPF to restore normal behavior. In the worst case, a relogon may be required. CKR962P CLIST processing through % not supported Severity: 08 Explanation: This message is issued by the command-execution module. It indicates an attempt to run an CLIST using the % operator. Execution of CLISTs is not supported. CKR962S IKJEFTSR fails return code error reason code reason Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed. The command returned the indicated error code and reason code. CKR962T Command failed, ATTACH rc rc (decimal) Severity: 08 Explanation: This message is issued by the command-execution module, and indicates failure to attach a TSO command. CKR962U Unauthorized functions cannot be invoked from an authorized environment Severity: 08 Explanation: This message should not occur. Contact IBM Software Support. CKR962W Command not found Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the linklist, or was not found in an APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized. CKR962X Syntax error in the command name Severity: 08 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because the name was not syntactically correct. CKR962Y Authorized commands not supported in dynamic TSO environment - call from IKJEFT01 instead Severity: 08 Explanation: This is caused by a NEWLIST with the CMD option running in an unauthorized environment. When using the CMD option, an APF authorized environment is required, for instance by running under the TSO monitor program IKJEFT01, or by running under zSecure Alert. Note that the zSecure Audit main program CKRCARLA itself should not be installed as APF-authorized. As an alternative to the CMD option, you may write the output to a file and run procedure C2RCXTSO in a subsequent jobstep. Chapter 5. CKR messages 259 CKR0963 Ambiguous name "value" Severity: 12 Explanation: This message indicates an ambiguous abbreviation was entered, i.e. two or more keywords could be indicated by the abbreviated value. Specify the keyword intended in more detail. CKR964I MEMBER NAME REQUIRED FOR WRITES TO PDS(E) DATA SET dsn Explanation: This message indicates that a member name is required, but not specified, for the data set with the indicated dsn. The program will issue user abend 964. CKR965I MEMBER mem CAN ONLY BE USED WITH PDS(E); NOT FOR dsn Explanation: This message indicates that a member name (mem) was specified, but not allowed, for the data set with the indicated dsn. The program will issue user abend 965. CKR966I CANNOT USE MEMBER mem ON TERMINAL FILE ddname Explanation: This message indicates that a member name (mem) was specified, but not allowed, for the terminal output file with the indicated ddname. The program will issue user abend 966. CKR967I RECFM=F INVALID FOR LRECL=X,RECFM=VBS PREFERRED DATA SET dsname Explanation: This message indicates that a fixed record format was specified but not allowed for the output file with the indicated ddname. This is not supported for the indicated data set. The program will issue user abend 967. CKR0968 IFAEDDRG failed RC nn decimal Severity: 16 Explanation: This message indicates that an attempt to register a previously registered product failed. User response: Contact IBM Software Support. CKR0969 I/O error: description Severity: 8 Explanation: This message indicates that an I/O error occurred. zSecure will continue operation, but any abend may follow as a result of the I/O error. The description is the message returned by the operating system in response to a SYNADAF call. CKR970I program task heap FREE STORAGE ERROR: message Severity: 16 Explanation: This message indicates an internal memory management error. It is followed by a user abend 16. The message identifies the heap as well as the program and task that created the heap. Contact IBM Software Support. CKR0971 Maximum length for this field is len at file line n Severity: 12 Explanation: The input contains a multiple-line string that is too long. Multiple-line strings (print tiles or quoted strings) have a maximum size len that was exceeded. CKR0972 Enablement information missing for product Severity: 16 Explanation: This message indicates that the product cannot run because the load module is not complete. User response: Contact your system programmer to complete installation of the product. 260 Version 1.12: Messages Guide CKR0973 IBM Tivoli product code code disabled or not installed Severity: 16 Explanation: This indicates that you are attempting to run functionality for a product that is not installed here, or it is disabled for this system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check the active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKR0974 IBM Tivoli product disabled or not installed here for requested focus Severity: 16 Explanation: Either the product is not installed here, or the requested focus is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKR0975 IBM Tivoli product disabled or not installed Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKR0976 Code or enablement for product code code is missing Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKR0976 IBM Tivoli product or feature disabled or not installed here Severity: 16 Explanation: Either the product is not installed here, or it is disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name. User response: Check active IFAPRDxx members in your z/OS PARMLIB. If these are specified correctly, contact your system programmer to verify installation. CKR0977 Installed PRODUCT OWNER('IBM CORP') ID(id) NAME('name') FEATURE('feature') VER(version) REL(release) MOD(modification) Product action RC 0 decimal Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that are installed. The return code is for IFAEDREG, documented in the manual "MVS Product Registration". No return code is shown if the product is not being registered (for example, because of CKR0979). action can be "registration" or "status". CKR0978 Product code <code> has been disabled in PARMLIB Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that have been disabled for the current system name, sysplex name, LPAR name, VM user ID, or hardware name by an entry in IFAPRDxx in your z/OS PARMLIB. Chapter 5. CKR messages 261 User response: Run the product somewhere else, or ask your system programmer for enablement. CKR0979 Product code code implied by other Severity: 00 Explanation: This message is issued in response to DEBUG LICENSE for products that are not being registered because their entitlement is implied by a more encompassing entitlement. If you are using the IBM Tivoli zSecure Manager for RACF z/VM product, you should not get this message. Contact IBM Software Support. CKR0981 Invalid type "value" Severity: 12 Explanation: This message indicates that the text value is not a valid value in the context type. CKR0982 Internal error: unknown error code at ddname line number Severity: 24 Explanation: The input parser error routine encountered an invalid error code. Contact IBM Software Support. CKR0983 Expecting type1 list separator/terminator instead of type "value" at ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a list separator or terminator for the current list of the indicated type (this can for instance be a comma, blank, or end-of-line, depending on the context). Instead, it encountered the indicated token type type (and text value, if available). The input parser skips all input until it encounters a valid list separator or terminator for the current list. CKR0984 Invalid type list element type type "value" at ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a list element of the specified type, but found a token of a type not supported as a list element in this context. If available, the offending text value is also listed in the message. The input parser skips all input until it encounters a valid list separator or terminator for the current list. CKR0985 Required list element/parameter "value" missing at ddname line number Severity: 12 Explanation: This message indicates that the input parser detected a missing required parameter or element in the list at the indicated line. CKR0986 Duplicate parameter value at ddname line number Severity: 12 Explanation: This message indicates that the input parser detected a duplicate occurrence of the parameter or list element value at the indicated line. CKR0987 Syntax error: type1 expected instead of type2 at "value" on ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a specific token type type1 in the current context. Instead of this, it found the token type type2 (at the text value, if available) on the indicated input line. 262 Version 1.12: Messages Guide CKR0988 Syntax error: "c" expected instead of type at "value" on ddname line number Severity: 12 Explanation: This message indicates that the input parser expected a specific character "c" (presumably a delimiter) in the current context. Instead of this, it found the token type type (at the text value, if available) on the indicated input line. CKR0989 Unexpected type ["value"] [for element] at ddname line number CKR0989 Skipping to EOL at unexpected type ["value"] at ddname line number Severity: 12 Explanation: This message indicates that the input parser expected one of a number of specific token types, but found a different token type instead. If available, the offending text value and the element for which it is read are also listed in the message. The parser will either continue with the next token, or skip directly to the end of the line. CKR0990 Expecting = or ( instead of type at "value" on ddname line number Severity: 12 Explanation: This message indicates that the input parser expected an "=" or "(" but found a different token type instead. If available, the offending text value is also included in this message. CKR0992 ABNEXIT/STXIT/ESTAE return code rc Severity: 04 Explanation: This message indicates that the program failed to establish an abend exit linkage. CKR993I DIAGNOSTIC DUMP SUPPRESSED FOR program TASK taskname type ABEND xxx Explanation: This message indicates that the program abend exit did not attempt to make a diagnostic summary dump. This is done to prevent recursive abend conditions involving the print file. The task name is PROGRAM for the main task or for the only task in a program. For a multi-tasking program, program might identify one of the subtasks. CKR0994 Last record truncated by end-of-file ddname Severity: 16 Explanation: This message indicates that end-of-file was reached for a RECFM=VBS input file in the middle of a multi-segment record. CKR995I LRECL INVALID; NOT OVERRULED BECAUSE PARTITIONED DATA SET Explanation: This message indicates that the print file open routine detected an invalid record length for the output file. This would have been overruled with a correct length for a Physical Sequential data set, but this is not done for Partitioned Data Sets to prevent making any existing PDS members inaccessible. Subsequent 013 or 002 abends may be caused by the invalid record length. CKR996I MFREE: NO LENGTH FOUND IN BLOCK FOR STACK name Severity: 04 Explanation: This message indicates an internal stack error. It will be followed by a user ABEND 16. Contact IBM Software Support. Chapter 5. CKR messages 263 CKR997I STACK ERROR - ELEMENT POPPED IS NOT ON TOP OF STACK name Severity: 16 Explanation: This message indicates an internal stack error. It will be followed by a user ABEND 16. Contact IBM Software Support. CKR998I STACK OVERFLOW FOR STACK tasklevel stackname IN program Severity: 16 Explanation: This message indicates an internal stack error. It is followed by a user abend 16. Contact IBM Software Support. CKR999I STORAGE SHORTAGE FOR TASK taskname HEAP heapname IN program - INCREASE REGION Severity: 16 Explanation: This message indicates that the program needs more storage. It will be followed by a user abend 16. If the heap name is LOWHEAP or SYSSTACK, then the request is for storage below the 16MB line. If the name is MAINHEAP, then the request is for storage anywhere. If the name is SMFCACHE, then the zSecure Audit job tag system used too much memory; see the SMFCACHE command. For MAINHEAP and SMFCACHE it could be beneficial to use the ALLOC STORAGEGC command, though this will increase CPU usage. Messages from 1000 to 1099 CKR1000 ALLOC PRIMARY/BACKUP and ACTIVE/INACTIVE are mutually exclusive pairs - before token at ddname line number Severity: 12 Explanation: This message indicates an invalid ALLOC command. The option PRIMARY is mutually exclusive with BACKUP on one command. The option ACTIVE is mutually exclusive with INACTIVE on one command. CKR1001 MASKTYPE=ACF2 invalid with TYPE=RACF - token at ddname line number Severity: 12 Explanation: This message indicates that an explicit masktype specification on a newlist was issued. However, ACF2 masks cannot be used for NEWLIST TYPE=RACF. CKR1002 Processing started for [ complex ] [program pathing] databasetype ddname volume dsn Severity: 00 Explanation: The data set open was successful for the file indicated of the database type indicated, and input of the database was started. CKR1003 Syntax error in NLS table var at "where" in ":" statement Severity: 12 Explanation: A PANEL statement contains invalid syntax. The statement may occupy up to five lines. CKR1004 CKRACTS: VDEFINE return code n for var len len Severity: 12 Explanation: The ISPF VDEFINE service for a PANEL statement failed with the specified return code. 264 Version 1.12: Messages Guide CKR1005 Field field not available on current display level for panel Severity: 12 Explanation: This message indicates that a PANEL statement for a line command defined in the NLS table requested a field, but the field was not present on the display statement in the newlist. CKR1006 ACFCDSP abend (explanation) Severity: 16 Explanation: This indicates an abend was intercepted while trying to format an ACF2 database record for display by the L line command. CKR1007 USER "id" doubly defined Severity: 20 Explanation: This message indicates that 2 logon ID records were found for one logon ID. This indicates a problem with the database allocation. Check the ALLOC TYPE=ACF2LID statements and verify that the proper data sets are allocated to the ddnames. CKR1008 RULE "key" doubly defined Severity: 20 Explanation: This message indicates that 2 rule records were found for one data set access rule. This indicates a problem with the database allocation. Check the ALLOC TYPE=ACF2RULE statements and verify that the proper data sets are allocated to the ddnames. CKR1009 Reading the live ACF2 database not supported in this release, using backup database instead Severity: 00 Explanation: This message indicates that a command ALLOC TYPE=ACF2LID PRIMARY or ALLOC TYPE=ACF2RULE PRIMARY will fail in this release. The backup database will be used instead. CKR1010 Catalog processing failed for system sys cluster cluster Severity: 24 Explanation: This message indicates that catalog processing was attempted but no default catalog existed for the system. This may be a follow-on error for CKR0213 (missing master catalog). It can occur when mixing VM CKFREEZE files with MVS CKFREEZE files, and having the DASD sharing set incorrectly (for example, a catalog volume defaulted to shared because UCB has been generated shared). Run NEWLIST TYPE=DASDVOL to see what volume sharing is assumed. CKR1011 No catalog on system for component in cluster Severity: 24 Explanation: Catalog information was missing. Contact IBM Software Support. CKR1012 Not enough storage for summary - Increase region Severity: 16 Explanation: While preparing the summary a storage shortage condition was encountered. Either increase the region or simplify the query or summary. Chapter 5. CKR messages 265 CKR1013 Duplicate SIM SMF request for system sys record n Severity: 12 Explanation: This message indicates that two SIMULATE commands were given for the same SMF system ID and record number. CKR1014 SIMULATE SMF requires a CKFREEZE file for system smfid Severity: 00 Explanation: This message indicates that a SIMULATE SMF command with a SYSTEM=smfid was specified, but no CKFREEZE for that SMFid was found. The SIMULATE command is ignored. Either allocate a CKFREEZE for the system, or change the SIMULATE command to be valid for all systems by removing the SYSTEM=smfid parameter. CKR1015 Zero TAG in C2ARULE Severity: 24 Explanation: Contact IBM Software Support. CKR1016 Requested rule entry number is not positive Severity: 24 Explanation: Contact IBM Software Support. CKR1017 C2ARULE: Unsupported record type type Severity: 24 Explanation: Contact IBM Software Support. CKR1018 C2ARULE: Unsupported record version number in record record Severity: 20 Explanation: An access rule record of unknown layout was found. This error message is followed by a hexadecimal dump of the offending record. Contact IBM Software Support. CKR1019 C2ARULE: requested rule entry # number but this rule has only number entries Severity: 24 Explanation: Contact IBM Software Support. CKR1020 ACCVT not found for complex complex - default GSO settings assumed Severity: 04 Explanation: During processing of a field it was discovered that the ACCVT for the specified complex was missing, while the ACCVT contains information that is needed to successfully complete the processing for this field. This can occur if you are using an UNLOAD for input without an associated CKFREEZE file. In this case, zSecure Audit for ACF2 assumes the default settings are in effect. CKR1021 Invalid UID string descriptor - ANY_UID_STRING treated as UID Severity: 04 Explanation: You are using a CKFREEZE created by an old version of zSecure Collect. The information describing the layout of your UID string is incomplete, making it impossible to determine whether you are using multi-valued UID strings, and if so, which part of the UID string contains the multi-valued field. The program will assume you do not use multi-valued UID strings and continue processing. 266 Version 1.12: Messages Guide CKR1022 FDE not found for fieldname - ANY_UID_STRING treated as UID Severity: 04 Explanation: During processing of the ANY_UID_STRING pseudo field, it was discovered that the Field Definition Entry for one of the fields that make up the UID string could not be found. As a consequence, it cannot be determined whether the ACF2 6.2 Multi-Valued UID-string feature is in use. Hence, the program stops trying to find this out and treats ANY_UID_STRING as a standard single-valued UID. CKR1023 Zero tag in C2AFLD Severity: 24 Explanation: Contact IBM Software Support. CKR1024 TAG tag out of FDE bounds (0,number) Severity: 24 Explanation: Contact IBM Software Support. CKR1025 Invalid record type xx in C2AFLD Severity: 24 Explanation: Contact IBM Software Support. CKR1026 A LIKELIST cannot refer to a select with a BESTMATCH parameter - before token at ddname line number Severity: 12 Explanation: This message indicates that the newlist referred to in the LIKELIST parameter uses the BESTMATCH parameter in its selection which is not allowed. CKR1027 The BESTMATCH parameter cannot be used in combination with EXCLUDE at ddname line number Severity: 12 Explanation: The BESTMATCH parameter can not be used for exclude processing. CKR1028 Only one SELECT allowed in combination with a BESTMATCH parameter Severity: 12 Explanation: It is not allowed to use the BESTMATCH parameter in combination with multiple (implicitly ORed) select statements. CKR1029 LID database cannot be processed without FDE information from CKFREEZE or current ACF2 system Severity: 12 Explanation: zSecure Audit for ACF2 needs the information from the Field Definition Entries to process the logonid database, but could not find the FDEs. This can be caused by processing a copy of an ACF2 logonid database (rather than an unload) on a system where ACF2 is not active, without allocating a CKFREEZE file containing the necessary information. CKR1030 Impossible TLHD type number in C2ALFD2 Severity: 24 Explanation: Contact IBM Software Support. Chapter 5. CKR messages 267 CKR1031 Field "fieldname" has no valid definition for complex complex at ddname line number Severity: 12 Explanation: This message indicates that the Field Definition Entry for the field indicated in the message could not be found. CKR1032 SELECT and EXCLUDE statements are invalid before a NEWLIST statement Severity: 12 Explanation: For zSecure Audit for ACF2, SELECT and EXCLUDE commands are only valid within the context of a NEWLIST. CKR1033 Array index error in C2ALFDE for tag number; LFDE dimensions are 0,number Severity: 24 Explanation: Contact IBM Software Support. CKR1034 The BESTMATCH parameter cannot be used together with an OR function Severity: 12 Explanation: It is not allowed to use the BESTMATCH parameter in combination with an (explicit) OR statement. CKR1035 recordtype record missing - ddname volume dsn Severity: 16 Explanation: This message indicates that during processing of an unload, it was discovered that a vitally important record is missing. Probably the unload failed. CKR1036 Field "fldname" is only supported for SUBSELECT clauses Severity: 12 Explanation: The field you specified on a DEFINE, SELECT, LIST, SORTLIST, DISPLAY or (D)SUMMARY command was not found in the templates for any type of entity, and is as a built-in field only supported for SUBSELECT clauses. If you are running zSecure for RACF, you can verify the spelling and use of the requested fields with the help of the TEMPLATE command described in the RACF profiles documentation in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. CKR1037 Explicit allocation mode: CKRCMD referred, but none allocated Severity: 12 Explanation: Since one or more ALLOC statements were found, explicit allocation mode was in effect, which implies that no files were implicitly allocated that could be allocated explicitly (which includes CKRCMD), no CKRCMD files were explicitly allocated, and yet CKRCMD was referred as the target of a NEWLIST (F=CKRCMD). Add ALLOC statements for one or more CKRCMD files (one for each complex to be processed). CKR1038 Zero SLGN tag in contents node value Severity: 24 Explanation: Contact IBM Software Support. CKR1039 Date conversion error for field at ddname line number Date conversion error for value Severity: 12 Explanation: This message indicates that the date value encountered before the place indicated in the input is incorrect. This can be due to invalid month names, year formats, day numbers, invalid separators, etc. 268 Version 1.12: Messages Guide CKR1040 Unsupported input type for field at ddname line number Severity: 12 Explanation: This message indicates that the field encountered before the place indicated in the input is of a type that is cannot be used for SELECT/EXCLUDE processing. CKR1041 Invalid value for flag field field at ddname line number Severity: 12 Explanation: This message indicates that the site-defined flag field encountered before the place indicated in the input is not specified correctly. Site-defined flag fields can be used for SELECT/EXCLUDE processing only by specifying field=ON, field=YES, field=OFF or field=NO. CKR1042 Invalid decimal input value at ddname line number Severity: 12 Explanation: This message indicates that the value encountered before the place indicated in the input is not a valid decimal number. This can be due to excessively long input. CKR1043 Length value not supported for hexadecimal fields at ddname line number Severity: 12 Explanation: This message indicates that the value encountered before the place indicated in the input is of an unsupported length. Hexadecimal fields of up to and including four bytes in length are supported for SELECT/EXCLUDE processing, but longer fields are not. CKR1044 Invalid hexadecimal input value at ddname line number Severity: 12 Explanation: This message indicates that the value encountered before the place indicated in the input is not a valid hexadecimal number. CKR1045 Impossible input type value at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1046 No data in complex-dependent node Severity: 24 Explanation: Contact IBM Software Support. CKR1047 Complex dependency not supported for newlist type value Severity: 24 Explanation: Contact IBM Software Support. CKR1048 Complex dependency not supported for format type value Severity: 24 Explanation: Contact IBM Software Support. Chapter 5. CKR messages 269 CKR1049 Unknown pseudo field; TAG=value Severity: 12 Explanation: Contact IBM Software Support. CKR1050 CKRPUTV: too many output elements on line Severity: 16 Explanation: A single output record appeared to contain millions of output elements. No new output is written to this record and to some extent this condition is handled like an out of storage condition, but processing may continue. Contact IBM Software Support. CKR1051 CKRPUTV: too many elements in repeat group fieldaddr fieldname defined at ddname line number Severity: 16 Explanation: A single instance of the indicated repeat group appeared to contain millions of entries. No new output is written to this repeat group and to some extent this condition is handled like an out of storage condition, but processing may continue. Contact IBM Software Support. CKR1052 Substring/Word/Lookup/Parse/Convert cannot be combined with repeat group restriction processing for fieldname - ddname line number Severity: 12 Explanation: This message may appear when scope processing is to be done for a column for which lookup or substring processing has also been requested. This combination is currently not supported. Note that this message may appear in restricted mode for queries that run fine in unrestricted mode. CKR1053 Format format can only be used with the acl-type field - name at ddname line number Severity: 12 Explanation: The indicated format only works with the ACL field or with the ACF2_ACL field, or with a defined variable based on it. CKR1054 Default owner owner is undefined on complex complex Severity: 12 Explanation: This message is issued when the owner specified on the DEFAULT OWNER= command is not defined in the complex mentioned, and a RACF command containing this would have been generated. It is only shown once per complex. CKR1055 event notify identity facility class profile profile Severity: 04 Explanation: This message is issued with event equal to Undefined due to a VERIFY PERMIT command, and with event equal to Remove due to a REMOVE USER command. It means that the identity to be removed was present in the NOTIFY field of the mentioned OnePass mapping profile. To solve the error condition, an RDEL command will be generated to remove the profile. CKR1056 Modifier FIRSTONLY is mutually exclusive with MORE - field name at ddname line number Severity: 12 Explanation: Since the FIRSTONLY modifier implies that a repeat group is reduced to a single entry, a combination with the repeat group modifier MORE makes no sense. 270 Version 1.12: Messages Guide CKR1057 Modifier FIRSTONLY cannot be combined with SORT on a summary for field name at ddname line number Severity: 12 Explanation: Summary processing requires an early reduction of the repeat group to a single entry. This means that an early sort must be done. This is not supported in combination with certain field manipulations, such as lookups and restrict processing, under certain conditions. It is possible for a field to have an internal SORT modifier that has not actually been specified or implied in explicit CARLa. If you are using zSecure for RACF, see the NODUP system-wide option documentation in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual for more information. CKR1058 CKRPRTFL: No storage left for WRAP buffer for fieldaddr fieldname - WRAP turned off defined at ddname line number Severity: 08 Explanation: A WRAP or WORDWRAP modifier was specified for the indicated field but this request could not be honored due to storage shortage - the generated report may not be in the desired format. CKR1059 Repeat group restriction for fieldname1 is not supported - field fieldname2 at ddname line number Severity: 04 Explanation: This message may occur in restricted mode for partially restricted fields. It indicates that the current version does not support partial restriction of fieldname1. As a result fieldname2 will result in an empty column. (Fieldname2 is the requested field, fieldname1 the actual database field; they may differ if fieldname2 is a defined variable.) CKR1060 VERIFY STC and COPY/MOVE/REMOVE are mutually exclusive Severity: 12 Explanation: VERIFY STC and COPY/MOVE/REMOVE commands cannot both be specified. CKR1061 option only valid behind COPY GROUP TOGROUP Severity: 12 Explanation: The option specified is only valid behind the COPY GROUP= TOGROUP= command. Possibly you only need to change the order of the parameters. CKR1062 Delete group groupid suppressed, still HLQ for dataset profiles Severity: 04 Explanation: This message indicates that the groupid indicated would have been deleted as the result of the commands given. However, there are still data set profiles with this ID as HLQ in the RACF database (probably due to the SUPPRESS DELDSD command). Since the DELGROUP would fail in this instance, it is suppressed. CKR1063 NEWDATA only valid behind COPY TOUSER/TOGROUP Severity: 12 Explanation: This message indicates that the NEWDATA keyword was encountered in an unexpected position. It is only valid behind a COPY USER TOUSER or COPY GROUP TOGROUP construction. Possibly you only have to change the order in which the command keywords are given. CKR1064 CKRCFV: Duplicate UNIX device dev in system system complex complex Severity: 20 Explanation: A CKFREEZE record containing a mount point was encountered associating it to a device number that Chapter 5. CKR messages 271 was already used for another file system on this system. The mount record is ignored, no new file system dump is started. CKR1065 masktype in mixed quotes before type "value" at DDname line number Severity: 12 Explanation: A mask appears to be specified with mismatching start and end quotes, for example, starting with a single quote (') and ending with a double quote ("). The masktype can be Extended attribute mask or Access intent mask. CKR1066 masktype cannot exceed line boundary - type "value" at DDname line number Severity: 12 Explanation: The indicated type of mask appears to cross a line boundary. The masktype can be Extended attribute mask or Access intent mask. CKR1067 masktype: double +/-; found type "value" at DDname line number Severity: 12 Explanation: The mask type being parsed uses '+' and '-' to specify a list of attributes that should be 'on' or 'off,', respectively; two such indicators were found with no attributes specified in between. The masktype can be Extended attribute mask or Access intent mask. To specify a fixed size list of attribute settings rather than a mask, do not use quotes. Instead use, for example, just --s-. CKR1068 masktype: =, + or - expected; found type "value" at DDname line number Severity: 12 Explanation: The mask type being parsed uses '+' and '-' to specify a list of attributes that should be 'on' or 'off', respectively, or '=' to specify an exact list of attributes; no such indicator was found. The masktype can be Extended attribute mask or Access intent mask. To specify a fixed size list of attribute settings rather than a mask, do not use quotes. Instead use, for example, just ap--. CKR1069 Unexpected character in masktype; found type "value" at DDname line number Severity: 12 Explanation: The character indicated is not recognized for the mask type being parsed. The masktype can be Extended attribute mask or Access intent mask. Valid attribute characters for the former are a, p, s and l; for the latter d, r, w and x. Furthermore, '+', '-' and '=' are valid indicators for 'on' and 'off', and the mask should be enclosed in quotes. Blanks are ignored. CKR1070 Internally inconsistent masktype before type "value" at DDname line number Severity: 12 Explanation: The mask just parsed is syntactically correct but semantically inconsistent, i.e., at least one attribute was requested to be on as well as off. The masktype can be Extended attribute mask or Access intent mask. CKR1071 masktype ends with + or - before type "value" at DDname line number Severity: 12 Explanation: The mask type being parsed uses '+' and '-' to specify a list of attributes that should be 'on' or 'off', respectively; the last such indicator had not been followed by any attributes when the closing quote was encountered. The masktype can be Extended attribute mask or Access intent mask. 272 Version 1.12: Messages Guide CKR1072 OMVS HOME contains invalid value for user userid in complex complex : home Severity: 04 Explanation: The HOME field value in the OMVS segment of the indicated user ID does not allow the user to logon to z/OS Unix System Services, and this was apparent from its syntax: home does not start with a '/', and is not "." or "./". CKR1073 CKAOUNIX.CKASDIR: No memory to build SDIRs Severity: 08 Explanation: There appears to be a memory shortage--try increasing the REGION size or limiting the query. As a result, UNIX processing cannot build a proper subdirectory search structure. In TYPE=UNIX newlists the HOME_OF field will show up empty, AUDITCONCERN may be incomplete, AUDITPRIORITY may be too low, and DEPTH and ATTR may be in error. The output from TYPE=TRUSTED newlists may be incomplete as well. CKR1074 CKAOUNIX.CKATHOM: No memory to build associations, home directories are not determined Severity: 08 Explanation: There appears to be a memory shortage--try increasing the REGION size or limiting the query. As a result, UNIX processing cannot determine the home directories of the users. In TYPE=UNIX newlists the HOME_OF field will show up empty, AUDITCONCERN may be incomplete, AUDITPRIORITY may be too low, and DEPTH and ATTR may be in error. The output from TYPE=TRUSTED newlists may be incomplete as well. CKR1075 CKAOUNIX.CKAQMNT: No memory to build QMNTs Severity: 08 Explanation: There appears to be a memory shortage--try increasing the REGION size or limiting the query. As a result, UNIX processing cannot build a proper mount point qualifier search structure. In TYPE=UNIX newlists the HOME_OF field will show up empty, AUDITCONCERN may be incomplete, and AUDITPRIORITY may be too low. The output from TYPE=TRUSTED newlists may be incomplete as well. CKR1076 CKAOUNIX.CKAQMNT: Out of memory error in ADDINOD, home directories are not determined Severity: 08 Explanation: There appears to be a memory shortage--try increasing the REGION size or limiting the query. As a result, UNIX processing cannot determine the home directories of the users. In TYPE=UNIX newlists the HOME_OF field will show up empty, AUDITCONCERN may be incomplete, and AUDITPRIORITY may be too low. The output from TYPE=TRUSTED newlists may be incomplete as well. CKR1077 Command type file ddname does not support file options fileoption ... Severity: 12 Explanation: The indicated command output DD-name, which can be CKR2PASS (for CARLa commands for a second pass) or CKRCMD (for TSO command output) does not support the indicated file option(s), which can include UTF-8 (Unicode), COMPRESS=GZIP, and MAXPAGE (limitation in pages). CKR1078 FOCUS must precede parameters requiring entitlement checks Severity: 12 Explanation: This message indicates the LIMIT FOCUS command was issued after the focus had been decided. The focus is decided at the first parameter that needs to know which focus the program is running with. An example of such a parameter is NEWLIST TYPE=type for a newlist type that is only entitled for some product codes. User response: Move the command more to the beginning of the input. Chapter 5. CKR messages 273 CKR1079 CKAOUNIX.CKAINOX: No memory to build INOXes, UNIX file name lookups are not performed. Severity: 08 Explanation: There appears to be a memory shortage--try increasing the REGION size or limiting the query. As a result, UNIX processing cannot build a proper inode search structure. In TYPE=SMF newlists the RECORDDESC may be incomplete and UNIX_PATHNAME will be empty. CKR1080 Format formatname cannot be used with the fieldname1 field - fieldname2 at ddname line number Severity: 12 Explanation: The internal representation of field1 only allows use of special formats on this field. (Fieldname2 is the requested field, fieldname1 the actual base field used; they may differ if fieldname2 is a defined variable.) CKR1081 SCOPE= mutually exclusive with notPROFLIST chaining - newlist name at DDname line number Severity: 12 Explanation: A SCOPE=id parameter was specified on newlist name that also specified a PROFLIST= or NOTPROFLIST= parameter and was itself the target of a PROFLIST=name or NOTPROFLIST=name specification. This combination is not supported. CKR1082 DEFTYPE missing TYPE= parameter before token at ddname line number Severity: 12 Explanation: A DEFTYPE statement must contain a TYPE= specification. CKR1083 DEFTYPE ABBREV2=abbrev2 is reserved reserve reason at ddname line number Severity: 12 Explanation: The abbrev2 specified at the given location conflicts with another abbreviation. This can be the abbreviation of a predefined newlist, a value used for internal processing, or the ABBREV2 specified on another DEFTYPE. The first two conflict types can be avoided by always choosing a national character ($, #, or @) as part of the ABBREV2. If the latter occurs, you need to check and fix your DEFTYPE specifications for this query. CKR1084 No more than 128 DEFTYPE statements allowed before token at ddname line number Severity: 12 Explanation: This message indicates that you have exceeded the internal limit on the number of user-defined newlist types. Reduce the number of DEFTYPE statements. If the current limit (128 such newlists) is a problem for your installation, contact IBM Software Support. CKR1085 Duplicate DEFTYPE for type name at ddname1 line number1 and at ddname2 line number2 Severity: 12 Explanation: A user-defined newlist type can have only one definition per run. CKR1086 Undefined type name at ddname line number Severity: 12 Explanation: The newlist type name is unknown. Perhaps a DEFTYPE statement is missing. CKR1087 Undefined ALLOC TYPE=name at ddname line number Severity: 12 Explanation: The allocation type name is unknown. Perhaps a DEFTYPE statement is missing. 274 Version 1.12: Messages Guide CKR1088 Started processing type=name pads file ddname volser dsn Severity: 00 Explanation: This message indicates that processing for the indicated newlist type started reading the indicated data set. If the message contains the text PADS for pads, then this indicates that access to the data set was allowed by virtue of conditional access by this program. CKR1089 number type records read number2 type records selected (p%) Severity: 00 Explanation: This message is written at the end of the input phase for type name. It indicates the number of records read and selected for the type. CKR1090 CKRPUTV.CKRPTCLS: Not enough memory to allocate RPTY for fieldaddr fieldname; TLST recordaddr Severity: 08 Explanation: A very large repeat group field could not be stored; this field will be empty in the indicated record. CKR1091 Overriding length zero on field field only valid on last field in display line at ddname line number Severity: 12 Explanation: In a display, the overriding length zero can only be used on the last field on a line. This field will then use the remaining space on the line on the screen. CKR1092 CKR.READALL in class class not defined. Using defaults. Severity: 00 Explanation: Normally a profile covering the CKR.READALL resource is used to decide whether the user is allowed to read the complete database or only has access to data that is in his/her scope. No such profile is defined, or the class is incorrectly specified. The restricted/unrestricted decision will now be based on the data in the CKRSITE area or on the type of access the user has on the database (PADS/non-PADS). For additional information, see the IBM Security zSecure CARLa-Driven Components: Installation and Deployment Guide. CKR1093 databasetype RACF DB cannot be allocated. Not present on system. Severity: 12 Explanation: The database indicated is not present on the active system and thus could not be used. Check your system configuration and specify an existing database. CKR1094 CKROUNIT: modifier can only be specified on first field on a line. field at DDname line number Severity: 12 Explanation: The CONDPAGE and NOTEMPTY modifiers influence a complete output line. As such they are only accepted on the first field of that line. CKR1095 CKATUID: Storage shortage, field fieldname is not filled in. Severity: 08 Explanation: There appears to be a memory shortage--try increasing the REGION size or limiting the query. As a result, UNIX processing cannot build a proper RACF ID search structure. In TYPE=UNIX newlists the indicated field will be empty and UNIX_ACL will be incomplete. In TYPE=SMF newlists the RECORDDESC may be incomplete. The output from TYPE=TRUSTED newlists may be incomplete as well. The fieldname may be OWNER or GROUP, meaning that UIDs cannot be translated to RACF user IDs, or GIDs cannot be translated to RACF groups, respectively. Chapter 5. CKR messages 275 CKR1096 errordesc in mask-type audit flags string string Severity: 12 Explanation: A syntax error was detected in a mask-type specification string for a UNIX audit flags field. For details on the correct syntax, see the Unix field section of the user reference manual for your zSecuree product. The errordesc can be Duplicate operator specification if a second '+', '-' or '=' is encountered with no attributes in between, for example, r=s,=f. It can be Duplicate setting for read, Duplicate setting for write or Duplicate setting for exec if the string uses an = specification for read, write, or exec as well as a + or - specification for the same access type, or multiple =, multiple +, or multiple - specifications; it can be Duplicate setting for a duplicate specification for all access types. It can be No operator specified when an audit setting indicator is found that was not preceded by +, -. or =. It can be Select on true AND false invalid if the specification was syntactically correct but semantically inconsistent, i.e., at least one flag was requested to be on as well as off. CKR1097 errordesc in mask-type file mode string string Severity: 12 Explanation: A syntax error was detected in a mask-type specification string for a UNIX file mode field. The errordesc can be Typed and generic specification if both 'u','g' and/or 'o' specific and nonspecific clauses occur in a single mask. It can be Duplicate operator specification if a second '+', '-' or '=' is encountered with no attributes in between, for example, g=r,=w. It can be No target for operator specified if a '+', '-' or '=' is encountered that is not preceded by (at least one of) 'u', 'g', 'o', or 'a' to indicate the owner, group, or other access group, or all access groups. It can be Duplicate use of group u, Duplicate use of group g, or Duplicate use of group o if the string uses an = specification for owner, group, or other as well as a + or - specification for the same access group, or multiple = specifications; it can be Duplicate use of operand for group group for multiple + or - specifications. It can be No operator specified when a access type is found that was not preceded by +, -. or =. It can be s is not valid for group o if s (setuid/setgid) is specified or implied for group other. It can be t is not valid for group u or t is not valid for group g if the sticky bit is specified or implied for the owner or group access group, respectively. It can be Select on true AND false invalid if the specification was syntactically correct but semantically inconsistent, i.e., at least one flag was requested to be on as well as off. For additional information about the correct syntax, see the Unix field section of the user reference manual for your zSecure product. CKR1098 Illegal expected in specificationtype-type objecttype string string Severity: 12 Explanation: A syntax error was detected in the indicated kind of specification. Expected can be character or value; specificationtype can be mask, octal, or text; objecttype can be file mode, generic file mode or audit flags. The objecttype generic file mode refers to the "nonspecific" specification type for an access type. For details on the correct syntax, see the Unix field section of the user reference manual for your zSecure product. CKR1099 Specificationtype-type objecttype string should have length required before type "value" at DDname line number Severity: 12 Explanation: The indicated kind of specification has a fixed length different from the length encountered. Specificationtype can be Octal or Text; objecttype can be file mode or audit flags. . For additional information about the correct syntax, see the Unix field section of the user reference manual for your zSecure product. Messages from 1100 to 1199 276 Version 1.12: Messages Guide CKR1100 OBTAIN RC=nn on ddname volser dsname Severity: 16 Explanation: This message indicates that a DSCB could not be obtained for dsname from the VTOC on disk volume serial volser. Restore the data set if necessary, or correct the data set name. If all is correct, try specifying the command BDAMQSAM in your preamble to work around this problem. CKR1101 Unexpected IOS rc hhx, CSW stat stat sns sense cmd op for ddname volser dsname Severity: 20 Explanation: This message indicates that EXCP failed with the indicated return code, status, and sense information. Contact IBM Software Support if the data set is not defective. Try specifying the command BDAMQSAM in your preamble to work around this problem. CKR1102 Unexpected end-of-file at CCHHR cc hh r rel blk nnn for ddname volser dsname Severity: 20 Explanation: This message indicates that an end-of-file marker was found on the track before the last block indicated by the BAM (Block Availability Map) was reached. This can also be a follow-on error to an I/O failure indicated by an earlier message. Contact IBM Software Support if the data set is not defective. Try specifying the command BDAMQSAM in your preamble to work around this problem. CKR1103 Unexpected block length bb at CCHHR cchhr rel blk nnn for ddname volser dsname Severity: 20 Explanation: This message indicates that a block length that differs from the block size indicated in the VTOC was encountered for the indicated relative block number. Contact IBM Software Support if the data set is not defective. Try specifying the command BDAMQSAM in your preamble to work around this problem. CKR1104 Empty block in use according to BAM - ddname block blkno segment offset offset Severity: 08 Explanation: The block mentioned did not contain data, while the BAM indicated that it should. If the problem does not go away if the query is done again, run IRRUT200. If no problems are found by IRRUT200, contact IBM Software Support. CKR1105 Unexpected len in RXNE index rel blk block. Severity: 16 Explanation: This message indicates that the length found while processing a non-RDS index was too small. If the problem does not go away if the query is done again, contact IBM Software Support. The problem can probably be circumvented by specifying SUPPRESS INDEX. CKR1106 Expected data block not found ddname block block Severity: 20 Explanation: This message indicates that a block in the indicated RACF data set was actually an index block, while the index said it was a data block. If the problem does not go away if the query is done again, run IRRUT200. If no problems are found by IRRUT200, contact IBM Software Support. The problem can probably be circumvented by specifying SUPPRESS INDEX. CKR1107 Index conflict on rel blk block on ddname for key Severity: 16 Explanation: This message indicates that a block in a RACF data set was referred to as both an index and a data block by the index. If the problem does not go away if the query is done again, run IRRUT200. If no problems are Chapter 5. CKR messages 277 found by IRRUT200, contact IBM Software Support. The problem can probably be circumvented by specifying SUPPRESS INDEX. CKR1108 Index conflict on rel blk block on ddname for key Severity: 16 Explanation: This message indicates that a block in a RACF data set was referred to as both an index and a data block by the index. If the problem does not go away if the query is done again, run IRRUT200. If no problems are found by IRRUT200, contact IBM Software Support. The problem can probably be circumvented by specifying SUPPRESS INDEX. CKR1109 Entity type group assumed - segment segment of key Severity: 00 Explanation: This message indicates that a non-base segment was encountered for which the entity type user or group could not be determined. The message is only issued if DEBUG SEGMENT has been specified. CKR1110 Index points to free space ddname block block segment offset segment Severity: 08 Explanation: This message indicates that the index of the indicated RACF data set points to a data block that is not in use according to the Block Availability Map. If the problem does not go away if the query is done again, run IRRUT200. If no problems are found by IRRUT200, contact IBM Software Support. The problem can probably be circumvented by specifying SUPPRESS INDEX. CKR1111 Unexpected access level hex xx Severity: 16 Explanation: During merge processing an invalid access level was encountered. This is probably caused by the corruption of a record in the database. CKR1112 Unexpected CONNECT authority hex xx for userid/groupid Severity: 16 Explanation: During merge processing an invalid CONNECT authority was encountered. This is probably caused by the corruption of a record in the database. CKR1113 Data set name has but a single qualifier - skipped Severity: 20 Explanation: During matching of access rules and data sets, a data set was encountered of which the name consists of but a single qualifier. This is not supported. Processing is skipped for this data set only. CKR1114 Data set name has a HLQ of more than 8 characters long - skipped Severity: 20 Explanation: During matching of access rules and data sets, a data set was encountered of which the name has a high level qualifier more than eight characters long. Since this data set cannot be protected by ACF2 rules, further processing is skipped for this data set. CKR1115 logonid has $PREFIX but no $AUTI - skipped Severity: 24 Explanation: Contact IBM Software Support. 278 Version 1.12: Messages Guide CKR1116 logonid AUTI has disappeared - skipped Severity: 24 Explanation: Contact IBM Software Support. CKR1117 CKRACTS: VDEFINE return code n for var len len Severity: 12 Explanation: The ISPF VDEFINE service for a PANEL statement failed with the specified return code. CKR1118 Missing UADS information for complex complex - APF CKFREEZE needed Severity: 04 Explanation: While checking whether a logonid is able to logon to TSO, it was found that UADS information is needed to answer this question. However, the relevant information was not available (a CKFREEZE file made by an APF authorized zSecure Collect run is needed). The program will assume that the logonid cannot logon to TSO. CKR1119 Invalid field length length found; field offset is offset Severity: 20 Explanation: An invalid length was returned for the field at the specified offset in a logonid record. Contact IBM Software Support. CKR1120 Number of entries invalid length Severity: 24 Explanation: Contact IBM Software Support. CKR1121 DSN mask not found Severity: 24 Explanation: Contact IBM Software Support. CKR1122 Record length invalid length Severity: 24 Explanation: Contact IBM Software Support. CKR1123 CDSR not found Severity: 24 Explanation: Contact IBM Software Support. CKR1124 data set has more than 255 entries applying to it in rule rule - not supported Severity: 24 Explanation: During matching of access rules and data sets, a data set has been found that has more than 255 rule entries in a single rule set applying to it. This condition is not supported. The program will use only the first 255 rule entries from the rule set that apply to this data set; others will be ignored. Chapter 5. CKR messages 279 CKR1125 Invalid offset offset for field tag in record key Severity: 24 Explanation: Contact IBM Software Support. CKR1126 key is not marked as an InfoStorage record Severity: 24 Explanation: Contact IBM Software Support. CKR1127 key is of an unsupported type Severity: 24 Explanation: Contact IBM Software Support. CKR1128 key has an unknown layout - version number number Severity: 20 Explanation: The specified resource rule has an unsupported layout. Contact IBM Software Support. CKR1129 Invalid Sequence Number number for field tag in record key Severity: 24 Explanation: Contact IBM Software Support. CKR1130 Unknown RuleHeader line type requested for key Severity: 24 Explanation: Contact IBM Software Support. CKR1131 First entry in record key refers to a previous one for field offset Severity: 24 Explanation: Contact IBM Software Support. CKR1132 Record "key" doubly defined Severity: 20 Explanation: The indicated resource rule was encountered before in the same security complex. This indicates a problem with the database allocation. Check the ALLOC TYPE=ACF2INFO statements and verify that the proper data sets are allocated to the ddnames. CKR1133 [complex] DB db datasetname read pp% to obtain number segments (of 256 byte) Unusedspace. Using readmethod. Used number special, number index, and number data blocks for number requests. Statistics Severity: 00 Explanation: This message reports on the indexed read of a RACF data set. It indicates the number of segments to be read, and the percentage that actually was read physically to obtain this data. The percentage can grow above 100% if some parts had to be read more than once. Free space can be present at the end of the database (never used) or fragmented through the database. If all space is fragmented, Unusedspace will contain the text Free space completely fragmented, otherwise it will show Space beyond pp% never used. readmethod can be BDAM, indexed ECKD EXCP, or indexed EXCP. If either EXCP method was used, a fourth line is shown in the format Read number blocks from a total of number in number IOs. Cache hit was pp%. 280 Version 1.12: Messages Guide CKR1134 SIMULATE specification at DDname line number conflicts with the command at DDname line number Severity: 12 Explanation: Multiple SIMULATE CNGRACF or SIMULATE CKGRACF commands per complex are not allowed. Neither are multiple SIMULATE CNGRACF or SIMULATE CKGRACF commands that do not explicitly specify a complex. CKR1135 Undefined type lookup element value at ddname line number Severity: 12 Explanation: This message indicates that an error has been made in specifying an indirect reference. The syntax for a deftype lookup is as follows: FIELD:TYPE.KEY.TARGET where TYPE is a type of newlist, created with a DEFTYPE command, and KEY and TARGET are previously defined fields in the same newlist type. For a more detailed explanation of indirect references, see DEFINE command - Field value manipulation in the user reference manual for your zSecure product. Element is type, key, or target and indicates the syntax element that is in error; for key or target type reflects the TYPE. CKR1135 Undefined lookup element value before taken at ddname line number Severity: 12 Explanation: This message indicates that an error has been made in a MAILTO= specification. The syntax is as follows: MAILTO=:TYPE.TARGET where TYPE is a type of newlist, created with a DEFTYPE command, and TARGET is a previously defined field in that newlist type. See OPTION command - MAILTO in the user reference manual for your zSecure product. Element is type or target and indicates the syntax element that is in error. CKR1136 Field LID not found Severity: 20 Explanation: zSecure Audit for ACF2 cannot store the logonid. This can be caused by processing a copy of an ACF2 logonid database on a system where ACF2 is not active and without allocating a CKFREEZE file containing the necessary information. For the processing of an unload this is a fatal error. CKR1137 number type records processed, selected number2 (p%) Severity: 00 Explanation: This message indicates that for newlist type number records were read, and of those read, number2 were actually selected. CKR1138 Record "key" appears to be a directory: "id" Severity: 20 Explanation: The indicated structured InfoStorage record has an inconsistent layout. Contact IBM Software Support. CKR1139 program used cc.c CPU seconds, nn,nnnKB, and took ss wall clock seconds Severity: 00 Explanation: This message is issued after most processing has been done but before newlist output processing. It indicates the resource usage as well as the elapsed time for this run. Its main use is to measure resource usage in the ISPF interface, since the corresponding CKR0039 at the end of the SYSPRINT is not very usable for this purpose since it includes all user think time while looking at the ISPF displays, and all resource consumption (like recursive queries or other ISPF commands) done from the ISPF display. Chapter 5. CKR messages 281 CKR1140 Maximum number of max systems exceeded for system system Severity: 12 Explanation: This message indicates that you have exceeded the internal limit on the number of systems (I/O configurations). Reduce the number of ALLOCATE statements for CKFREEZEs. If the current limit (100 effective configurations) is a problem for your installation, contact IBM Software Support. CKR1141 Maximum number of max complexes exceeded for complex complex Severity: 12 Explanation: This message indicates that you have exceeded the internal limit on the number of complexes (security databases). Reduce the number of ALLOCATE statements for such databases. If the current limit (100 such databases) is a problem for your installation, contact IBM Software Support. CKR1142 Duplicate entry for key=key in lookup type.key.target Value "value1" retained, value "value2" from record number ignored. Severity: 00 Explanation: While reading the file(s) for type type a duplicate value was found for field key which was to be used as the key field of the lookup. Only value1 will be stored for display of the lookup. CKR1143 Word number must be >= 1 Severity: 12 Explanation: The number in an expression WORD(field,number,delimiter) was not specified correctly. CKR1144 Illegal BUNDLEMAILTO function at ddname line number Severity: 12 Explanation: The specified BUNDLEMAILTO value is invalid. It has to be a series of fieldvalue manipulation functions with the base field BUNDLEBY. For additional information, see the documentation for the BUNDLE command in the user reference manual for your zSecure product. CKR1145 BUNDLEMAILTO is only valid on the BUNDLE command at ddname line number Severity: 12 Explanation: The BUNDLEMAILTO keyword is not supported on the command it was specified on. CKR1146 PAS attribute requires KEY modifier before token at ddname line number Severity: 12 Explanation: The point-and-shoot modifier (PAS) is only supported on fields that have a KEY modifier as well (i.e., cannot be scrolled off the display). CKR1147 CKRCFS: Encountered another MCDS for system system - skipped volume dsname Severity: 04 Explanation: This message is issued when the program detects multiple MCDSes on a single system and cannot decide which one to use. There are no adverse effects to current program output. CKR1148 CKRCFV: Encountered another DMSFILES dump for system system complex complex - skipped volume dsname Severity: 004 Explanation: This message is issued when the program detects multiple DMSFILES dumps on a single system and 282 Version 1.12: Messages Guide cannot decide which one to use. There are no adverse effects to current program output. CKR1149 ALLOC command at ddname line number condition a previous one - ignored Severity: 00 Explanation: The indicated ALLOC command for an ACTIVE or INACTIVE security database is either identical to a previous ALLOC command, or incompatible with a previous one, as indicated by the message. In the latter case, the indicated command specifies (or implies) to allocate the PRIMARY security database, whereas a previous command specified the BACKUP, or v.v. The command is ignored. CKR1150 Record "key" doubly defined Severity: 20 Explanation: The indicated structured InfoStorage record was encountered before in the same security complex. This indicates a problem with the database allocation. Check the ALLOC TYPE=ACF2INFO statements and verify that the proper data sets are allocated to the ddnames. CKR1151 field <Asymmetric AREMFLG> flag flag Severity: 20 Explanation: An ACF2 SMF record of an unsupported layout was encountered. The SMF record is possibly corrupted. Contact IBM Software Support. CKR1151 field <id: unintelligible AREMFLG> flag Severity: 20 Explanation: An ACF2 SMF record of an unsupported layout was encountered. The SMF record is possibly corrupted. Contact IBM Software Support. CKR1152 Warning: Dynamic parse table for complex name unknown, using current system DPT Severity: 00 Explanation: This message indicates that no dynamic parse table (DPTB) could be found for the indicated complex name. The current system's DPTB is used instead. The DPTB defines which custom fields can be used for this complex. CKR1153 ENDBUNDLE missing Severity: 12 Explanation: This message indicates that a BUNDLE was started but not ended. CKR1154 Duplicate allocation of type type for complex complex Severity: 12 Explanation: In an ACF2 complex only one data set of each type (LID, rule and infostorage) can be allocated. Verify the allocation statements on your query. CKR1155 Expected Audit Function Code instead of field Severity: 12 Explanation: A number or an Audit Function Code indication (without quotes) should have been specified. Chapter 5. CKR messages 283 CKR1156 Unload output file cannot have RECFM=U - [(redirected CKRUNLOU)] ddname [path | volser dsname] Severity: 16 Explanation: An UNLOAD to a data set with RECFM=U is not supported. Output the UNLOAD data to a data set with another format and try again. CKR1157 LIKELIST cannot be specified in a subselect clause Severity: 12 Explanation: Specifying a LIKELIST clause in a subselect clause is not allowed. CKR1158 Subselect of "field" in "subselectclause" not allowed in SELECT statement Severity: 12 Explanation: In a subselect clause on the SELECT statement some fields are not allowed, because their value cannot be determined until after the database has been read. For example, the ACL fields USER and GROUP cannot be used, because the access list contains an ID that must be related to a matching profile to determine the type--use ID instead. CKR1159 Lookup not allowed in subselect clause in SELECT statement - before type "value" at ddname line number Severity: 12 Explanation: Lookups are forbidden in a subselect clause on a SELECT statement, because they can only be performed after the database has been read. CKR1160 Modifier SORT applies to repeated fields only - not useful for field at ddname line number Severity: 04 Explanation: SORT is a repeat group modifier, and field is not a repeated field. Therefore, it is ignored. CKR1161 scope record: NextKey nesting level depth exceeded Severity: 04 Explanation: ACF2 scope records support a maximum of 10 NextKey nesting levels. The scope record identified in this message is a record exceeding this maximum. Further processing for this record is aborted. CKR1162 Impossible length value value for fieldname fieldvalue Severity: 24 Explanation: Contact IBM Software Support. CKR1163 scope record: improbable number of NextKeys Severity: 24 Explanation: The identified scope record appears to have multiple NextKeys - a logical impossibility. Contact IBM Software Support. CKR1164 datasetname exceeds 2 GB in size. This could be a cause for RACF database corruption. Severity: 04 or 08 Explanation: A RACF data set is limited in size to 2 GB. Larger data sets can cause database corruption. The indicated data set is larger than 2 GB. A severity of 8 indicates that the space above 2 GB is in use and you will most likely encounter RACF database corruption. A severity of 4 indicates that this space is not in use. 284 Version 1.12: Messages Guide CKR1165 Modifier UNIVERSAL invalid for field field at ddname line number Severity: 12 Explanation: This message indicates that the UNIVERSAL modifier was used on a field that does not support its use. Only the ACL and CONNECTS-like fields support this modifier. CKR1166 A type access level was not expected before type "value" at ddname line number Severity: 12 Explanation: This message indicates that the program has interpreted the previous token as an access level of type type, but this type is considered inapplicable in this context. The type can be UNIX, ACF2, scope, module or DEFINE. You only use UNIX and ACF2 access values for selection in newlist type=TRUSTED. You only use scope values for selection in the TRUSTED and REPORT_SCOPE newlist types. You only use module values for selection in newlist types REPORT_AC1 and REPORT_PADS. DEFINE access values are only used in newlist types ACCESS and RACF_ACCESS. CKR1166 The access value value was not expected before type "value" at ddname line number Severity: 12 Explanation: This message indicates that the program has interpreted the previous token as the access value value, but this value is considered inapplicable in this context. HIDDEN is only used for selection in newlist type=REPORT_STC. QUALOWN is only used in newlist types REPORT_SCOPE, ACCESS, and RACF_ACCESS. OWNER is only used in newlist types TRUSTED, REPORT_REDUNDANCY, REPORT_SENSITIVE, REPORT_NONDEFAULT, REPORT_OUFOFGROUP, and REPORT_PROFILE. The values ADD, A-READ, DELETE, D-READ. ADD-DEL, and AD-READ are only used in newlist types TRUSTED and REPORT_SCOPE. CKR1166 A CONNECT authority was not expected before type "value" at ddname line number Severity: 12 Explanation: This message indicates that the program has interpreted the previous token as a CONNECT authority, but this value is considered inapplicable in this context. CONNECT authorities are only used in NEWLIST TYPE=RACF_ACCESS. CKR1167 Unknown directory layout number - empty SSCP assumed Severity: 24 Explanation: During analysis of the ACF2 resident scope structure, the program encountered a scope directory with an unknown layout identifier. To prevent abends, processing of the directory is skipped completely, which effectively implies that all SCPLISTs are considered empty. This makes the program unusable for scoped administrators. Contact IBM Software Support. CKR1168 Unknown directory layout for identifier - number Severity: 20 Explanation: During creation of an unload, the program encountered a scope directory with an unknown layout identifier. The program tries to continue, but there's no guarantee that the generated output will be correct. Contact IBM Software Support. CKR1169 Illegal time value - at ddname line number Severity: 12 Explanation: This message is issued when reading a DATETIME format value where the time is not recognizable. Chapter 5. CKR messages 285 CKR1170 Invalid continuation of date value before - at ddname line number Severity: 12 Explanation: This message is issued when reading a DATETIME format value where characters remain behind the date part. CKR1171 Request storing for segment typing due to newlist field and ambiguous entity Severity: 00 Explanation: This message is triggered by DEBUG SEGMENT if all users and groups will be stored to help disambiguating the entity type of segments in a RACF restructured database. This specific message is given if there is a LIST family statement that needs a field that depends on the proper entity type being determined. CKR1172 Request storing for segment typing due to newlist selection Severity: 00 Explanation: This message is triggered by DEBUG SEGMENT if all users and groups will be stored to help disambiguating the entity type of segments in a RACF restructured database. This specific message is given if the SELECT statement itself needs the entity type disambiguated. CKR1173 Global select indicates no storing for segment typing is needed. Severity: 00 Explanation: This message is triggered by DEBUG SEGMENT if all users and groups need NOT be stored to help disambiguating the entity type of segments in a RACF restructured database. It may override a message CKR1171, CKR1172. CKR1304, or CKR1305. This typically happens if the global SELECT and an inner (newlist) SELECT are in fact disjoint. CKR1174 RRSF command propagation is active on CURRENT system. Reducing maximum command size to 5000 bytes. Severity: 00 Explanation: RRSF command propagation has a limit of 5000 bytes on the size of propagated commands. Because RRSF command propagation is active on the CURRENT system, the maximum command size is reduced from 16 kilobytes to 5000 bytes. CKR1175 Unexpected minidisk user1 dev in CP directory for user2 Severity: 08 Explanation: This message means that in a VM CKFREEZE file the CP directory had an unexpected layout. If you feel that the product should support this situation, contact IBM Software Support. CKR1176 Unexpected minidisk user1 dev in CP directory Severity: 08 Explanation: This message means that in a VM CKFREEZE file the CP directory had an unexpected layout. If you feel that the product should support this situation, contact IBM Software Support. CKR1177 VERIFY NONEMPTY/ONVOLUME not performed on complex complex due to missing CP directory Severity: 08 Explanation: This message means that a VM CKFREEZE file was missing, or that it did not contain CP directory information. The functions that need it will not be performed. 286 Version 1.12: Messages Guide CKR1178 No VMMDISK profile protection for minidisk on volume volume user.dev Severity: 08 Explanation: This message is issued by VERIFY PROTECTALL to indicate that there is no profile matching the minidisk definition in the VM CP directory. No command is generated to remedy the situation; you have to figure out the access requirements yourself. The default action taken by VM is defined by whatever has been coded on the SYSSEC macro in the HCPRWA module. CKR1179 Generic VMMDISK profile without matching minidisks profile Severity: 04 Explanation: This message is issued by VERIFY NONEMPTY or VERIFY ALLNOTEMPTY to indicate that the profile is obsolete according to any of those commands. An RDELETE RACF command will be generated to remove the profile. CKR1180 Discrete VMMDISK profile but no minidisk defined profile Severity: 04 Explanation: This message is issued by VERIFY ONVOLUME to indicate that the profile is obsolete because the minidisk does not exist anymore. An RDELETE RACF command will be generated to remove the profile. CKR1181 Unsupported FDE for field: FLAGS=SPECIAL Severity: 20 Explanation: According to its Field Definition Entry, the indicated field has non-standard processing requirements. This is not supported for site-defined fields. CKR1182 Unsupported FDE for field: HEADER=NONE Severity: 20 Explanation: Site-defined multi-valued bit fields are not supported. CKR1183 Unsupported FDE for field: (X)VL, but not DYNAMEL Severity: 20 Explanation: The indicated multi-valued field is defined as having entries with a variable length, but does not possess a way to indicate the actual length for each entry. Contact IBM Software Support. CKR1184 Unsupported FDE for field: STATUS=PSEUDO Severity: 20 Explanation: The only currently supported pseudo field is the UID string in a logonid record. Contact IBM Software Support. CKR1185 Unsupported FDE for field: length = 0 Severity: 20 Explanation: FDE-defined fields with a length of zero bytes in general cannot be used as a selection criterion. Their use on a SORTLIST statement or suchlike is equally futile. CKR1186 Unsupported FDE for field: remote default value Severity: 20 Explanation: Fields of which the default value is not present in the FDE proper are not supported. Chapter 5. CKR messages 287 CKR1187 Unsupported FDE for field: unsupported TYPE: type - type(hex) Severity: 20 Explanation: The indicated field does not have one of the eight ACF2-defined data types (binary, character, packed decimal, time, bit flag, TOD stamp, hexadecimal or encrypted). Contact IBM Software Support. CKR1188 Inconsistent FDE for field: TYPE=BIT, FLAGS=MULTI Severity: 20 Explanation: A bit-flag type field, being only one bit in size, by definition cannot have multiple values. Contact IBM Software Support. CKR1189 Inconsistent FDE for field: FLAGS=MULTI, STATUS=PSEUDO Severity: 20 Explanation: Multi-valued ACF2 pseudo fields are not supported. Contact IBM Software Support. CKR1190 Inconsistent FDE for field: DYNAMEL, but not (X)VL Severity: 20 Explanation: The indicated multi-valued field has a length byte for each value, even though the values have a constant length. While this may be a legal field definition, it's currently unsupported. Contact IBM Software Support. CKR1191 Inconsistent FDE for field: TYPE=PACKED, LENGTH > 16 Severity: 20 Explanation: Packed decimal fields cannot exceed 16 bytes in length. Contact IBM Software Support. CKR1192 field does not HAVE multiple values Severity: 24 Explanation: The indicated field is not defined as multi-valued. However, a request was encountered for a value other than the first one. Contact IBM Software Support. CKR1193 Inconsistent AMULTFLD for field: AMULTCUR < 0 Severity: 20 Explanation: The indicated multi-valued field has a negative number of values. Contact IBM Software Support. To identify the record causing the error use DEBUG FIELD. For additional information about the DEBUG command, see the user reference manual for your zSecure product. CKR1194 Inconsistent AMULTFLD for field: requested value # > AMULTCUR Severity: 20 Explanation: The indicated multi-valued field does not have as many values as are requested. Contact IBM Software Support. To identify the record causing the error use DEBUG FIELD. For additional information about the DEBUG command, see the user reference manual for your zSecure product. CKR1195 Inconsistent AMULTFLD for field: AMULTCUR > FDEMVMAX Severity: 20 Explanation: The indicated multi-valued field has more values defined than are allowed by its Field Definition Entry. Contact IBM Software Support. To identify the record causing the error use DEBUG FIELD. For additional information about the DEBUG command, see the user reference manual for your zSecure product. 288 Version 1.12: Messages Guide CKR1196 Inconsistent AMULTFLD for field: AMULTOFF past record end Severity: 20 Explanation: The multi-valued field header of the indicated field is present in the ACF2 database record, but the actual values are not. Contact IBM Software Support. To identify the record causing the error use DEBUG FIELD. For additional information about the DEBUG command, see the user reference manual for your zSecure product. CKR1197 field: DYNAMEL running past record end Severity: 20 Explanation: The requested field value is not physically present in the ACF2 database record, even though the multi-valued field header indicates it should be. Contact IBM Software Support. To identify the record causing the error use DEBUG FIELD. For additional information about the DEBUG command, see the user reference manual for your zSecure product. CKR1198 field: fixed MV past record end Severity: 20 Explanation: The requested field value is not physically present in the ACF2 database record, even though the multi-valued field header indicates it should be. Contact IBM Software Support. To identify the record causing the error use DEBUG FIELD. For additional information about the DEBUG command, see the user reference manual for your zSecure product. CKR1199 IMBED NODUP does not support the FILEDESC/PATH parameters Severity: 12 Explanation: The NODUP parameter was used on the IMBED command in combination with the FILEDESC or PATH parameter. This is not supported. Messages from 1200 to 1299 CKR1200 keyword invalid without ERRORMAILTO or SMTPMAILFROM or FROM or REPLYTO Severity: 12 Explanation: The keywords MAILTO (MT) and BUNDLEMAILTO (BMT) are used to generate an e-mail message. If they are used, a valid value for at least one of the keywords mentioned is essential to create a valid SMTP header. CKR1201 Fields with format outfrmt can only be modifiable once per record or detail display - name at ddname line number or - name in parm string Severity: 12 Explanation: The field name occurs twice or more on the same display, and both occurrences are modifiable. This is not allowed unless the format is CHAR or ASIS. This may apply to the record level display, or this may apply to the detail display. Either display the field only once, or add the NOMODIFY modifier to all except one of them. CKR1202 Repeat group field name can only be displayed as modifiable once per detail display -name at ddname line number or - name in parm string Severity: 12 Explanation: The field name occurs twice or more on the detail display, both occurrences are modifiable, and the field is defined as a repeat group. This is not supported. Either display the field only once on the repeat group line, or add the NOMODIFY modifier to all except one of the occurrences. Chapter 5. CKR messages 289 CKR1203 BASIC or MAIN not specified on program profile program used in dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced-Warning program security mode. A program is defined on a conditional access list, and an accompanying specific profile is defined, but that profile is missing APPLDATA('MAIN') or APPLDATA('BASIC'). Because RACF runs in Enhanced-Warning mode, a commented RALTER PROGRAM APPLDATA('MAIN') command is generated. This command can be uncommented and run when you decide that the mentioned program needs to be on the conditional access list. For additional information, see VERIFY PADS in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. CKR1204 No specific program profile found for program program used in dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced-Warning program security mode. A program is defined on a conditional access list and no corresponding specific program profile is found but a non-specific program profile is. Because RACF runs in Enhanced-Warning mode, commented commands for copying the non-specific profile to a specific one and adding APPLDATA('MAIN') are generated. These commands can be uncommented and run when you decide that the mentioned program needs to be on the conditional access list. For additional information, see VERIFY PADS in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. CKR1205 No non-specific profile found for program profile program used in dataset profile volser datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced-Warning program security mode. A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1206 No non-specific profile found for program profile program used in generic dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced-Warning program security mode. A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1207 No non-specific profile found for program profile program used in dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced-Warning program security mode. A program is defined on a conditional access list, but no matching program profile exists. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1208 BASIC or MAIN not specified on program profile program used in dataset profile volser datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced program security mode. A program is defined on a conditional access list and an accompanying specific program profile is defined, but that program profile does not have APPLDATA('MAIN') or APPLDATA('BASIC') defined. To solve the error condition, a command is generated to remove the WHEN-clause. 290 Version 1.12: Messages Guide CKR1209 BASIC or MAIN not specified on program profile program used in generic dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced program security mode. A program is defined on a conditional access list and a accompanying specific program profile is defined, but that program profile does not have APPLDATA('MAIN') or APPLDATA('BASIC') defined. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1210 BASIC or MAIN not specified on program profile program used in dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced program security mode. A program is defined on a conditional access list and a accompanying specific program profile is defined, but that program profile does not have APPLDATA('MAIN') or APPLDATA('BASIC') defined. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1211 No specific program profile found for program program used in dataset profile volser datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced program security mode. A program is defined on a conditional access list and a accompanying specific program profile is defined, but that program profile does not have APPLDATA('MAIN') or APPLDATA('BASIC') defined. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1212 No specific program profile found for program program used in generic dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced program security mode. A program is defined on a conditional access list and a accompanying specific program profile is defined, but that program profile does not have APPLDATA('MAIN') or APPLDATA('BASIC') defined. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1213 No specific program profile found for program program used in dataset profile datasetprofile for ID identity Severity: 04 Explanation: This message is issued due to a VERIFY PADS command while RACF runs in Enhanced program security mode. A program is defined on a conditional access list and a accompanying specific program profile is defined, but that program profile does not have APPLDATA('MAIN') or APPLDATA('BASIC') defined. To solve the error condition, a command is generated to remove the WHEN-clause. CKR1214 PIPE is only valid on PATH/FILEDESC at ddname line number Severity: 12 Explanation: A PIPE specification is only useful on a PATH or FILEDESC allocation. Either remove PIPE or change to a PATH or FILEDESC allocation. CKR1215 GETPROC is only valid on TYPE=SMF, or <deftype> at ddname line number Severity: 12 Explanation: GETPROC is invalid for input types other than SMF, ACCESS, or those defined with the DEFTYPE command. Additionally, the GETPROC parameter is only intended for internal IBM Security zSecure use. Chapter 5. CKR messages 291 CKR1216 WTO/SNMP/SYSLOG/CMD are mutually exclusive - at ddname line number Severity: 12 Explanation: You can only specify ONE special delivery type (that is, CMD, SNMP, SYSLOG, or WTO) on a newlist. CKR1217 PL/LL mutually exclusive with WTO/SNMP/SYSLOG/CMD/XML - at ddname line number Severity: 12 Explanation: SNMP, WTO, SYSLOG, CMD, and XML imply a specific line and pagelength. These values are not available for modification. CKR1218 WTO failed RC=rc (dec) newlist at ddname line number Severity: 0 4 Explanation: This message indicates that an error occurred while issuing a write-to-operator message (WTO) for the newlist mentioned. This message will be followed by the WTO in question. CKR1219 SNMP trap failed msg newlist at ddname line number Severity: 04 Explanation: The sending of an SNMP trap for newlist failed. The sending routine reported msg. Possible messages and their reasons are: Table 3. CKR1219 messages Message Explanation missing specific type The first line of the CARLa (sort)list for sending an SNMP trap did not start with an integer indicating the specific type of the trap. unknown variable(s): variable1, variable2, ... Some strings were not recognized as variables, possibly due to typos in the CARLa (sort)list. total length of variables is too large, even after trimming each variable to 1023 characters Even though the contents of each variable did not exceed 1023 characters, the total size of the variable strings and their contents exceeded the maximum of 32000 bytes. SnmpEnc failed It was not possible to encode the SNMP trap; there may be a semicolon in the community string or the enterprise string may be incorrectly formatted. IBM-1047 to ISO8859-1 conversion failed: not enough memory EBCDIC to ASCII conversion failed due to memory shortage. Cannot open converter from IBM-1047 to ISO8859-1 EBCDIC to ASCII conversion was not supported. Contact IBM Software Support. socket error: rc return code (hex), reason reason code (hex); error message string A socket could not be created; details can be found in the UNIX System Services Messages and Codes manual. sendto error: rc return code (hex), reason reason code (hex); Data could not be sent on a socket; details can be found error message string in the UNIX System Services Messages and Codes manual. usage: <specific> -c <community> -g <generic> -e <enterprise> The syntax of the line with the specific trap was incorrect; the line should start with an integer which specifies the specific-trap field; it is optionally followed by '-c community', '-g generic' (where generic is an integer which specifies the generic-trap field), and '-e enterprise' (where enterprise is a dot separated list of integers) <specific> must be an integer The specific-trap field is not an integer <generic> must be an integer The generic-trap field is not an integer 292 Version 1.12: Messages Guide Table 3. CKR1219 messages (continued) Message Explanation Call to C routine CKRTRAP failed The routine CKRTRAP could not be called. This is probably the result of a missing or incorrectly established LE environment. Verify that ALLOC NOLE has not been specified for this run. CKR1220 GETHOSTNAME rc rc (dec), errno errno (hex) Severity: 08 Explanation: The GETHOSTNAME call failed. This can result in invalid SMTP HELO statements and SNMP traps. This can be caused (amongst other reasons) by missing TCP/IP resolver data, or no capability to perform UNIX calls (for example, no UID provided). CKR1221 Could not resolve snmp-destination rc rc - newlist newlist at ddname line line Severity: 04 Explanation: The snmp-destination as specified on the SNMPTO keyword of the newlist specified could not be resolved to an IP address. No SNMP traps will be sent to this destination. This could be the result of an erroneous specification, incorrectly configured TCPIP, temporary unavailability of the Domain Name Server (DNS), or the SNMP destination temporarily not in (Dynamic) DNS. CKR1222 field lookup not supported on select - at ddname line number Severity: 12 Explanation: The indicated field cannot be used as a security database lookup field in a SELECT clause. CKR1223 CLEANUP and NOCLEANUP are mutually exclusive Severity: 12 Explanation: The keywords CLEANUP and NOCLEANUP of the ALLOCATE command are mutually exclusive. CKR1224 Incomplete mailbox specification token at ddname line line Severity: 12 Explanation: An error was encountered in the mailbox specification before the token specified. For information about address specification, refer to the RFC 2822 syntax documented in the user reference manual for your zSecure product. If an E-mail address list is in use, the ddname can be of the form Rxxxxxxx, where xxxxxxx is a decimal number. In this case it refers to the record number within the E-mail address list you are using. To find the <deftype> used, you can refer to the last message CKR1088 shown before this message. CKR1225 E-mail name at ddname line number sent to address, subject: subject Severity: 00 Explanation: This is an informational message indicating that an e-mail message has been generated as requested for newlist name, from the given input location. It was sent to address, with the subject shown. CKR1226 ALLOC TYPE=esm ACTIVE is invalid on a non-esm system - at ddname line number Severity: 12 Explanation: An allocation request for the active security database for External Security Manager esm was received. That ESM is not active on this system, so the allocation cannot be done. Chapter 5. CKR messages 293 CKR1227 Sent SNMP trap to nr recipients, including IPaddress port port newlist at ddname line number Severity: 00 Explanation: This message is issued to inform you that an SNMP trap was sent for newlist. CKR1228 Field "SYSTEM" required in NEWLIST TYPE=deftype for format format - time zone omitted for fieldaddr fieldname at ddname line number Severity: 04 Explanation: The DATETIMEZONE, SMFTIMESTAMPZONE, and XSD_DATETIME formats need a system to determine which time zone to use. For a DEFTYPE newlist you should DEFINE a field SYSTEM yielding the SMFid of the system to use. For additional information about the date and time formats, see the LIST command - Format names documentation in the user reference manual for your zSecure product. CKR1229 Format format not supported on SUMMARY/BUNDLEBY - time zone omitted for fieldaddr fieldname at ddname line number Severity: 04 Explanation: The system corresponding to each record determines the time zone used for the DATETIMEZONE and SMFTIMESTAMPZONE formats. For a SUMMARY, this value is ambiguous. For additional information about the DATETIMEZONE and SMFTIMESTAMPZONE formats, see the LIST command - format names documentation in the user reference manual for your zSecure product. CKR1230 Missing local part of mailbox address token at ddname line line Severity: 12 Explanation: No local part (username) was found in the mailbox specification before the token specified. For information about address specification, refer to the RFC 2822 syntax documented in the user reference manual for your zSecure product. If an E-mail address list is in use, the ddname can be of the form Rxxxxxxx, where xxxxxxx is a decimal number. In this case it refers to the record number within the E-mail address list you are using. To find the <deftype> used, you can refer to the last message CKR1088 shown before this message. CKR1231 Missing domain in mailbox address token at ddname line line Severity: 12 Explanation: No domain was found in the mailbox specification before the token specified. For information about address specification, refer to the RFC 2822 syntax documented in the user reference manual for your zSecure product. If an E-mail address list is in use, the ddname can be of the form Rxxxxxxx, where xxxxxxx is a decimal number. In this case it refers to the record number within the E-mail address list you are using. To find the <deftype> used, you can refer to the last message CKR1088 shown before this message. CKR1232 Suppressing NEWLIST NAME=name at ddname line number, using the one at ddname2 line number Severity: 00 Explanation: This message indicates that a NEWLIST was suppressed due to the FIRST_PER_NAME option. The messages identifies the NEWLIST of this name that is being used instead. CKR1233 C2ARULE: record key corrupted: invalid trailer offset Severity: 20 Explanation: The indicated access rule record has an unexpected layout. It is probably corrupted. Contact IBM Software Support. 294 Version 1.12: Messages Guide CKR1234 Record key has an invalid trailer offset Severity: 20 Explanation: The indicated resource rule record has an unexpected layout. It is probably corrupted. Contact IBM Software Support. CKR1235 Start of interval number at time Severity: 00 Explanation: This message indicates that a new pass of processing has started after receiving a soft end-of-file condition. CKR1236 MAILFONTSIZE must be in range 1..7 Severity: 12 Explanation: MAILFONTSIZE should be a number in the range 1 to 7, corresponding to 8, 10, 12, 14, 18, 24, and 26 point size if the browser default font is set at 12 point (the user may change that). CKR1237 WTO/SNMP/SYSLOG/CMD are mutually exclusive with e-mail - at ddname line number Severity: 12 Explanation: You can only specify ONE special delivery type (that is, e-mail, CMD, SYSLOG, SNMP, or WTO) on a newlist. CKR1238 Allocation of C2REMAIL failed. Writer: "writer" Class: "class" NJENode: "node" Severity: 16 Explanation: An error occurred during the allocation of the C2REMAIL DD. Check whether the values of the SMTPWRITER, SMTPCLASS and SMTPNJENODE parameters are valid. CKR1239 WTO issued newlist at ddname line number Severity: 00 Explanation: This message indicates that a WTO was successfully issued for the newlist mentioned. This message will be followed by the WTO in question. CKR1240 Newlist name=name type=type at ddname line number did not contain a resolved SNMP destination suppressed Severity: 00 Explanation: The output for the specified newlist was supposed to be sent to an SNMP or SYSLOG destination. However, the specified destination cannot be reached. The newlist output has been suppressed. If the redirected output was sent to the default system file, you can find the newlist information in that file. The default for SNMP is C2RSNMP; the default for SYSLOG is C2RSYSLG. To facilitate output testing, if SNMPTOFILE or SYSLOGTOFILE was also specified, the newlist will not be suppressed. User response: In the program that generated the newlist output, update the SYSLOGTO= or SNMPLOGTO= parameter to specify a valid IP address that the system can access. If you have specified a valid address, check with your system administrator to find out why the destination cannot be reached. CKR1241 SNMP is not supported under VM Severity: 12 Explanation: There is no support yet for issuing SNMP traps under VM. If this is a problem for your installation, contact IBM Software Support. Chapter 5. CKR messages 295 CKR1242 Hexadecimal string cannot be longer than 255 Severity: 12 Explanation: The input contained a string that was supposed to be converted from text to hexadecimal, and that string was longer than 255 bytes. This is not supported. CKR1243 Phrase in mailbox address cannot be longer than 512 characters token at ddname line number Severity: 12 Explanation: No phrase used in an e-mail address specification can exceed 512 characters. The erroneous phrase was encountered before the token specified. For information about address specification, refer to the RFC 2822 syntax documented in the user reference manual for your zSecure product. If an e-mail destination file is in use, the ddname can be of the form Rxxxxxxx, where xxxxxxx is a decimal number. In this case it refers to the record number within the e-mail destination file you are using. To find the <deftype> used, you can refer to the last message CKR1088 shown before this message. CKR1244 OUTPUTFORMAT=outputformat is only valid in combination with MAILTO - at ddname line number Severity: 12 Explanation: The output format outputformat is only supported for e-mailed newlists. Change or remove the OUTPUTFORMAT specification, or supply the correct e-mail parameters. CKR1245 Implicit lookup from type type to (field field) is not supported at ddname line number Severity: 12 Explanation: Object type lookup to the security database is not supported from the indicated newlist type. The list of supported source types is REPORT_SCOPE, SMF, RACF, TRUSTED. CKR1246 mailoption is not valid on the individual NEWLIST level within a BUNDLE at ddname line number Severity: 12 Explanation: The NEWLISTs in the BUNDLE are treated as a whole. Specify the mailoption on the BUNDLE statement or an OPTION statement preceding the BUNDLE instead. CKR1247 mailto is not valid within a BUNDLE at ddname line number Severity: 12 Explanation: BUNDLE does not support MAILTO - use BUNDLEMAILTO instead. CKR1248 Deprecated syntax "(HOR[,len])" is equivalent to "HOR([len]),0)" Severity: 00 Explanation: This message is issued when a first HORIZONTAL modifier is detected for a field or defined variable, and the specification uses old syntax, and is not accompanied by WRAP or an explicit length 0. See the LIST command - Repeated format modifiers documentation in the user reference manual for your zSecure product. CKR1249 Deprecated syntax "(HOR[,len2])" evaluates to "HOR(len1))" here - variablename defined at ddname line num Severity: 00 Explanation: This message is issued when a second HORIZONTAL modifier is detected for a defined variable. That is, there was already a HORIZONTAL modifier on the preceding DEFINE statement, and the specification uses old syntax, is either not accompanied by an explicit length 0 or a nonzero column length is implied, and WRAP has not been specified (either on the DEFINE or as a local override). For more detailed information about the HORIZONTAL modifier, see the LIST command - Repeated field format modifiers in the user reference manual for your zSecure product. Note that the equivalent expression depends on the DEFINE statement for the variable! 296 Version 1.12: Messages Guide CKR1250 PROGRAM data set name is obsolete complex program - dsname Reason Severity: 04 Explanation: This message is issued by the VERIFY PROGRAM function for a volume-unspecific PROGRAM member because there is no volume on any system in the complex where the indicated data set name resolves to an actually existing partitioned data set. The message is followed by one or more Reason lines with one of the following detail explanations: v Partitioned data set does not exist on any volume any system dsname v Volume is not mounted on system syst volser v VTOC is not readable on system syst volser v Data set does not exist on system syst volser dsname v Data set is not partitioned on system syst volser dsname If a CKRCMD file is allocated for the complex, an RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR1251 PROGRAM dsn may be obsolete but info is missing complex program - dsname Reason Severity: 04 Explanation: This message is issued by the VERIFY PROGRAM function for a volume-unspecific PROGRAM member because there does not appear to be any volume on any system in the complex where the indicated data set name resolves to an actually existing partitioned data set. The message is followed by one or more Reason lines with one of the following detail explanations: v Not all VTOCs in CKFREEZE to search for data set without volser dsname v Mig. catlg not in CKFREEZE to check data set any system dsname See VERIFY PROGRAM in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual for more information about missing VTOCs, and missing migration catalogs. If a CKRCMD file is allocated for the complex, a commented-out RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR1252 PROGRAM IPL volume entry dsn/****** obsolete complex program - ****** dsname Reason Severity: 04 Explanation: This message is issued by the VERIFY PROGRAM function because there is no system in the complex where the indicated data set name resolves to a partitioned data set actually existing on the IPL volume. For each system a Reason line follows with one of the following detail explanations: v Data set not on IPL volume of system syst volser dsname v Data set is not partitioned on IPL volume of syst volser dsname If a CKRCMD file is allocated for the complex, an RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR1253 PROGRAM IPL vol entry dsn/****** appears obsolete complex program - ****** dsname Reason Severity: 04 Explanation: This message is issued by the VERIFY PROGRAM function because there appears to be no system in the complex where the indicated data set name resolves to a partitioned data set actually existing on the IPL volume, but one or more error conditions were detected. For each system a Reason line follows with one of the following detail explanations: v IPL volume appears unmounted on system syst volser v VTOC appears unreadable for IPL volume of syst volser v Data set not on IPL volume of system syst volser dsname v Data set is not partitioned on IPL volume of syst volser dsname Chapter 5. CKR messages 297 If a CKRCMD file is allocated for the complex, a commented-out RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR1254 PROGRAM dsn/****** unused but info missing complex program - ****** dsname Reason Severity: 04 Explanation: The message is issued by the VERIFY PROGRAM function because there appears to be no system in the complex where the indicated data set name resolves to a partitioned data set actually existing on the IPL volume, and no error conditions were detected. For each system a Reason line follows with one of the following detail explanations: v IPL volume appears unmounted on system syst volser v VTOC appears unreadable for IPL volume of syst volser v VTOC not present in CKFREEZE for IPL volume syst volser v Mig. catlg not in CKFREEZE to check data set syst volser dsname v Data set not on IPL volume of system syst volser dsname v Data set is not partitioned on IPL volume of syst volser dsname If you are using zSecure for RACF, see VERIFY PGMEXIST in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual for more information about missing VTOCs, and missing migration catalogs. If a CKRCMD file is allocated for the complex, a commented-out RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR1255 PROGRAM dsn/vol obsolete, but missing information complex program - volser dsname Reason Severity: 04 Explanation: The message is issued by the VERIFY PROGRAM function because there appears to be no system in the complex where the indicated data set name resolves to an actually existing partitioned data set on the indicated volume. For each system a Reason line follows with one of the following detail explanations: v Volume is not mounted on system syst volser v VTOC is not readable on system syst volser v VTOC is not present in CKFREEZE syst volser v Mig. catlg not in CKFREEZE to check data set syst volser dsname v Data set does not exist on volume of syst volser dsname v Data set is not partitioned on volume of syst volser dsname If you are using zSecure for RACF, see VERIFY PGMEXIST in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual for more information about missing VTOCs, and missing migration catalogs. If a CKRCMD file is allocated for the complex, a commented-out RALTER DELMEM command is generated to remove the obsolete member from the profile. CKR1256 Started Procedure Table truncated - number1 entries declared, number2 read - system system complex complex Severity: 08 Explanation: The image of the Started Procedure Table in the CKFREEZE for the indicated system is incomplete. As a result, less output will be produced by NEWLIST TYPE=SPT (for example, AU.S RACF control - STCTABLE). CKR1257 Started Procedure Table truncated - number1 entries declared, number2 read - system system complex complex Severity: 08 Explanation: The image of the Started Procedure Table in the CKFREEZE for the indicated system is incomplete. As a result, less output will be produced by REPORT STC, and VERIFY STC results may be incorrect. 298 Version 1.12: Messages Guide CKR1258 Effective record length 0 at CKFREEZE record <yyyy> of <ddname> <vol> <dsn> Severity: 16 Explanation: This message indicates that a CKFREEZE file contained an invalid record with effective length 0. This usually has one of two causes. Either the file is not a CKFREEZE file at all, or it has been transported or decompressed by a utility that does not have proper support for LRECL=X,RECFM=VBS files. In that case, information will be missing. We suggest you try to analyze the original file on the system where it was originally created and verify that the message does not occur there. In that case, a utility is the culprit. If this message occurs on a file created by a successful zSecure Collect run without any utility touching the file before it was analyzed, then contact IBM Software Support. The message is suppressible, but be aware that information is probably missing and may result in invalid reports or internal error messages. CKR1259 UNLOAD not valid for NEWLIST TYPE=type Severity: 12 Explanation: The UNLOAD statement is not supported for this NEWLIST type. For NEWLIST types defined with DEFTYPE, you can use LIST RECORD instead. CKR1260 Expected NO or decimal number instead of word Severity: 12 Explanation: The specified word is not recognized here. A decimal number or NO (without quotes) should have been specified. CKR1261 CKRPRTFL: Value length longlength in recordaddr truncated to 65535 for format outputformat for fieldaddr fieldname at ddname line number Severity: 08 Explanation: The indicated output format does not support input lengths above 65535. A value with the indicated long length for the indicated field in the indicated record was truncated to that length before calling the output format routine. The resulting output may differ from what was expected. CKR1262 The value "None" is mutually exclusive with other Reason values - before token at ddname line num Severity: 12 Explanation: The value NONE for a SELECT of a RACF reason field was used in a list with other RACF reason values. This is not allowed. Use an explicit OR instead. CKR1263 fieldaddr fieldname made nonmodifiable - in concatenation on display level with format outputformat at ddname line number Severity: 00 Explanation: The indicated field has a format for which modify is not supported in a concatenation. The field occurs in a concatenation on a record or summary display level. To restore the ability to modify the field, take it out of the concatenation. To avoid the message, add an explicit NOMODIFY modifier to the field. CKR1264 fieldaddr fieldname made nonmodifiable - in concatenation on detail display with format outputformat at ddname line number Severity: 00 Explanation: The indicated field has a format for which modify is not supported in a concatenation. The field occurs in a concatenation on a detail display level. To restore the ability to modify the field, take it out of the concatenation. To avoid the message, add an explicit NOMODIFY modifier to the field. Chapter 5. CKR messages 299 CKR1265 fieldaddr fieldname made nonmodifiable - in concatenation on detail display with WRAP at ddname line number Severity: 00 Explanation: The indicated field has a WRAP or WORDWRAP modifier, so that modify is not supported in a concatenation. The field occurs in a concatenation on a detail display level. To restore the ability to modify the field, take it out of the concatenation. To avoid the message, add an explicit NOMODIFY modifier to the field. CKR1266 Scattered field fieldaddr2 fieldname2 - concatenation fieldaddr1 fieldname1 made nonmodifiable on display level at ddname line number Severity: 00 Explanation: The indicated field2 that is part of the concatenation started with the indicated field1 occurs multiple times on the record or summary display level in a modifiable capacity. This is an unsupported combination. As a result the entire concatenation is made nonmodifiable. To restore the ability to modify this field within the concatenation, add a NOMODIFY modifier to the other instances on the same display level. To restore the ability to modify the rest of the concatenation, add a NOMODIFY modifier to field2. CKR1267 Scattered field fieldaddr2 fieldname2 - concatenation fieldaddr1 fieldname1 made nonmodifiable on detail display at ddname line number Severity: 00 Explanation: The indicated field2 that is part of the concatenation started with the indicated field1 occurs multiple times on the detail display level in a modifiable capacity. This is an unsupported combination. As a result the entire concatenation is made nonmodifiable. To restore the ability to modify this field within the concatenation, add a NOMODIFY modifier to the other instances on the same display level. To restore the ability to modify the rest of the concatenation, add a NOMODIFY modifier to field2. CKR1268 Modifiers DETAIL, NODETAIL and BOTH are mutually exclusive - field fieldname at ddname line number Severity: 12 Explanation: These modifiers each control the display level a field or literal in a DISPLAY statement should appear on, and cannot be combined. CKR1269 Modifier modifier2 overrides modifier modifier1 - definedvariable at ddname line number Severity: 00 Explanation: The indicated modifier1 was specified on the indicated DEFINE statement. The definedvariable is used with modifier2 here, which overrides this default. The two attributes are not combined. CKR1270 Lookup from detail field fieldname1 to overview is not supported for fieldname2 at ddname line number Severity: 12 Explanation: Base field field1 requires special processing, which is only done when the detail level is generated. Since the base values will not be available when the overview level is generated, this lookup is not supported. To get the lookup on the overview without its base field, insert a new occurrence of field1 before the one on the detail level into the DISPLAY statement with a NONDISPL modifier. CKR1271 CUA attribute attribute2 overrides CUA attribute attribute1 - definedvariable at ddname line number Severity: 00 Explanation: The indicated attribute1 was specified on the indicated DEFINE statement. The definedvariable is used with attribute2 here, which overrides this default. The two attributes are not combined. 300 Version 1.12: Messages Guide CKR1272 Unexpected CSRSI return code xxxxxxxx Severity: 00 Explanation: This message indicates that the CSRSI service returned an unexpected return code. As a result, no CPU model detail information can be shown for the live system. CKR1273 Field name flag value must be UPPER or ASIS - "value" at ddname line number Severity: 12 Explanation: This message indicates that for field name only the values UPPER and ASIS can be specified on the select statement. CKR1274 Field field value must be DISALLOWED or ALLOWED - "value" at ddname line number Severity: 12 Explanation: This message indicates that for field (CDTGEN (alias CLASS_GENERIC_ALLOWED) or CDTGENL (alias CLASS_GENLIST_ALLOWED)) only the values DISALLOWED (alias NO or OFF) and ALLOWED (alias YES or ON) can be specified on the select statement. CKR1275 MACCHECK value must be NORMAL, REVERSE, or EQUAL - "value" at ddname line number Severity: 12 Explanation: This message indicates that for field CDTMAC only the values NORMAL, REVERSE, or EQUAL can be specified on the select statement. CKR1276 Selection in restricted mode is not allowed with type clause at ddname line number Severity: 04 or 12 Explanation: When the program is running in restricted or PADS mode, selection with the indicated type of clause is not allowed. The program is running in restricted mode either because of a reason shown in a CKR0031 message or because SIMULATE RESTRICT was specified. This condition is considered a syntax error (severity 12). If an ALLOWRESTRICT modifier explicitly indicates that the query must be executed anyway, this message is issued as a warning (severity 4) to remind you that the indicated field is treated as missing. See also CKR0170. CKR1277 Implicit lookup to type type1 not supported from type type2 at ddname line number Severity: 12 Explanation: Object attribute lookup is not supported for this combination of newlist types. CKR1278 Explicit lookup to type type1 not supported from type type2 through field field at ddname line number Severity: 12 Explanation: Id lookup to the specified type type1 is not supported from type type2. If you are using zSecure for RACF, the only target type allowed is RACF. If you are using zSecure for ACF2, this is actually a lookup to ACF2_LID information for an ACF2 security database. CKR1279 The BESTMATCH parameter can only be used in a newlist context at ddname line number Severity: 12 Explanation: The BESTMATCH parameter was used on a global select, i.e. before the first NEWLIST statement. This is not supported. Move the select statement to the correct NEWLIST TYPE=RACF. Chapter 5. CKR messages 301 CKR1280 Duplicate user userid in connect list of group groupid Severity: 04 Explanation: The USERID field of the indicated GROUP profile contains the indicated user ID more than once. This is an anomaly in the RACF database. RACF will only use the first connect entry, and zSecure will show only the entry RACF uses. However, during selection both connect entries are considered, which may result in unexpected output. No support is present to remove the condition. CKR1281 Defined variable variable (type=type) is not boolean/as/true, may not be used as lookup target at ddname line number Severity: 12 Explanation: This message indicates that a variable of an improper type was used as a lookup target for an (explicit) ID lookup. The only types allowed are BOOLEAN, AS, and TRUE. CKR1282 Defined variable variable (type=type) is not boolean/as/true, may not be used as lookup target at ddname line number Severity: 12 Explanation: This message indicates that a variable of an improper type was used as a lookup target for an (implicit) object property lookup. The only types allowed are BOOLEAN, AS, and TRUE. CKR1283 Expecting lookup field at ddname line number Severity: 12 Explanation: This message indicates that a lookup specification was expected but the field name encountered was blank or missing. CKR1284 Filter comparison only allowed with =, <>, and ^= before name at ddname line number Severity: 12 Explanation: A field can only be compared with a filter using a =, <>, or ^= operator. CKR1285 Column width width insufficient for DUMP(n), width2 required - field fieldname at ddname line number Severity: 12 Explanation: DUMP(n) formatting requires room for dump offset, separators and at least one full word. For additional information about the DUMP format, see the LIST command - Format names documentation in the user reference manual for your zSecure product. CKR1286 Scope-filtered repeat group field field cannot be used as lookup key at ddname line number Severity: 12 Explanation: This message indicates that a repeat group field that needs entry-level scope processing is not supported as a lookup key. CKR1287 RACLIST value must be ALLOWED, REQUIRED, or DISALLOWED - "value" at ddname line number Severity: 12 Explanation: This message indicates that for field CDTRACL only the values ALLOWED, REQUIRED, and DISALLOWED can be specified on the select statement. 302 Version 1.12: Messages Guide CKR1288 UACC value must be ALTER, CONTROL, UPDATE, READ, ACEE, or NONE - "value" at ddname line number Severity: 12 Explanation: This message indicates that for field CDTUACC only the values ALTER, CONTROL, UPDATE, READ, ACEE, and NONE can be specified on the select statement. CKR1289 No DDname number 00-99 left for <dsn or path> Severity: 12 Explanation: This message indicates that the maximum supported number of automatic allocations for a specific file type (DD name prefix) has been reached. Reduce the number of file sets in SE.1 or manually create additional ALLOC statements with your own DDnames for the additional files needed. CKR1290 No entry with address less than or equal to address found in the NUCMAP Severity: 20 Explanation: The program searched for a module with address address in the nucleus map, but couldn't locate it. If you receive this message but are unsure about the reason you should contact IBM Software Support. CKR1291 Duplicate SECLABEL profile seclabel Severity: 20 Explanation: The indicated seclabel is defined twice. This is an anomaly in the RACF database. Only the first profile will be used in the program, and no support is present to remove the condition. CKR1292 RACSTAT unexpected RC. CLASS='class' SAF RC=safrc RACF RC=racfrc RSNCODE=rsn Severity: 16 Explanation: While retrieving the dynamic class descriptor table from the system using RACROUTE REQUEST=STAT calls, the program received a return code indicating an error. zSecure Audit will stop processing the dynamic CDT. To determine the cause of the error, you can look up the return codes in the RACROUTE macro reference. Note that if the error occurs halfway through processing the CDT (class will be other than all blanks) zSecure Audit will continue using the partial CDT. If the error happens before any class setting is returned (which is more probable) zSecure Audit falls back to using the static CDT. This message is suppressible. CKR1293 CERTIFICATE_TRUSTED value must be NOTRUST/No, TRUST/Yes, or HIGHTRUST/Hi - "value" at ddname line number Severity: 12 Explanation: The CERTIFICATE_TRUSTED field can only have one of the following values: NOTRUST (or No), TRUST (or TRUSTED or Yes) and HIGHTRUST (or HIGH or Hi). Specify a valid value on the select statement. CKR1294 Allocation failure for ddname dsname Severity: 16 Explanation: Dynamic allocation failed for the indicated data set. Diagnostic information regarding the precise cause of failure will be present in a preceding message from DAIRFAIL. Processing is aborted. CKR1295 CKAOUNIX.CKATSEC: No memory left to build TSEC ACLs Severity: 08 Explanation: There appears to be a memory shortage--try increasing the REGION size or limiting the query. As a result, UNIX processing cannot determine access to the various SECLABELS. In TYPE=UNIX newlists the HOME_OF, Chapter 5. CKR messages 303 AUDITCONCERN and AUDITPRIORITY fields may show incorrect or incomplete output. In TYPE=TRUSTED, some concerns may not be reported. CKR1296 Not a CKFREEZE file - ddname volume dsn Severity: 16 Explanation: This message indicates that an allocation was done for an TYPE=CKFREEZE file, but the content of he data set does not conform to a CKFREEZE layout, nor is it an unload. CKR1297 UNLOAD allocated as CKFREEZE file - ddname volume dsn Severity: 16 Explanation: This message indicates that an allocation was done for a TYPE=CKFREEZE file, but the content of the data set proves that it is actually a TYPE=UNLOAD data set. Probably some lines were interchanged in CARLa, in the JCL, or in the set of input files in SE.1. CKR1298 SORTLIST/DISPLAY invisible because of NONDISPL on summary key(s) at ddname line number Severity: 12 Explanation: This message indicates that one of the summary levels had only non-displayable summary keys, which is interpreted as a request to suppress output for this and all lower summary levels. Since the output for SORTLIST/DISPLAY hierarchically comes below the lowest summary level, this would also be suppressed. So the SORTLIST/DISPLAY request cannot be honored. Either delete the SORTLIST/DISPLAY statement, or remove the NONDISPL indicator from a summary key. CKR1299 Duplicate group groupid in connect list of user userid Severity: 04 Explanation: The CGGRPNM field of the indicated USER profile contains the indicated group ID more than once. This is an anomaly in the RACF database. RACF will only use the first connect entry, and zSecure will show only the entry RACF uses. However, during selection both connect entries are considered, which may result in unexpected output. No support is present to remove the condition. Messages from 1300 to 1399 CKR1300 Unexpected index entry id hexid ddname rel blk blknum offset hexnum table hexnum lvl level Severity: 16 Explanation: An unexpected kind of entry with an unsupported ID was found in the RACF database index. Adding a SUPPRESS INDEX command to your CARLa stream may circumvent this problem. From within the ISPF interface you can specify this under SETUP PREAMBLE. If the RACF utility IRRUT200 does not warn of inconsistencies or errors, contact IBM Software Support. If it does report inconsistencies, reorganize your RACF database with IRRUT400. CKR1301 Invalid active segment table for source sourcename Severity: 04 Explanation: When processing a record containing an image of the in-storage RACF database templates, an unexpected condition was encountered. If source equals system, the record came from a CKFREEZE, otherwise it came from an UNLOAD. The program will obtain templates from another source, if necessary, but these will not necessarily be completely up to date. 304 Version 1.12: Messages Guide CKR1302 Complex complex uses template type templates of source sourcename template level template level comparison Severity: 00 Explanation: This message states which templates will be used to process the RACF database of the indicated complex. If template type equals database, source and sourcename will equal complex and complex, respectively. In this case, the message will not give any details on the template level; that information is available in the preceding CKR0004 for this complex. If template type equals incore, source can be either system (indicating the templates were taken from either the live settings or a CKFREEZE) or complex (generally indicating the templates were taken from an UNLOAD). In either case, template level will indicate RACF release level and the APAR level that last changed the templates, followed by their numerical equivalents if that information is available. The message will also indicate whether the incore templates are equal to the database templates. Since the incore templates will only be used if they're more recent than the ones in the database, the message will generally say (different from DB). CKR1303 Too many id lookup fields, limit is around 8000 Severity: 12 Explanation: This message indicates that there are too many lookup fields to be stored for users or groups. For character fields, the limit is around 8000. Reduce the number of define statements used as a lookup target. CKR1304 Request storing for segment typing due to newlist exclude Severity: 00 Explanation: This message is triggered by DEBUG SEGMENT if all users and groups will be stored to help disambiguating the entity type of segments in a RACF restructured database. This specific message is given if the SELECT statement itself does not need to disambiguate an entity type, but does include both USER and GROUP, and a field used in the EXCLUDE statement does need it. CKR1305 Request storing for segment typing due to where clause Severity: 00 Explanation: This message is triggered by DEBUG SEGMENT if all users and groups will be stored to help disambiguating the entity type of segments in a RACF restructured database. This specific message is given if a defined variable includes a WHERE clause that needs a disambiguated entity type. CKR1306 Global exclude needs storing for segment typing Severity: 00 Explanation: This message is triggered by DEBUG SEGMENT if all users and groups will be stored to help disambiguate the entity type of segments in a RACF restructured database. This specific message is given if a global EXCLUDE statement includes fields that need the entity type to be disambiguated (for example, EXCLUDE CLASS=USER SEGMENT=OMVS). CKR1307 Not licensed to read esm datasource ddname volser dsn(member) Severity: 16 Explanation: If datasource is unload, this message indicates that you tried to process an UNLOAD created on a system running External Security Manager esm. You are not licensed to examine this type of UNLOAD. Verify that you run with the correct IFAPRDxx member or remove the offending UNLOAD from the query. If datasource is remote database, this message refers to a security database allocated through the zSecure Server network. CKR1308 DEFTYPE parameter does not contain a national character at ddname line number Severity: 04 Explanation: The parameter of the DEFTYPE command at the given location, which can be TYPE or ABBREV2, does not contain a national character ($, #, or @). While this is not normally a problem, conflicts might occur in the future when new TYPE or ABBREV2 values are predefined in IBM Security zSecure. This message can be suppressed by Chapter 5. CKR messages 305 adding the NOWARN parameter to the DEFTYPE specification. CKR1309 DDNAME ddname has already been assigned to dsn - at inputdd line number Severity: 12 Explanation: You have issued multiple ALLOC commands for the ddname indicated and two (or more) of these specify the DSN/CMSFILE/PATH parameter. The first of these parameter values is shown as dsn, and the location of the second ALLOC command is line number in inputdd. Fix the ALLOC statements in your query, and run it again. CKR1310 CONNECT lookup not supported on DEFINE - at ddname line number Severity: 12 Explanation: This indicates that a :CONNECT lookup is not supported on the DEFINE statement. You can only use it on a SORTLIST or DISPLAY statement, like "SORTLIST KEY USERID USERID:CONNECT" CKR1311 Type type already used by builtin newlist at ddname line number Severity: 12 Explanation: The TYPE=type specification of the DEFTYPE command at the given location conflicts with a newlist type predefined in IBM Security zSecure. To avoid conflicts of this nature, you should always use a national character ($, #, or @) as part of your DEFTYPE TYPE= names. CKR1312 CKRSTPMB: Invalid member length xx : program - member Severity: 20 Explanation: While storing the memberlist for PROGRAM profile program an entry member with length xx (in hexadecimal) was found. This length is too short to contain a valid entry. This memberlist entry is ignored. CKR1313 Lookup through field fieldname not supported at ddname line number Severity: 12 Explanation: Specification of a target newlist type lookup key is only supported for deftype lookups. CKR1314 Switching to sequential mode switchreason on complex DB nn ddname volser dsn So far read number special, number index, and number data blocks of current queue length number So far read number blocks from a total of number in number IOs Severity: 00 Explanation: This message indicates that the program expects continuation of indexed I/O to yield a longer response time than just processing this RACF data set sequentially. This decision is taken separately for each RACF data set in a RACF database. If switchreason is as requested by client, this decision is the result of logically analyzing the query and is generated only if a CKRCARLA instance is running as a database server through the zSecure Server network. The local client instance would make this decision before starting I/O. If switchreason is due to high number of requests, this is a dynamic decision based on the actual I/Os queued. This behavior can be suppressed (for debugging and performance analysis purposes) by the command SUPPRESS INDEXCUTOFF (always indexed I/O if possible) or SUPPRESS INDEX (always sequential I/O). You can change the cutoff point for indexed I/O with LIMIT INDEXBIAS. For details, see the documentation for the SUPPRESS and LIMIT commands in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual. Note: These commands only apply to the CKRCARLA instance that reads the CARLa; the local client and a remote database server instance have their own input commands. 306 Version 1.12: Messages Guide CKR1315 Option option incompatible with FILEFORMAT=XML - field fieldname at ddname line number Severity: 12 Explanation: The field output modifier indicated is not compatible with FILEFORMAT=XML. Instead of a modifier, this can also be STRING to indicate that a literal is not supported as it has no XML element associated with it. CKR1316 Option option incompatible with FILEFORMAT=XML - at ddname line number Severity: 12 Explanation: The NEWLIST option indicated is mutually exclusive with FILEFORMAT=XML. CKR1317 NEWLIST NAME is required with FILEFORMAT=XML at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have an element name defined by the NEWLIST NAME= parameter. Hence it is required CKR1318 Duplicate XML field element name name in newlist newlist at ddname line number Severity: 12 Explanation: This message indicates that a duplicate field name is specified or implied (by alias processing) within a LIST or SORTLIST statement. This is not possible with FILEFORMAT=XML, since repeated element names are used for repeated field values. CKR1319 NEWLIST NAME=name invalid XML name - at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have an element name defined by the NEWLIST NAME= parameter. Hence the name must conform to rules for XML names: it cannot start with "XML", with a digit, or with a hyphen, and it cannot contain national characters. CKR1320 XML field element name name at ddname line number same as record element set by NAME=name at ddname line number Severity: 12 Explanation: This message indicates that a field name is used that is the same as a newlist name printing to the same output file with FILEFORMAT=XML. XML output is done in the form of structured XML elements that have a root element name defined by the NEWLIST DD= parameter, record-level subelements with the element name defined by the NEWLIST NAME= parameter, and field-level subelements defined by (SORT)LIST field names. These cannot be the same in a well-formed XML document. CKR1321 The BESTMATCH parameter cannot be used in a WHERE clause at ddname line number Severity: 12 Explanation: The BESTMATCH parameter was used on a WHERE clause in a DEFINE statement. This is not supported. The BESTMATCH parameter can only be used on a SELECT statement in a newlist. CKR1322 Unsupported segment segname in complex complex Severity: 08 Explanation: This message indicates that a new segment name was found in the RACF database templates that is not supported by the current version of zSecure. Chapter 5. CKR messages 307 CKR1323 EUdate separator can only be a /, - or blank token at ddname line number Severity: 12 Explanation: Only the separators slash(/), dash(-) and blank( ) are allowed on the EUdate format. Verify your specifications and resubmit the query. CKR1324 Option option warningtext possible UTF-8 values - field fieldname at ddname line number Severity: 00 or 12 Explanation: When producing a report in a non-default output encoding, the field output modifier indicated is not compatible with this field that might contain values in Unicode. This applies to INDENT, TITLE and TOPTITLE. This message is issued with a severity of 0 if FILEOPTION ENCODING=EBCDIC applies to the report to inform you that this query will no longer work when you change the encoding. If any other output encoding is active, it is issued as a syntax error with a severity of 12. CKR1325 Option option already set differently for output file, unexpected change by newlist name at ddname line number Severity: 04 or 12 Explanation: The indicated option is an output file property that cannot be set differently across NEWLISTs writing to the same file. This message is normally issued with severity 12 (syntax error), but for options that should be file properties in principle but might vary across NEWLISTs, it is issued with severity 4 (warning). These options are NOPAGE, PAGELENGTH, OVERPRINT, MAXPAGE, PAGETEXT, and CAPS. In general it is recommended to set output file options with the FILEOPTION statement and refer to the ddname on the NEWLIST or MERGELIST statement with DD=, and omit those options on OPTION or NEWLIST statements. The CKR1325 message is often caused by OPTION parameters setting the default for subsequent newlists and conflicting with what was implied by the FILEOPTION statement. CKR1326 FILEOPTION DD=ddname must be positioned before first reference to DDname at ddname line number Severity: 12 Explanation: Any reference to a DD-name with file options should follow the FILEOPTION statement. CKR1327 Option not valid behind FILEOPTION - option at ddname line number Severity: 12 Explanation: The FILEOPTION command can only reference output file options, no other options such as NEWLIST options. For a list of valid options and their exact meaning, see the FILEOPTION command documentation in the user reference manual for your zSecure product. CKR1328 Mixed case password support disabled on current system Severity: 00 Explanation: The source database in a merge operation has mixed case password enabled, but the current database has not. If passwords are copied from the source database to the current database, users with a mixed case password will not be able to login using this password. CKR1329 Duplicate MERGELIST NAME=name at ddname line number Severity: 12 Explanation: This message indicates that two mergelist specifications contain the same name. This is not allowed: a MERGELIST name must be unique. 308 Version 1.12: Messages Guide CKR1330 MERGELIST NAME= required at source for XML element containing newlist name at ddname line number Severity: 12 Explanation: For FILEFORMAT=XML combined with a MERGELIST the MERGELIST defines the "common" XML element name containing the individual newlists between MERGELIST and ENDMERGE as children. To be able to output the XML element, you need to define its element name by specifying the NAME= parameter on the MERGELIST. CKR1331 Soft newline not supported for display - at ddname line number Severity: 12 Explanation: The soft newline operator /n can only be used on the (SORT)LIST and SUMMARY command, not on the DISPLAY or DSUMMARY commands. Either use the hard newline operator / or convert to a (SORT)LIST. CKR1332 CKROUNIT: More than 50 soft newlines not supported on a single line at ddname line number Severity: 12 Explanation: Only 50 instances of the soft newline operator /n are supported between hard newlines (the / operator). CKR1333 Unsupported value nn for MAXWAIT: not in the range 1..59 at ddname line number Severity: 12 Explanation: OPTION SERIALIZATION(MAXWAIT) supports only values in the range of 1 through 59, inclusive. CKR1334 Program not authorized. Disabled APF serialization options UNIT, VOLSER, ENQ(SYSDSN), and MAXWAIT Severity: 04 Explanation: OPTION SERIALIZATION has been specified with at least one of the following parameters: UNIT, VOLSER, ENQ(SYSDSN), or MAXWAIT. Having dynamic allocation wait until the unit or volser becomes available requires APF authorization. The same is true for requesting an ENQ on QNAME SYSDSN, and for specifying a maximum time to wait until the ENQ request can be specified. Since the program lacks this authorization, it will not wait for units or volsers, will not request ENQs on SYSDSN, and will ignore the specified value for MAXWAIT. CKR1335 SERIALIZATION options option1 and option2 are mutually exclusive at ddname line number Severity: 12 Explanation: You cannot both WAIT and FAIL if the ENQ request cannot be immediately satisfied. Neither can you request that the program issue an ENQ and not issue an ENQ (NOENQ) at the same time. CKR1336 Option only valid behind OPTION - <parm> at <ddname> line <lineno> Severity: 12 Explanation: This message indicates that a parameter was specified that is recognized by the program, but not valid on the command you specified. It is only valid behind OPTION. CKR1337 Message number nnn not supported for MSGRC at ddname line lineno Severity: 12 Explanation: This message indicates that OPTION MSGRC does not support arbitrary message numbers. It currently supports only CKR0171, CKR0172, and CKR0438. Chapter 5. CKR messages 309 CKR1338 Message number nnn severity sss exceeds maximum 99, MSGRC at ddname line lineno Severity: 12 Explanation: The maximum severity that can be assigned to a message by OPTION MSGRC is 99. CKR1339 NEWLIST FILEFORMAT=XML root element name must be specified as DD=, cannot be omitted - at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have a root element name defined by the NEWLIST DD= parameter. The DD= parameter must have been specified somehow (as an OPTION before the first NEWLIST or explicitly on the newlist, or on a MERGELIST). CKR1340 NEWLIST DD=name invalid XML name - at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have a root element name defined by the NEWLIST DD= parameter. Hence the name must conform to rules for XML names: it cannot start with "XML", with a digit, or with a hyphen, and it cannot contain national characters. CKR1341 XML element name set by NEWLIST NAME=name same as root set by DD=name at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have a root element name defined by the NEWLIST DD= parameter, and record-level subelements with the element name defined by the NEWLIST NAME= parameter. These cannot be the same in a well-formed XML document. CKR1342 XML field element name name at ddname line number in newlist name same as root set by DD=name at ddname line number Explanation: XML output is done in the form of structured XML elements that have a root element name defined by the NEWLIST DD= parameter, record-level subelements with the element name defined by the NEWLIST NAME= parameter, and field-level subelements defined by (SORT)LIST field names. These cannot be the same in a well-formed XML document. CKR1343 Option option incompatible with ENCODING=UTF-8 - at ddname line number Severity: 12 The message indicates that UTF-8 output encoding cannot be combined with the indicated options. CKR1344 File/DD specification is required on FILEOPTION at ddname line number Severity: 12 Explanation: This message indicates that FILEOPTION requires specification of FILE=/F=/DDNAME=/DD= to indicate to which file it is supposed to apply. CKR1345 MERGELIST NAME=name invalid XML name - at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have an element name defined by the MERGELIST NAME= parameter. Hence the name must conform to rules for XML names: it cannot start with "XML", with a digit, or with a hyphen, and it cannot contain national characters. 310 Version 1.12: Messages Guide CKR1346 XML element name set by NEWLIST NAME=name at ddname line number same as element set by MERGELIST NAME=name at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have optional mergelist-level element defined by the MERGELIST NAME= parameter, and record-level subelements defined by the NEWLIST NAME= parameter. These cannot be the same in a well-formed XML document. CKR1347 XML element name set by MERGELIST NAME=name same as root set by DD=ddname at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have a root element name defined by the NEWLIST DD= parameter, and optional mergelist-level subelements with the element name defined by the MERGELIST NAME= parameter. These cannot be the same in a well-formed XML document. CKR1348 XML field element name name invalid XML name - at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have an element name defined by the (SORT)LIST field names. Hence the name must conform to rules for XML names: it cannot start with "XML", with a digit, or with a hyphen, and it cannot contain national characters. CKR1349 XML field element name name at ddname line number same as element set by MERGELIST NAME=name at ddname line number Severity: 12 Explanation: XML output is done in the form of structured XML elements that have an optional mergelist-level element name defined by the MERGELIST DD= parameter, field-level subelements with the element name defined by the (SORT)LIST field names. These cannot be the same in a well-formed XML document. CKR1350 FILEFORMAT=XML is incompatible with DISPLAY at ddname line number Severity: 12 Explanation: The NEWLIST indicated by ddname and linenumber has been directed to build an interactive display with its output, which is incompatible with FILEFORMAT=XML. CKR1351 Unexpected return code nn dec during LISTCAT of DSNPREF=pref Severity: 12 Explanation: This message indicates that an unexpected return code was received from the catalog SVC 26. Contact IBM Software Support. CKR1352 Unexpected abend during LISTCAT of DSNPREF=pref Severity: 12 Explanation: This message indicates that an abend occurred while performing the indicated catalog search processing. CKR1353 ALLOC DSNPREF=prefix adds DSN=dsn Severity: 00 Explanation: This message indicates that an ALLOC DSN= request was added based on a match with the DSNPREF parameter. Note that this message will not be issued if an ALLOC DSN= request was already present, either explicitly requested or previously matched by a different DSNPREF. Chapter 5. CKR messages 311 CKR1354 ALLOC DSNPREF= is mutually exclusive with DD= delimiter at ddname line number Severity: 12 Explanation: It is not supported to specify a DDname for a generic request like DSNPREF; individual DDnames will be generated for each matching data set name. CKR1355 Skipping SMF file with RECFM=F or U ddname dsn Severity: 08 Explanation: An ALLOC TYPE=SMF was done resulting in a data set that does not have the proper record format for an SMF data set. Specifically, RECFM=F and RECFM=U data sets are not supported by the SMF reader. The severity of this message is only 8 to help easy exploitation of ALLOC TYPE=SMF DSNPREF= by automatically skipping unsuitable data sets. CKR1356 ALLOC DELETE only supported with TYPE=SMF/deftype DSN=/DSNPREF= delimiter at ddname line number Severity: 12 Explanation: This message indicates the DELETE keyword is forbidden on the current ALLOCATE statement since it may only be used for allocations by data set name of TYPE=SMF, TYPE=ACCESSor DEFTYPE defined types. CKR1357 Delete requested for ddname dsn Severity: 00 Explanation: This message indicates that the final disposition of the indicated file allocated to the indicated data set will be changed to DELETE while the file is freed. CKR1358 DSNPREF cannot be longer than 43 - delimiter at ddname line number Severity: 12 Explanation: This message indicates that the maximum length of a data set prefix is 43 characters. Use DSN= with a 44 character name. CKR1359 Skipping record number of length size because SMF cannot be >32KB in ddname volser dsn Severity: 08 Explanation: SMF is being read from an LRECL=X data set and has now encountered a record length greater than fits into the Record Descriptor Word of any SMF record mapping. So this proves the record is not an SMF record, and the record will be skipped. CKR1360 Running in APF mode, READ access to class CKR.CKRCARLA.APF Severity: 00 Explanation: This message indicates that CKRCARLA was called with APF authorization active (for example, by CKRCARLX or C2POLICE), and that the user was authorized by SAF to exploit this. The SAF class is installation defined in the CKRSITE module. CKR1361 CKR.CKRCARLA.APF in class class not defined. APF mode disallowed. Severity: 12 Explanation: This message indicates that CKRCARLA was called with APF authorization active (for example, by CKRCARLX or C2POLICE), but that the user was not explicitly authorized by SAF to exploit his. This is not allowed. Either obtain a permit to the indicated SAF resource or directly invoke CKRCARLA (which has AC(0) and hence will run without APF authorization). The SAF class is installation defined in the CKRSITE module. 312 Version 1.12: Messages Guide CKR1362 APF mode disallowed, no READ access to class CKR.CKRCARLA.APF Severity: 12 Explanation: This message indicates that CKRCARLA was called with APF authorization active (for example, by CKRCARLX or C2POLICE), but that the user was not explicitly denied access by SAF to exploit his. Either obtain a permit to the indicated SAF resource or directly invoke CKRCARLA (which has AC(0) and hence will run without APF authorization). The SAF class is installation defined in the CKRSITE module. CKR1363 Need to specify DDNAME= or MEMBER= on XML_STYLESHEET=IMBED - at ddname line number Severity: 12 Explanation: This message indicates that an XML_STYLESHEET=IMBED() statement is coded, which does not specify a DDNAME= or MEMBER= statement. You need to specify at least one of these. CKR1364 type LXAT record corrupt on SYSTEM system Severity: 08 Explanation: An LXAT record from the CKFREEZE for the system indicated was found to be corrupted. Information found in the structured repeat group described with the LX field for newlist type=PC might be erroneous. If this message reoccurs after the CKFREEZE has been refreshed, contact IBM Software Support. CKR1365 Option option incompatible with COMPRESS - at ddname line Severity: 12 Explanation: This message indicates an option or command not supported in combination with a compressed output file. CKR1366 Compressed output from original to compressed bytes (factor factor), file ddname pathname Severity: 00 Explanation: This suppressible message lists the original and compressed data size for each COMPRESS=GZIP output file, and the reduction factor achieved. CKR1369 number InfoStorage records read for complex; resource rules totalled number entries Severity: 00 Explanation: This message is only issued for an ACF2 infostorage database and indicates the number of records that were read, as well as the total number of rule lines that were present in the resource rule records present among the read infostorage records. CKR1370 Extended template block n for entity e not found in ICBTEMP for seq s ddname volser dsname Severity: 20 Explanation: This message indicates that a pointer to a template extension was found in a template block, but not the corresponding information in the template block array. Contact IBM Software Support. The message can be suppressed in the mean time. CKR1371 Generic string longer than 255 Severity: 12 Explanation: A string was specified that contained generics and was longer than 255 characters. This is not supported. Change the query and resubmit it. Chapter 5. CKR messages 313 CKR1372 Unload output LRECL=nnnn must at least be 23472, LRECL=X,RECFM=VBS preferred file [(redirected CKRUNLOU)] ddname [path | volser dsname] Severity: 16 Explanation: This message indicated that an unloaded security database requires a minimum record length of 23472. Even then, records may get truncated. The recommend LRECL specification is LRECL=X,RECFM=VBS. CKR1374 Cannot open stylesheet from file ddname volser dsname Severity: 08 Explanation: This message indicates that the XSLT stylesheet specified by the XML_STYLESHEET=IMBED() statement cannot be opened. Check if the file is correctly allocated, and the member exists. CKR1375 Cannot find open tag <xsl:stylesheet> in stylesheet from file ddname volser dsname Severity: 08 Explanation: The XSLT stylesheet specified by the XML_STYLESHEET=IMBED() statement does not appear to contain an <xsl:stylesheet> element. An XSLT stylesheet used for imbedding by zSecure must have the <xsl:stylesheet> open tag and </xsl:stylesheet> close tag as the only elements on separate lines to be recognized. CKR1376 Cannot find close tag </xsl:stylesheet> in stylesheet from file ddname volser dsn Severity: 08 Explanation: The XSLT stylesheet specified by the XML_STYLESHEET=IMBED() statement does not appear to contain an </xsl:stylesheet> element. An XSLT stylesheet used for imbedding by zSecure must have the <xsl:stylesheet> open tag and </xsl:stylesheet> close tag as the only elements on separate lines to be recognized. CKR1377 XML_STYLESHEET=IMBED is incompatible with XML_DTD at ddname line number Severity: 12 Explanation: An imbedded XSLT stylesheet cannot contain a DTD. CKR1378 A member name is required to read from PDS ddname volser dsn :severity: 8 Explanation: The data set which has been specified on the XML_STYLESHEET=IMBED() statement is partitioned, but no member has been specified. CKR1379 CERTIFICATE_KEYUSAGE value incorrect - "value" at ddname line number Severity: 12 Explanation: The only values that are valid on the CERTIFICATE_KEYUSAGE field are: HANDSHAKE, DOCSIGN, DATAENCRYPT, CERTSIGN, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, and encipherOnly. Verify your query and resubmit. CKR1380 ENCODING=UTF-8 for e-mail can only be used with OUTPUTFORMAT=ATTACH at ddname line number Severity: 12 Explanation: UTF-8 encoded reports can only be e-mailed as attachments. Supply OUTPUTFORMAT=ATTACH or remove ENCODING=UTF-8. CKR1381 The same DD ddname cannot be used both for e-mail and normal reporting - at ddname line number Severity: 12 Explanation: The indicated CARLa statement specifies or implies the same report DD-name as an earlier statement, 314 Version 1.12: Messages Guide but these specifications are incompatible because one specifies an e-mail destination while the other requests a normal report. CKR1382 Restricted mode does not allow SELECT keyword keyword at ddname line number Severity: 04 or 12 Explanation: When the program is running in restricted or PADS mode, selection through the indicated keyword is not allowed. The program is running in restricted mode either because of a reason shown in a CKR0031 message or because SIMULATE RESTRICT was specified. This condition is considered a syntax error (severity 12). If an ALLOWRESTRICT modifier explicitly indicates that the query must be executed anyway, this message is issued as a warning (severity 4) to remind you that the indicated field is treated as missing. See also CKR0170. CKR1383 ALLOC TYPE=TSS_ATF file skipped because not licensed - ddname volume dsn Severity: 00 Explanation: An ALLOC TYPE=TSS_ATF statement for the indicated data set is ignored because IBM Security zSecure Audit for Top Secret is not installed or has been disabled in IFAPRDxx.. CKR1384 COMPRESS=GZIP requested for ddname but file specification is incompatible - ignored Severity: 04 Explanation: This message indicates that GZIP compression was specified for the ddname indicated, but the file in question was not allocated with an ALLOC command with a FILEDESC or PATH specification. The output will not be compressed. CKR1385 XML file may be unusable due to insufficient LRECL - ddname volser dsn(member) Severity: 08 Explanation: One or more lines in the specified XML output file have been truncated which can lead to missing or broken tags. This can render the resulting XML document unusable. Increase the LRECL specified for the file (files allocated for XML output by the program itself have a worst case scenario LRECL of 6600) and rerun the query. CKR1386 E-mail and LIST output are incompatible at ddname line number Severity: 12 Explanation: E-mailing LIST output is not supported. Use SORTLIST instead. CKR1387 File option CAPS cannot be used with XML or UTF-8 output at ddname line number Severity: 12 Explanation: File option CAPS cannot be used with FILEFORMAT=XML or ENCODING=UTF-8. CKR1388 File option NULLS cannot be used with XML output at ddname line number Severity: 12 Explanation: File option NULLS conflicts with the automatic filtering of control characters by the XML processing. You cannot use this file option with FILEFORMAT=XML. CKR1389 Non-PADS access required to read type data, skipping file vol dsn(member) Severity: 08 Explanation: A data set to which only conditional (PADS) access was granted was requested for type input. Unconditional read access is needed to read DEFTYPE data. The data set is not processed. Chapter 5. CKR messages 315 CKR1390 Non-PADS access required for unrestricted SMF, skipping file vol dsn(member) Severity: 08 Explanation: When reading SMF files in unrestricted mode, only data sets to which unconditional READ access is granted are valid. For the data set mentioned only conditional (PADS) READ was granted. The data set is skipped. CKR1391 Undefined division division or undefined field field Severity: 12 Explanation: The explicit request for field field from division division is invalid. This may be either because the field is not defined for the requested division, or because the division is not defined for any infostorage record type. You can use the FDE primary command to find out which combinations of residence type, division, and field name are valid. CKR1392 Field field not defined for residence type residence type Severity: 12 Explanation: No Field Definition Entry was found for the requested field in any Record Structure Block associated with the requested residence type. You can use the FDE primary command to find out which combinations of residence type, division, and field name are valid. CKR1393 Field field not defined for residence type residence type and division division Severity: 12 Explanation: The Record Structure block for the requested residence type and division does not contain a Field Definition Entry for the requested field. You can use the FDE primary command to find out which combinations of residence type, division, and field name are valid. CKR1394 Division division not defined for residence type residence type Severity: 12 Explanation: The requested combination of division and residence type is invalid. You can use the FDE primary command to find out which combinations of residence type, division, and field name are valid. CKR1395 Undefined residence type residence type Severity: 12 Explanation: The requested residence type does not exist. You can use the FDE primary command to find out which combinations of residence type, division, and field name are valid. CKR1396 number InfoStorage records skipped for complex Severity: 00 Explanation: This message is only issued for an ACF2 infostorage database and indicates the number of records for which processing was skipped. Processing is skipped for infostorage records of subtypes that aren't yet supported in the current release. CKR1398 FUNCTION=MERGE input present for complex complex but FUNCTION=MAIN input is missing Severity: 12 Explanation: A RACF database or unload is allocated to complex complex as a MERGE input source, however there is no equivalent MAIN database or unload specified. Verify your allocations and rerun the query. 316 Version 1.12: Messages Guide CKR1399 Corrupted/truncated QUAA for system system record number of ddname volser dsn Severity: 08 Explanation: The QUAA record taken from the CKFREEZE file is not complete. This can happen if the LRECL of the CKFREEZE file is too small. Messages from 1400 to 1499 CKR1400 Running on an unsupported version vv.rr.mm of z/OS, results are unpredictable - please upgrade Severity: 04 Explanation: This message indicates that zSecure is being run on an operating system level that it is not supported on. The results are unpredictable. Upgrade zSecure to the proper version. CKR1401 Running on a no longer supported version vv.rr.mm of z/OS, some product features may fail Severity: 04 Explanation: This version of zSecure is not supported on the operating system level that you are running it on. Some (newer) product features may fail. On the other hand, typically older reports will keep working, but there is no support if they do not. CKR1402 Running on an unsupported OS product name, results are unpredictable Severity: 04 Explanation: The current operating system is not recognized by this version of zSecure, and not supported. CKR1403 Analyzing an unsupported version vv.rr.mm of z/OS, results are unpredictable - please upgrade Severity: 04 Explanation: This message indicates that a system snapshot is being analyzed from an operating system level that it is not supported on this version of zSecure. The results are unpredictable. Upgrade zSecure to the proper version. CKR1404 Processing 100 SMF data sets, nnn ALLOC DSNPREF matches left for a subsequent run Severity: 08 Explanation: This message indicates that an ALLOC DSNPPREF statement for TYPE=SMF yielded more than 100 data set name matches. Only the alphabetically first 100 will be processed. If the DELETE operand is also on, a subsequent run will pick up the next 100 data sets. To ensure optimal processing, you should ensure that for each system, the alphabetical order of the SMF data set names matches the chronological order of the SMF records. CKR1405 Live SMF suppressed because more SMF data sets requested than can be processed Severity: 08 Explanation: As long as not all TYPE=SMF data sets matching the DSNPREF specification can been processed together with all live SMF data sets, processing of live SMF is suppressed. This is done to ensure that SMF records can be processed in chronological order (if the data set names reflect the chronological order, and contain SMF records that are older than the live SMF). CKR1406 More than 4 SUBSYS parms not supported at ddname line number Severity: 12 Explanation: The SUBSYS keyword of the ALLOC CARLa command supports only 4 subparameters. If you need more, contact IBM Software Support. Chapter 5. CKR messages 317 CKR1407 ALLOC SUBSYS is not supported with PATH/FILEDESC/CMSFILE/GETPROC/SMFSTREAM/ DSNPREF at ddname line number Severity: 12 Explanation: The SUBSYS specification cannot be used together with other input source designations than DSN=. CKR1408 IFAQUERY return area too small. Omitted nnn log stream records. Severity: 08 Explanation: Even after passing the required length in a second call, there is still not sufficient space to store the SMF log stream data. Contact IBM Software Support. CKR1409 Unexpected return code from IFAQUERY. SMF log stream information is not collected. rc=hhhhhhhhhhh hex rsn=hhhhhhhhhhh hex Severity: 16 Explanation: Failure to obtain SMF log stream data. Contact IBM Software Support. CKR1410 ALLOC TYPE=SMFSTREAM is not supported with PATH/FILEDESC/CMSFILE/GETPROC/ DSNPREF at ddname line number Severity: 12 Explanation: The TYPE=SMFSTREAM specification cannot be used together with other input source designations than DSN=. CKR1411 Cannot determine active SMF log streams for system system Severity: 04 Explanation: When active SMF allocation is requested while SMF log streams are used and IBM Security zSecure runs in non-APF mode, a CKFREEZE file containing the SMF log stream settings must be connected. You have not connected a CKFREEZE file, or it is a CKFREEZE file made using an older zSecure Collect. CKR1412 Started processing ACCESS pads file ddname volser dsn Severity: 0 Explanation: This message indicates that processing of ACCESS input file ddname has started. In addition, it can indicate in pads by the text PADS that access to the data was allowed by virtue of a conditional access. CKR1413 Non-PADS access required to read ACCESS data, skipping file vol dsn(member) Severity: 8 Explanation: ACCESS data sets can only be read when unconditional READ access is granted. For the data set mentioned only conditional (PADS) READ was granted. Reading the data set is skipped. CKR1414 nn ACCESS records read, nn ACCESS records selected (nn%) Severity: 0 Explanation: This message indicates the number of ACCESS records read and the number and percentage that were selected. CKR1415 ALLOC TYPE=ACCESS file skipped because not licensed - ddname volume dsn Severity: 0 Explanation: An ALLOC TYPE=ACCESS statement for the indicated data set is ignored because IBM Security zSecure Admin is not installed or has been disabled in IFAPRDxx. 318 Version 1.12: Messages Guide CKR1416 Inconsistent CFDEF definitions for profile Severity: 08 Explanation: This message indicates that, during a database merge, a CFIELD profile is found present in both the source database and the current database. In that case, merge requires these profiles to have identical CFDEF segments. The indicated profiles do not have identical CFDEF segments. CKR1417 Expected Custom FIELD Type instead of cccc Severity: 12 Explanation: CARLa has encountered a DEFINE statement similar to the following: DEFINE yourname SUBSELECT(CSTYPE=cccc). The value cccc is expected to be one of these values: Num, Char, Hex, or Flag, but in fact it is not. User response: Correct the CARLa code and specify the correct Custom Format Type value. CKR1418 The value of CFDEF fields CFFIRST and CFOTHER must be ALPHA, ALPHANUM, ANY, NONATBC, NONATNUM, or NUMERIC - "value" at ddname line number Severity: 12 Explanation: This message indicates that the value you specified for a field did not match the field type expected by the program. User response: Select the appropriate value for the field. CKR1419 CSTYPE value must be CHAR, NUM, FLAG, or HEX - "value" at ddname line number Severity: 12 Explanation: This message indicates that the value you specified for a field did not match the field type expected by the program. User response: Select the appropriate value for the field. CKR1420 system abend code code(text) in UNLOAD processing. Dynamic Parse Table not processed. Severity: 04 Explanation: There has been an abend while writing the Dynamic Parse Table during UNLOAD processing. This will not affect other UNLOAD processing. However, the resultant UNLOAD file will not include a complete Dynamic Parse Table and hence may cause errors or omissions if used to examine Custom Fields. User response: Review the JESLOG and SYSPRINT output from CKRCARLA to determine if this is associated with other errors or messages. If you cannot resolve the problem, contact IBM Software Support. CKR1421 Multi-line WTO output beyond line 10 was suppressed for newlist name source Severity: 04 Explanation: A multi-line WTO that exceeds 10 lines was created by the newlist. A maximum of 10 lines can be output so the excess lines were suppressed. CKR1422 All SMF processing suppressed. Severity: 00 Explanation: SUPPRESS SMF command was used to explicitly suppress SMF processing. Chapter 5. CKR messages 319 CKR1424 No numeric symbolic name found and no default at ddname line line. Severity: 12 Explanation: The parser expects a number or a symbolic name of type NUM, however, a non-numeric string was found. No SYMBOLIC NUM name=value statement was encountered in CARLa before this statement. Symbolic names are case insensitive, but each name has a maximum length of 24. If your CARLa must cope with both presence and absence of a SYMBOLIC definition, you can specify a default value behind a vertical bar such as name|value instead of just name. CKR1425 Password phrase must be quoted. Severity: 12 Explanation: The password phrase value is missing the required quotation marks. User response: Update the password phrase value to include the quotes, for example, 'password phrase'. CKR1426 A NEWLIST TYPE=ip_newlist_type request was issued, but no TCP/IP stack configuration data are available. Might be caused by old or non-APF CKFREEZE Severity: 00 Explanation: This message is generated by the NEWLIST TYPE=ip_newlist_type, which is one of the TCP/IP stack configuration reports. It indicates that a TCP/IP stack configuration report was requested, but the stack configuration data were not available. Check the CKFREEZE file used. The TCP/IP stack configuration report requires an APF-authorized zSecure Collect run with a focus including zSecure Audit. The version of zSecure Collect should be at least 1.11 in order to produce a CKFREEZE file with the requested information. The version employed to create the CKFREEZE file can be found in the SYSPRINT, in message CKR0132. CKR1427 NEWLIST TYPE=ip_newlist_type CKFREEZE data incomplete or corrupted Severity: 20 Explanation: This message is generated by the NEWLIST TYPE=ip_newlist_type, which is one of the TCP/IP stack configuration reports. It indicates that a CKFREEZE file is incomplete or corrupted. Contact IBM Software Support. CKR1428 NEWLIST TYPE=ip_newlist_type requires CKFREEZE Severity: 08 Explanation: This message is generated by the NEWLIST TYPE=ip_newlist_type, which is one of the TCP/IP stack configuration reports. It indicates that a TCP/IP stack configuration report was requested, but no CKFREEZE file was used. The report requires a CKFREEZE file. Check your JCL or your set of input files. CKR1429 jobtag [later] CICS dictionary invalid <system> <date time> at ddname line recno Severity: 04 Explanation: This warning message is written when a fall back SMF dictionary turned out to be invalid. It must be written only once per job tag. The message shows the job tag for which the SMF dictionary was validated and the system, date and time, DD name, and record number of the SMF dictionary record itself. CKR1430 jobtag CICS SMF dictionary system truncated - dictionary ignored at ddname line recno. Severity: 04 Explanation: This warning message must be written when an SMF dictionary turned out to be truncated. The SMF dictionary is ignored and a derived dictionary is used. The message shows the system, date and time, DD name, and record number of the dictionary record that has been truncated. 320 Version 1.12: Messages Guide CKR1431 Field FAILLOAD value must be BADSIGONLY, ANYBAD, or NEVER - "badvalue" source Severity: 12 Explanation: This message indicates that a value for the FAILLOAD field was not recognized. User response: Provide one of the values listed in the message, or remove reference to the field. CKR1432 Field SIGAUDIT value must be BADSIGONLY, ANYBAD, SUCCESS, ALL, or NONE - "badvalue" source Severity: 12 Explanation: This message indicates that a value for the SIGAUDIT field was not recognized. User response: Provide one of the values listed in the message, or remove reference to the field. CKR1433 CKRSTORF.CKRSIDID: Duplicate IDID entry userid label flags filter Severity: 20 Explanation: A duplicate distributed identity filter (RACMAP) was found mapping to the indicated userid with the indicated label. The duplicate is ignored. This message can be suppressed. CKR1434 FUNCTION=BASE on CKFREEZE file ddname system system requires F=BASE on security database complex complex Severity: 12 Explanation: A system has been specified as a base to compare against, but the security complex for the system has not been specified. Both the system and the security complex are required for the comparison process. This message can also be caused as a side effect of trying to give multiple complexes the same name, which generates a CKR1472 message. User response: If message CKR1472 is present along with CKR1434, resolve the CKR1472 message first. Then, run the comparison process again to see if the error that generated the CKF1434 message has been resolved. If CKR1434 is present by itself, add the FUNCTION=BASE option to the security database allocation statement. CKR1435 FUNCTION=BASE cannot be specified for more than one security database. Severity: 12 Explanation: FUNCTION=BASE must identify the "standard" security database that compare functions must compare against. It is not allowed to request two security databases to serve as the base. You can identify one security database, for example, UNLOAD, and one system (CKFREEZE) in that same complex as a base. User response: Remove FUNCTION=BASE until only one security database has this specification left. CKR1436 FUNCTION=BASE cannot be specified for more than one system. Severity: 12 Explanation: FUNCTION=BASE must identify the "standard" system that compare functions must compare against. It is not allowed to request two systems to serve as the base. You can identify one security database, for example, UNLOAD, and one system (CKFREEZE) in that same complex as base. User response: Remove FUNCTION=BASE until only one security system has this specification left. CKR1437 COMPAREOPT BASE/BY/COMPARE is not supported for field name source. Severity: 12 Explanation: Comparison is not supported for this field. User response: Use another field. Chapter 5. CKR messages 321 CKR1438 FUNCTION=BASE only supported for TYPE=CKFREEZE/UNLOAD/RACF/ACF2* - error detected before token source. Severity: 12 Explanation: No meaning has been assigned to identify this file TYPE as a base for comparison. The FUNCTION=BASE specification is allowed for security databases and CKFREEZE files. User response: Leave off FUNCTION=BASE for this TYPE. CKR1439 Language lng is not valid in the LANGUAGE statement at source Severity: 12 Explanation: While parsing a LANGUAGE statement, English (ENG, ENU) is not a valid override language. Parsing continues, but the run is cancelled. User response: Choose a different language. CKR1440 LANGUAGE ln2 at source2 does not match the first LANGUAGE statement of ln1 Severity: 12 Explanation: While parsing a LANGUAGE statement, a language lng2 which is different from the first language found lng1 has been located. Parsing continues but the run is cancelled. Each CKRCARLA run can only translate to one language (or not translate). User response: Perform translation to different languages in two separate runs. CKR1441 Translation for "original" was "translation1" overridden by "translation2" at source Severity: 00 Explanation: While parsing a LANGUAGE statement, more than one translation was found for the same string or value. The last one prevails. User response: Validate that the last translation is the one you want. CKR1442 Occurrence only valid in named NEWLIST sections, not in TYPE section at source Severity: 12 Explanation: Occurrence is only valid for FIELD clauses in a named NEWLIST section of a LANGUAGE statement, not in a FIELD clause in a TYPE section. User response: Remove the occurrence designator or move the statement to a NEWLIST clause. CKR1443 LANGUAGE statements must precede the use of any NEWLIST or field name at source Severity: 12 Explanation: In the CARLa input, LANGUAGE statements can only be used before the first use of a field, newlist, or more generally, anything involving strings that might need to be translated. User response: Move LANGUAGE statement to or imbed it earlier in the CARLa input stream, or move CARLa that performs output processing in the SETUP PREAMBLE to a member included under option CO. CKR1444 Complex name used for system smfid records in ddname volser dsn Severity: 00 Explanation: This message is issued once for each system ID smfid that the user is allowed to see in each ACCESS input file processed. The message is intended to help understand unexpected failures. For example, when generating access monitor commands in AM.8.2 with incomplete sets of input or user-specified complex names, the message identifies which complex (RACF database) accesses in the file are to be attributed. 322 Version 1.12: Messages Guide User response: If you have unexpected failures when running access monitor commands from menu option AM.8.2, review this message to find out the problem. CKR1445 Asymmetric key usage value must be (NO)SECUREEXPORT, (NO)HANDSHAKE, or a combination of them - "value" at ddname line number Severity: 12 Explanation: This message indicates that the value you specified for a field did not match the field type expected by the program. User response: Select the appropriate value for the field. CKR1446 Symmetric key exportable value must be (BY)ANY, (BY)LIST, or (BY)NONE - "value" at ddname line number Severity: 12 Explanation: This message indicates that the value you specified for a field did not match the field type expected by the program. User response: Select the appropriate value for the field. CKR1447 nn SMF SUBRECORDS READ, nn SELECTED (nn%) Severity: 00 Explanation: This message indicates the number of SMF subrecords read and the number and percentage that were selected. CKR1448 Duplicate COMPAREOPT TYPE=type NAME=name retaining version source Severity: 12 Explanation: A COMPAREOPT definition can only occur once. User response: Change name of either one, or delete one of the definitions. CKR1449 Duplicate COMPAREOPT field name name source also used source Severity: 12 Explanation: A COMPAREOPT field name list should list a field name at most once. User response: Delete duplicate name. CKR1450 COMPAREOPT NAME=DEFAULT is reserved source. Severity: 12 Explanation: The COMPAREOPT name DEFAULT is reserved for automatic generation. It may be generated automatically with ALLOC FUNCTION=BASE, User response: Choose a different name. CKR1451 COMPAREOPT NAME=name type=type not defined source Severity: 12 Explanation: A COMPAREOPT referred to by PRINT / OPTION / NEWLIST must be defined in a COMPAREOPT statement before it is needed in a NEWLIST, DISPLAY or SORTLIST statement. User response: Add the missing COMPAREOPT statement before you refer to the name with "COMPAREOPT=". Also the newlist "TYPE=" specification on NEWLIST and COMPAREOPT must match. Chapter 5. CKR messages 323 CKR1452 Translation translation1 overridden with translation2 Severity: 00 Explanation: While parsing a LANGUAGE statement, more than one translation was found for the same string or value. The last translation prevails. User response: Validate that the last translation is what you want. CKR1453 FORMAT name name is not supported for language translation at source Severity: 12 Explanation: A FORMAT name has been detected unsupported for language translation. Parsing continues, but the run is cancelled. User response: Remove the FORMAT clause or change the format name. CKR1454 PREFIXLEN must be in range 29...70 Severity: 12 Explanation: The print option PREFIXLEN must be smaller than 71 and greater than 28. CKR1455 Scan of entire segment is not allowed in restricted mode - at ddname line number Severity: 04 or 12 Explanation: When the program is running in restricted or PADS mode, scanning the entire profile segment is not allowed. The program is running in restricted mode either because of a reason shown in a CKR0031 message or because SIMULATE RESTRICT was specified. This condition is considered a syntax error (severity 12). If an ALLOWRESTRICT modifier explicitly indicates that the query must be executed anyway, this message is issued as a warning (severity 4) to remind you that the indicated field is not found. See also CKR0170. CKR1456 NEWLIST name suffix suffix is invalid, ".DISPLAY" is the only valid suffix at source. Severity: 12 Explanation: If a NEWLIST name is suffixed, the only valid suffix is ".DISPLAY"; the run is cancelled. User response: Correct or remove the name suffix. CKR1457 PREFIXLEN value val is not in the range of 29 to 70 at source. Severity: 12 Explanation: The prefix length specified on the LANGUAGE statement must be greater than 28 and smaller than 71. User response: Either specify a value from 29 to 70 inclusive, or remove the PREFIXLEN specification from the LANGUAGE statement to let the prefix length default to the value of the print option PREFIXLEN. CKR1458 Selection on field is only supported for EXISTS and MISSING - at ddname line number Severity: 12 Explanation: This field is only supported in a select clause for the EXISTS and MISSING functions. CKR1459 Logon ID logon_id has no access to the group that started task task_id is assigned to. Severity: 04 Explanation: The GSO STC record assigns a logonid and optional group ID based on the started task ID if no matching STC logonid is found within the logonid database. Under CA ACF2 r12, before a started task is assigned the group ID defined in its associated GSO STC record, a validation call is made to verify that the assigned logonid defined in the STC record has access to the group ID. To grant a logonid access to the assigned group ID, a resource 324 Version 1.12: Messages Guide rule must be written under the TGR resource type. 'VERIFY STC' performs that validation and issues this message if logon ID has no access to the group (if one is defined). CKR1460 FDDFTR: Duplicate DFTR entry user label Severity: 20 Explanation: The reported combination of filter user and filter label is supposed to uniquely identify a digital certificate filter, however, it appears multiple times in the input database. CKR1461 Converting requested key to UTF-8 for class yielded excessive length length requestedkey convertedkey Severity: 12 Explanation: A KEY=requestedkey specification occurred on a selection statement for a class with UTF-8 keys (for example, IDIDMAP). Indexed database read could not convert the request into a valid UTF-8 profile key to look for. The request is shown in EBCDIC; the conversion result is shown in hexadecimal. CKR1462 Remove racmap userid label label - output RACMAP DELMAP Severity: 00 Explanation: This message is issued due to a REMOVE USER= command. In order to remove userid, its identity mappings must be deleted first, hence RACMAP DELMAPs are generated for each. CKR1463 Incomplete COMPAREOPT - TYPE and NAME are required source Severity: 12 Explanation: A COMPAREOPT statement requires both a name and type to identify it. One or both parameters are missing. User response: Add missing parameters. CKR1464 ALLOC F=BASE too late - must precede any use of COMPAREOPT NAME=DEFAULT before source Severity: 12 Explanation: This message indicates that ALLOC F=BASE needs to precede any newlist statement or other implied use because an ALLOC F=BASE statement defines the content of COMPAREOPT=DEFAULT. This order is not allowed. An example of implied use is a COMPAREOPT statement that omits a BY, BASE, or COMPARE parameter. The parameters default to COMPAREOPT=DEFAULT for those statements. User response: Move the ALLOC statement up in CARLa input. You must have all ALLOC statements before all COMPAREOPT and NEWLIST statements. CKR1465 Define TYPE=*name only allowed for COMPARE_RESULT, COMPARE_CHANGES, COUNT, and SUMCOUNT source Severity: 12 Explanation: A DEFINE TYPE=* for the indicated variable name was an unsupported type. Only the indicated types are allowed for TYPE=*. User response: Change TYPE to the desired type and repeat the DEFINE statement for every desired type. CKR1466 WHERE clause not allowed for define name TYPE= *source Severity: 12 Explanation: WHERE clause is not allowed for A DEFINE TYPE=* for the indicated variable name. Only the indicated types are allowed for TYPE=*. Chapter 5. CKR messages 325 User response: Either remove the WHERE clause or repeat the DEFINE for every type needed, specifying an explicit newlist type. CKR1467 Functions like lookup not allowed for define name TYPE=* source Severity: 12 Explanation: DEFINE TYPE=* for the indicated variable name was done specifying a function like substring, WORD, lookup, and so on. These are not allowed with TYPE=*. User response: Either remove the functions or repeat the DEFINE for every type needed, while specifying an explicit newlist type. CKR1468 Warning: TYPE=* define for variable name source overrides TYPE=type define source2 Severity: 00 Explanation: This suppressible message warns that a previous definition of a variable is being superseded by a TYPE=* definition. The earlier definition may still be in use for prior newlists. If a specific type is indicated, it also overrides a global type-specific DEFINE of that type for the same variable name. This message is issued for every newlist type where a global variable has been instantiated with the same name. Subsequent references to the variable name will no longer use the overridden definitions. CKR1469 COMPAREOPT keyword1 must be specified before keyword2 source Severity: 12 Explanation: TYPE must come before BY, COMPARE, or BASE on a COMPAREOPT statement. NAME must come before BASE. User response: Add or move TYPE and NAME keywords before BY, COMPARE, and BASE parameters. CKR1470 Field field value invalid expression is not a valid numeric expression at origin line line Severity: 12 Explanation: The parser expects a field value to contain a valid numeric expression. Either a decimal number or a numeric symbolic expression can be used in this context. CKR1471 Resource simulation class class is not supported - source Severity: 12 Explanation: Classes that assign a nonstandard meaning to the member list are not supported for resource simulation. This restriction applies to classes such as CONNECT, DIGTNMAP, DIGTCERT, DIRACC, DIRAUTH, FSSEC, FSOBJ, GLOBAL, GMBR, GROUP, IDIDMAP, NDSLINK, NODES, NODMBR, NOTELINK, PMBR, PROGRAM, RACFVARS, RVARSMBR, SCDMBR, SECDATA, SECLABEL, SECLMBR, UNIXMAP, USER, VMBR, VMEVENT, VMXEVENT, VXMBR. The DATASET class is not supported either. User response: For the DATASET class, you can use the SIMULATE SENSITIVE command for resource simulation. CKR1472 Complex name cannot have both FUNCTION=BASE and MAIN Severity: 12 Explanation: If you want to compare two versions of the same security database, use different complex names. If you use the same complex name, you cannot distinguish the output of one database version from the other. This message can also cause subsequent CKR1434 messages. User response: Use different complex names for FUNCTION=BASE and (the default function) FUNCTION=MAIN. 326 Version 1.12: Messages Guide CKR1473 Missing BY and no default for COMPAREOPT TYPE=type Severity: 12 Explanation: This error message explains that the BY parameter is required but missing on the indicated COMPAREOPT statement. A default BY value is not used for the newlist type. User response: Add a BY parameter. CKR1474 Missing COMPARE and no default for COMPAREOPT TYPE= Severity: 12 Explanation: This error message explains that the COMPARE parameter is missing on the indicated COMPAREOPT statement. A default COMPARE value is not used for the newlist type. User response: Add a COMPARE parameter. CKR1475 Unexpected short ACCESS record at source Severity: 16 Explanation: This message indicates that an input file designated as TYPE=ACCESS contains a record that is shorter than allowed for TYPE=ACCESS files. If too many errors are found in the input file, message CKR1477 will follow this message. You can suppress this message using the SUPPRESS command. User response: Verify that you specified the proper data set and TYPE on the ALLOC statement for TYPE=ACCESS, or on the SETUP input files panel. CKR1476 Unsupported ACCESS record type xx at source Severity: 16 Explanation: The message indicates that an input file designated as TYPE=ACCESS contains an unrecognized record ID xx. If too many errors are found, message CKR1477 will follow this message. You can suppress this message using the SUPPRESS command. User response: Verify that you specified the proper data set and TYPE on the ALLOC statement for TYPE=ACCESS, or on the SETUP input files panel. CKR1477 Excessive errors in TYPE=ACCESS input; skipping rest of file at source Severity: 16 Explanation: This message indicates that more than 100 errors were found in a file designated as TYPE=ACCESS. The rest of the file will be skipped. You can suppress this message using the SUPPRESS command. User response: Verify that you specified the proper data set and TYPE on the ALLOC statement for TYPE=ACCESS, or on the SETUP input files panel. CKR1478 COMPARE_CHANGES not supported on SUMMARY Severity: 12 Explanation: The results of a comparison process are returned by the COMPARE_CHANGES variable. To report the COMPARE_CHANGES results, you must use the SORTLIST or DISPLAY commands; you cannot use the SUMMARY command. Chapter 5. CKR messages 327 CKR1479 SYSLOG is not supported under VM Severity: 12 Explanation: Writing a SYSLOG message to a UNIX SYSLOG receiver is not directly supported under z/VM. User response: Run this CARLa under z/OS. CKR1480 Sendto for syslog alert n sockdesc m failed UNIX error, name source Severity: 12 Explanation: Indicates that the UNIX sendto service failed with the indicated error. User response: Correct the error and try again. CKR1481 Sending syslog alert n to addr port port on sockdesc n, name source syslog_line Severity: 00 Explanation: Indicates the destination for an alert. It also shows the syslog message EBCDIC encoding. However, the information is sent in UTF-8 format. The addr format corresponds to the IP stack for creating the socket descriptor. If the IPv6 stack is available, IPv4 address are mapped to the IPv6 socket and shown in the following format: ::FFFF:n.n.n.n where n.n.n.n is the IPv4 address. The following examples show the different message formats for IPv4 and IPv6: Message for an IPv4 address mapped to an IPv6 stack: CKR1481 00 Sending syslog alert 0 to ::FFFF:127.0.0.1 port 514 on sockdesc 0, IPV6V4 at SYSIN line 6 Message for an IPv6 stack: CKR1481 00 Sending syslog alert 0 to ::1 port 514 on sockdesc 0, IPV6V4 at SYSIN line 6 Message for an IPv4 stack: CKR1481 00 Sending syslog alert 0 to 127.0.0.1 port 514 on sockdesc 0, IPV4LCL at SYSIN line 6 CKR1482 Empty syslog alert n, name source Severity: 12 Explanation: An empty line or no line at all was encountered in a request to send a syslog message. User response: Correct the CARLa used to generate the syslog message, and try again. CKR1483 Syslog alert n has more than 1 line, name source syslog_line_1 syslog_line_2 Severity: 12 Explanation: Notification that a syslog alert sends only the first line. User response: Change the alert to reduce it to one line. CKR1484 IPv4 socket call for syslog failed UNIX error Severity: 12 Explanation: An attempt was made to establish an IPv4 socket with the UNIX socket service, but this attempt failed with the indicated diagnostic information. User response: See the z/OS UNIX System Services Messages and Codes reference manual available from the z/OS Internet Library. 328 Version 1.12: Messages Guide CKR1485 IPv4 syslog socket close failed UNIX error Severity: 12 Explanation: An attempt was made to close an IPv4 socket, but this attempt failed with the indicated diagnostic information. User response: See the z/OS UNIX System Services Messages and Codes reference manual available from the z/OS Internet Library. CKR1486 ipstack socket call for syslog system abend abend-reason (description) Severity: 12 Explanation: Indicates that the IPv4 or IPv6 socket call has failed. The ipstack address is either IPv4 or IPv6 depending on the type of socket being created. For additional information about the abend code, see the Communications Server IP and SNA Codes manual available from the z/OS Internet Library. CKR1487 ipstack syslog sockdesc n Severity: 00 Explanation: The ipstack address is either IPv4 or IPv6, depending on the IP stack used for the SYSLOG socket descriptor. If the IPv6 stack is unavailable, the socket descriptor uses an IPv4 stack and is limited to using IPv4 addresses. The following examples show the different message formats for IPv6 and IPv4: CKR1487 00 IPv6 syslog sockdesc 0 CKR1487 00 IPv4 syslog sockdesc 0 CKR1488 CMSMODE is only valid with DSN/DA/DATASET - before token AT ddname LINE number Severity: 12 Explanation: This message indicates that in z/VM, the CARLa ALLOC statement for the RACF database requires a DSN, DA, or DATASET parameter when using the CMSMODE parameter. CKR1489 CMSMODE is mutually exclusive with VOL/UNIT - before token AT ddname LINE number Severity: 12 Explanation: This message indicates that in z/VM, the CARLA ALLOC statement incorrectly specified the V, VOL, VOLSER, VOLUME, U or UNIT allocation parameter with the CMSMODE parameter for the RACF database data set. The CMSMODE parameter can only be used to allocate files with the DSN, DA, or DATASET parameters CKR1490 CMSMODE is required with DSN/DA/DATASET under VM - before token AT ddname LINE number Severity: 12 Explanation: This message indicates that in z/VM, the CARLa ALLOC statement did not specify the CMSMODE parameter for the RACF database data set. CKR1491 MEMBER specification not allowed under VM - before token AT ddname LINE number Severity: 12 Explanation: This message indicates that in z/VM, the the CARLa ALLOC statement incorrectly specified a member in the DSN, DA, or DATASET parameter for the RACF database. CKR1492 CMSMODE is only valid under VM - before token AT ddname LINE number Severity: 12 Explanation: This message indicates that in z/OS, the CARLa ALLOC statement incorrectly specified the CMSMODE parameter for the RACF database data set. This parameter can only be used in z/VM. Chapter 5. CKR messages 329 CKR1494 Client connection to server failed RC=decnum Severity: 0 Explanation: This message indicates that the CARLa query could have a benefit from accessing the zSecure Server, but the attempt to contact the server failed with the indicated return code. For example, some fields might have been specified but could not be verified. Message CKR2351 is also present if it the server is required for the query. Return code values: 2 See the prior server-error CKN message. The message is prefixed by the ZSECSYS name of the server. 4 Did not all fit in buffer 8 Unsupported function 12 Caller not authorized as client 16 Parameters not valid User response: Look for CKN* server messages before this message, and follow their guidance. For return codes greater than 2, search the support site for information on CKR1494 and the indicated return code. Restart the server to see if the problem disappears. CKR1495 There is no server active with SERVERTOKEN=name Severity: 0 Explanation: This message indicates that the CARLa query could have a benefit from accessing the zSecure Server, but did not find an active server with the indicated server token. Message CKR2351 is also present if it the server is required for the query. User response: Verify that the server token is correct in SETUP RUN when running the ISPF user interface. If the token is correct, ensure that the server is still running. Restart the server if it is not running. CKR1497 Unable to resolve local node for zsec_parm Severity: 12 Explanation: The CKR1497 message is issued when the ZSECNODE or ZSECSYS parameter specifies either "*" or "." and the node table cannot resolve any node or system values for the selected server. In this case, processing should not continue. The issuance of this message usually indicates that the multi-system server cannot process requests at this time. zsec_parm can be any of the following settings: v ZSECNODE=. v ZSECNODE=* v ZSECSYS=. v ZSECSYS=* CKR1498 Options DD and SYSLOG are mutually exclusive Severity: 12 Explanation: You cannot specify both DD (DDNAME,FILE,F) and SYSLOG on a NEWLIST statement. User response: Ensure that the NEWLIST statement has either a DD (DDNAME,FILE,F) or SYSLOG parameter, but not both. 330 Version 1.12: Messages Guide CKR1499 CKRSVPUT sync error - waiting for file ddname open but finding ddname2 for clientno Severity: 20 Explanation: This message indicates that an error occurred in communication with a remote CKRCARLA through the zSecure Server. User response: Use fewer remote files at the same time. Messages from 1500 to 1599 CKR1500 Invalid $ANYMISSINGMIGC in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in VERIFY PROGRAM processing. Contact IBM Software Support. CKR1501 CKRPUTV: calltype call for fieldtype field fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The field indicated by fieldaddr fieldname cannot be stored again. Contact IBM Software Support. CKR1502 CKRPRMSG.CKRM385: Message msgid has unexpected member entry of type eyecatcher for class profile Severity: 24 Explanation: Contact IBM Software Support. Particularly valuable information in case of this error would be the msgid and what member list the indicated profile actually has. The first four letters of the msgid indicate the function that is partially failing, for example, 'VPRM' for VERIFY PERMIT. CKR1503 E-mailed XML document DD ddname should use ENCODING=UTF-8 Severity: 04 Explanation: The z/OS SMTP server automatically translates e-mail from EBCDIC to ASCII. When you use the default ENCODING=EBCDIC for e-mailed XML documents, this results in an ASCII document containing a header describing the document as EBCDIC encoded. Such XML document may not be parseable by your XSLT processor. You are advised to use ENCODING=UTF-8 for XML documents. CKR1504 Unable to obtain storage for Dynamic Parse Table. Size=nnnnnn, SYSTEM=ssssssss, DDNAME=dddddddd Severity: 20 Explanation: It was not possible to obtain storage to rebuild the Dynamic Parse Table, while processing a CKFREEZE data set or an UNLOAD data set. The values ssssssss and dddddddd help identify the CKFREEZE or UNLOAD data set being processed. The value nnnnnn is the requested size of storage for the table in bytes. This error has occurred during the reading of the CKFREEZE or an UNLOAD data set . Dynamic Parse Table records have been found in the data set but the attempt to reconstruct the table from the records has failed. As a result of this message, no Dynamic Parse Table will be built from this input file. This will affect the processing of RACF custom fields. User response: This error is likely caused by a corruption of the CKFREEZE or UNLOAD data set. If the CKFREEZE or UNLOAD data set has been sorted, or records have been dropped or altered in some way, then errors of this kind can occur. It is also possible that insufficient memory is allocated to the address space where the data set is being processed. If you cannot resolve the problem, contact IBM Software Support. Chapter 5. CKR messages 331 CKR1505 Errors in Dynamic Parse Table. text, Table Part = nn, SYSTEM=ssssssss, DDNAME=dddddddd Severity: 20 Explanation: There has been an error in reconstructing the Dynamic Parse Table. In the message, the text value can be one of the following values: v "Sequence error": indicates that the records found do not have sequential record numbers. v "Address mismatch" indicates that the records do not have matching originating addresses in them. v "Length mismatch" indicates that the records do not have the expected lengths within them. v "Pointer error" indicates that during the adjusting of internal pointers, an internal address was found to be outside the table bounds. v "Buffer overrun" indicates that during the build of the table, an attempt was detected to write past the end of the Dynamic Parse Table area. The value nn identifies the section of the table last processed. The values ssssssss and dddddddd help identify the data set being processed. This error has occurred during the reading and processing of the CKFREEZE or an UNLOAD data set. Dynamic Parse Table records have been found in the file but the attempt to reconstruct the table from the records has failed. As a result of this message no Dynamic Parse Table will be built from this input file. This will affect the processing of RACF custom fields. User response: This error is likely to be caused by a corruption of the CKFREEZE or UNLOAD data set. If the CKFREEZE or UNLOAD data set has been sorted, or records have been dropped or altered in some way, then errors of this kind can occur. It is also possible that insufficient memory is allocated to the address space where the data set is being processed. If you cannot resolve the problem, contact IBM Software Support. CKR1506 CSDATA keyword name name longer than 8 characters. Ignoring keyword. Severity: 20 Explanation: The dynamic parse table mentions a custom field longer than 8 characters. This keyword will be ignored. CKR1507 procedure called with invalid CSTD length length Severity: 24 Explanation: An internal error in custom field processing occurred. Contact IBM Software Support. CKR1508 TLSD address no compare result OUTF Severity: 24 Explanation: This is an internal error message. User response: Search the IBM support web site for information on the message. If you cannot resolve the problem, contact IBM Software Support. CKR1509 CKRMODF OTYPCSD Internal error. Reason Severity: 24 Explanation: An internal error occurred in the overtype processing of custom fields. Contact IBM Software Support. CKR1510 Incomplete INFO data returned- missing DNAM block Severity: 4 Explanation: This message indicates an unexpected condition in node information data returned from the server. User response: If you do not miss information, ignore the message. If you miss information, look for the message on the IBM support web site. If you cannot find information about the message, contact IBM Software Support. 332 Version 1.12: Messages Guide CKR1511 KRFMTC.PRTFLD: Called with invalid index for fieldname source Severity: 24 Explanation: This is an internal error message. User response: Search the IBM support web site for information on the message. If you cannot resolve the problem, contact IBM Software Support. CKR1554 CKRXINIT.CKRDBPUT OPEN for ddname returned RC=rc - issuing USER ABEND 1554 Severity: 20 Explanation: This message indicates that a CKRCARLA instance running as a server received a severe error while communicating with a client about RACF data to be sent for ddname. An error this severe (rc is 12 or higher) is not recoverable. The server issues user ABEND 1554 to produce a summary dump. User response: Contact IBM Software Support. CKR1555 CKRXINIT.CKRDBPUT function for ddname returned RC=rc - issuing USER ABEND 1555 Severity: 20 Explanation: This message indicates that a CKRCARLA instance running as a server received a severe error while communicating with a client about RACF data being sent for ddname. An error this severe (rc is 12 or higher) is not recoverable. The server issues user ABEND 1555 to produce a summary dump. User response: Contact IBM Software Support. CKR1556 CKRXINIT.CKRDBPUT: Unknown function code code for ddname Severity: 24 Explanation: This message indicates that the routine to send RACF data from a server CKRCARLA instance to a client was invoked with an unintelligible function request in regard to ddname. The request is ignored. This message is followed by message CKR0809. You can suppress these messages. CKR1557 CKROUNIT.TLSDINIT: Conversion of fieldname1 to UTF-8 is not supported - field fieldname2 at ddname line number. Severity: 24 Explanation: This message can be suppressed; no conversion will be done. (Fieldname2 is the requested field, fieldname1 is the actual database field. They might differ if fieldname2 is a defined variable.) User response: Submit an error report and contact IBM Software Support. CKR1558 CKROUNIT.TLSDINIT: Conversion of fieldname1 to EBCDIC is not supported - field fieldname2 at ddname line number. Severity: 24 Explanation: This message can be suppressed; no conversion will be done. (Fieldname2 is the requested field, fieldname1 is the actual database field. They might differ if fieldname2 is a defined variable.) User response: Submit an error report and contact IBM Software Support. CKR1559 CKRLKPP.CKRIDID: Repeat group restriction for fieldname1 is not supported - field fieldname2 defined at ddname line number Severity: 24 Explanation: Fieldname2 will show up empty in the generated report. This message can be suppressed. (Fieldname2 is the requested field, fieldname1 is the actual database field. They might differ if fieldname2 is a defined variable.) User response: Submit an error report and contact IBM Software Support. Chapter 5. CKR messages 333 CKR1560 No support for simultaneous I/O to files file1 and file2 Severity: 20 Explanation: This message documents that the zSecure Server does not support simultaneous I/O to different RACF databases on a remote server. The program issues user abend 1560. User response: Modify the query to access only one security database per target server. CKR1561 CKRSVPUT expects SVPUT instead of WKQR address type flags Severity: 24 Explanation: This is an internal error message. User response: Look for the message ID on the IBM support web site. If you do not find a solution, contact IBM Software Support. CKR1562 CKRSVPUT unexpected function nn Severity: 24 Explanation: This is an internal error message. It is followed by user abend 1562. User response: Look for the message ID on the IBM support web site. If you do not find a solution, contact IBM Software Support. CKR1563 CKRSVPUT invalid WKQRTYPE nn instead of file level SVPUT WKQR address type flags Severity: 24 Explanation: This is an internal error message. User response: Look for the message ID on the IBM support web site. If you do not find a solution, contact IBM Software Support. CKR1564 No support for simultaneous I/O to files FILE1 and FILE2 Severity: 20 Explanation: This message documents that the zSecure Server does not support simultaneous I/O to different recipients over one remote file. The program issues user abend 1564. User response: Modify the query to perform fewer simultaneous I/O operations per target server. CKR1596 CKRINLT: Called with invalid CALLTYPE nn Severity: 24 Explanation: Contact IBM Software Support. CKR1597 procedure parm eyecatcher not name Severity: 24 Explanation: Verification of the calling parameters for procedure failed. Contact IBM Software Support. CKR1598 Format unresolved for fieldname at ddname line number Severity: 24 Explanation: Contact IBM Software Support. 334 Version 1.12: Messages Guide CKR1599 CKROUNIT internal error: OUTFSLCT without OUTFDEFV Severity: 24 Explanation: Contact IBM Software Support. Messages from 1600 to 1699 CKR1600 to 1697 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. CKR1601 jobtag uses [derived|later] CICS dictionary [<system> <date time>] at ddname line recno Severity: 00 Explanation: This debug message (DEBUG SMFINT) must be written when a dictionary is selected to be used for interpreting all performance records in a job tag. It must be written only once per job tag. If a derived dictionary is used for all performance records in the indicated job tag, the “derived” indicator must be written. If a dictionary obtained from an SMF record is used, the system, date and time, DD name, and the record number of the SMF dictionary record must be reported. CKR1698 Elapsed/CPU x.xxxxxx/y.yyyyyy total e.eeeeee/c.cccccc msg mmmmmm Severity: 00 Explanation: This message is written in response to a DEBUG PERFORM request, and gives the elapsed and CPU time since the previous CKR1698 (or program start for the first message), followed by the total elapsed and CPU time since program start. The times are in seconds with 6 digit accuracy to yield microseconds. The last part of the message gives the ISPF status message number. If the program was running as an ISPF application, there is a continuation line giving the actual content of the ISPF message as it would have been displayed on the screen if you had SUPPRESS MSGTIMER active. The CKR1698 messages and continuation lines are written independently of the SUPPRESS MSGTIMER setting. For an ISPF application, the elapsed time will include all the time the program was waiting for the user to issue commands. CKR1699 message Severity: 00 Explanation: This message is in response to debugging options. If you need information about this message, contact IBM Software Support. Messages from 1700 to 1799 CKR1700 C2ARULE: record record corrupted: offset out of Reconstruction Table Severity: 20 Explanation: The indicated access rule record has an unexpected layout. It is probably corrupted. Contact IBM Software Support. CKR1701 C2ARULE: record record corrupted: offset out of Dictionary Severity: 20 Explanation: The indicated access rule record has an unexpected layout. It is probably corrupted. Contact IBM Software Support. Chapter 5. CKR messages 335 CKR1702 C2ARULE: record record corrupted: offset out of Data area Severity: 20 Explanation: The indicated access rule record has an unexpected layout. It is probably corrupted. Contact IBM Software Support. CKR1703 CKRPUTV.CKRPTCLS: Too many repeat group entries in staging area for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: While closing repeat group field an unexpectedly large number of repeat group entries was detected. This should have been prevented by earlier processing (see CKR1051). Contact IBM Software Support. The indicated record will show the field as empty. CKR1704 CKRPRMSG.CKRM301: Message msgid has unexpected WHEN clause of type eyecatcher for DATASET profile volume Severity: 24 Explanation: Contact IBM Software Support. Particularly valuable information in case of this error would be the msgid and what WHEN clauses the indicated profile actually has. The first four letters of the msgid indicate the function that is partially failing, for example, 'VPRM' for VERIFY PERMIT. CKR1705 CKRPRMSG: Message msgid has unexpected WHEN clause of type eyecatcher for class profile Severity: 24 Explanation: Contact IBM Software Support. Particularly valuable information in case of this error would be the msgid and what WHEN clauses the indicated profile actually has. The first four letters of the msgid indicate the function that is partially failing, for example, 'VPRM' for VERIFY PERMIT. CKR1706 CKRPRMSG.CKRWPGM: Message msgid for PROGRAM profile with unexpected WHEN clause of type eyecatcher - hexvalue Severity: 24 Explanation: Contact IBM Software Support. Particularly valuable information in case of this error would be the msgid and what WHEN clauses the indicated PROGRAM profile actually has. The first four letters of the msgid indicate the function that is partially failing, for example, 'VPRM' for VERIFY PERMIT. CKR1707 CKRDDC: Undefined calltype hexvalue Severity: 24 Explanation: Contact IBM Software Support. CKR1708 CKRDDC: GENERAL SEGMENT segment not defined in TSEG Severity: 20 Explanation: The indicated segment is not defined. Contact IBM Software Support. CKR1709 CKATUID: RACFid UGID ugid NOT FOUND IN TUID TREE Severity: 24 Explanation: A problem was encountered while building a look up tree from UNIX UIDs to RACF user IDs or from UNIX GIDs to RACF groups. This message will be followed by user ABEND 16. Contact IBM Software Support. 336 Version 1.12: Messages Guide CKR1710 CKRCFV: Directory level error in system complex: from currdepth to newdepth for device dev at directoryname Severity: 20 Explanation: A CKFREEZE record was encountered indicating an impossible directory switch in the file system dump being processed. The rest of the file system dump will be skipped. Contact IBM Software Support. The system and complex names identify the CKFREEZE; dev is the device number of the file system; directoryname is the last qualifier of the directory being switched to. CKR1711 CKRCFV: Directory tree backup problem (number levels to go) in system complex for device dev at directoryname Severity: 24 Explanation: A problem was encountered during a directory switch in a file system dump. Contact IBM Software Support. The rest of the file system dump will be skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; directoryname is the last qualifier of the directory being switched to. CKR1712 CKRCFV: Parent directory locate problem in system complex for device dev at directoryname Severity: 24 Explanation: A problem was encountered during a directory switch in a file system dump. Contact IBM Software Support. The rest of the file system dump will be skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; directoryname is the last qualifier of the directory being switched to. CKR1713 CKRCFV: Directory entry locate problem in system complex for device dev at directoryname Severity: 20 Explanation: A problem was encountered during a directory switch in a file system dump. Contact IBM Software Support. The rest of the file system dump will be skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; directoryname is the last qualifier of the directory being switched to. CKR1714 CKRCFV: Directory entry record truncated in system complex for device dev at filename Severity: 16 Explanation: A truncated CKFREEZE record for a UNIX directory entry was encountered. The record will be skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; filename is the (possibly truncated) last qualifier of the file being skipped. CKR1715 CKRCFV: Empty relative name in system complex at pathname Severity: 20 Explanation: A CKFREEZE record for a UNIX directory entry was encountered specifying an empty relative name. Contact IBM Software Support. The record will be skipped. The system and complex names identify the CKFREEZE; pathname is the absolute pathname for this record. CKR1716 CKRCFV.CKRTDIRC: HFS root directory without '.' for system complex: mountpoint Severity: 20 Explanation: On root directory close for the file system dump being processed it was noticed that no '.' entry had been processed (describing the characteristics of the root directory itself). Contact IBM Software Support. The root directory and the rest of the file system are discarded. The system and complex names identify the CKFREEZE; mountpoint is the absolute pathname for the file system's mount point. Chapter 5. CKR messages 337 CKR1717 CKRCFV: Link record but no current directory system complex: symlinkname Severity: 20 Explanation: A CKFREEZE record for a symlink was found, but no directory is being processed on this system. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; symlinkname is the last qualifier of the symlink. CKR1718 CKRCFV: Too many directory entries in directory system complex: pathname Severity: 20 Explanation: The indicated directory appeared to have more directory entries than the supported directory array size allowed (currently more than a million). The rest of the file system dump is skipped. Contact IBM Software Support. The system and complex names identify the CKFREEZE; pathname is the absolute pathname of the problem directory. CKR1719 CKRCFV: Link locate problem in system complex for symlinkname Severity: 20 Explanation: A CKFREEZE record for a symlink was found, but the specified symlinkname does not occur as a directory entry in the directory currently being processed for this system. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; symlinkname is the last qualifier of the symlink. CKR1720 CKRCFV: Link contents but no link in system complex for linktarget Severity: 20 Explanation: A CKFREEZE record with symlink contents was found, but no record with the symlink it pertains to (or that record was discarded--see CKR1717 and CKR1719). Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; linktarget is the pathname the symlink evaluates to. CKR1721 CKRCFV: Directory entry attributes missing in system complex for pathname Severity: 20 Explanation: A CKFREEZE record with symlink contents was found, but the directory entry associated with it is incomplete. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; pathname is the absolute pathname of the symlink. CKR1722 CKRCFV: Directory entry but no HFS selected in system complex: filename Severity: 20 Explanation: A CKFREEZE record for a UNIX directory entry was encountered, but no file system dump had been started on the system. Contact IBM Software Support. The record is skipped and any subsequent CKFREEZEs records belonging inside a file system dump preceding the next explicit file system dump start are skipped as well. The system and complex names identify the CKFREEZE; filename is the last qualifier of the file being skipped. CKR1723 CKRCFV: Directory entry but no directory selected in system complex for device dev: filename Severity: 20 Explanation: A CKFREEZE record for a UNIX directory entry was encountered, but no directory had been selected. Contact IBM Software Support. The rest of the file system dump is skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; filename is the last qualifier of the file being skipped. CKR1724 CKRCFV.CKRTDIRC: Directory close but no HFS selected for system complex - noticed at record number Severity: 24 Explanation: When winding up processing for the current UNIX directory, the indication what file system to add 338 Version 1.12: Messages Guide the directory to appeared missing. Contact IBM Software Support. The rest of the file system (if any) is skipped. The system and complex names identify the CKFREEZE; number is the record number in that CKFREEZE currently being processed (or possibly indicates an end of file condition). CKR1725 CKRCFV.CKRTDIRC: Missing HFS for system complex: mountpoint Severity: 24 Explanation: When winding up processing for the current UNIX directory, the file system to add the directory to appeared missing. Contact IBM Software Support. The rest of the file system is skipped. The system and complex names identify the CKFREEZE; the mountpoint identifies the file system's mount point, below which information will be missing. CKR1726 CKRCFV: Previous directory not closed on open in system complex: pathname Severity: 24 Explanation: When starting on the construction of a new UNIX directory, the previous one appeared to be unclosed. Contact IBM Software Support. The previous directory is closed before processing continues in an attempt to recover from this unexpected condition. The system and complex names identify the CKFREEZE; pathname is the absolute pathname of the directory being opened. CKR1727 Illegal FLTRNAME value in profile key : fieldvalue Severity: 20 Explanation: This message indicates that the FLTRNAME field of the profile mentioned did not contain the character used to separate the issuers and subjects distinguished names (hex 4A). This is probably the result of a corrupted RACF database. CKR1728 FILTERDN: Illegal call type type Severity: 24 Explanation: Contact IBM Software Support. CKR1730 Illegal extended relocate section type smftype in DD dd RecNo number type type Severity: 20 Explanation: In the SMF record (record type smftype) indicated by the DD and recordnumber an illegal data type was encountered. This extended relocate section will be skipped. Any reports concerning this record might be incomplete. This message is usually the result of a corruption in the indicated record. CKR1731 CKRPUTV.CKRPTSRT: Missing sort routine for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The indicated repeat group field is in a special format and requires a special sort routine but none has been provided. Contact IBM Software Support. The repeat group will not be sorted. CKR1732 module: Called with invalid column fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The ACL or CONNECTS explode routine noticed that the column passed to it did not have the correct format. Contact IBM Software Support. CKR1733 CKRXPLD: Storage leak for column fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The ACL explode routine noticed that the column passed to it would not free the exploded ACLs stored to it. Contact IBM Software Support. Chapter 5. CKR messages 339 CKR1734 CKRPUTV.CKRDELST: Cannot separately delete type field fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The record delete routine was called to delete a field for a column that has nothing stored to it. If type is linked it is an alias of another column. If type is internal it is an auxiliary column. Contact IBM Software Support. CKR1735 routine: Called for type field fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: routine was called for an unsupported column type. If type is linked, it is an alias of another column. If type is hidden or internal, it is not supposed to yield any output. The routine can be CKRPUTV.CKRIRPT (repeat group open) or CKRPUTV.CKRPTCLS (repeat group close). Contact IBM Software Support. CKR1736 CKRPRTFL.CKRGETV: Flush for type field fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The get value routine was called to flush the cache for a column that has no cache. If type is linked it is an alias of another column. If type is internal it is an auxiliary column. Contact IBM Software Support. CKR1737 CKAOUDSN: Unexpected profile type type for volume dsname Severity: 24 Explanation: Contact IBM Software Support. The PROFILE field in TYPE=DSN will be missing for this data set. CKR1738 CKAOUDSN: Missing TVOL for volume dsname Severity: 24 Explanation: Contact IBM Software Support. The following fields in TYPE=DSN may be erroneously false, blank or missing for this data set: IS_MOUNTED, IS_MIGRATED, IN_VTOC, IN_VVDS, REAL_DSNAME, REAL_VOLUME, UNITTYPE, BOX_SERIAL. CKR1739 CKAOUNIX: Parent is not a directory - filetype system TMNTaddr TDIRaddr DIREaddr filename ; dev directory Severity: 24 Explanation: During UNIX pathname resolution following a '..' (parent) specification, it turned out the resulting location was not a directory. Contact IBM Software Support. CKR1740 TMNT without THFS at callid for system system : TMNTaddr. hexvalue; mountpoint Severity: 24 Explanation: A mount point without associated file system was encountered. Contact IBM Software Support. CKR1741 CKRCFV: Directory switch but no HFS selected in system complex: directory Severity: 20 Explanation: A CKFREEZE record for a UNIX directory switch was encountered, but no file system dump had been started on the system. Contact IBM Software Support. The record is skipped and any subsequent CKFREEZEs records belonging inside a file system dump preceding the next explicit file system dump start are skipped as well. The system and complex names identify the CKFREEZE; directory is the last qualifier of the directory being switched to. 340 Version 1.12: Messages Guide CKR1742 Missing SDIR array at callid for system system: TMNTaddr TDIRaddr; mountpoint . Severity: 24 Explanation: A file system without top level subdirectory search structure was encountered. Contact IBM Software Support. CKR1743 Missing inner root at callid for system system: TMNTaddr; mountpoint Severity: 24 Explanation: A file system without root directory was encountered. Contact IBM Software Support. CKR1744 Missing TATT at callid for system system: TMNTaddr TDIRaddr DIREaddr filename ; dev directory Severity: 24 Explanation: A UNIX file without attributes was encountered. Contact IBM Software Support. CKR1745 ADDTHOM: Missing INODE index for system system mount point mountpoint Severity: 24 Explanation: Contact IBM Software Support. In TYPE=UNIX newlists the HOME_OF field and AUDITCONCERN may be incomplete, and AUDITPRIORITY may be too low for files in the indicated file system. CKR1746 ADDTHOM: Missing INODE index entry inode for system system mount point mountpoint Severity: 24 Explanation: Contact IBM Software Support. In TYPE=UNIX newlists the HOME_OF field and AUDITCONCERN may be incomplete, and AUDITPRIORITY may be too low for files in the indicated file system with the reported inode. CKR1747 Missing HFS up link at callid from DIREaddr1 on system system while processing DIREaddr2 relativepathname Severity: 24 Explanation: A root directory entry DIRE1 could not be related to its file system. This may cause the path evaluation for DIRE2 to fail, which may cause incorrect output for the ATTR, AUDITCONCERN and AUDITPRIORITY fields. Contact IBM Software Support. CKR1748 Missing up link at callid from volume FSname on system system while processing DIREaddr2 relativepathname Severity: 24 Explanation: The indicated file system does not appear to be mounted on some directory on this system as expected. This may cause the path evaluation for DIRE2 to fail, which may cause incorrect output for the ATTR, AUDITCONCERN and AUDITPRIORITY fields. Contact IBM Software Support. CKR1749 Orphan instance in program : volser datasetname Severity: 24 Explanation: Contact IBM Software Support. CKR1750 CKRCFV: Mount info but no mount point selected for system complex - noticed at record number Severity: 20 Explanation: A CKFREEZE record with mount point information was encountered that could not be related to a preceding mount point. Contact IBM Software Support. The record is skipped. The system and complex names identify Chapter 5. CKR messages 341 the CKFREEZE; number is the record number in that CKFREEZE currently being processed. CKR1751 CKRCFV: UNIX ACL record but no current directory for system complex device dev at filename Severity: 20 Explanation: A CKFREEZE record with a UNIX ACL was encountered, but no directory was being processed. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; filename is the last qualifier of the file the ACL belongs to. CKR1752 CKRCFV: UNIX ACL locate problem in system complex for device dev at filename Severity: 20 Explanation: A CKFREEZE record with a UNIX ACL was encountered that did not belong to directory being processed. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; filename is the last qualifier of the file the ACL belongs to. CKR1753 CKRCFV: Directory entry attributes missing in system complex for pathname Severity: 20 Explanation: A CKFREEZE record with a UNIX ACL was encountered, but the directory entry associated with it is incomplete. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; pathname is the absolute pathname of the file the ACL belongs to. CKR1754 CKRCFV: UNIX ACL record entry name truncated for system complex for device dev at filename Severity: 16 Explanation: A truncated CKFREEZE record with a UNIX ACL was encountered. The record will be skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system; filename is the last qualifier of the file the ACL belongs to. CKR1755 CKRCFV: UNIX ACL record but no mount point selected for system complex pathname Severity: 24 Explanation: A CKFREEZE record with a UNIX ACL was encountered, but no file system was being processed. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; pathname is the relative pathname of the file the ACL belongs to. CKR1756 CKRCFV: UNIX ACL record has unexpected eyecatcher eyecatcher for system complex pathname Severity: 20 Explanation: A CKFREEZE record with a UNIX ACL was encountered, but the ACL record was not recognized. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; pathname is the absolute pathname of the file the ACL belongs to. CKR1757 CKRCFV: UNIX ACL record has unexpected version version for system complex pathname Severity: 16 Explanation: A CKFREEZE record with a UNIX ACL was encountered, but the ACL record version was not recognized. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; pathname is the absolute pathname of the file the ACL belongs to. CKR1758 CKRCFV: UNIX ACL record has no ACL entries for system complex pathname Severity: 20 Explanation: A CKFREEZE record with a UNIX ACL was encountered, but the ACL record was too small to contain any entries. Contact IBM Software Support. The record is skipped. The system and complex names identify the 342 Version 1.12: Messages Guide CKFREEZE; pathname is the absolute pathname of the file the ACL belongs to. CKR1759 CKRCFV: UNIX ACL record truncated for system complex pathname Severity: 16 Explanation: A CKFREEZE record with a UNIX ACL was encountered, but the ACL record was too small to contain all the entries it declared to contain. Only the entries actually contained in the record are processed. The system and complex names identify the CKFREEZE; pathname is the absolute pathname of the file the ACL belongs to. CKR1760 CKRCFV: UNIX ACL record but no current directory for system complex device dev at. Severity: 24 Explanation: A CKFREEZE record with a UNIX ACL was encountered for the mount point root itself , but the corresponding directory could not be located. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE; dev is the device number of the file system. CKR1761 CKRCFV: Duplicate UNIX type ACL in system complex for pathname Severity: 20 Explanation: A second CKFREEZE record with a UNIX ACL of the indicated type was encountered for the same file. The type can be access, default or fdefault. Contact IBM Software Support. The record is skipped. The system and complex names identify the CKFREEZE. pathname is the absolute pathname of the file. CKR1762 Internal error - database I/O stalled Severity: 24 Explanation: No outstanding I/O was found, yet waiting for I/O on an unload complex. Contact IBM Software Support. CKR1763 Internal error - database I/O stalled Severity: 24 Explanation: No outstanding I/O was found, yet waiting for I/O on a non-unload complex. Contact IBM Software Support. CKR1764 Internal error - database I/O stalled Severity: 24 Explanation: No complex was found with pending I/O. Going ahead anyway, but this may cause synchronization problems or no profile selection. Contact IBM Software Support. CKR1765 Internal error - no OUTS for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: This message indicates a failure in FIELD restrict processing. Contact IBM Software Support. CKR1766 Internal error - no OUTS for fieldaddr1 fieldname1 lookup for fieldaddr2 fieldname2 defined at ddname line number Severity: 24 Explanation: This message indicates a failure in FIELD restrict processing. Contact IBM Software Support. Chapter 5. CKR messages 343 CKR1767 Internal error- no OUTS for display1 OUTF fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: This message indicates a failure in FIELD restrict processing. Contact IBM Software Support. CKR1768 Internal error- no OUTS for display2 OUTF fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: This message indicates a failure in FIELD restrict processing. Contact IBM Software Support. CKR1769 CKRRDVAL internal error: inconsistent call: parameter area Severity: 20 Explanation: Verification of the calling parameters for CKRRDVAL failed. Contact IBM Software Support. CKR1770 Orphan iplvol in program : member Severity: 24 Explanation: Contact IBM Software Support. CKR1771 CKRPRLST.DTMODS2: No OUD2 found for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: An error occurred while determining the buffer length for modification of a field on the detail display (with overriding length 0). Contact IBM Software Support. CKR1772 Duplicate vol/dsn combination in program profile program: volser dsname Severity: 20 Explanation: This message indicates an internal error in VERIFY PROGRAM or VERIFY PGMEXIST processing. It may point to an inconsistency in the security database. Contact IBM Software Support. CKR1773 Missing TVOL for program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM or VERIFY PGMEXIST processing. Contact IBM Software Support. CKR1774 Invalid instance in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM or VERIFY PGMEXIST processing. Contact IBM Software Support. CKR1775 Invalid $NOVTOC in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. 344 Version 1.12: Messages Guide CKR1776 Invalid $ANYMISSINGVTOC in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. CKR1777 Invalid $NOVTOC in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. CKR1778 Missing $ANYMISSINGVTOC or $ANYMISSINGMIGC in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. CKR1779 Invalid $NOTMOUNTED in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. CKR1780 Invalid $VTOCUNREADABLE in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. CKR1781 Invalid $NOVTOC in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. CKR1782 Invalid $NOVTOC in program: volser dsname Severity: 24 Explanation: This message indicates an internal error in the VERIFY PROGRAM processing. Contact IBM Software Support. CKR1783 CKROUNIT internal error - OUTF$SLFN$LOOKUP without TLUD for fieldname ddname line number Severity: 24 Explanation: An unrecoverable error occurred while processing fieldname. Contact IBM Software Support. CKR1784 Non-SLFN lookup fieldname Severity: 24 Explanation: A lookup was attempted for fieldname, but the required structures were not present. Contact IBM Software Support. Chapter 5. CKR messages 345 CKR1785 ADDTHOM: No free INODE index entry inode for system system mount point pathname Severity: 24 Explanation: Contact IBM Software Support. In TYPE=UNIX newlists the HOME_OF field and AUDITCONCERN may be incomplete, and AUDITPRIORITY may be too low for files in the indicated file system with the reported inode. CKR1786 routine: No THOM for IHOM hexaddr dev device inode inode Severity: 24 Explanation: Contact IBM Software Support. In TYPE=UNIX newlists the HOME_OF field and AUDITCONCERN may be incomplete, and AUDITPRIORITY may be too low for files in the indicated file system with the reported inode. CKR1787 CKRCFV: File audit id mismatches inode in system complex for device dev: filename Severity: 20 Explanation: The file audit ID checked for the indicated file has an unexpected layout. Lookups from file audit ids to files in this file system will not be performed. The system and complex names identify the CKFREEZE; filename is the last identified of the file checked, which is in the root directory of the indicated device. Contact IBM Software Support. CKR1788 CKRCFV: File system audit id auditid not unique on system system complex - device dev unindexed Severity: 20 Explanation: The indicated device has the same audit ID as another device that was encountered earlier. Lookups from file audit ids to files in this file system will either fail or erroneously yield results pointing to the other device. The system and complex names identify the CKFREEZE. Contact IBM Software Support. CKR1789 CKRCKGF.CKRUSRG: Called for invalid tag tag (dec) Severity: 24 Explanation: The USR subselection routine encountered an unintelligible request. Contact IBM Software Support. CKR1790 CKRSEL.CKRCOMFV: Called for invalid tag tag (dec) Severity: 24 Explanation: The normal ACL (early) subselection routine encountered an unintelligible request. Contact IBM Software Support. CKR1791 CKRSEL.CKRC2MFV: Called for invalid tag tag (dec) Severity: 24 Explanation: The conditional ACL (early) subselection routine encountered an unintelligible request. Contact IBM Software Support. CKR1792 routine: No literal stored for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The cache for a field that is supposed to have a fixed value is empty. The field will show up empty. Contact IBM Software Support. 346 Version 1.12: Messages Guide CKR1793 CKRPUTV.CKRDELST function: Unfinished restage - now at TLST recordaddr Severity: 24 Explanation: During the indicated delete list function for the indicated record it was noted that a preceding restage function had failed to complete. Contact IBM Software Support. CKR1794 CKRPRTFL.CKRGETV function: Unfinished restage - now at fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: During the indicated get value function for the indicated field it was noted that a preceding restage function had failed to complete. Contact IBM Software Support. CKR1795 CKRPRTFL.CKRGETV: Not ready for restage of fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: A restage request for field fails, because the current program state does not allow the restage; the field will show up empty. Contact IBM Software Support. CKR1796 CKRPRTFL.CKRGETV: Cannot restage fieldaddr1 fieldname1 while staging fieldaddr2 fieldname2 defined at ddname line number Severity: 24 Explanation: A restage request for field1 fails, because the staging area is being used for field2; field1 will show up empty. Contact IBM Software Support. CKR1797 CKRPRTFL.CKRGETV: Cannot restage fieldaddr fieldname for record recordaddr1 while staging recordaddr2 defined at ddname line number Severity: 24 Explanation: A restage request for field fails, because the same field is still being staged for a different record; the field will show up empty. Contact IBM Software Support. CKR1798 CKRPRTFL.CKRGETV: No staging area for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: A restage request for field fails, because the required staging area has not been allocated; the field will show up empty. Contact IBM Software Support. CKR1799 CKRPRTFL.CKRGETV: Staging area too small for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: A restage request for field fails, because the required staging area is too small; the field will show up empty. Contact IBM Software Support. Messages from 1800 to 1899 CKR1800...CKR1899 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. Chapter 5. CKR messages 347 Messages from 1900 to 1999 CKR1900 Nonzero RDJFCB return code RACFDB complex complex Severity: 16 Explanation: The RDJFCB SVC returned a nonzero return code for one of the CKRACFnn files. Contact IBM Software Support. CKR1901 CKREPNDF: PERM$OWN PERMXREF not TRID Severity: 24 Explanation: Contact IBM Software Support. CKR1902 CKREPNDF: PERMXREF invalid with NONDEFAULT Severity: 24 Explanation: Contact IBM Software Support. CKR1903 CKROUGRP: PERMXREF invalid with OUTOFGROUP Severity: 24 Explanation: Contact IBM Software Support. CKR1904 CKRPRTFL.CKRGETV: Value pointer is NIL for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1905 CKROURPT: PERMXREF points to PERM Severity: 24 Explanation: Contact IBM Software Support. CKR1906 CKRSPERM called with nil CKRELEM Severity: 24 Explanation: Contact IBM Software Support. CKR1907 CKRSTNVD: Secondary volume empty CKRELEM Severity: 24 Explanation: Contact IBM Software Support. CKR1908 CKRSTPDA Secondary volume finds empty CKRELEM Severity: 24 Explanation: Contact IBM Software Support. CKR1909 routine: WHERE clause improperly treated for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. The indicated field is a 'late' field that contains a WHERE clause. A true result for the clause was not properly handled. The resulting variable instance will probably be empty. routine 348 Version 1.12: Messages Guide can be CKRPUTV or CKRPUTV.CKROUCLS depending when the erroneous condition was noted. CKR1910 CKRVPRM.CHKSTPR: STARTED profile but VERIFY STC active; type type call for id id Severity: 24 Explanation: VERIFY PERMIT processing for STARTED profiles detected it should not have been called for the reported STARTED profile because VERIFY STC is also active. Contact IBM Software Support. CKR1911 Undefined ID identity without PERM Severity: 24 Explanation: Contact IBM Software Support. CKR1912 Undefined ID identity PERM w/o XREF Severity: 24 Explanation: Contact IBM Software Support. CKR1913 CKRVPRM: No PERMXREF handling for type Severity: 24 Explanation: Contact IBM Software Support. CKR1914 Unknown error message type for volser datasetname Severity: 24 Explanation: Contact IBM Software Support. CKR1915 TRID missing group from TRCO user/group Severity: 24 Explanation: Contact IBM Software Support. CKR1916 CKRFSTC: no default group found for user at member procedure under profile profile Severity: 24 Explanation: This internal error is issued when no default group is found for a STARTED profile with a valid STUSER user but no STGROUP specification during processing for task procedure. VERIFY STC will further ignore this condition, REPORT STC will report the undefined user being used. Contact IBM Software Support. CKR1917 Unsupported comparand type bbbb Severity: 24 Explanation: Contact IBM Software Support. CKR1918 Premature end-of-file on ddname reading blk nnn computed last block is mmm Severity: 20 Explanation: Contact IBM Software Support. Chapter 5. CKR messages 349 CKR1919 Internal error: TGDAQUAL=0 for profile Severity: 24 Explanation: Contact IBM Software Support. CKR1920 CKRFLD internal error searching field Severity: 24 Explanation: Contact IBM Software Support. CKR1921 CKRCFV: Mount record truncated for UNIX device dev in system system complex complex Severity: 16 Explanation: A CKFREEZE mount record was found specifying a mount point path that was longer than fit in the record. The mount point path is truncated, but processing continues. CKR1922 CKRSTELM called invalidly Severity: 24 Explanation: Contact IBM Software Support. CKR1923 CKRSPERM1 unsupported - field Severity: 24 Explanation: Contact IBM Software Support. CKR1924 CKRSPERM2 unsupported - field Severity: 24 Explanation: Contact IBM Software Support. CKR1925 GET$PMB: invalid program program referred for volser - datasetname Severity: 24 Explanation: Contact IBM Software Support. CKR1926 CKRSTPMB with invalid CKRELEM type Severity: 24 Explanation: Contact IBM Software Support. CKR1927 TNVR for TPMB not TNVD or TGDA but xxxx - dsname vol Severity: 24 Explanation: Contact IBM Software Support. CKR1928 TNVR not TNVD or TGDA but xxxx - dsname vol Severity: 24 Explanation: Contact IBM Software Support. 350 Version 1.12: Messages Guide CKR1929 CKRXINIT.CKRDIDID: GENERAL BASE not defined in TSEG Severity: 20 Explanation: The base segment for general resource profiles appears to be undefined in this RACF database. Indexed database read processing cannot guarantee complete output for the RACMAP_REGISTRY field. A run with SUPPRESS INDEX might provide more complete output. CKR1930 CKROURPT missing PERMWHEN on key Severity: 24 Explanation: Contact IBM Software Support. CKR1931 CKROURPT no PERMWHEN support for type on key Severity: 24 Explanation: Contact IBM Software Support. CKR1932 CKROURPT PERMWHEN expected type1 found type2 Severity: 24 Explanation: Contact IBM Software Support. CKR1933 Internal error: mcat processed also on system for system catvol catname Severity: 24 Explanation: Contact IBM Software Support. CKR1934 No connected ctlg catname for system cluster Severity: 24 Explanation: Contact IBM Software Support. CKR1935 Dircat w/o ctlg catname for system cluster name Severity: 24 Explanation: Contact IBM Software Support. CKR1936 TNVR has no sys sections, skipped - volume dsname Severity: 24 Explanation: Contact IBM Software Support. CKR1937 CKROURPT Unknown report type type Severity: 24 Explanation: Contact IBM Software Support. CKR1938 Section missing for type hexlength #sys=number #cmplx=number - issuing abend 1938 Severity: 24 Explanation: This message may hamper operation if you try to analyze an old CKFREEZE file or an incomplete CKFREEZE file. If this is not the case, contact IBM Software Support. Chapter 5. CKR messages 351 CKR1939 More than one DATASET profile for dataset volume dsname Severity: 24 Explanation: Contact IBM Software Support. CKR1940 Tape volumes in unexpected profile type typ1 and typ2 Severity: 24 Explanation: Volume serials were encountered in unexpected profile types (for example, in a generic TAPEVOL profile). Contact IBM Software Support. CKR1941 Missing default group for defined user id Severity: 24 Explanation: Contact IBM Software Support. CKR1942 TNVR not TNVD/TGDA/NOPR but type - volume dsname Severity: 24 Explanation: Contact IBM Software Support. CKR1943 type internal error: string [ at ddname and RecNo number ] Severity: 24 Explanation: Contact IBM Software Support. CKR1944 CKRVPRM TRID address invalid id to name Severity: 24 Explanation: Contact IBM Software Support. CKR1945 CKRACTM: CKRGETV returned RC=rc for fieldaddr fieldname; TLST recordaddr; token token defined at ddname line number Severity: 24 Explanation: The action-on-modify routine was unable to retrieve the previous value of the indicated field. Contact IBM Software Support. The modify action will fail. CKR1946 routine merged TLST invalid Severity: 24 Explanation: Contact IBM Software Support. CKR1947 CKRPRTFL.CKRGETV: Unknown cache method xx for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1948 CKRCFV: Directory entry during HFS switch for system complex to mountpoint Severity: 20 Explanation: A CKFREEZE record for a UNIX directory entry was encountered while the start of a new file system dump had not completed yet. Contact IBM Software Support. The rest of the file system dump is skipped. 352 Version 1.12: Messages Guide CKR1949 CKRCFV: Duplicate HFS dump for system complex FSvolser FSdatasetname Severity: 20 Explanation: A file system dump was encountered while a dump for that file system had already been processed before. Contact IBM Software Support. This file system dump is skipped. CKR1950 Internal error - beadcont address . hexvalue * char-value * Severity: 24 Explanation: Contact IBM Software Support. CKR1951 CKRPUTV.CKRPTCLS: Invalid repeat close for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. The indicated field for the indicated record will not be stored. CKR1952 CKRPUTV: Invalid element length length for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1953 CKRPATT: nil MGEN at pattern field Severity: 24 Explanation: Contact IBM Software Support. CKR1954 CKRPRTFL: Unknown format outputformat for fieldaddr fieldname at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1955 CKRPUTV: Unknown storage method xx requested for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1956 CKRPUTV: Unknown repeat group storage method xx requested for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1957 CKRPRTFL.CKRGETV: Unknown function call number for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. Chapter 5. CKR messages 353 CKR1958 CKRPRTFL.CKRGETV: Invalid token token requested for fieldaddr fieldname; TLST recordaddr; fn code; cachetoken defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1959 CKRPRTFL.CKRGETV: Link is NIL for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1960 CKRPRTFL.CKRGETV: Cache invalid for link from fieldaddr1 fieldname to fieldaddr2; TLST recordaddr; flg flags defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1961 CKRPRTFL.CKRGETV: Unknown storage method xxyy for fieldname; TLST recordaddr; OUTFs fieldaddr1 fieldaddr2 defined at ddname1 line number1 at ddname2 line number2 Severity: 24 Explanation: Contact IBM Software Support. CKR1962 CKRPRTFL.CKRGETV: Repeat group address is NIL for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1963 CKRPRTFL.CKRGETV: Repeat group entry length 0 for fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1964 CKRPRTFL.CKRGETV: a b/c entries in fieldaddr fieldname; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1965 CKRPRTFL.CKRGETV: Decompress of xx for fieldaddr fieldname via yy (zz) failed; TLST recordaddr defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1966 SMF record number length discrepancy between RDW (len1) and input routines (len2) in ddname volser dsn Severity: 24 Explanation: The length returned by the SMF input routines differs from the length seen in the SMF record's RDW. The record will be skipped. Contact IBM Software Support. 354 Version 1.12: Messages Guide CKR1967 CKRPRTFL.CKRGETV: Record descriptor mismatch for fieldaddr fieldname: descriptor1; TLST recordaddr: descriptor2 defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1968 CKRPUTV: Entry length actual instead of expected for fieldaddr fieldname defined at ddname line number Severity: 16 Explanation: The indicated field was supposed to have values of a fixed length as indicated by expected, but an entry with length actual was encountered. Due to the chosen storage method the entry cannot be stored now. If you are running zSecure for RACF, refer to the documentation for the VARLEN output modifier in the IBM Security zSecure Admin and Audit for RACF: User Reference Manual for information about troubleshooting the problem in the database. If the error is not found in the database or you are running zSecure on another platform, contact IBM Software Support. CKR1969 CKROUNIT: Unknown summary statistic xx for fieldname at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1970 routine: Invalid list header - TLHD listaddr. hexvalue * charvalue * Severity: 24 Explanation: Contact IBM Software Support. CKR1971 routine: Invalid list line - TLST recordaddr. hexvalue * charvalue * Severity: 24 Explanation: Contact IBM Software Support. This message is followed by user ABEND 16. If the message is suppressed, processing continues. CKR1972 CKRDEXB: Requested rel blk block not in cache start-end for ddname volser dsname Severity: 24 Explanation: Contact IBM Software Support. The problem may possibly be circumvented by specifying SUPPRESS INDEX or BDAMQSAM. CKR1973 CKRSTPL.CKRCLST: For a MERGELIST the primary TLHD must be supplied Severity: 24 Explanation: Contact IBM Software Support. If this error occurs the output records may appear in the wrong sort order. CKR1974 CKRPUTV: Late call for fieldaddr1 fieldname1 but repeat group open for fieldaddr2 fieldname2 defined at ddname line number Severity: 24 Explanation: Apparently two repeat groups are being constructed at the same time. This is not supported and the "nested" calls for field1 are ignored, i.e., the values are discarded. Contact IBM Software Support. Chapter 5. CKR messages 355 CKR1975 CKRXINIT: no key/mask/class Severity: 24 Explanation: Contact IBM Software Support. The problem may possibly be circumvented by specifying SUPPRESS INDEX or BDAMQSAM. CKR1976 CKRXINIT: key has length 0 Severity: 24 Explanation: Contact IBM Software Support. The problem may possibly be circumvented by specifying SUPPRESS INDEX or BDAMQSAM. CKR1977 CKRDIXB: in cache not found Severity: 24 Explanation: Contact IBM Software Support. The problem may possibly be circumvented by specifying SUPPRESS INDEX or BDAMQSAM. CKR1978 Ready RFDS but state is state Severity: 24 Explanation: Contact IBM Software Support. CKR1979 CKRLKPP: Unspecified kind of repeat group restriction for fieldaddr fieldnamedefined at ddname line number Severity: 24 Explanation: An error occurred when processing the indicated field. The field will not be output. This message can be suppressed. Contact IBM Software Support. CKR1980 CKRLKPP: Unintelligible request xx for fieldaddr fieldname defined at ddname line number in type Severity: 24 Explanation: Contact IBM Software Support. CKR1981 CKRPATT: undefined generic type to be added to MTAB Severity: 24 Explanation: Contact IBM Software Support. CKR1982 C2ARULE: backward reference found at first entry Severity: 24 Explanation: Contact IBM Software Support. CKR1983 CKRPUTV: Early call for late field fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The indicated field is supposed to be constructed in a later stage; this call is ignored. Contact IBM Software Support. 356 Version 1.12: Messages Guide CKR1984 routine: Invalid column - OUTF fieldaddr. hexvalue * charvalue * Severity: 24 Explanation: Contact IBM Software Support. This message is followed by user ABEND 16. If the message is suppressed, processing continues. CKR1985 CKRPUTV.CKRIRPT: Late open for fieldaddr1 fieldname1 but repeat group open for fieldaddr2 fieldname2 defined at ddname line number Severity: 24 Explanation: The area used for building repeat groups and constructing late columns is explicitly opened for field1, but it should have been closed for field2 first; the close processing for field2 will be performed now before the requested open processing in an attempt to recover from this condition. Contact IBM Software Support. CKR1986 CKRPUTV.CKRPTSRT: Unexpected element size size for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: There appears to be something wrong with repeat group field; the current repeat group will not be sorted. Contact IBM Software Support. CKR1987 CKRPUTV: Multi-valued non-repeat field fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: Apparently there are multiple fieldvalues for a single record, but the field is not declared as a repeat group. The secondary values will be discarded. Contact IBM Software Support. CKR1988 CKRPUTV.CKRDELST function: Record recordaddr still open for output for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The indicated delete list function would delete a record that is still under construction. Since a later write to an already deleted record could wreak havoc and recovery from this condition would be complicated and iffy, user ABEND 16 will be issued. Contact IBM Software Support. CKR1989 routine: Record descriptor descriptor not ready for printing fieldaddr fieldname Severity: 24 Explanation: The request to print the indicated field is not honored, because that column is part of a record type for which no record appears to be being printed at this time. Contact IBM Software Support. CKR1990 CKRPUTV: Literal already stored for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The indicated fieldcolumn is a literal, so a secondary value for it was not expected. Contact IBM Software Support. CKR1991 CKRSMRY: Internal length length for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: The indicated column fieldname is a summary statistic but has an unsupported length. No output is being generated. Contact IBM Software Support. Chapter 5. CKR messages 357 CKR1992 CKRCKGS: No default group for userid in complex Severity: 24 Explanation: The default group for the indicated userid in the indicated complex appears to be missing. No CKG.SCP.ID resource name can be constructed for this userid. The CKGRACF scope determination may be off. Contact IBM Software Support. CKR1993 CKAOUTRU: Unexpected SCOP eyecatcher Severity: 24 Explanation: Contact IBM Software Support. CKR1994 CKRCKGS.CKRIMPL: Invalid USRC (len=len) - data for fieldaddr fieldname; TLST recordaddr Severity: 24 Explanation: The data found for the indicated field in the indicated record does not have the expected USRC format. Contact IBM Software Support. CKR1995 CKRPUTV.CKRPTCLS: Invalid empty repeat close for fieldaddr fieldname defined at ddname line number; TLST recordaddr Severity: 24 Explanation: The indicated field was first stored, and then processed yielding an empty column, while no storage method precautions were taken to allow this. This message will be followed by user ABEND 16. Contact IBM Software Support. CKR1996 CKRPUTV.CKRDELST: MERGELIST error - TLHD queryaddr ix queryindex TLST recordaddr ix recordindex Severity: 24 Explanation: The delete record routine encountered a problem in a MERGELIST. Contact IBM Software Support. CKR1997 CKRLKUP: No function indicated for fieldaddr fieldname; TLST recordaddr call type xx defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support. CKR1998 CKRCFV: Directory switch during HFS switch for system complex to mountpoint Severity: 20 Explanation: A CKFREEZE record for a UNIX directory switch was encountered while the start of a new file system dump had not completed yet. Contact IBM Software Support. The rest of the file system dump is skipped. CKR1999 CKRCFV: Directory switch before HFS root for system complex mountpoint Severity: 20 Explanation: A CKFREEZE record for a UNIX directory switch was encountered while the root directory contents had not been seen yet. Contact IBM Software Support. The rest of the file system dump is skipped. Messages from 2300 to 2399 358 Version 1.12: Messages Guide CKR2300 Adding ALLOC TYPE=CKFREEZE ZSECNODE=zsecnode ACTIVE [COMPLEX=complex] Severity: 0 Explanation: This message indicates that a small recent CKFREEZE will be obtained from remote zSecure Server for the indicated node. This action is taken if the input set of ALLOC statements does not provide a plausible alternative. CKR2301 Adding ALLOC TYPE=CKFREEZE ZSECSYS=zsecsys ACTIVE [COMPLEX=complex] Severity: 0 Explanation: This message indicates that a small recent CKFREEZE will be obtained from the remote zSecure Server identified in the message. This action is taken if the input set of ALLOC statements does not provide a plausible alternative. CKR2302 Complex name complex assigned to ddname volser dsname Severity: 0 Explanation: This message indicates which complex name was assigned to an unload operation. CKR2303 Complex name complex assigned to danem volser dsname Severity: 0 Explanation: This message documents the complex name assigned to the unload file. The assignment is not based on a matching security database name; that occurrence would issue message CKR2347 instead. CKR2304 Complex complex assigned for RACF data set volser dsname of ddname system Severity: 0 Explanation: This message documents that a snapshot was linked to a security database (complex) name based on the indicated RACF data set name. CKR2305 Complex complex assigned by default to ddname system system Severity: 0 Explanation: This message indicates the default system was assigned to a main or base-function security database and the complex name and version were inherited. For more information about the default system, see the DEFAULT command. CKR2306 Complex complex FUNC=MERGE assigned by default to ddname system system Severity: 0 Explanation: This message indicates the default system was assigned to a security database and the complex name was inherited. For more information about the default system, see the DEFAULT command. CKR2307 Complex complex added because named on ALLOC for file ddname Severity: 0 Explanation: This message indicates that a complex (without a security database) was added because of an explicitly specific COMPLEX= parameter on another file. CKR2308 file system system matches normal function complex complex Severity: 0 Explanation: This message documents that the indicated snapshot file is used for a main or base-function complex because it has the same complex and version name. Chapter 5. CKR messages 359 CKR2309 ALLOC TYPE=CKFREEZE ACTIVE system system uses complex complex Severity: 0 Explanation: This message documents which complex was assigned to an explicitly specified active ALLOC TYPE=CKFREEZE ACTIVE. CKR2310 ddname system system matches any function complex complex Severity: 0 Explanation: This message documents that the indicated snapshot is linked to the indicated complex name because the complex and version name match. CKR2311 Non-merge complex complex for security db volser dsname matches ddname system system Severity: 0 Explanation: This message documents that a snapshot was linked to a main or base-function security database (complex) name based on the indicated security-database data set name. CKR2312 Non-merge complex complex for RACF data set volser dsname matches ddname system system Severity: 0 Explanation: This message documents that a snapshot was linked to a main or base function RACF security database (complex) name based on the indicated RACF data set name. CKR2313 ddname system system matches normal function complex complex Severity: 0 Explanation: This message documents that the indicated snapshot is linked to the indicated complex name because the complex and version name match. CKR2314 Switched to sequential mode on remote database complex Severity: 00 Explanation: This message is issued on a CKRCARLA client when a server instance decides to switch reading the database to sequential mode for the indicated complex. This message follows message CKR1314, which is issued because of the high number of requests on the server side for the last data set in a database. This message is not issued if the client initiates the transition to sequential mode. CKR2315 Complex complex for security db volser dsname matches ddname system system Severity: 0 Explanation: This message documents that a snapshot was linked to a security database (complex) name with any function, based on the indicated security data set name. CKR2316 Complex complex for RACF data set volser dsname matches ddname system system Severity: 0 Explanation: This message documents that a snapshot was linked to a RACF database (complex) name with any function, based on the indicated RACF data set name. CKR2317 ddname system system implicit allocation defaults to complex complex Severity: 0 Explanation: This message documents that the indicated complex name was assigned to the indicated system because there was no better match. 360 Version 1.12: Messages Guide CKR2318 ddname system system no matching security database, creating complex complex Severity: 0 Explanation: This message documents that a new complex was created to contain the indicated system snapshot because no match was found. CKR2319 ddname default system system considered default system for default complex complex Severity: 0 Explanation: This message documents that the default system of the default complex was changed to ensure that it equals the default system. For more information about the default system, see the DEFAULT command. CKR2320 ONLYAT option specified and will be appended to generated RACF commands Severity: 4 Explanation: Message CKR2320 is issued when you specify the ONLYAT option, but VERIFY PERMIT processing cannot determine the RRSF status for the system. User response: This message is issued with message CKR2322 or CKR2323 if the CKFREEZE file for the specified system does not contain information (or there is no CKFREEZE file) that indicates the system belongs to a multi-system RRSF configuration. See the suggested user actions associated with those commands. CKR2321 CKFREEZE required for system xxxx to determine RRSF status Severity: 4 Explanation: Message CKR2321 is issued to warn that a CKFREEZE file is required to process the command and determine if the command applies to a multi-system RRSF configuration. Examples of commands that can cause this message are: VERIFY PERMIT, COPY, MOVE, and REMOVE. User response: No action is required if the system is not part of a multi-system RRSF configuration. If the system is part of a multi-system RRSF configuration, you can perform either of these corrective steps: v Specify the ONLYAT option so that any cleanup commands are directed only to the required system. v Include RACF databases for all systems in the multi-system RRSF configuration, for example, so that VERIFY PERMIT can determine if a user ID that is undefined on one system in the RRSF configuration is defined on another system in the RRSF configuration. Note: The use of the ONLYAT option requires the RACF Special attribute. CKR2322 Unable to determine RRSF status for system xxxx Severity: 4 Explanation: Message CKR2322 is issued with message CKR2320 if the ONLYAT option is specified but the CKFREEZE file is not available to determine if the system specified in this message is part of a multi-system RRSF configuration. User response: No action is required if the system is not part of a multi-system RRSF configuration. If the system is part of a multi-system RRSF configuration, you can perform either of these corrective steps: v Specify the ONLYAT option so that any cleanup commands are directed only to the required system. v Include RACF databases for all systems in the multi-system RRSF configuration, so that VERIFY PERMIT can determine if a user ID that is undefined on one system in the RRSF configuration is defined on another system in the RRSF configuration. CKR2323 No RRSF information for system xxxx in CKFREEZE Severity: 4 Explanation: Message CKR2323 is issued with message CKR2320 if the ONLYAT option is specified but the CKFREEZE file does not contain information to determine if the system specified in this message is part of a multi-system RRSF configuration. Chapter 5. CKR messages 361 User response: This is only a warning message. You can remove the ONLYAT option from the user input if it is not required for any systems that are processed by this job. CKR2325 No commands generated for id xxxx, as id is defined on other RRSF systems Severity: 0 Explanation: Message CKR2325 is issued with message CKR0068 if an undefined user ID is found on another system in the RRSF configuration and the ONLYAT option was not specified. User response: See the suggested user actions associated with message CKR0068. CKR2329 warning - commands may be directed by RRSF Severity: 4 Explanation: This message indicates that the program could not determine whether or not commands would be directed by RRSF. User response: Verify that the commands have the intended effect across RRSF nodes. CKR2340 ddname system system considered default system for complex complex Severity: 0 Explanation: This message documents the decision about which system to use as the default system for the indicated complex. CKR2341 ddname system system considered default system for complex complex1 similar to complex complex2 Severity: 0 Explanation: This message documents the decision about which system to use as the default system for the indicated complex, based on a similar complex with a possibly different function or version. CKR2342 ddname system system considered default system for complex complex because SMF id matches Severity: 0 Explanation: This message documents the decision about which system to use as the default system for the indicated complex, based on the SMF ID or VM system name. CKR2343 Warning: RACF data set volser dsname already known as complex complex1, assigning complex "dupn" to ddname system system Severity: 0 Explanation: This message warns that the input files contain more than one information source for the same complex. Consequently, another "dupn" complex name was assigned to the duplicate security database. CKR2344 Warning: duplicate complex name complex1 for default system, assigning complex "dupn" to ddname system system Severity: 0 Explanation: This message warns that the input files contain more than one information source for the same complex. Consequently, another "dupn" complex name was assigned to the duplicate security database. CKR2345 ddname default system system matched complex name complex Severity: 0 Explanation: This message indicates that the default system was assigned the indicated security database based on the matching complex and version name. 362 Version 1.12: Messages Guide CKR2346 ddname system system matched complex name complex Severity: 0 Explanation: This message indicates that the indicated system snapshot was assigned the indicated security database based on the matching complex and version name. CKR2347 Complex COMPLEX assigned to unload ddname volser unload dsname because security db volser secdb dsname matches ddname system system Severity: 0 Explanation: This message documents that the indicated unload data set was assigned the indicated complex name because the indicated security database is in the indicated snapshot file. CKR2348 System num identification for system (SMF id) system ddname volser dsname Sysname sysname sysplex sysplex clone cc hw hwname vm user userid rrsf rrsfnode nje njenode Severity: 0 Explanation: This informational message shows which system identifications were found in the indicated snapshot file. It can help you understand the logic used for complex name assignment and normal command routing. CKR2349 ddname system system considered default system for complex complex Severity: 0 Explanation: This message documents the decision to use an ACTIVE CKFREEZE as the default system for the indicated complex. CKR2350 CKRSVPUT need larger buffer file rmtfile for clientfile - skipping record with length length Severity: 20 Explanation: This message indicates that an unexpected long record was found that the mechanism does not support. User response: Search the IBM support web site for information about this message. If you cannot find information and the file analyzed is a supported security database, SMF, or CKFREEZE file, contact IBM Software Support. CKR2351 A required server connection is not available Severity: 12 Explanation: This message indicates that a zSecure Server is needed for the CARLa query, but a server could not be reached with the currently configured server token. User response: See messages CKR1494 and CKR1495 for more details on the attempt to access the local zSecure Server and follow the guidance. CKR2352 No RACF data set for range table sequence number seqno in complex complex - range startkey Severity: 0 Explanation: This message indicates that for the indicated complex there is no RACF data set in the RACF database that matches a particular key range in the range table. The start of the key range is shown. If your product includes this function, you can use the range table report (menu option AU.S - RACF control - RANGE) for a better understanding of the range table as it is used. User response: Verify the allocations for the complex. Perhaps the CKFREEZE does not belong with the database source or not all the RACF data sets in a RACF database have been specified on an ALLOC statement. Chapter 5. CKR messages 363 CKR2353 Adding ALLOC TYPE=CKFREEZE ZSECNODE=zsecnode ZSECSYS=zsecsys ACTIVE [COMPLEX=complex] Severity: 0 Explanation: This message indicates that a small recent CKFREEZE will be obtained from the remote zSecure Server for the indicated node. This is done if the input set of ALLOC statements does not provide a plausible alternative. CKR2355 Default system's complex name must have that system system as the main system Severity: 0 Explanation: This informational message documents that the default system for a complex was amended based on which system is the default system. User response: If this is not the intended configuration, you can change the default system with the DEFAULT statement. CKR2356 LOGOPTIONS(NEVER) active for DATASET Severity: 4 Explanation: This message is issued in response to VERIFY SENSITIVE. It indicates that LOGOPTIONS(NEVER) is in effect for DATASET profiles on the class level. Commands might be issued to adjust the log options for individual profiles, but these have no effect until the global setting is changed.CKR2357 CKR2357 SYSLOG option also requires SYSLOGTO/SYSLOGTOFILE specification. Severity: 12 Explanation: If the SYSLOG option is present in the NEWLIST statement then it also requires a SYSLOGTO or SYSLOGTOFILE specification. User response: Ensure that the SYSLOGTO or SYSLOGTOFILE option is also present. These options specify the destination for the SYSLOG. Messages from 2500 to 2599 CKR2500 CKRCUST.CKRCSTG: Called for invalid tag nnnn (dec) Severity: 24 Explanation: An internal error has caused routine CKRCSTG in module CKRCUST to be called to process an unexpected tag. The value nnnn will identify the tag which has been requested for processing. User response: Contact IBM Software Support. CKR2502 DIFRPT corrupted VALs - V1address hexvalue V2 address hexvalue Severity: 24 Explanation: This is an internal error message User response: Search the IBM support web site for information about this message. If you cannot find information, contact IBM Software Support. CKR2503 RSB reconstruction mismatch for type id Contents Severity: 24 Explanation: This internal error is generated when the program cannot reconstruct control block structures vital for understanding the ACF2 environment being analyzed. 364 Version 1.12: Messages Guide type Can be complex or system, indicating whether the unexpected layout was detected in the contents of an UNLOAD or a CKFREEZE. id Indicates the control block that could not be reconstructed, or it might show the complex or system name. Contents Shows the data that was actually encountered. User response: Verify if you allocated a proper UNLOAD and CKFREEZE and correct if needed. If this does not solve the problem, contact IBM Software Support. CKR2589 CKRACT.CKRACTT: Undeclared result for type Severity: 24 Explanation: It is unknown whether the newlist type (shown as a decimal number) is supported by the FORALL primary command. FORALL continues, but might not make any actual substitutions. This message can be suppressed. User response: Contact IBM Software Support. CKR2590 No data buffer for element index in selected range Severity: 24 Explanation: A positive selection (Z / ZZ..ZZ) on a display was combined with a FORALL primary command. An internal error occurred when processing this request. User response: Contact IBM Software Support. Report the details of the line commands used on the display when the error occurred. CKR2591 FORALL: Expected X or XX - flags index linecommand Severity: 24 Explanation: A negative selection (none or X / XX..XX) on a display was combined with a FORALL primary command. An internal error occurred when processing this request. User response: Contact IBM Software Support. Report the details of the line commands used on the display when the error occurred. If different line commands were used at the same time, you might circumvent this message by not combining FORALL and selection line commands with these other line commands. CKR2592 FORALL: XX start without XX end Severity: 24 Explanation: A negative selection (none or X / XX..XX) on a display was combined with a FORALL primary command. An internal error occurred when processing this request. User response: Contact IBM Software Support. Report the details of the line commands used on the display when the error occurred. If different line commands were used at the same time, you might circumvent this message by not combining FORALL and selection line commands with these other line commands. CKR2593 FORALL: Unknown substitution variable number (hex) after "substring" Severity: 24 Explanation: An internal error occurred when processing a primary FORALL command. This is not a parse error (ISPF message CKRM991 would be issued). This message is followed by a series of debug messages (CKR2670) that show the parse results recorded at this time and user ABEND 2593. User response: You can suppress this message (an empty substitution will occur). Before contacting IBM Software Support, try to reproduce the problem with DEBUG ACTION activated through SETUP PREAMBLE. This should show an earlier sequence of CKR2670 messages as well. Chapter 5. CKR messages 365 CKR2594 CKRXINIT.CKRDIXY: Mask specification len length not supported - address: keyrequest Severity: 24 Explanation: The CKRCARLa instance running as a database server received a key request containing a mask specification longer than 255 characters. The key request entry is discarded, which might result in some data not being returned to the client. You can suppress this message. User response: You can circumvent this problem by adding SUPPRESS INDEX to the CARLa query. If this does not work, contact IBM Software Support. It is useful to supply information about the key requests being sent (as shown through DEBUG DBPUT(FULL) on the server side) and what key requests should have been sent (as shown through DEBUG INDEX on the client side). CKR2595 CKRXINIT.CKRDIXY: MASK= but no Key-key - address: keyrequest Severity: 24 Explanation: The CKRCARLa instance running as a database server received a key request announcing a mask specification that was not included. The key request entry is discarded, which might result in some data not being returned to the client. You can suppress this message. User response: You can circumvent this problem by adding SUPPRESS INDEX to the CARLa query. If this does not work, contact IBM Software Support. It is useful to supply information about the key requests being sent (as shown through DEBUG DBPUT(FULL) on the server side) and what key requests should have been sent (as shown through DEBUG INDEX on the client side). CKR2596 CKRXINIT.CKRDIXY: Entry length length exceeds buffer length length - address: keyrequest Severity: 24 Explanation: The CKRCARLa instance running as a database server received a key request that specified an entry length that exceeds the boundary of the request. This key request and any key requests following in the same buffer are discarded, which might result in some data not being returned to the client. You can suppress this message. User response: You can circumvent this problem by adding SUPPRESS INDEX to the CARLa query. If this does not work, contact IBM Software Support. It is useful to supply information about the key requests being sent (as shown through DEBUG DBPUT(FULL) on the server side) and what key requests should have been sent (as shown through DEBUG INDEX on the client side). CKR2597 CKRXINIT.CKRDIXY: Remaining buffer length length is too small for a Key-entry - address: keyrequest Severity: 24 Explanation: The CKRCARLa instance running as a database server received a key request buffer that was too small for a key request. This message is followed by user ABEND 2597. User response: You can circumvent this problem by adding SUPPRESS INDEX to the CARLa query. If this does not work, contact IBM Software Support. It is useful to supply information about the key requests being sent (as shown through DEBUG DBPUT(FULL) on the server side) and what key requests should have been sent (as shown through DEBUG INDEX on the client side). CKR2598 CKRXINIT.CKRDIXY: Key-prefix-len length exceeds entry length length - address: keyprefix Severity: 24 Explanation: The CKRCARLa instance running as a database server received a key request that was too small to contain the declared key prefix. The key request entry is discarded, which might result in some data not being returned to the client. You can suppress this message. User response: You can circumvent this problem by adding SUPPRESS INDEX to the CARLa query. If this does not work, contact IBM Software Support. It is useful to supply information about the key requests being sent (as shown through DEBUG DBPUT(FULL) on the server side) and what key requests should have been sent (as shown through DEBUG INDEX on the client side). 366 Version 1.12: Messages Guide CKR2599 CKRXINIT.CKRDIXY: Remaining entry length length is too small for a Key-key - address: keyrequest Severity: 24 Explanation: The CKRCARLa instance running as a database server received a key request that a partial KEY/MASK specification. The key request entry is discarded, which might result in some data not being returned to the client. You can suppress this message. User response: You can circumvent this problem by adding SUPPRESS INDEX to the CARLa query. If this does not work, contact IBM Software Support. It is useful to supply information about the key requests being sent (as shown through DEBUG DBPUT(FULL) on the server side) and what key requests should have been sent (as shown through DEBUG INDEX on the client side). Messages from 2600 to 2699 CKR2600...CKR2601 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. Messages from 2800 to 2899 CKR2800...CKR2837 message Severity: 00 Explanation: These messages are issued in response to the specification of DEBUG commands or options. If you need information about these messages, contact IBM Software Support. CKR2838 Volume chain for dsname appears corrupt; processing volume volser Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2839 Volume volser not available for sharing requested for data set dsname Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2840 UCM version nn not supported - TYPE=CONSOLE records omitted Severity: 04 Explanation: Contact IBM Software Support. CKR2841 message Severity: 00 Explanation: This message is in response to a debugging option. If you need information about this message, contact IBM Software Support. CKR2842 No TNVR found for dsname volser Severity: 24 Explanation: Contact IBM Software Support and submit an error report. Chapter 5. CKR messages 367 CKR2843 Generation data set name cell invalid - generation nn version vv for entity Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2843 Generation data set name cell missing for entity Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2844 Unsupported tag value xxxxxxxx for description Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2845 Unrecognized profile type profile for data set dsname on volume volume Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2846...CKR2873 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. CKR2874 CKROURPT no TRID for member member Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2875 CKROURPT TSTCUSER=user ID=id Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2876 CKRMRGP grouped field field not supported. Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2876 CKRTRNS Internal error Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2877 Internal error condition in CKAOUJES Severity: 24 Explanation: Contact IBM Software Support and submit an error report. 368 Version 1.12: Messages Guide CKR2878 CKRDELDA: volume volser unknown Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2879 CKRDNVC invoked with unknown method method - dsname not deleted from catalog catalog Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2880...CKR2887 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. CKR2889 CKACPXT invalid code nn Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2890 CKRMODC segment undetermined for field Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2891 CKRACTM segment not found for field Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2892 Missing program member instance in program : dsname volume Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2893 CKRINPD internal error Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2894 Format not supported in CKRXPLB - xx Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2895 CKRFLDP Unsupported pseudofield tag nnn (decimal) Severity: 24 Explanation: This message might be caused by the use of a field that is only valid within a DEFINE SUBSELECT in an open SELECT or LIST family statement. Contact IBM Software Support and submit an error report. Chapter 5. CKR messages 369 CKR2896 CVTMODF Cannot handle long values - length length for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2896 CVTMODF Internal error - length zero for field for fieldaddr fieldname defined at ddname line number Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2897 DTFMTL2 called invalidly Severity: 24 Explanation: Contact IBM Software Support and submit an error report. CKR2898, CKR2899 message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. 370 Version 1.12: Messages Guide Chapter 6. CKV Messages zSecure Collect is a component of both zSecure Admin and Audit and Tivoli zSecure Manager for RACF z/VM. It is used to collect system data and store that data in CKFREEZE data sets. Some messages issued by zSecure Collect share the same text for the z/OS and z/VM version of the product. However, the message prefix is CKF for the z/OS product and CKV for the z/VM product. For example, if you are using zSecure Admin and Audit you might see message number of CKF970I. The same message issued by Tivoli zSecure Manager for RACF z/VM has the number CKV970I. zSecure Collect messages shared between the z/OS and z/VM platforms are documented in Chapter 2, “CKF Messages,” on page 5. zSecure Collect messages specific to the z/VM product are documented in this section. To locate documentation for a specific message with the CKV prefix, search this documentation for the message number, CKV970I for example. Each message number has the form CKVnnnI where nnn is the message number. In addition to the message identifier, the program also issues a severity code. This code is derived from the program completion code that indicates the highest severity code encountered. The severity code can contain any of the following values: 00 Normal message, giving status or summary information. 04 Unusual condition found that might result in missing information. 08 Unusual condition found that causes information that was requested to be missing. Subsequent processing might be impacted. 12 Unexpected condition during zSecure Collect processing. 16 Syntax error in command input or entitlement problem. 24 Internal error or other unexpected and unsupported condition in zSecure Collect detected. 28 Internal error or other unexpected and unsupported condition in zSecure Collect detected. A user abend is issued to protect your system and force a dump. Messages from 0 to 99 CKV000I CKVECOLL version 1.12 Severity: 0 Explanation: Product identification CKV001I Licensed to name of licensee Severity: 0 Explanation: This message is not typically issued for z/VM. Please submit an error report. © Copyright IBM Corp. 2008, 2010 371 CKV008I Directory information includes u users and n minidisks Severity: 0 Explanation: Run summary information. CKV009I CKVCOLL used ss.t CPU seconds, ss elapsed seconds, and collected m.kkk MB (m.kkk MB/s) Written rectotal records to dsn on volume list Severity: 0 Explanation: This message details the CPU time used as well as the wall clock time. In addition, the amount of data collected (written to the CKFREEZE file) is summarized as well as the effective data rate. CKV010I System name must be specified with SYSTEM command Severity: 8 Explanation: The system name is required if a directory file is analyzed on another system (MVS or VM). CKV011I Unknown command command ignored Severity: 4 Explanation: The indicated command in the SYSIN file is not recognized. CKV013I Specified user directory is empty or does not exist. Severity: 04 Explanation: The directory containing the input commands is empty or does not exist. User response: Update the command input used to run the data collection process (CKVECOLL) to specify a valid directory file in the VM Directory file source parameter. See Setting up the daily collection process in the IBM Tivoli zSecure Manager for RACF z/VM: Manager for RACF z/VM Installation and Deployment Guide. CKV014I Not running on Class B userid, configuration data collection will fail Severity: 8 Explanation: A Class BE user ID is required for CKVECOLL. CKV015I Not running on Class E userid, device type information will be incomplete Severity: 4 Explanation: A Class BE user ID is required for CKVECOLL. CKV016I Running 370 virtual machine on XA/ESA hardware; configuration data will be incomplete Severity: 4 Explanation: It is recommended to use a XA capable virtual machine when running on VM/XA or VM/ESA®. Although a 370 machine provides all the essential information, XA/ESA machines sometimes provide more complete path information. CKV019I Running VM/xxx 370/XA mode userid uid system systemid node nodename Severity: 0 Explanation: Identifies the system and user ID when running on a VM system. 372 Version 1.12: Messages Guide CKV021I Reading directory for system system Severity: 0 Explanation: The directory is now read. The following messages refer to the directory read process. CKV022I Directory text file not allocated to DIRECT ddname. Minidisk info missing Severity: 8 Explanation: No directory information is available to zSecure Collect. Without this information, the resulting file is unusable for most analyses with other zSecure products. CKV023I Specified guest userid not found in directory Severity: 8 Explanation: The user directory does not contain the USER statement corresponding to the user ID specified with the GUEST command. No information can be collected for the specified guest. CKV025I Duplicate userid userid found Severity: 4 Explanation: The indicated user ID is defined twice in the user directory. CKV026I statement statement without preceding USER statement Severity: 4 Explanation: A syntax error or unsupported construction in the directory was detected. The word statement in this message can be MDISK or DEDICATE. CKV027I statement statement ignored for duplicate USER statement Severity: 4 Explanation: Only the minidisk definitions from the first occurrence of a user ID are used. The word statement in this message can be any of the following: ACIGROUP, CLASS, DEDICATE, or MDISK. CKV028I Duplicate statement address xxxx for user user Severity: 4 Explanation: The same statement is found twice for the same user. The word statement in this message can be DEDICATE or minidisk. CKV029I Real address yyyy in DEDICATE xxxx yyyy for user user not found Severity: 4 Explanation: The real address yyyy specified in the directory source was not found in the real configuration. That is, the address is associated with any of the real devices found with Q DASD ALL. CKV079I Reading from device-no resulted in nonzero return code code[,SCSW=channel status word] Severity: 08 Explanation: Could not read from the specified device. The status code and optional device subchannel status word is provided in order to diagnose the problem. User response: Consult the documentation for the specified device to troubleshoot the I/O error. Chapter 6. CKV Messages 373 Messages from100 to 199 CKV110I Channel path nn ignored for real device xxxx. Only 8 CHPIDs supported Severity: 4 Explanation: More than eight channel paths were reported by the Q PATHS command for the indicated device. CKV112I Unexpected text text in Q PATHS Severity: 4 Explanation: The output from the Q PATHS command could not be parsed. Use the SETUP FILES (SE.1) option to rerun the zSecure Collect program (CKVECOLL) with the DEBUG CP option enabled. Then, send the resulting SYSPRINT to IBM Software Support. On the SETUP panel, select the CKFREEZE file you want to refresh. Then, select the DEBUG CP option from the Optional parameter list for CKFREEZE creation fields. Then, issue the REFRESH command to generate the output. CKV113I No control unit found for device xxx Severity: 4 Explanation: The RDEVBLOK in a VM/SP system did not contain a single control unit (RCUBLOK) pointer. This should not happen. CKV114I Unexpected output from Q DASD DETAILS xxxx command. Severity: 4 Explanation: The output from the Q DASD DETAILS command could not be parsed. Please rerun CKVCOLL with an extra parameter DEBUG CP and send the resulting SYSPRINT to IBM Software Support. See message CKV112I for extra explanation. CKV115I Unknown element text in Q DASD DETAILS xxxx response Severity: 4 Explanation: The output from the Q DASD DETAILS command could not be parsed. Please rerun CKVCOLL with an extra parameter DEBUG CP and send the resulting SYSPRINT to IBM Software Support. See message CKV112I for extra explanation. CKV116I Unexpected output from Q NSS MAP ALL command Severity: 4 Explanation: The output from the Q NSS MAP ALL command could not be parsed. Please rerun CKVCOLL with an extra parameter DEBUG CP and send the resulting SYSPRINT to IBM Software Support. See message CKV112I for extra explanation. CKV120I Unknown size modifier M in Q NSS output Severity: 4 Explanation: The output from the Q NSS MAP ALL command could not be parsed. Please rerun CKVCOLL with an extra parameter DEBUG CP and send the resulting SYSPRINT to IBM Software Support. See message CKV112I for extra explanation. CKV140I No sense information for devices on channels list Severity: 8 Explanation: The zSecure Collect (CKVECOLL) program attempts to issue at least one Read Configuration Data CCW to 3990 controllers if COLLECT SENSE is specified. The message indicates that for the devices on listed 374 Version 1.12: Messages Guide channels no sense data could be obtained. You can solve this problem by allocating a minidisk on one of the devices listed in message CKV141. This process is only required if you need the subsystem ID. CKV141I Devices are: list of devices Severity: 8 Explanation: See message CKV140I. CKV145I Unexpected output from Q CACHE nnn command Severity: 4 Explanation: The output from the Q CACHE command could not be parsed. The device might be non-cached, or a non-supported format of the Q CACHE command was encountered. In this case, please rerun CKVCOLL with an extra parameter DEBUG CP and send the resulting SYSPRINT to IBM Software Support. See message CKV112I for more instructions to complete this process. CKV199I I/O error on device vdevno cc=condition code return code R15=value Severity: 8 Explanation: An I/O request (Diagnose X'20' or X'A8') failed with the indicated condition and return codes. Messages from 200 to 299 CKV200I Cannot collect configuration data on MVS Severity: 4 Explanation: CKVECOLL will not collect VM configuration data when running on MVS or an MVS guest. CKV265I Directory file read but no USER statement found - probably not a directory file Severity: 4 Explanation: The VM Directory file being read does not contain any USER statements. It is probably not a valid VM Directory file. User response: Update the command input used to run the data collection process (CKVECOLL) to specify a valid directory file in the VM Directory file source parameter. See "Setting up the daily collection process" in the IBM Tivoli zSecure Manager for RACF z/VM: Manager for RACF z/VM Installation and Deployment Guide. CKV266I Directory file read but no valid MDISK statement found - probably not a directory file Severity: 4 Explanation: The VM Directory file being read does not contain any MDISK statements, or the MDISK statement is not preceded by a USER statement. Most probably this file is not a valid VM Directory file. User response: Update the command input used to run the data collection process (CKVECOLL) to specify a valid directory file in the VM Directory file source parameter. See "Setting up the daily collection process" in the IBM Tivoli zSecure Manager for RACF z/VM: Manager for RACF z/VM Installation and Deployment Guide. Messages from 300 to 399 CKV306I Free device rdevno of guest userid will be attached temporarily Severity: 0 Explanation: This message indicates that the disk rdevno dedicated to userid is currently free, and is temporarily attached to collect configuration information. The userid was specified with the GUEST command. Chapter 6. CKV Messages 375 CKV307I Processing all disks linked or attached to userid userid Severity: 0 Explanation: This message is printed if no GUEST command is used. The message indicates that all disks currently linked or attached to the VM user ID running this program are processed. CKV308I Scanning disk linked as vdev (volser) on dasd vdev (volser) Severity: 0 Explanation: CKVECOLL program status information. CKV309I Scanning disk vdev of userid userid (on dasd vdev (volser)) Severity: 0 Explanation: CKVECOLL program status information. CKV310I Volume serial number is volser Severity: 0 Explanation: CKVECOLL program status information. CKV311I ....done, number of I/O-s is count Severity: 0 Explanation: This message provides CKVECOLL program status information. It is a continuation of message CKV310I. This message is only issued if the DEBUG DEVICE option is enabled. CKV312I VSAM catalog resides in data set name Severity: 0 Explanation: A VSAM master or user catalog has been detected in the indicated data set. The catalog will be read. This message is only issued if the DEBUG DEVICE option is enabled. CKV313I Number of empty DSCB slots: count Severity: 0 Explanation: The VTOC contains the indicated number of empty DSCB slots. This message is only issued if the DEBUG DEVICE option is enabled. CKV320I architecture devtype, count sizetype Severity: 0 Explanation: Some architecture disk parameters are reported for debugging purposes. This message is printed only when DEBUG IO was set. architecture can be CKD (with sizetype=tracks/cyl) FBA (with sizetype=tracks/cyl=blks/ track. CKV321I Getting CKD record CCHHR = physical address Severity: 0 Explanation: A physical CDK record with the indicated address is being referenced. This message is printed only when DEBUG IO was set. 376 Version 1.12: Messages Guide CKV322I Removing CKD track out of buffer Severity: 0 Explanation: A CKD track is removed out of the track buffer because it has not been referenced recently. This message is printed only when DEBUG IO was set. CKV323I Reading CKD track physical address from disk... Severity: 0 Explanation: A CKD track is being read from disk because it was not found in the track buffer. This message is continued in message CKV324I. This message is printed only when DEBUG IO was set. CKV324I ...count bytes read Severity: 0 Explanation: The message is the continuation of message CKV323I and indicates the physical number of bytes read. This message is printed only when DEBUG IO was set. CKV325I Getting FBA blocks FBA block nr-FBA block nr Severity: 0 Explanation: A physical FBA block with the indicated address is being referenced. This message is printed only when DEBUG IO was set. CKV326I Removing FBA track out of buffer Severity: 0 Explanation: An FBA track is removed out of the track buffer because it has not been referenced recently. This message is printed only when DEBUG IO was set. CKV327I Reading FBA track FBA block nr. from disk... Severity: 0 Explanation: An FBA track is being read from disk because it was not found in the track buffer. This message is printed only when DEBUG IO was set. CKV328I Catalog track size = number of bytes Severity: 0 Explanation: The physical track size of a track containing the low key range data records of a catalog is being reported for debugging purposes. This message is printed only when DEBUG IO was set. CKV329I Collecting VTOC information Severity: 0 Explanation: CKVECOLL program status information. CKV330I Collecting VSAM catalog information Severity: 0 Explanation: CKVECOLLprogram status information. Chapter 6. CKV Messages 377 CKV340I Warning: More than 4096 extents for file fn ft fm Severity: 8 Explanation: The CMS blocks allocated to a CMS file are described as physical extents in the zSecure Collect output file. The number of file extents supported is limited to 4096. Messages from 400 to 499 CKV410I Cannot read VTOC, CMS Directory, or Catalog on class G userid Severity: 8 Explanation: A Class BE user ID is required for CKVECOLL. CKV420I Cannot link or attach disk vdev of userid userid Severity: 4 Explanation: The CP LINK or ATTACH command for a disk of a user specified with the GUEST command failed. The corresponding CP message is printed to the SYSPRINT file. Messages from 700 to 799 CKV700I Module internal error: description Severity: 8 Explanation: The indicated program module is in an unexpected state. Please report the error to IBM Software Support. CKV711I Diagnose E4 error code rc for VDEV vdevno Severity: 8 Explanation: A diagnose X'E4' request for the indicated virtual device failed. The information collected for this device is incomplete. CKV712I Disk type device type not supported Severity: 8 Explanation: The indicated disk type is not currently supported. Please report the error to IBM Software Support. CKV713I CMS CDF format not supported Severity: 8 Explanation: The CMS Conventional Disk Format is not currently supported. CKV714I Unrecognized volume label: char string (hex string) Severity: 8 Explanation: The indicated volume label was not recognized. Please report the error to IBM Software Support. CKV715I Error in file directory (count FSTs not read) Severity: 8 Explanation: The indicated number of File Status Table entries could not be processed. Please report the error to IBM Software Support. 378 Version 1.12: Messages Guide CKV716I Error in VTOC: missing format-4 DSCB Severity: 8 Explanation: The first required format-4 DSCB was not found. Please report the error to IBM Software Support. CKV717I Multiple catalogs per volume not supported Severity: 8 Explanation: A volume must not contain more than one VSAM catalog. Please report the error to IBM Software Support. CKV718I Warning: horizontal extension ptr = hex Severity: 4 Explanation: A horizontal extension was not expected here. Report this message to IBM Software Support. Messages from 800 to 899 CKV826I statement statement without preceding USER statement Severity: 0 Explanation: A syntax error or unsupported construction in the directory was detected. The word statement in this message can be ACIGROUP or CLASS. This message is only issued when REPORT DIRECTORY has been specified. Chapter 6. CKV Messages 379 380 Version 1.12: Messages Guide Chapter 7. CKX messages The CKX program, also known as the zSecure Command Execution Utility, issues TSO commands. This program is used by the IBM Security zSecure Admin, IBM Security zSecure Audit, and IBM Security zSecure Visual programs. This chapter describes the messages issued by the CKX program. Some CKX messages are issued to a file to help in diagnosing a problem. You can only see this message file by running the CKXDEBUG command in the user interface. To allocate the CKXDEBUG file in the UI, set the Collect CKX diagnostic information option in SETUP TRACE (SE.T). The CKX messages have a message prefix in the form CKXnnna where nnna is a message number with qualifier. The message number can be followed by a numeric severity code if the qualifier is 'I'. The program returns as the completion code the highest severity code encountered. This can be summarized as: 0 All commands completed successfully RC=0, or no commands found 4 All commands completed, but at least one command had 0<RC<=4 (message 962G or 962M written) 8 All commands completed, but at least one command had RC>4 (message 962F or 962I written) 10 Terminated by attention (not all commands executed, message 962A written) 12 At least one command abended - all commands attempted unless attention was pressed (message 962V or 962C written) 16 IKJEFTSR error or ATTACH error or command not found (message 962B, 962E, 962L, 962P, 962S, 962T, 962U, 962W, 962X, or 962Y written) 20 No applicable TSO environment (message 962I written) Messages from 0 to 99 CKX0001 ISPF operation CKRDSETR=value CKROSETT=token CKRSECN=zsecnode CKRRRSF=rrsfnode CKRNJE=njenode Severity: 0 Explanation: This message indicates that CKX was running as an ISPF application and obtained the command routing setting from ISPF variable CKRDSETR and the server token from CKROSETT. CKX001I LMINIT failed - error message Severity: 12 Explanation: This message indicates that the ISPF LMINIT service used to prepare for browsing the command output failed with the indicated ISPF long message. User response: Look up ISPF guidance on the message. © Copyright IBM Corp. 2008, 2010 381 CKX002I CMSCALL BROWSE failed RC=nn Severity: 12 Explanation: This message indicates that the attempt to browse the command output under CMS failed with the indicated CMSCALL return code. CKX003I Normal defaults to AT(node,.user) Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. CKX004I Normal defaults to ZSECNODE= Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. CKX005I Normal defaults to local only Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. CKX006I 0 Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. In this case the command route was selected because CKRDSETR was not set to ASK or LOCAL. CKX007I Destination redirected to Local system Severity: 4 Explanation: This message indicates that command routing was ASK but no server communication was possible; therefore, it defaults to LOCAL. This message is written only if not running as an ISPF application. If running as an ISPF application, ISPF message CKR872 is displayed instead. CKX008I File input DD=ddname Severity: 0 Explanation: This message indicates that a DD instruction was recognized and commands will be read from the indicated file name. CKX009I Normal defaults to NJENODE= Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. CKX010I Normal means local only Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. 382 Version 1.12: Messages Guide CKX011I Normal means AT(node,.user) Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. CKX012I Normal means ZSECNODE= Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. CKX013I Normal means NJENODE= Severity: 0 Explanation: This is a diagnostic message to explain what command route was selected for NORMAL. CKX014I There is no server active with SERVERTOKEN= Severity: 0 or 4 Explanation: This message indicates that no server was found with the indicated server token. The severity is 0 if running under ISPF. In that case, ISPF message CKR870 is displayed. CKX015I Client connection to server failed RC= Severity: 0 or 4 Explanation: This message indicates that a server token was found but the server could not be connected. The severity is 0 if running under ISPF. In that case, ISPF message CKR871 is displayed. CKX016I NORMSEL=s Normal destination is node Severity: 0 Explanation: This is a diagnostic message to document what decision was made regarding the normal destination. CKX017I Normal means local Severity: 0 Explanation: This is a diagnostic message to document that the normal path turned out to be the local system. Messages from 800 to 899 CKX809I...CKX836I message Severity: 00 Explanation: These messages are in response to debugging options. If you need information about these messages, contact IBM Software Support. CKX841I Severe SRVIN error PC RC=n - issuing user abend 841 Severity: 16 Explanation: While reading from a remote node, an error condition was returned by the Program Call interface of the server. User response: Verify that the server is active, then restart the server and try again. Chapter 7. CKX messages 383 CKX842I SPECPROC returned length out of range R0=hexnum - issuing user abend 842 Severity: 16 Explanation: This message indicates that one of the internal interfaces related to the zSecure Server received an unexpected length and issued an abend. User response: Look for the message on the IBM support site. If no solution is posted, collect SYSPRINT on both the local and remote sides and contact IBM Software Support. Messages from 900 to 999 CKX907I DYNALLOC trace: SVC 99 return code nn - meaning Severity: 0 Explanation: This message is issued because of a failed SVC99 where DAIRFAIL did not return a message text. It has continuation lines detailing the individual text units contents after SVC 99 (DYNALLOC) completion. CKX915I UNIX write record nn failed RC nn [meaning] reason qqqq rrrrx [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1WRV call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. CKX931I proc: Buffer overrun - destinationlength sourcelength: data Severity: 24 Explanation: A buffer overrun occurred in the format procedure proc. This message will be followed by a user ABEND 931. Contact IBM Software Support. CKX944I UNIX type close RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1CLO call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to lookup other return and reason codes. The type can be 'wronly' or 'rdonly'. CKX945I UNIX action failed RC nn [meaning] reason qqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1OPN or BPX1FCT call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM Unix System Services manual to look up other return and reason codes. The action can be wronly open, fcntl filetag, or rdonly open. CKX947I Reading filedesc off failed RC nn [meaning] reason qqqq rrrr x [meaning] file ddname path Severity: 16 Explanation: This message indicates that a BPX1RED (UNIX read) call failed with the indicated return code in decimal and the reason code split into reason code qualifier qqqq and reason code rrrr, both in hexadecimal. For well-known return codes and reason codes the numeric values are followed by an explanatory string. Use the IBM 384 Version 1.12: Messages Guide Unix System Services manual to lookup other return and reason codes. CKX960 message Explanation: This message is issued by the command-execution module. Refer to the equivalent CKR0960 message. CKX961 message Explanation: This message is issued by the command-execution module. Refer to the equivalent CKR0961 message. CKX962 message Explanation: This message is issued by the command-execution module. Refer to the equivalent CKR0962 message. CKX962A Command terminated by attention Severity: 10 Explanation: This message is issued by the command-execution module, and indicates a command was terminated by pressing the ATTN key. CKX962B Command not supported in background Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a command could not be executed through the TSO service facility. Typically, this is because the CKGRACF authorized component is not part of the AUTHCMD list in IKJTSOxx, see message CKR962F. CKX962C Command failed abend code Severity: 12 Explanation: This message is issued by the command-execution module, and indicates a command ended abnormally with the indicated abend code. CKX962E Not running in a TSO/E environment Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because command environment was not TSO/E. CKX962F Command failed, return code code (decimal) Severity: 8 Explanation: This message is issued by the command-execution module, and indicates a command was unsuccessful, and returned the indicated result code. If the previous message was CKG740I 20, check that CKGRACF is part of the AUTHCMD list in SYS1.PARMLIB member IKJTSOxx. This member can be updated without an IPL through the TSO PARMLIB command. CKX962G CKGRACF command produced a warning; return code 4 Severity: 4 Explanation: The CKGRACF command was executed successfully but did produce a warning message. Chapter 7. CKX messages 385 CKX962I IKJTSOEV module not found Severity: 8 Explanation: An attempt was made to establish a TSO environment, but the TSO environment initialization routine IKJTSOEV could not be found. Normally IKJTSOEV is in the link list. This will cause return code 20 when encountered as part of an attempt to execute a TSO command, and otherwise 8. CKX962I IKJTSOEV return code xx reason code yy service reason code zz (decimal) Severity: 8 Explanation: This will cause return code 20 when encountered as part of an attempt to execute a TSO command. CKX962I SVC 220 return code hh (hex) on command Severity: 8 Explanation: This will cause return code 20 when encountered as part of an attempt to execute a RACF or CMS command. CKX962L Command could not be found in an authorized library. Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the linklist, or was not found in an APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized. CKX962M Command may have failed, return code n Severity: 4 Explanation: This message indicates that a command returned a nonzero return code less than or equal to 4. This message causes a minimum return code of 4. It depends on the command whether this is a partial failure or a warning. CKX962N Command not allowed from APF mode - command Explanation: This message is issued by the command-execution module, and indicates that the indicated command is not in the TSO AUTHCMD list and also not in a built-in list of safe commands to be called from an APF authorized program. If the command was requested by yourself, try running it under IKJEFT01 or without APF authorization. If this message is in response to a built-in function, contact IBM Software Support. CKX962O Command has flushed TSO stack - relogon required to close output trap file Severity: 0 Explanation: This message is issued by the command-execution module. Generally this means that subsequent command output is not written to the CKRTSPRT file. It may be lost or shown in line mode after leaving zSecure. Depending on the z/OS release, it may be sufficient to leave and reenter ISPF to restore normal behavior. In the worst case, a relogon may be required. CKX962P CLIST processing through % not supported Severity: 16 Explanation: This message is issued by the command-execution module. It indicates an attempt to run a CLIST using the % operator. Execution of CLISTs is not supported. 386 Version 1.12: Messages Guide CKX962S IKJEFTSR fails return code error reason code reason Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed. The command returned the indicated error code and reason code. CKX962T Command failed, ATTACH rc rc (decimal) Severity: 16 Explanation: This message is issued by the command-execution module, and indicates failure to attach a TSO command. CKX962U Unauthorized functions cannot be invoked from an authorized environment Severity: 16 Explanation: This message should not occur. Contact IBM Software Support. CKX962W Command not found Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because it was not found. Typically, this is an unsuccessful call to the CKGRACF authorized component, which failed because CKGRACF was not part of an authorized library in the linklist, or was not found in an APF-authorized STEPLIB. Check whether the library containing CKGRACF is APF-authorized. CKX962X Syntax error in the command name Severity: 16 Explanation: This message is issued by the command-execution module, and indicates a TSO command could not be executed, because the name was not syntactically correct. CKX962Y Authorized commands not supported in dynamic TSO environment - call from IKJEFT01 instead Severity: 20 Explanation: This is caused by an attempt to issue an APF command from a non-APF non-IKJEFT01 environment. Run CKX from an APF library or from inside IKJEFT01. Chapter 7. CKX messages 387 388 Version 1.12: Messages Guide Chapter 8. CQT messages This chapter describes the messages issued through module CQTPMSGE of zSecure CICS Toolkit. All messages start with the three letter prefix CQT. CQT000 The Toolkit subtasks are not active Explanation: The zSecure CICS Toolkit subtasks have not been started. For zSecure CICS Toolkit to access the RACF database, the subtasks must be attached. This normally occurs when CICS is initialized. Check the CICS startup log for error messages. CQTPLT00 might not have run (check the CICS resource definitions and DFHPLTPI) or, for example, CQTPATCH might not be defined correctly. The zSecure CICS Toolkit SVC might not be installed correctly; the region might not be authorized to use the SVC (the CICS region's user ID must have READ access to TOOLKIT.SVC in the FACILITY class); the subtask modules (CQTSxxxx) might not be in the CICS steplib (not the DFHRPL); zSecure CICS Toolkit might be disabled via IFAPRDxx in PARMLIB. CQT001 Program (program) not available. Please select a different function Explanation: The function you have selected failed when zSecure CICS Toolkit tried to give control to module program. Check the CICS PPT definitions that all the zSecure CICS Toolkit programs have been defined, that they are in the RPL, and that they are enabled. CQT002 Invalid DFLTGRP Explanation: The DFLTGRP (default group) specified for the user ID does not exist. Specify an existing RACF group. CQT003 TSQUEUE name not specified Explanation: The flag for returning output data in a CICS Temporary Storage Queue is set, but no TSQUEUE name has been specified. Specify a valid TSQUEUE name or do not request output data to be returned in a TSQUEUE. CQT004 Not authorized for TSQUEUE tsqueue. Explanation: The terminal user does not have sufficient access to manipulate the specified TSQUEUE. Check the CICS log for additional information. CQT006 You have not performed a valid RACF signon Explanation: A valid signon in the CICS region using a RACF USERID has not been performed. To use any of the zSecure CICS Toolkit functions, you must first perform a signon using a valid RACF USERID. If you have performed a valid signon and receive this message, take a transaction dump and contact IBM Software Support. CQT007 Unable to load CQTPCNTL. Check the CICS resource definitions Explanation: An error was detected while trying to load CQTPCNTL. Check the CICS resource definitions for CQTPCNTL and verify that the module is defined and enabled. Also verify that it is available via DFHRPL. © Copyright IBM Corp. 2008, 2010 389 CQT008 Commarea address/length is zero Explanation: The commarea address or length passed to zSecure CICS Toolkit is zero. When zSecure CICS Toolkit is being invoked by the API, or on a second or subsequent invocation of RTMM, a commarea is required. If zSecure CICS Toolkit is being invoked from the API, check that the application program is passing a valid commarea. If this is occurring on a subsequent invocation of RTMM, use CEDF to determine if a commarea is being passed and if not, what might be causing the error (such as a storage problem). If the problem persists, contact IBM Software support. CQT009 Enter userid to be updated Explanation: Enter the user ID you want to alter. This must be a valid RACF user ID that you have authority to access. Access to the user ID is based on that user ID's default group. You must have access to AUSR.dfltgrp (where dfltgrp is the default group of the user ID). CQT010 Invalid authority. Must be U (Use); C (Create); N (Connect); J(Join) Explanation: The type of authority you have specified is incorrect. You must specify U, C, N or J. CQT011 You are not authorised to connect users to this group RC CONN.grpname Explanation: You have specified a group for which you do not have access. The RC is the RACF return code from checking access to CONN.grpname You must have access to CONN.grpname (where grpname is the name of the group). CQT012 Invalid group name Explanation: A group name has not been entered. A group name must be entered to complete the function. Enter a valid group name. CQT013 SPECIAL operand must be Y or N Explanation: The specification for SPECIAL is invalid. The only valid entry for this field is Y or N. CQT014 OPERATIONS operand must be Y or N Explanation: The specification for OPERATIONS is invalid. The only valid entry for this field is Y or N. CQT015 PF1=Toggle 3=Chgopts ENTER=Next CLEAR=Main Menu Explanation: Informational message. Press PF03 to change search options, press ENTER to display the next profile, or press CLEAR to go to the main menu. CQT016 Enter userid and group name Explanation: You have selected a function that requires a USERID and GROUP name. Enter the USERID and GROUP name as requested. 390 Version 1.12: Messages Guide CQT017 You are not authorized to remove users from this group RC REMV.grpname Explanation: You have specified a group for which you do not have access. The RC is the RACF return code from checking access to REMV.grpname. You must have access to REMV.grpname (where grpname is the name of the group). CQT018 Enter userid Explanation: You have selected a function that requires a USERID. Enter a valid USERID. CQT019 Definition of user profile failed. Inform data security Explanation: An error occurred during ADDUSER. When trying to add a user to the RACF database, zSecure CICS Toolkit detected an error condition. Report this to the Data Security Administrator. There might be problems with the RACF database. CQT020 Enter details of user to be added. Explanation: You have selected the ADDUSER function. Enter the relevant information about the user that is to be added. CQT021 Invalid userid. Must be letters, numbers, #, $ or @ Explanation: The user ID you have entered is invalid. The user ID must conform to RACF naming conventions and must consist entirely of letters, numbers or the national characters #, $ or @. CQT022 Invalid name. Must be letters, numbers, #, $ or @ Explanation: The name you have entered is not valid. The name must contain at least one character. CQT023 Day indicator must be Y or N Explanation: The specifications for days of access is incorrect. When specifying which days the user may access the system, you must enter Y, for days of the week the user may access the system, or N. Anything else is not valid. CQT024 FROM and TILL times must BOTH be 0000, or range from 0001 thru 2359 Explanation: The times specified are incorrect. When specifying the time of day the user may be logged on, both the FROM and TILL time must be between 0001 (midnight) and 2359 (11:59 p.m.). The special value 0000 is accepted to indicate no logon time limitations. CQT025 Invalid group. must be letters, numbers, #, $ or @ Explanation: The group name you have entered is not valid. The group name must conform to RACF naming conventions and must consist entirely of letters, numbers or the national characters #, $ or @. Chapter 8. CQT messages 391 CQT026 You are not authorised to add users to this group Explanation: You have specified a group for which you do not have access. You must have access to ADUS.dfltgrp (where dfltgrp is the name of the group). CQT027 Invalid authority. must be U (Use) or C (Create). Please re-enter Explanation: The authority for this user is not valid. When specifying the authority of this user for the default group, you must enter U or C. Anything else is not valid. CQT028 RACRF=safreturn RACR0=safreason RF=rr R0=re RSC = (resclass) LAST = (last_res) Explanation: zSecure CICS Toolkit has determined that you are not authorized to any functions. The transaction has checked which zSecure CICS Toolkit functions you are authorized to use and has determined that you are not allowed to use any of them. If you are supposed to have access to zSecure CICS Toolkit functions, contact your Data Security administrator. zSecure CICS Toolkit issues a RACROUTE REQUEST=FASTAUTH to check authorization and the response was as follows: RACRF RACR0 RF R0 RSC LAST = = = = = = The The The The The The SAF return code in register 15 SAF reason code in register 0 RACF return code in register 15 RACF reason code in register 0 RACF resource class used in the RACROUTE last resource name checked You can use the return codes and reason code to help determine why you are not authorized to use any zSecure CICS Toolkit functions. If you are authorized to use the RCHK transaction (the default name for the zSecure CICS Toolkit verification program), you can execute this transaction to verify the installation of zSecure CICS Toolkit. Press PF1 while in the RCHK transaction to display the zSecure CICS Toolkit function definitions and the SAF/RACF return/reason codes for your user ID for each of the definitions. CQT029 Enter userid/group name and resource Explanation: You have selected the USERID or GROUP you want to PERMIT and the RESOURCE you want to permit them to. CQT030 Create temporary ACEE failed. RC=xxxx-xxxx-xxxx Explanation: The RACROUTE REQUEST=VERIFY to create the ACEE for the specified user and group failed with the indicated return code. The three fields in the RC represent the SAF return code, the RACF return code, and the RACF reason code. See the z/OS Security Server RACF RACROUTE Macro Reference manual for the explanation of these values. CQT031 Call to IRRPNL00 failed. RC=xxxx-xxxx Explanation: The IRRPNL00 function used to list the authorized profiles failed with the indicated return code. The two fields in the RC represent the RACF return code and the RACF reason code. See the z/OS Security Server RACF Macros and Interfaces manual for the explanation of these values. CQT033 Invalid seclevel Explanation: The SECLEVEL as entered on the ADDUSER screen does not correspond to a member defined in the SECLEVEL profile in the SECDATA resource class. Adding an undefined SECLEVEL is not possible. 392 Version 1.12: Messages Guide CQT034 An ID must be entered if not doing a search Explanation: A profile name is required. If you are not performing a search (by pressing PF11) you must enter a profile name that is to be listed (for example, GROUP or DATASET name). CQT035 Invalid dataset name Explanation: A data set name is required. If you are not performing a search (by pressing PF11) you must enter a data set name that is to be listed. CQT036 A userid must be entered if not doing a search Explanation: A user ID is required. If you are not performing a search (by pressing PF11), you must enter a user ID name that is to be listed. CQT037 Invalid userid Explanation: A user ID is required. If you are not performing a search (by pressing PF11), you must enter a user ID that is to be listed. CQT038 Userid or password is missing Explanation: The API is being used to verify a USERID and PASSWORD. Either the USERID, PASSWORD, or both are missing. Correct the error and retry. CQT039 Unable to locate userid Explanation: The USERID was not found in RACF. zSecure CICS Toolkit was unable to locate the specified USERID in RACF. Verify that the USERID you are entering is valid and has not been deleted. CQT040 You are not authorised for this userid. Default group is invalid Explanation: A default group for this USERID could not be found. zSecure CICS Toolkit requires a default group for the user in order to verify authority to access the user ID. No default group was found in this user's profile. Report the error to your Data Security administrator. CQT041 A userid has to be entered Explanation: A USERID is required. You are required to enter a user ID for this function. Enter a valid user ID. CQT042 You are not authorised for this userid Explanation: You do not have authority to this USERID. Access to the user ID is based on that user ID's default group. You must have access to LUSR.dfltgrp (where dfltgrp is the default group of the user ID). CQT043 Unable to resume this userid Explanation: An error occurred during the RESUME function. zSecure CICS Toolkit encountered an error while trying to RESUME this user. Inform your Data Security administrator because there might be an error on the RACF database. Chapter 8. CQT messages 393 CQT044 Unable to update CLAUTH field. User may already have authority. Explanation: The update to the CLAUTH field failed. An error occurred while trying to update the CLAUTH field. The user might already have authority to this class or the class might not be defined to RACF. Contact your Data Security administrator for further information. CQT045 Unable to update NOCLAUTH field. User may not be defined to this class. Explanation: The update to the NOCLAUTH field failed. An error occurred while trying to update the NOCLAUTH field. The user might not have authority to this class or the class might not be defined to RACF. Contact your Data Security administrator for further information. CQT046 Unable to write SMF record RC=rc Explanation: An error was detected when writing to the SMF dataset. Whenever zSecure CICS Toolkit makes an update to the RACF database it writes an SMF record to that effect. An error has occurred that prevented the SMF records from being written. Check that the SMF data sets are not full or that some other type of problem does not exist. The update to the RACF database will have been performed successfully. CQT047 Unable to alter profile_field Explanation: An error was detected during an ALTUSER function. zSecure CICS Toolkit detected an error when altering a user's profile. The field in the profile that was being altered is indicated by profile_field (for example, LOGTIME). Inform your Data Security administrator and check the user's profile for errors. CQT048 Unable to load CQTPCNTL, exit. Check CICS resource definition Explanation: zSecure CICS Toolkit was unable to load the installation options module CQTPCNTL. CQTPCNTL contains control information that zSecure CICS Toolkit requires. If it cannot be loaded, zSecure CICS Toolkit cannot function correctly. Check the CICS resource definition and ensure that the modules is defined correctly and is available via DFHRPL. CQT049 Invalid RSRCLASS was defined in CQTPCNTL. Subtasks not loaded Explanation: The RSRCLASS as specified in the CQTPCNTL parameter module was incorrect. The RSRCLASS must be a resource class used by this CICS system. Examples of these are TCICSTRN, PCICSPSB and MCICSPPT. CQT050 Unable to link CQTPATCH, exit. Check CICS resource definition Explanation: zSecure CICS Toolkit was unable to link to CQTPATCH. CQTPATCH is the module that loads the zSecure CICS Toolkit subtasks. If the subtasks are not attached zSecure CICS Toolkit will not function. Check the CICS resource definitions, and ensure that the module is defined correctly and is available via DFHRPL. CQT051 Subtasks detached Explanation: You requested a stop of the zSecure CICS Toolkit subtasks. This message indicates that the CQTPDTCH program returned successfully. 394 Version 1.12: Messages Guide CQT052 Subtasks attached Explanation: You requested a start of the zSecure CICS Toolkit subtasks. This message indicates that the CQTPLT00 program returned successfully. CQT053 Subtasks already active Explanation: You requested a start of the zSecure CICS Toolkit subtasks, but the status flags in module CQTPAPRM indicated that the subtasks were still active. If you need to restart a single subtask, you first need to stop all subtasks before attempting another start. CQT054 Unable to locate owner id (GROUP or USER) Explanation: The owner ID is invalid. The ID you have specified as owner cannot be located on the RACF database. Enter a new owner ID (the owner can be a USERID or GROUP name). CQT055 Unable to locate group name Explanation: The group name is invalid. The group name you have specified could not be located on the RACF database. Enter a new group name. CQT056 Press PF5 to complete the function Explanation: zSecure CICS Toolkit is ready to complete the function. All the access checks and edits have been completed and no errors have been found. Pressing PF05 will implement the update. CQT057 Connect failed. Inform data security Explanation: Error as indicated. Inform your Data Security administrator. Check for RACF database errors. CQT058 Update of group profile failed. Inform data security Explanation: Error as indicated. Inform your Data Security administrator. Check for RACF database errors. CQT059 Update of user profile failed. Inform data security Explanation: Error as indicated. Inform your Data Security administrator. Check for RACF database errors. CQT060 User has been connected to the group Explanation: The CONNECT has been completed. The USERID has been successfully CONNECTed to the group. CQT061 A GROUP name has to be entered Explanation: You did not enter a group name. Enter a valid group name. Chapter 8. CQT messages 395 CQT062 OWNER is invalid Explanation: You did not enter an owner id. Enter a valid owner id. This can be a USERID or GROUP name. CQT063 No entries for this profile Explanation: No profiles matched the search criteria. After performing a search, zSecure CICS Toolkit was unable to locate any profiles that matched your search criteria. CQT064 End of entries matching this criteria Explanation: No more profiles were found. There are no more profiles on the RACF database that match the search criteria that you specified. CQT065 User still connected to groups other than default group Explanation: The user is still connected to multiple groups. Before you can delete a user, it has to be removed from all groups except the default group. This user is still connected to other groups. CQT066 You may not remove a user from their default group Explanation: The group you specified is the users default group. It is not possible to remove a user from its default group. CQT067 Deletion of CONNECT GROUP failed. Inform data security Explanation: Error as indicated. Inform your Data Security administrator. Check for RACF database errors. CQT068 Delete of USER profile failed. Inform data security Explanation: Error as indicated. Inform your Data Security administrator. Check for RACF database errors. CQT069 User has been deleted Explanation: The DELUSER function has completed. The specified USERID has been deleted from the RACF database. CQT070 User has been removed from group Explanation: The REMOVE function has completed. The USER has been removed from the specified GROUP. CQT071 Definition of CONNECT GROUP failed. User may already be connected Explanation: An error occurred trying to connect the user. The user is probably already connected to the specified group. 396 Version 1.12: Messages Guide CQT072 User has been defined Explanation: The ADDUSER function has completed. The specified USERID has bee added to the RACF database. CQT073 The zSecure CICS Toolkit subtask has abended. Check the CICS log Explanation: One of the zSecure CICS Toolkit subtasks has abnormally ended (abended). An abend has occurred in a zSecure