IBM Support What's New?

IOS000I EKM 052600 code undocumented - encryption fail

Technote (troubleshooting)


Migrating from TKLM z/OS 1.0 to ISKLM z/OS 1.1, the following error message is seen at the first tape encryption test:

IOS000I 5004,D2,IOE,01,0E00,,**,N00086,SYSP9999 260
804C08C022402751 0001FF0000052600 0005260000000092 2004E8209C682211
CU = 00 DRIVE = 052600 EKM = 052600


A non-zero value in the EKM = field normally indicates a problem with ISKLM. However, since all ISKLM error codes begin with EEnn, this is not the case in this situation, which explains why the associated documentation cannot be found within ISKLM documentation.

Resolving the problem

The key in fact lies with the DRIVE = error code, which matches what was placed in the EKM = field.

Based on the information provided for the IOS000I message, it is likely that DRIVE = 052600 involves an 'Illigal request, Invalid field in in parameter list', See this link for reference to the IBM System Storage Tape Drive 3592 SCSI Reference manual, and do a search on 5/2600:

In the above situation, the error was corrected by regenerating the personal certificate using a SIZE(2048) parameter.The keystore in this case was JCERACFKS and the original size had been set to 4096, based on examples in the ISKLM Deployment and Migration Considerations Redpaper. Please note that these were only examples, and that at z/OS 1.10 and above RACF databases can import private keys with a max size of 4096, but 2048 is the default. The ISKLM Planning and User's Guide (SC14-7628-00) uses 2048 in all its examples. Click on this link for online access to this manual:

Document information

More support for: IBM Security Key Lifecycle Manager for z/OS

Software version: 1.1.0

Operating system(s): z/OS

Software edition: Enterprise

Reference #: 1600061

Modified date: 2014-06-10