EZD1904E

Explanation
 The Internet Key Exchange daemon (IKED) connected
to a Network Security Services (NSS) server that was supporting a
lower level of the NSS API.  Certificate services such as Certificate
Revocation List (CRL) checking, Certificate Authority (CA) Hierarchy
validation, and HTTP certificate retrieval are not available for this
stack.  The lack of this support limits the kinds of tunnels that
the IKE daemon can negotiate for the stack.  The IKE daemon is able
to negotiate IKEv1 and IKEv2 tunnels using preshared key authentication
for the stack.  The IKE daemon is able to negotiate IKEv1 tunnels
with digital signature authentication but without support for CRL
checking or CA Hierarchy validation for the stack.  The IKE daemon
is unable to negotiate IKEv2 tunnels with digital signature authentication
for the stack.
 In the message text:  clientAPIversion
The version of the NSS client API supported by the IKE daemon.
serverAPIversion
The version of the NSS server API supported by the NSS server.
stackname 
The name of the stack that connected to the NSS server supporting
a lower level of the NSS API.

System action
 IKE daemon processing continues.

Operator response
 Contact the system programmer.

System programmer response
 Connect the IKE daemon NSS client
to an NSS server that is running on a z/OS® Communications
Server V1R12 or greater system.  To identify the NSS server that the
IKE daemon is currently connected to, inspect the system log for EZD1136I.

User response
 Not applicable.

Problem determination
 Not applicable.

Source
 z/OS Communications
Server TCP/IP: IKE daemon

Module
 stackobj.cpp

Routing code
 3

Descriptor code
 3

Automation
 This message goes to the console and to syslog.

Example
  EZD1904E IKED NSS client API version 4 does not match NSS server API version 1 for stack TCPCS