Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IRRI022I z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
IRRI022I RRSF CONNECTION {TO | FROM} system-identifier HAS
BEEN REJECTED DUE TO INSUFFICIENT AT-TLS POLICY. THE AT-TLS RULE
NAME rule-name IS DISABLED. ExplanationRACF® remote sharing requires its connections to be covered by an AT-TLS rule. It is AT-TLS that provides the authentication of RRSF nodes to one another, and encryption of traffic across the network. The policy rule that matches this connection (the TTLSRule named rule-name) indicates that AT-TLS should not be used. See z/OS Security Server RACF System Programmer's Guide for more information about ATTLS. The value for direction can be TO, when the message is issued by the system that initiated the connection, or FROM, when the message is issued by the system that received the connection request. When the value of direction is TO, system-identifier is expressed as NODE node-name, followed by SYSNAME system-name if the target is a multisystem node. When the value of direction
is FROM, the communication failed before RRSF identified the
peer RRSF node and system name, or determined if the peer is a valid
RRSF node. Therefore, system-identifier is expressed as PEER,
followed by an IP address and a port number, separated by a colon.
If necessary, you can use the z/OS® UNIX host command to map
the IP address to a host name. See z/OS Communications Server: IP System Administrator's Commands for
more information about the z/OS UNIX host command. For example,
if the peer information displayed is 1.2.3.4:1026, issue the following
command:
System actionThe connection is rejected. The RRSF connection is placed in the OPERATIVE-PENDING-VERIFICATION state. System programmer responseAfter the security administrator updated the AT-TLS policy, try the connection again with the TARGET OPERATIVE command for the failed node and system. Routing code2 and 9 Descriptor code4 RACF Security Administrator ResponseImplement AT-TLS policy for this connection and enable the rule. Also, review the AT-TLS policy and ensure that the TTLSEnabled flag, in the TTLSGroupAction statement for the RRSF server and client, rules are set to ON. See z/OS Security Server RACF System Programmer's Guide for information about RACF requirements. |
Copyright IBM Corporation 1990, 2014
|