Session activation failures

Session activations can fail due to a variety of session-level verification related reasons. For example, the two LUs may have incompatible VERIFY parameters coded on their APPL statements, the LUs may have different session keys defined in their LU-LU pair profiles, or a session key might be changed in the middle of a session activation.

When a session activation fails due to a session-level verification error, VTAM® deactivates the session using a sense code of X'080F6051' on either an UNBIND or a negative BIND response, as needed.

VTAM also creates an SMF Type 80 record in the external security management product, which causes the security product to issue messages to the network security administrator. (For more information on the security product, see the Resource Access Control Facility (RACF®) Security Administrator's Quick Reference.) VTAM sets the following reason codes in this log record:

Hex Code: Description
00: Partner LU successfully verified.
01: Partner LU not verified (but session activated).
02: Session key expiration warning.
03: The security manager locked the profile.
04: The profile contains a session key that is not valid.
05: Partner LU rejected the session due to a security related error.
06: Local LU was defined with VERIFY=REQUIRED session-level LU-LU verification, but no session key exists for the local LU; or no random data field was in the BIND; or the partner LU is the PLU requesting the session but is not using session-level LU-LU verification.
07: Session-level LU-LU verification data for the session between the local LU and the partner LU matched the data for an outstanding session activation.
08: Local LU was defined with optional verification, and a session key was defined for the profile, indicating that session-level LU-LU verification is necessary. Partner LU requested a session without verification.
09: Local LU was defined with optional verification, and no session key was defined for the profile, indicating that session-level LU-LU verification should not be used. Partner LU requested a session with verification.
0A: Protocol violation.
0B: Profile was changed during session activation.
0C: Session key for the profile expired.
0D: Local LU was defined to use only the Level 2 protocol (SECLVL=LEVEL2 is specified on the APPL definition statement). Partner LU does not support the Level 2 protocol.

VTAM also issues message IST1213I when a session activation fails due to session-level verification errors. For a description of this message, refer to z/OS Communications Server: SNA Messages.