isam error message reference

8/21/2019 ISAM Error Message Reference

http://slidepdf.com/reader/full/isam-error-message-reference 1/318

IBM Security Access Manager for Web Version 7.0

Error Message Reference

GI11-8157-02



IBM Security Access Manager for Web Version 7.0

Error Message Reference

GI11-8157-02



NoteBefore using this information and the product it supports, read the information in “Notices” on page 299.

Edition notice

Note: This edition applies to version 7, release 0, modification 0 of IBM Security Access Manager (productnumber 5724-C87) and to all subsequent releases and modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2001, 2012.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.



Contents

Figures . . . . . . . . . . . . . . . v

About this publication . . . . . . . . viiIntended audience . . . . . . . . . . . . viiAccess to publications and terminology . . . . . vii

Related publications . . . . . . . . . . ixAccessibility . . . . . . . . . . . . . . xiTechnical training . . . . . . . . . . . . xiSupport information . . . . . . . . . . . xi

Chapter 1. Message overview . . . . . 1Message types . . . . . . . . . . . . . . 1Message format . . . . . . . . . . . . . 1

Chapter 2. Security Access Manager

Base Messages . . . . . . . . . . . 5

Chapter 3. Security Access ManagerWebSEAL Messages . . . . . . . . 145

Chapter 4. Security Access ManagerPlug-in for Web Servers Messages . . 169

Chapter 5. Security Access ManagerSession Management ServerMessages . . . . . . . . . . . . . 181

Chapter 6. Security Access ManagerWeb Runtime Messages . . . . . . . 215

Chapter 7. Common Auditing andReporting Service messages. . . . . 271

Notices . . . . . . . . . . . . . . 299

© Copyright IBM Corp. 2001, 2012 iii



iv Version 7.0: Error Message Reference



Figures

1. Message ID format . . . . . . . . . . 2

© Copyright IBM Corp. 2001, 2012 v



vi Version 7.0: Error Message Reference



About this publication

IBM Security Access Manager for Web, formerly called IBM Tivoli Access Managerfor e-business, is a user authentication, authorization, and web single sign-on

solution for enforcing security policies over a wide range of web and applicationresources.

The IBM Security Access Manager for Web Error Message Reference provides a listof all informational, warning, and error messages associated with IBM SecurityAccess Manager for Web.

Intended audience

This book is intended for system administrators who are responsible formaintaining and troubleshooting IBM Security Access Manager for Web.

Access to publications and terminologyThis section provides:

v A list of publications in the “IBM Security Access Manager for Web library.”

v Links to “Online publications” on page ix.

v A link to the “IBM Terminology website” on page ix.

IBM Security Access Manager for Web library

The following documents are in the IBM Security Access Manager for Web library:

v IBM Security Access Manager for Web Quick Start Guide, GI11-9333-01

Provides steps that summarize major installation and configuration tasks.

v IBM® Security Web Gateway Appliance Quick Start Guide – Hardware Offering

Guides users through the process of connecting and completing the initialconfiguration of the WebSEAL Hardware Appliance, SC22-5434-00

v IBM Security Web Gateway Appliance Quick Start Guide – Virtual Offering

Guides users through the process of connecting and completing the initialconfiguration of the WebSEAL Virtual Appliance.

v IBM Security Access Manager for Web Installation Guide, GC23-6502-02

Explains how to install and configure Security Access Manager.

v IBM Security Access Manager for Web Upgrade Guide, SC23-6503-02

Provides information for users to upgrade from version 6.0, or 6.1.x to version7.0.

v IBM Security Access Manager for Web Administration Guide, SC23-6504-02

Describes the concepts and procedures for using Security Access Manager.Provides instructions for performing tasks from the Web Portal Managerinterface and by using the pdadmin utility.

v IBM Security Access Manager for Web WebSEAL Administration Guide, SC23-6505-02

Provides background material, administrative procedures, and referenceinformation for using WebSEAL to manage the resources of your secure Webdomain.

© Copyright IBM Corp. 2001, 2012 vii



v IBM Security Access Manager for Web Plug-in for Web Servers Administration Guide,SC23-6507-02

Provides procedures and reference information for securing your Web domain by using a Web server plug-in.

v IBM Security Access Manager for Web Shared Session Management AdministrationGuide, SC23-6509-02

Provides administrative considerations and operational instructions for thesession management server.

v IBM Security Access Manager for Web Shared Session Management Deployment Guide,SC22-5431-00

Provides deployment considerations for the session management server.

v IBM Security Web Gateway Appliance Administration Guide, SC22-5432-00

Provides administrative procedures and technical reference information for theWebSEAL Appliance.

v IBM Security Web Gateway Appliance Configuration Guide for Web Reverse Proxy,SC22-5433-00

Provides configuration procedures and technical reference information for the

WebSEAL Appliance.v IBM Security Web Gateway Appliance Web Reverse Proxy Stanza Reference,

SC27-4442-00

Provides a complete stanza reference for the IBM Security Web GatewayAppliance Web Reverse Proxy.

v IBM Security Access Manager for Web WebSEAL Configuration Stanza Reference,SC27-4443-00

Provides a complete stanza reference for the WebSEAL Appliance.

v IBM Global Security Kit: CapiCmd Users Guide, SC22-5459-00

Provides instructions on creating key databases, public-private key pairs, andcertificate requests.

v

IBM Security Access Manager for Web Auditing Guide, SC23-6511-02Provides information about configuring and managing audit events by using thenative Security Access Manager approach and the Common Auditing andReporting Service. You can also find information about installing andconfiguring the Common Auditing and Reporting Service. Use this service forgenerating and viewing operational reports.

v IBM Security Access Manager for Web Command Reference, SC23-6512-02

Provides reference information about the commands, utilities, and scripts thatare provided with Security Access Manager.

v IBM Security Access Manager for Web Administration C API Developer Reference,SC23-6513-02

Provides reference information about using the C language implementation of

the administration API to enable an application to perform Security AccessManager administration tasks.

v IBM Security Access Manager for Web Administration Java Classes DeveloperReference, SC23-6514-02

Provides reference information about using the Java™ language implementationof the administration API to enable an application to perform Security AccessManager administration tasks.

v IBM Security Access Manager for Web Authorization C API Developer Reference,SC23-6515-02

viii Version 7.0: Error Message Reference



Provides reference information about using the C language implementation of the authorization API to enable an application to use Security Access Managersecurity.

v IBM Security Access Manager for Web Authorization Java Classes Developer Reference,SC23-6516-02

Provides reference information about using the Java language implementation of

the authorization API to enable an application to use Security Access Managersecurity.

v IBM Security Access Manager for Web Web Security Developer Reference,SC23-6517-02

Provides programming and reference information for developing authenticationmodules.

v IBM Security Access Manager for Web Error Message Reference, GI11-8157-02

Provides explanations and corrective actions for the messages and return code.

v IBM Security Access Manager for Web Troubleshooting Guide, GC27-2717-01

Provides problem determination information.

v IBM Security Access Manager for Web Performance Tuning Guide, SC23-6518-02

Provides performance tuning information for an environment that consists of Security Access Manager with the IBM Tivoli Directory Server as the userregistry.

Online publications

IBM posts product publications when the product is released and when thepublications are updated at the following locations:

IBM Security Access Manager for Web Information CenterThe http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.isam.doc_70/welcome.html site displays the information centerwelcome page for this product.

IBM Publications CenterThe http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss site offers customized search functions to help you find all the IBMpublications that you need.

IBM Terminology website

The IBM Terminology website consolidates terminology for product libraries in onelocation. You can access the Terminology website at http://www.ibm.com/software/globalization/terminology.

Related publications

This section lists the IBM products that are related to and included with theSecurity Access Manager solution.

IBM Global Security Kit

Security Access Manager provides data encryption by using Global Security Kit(GSKit) version 8.0.x. GSKit is included on the IBM Security Access Manager for WebVersion 7.0 product image or DVD for your particular platform.

GSKit version 8 includes the command-line tool for key management,GSKCapiCmd (gsk8capicmd_64).

About this publication ix

http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.isam.doc_70/welcome.html


http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss


http://www.ibm.com/software/globalization/terminology










GSKit version 8 no longer includes the key management utility, iKeyman(gskikm.jar). iKeyman is packaged with IBM Java version 6 or later and is now apure Java application with no dependency on the native GSKit runtime. Do notmove or remove the bundled java/jre/lib/gskikm.jar library.

The IBM Developer Kit and Runtime Environment, Java Technology Edition, Version 6and 7, iKeyman User's Guide for version 8.0 is available on the Security Access

Manager Information Center. You can also find this document directly at:

http://download.boulder.ibm.com/ibmdl/pub/software/dw/jdk/security/60/iKeyman.8.User.Guide.pdf

Note:

GSKit version 8 includes important changes made to the implementation of Transport Layer Security required to remediate security issues.

The GSKit version 8 changes comply with the Internet Engineering Task Force(IETF) Request for Comments (RFC) requirements. However, it is not compatiblewith earlier versions (1.1 or 1.2) of Transport Layer Security. Any component thatcommunicates with Security Access Manager that uses GSKit must be upgraded touse GSKit version 7.0.4.42, or 8.0.14.26 or later. Otherwise, communicationproblems might occur.

IBM Tivoli Directory Server

IBM Tivoli Directory Server version 6.3 FP17 (6.3.0.17-ISS-ITDS-FP0017) is includedon the IBM Security Access Manager for Web Version 7.0 product image or DVD foryour particular platform.

You can find more information about Tivoli Directory Server at:

http://www.ibm.com/software/tivoli/products/directory-server/

IBM Tivoli Directory Integrator

IBM Tivoli Directory Integrator version 7.1.1 is included on the IBM Tivoli DirectoryIntegrator Identity Edition V 7.1.1 for Multiplatform product image or DVD for yourparticular platform.

You can find more information about IBM Tivoli Directory Integrator at:

http://www.ibm.com/software/tivoli/products/directory-integrator/

IBM DB2 Universal Database™

IBM DB2 Universal Database Enterprise Server Edition, version 9.7 FP4 is providedon the IBM Security Access Manager for Web Version 7.0 product image or DVD foryour particular platform. You can install DB2® with the Tivoli Directory Serversoftware, or as a stand-alone product. DB2 is required when you use TivoliDirectory Server or z/OS® LDAP servers as the user registry for Security AccessManager. For z/OS LDAP servers, you must separately purchase DB2.

You can find more information about DB2 at:

http://www.ibm.com/software/data/db2

x Version 7.0: Error Message Reference

|

|

|

|

|

|



http://www.ibm.com/software/tivoli/products/directory-server





http://www.ibm.com/software/tivoli/products/directory-server





IBM WebSphere ® products

The installation packages for WebSphere Application Server Network Deployment,version 8.0, and WebSphere eXtreme Scale, version 8.5, are included with SecurityAccess Manager version 7.0. WebSphere eXtreme Scale is required only when youuse the Session Management Server (SMS) component.

WebSphere Application Server enables the support of the following applications:v Web Portal Manager interface, which administers Security Access Manager.

v Web Administration Tool, which administers Tivoli Directory Server.

v Common Auditing and Reporting Service, which processes and reports on auditevents.

v Session Management Server, which manages shared session in a Web securityserver environment.

v Attribute Retrieval Service.

You can find more information about WebSphere Application Server at:

http://www.ibm.com/software/webservers/appserv/was/library/

Accessibility

Accessibility features help users with a physical disability, such as restrictedmobility or limited vision, to use software products successfully. With this product,you can use assistive technologies to hear and navigate the interface. You can alsouse the keyboard instead of the mouse to operate all features of the graphical userinterface.

Visit the IBM Accessibility Center for more information about IBM's commitmentto accessibility.

Technical trainingFor technical training information, see the following IBM Education website athttp://www.ibm.com/software/tivoli/education.

Support information

IBM Support provides assistance with code-related problems and routine, shortduration installation or usage questions. You can directly access the IBM SoftwareSupport site at http://www.ibm.com/software/support/probsub.html.

The IBM Security Access Manager for Web Troubleshooting Guide provides detailsabout:

v What information to collect before you contact IBM Support.

v The various methods for contacting IBM Support.

v How to use IBM Support Assistant.

v Instructions and problem-determination resources to isolate and fix the problemyourself.

Note: The Community and Support tab on the product information center canprovide more support resources.

About this publication xi


http://www-03.ibm.com/able/

http://www.ibm.com/software/tivoli/education

http://www.ibm.com/software/support/probsub.html

http://www.ibm.com/software/support/probsub.html

http://www.ibm.com/software/tivoli/education

http://www-03.ibm.com/able/




xii Version 7.0: Error Message Reference



Chapter 1. Message overview

Messages indicate events that occur during the operation of the system.

Depending on their purpose, messages might be displayed on the screen. Bydefault, all informational, warning, and error messages are written to the messagelogs. The logs can be reviewed later to determine what events occurred, to seewhat corrective actions were taken, and to audit all the actions performed. Formore information about message logs, see the IBM Security Access ManagerTroubleshooting Guide.

Message types

IBM Security Access Manager for Web uses messages of specific types.

The following types of messages are used:

Informational messagesIndicate conditions that are worthy of noting but that do not require you totake any precautions or perform an action.

Warning messagesIndicate that a condition has been detected that you should be aware of,

but does not necessarily require that you take any action.

Error messagesIndicates that a condition has occurred that requires you to take action.

Message format

Messages logged by IBM Security Access Manager for Web adhere to the Tivoli ®

Message Standard. Each message consists of a message identifier (ID) andaccompanying message text.

Message ID format

A message ID consists of 10 alphanumeric characters that uniquely identify themessage.

A message ID in Security Access Manager for Web is composed of:

v three-character product identifier (HPD for Security Access Manager Base andCBA and CFG for Common Auditing and Reporting Service)

v two-character or three-character component or subsystem identifier

v three-digit or four-digit serial or message number

v one-character type code indicating the severity of the message

The figure that follows shows a graphical representation of a possible message IDand identifies its different parts. (Some messages might use 2 characters for thecomponent ID and 4 digits for the serial number.)

© Copyright IBM Corp. 2001, 2012 1



IBM product prefix (3 characters)

Component or subsystem identifier (3 characters)

Message number (3 digits)

FBT RTE 033

IWE

---

InformationalWarningError

Severity

I

Component identifiers

The component identifier indicates which component or subsystem produced themessage.

ADM Administration commands

AUD Audit

CC Common Auditing and Reporting Service disk cache

CDS InfoCard messages

CE Common Auditing and Reporting Service emitter

CFG Configuration properties

CLI Command-line interface

CO Common Audit Service Configuration Console

CON Security Access Manager consoleFMS Management service

IDS Identity service

IN Common Auditing and Reporting Service installation

ISJ Alias service JDBC component

ISL Alias service LDAP component

IVT Installation verification test

KES Key service keystore management

KJK Key service keystore management

LIB Liberty single sign-on protocol

LOG Logging

MB Common Audit Service Configuration MBean

MGT Management

MET Metadata handling

MOD Module

OID OpenID messages

Figure 1. Message ID format

2 Version 7.0: Error Message Reference



PWD Password handling

RPT Report messages

RTE Runtime environment component configuration

SML SAML single sign-on protocol

SOC SOAP client

SPS Single sign-on protocol service

STM Secure token service

STS Secure token service modules

STZ RACF® PassTicket tokens

SU Common Audit Staging Utility

TAC Tivoli Access Manager configuration as point-of-contact server

TRC Trust client

USC User self care

WS Common Auditing and Reporting Service Web serviceWSF WS-Federation single sign-on protocol

WSP Provisioning service

WSS Web services security management

XS Common Audit Service XML data store

XU Common Audit Service XML store utilities

Severity

Associated with each message is a severity level that indicates whether corrective

action must be taken.Table 1. Severity level

Severity Description

I (Informational) Provides information or feedback about normal events that occur. Ingeneral, no action needs to be performed in response to aninformational message.

FBTRTE033I The domain default was successfully created.FBTSTM066I The Trust Service has been disabled.

W (Warning) Indicates that a potentially undesirable condition has occurred, butprocessing can continue. Intervention or corrective action might benecessary in response to a warning message.

FBTLOG002W An integer was expected.

FBTTRC004W The returned RequestSecurityTokenResponsedid not have a wsu:Id

Chapter 1. Message overview 3



Table 1. Severity level (continued)

Severity Description

E (Error) Indicates that a problem has occurred that requires intervention orcorrection before processing can continue. An error message might beaccompanied by one or more warning or informational messages thatprovide additional details about the problem.

FBTCON013E The federation with ID insert could not beretrieved from the single sign-on protocol service.Explanation:This error can occur if the console is unable tocommunicate with the single sign-on protocol service.

FBTSML260E The binding value value for attribute attris not valid for profile profile.

Message text

The text of the message, in the system locale, also is recorded in the log file. If themessage text is not available in the desired language, the English language text is

used.




Chapter 2. Security Access Manager Base Messages

These messages are provided by the Security Access Manager Base component.

HPDAC0153E Could not build ACL with thesupplied ACL entries.

Explanation: An ACL entry failed the validity check.The Security Access Manager policy server's error logfile will contain an error status message indicating thereason for the failure.

Administrator response: Review the Security AccessManager policy server's error log to determine thereason that the ACL failed the validity check.

HPDAC0178E Could not obtain local host name.

Explanation: The system library call to get the localhost name failed.

Administrator response: Ensure that the machine hasa valid hostname.

HPDAC0179E Unexpected exception caught.

Explanation: An unexpected exception was caughtwhile registering an azn administration service with theSecurity Access Manager policy server.

Administrator response: Ensure that the SecurityAccess Manager policy server is running and that theclient and server versions are compatible with each

other.

HPDAC0180E The Security Access Managerauthorization server could not be started(0x%8.8lx).

Explanation: The Security Access Managerauthorization server encountered an error duringinitialization.

Administrator response: See the accompanying statuscode, which gives more information about the failure.

HPDAC0450E There is no root ACL in theauthorization policy database.

Explanation: See message.

Administrator response: This is a severe errorindicating integrity problems with the policy database.If the problem occurs with the Security Access Managerauthorization server or with a Security Access Managerresource manager application, then stop the resourcemanager, remove the resource manager's policydatabase, and start the resource manager again. If theproblem occurs with the Security Access Manager

policy server, then stop the policy server, restore aknown good version of the master policy database, andthen start the Security Access Manager servers again. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0451E A protected object should have onlyone attached ACL (%s).


Administrator response: This is a severe error

indicating integrity problems with the policy database.If the problem occurs with the Security Access Managerauthorization server or with a Security Access Managerresource manager application, then stop the resourcemanager, remove the resource manager's policydatabase, and start the resource manager again. If theproblem occurs with the Security Access Managerpolicy server, then stop the policy server, restore aknown good version of the master policy database, andthen start the Security Access Manager servers again. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0452E An ACL that is attached to aprotected object cannot be found in thepolicy database (%s ,%s).


Administrator response: This is a severe errorindicating integrity problems with the policy database.If the problem occurs with the Security Access Managerauthorization server or with a Security Access Managerresource manager application, then stop the resourcemanager, remove the resource manager's policydatabase, and start the resource manager again. If the

problem occurs with the Security Access Managerpolicy server, then stop the policy server, restore aknown good version of the master policy database, andthen start the Security Access Manager servers again. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman


http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman




















HPDAC0453E Authorization policy database versionis incompatible with the server version(%ld ,%ld) and will be automaticallyreplaced.

Explanation: The authorization client application hasdetected an incompatible version of the policydatabase. The database is replaced automatically.

Administrator response: No action is required.

HPDAC0454E Could not initialize the authorizationpolicy database (0x%8.8lx).

Explanation: An error occurred while attempting toaccess the authorization policy database. Theauthorization engine client was not initialized correctly.

Administrator response: See the accompanying statuscode, which gives more information about failure.

HPDAC0455E The authorization policy database has

not been initialized.

Explanation: An error occurred during applicationinitialization and the authorization policy database wasnot initialized correctly.

Administrator response: Review the Security AccessManager base error log and look for error messagesduring initialization that might account for problemswith the authorization policy database.

HPDAC0456E The ACL name specified was notfound in the authorization policydatabase.


Administrator response: Review the ACL name andensure that the name is a valid ACL name and that itmatches an ACL that exists in the authorization policydatabase.

HPDAC0457E The protected object name is invalid.

Explanation: The protected object name is invalid. Thename must begin with the '/' character. The namecannot contain carriage return or line-feed charactersand it cannot contain two '/' characters in sequence.

Administrator response: Review the protected objectname and ensure that it adheres to the restrictionsoutlined in the message explanation.

HPDAC0458E The protected object name specifiedwas not found in the authorizationpolicy database.


Administrator response: Review the protected objectname and ensure that the name is a valid protected

object name and that it matches an object that exists inthe authorization policy database.

HPDAC0459E The protected object space specifiedwas not found in the authorizationpolicy database.


Administrator response: Review the protected objectspace name and ensure that the name is a validprotected object space name and that it matches anobject space that exists in the authorization policydatabase.

HPDAC0460E The protected object space specifiedalready exists in the authorization policydatabase.


Administrator response: Each protected object space

name must be unique so choose a different name forthe new protected object space.

HPDAC0461E The extended attribute specified wasnot found.


Administrator response: Review the extendedattributes on the target object and ensure that theextended attribute requested actually exists in theextended attribute list for this object.

HPDAC0462E The extended attribute name

specified is invalid.


Administrator response: Review the extendedattribute name to ensure that it is valid.

HPDAC0463E There are no extended attributesassociated with the specified protectedobject or authorization policy object.


Administrator response: Define extended attributesfor specified object or parent object if you want to

perform extended attributes associated with the object.

HPDAC0464E A POP that is attached to a protectedobject cannot be found in the policydatabase (%s ,%s).


Administrator response: This is a severe errorindicating integrity problems with the policy database.If the problem occurs with the Security Access Managerauthorization server or with a Security Access Manager

HPDAC0453E • HPDAC0464E




resource manager application, then stop the resourcemanager, remove the resource manager's policydatabase, and start the resource manager again. If theproblem occurs with the Security Access Managerpolicy server, then stop the policy server, restore aknown good version of the master policy database, andthen start the Security Access Manager servers again. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0465E A new action group could not becreated because the count of actiongroups has reached the maximumpermitted.


Administrator response: If you want to create anotheraction group, then you must first reduce the count of defined action groups. Review the list of defined action

groups and remove those that are no longer required.

HPDAC0466E A new action could not be createdbecause the count of actions has reachedthe maximum permitted.


Administrator response: Before creating anotheraction you must first reduce the count of definedactions. Review the list of defined actions and removethose that are no longer required.

HPDAC0467E Unable to create the new actionbecause the bitmask supplied is invalid.

Explanation: The bitmask must have only one of bits0 to 31 set to be a valid action bitmask. Havingmultiple bits set or no bits at all is invalid.

Administrator response: Review the specified action bitmask to ensure that at least one and only one action bit is set in the mask.

HPDAC0468E Unable to create new action groupbecause an action group exists with thesame name.

Explanation: See message.Administrator response: You must choose a uniquename for the new action group.

HPDAC0469E Unable to locate an action group withthe name supplied.


Administrator response: Review the action groupname specified and ensure that it is a valid actiongroup name and that the group exists.

HPDAC0470E Unable to create the new actionbecause an action exists with the samename.


Administrator response: You must choose a uniqueaction name for the new action.

HPDAC0471E Action name contains invalidcharacters or too many characters.

Explanation: The action name specified is invalid. Thename must not be NULL and can contain only onecharacter from the set [a-zA-Z].

Administrator response: Review the action name andensure that it conforms to the criteria specified in theSecurity Access Manager Base Administrator's Guide.

HPDAC0472E Action group name contains invalidcharacters.

Explanation: The action group name specified isinvalid. The name must not be NULL and can containonly characters from the set [a-zA-Z0-9 +-_:].

Administrator response: Review the action groupname and ensure that it conforms to the criteriaspecified in the Security Access Manager BaseAdministrator's Guide.

HPDAC0473E The primary action group cannot bedeleted.



HPDAC0474E A protected object should have onlyone rule attached (%s).


Administrator response: This is a severe errorindicating integrity problems with the policy database.If the problem occurs with the Security Access Managerauthorization server or with a Security Access Managerresource manager application, then stop the resourcemanager, remove the resource manager's policydatabase, and start the resource manager again. If the

problem occurs with the Security Access Managerpolicy server, then stop the policy server, restore aknown good version of the master policy database, andthen start the Security Access Manager servers again. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman


Chapter 2. Security Access Manager Base Messages 7















HPDAC0475E A rule that is attached to a protectedobject cannot be found in the policydatabase (%s ,%s).


Administrator response: This is a severe errorindicating integrity problems with the policy database.

If the problem occurs with the Security Access Managerauthorization server or with a Security Access Managerresource manager application, then stop the resourcemanager, remove the resource manager's policydatabase, and start the resource manager again. If theproblem occurs with the Security Access Managerpolicy server, then stop the policy server, restore aknown good version of the master policy database, andthen start the Security Access Manager servers again. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0476E A protected object should have onlyone POP attached (%s).


Administrator response: This is a severe errorindicating integrity problems with the policy database.If the problem occurs with the Security Access Managerauthorization server or with a Security Access Managerresource manager application, then stop the resourcemanager, remove the policy database of the resourcemanager, and start the resource manager again. If theproblem occurs with the Security Access Managerpolicy server, then stop the policy server, restore a

known good version of the master policy database, andthen start the Security Access Manager servers again. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0750E Invalid ACL name.

Explanation: The ACL name received was invalid. TheACL name contained illegal characters or was NULL.

Administrator response: Review the ACL name andensure that it conforms to the criteria specified in theSecurity Access Manager Base Administrator's Guide.

HPDAC0751E Invalid protected object name.

Explanation: The protected object name received wasinvalid. The protected object name contained illegalcharacters or was NULL.

Administrator response: Review the protected objectname and ensure that it conforms to the criteriaspecified in the Security Access Manager BaseAdministrator's Guide.

HPDAC0752E The requested object was not found.


Administrator response: Review the object name andensure that it is valid and that it actually exists.

HPDAC0753E The ACL action specified could notbe mapped.

Explanation: There is no mapping for this ACL actionin the policy database.

Administrator response: Review the ACL name andensure that it is valid and refers to an existing ACLaction in the policy database.

HPDAC0754E Privacy or data integrity quality ofprotection cannot be specified in theunauthenticated entry.

Explanation: Quality of protection cannot be enforced

by the authorization client runtime for unauthenticatedusers.


HPDAC0755E The ACL has an unauthenticatedentry but there is no any-other entry.The any-other entry must be at least aspermissive as unauthenticated.


Administrator response: Add an any-other entry tothe ACL with permissions at least equal to those of theunauthenticated user.

HPDAC0756E The any-other entry is missingactions from the unauthenticated entry.The any-other entry must be at least aspermissive as unauthenticated.


Administrator response: Ensure that the permissionsin the ACL for the any-other entry are at least equal tothose of the unauthenticated entry.

HPDAC0757E An entry in the ACL is missing someactions granted by the unauthenticated

entry. Users can bypass an explicitaction revocation if allowed by theunauthenticated entry.


Administrator response: Review the ACL and ensurethat the unauthenticated entry does not have thepermission to perform actions that other authenticatedentries cannot. The permissions of the unauthenticatedentry should be the most restrictive in the securedomain.











HPDAC0758E An entry in the ACL that grantscontrol does not also grant traverse.

Explanation: To have the control permission the usermust also be able to traverse.

Administrator response: Ensure that entries with thecontrol permission also have the traverse permission.

HPDAC0759E No entry in the ACL grants controlpermission.

Explanation: At least one entry in the ACL must havethe control permission. Otherwise the ACL cannot bemodified or deleted.

Administrator response: Add the control permissionto at least one of the ACL entries. An administrativeuser is the most suitable candidate because controlpermission will authorize the user to modify and deletethe ACL.

HPDAC0760E The user is revoking the controlpermission for itself on this ACL.

Explanation: If the current user removes the controlpermission from its own ACL entry, that user can nolonger modify or delete the object. If the user were theonly user with control permission then the ACL can nolonger be modified or deleted. To avoid losing controlover the ACL, it is more prudent to have another userwho has control permission remove the controlpermission on behalf of the current user.

Administrator response: Login as another user whohas the control permission for this ACL and have thatuser remove the control permission on behalf of thecurrent user.

HPDAC0766E The ACL cannot be detached fromthe root protected object. Try replacingthe attached ACL instead.


Administrator response: Modify or even replace theroot ACL with an ACL of the desired configuration.

HPDAC0767E Core ACL actions cannot be deleted.



HPDAC0768E The ACL action name already exists.


Administrator response: Choose a unique action namefor the new action.

HPDAC0769E Too many ACL actions are alreadydefined.

Explanation: Only 32 actions bits can be defined andthis limit has been reached.

Administrator response: An ACL action must bedeleted before a new action can be created.

HPDAC0771E The user registry client isunavailable.

Explanation: The authorization client was unable tocontact the user registry. The user registry client maynot be configured correctly.

Administrator response: Refer to the InstallationGuide for your chosen platform and ensure that thecorrect user registry has been specified and that theconfiguration steps succeeded. Also ensure that theuser registry is running and can be contacted from theclient machine. The IBM Security Access Manager for

Web Troubleshooting Guide contains instructions onhow to ensure that the user registry is configuredcorrectly and is operational.

HPDAC0772E The LDAP user registry clientreturned an error status for the specifiedDN.

Explanation: The LDAP client returned an error status because the DN was invalid or there are multiples of the same DN.

Administrator response: Ensure that the specified DNexists in the user registry and is valid and that the DNis unique.

HPDAC0773E The LDAP user registry clientreturned an unexpected failure status.

Explanation: The LDAP user registry client returnedan error code that was unexpected or unknown toSecurity Access Manager.

Administrator response: Ensure that the LDAPregistry server and local registry client runtime arecorrectly installed and operational then try theprocedure again. The IBM Security Access Manager forWeb Troubleshooting Guide contains instructions onhow to ensure that the user registry is configured

correctly and is operational. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0776E The DN specified was not found inthe registry.

Explanation: The specified DN was not found in theuser registry.





Administrator response: Ensure that the DN specifiedexists in the user registry and is valid.

HPDAC0777E LDAP Registry client returned amemory error.

Explanation: The LDAP registry client encountered amemory error.

Administrator response: Ensure that the affectedprocess has been configured with sufficient virtualmemory for its requirements. The IBM Security Access Manager for Web Performance Tuning Guide containsinstructions on how to ensure that the application isconfigured with the correct amount of virtual memory.Stop and restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0778E The specified user's account is set toinvalid.

Explanation: When an account is created in the userregistry, the user account must also be marked as valid.

Administrator response: Start the administrationconsole or command-line administration tool and setthe user account to be valid with the 'user modify'command.

HPDAC0779E The LDAP registry server is down.

Explanation: The LDAP registry server is not running.

Administrator response: Ensure that the LDAPregistry server is running and that the LDAP client has

been correctly configured to communicate with theserver. The IBM Security Access Manager for WebTroubleshooting Guide contains instructions on how toensure that the user registry is configured correctly andis operational.

HPDAC0780E A valid action group is specified, butno action is specified.

Explanation: The permission string contains a validaction group, but no action within this group isspecified. Therefore, an authorization check cannot be

performed.Administrator response: Ensure that a valid action forthe specified action group was provided.

HPDAC0901E The Authorization service is alreadyinitialized.

Explanation: You cannot reinitialize the authorizationservice once it has been initialized. The azn_shutdown()interface must be called before the aznAPI client can beinitialized again.

Administrator response: Review your aznAPIapplication and ensure that the azn_initialize() interfaceis called only once during the execution of theprogram.

HPDAC0902E There was no authorization clientlistener port specified.

Explanation: The authorization client requires a TCPport to listen for authorization policy updates and aznadmin service requests.

Administrator response: Ensure that you havespecified a listening port for the authorization client inthe aznAPI client configuration file or by usingprogrammatic aznAPI initialization attributes.

HPDAC0906E An invalid parameter was supplied tothe API function.

Explanation: A parameter supplied to the APIfunction was NULL or outside the range of valid

values.

Administrator response: Ensure that the API functioncall parameters supplied meet the criteria defined forthe API interface in the IBM Security Access Manager forWeb Authorization C API Developer's Reference. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC0909E An unspecified implementationdependent error has occurred.

Explanation: A minor error could not be mapped to aknown message catalog category. The minor errormight be returned by an authorization service plug-inwithout first being encoded using azn_util_errcode().Another reason this occurs is that an authorizationclient's message catalogs might not be synchronizedwith those of the Security Access Managerauthorization server.

Administrator response: If you have loaded a customauthorization service plug-in then ensure that theplug-in returns the appropriate azn_status_t error codesfrom its exported interfaces. If this is not the case, thenthe authorization client's message catalogs might not be

synchronized with those of the server. Upgrade theSecurity Access Manager Runtime package to the samelevel as the server.

HPDAC0910E An invalid policy cache mode valuewas specified.


Administrator response: Ensure that the specifiedpolicy cache mode is a valid mode from the set of modes defined in the Security Access ManagerAuthorization C API Developer's Reference.

















HPDAC0912E An invalid database file path valuewas specified.


Administrator response: Ensure that the specifieddatabase file path is valid.

HPDAC0914E An invalid policy cache refreshinterval value was specified.


Administrator response: Ensure that the policy cacherefresh interval specified is within the range of validvalues specified in the Security Access ManagerAuthorization C API Developer's Reference.

HPDAC0915E An invalid listen flags value wasspecified.

Explanation: The listen flags can be set to either

'enable' or 'disable'.Administrator response: Ensure that the listen flagsconfiguration parameter is set to either 'enable' or'disable'.

HPDAC0919E An invalid LDAP host name wasspecified.


Administrator response: Ensure that the LDAP hostname specified is valid.

HPDAC0920E An invalid LDAP host port wasspecified.


Administrator response: Ensure that the LDAP serverport specified is valid.

HPDAC0923E An invalid LDAP server SSL keyfilewas specified.

Explanation: The SSL keyfile could not be found, isinvalid or has inappropriate access permissions.

Administrator response: Ensure that the path to theLDAP server SSL keyfile is correct that the file exists, isvalid and has the appropriate access permissions.

HPDAC0924E An invalid LDAP server SSL keyfileDN was specified.


Administrator response: Ensure that the specified DNfor the LDAP server SSL keyfile is correct.

HPDAC0925E An invalid LDAP server SSL keyfilepassword was specified.


Administrator response: Ensure that the specifiedpassword for the LDAP server SSL keyfile is correct.

HPDAC0926E One or more of the LDAP servervalues was not specified.

Explanation: To configure an LDAP registry serveryou must at least specify the server host name, the porton which to connect to the server, the DN with whichto bind to the server and the password for that DN.One of these values was not specified in theconfiguration settings.

Administrator response: Ensure that you havespecified the LDAP registry server name, request port,

bind DN, and bind DN password in the aznAPI clientconfiguration settings.

HPDAC0928E The attempt to initialize the LDAPregistry failed.

Explanation: This failure can occur when the LDAPregistry server configuration settings are incorrect orwhen the Security Access Manager runtime isincorrectly configured for a registry type other thanLDAP.

Administrator response: Ensure that you havecorrectly configured the Security Access ManagerRuntime package to use an LDAP user registry. Thecurrent user registry setting can be determined bylooking at the 'user-reg-type' entry in the [pdrte] stanzaof the 'etc/pd.conf' file in the Security Access Managerinstall directory. If the runtime is configured incorrectly,you will need to unconfigure all packages andreconfigure the machine again. If the runtime has beencorrectly configured, then ensure that the configurationparameters specified for the LDAP registry server arecorrect.

HPDAC0930E A memory allocation call failed.

Explanation: In most cases this error due to theaznAPI application program running out of memory.

Administrator response: Ensure that the application

has been configured with sufficient virtual memory forits requirements. The IBM Security Access Manager forWeb Performance Tuning Guide contains instructions onhow to ensure that the application is configured withthe correct amount of virtual memory. Stop and restartthe process. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman









HPDAC0931E Unable to configure LDAP replicaserver.

Explanation: The replica is either misconfigured orthere are too many replicas configured.

Administrator response: Ensure that the replica LDAPserver configuration settings are valid and refer to an

operational replica of the master LDAP server. Alsoensure that you have not registered more LDAPreplicas than that allowed by the LDAP registryimplementation.

HPDAC0932E An invalid LDAP bind user DN wasspecified.


Administrator response: Ensure that the LDAP binduser DN specified is valid.

HPDAC0933E The password for the LDAP bind

user was invalid.


Administrator response: Ensure that the LDAP binduser password specified is valid.

HPDAC0934E An invalid configuration file pathwas specified.


Administrator response: Ensure that the path to theconfiguration file that was specified is valid.

HPDAC0935E An error occurred loading the aznAPIconfiguration file.


Administrator response: Review the aznAPIconfiguration file used to initialize the application andensure that it is a valid stanza format file and that theentries conform to stanza format syntax.

HPDAC0936E An error occurred loading theconfiguration file specified as theparameter to 'ldap-server-config' in theaznAPI config file.


Administrator response: Review the respectiveaznAPI configuration file and ensure that it is a validstanza format file and that the entries conform tostanza format syntax.

HPDAC0937E An invalid maximum search size wasspecified.

Explanation: The specified maximum search sizecould not be converted to an integer number or is zero.

Administrator response: Ensure that the valuespecified for maximum search size is a valid integer

value in the range specified in the LDAP registry serverdocumentation and is not zero.

HPDAC0940E An invalid attribute value wasspecified for theazn_init_set_perminfo_attrs attribute.


Administrator response: Ensure that the valuespecified for the azn_init_set_perminfo_attrsinitialization attribute is a text string consisting of oneor more valid aznAPI attribute names separated byspaces.

HPDAC0941E Too many permission informationattributes were specified with theazn_init_set_perminfo_attrs attribute.

Explanation: The maximum number of permissioninfo attributes that can be returned from anazn_decision_access_allowed_ext() call is 32.

Administrator response: Review the list of permissioninformation attributes that you have specified in theazn_init_set_perminfo_attrs attribute and ensure thatthe count of attributes is no greater than 32.

HPDAC0943E An invalid trace configurationparameter was specified: %s.

Explanation: Either the application configuration filecontains an invalid 'trace' configuration item in the[aznapi-configuration] stanza or the application ispassing an invalid value for the azn_init_traceprogrammatic initialization attribute. The valueconsidered invalid is shown in the error message.

Administrator response: Correct the value of the traceconfiguration parameter in the configuration file or theapplication as appropriate.

HPDAC0944E An invalid statistics configurationparameter was specified: %s.

Explanation: Either the application configuration filecontains an invalid 'stats' configuration item in the[aznapi-configuration] stanza or the application ispassing an invalid value for the azn_init_statsazn_initialize parameter. The value considered invalidis shown in the error message.

Administrator response: Correct the value of the'stats' configuration parameter in the configuration fileor the application as appropriate.





HPDAC0945E The value specified for the 'timeout'parameter in the [ldap] stanza is invalid:%s.

Explanation: Either the application configuration filecontains an invalid 'timeout' configuration value in the[ldap] stanza or the application is passing an invalidvalue for the azn_init_ldap_timeout azn_initializeparameter. The value considered invalid is shown inthe error message.

Administrator response: Correct the value of the'timeout' parameter in the [ldap] stanza. It must be anon-negative integer.

HPDAC0946E The value specified for the'authn-timeout' parameter in the [ldap]stanza is invalid: %s .

Explanation: Either the application configuration filecontains an invalid 'authn-timeout' configuration valuein the [ldap] stanza or the application is passing an

invalid value for the azn_init_ldap_authn_timeoutazn_initialize parameter. The value considered invalidis shown in the error message.

Administrator response: Correct the value of the'authn-timeout' parameter in the [ldap] stanza. It must

be a non-negative integer.

HPDAC0947E The value specified for the'search-timeout' parameter in the [ldap]stanza is invalid: %s .

Explanation: Either the application configuration filecontains an invalid 'search-timeout' configuration item

in the [ldap] stanza or the application is passing aninvalid value for the azn_init_ldap_search_timeoutazn_initialize parameter. The value considered invalidis shown in the error message.

Administrator response: Correct the value of the'search-timeout' parameter in the [ldap] stanza. It must

be a non-negative integer.

HPDAC0948E Validation of the rule text for the ruleobject failed. Refer to the error log formore information about the failure.

Explanation: The rule text of the rule policy is not

valid.Administrator response: Review the rule text for therule policy named in the error log and correct anyerrors.

HPDAC0949E Validation of the rule text for ruleobject %s failed. Error code 0x%x wasreturned along with error message %s.

Explanation: The rule text of the rule policy is notvalid.

Administrator response: Review the rule text for therule policy named in the error log and correct anyerrors.

HPDAC0950E An ADI container name was found inmultiple places in the input from theapplication. Refer to the error log for

more information about the failure.

Explanation: The same piece of access decisioninformation cannot be provided to the rules evaluatorfrom two different sources as this indicates that onepiece of data may not be valid or is incorrectly named.Container names must be unique across data sources.

Administrator response: Review your systemconfiguration to ensure that only one of either theapplication context or user credentials is the source forthe piece of ADI named in the error log.

HPDAC0951E The ADI container name %s was

found in multiple places in the inputfrom the application.

Explanation: The same piece of access decisioninformation cannot be provided to the rules evaluatorfrom two different sources as this indicates that onepiece of data may not be valid or is incorrectly named.Container names must be unique across data sources.

Administrator response: Review your systemconfiguration to ensure that only one of either theapplication context or user credentials is the source forthe piece of ADI named in the error log.

HPDAC0952E The XSL processor failed to evaluatethe rule object. Refer to the error log formore information about the failure.

Explanation: The rule text of the rule policy named inthe error log is not valid and caused an error conditionin the XSL processor.

Administrator response: Review the rule text for therule policy object named in the error log and correctany errors.

HPDAC0953E The XSL processor failed to evaluatethe rule object %s. Error code 0x%x wasreturned along with error message %s.

Explanation: The rule text of the rule policy named inthe error log is not valid and caused an error conditionin the XSL processor.

Administrator response: Review the rule text for therule policy object named in the error log and correctany errors.





HPDAC0954E The rule object was not evaluatedbecause there was insufficient accessdecision information provided in theapplication context and credentialattributes.

Explanation: To evaluate a rule, the authorizationengine must have all of the ADI referenced in the ruletext available at evaluation time. If any items of dataare missing then the rule cannot be evaluated.

Administrator response: Review the rule text for therule policy object named in the error log and ensurethat all of the items of data listed in the error messageare provided to the access decision call.

HPDAC0955E Rule object %s was not evaluatedbecause there was insufficient accessdecision information provided to theaccess decision call. Missing ADI itemsinclude: %s.

Explanation: To evaluate a rule the authorizationengine must have all of the ADI referenced in the ruletext available at evaluation time. If any items of dataare missing then the rule cannot be evaluated.

Administrator response: Review the rule text for therule policy object named in the error log and ensurethat all of the items of data listed in the error messageare provided to the access decision call.

HPDAC0956E The rule text is invalid because thetemplate match statement does notmatch one of the minimum requiredpaths of /XMLADI or XMLADI.

Explanation: Input data is supplied to the rulesevaluator within a top-level element XMLADI. Tomatch any data item within the XML document thetemplate match statement must match either the XPath/XMLADI or XMLADI. Matching paths above thispoint in the path is not valid.

Administrator response: Review the rule text for therule policy object and change the template matchstatement to include one of /XMLADI or XMLADI.

HPDAC0957E The rule %s is invalid because thetemplate match statement does not

match one of the minimum requiredpaths of /XMLADI or XMLADI.

Explanation: Input data is supplied to the rulesevaluator witin a top-level element XMLADI. To matchany data item within the XML document the templatematch statement must match either the XPath/XMLADI or XMLADI. Matching paths above thispoint in the path is not valid.

Administrator response: Review the rule text for therule policy object named in the error log and change

the template match statement to include one of /XMLADI or XMLADI.

HPDAC0958E The rule was found to have noidentifiable ADI to use when evaluatingthe rule.

Explanation: The validation of the rule text of the rulepolicy named in the error log failed because there wasno ADI identified in the rule text. ADI consists of thevariables used in a rule to make comparisons against. Arule with no variables, for example a rule that iscomparing static data, is invalid.

Administrator response: Review the rule text for therule policy and correct any errors.

HPDAC0959E Rule %s was found to have noidentifiable ADI to use when evaluatingthe rule.

Explanation: The validation of the rule text of the rule

policy named in the error log failed because there wasno ADI identified in the rule text. ADI consists of thevariables used in a rule to make comparisons against. Arule with no variables, for example a rule that iscomparing static data, is invalid.

Administrator response: Review the rule text for therule policy named in the error log and correct anyerrors.

HPDAC0960E The rule has a null entry in thecompiled rules cache.

Explanation: The validation of the rule text of the rule

policy named in the error log failed and the rule couldnot be cached in the local client.

Administrator response: Review the rule text for therule policy and correct any errors.

HPDAC0961E Rule %s has a null entry in thecompiled rules cache.

Explanation: The validation of the rule text of the rulepolicy named in the error log failed and the rule couldnot be cached in the local client.

Administrator response: Review the rule text for therule policy named in the error log and correct any

errors.

HPDAC0962E The XSL prolog entry specifies anXSL output method other than 'text',which is an invalid processor setting forrules evaluation.

Explanation: The output of any rule evaluation must be plain text so setting any other output method in theXSL prolog entry for the rules evaluator is invalid.

Administrator response: Review the XSL prolog entry





in the application's configuration file and ensure thatthe output method is 'text'.

HPDAC0963E The XSL prolog asks the XSLprocessor to generate an XMLdeclaration in the output from a ruleevaluation. This setting is invalid.

Explanation: The output of any rule evaluation must be minimal plain text so including an XML declarationin the text output is invalid.

Administrator response: This is an invalid processorsetting for rules evaluation. Review the XSL prologentry in the application's configuration file and ensurethat the 'omit-xml-declaration' setting in the outputmethod is 'yes'.

HPDAC0964E The method of output encodingspecified for the XSL processor isinvalid for the purposes of rule

evaluation.Explanation: The encoding for XSL output specified inthe XSL prolog configuration entry must be UTF-8.

Administrator response: Review the XSL prolog entryin the application's configuration file and ensure thatthe output encoding is UTF-8.

HPDAC0965E The parsing of the compiled XSL rulereturned an invalid element pointer.

Explanation: An internal XSL rule parsing error hasoccurred.

Administrator response: Review the rule text for therule attached to the target object and ensure that it isvalid XSL and conforms to Security Access Managerrequirements.

HPDAC0966E The parsing of the compiled XSL rulereturned an invalid template matchstring pointer.


Administrator response: Review the rule text for therule attached to the target object and ensure that it isvalid XSL and conforms to Security Access Manager

'template match' statement requirements.

HPDAC0967E An invalid XSL operation wasencountered while parsing the compiledXSL rule.


Administrator response: Review the rule text for therule attached to the target object and ensure that it is

valid XSL and conforms to Security Access Managerrequirements.

HPDAC0968E The rule does not return a validresult tag to the authorization engine.

Explanation: A Security Access Manager authorizationrule must return one of the values listed in the messageexplanation to indicate the success, failure, orindifference of the rule evaluation.

Administrator response: Review the rule text for therule and ensure that it will return one of the result tags!TRUE!, !FALSE!, or !INDIFFERENT! in the XSL outputdocument to the authorization engine.

HPDAC0969E Rule %s does not return a valid resulttag to the authorization engine.

Explanation: A Security Access Manager authorizationrule must return one of the values listed in the messageexplanation to indicate the success, failure, or

indifference of the rule evaluation.

Administrator response: Review the rule text for therule named in the error log and ensure that it willreturn one of the result tags !TRUE!, !FALSE!, or!INDIFFERENT! in the XSL output document to theauthorization engine.

HPDAC0970E The rule contains an absolute XPaththat doesn't include the top-leveldocument element /XMLADI.

Explanation: Security Access Manager authorizationrules are restricted to referencing ADI elements within

an XML document with the top-level element<XMLADI>. Absolute XPaths that attempt to referenceother top-level document elements are invalid.

Administrator response: Review the rule text for therule and ensure that all absolute XPaths to rule ADIstart from the top-level document element /XMLADI.

HPDAC0971E The XSL prolog contains an XMLnamespace declaration for the defaultnamespace. The default namespace isreserved for use by Security AccessManager.

Explanation: The default XML/XSL namespace, whichhas no prefix, is reserved for use by Security AccessManager.

Administrator response: Review the XSL prologstatement and remove any default namespacedeclaration.





HPDAC0972E The XSL prolog contains a namespacedeclaration that has an invalid URI.

Explanation: The authorization engine failed to parsea URI from the XSL prolog statement.

Administrator response: Review the XSL prologstatement and ensure that the URIs in the XML

namespace declarations have been correctly definedand delimited with quotation marks.

HPDAC0973E The XSL prolog contains a namespacedeclaration that has no prefix to URIassignment.

Explanation: The authorization engine failed to findan '=' sign to denote assignment of a URI to anamespace prefix in the XSL prolog statement.

Administrator response: Review the XSL prologstatement and ensure that a URI has been specified foreach namespace prefix declared.

HPDAC0974E The XSL prolog contains a duplicatenamespace prefix or URI declaration.

Explanation: The authorization engine requires thatthe mapping of namespace prefix to URI is unique sothat target ADI can be properly identified.

Administrator response: Review the XSL prologstatement and ensure that the mapping of namespaceprefix to URI is unique.

HPDAC0975E The XSL prolog contains a namespacedeclaration for the prefix 'xsl'. This

prefix is reserved for the XSLT languagenamespace.

Explanation: The authorization engine requires thatthe mapping of namespace prefix to URI is unique sothat target ADI can be properly identified.

Administrator response: Review the XSL prologstatement and remove any namespace declaration forthe prefix 'xsl' that is not mapped to the XSLT standardURI.

HPDAC0976E An unexpected Xalan processorexception was caught during rule

processing. Refer to the error log formore information about the exception.

Explanation: Xalan returned an exception condition tothe authorization engine that was not handled and notexpected.

Administrator response: Refer to the error log todetermine if an error message accompanied theexception.

HPDAC0977E An unexpected Xalan processorexception was caught during ruleprocessing. Error message %s wasreturned with the exception.

Explanation: Xalan returned an exception condition tothe authorization engine that was not handled and notexpected.

Administrator response: Refer to the error log todetermine if an error message accompanied theexception.

HPDAC0978E A predicate expression using the /XMLADI top-level document elementcannot be used in an authorization rule.

Explanation: Security Access Manager authorizationrules are restricted to referencing ADI elements withinan XML document with the top-level element<XMLADI>. Predicate expressions that use /XMLADIare invalid for use in authorization rules because the

target ADI of the predicate expression cannot bedetermined with certainty before evaluation.

Administrator response: Review the rule text for therule and remove the predicate expression that uses thetop-level document element /XMLADI.

HPDAC0979E The result string returned from therule evaluation is greater than themaximum result buffer size of 1023bytes.

Explanation: The buffer used to store the text outputof a rule evaluation is 1023 bytes in length. The result

text string returned by the rule must have a length lessthan this in order to fit into the result buffer. If theresult string token is surrounded by a lot of whitespace then this error might occur. To determine theresult string text that will be returned as output fromthe rule evaluation, count the number of characters

between the last closing '>' character and the firstopening '<' character after that in the line containingthe result string token.

Administrator response: Review the rule text for therule and ensure that the rule returns one of therequired result string tokens as outlined in the IBMSecurity Access Manager for Web Administrator'sGuide. Also ensure that the white space surroundingthe result string token is kept to a minimum so thattotal count of output characters is less than 1023.

HPDAC0980E A value added to theazn_cred_groups attribute is not a stringvalue.

Explanation: The type of all values of theazn_cred_groups attribute must be of type string. Otherattribute types are not permitted.

Administrator response: Review the values of the





azn_cred_groups attribute returned in the entitlementsattribute list and ensure that each attribute value is astring.

HPDAC0981E The request to add groupmemberships to the user credential froman entitlement service was denied.

Explanation: To ensure that the resource managercannot modify the group memberships of a credentialwithout explicit approval the resource manager musthave loaded the credential group modification servicesupplied with Security Access Manager. If this serviceis not loaded or is unavailable then the resourcemanager cannot modify the group memberships of thecredentials with an entitlement service called byazn_id_get_creds().

Administrator response: If the resource manager ispermitted to add group memberships to the usercredential built by azn_id_get_creds() then the systemadministrator must also configure the resource manager

to load the credential group modification servicesupplied with Security Access Manager.

HPDAC0982E The code set parameter specified isnot one of the valid code set nameconstants expected by the aznAPIruntime.

Explanation: The aznAPI runtime requires that thecode set name parameter specified be one of the validcode set name constants. The constants include'azn_code_set_utf8' and 'azn_code_set_local'.

Administrator response: Review the specified

parameter and ensure that the value for the code setname is one of the string constants 'azn_code_set_utf8'or 'azn_code_set_local'.

HPDAC1050E Operation is not authorized.


Administrator response: An authorization decisionresult. No action is required.

HPDAC1051E Operation is not authorized. Requestpermitted by Warning Mode.

Explanation: See message.Administrator response: An authorization decisionresult. No action is required.

HPDAC1052E No traverse permission.



HPDAC1053E Traverse permission was denied.Request permitted by Warning Mode.



HPDAC1056E Delegate principal is unauthorized toperform delegation.



HPDAC1057E Delegate principal is unauthorized toperform delegation. Request permittedby Warning Mode.



HPDAC1058E External authorization failed.



HPDAC1059E ACL evaluation algorithm failure(0x%8.8lx).

Explanation: The ACL evaluation algorithm failed toobtain the permission set from the effective ACL.

Administrator response: See the accompanying statuscode, which gives more information about the failure.

HPDAC1060E Access to the protected object is notallowed during this time of day.



HPDAC1063E Authentication step up is required toaccess the protected object.



HPDAC1064E Access to the protected object is notallowed during this time of day.Request permitted by Warning Mode.


Administrator response: An authorization decision





result. No action is required.

HPDAC1065E Access to the protected object waspermitted by EAS override.


Administrator response: An authorization decision

result. No action is required.

HPDAC1066E Access to the protected object wasdenied by EAS.



HPDAC1067E Access to the protected object wasdenied by EAS. Request permitted byWarning Mode.

Explanation: See message.Administrator response: An authorization decisionresult. No action is required.

HPDAC1068E Access to the protected object wasdenied by EAS override.



HPDAC1069E Access to the protected object was

denied by EAS override. Requestpermitted by Warning Mode.



HPDAC1070E The authorization rule policy attachedto the protected object denied access tothe object.



HPDAC1071E The authorization rule policy attachedto the protected object denied access tothe object. Request permitted byWarning Mode.



HPDAC1072E The step-up authorization policy onthe protected object has denied access.



HPDAC1073E The step-up authorization policy onthe protected object has denied access.Request permitted by Warning Mode.



HPDAC1074W The protected object's effectiveauthorization rule policy has not beenenforced.

Explanation: Authorization rule policies are not

enforced with this version of the product.Administrator response: No action is required.However if authorization rules are mandatory toenforcing your security policy, you should use aversion of the product that supports this feature.

HPDAC1350E aznAPI -- Internal error: see minorcode.

Explanation: An internal error has occurred.

Administrator response: Check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/

support/index.html?ibmprd=tivman

HPDAC1351E aznAPI -- DCE authentication failed.

Explanation: The aznAPI runtime was unable toauthenticate to the DCE authentication service. Thismessage is obsolete as DCE is no longer supported bySecurity Access Manager. The message code mustremain to ensure synchronicity between the aznAPImajor utility function status codes and the messagecatalogs.


HPDAC1352E aznAPI -- LDAP authentication failed.

Explanation: The aznAPI runtime was unable toauthenticate to the LDAP user registry.

Administrator response: Ensure that the LDAP serveris configured correctly, that it is operational and thatthe authentication parameters supplied are valid.









HPDAC1353E aznAPI -- Already authenticated (APIcaller may already be logged in).

Explanation: The aznAPI client runtime has attemptedto authenticate the server principal again.

Administrator response: If you are callingazn_initialize() twice within the same aznAPI

application ensure that the second call is preceded by acall to azn_shutdown().

HPDAC1354E aznAPI -- User's password hasexpired.


Administrator response: The user must change thepassword.

HPDAC1355E aznAPI -- The user information isinvalid.

Explanation: See message.Administrator response: Ensure that the userspecified exists in the user registry and is a valid user.

HPDAC1356E aznAPI -- The user registry is offline.


Administrator response: Ensure that the user registryis operational.

HPDAC1357E aznAPI -- Invalid Calling Parameters.

Explanation: The aznAPI function was called with an

invalid parameter.

Administrator response: Ensure that the respectiveparameters are valid.

HPDAC1358E aznAPI -- Error from pthread call.

Explanation: A thread-related error condition wasreturned.

Administrator response: Ensure that the applicationshave enough system resources and worker threads toperform their tasks. The IBM Security Access Manager forWeb Performance Tuning Guide contains instructions onhow to ensure that the application is configured withthe correct amount of system resources and workerthreads. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1359E aznAPI -- Invalid Principal Name.


Administrator response: Specify the name of anexisting user in the user registry.

HPDAC1360E aznAPI -- Invalid Password.


Administrator response: The password supplied mustmatch the password in the user registry.

HPDAC1361E aznAPI -- Invalid Mechanism IDReference.


Administrator response: Ensure that the pointerreference specified references a valid mechanism IDstructure.

HPDAC1362E aznAPI -- Invalid keyfile path.


Administrator response: Ensure that the keyfile pathis valid.

HPDAC1364E aznAPI -- Account Login Disabled.

Explanation: The account is disabled in the userregistry. Logins will not succeed until the account isenabled.

Administrator response: Contact your Security Access

Manager network administrator to enable the account.

HPDAC1365E aznAPI -- Time of Day AccessDenied.


Administrator response: The caller must perform thedesired operation within the time of day constraints setfor the protected object. Contact your Security AccessManager network administrator for details on the timeof day access restrictions that apply to the resource.

HPDAC1366E aznAPI -- The user account has been

locked out.

Explanation: The Security Access Manager networkadministrator has set a lock out time interval for thisaccount and it has expired causing logins to bedisabled for this account.

Administrator response: Contact your Security AccessManager network administrator to unlock and enablelogin to the account.









HPDAC1367E aznAPI -- New password is too short.


Administrator response: Review the passwordresitrictions that apply to your account and specify apassword that meets the minimum lengthrequirements.

HPDAC1368E aznAPI -- New password has illegalspaces.

Explanation: The password must meet the specifiedrequirements for your account. Spaces within thepassword are not permitted.

Administrator response: Specify a password thatdoesn't contain spaces.

HPDAC1369E aznAPI -- New password has toomany repeated characters.

Explanation: The password must meet the specifiedrequirements for your account. There is a maximumlimit on the number of times a character can berepeated within the password.

Administrator response: Review the passwordrestrictions for your account and specify a passwordthat adheres to the limitations on repeated characters.

HPDAC1370E aznAPI -- New password has too fewalphabetical characters.

Explanation: The password must meet the specifiedrequirements for your account. There is a minimumlimit on the number of alphabetical characters withinthe password.

Administrator response: Review the passwordrestrictions for your account and specify a passwordthat contains the minimum number of alphabeticalcharacters.

HPDAC1371E aznAPI -- New password has too fewnon-alphabetical characters.

Explanation: The password must meet the specifiedrequirements for your account. There is a minimumlimit on the number of non-alphabetical characterswithin the password.

Administrator response: Review the passwordrestrictions for your account and specify a passwordthat contains the minimum number of non-alphabeticalcharacters.

HPDAC1372E aznAPI -- Caller does not have therights to perform requested operation.


Administrator response: The caller must gain the

appropriate privileges before the required operationwill be permitted.

HPDAC1373E aznAPI -- User registry authenticatefailed.

Explanation: The aznAPI runtime was unable toauthenticate to the user registry.

Administrator response: Ensure that the user registryis configured correctly, that it is operational and thatthe authentication parameters supplied are valid.

HPDAC1374W aznAPI -- This account has beendisabled due to too many failed loginattempts.


Administrator response: Contact your Security AccessManager network administrator to revalidate theaccount.

HPDAC1375E aznAPI -- User's account has expired

Explanation: This user account's expiration date haspassed and it can no longer be used.

Administrator response: Contact your Security AccessManager network administrator to revalidate theaccount.

HPDAC1376E aznAPI -- User registry authenticationfailed, and user account has been lockedout due to too many failed loginattempts.


Administrator response: Check your password andwait until disable-time-interval has elapsed, or contactyour Security Access Manager administrator to unlockand enable login to the account.

HPDAC1377E aznAPI -- User registry authenticationfailed, and user account has beendisabled due to too many failed loginattempts.


Administrator response: Check your password andcontact your Security Access Manager administrator toenable this account.

HPDAC1501E aznAPI -- Failure.

Explanation: The aznAPI failed due to an error.

Administrator response: Review the minor errorstatus and application logs for more details about thefailure.





HPDAC1502E aznAPI -- Authorization Failure.

Explanation: The aznAPI failed because the aznAPIapplication server principal was not authorized toperform a paticular task.

Administrator response: Review the minor errorstatus and application logs for more details about the

failure.

HPDAC1503E aznAPI -- Invalid Credentials Handle.


Administrator response: Ensure that the credentialshandle input parameters passed to the aznAPI interfaceare valid.

HPDAC1504E aznAPI -- Invalid New CredentialsHandle.


Administrator response: Ensure that the credentialshandle output parameters passed to the aznAPIinterface are valid.

HPDAC1505E aznAPI -- Invalid EntitlementsService.

Explanation: An entitlement service with the specifiedservice ID was not found in the list of servicesregistered with the aznAPI service dispatcher.

Administrator response: Ensure that the specifiedentitlement service ID refers to a valid entitlementservice that has been loaded into the current aznAPI

application.

HPDAC1506E aznAPI -- Invalid CombinedCredentials Handle.


Administrator response: Ensure that the combinedcredentials handle output parameter passed to theaznAPI interface is valid.

HPDAC1507E aznAPI -- Invalid Mechanism Info.


Administrator response: Ensure that the mechanisminfo input parameter passed to the aznAPI interface isvalid.

HPDAC1508E aznAPI -- Invalid Mechanism.

Explanation: The mechanism ID specified does notmatch a mechanism supported by the Security AccessManager aznAPI runtime.

Administrator response: Ensure that the specified

mechanism ID matches one of the IDs supported bySecurity Access Manager.

HPDAC1509E aznAPI -- Invalid String Value.

Explanation: A string value passed to the aznAPIinterface is invalid.

Administrator response: Ensure that all strings passedto the interface are not NULL.

HPDAC1510E aznAPI -- Unknown Label.

Explanation: The labelling authorization policy modelis not implemented in the Security Access Managerauthorization model.


HPDAC1511E aznAPI -- Invalid Added CredentialsHandle.

Explanation: See message.Administrator response: Ensure that the 'creds to add'credentials handle output parameter passed to theaznAPI interface is valid.

HPDAC1512E aznAPI -- Invalid Protected Resource.

Explanation: The specified protected resource isinvalid.

Administrator response: Ensure that the protectedresource is valid and the resource name meets thecriteria set by Security Access Manager.

HPDAC1513E aznAPI -- Invalid Operation.

Explanation: The operation string specified is invalid.

Administrator response: Ensure that the operationstring supplied meets the criteria set by Security AccessManager.

HPDAC1514E aznAPI -- Invalid PAC.

Explanation: The supplied PAC is invalid.

Administrator response: Ensure that the PACparameter meets the criteria set by Security AccessManager.

HPDAC1515E aznAPI -- Invalid PAC Service.

Explanation: A PAC service with the specified serviceID was not found in the list of services registered withthe aznAPI service dispatcher.

Administrator response: Ensure that the specifiedPAC service ID refers to a valid PAC service that has

been loaded into the current aznAPI application.





HPDAC1516E aznAPI -- Invalid PermissionInformation Reference.


Administrator response: Ensure that the permissioninfo credentials handle output parameter passed to theaznAPI interface is valid.

HPDAC1517E aznAPI -- Invalid CredentialsModification Function.

Explanation: A credentials modification service withthe specified service ID was not found in the list of services registered with the aznAPI service dispatcher.

Administrator response: Ensure that the specifiedcredentials modification service ID refers to a validcredentials modification service that has been loadedinto the current aznAPI application.

HPDAC1518E aznAPI -- Invalid Subject Index.

Explanation: The specified index is out of range withrespect to the number of subjects in the targetcredential.

Administrator response: Ensure that the indexspecified is within range for the target credential.

HPDAC1519E aznAPI -- Unimplemented Function.

Explanation: This function is not implemented in theSecurity Access Manager authorization model.


HPDAC1520E aznAPI -- Invalid Attribute ListHandle.


Administrator response: Ensure that the attribute listhandle parameter is valid.

HPDAC1521E aznAPI -- Invalid Attribute Name.

Explanation: An attribute name passed as an inputparameter is NULL or does not exist in the targetattribute list.

Administrator response: Ensure that the attributename supplied is non-NULL and exists in the targetattribute list.

HPDAC1522E aznAPI -- Invalid Buffer.

Explanation: The buffer parameter passed in is NULL.

Administrator response: Ensure that the bufferparameter is valid.

HPDAC1523E aznAPI -- Invalid Buffer Reference.

Explanation: The buffer pointer parameter passed in isNULL.

Administrator response: Ensure that the bufferpointer parameter is valid.

HPDAC1524E aznAPI -- Invalid String Reference.

Explanation: The string pointer parameter passed in isNULL.

Administrator response: Ensure that the string pointerparameter is valid.

HPDAC1525E aznAPI -- Attribute Value is not oftype string.

Explanation: The function interface requires a stringtyped attribute value.

Administrator response: Ensure that the attributevalue is of type string.

HPDAC1526E aznAPI -- Attribute's index value isinvalid.

Explanation: The attribute value index is out of range.

Administrator response: Specify an attribute valueindex within the range of available values for theattribute.

HPDAC1527E aznAPI -- Invalid Integer Reference.

Explanation: The integer pointer parameter passed in

is NULL.

Administrator response: Ensure that the integerpointer parameter is valid.

HPDAC1528E aznAPI -- Invalid PermissionReference.

Explanation: The permission code pointer parameterpassed in is NULL.

Administrator response: Ensure that the permissioncode pointer parameter is valid.

HPDAC1529E aznAPI -- Invalid Domain Specified.

Explanation: The domain specified is not valid.

Administrator response: Specify a valid SecurityAccess Manager domain.

HPDAC1530E aznAPI -- Invalid Application ContextHandle.







context attribute list handle parameter is valid.

HPDAC1531E aznAPI -- Invalid EntitlementsHandle.


Administrator response: Ensure that the entitlements

attribute list handle parameter is valid.

HPDAC1532E aznAPI -- Invalid Labeling Scheme.

Explanation: The labelling authorization policy modelis not implemented in the Security Access Managerauthorization model.


HPDAC1533E aznAPI -- Invalid Init Data Handle.


Administrator response: Ensure that the initializationdata attribute list handle parameter is valid.

HPDAC1534E aznAPI -- Invalid Init Info Handle.


Administrator response: Ensure that the initializationinformation attribute list handle reference is not NULL.

HPDAC1535E aznAPI -- Attribute's value is not oftype buffer.

Explanation: The function interface requires a buffertyped attribute value.

Administrator response: Ensure that the attributevalue is of type buffer.

HPDAC1536E aznAPI -- API is Uninitialized.

Explanation: An aznAPI interface was called beforeazn_initialize() was called. Only aznAPI attribute listinterfaces can be called before azn_initialize().

Administrator response: Ensure that the applicationcalls only aznAPI attribute list interfaces before callingazn_initialize().

HPDAC1537E aznAPI -- API is Already Initialized.

Explanation: azn_initialize() has been called when theauthorization runtime has already been initialized. Toreinitialize the authorization runtime the applicationmust call azn_shutdown() before calling azn_initialize()again.

Administrator response: Ensure that the applicationdoes not attempt to reinitialize the authorizationruntime without first calling azn_shutdown().

HPDAC1538E aznAPI -- Error in plugin servicedefinition.


Administrator response: Ensure that the servicedefinition meets the criteria defined in the IBM Security Access Manager for Web Authorization C API Developer's

Reference.

HPDAC1539E aznAPI -- Plugin service not found.

Explanation: The service ID specified was not found by the service dispatcher.

Administrator response: Ensure that the service IDspecified refers to a valid service that has been loaded

by the current aznAPI application.

HPDAC1540E aznAPI -- Error while initializingplugin service.

Explanation: See message.Administrator response: Refer to the application errorlogs and to the minor status code returned fromazn_initialize() for more information about the reasonfor the service failure. Some services might also returnattributes in the intialization information attribute listreturned from azn_initialize(). The attributes cancontain further information about the failure.

HPDAC1541E aznAPI -- Error while shutting downplugin service.

Explanation: The plugin returned an error whileshutting down.

Administrator response: Refer to the application errorlogs and to the minor status code returned fromazn_shutdown() for more information about the theservice failure. Some services might also returnattributes in the intialization information attribute listreturned from azn_shutdown(). The attributes cancontain further information about the reason the serviceshutdown failed.

HPDAC1542E aznAPI -- Error while authorizingplugin service.

Explanation: The plugin was not authorized to

perform a task. This might also be due to insufficientprivilege of the application server principal. It mightalso be due to incorrect service configuration.

Administrator response: Ensure that the aznAPIapplication server principal has the appropriatepermissions to enable the aznAPI service to performthe required task. This error might also occur if theparameters supplied to the service plugin were notsufficient and should be reviewed.





HPDAC1543E aznAPI -- Error while loading pluginservice's shared library.

Explanation: The service dispatcher encountered anerror while loading the aznAPI service plugin sharedlibrary.

Administrator response: Refer to the application error

logs and to the minor status code returned fromazn_initialize() for more information about the failure.The service dispatcher will also return an attribute inthe intialization information attribute list returned fromazn_initialize() if the information is available. Theattribute will contain further information about thefailure to load.

HPDAC1544E aznAPI -- azn_svc_initialize() functionnot found in the shared library of theplug-in service.

Explanation: The shared library of the aznAPI servicedoes not export an azn_svc_initialize() interface.

Administrator response: Review the service sourcecode and build process to ensure that the shared libraryof the plug-in service exports an azn_svc_initialize()interface to applications.

HPDAC1545E aznAPI -- azn_svc_shutdown()function not found in the shared libraryof the plug-in service.

Explanation: The shared library of the aznAPI servicedoes not export an azn_svc_shutdown() interface.

Administrator response: Review the service sourcecode and build process to ensure that the shared libraryof the plug-in service exports an azn_svc_shutdown()interface to applications.

HPDAC1546E aznAPI --azn_svc_entitlements_get_entitlements()function not found in the shared libraryof the plug-in service.

Explanation: The aznAPI service shared library doesnot export an azn_svc_entitlement_get_entitlements()interface.

Administrator response: Review the service sourcecode and build process to ensure that the shared library

of the plug-in service exports anazn_svc_entitlement_get_entitlements() interface toapplications.

HPDAC1547E aznAPI -- PAC function not found inthe shared library of the plug-in service.

Explanation: The aznAPI service shared library doesnot export both an azn_svc_creds_get_pac() and anazn_svc_pac_get_creds() interface.

Administrator response: Review the service source

code and build process to ensure that the shared libraryof the plug-in service exports both theazn_svc_creds_get_pac() and theazn_svc_pac_get_creds() interface to applications.

HPDAC1548E aznAPI -- EAS function not found inthe shared library of the plug-in service.

Explanation: The aznAPI service shared library doesnot export an azn_svc_decision_access_allowed_ext()interface.

Administrator response: Review the service sourcecode and build process to ensure that the shared libraryof the plug-in service exports anazn_svc_decision_access_allowed_ext() interface toapplications.

HPDAC1549E aznAPI -- Credentials modificationfunction not found in the shared libraryof the plug-in service.

Explanation: The aznAPI service shared library doesnot export an azn_svc_creds_modify() interface.

Administrator response: Review the service sourcecode and build process to ensure that the shared libraryof the plug-in service exports anazn_svc_creds_modify() interface to applications.

HPDAC1550E aznAPI -- Another plugin has alreadybeen registered with the same serviceID.


Administrator response: Ensure that you have aunique service ID for the azn service loaded by theaznAPI application.

HPDAC1551E aznAPI -- Failure in the aznAPIService Dispatcher.


Administrator response: Check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1552E aznAPI -- Message for the minor codeis not found.

Explanation: A message string for this minor codewas not found in the message catalogs.














HPDAC1553E aznAPI -- Invalid EAS ACL ActionTrigger.

Explanation: The ACL actions/operations triggerspecified was not valid.

Administrator response: Ensure that the triggerconforms to the criteria outlined in the Authorization C

API Developer's Reference.

HPDAC1554E aznAPI -- Invalid EAS POP Trigger.

Explanation: The POP-based EAS trigger attributespecified was not valid.

Administrator response: Ensure that the triggerconforms to the criteria outlined in the IBM Security Access Manager for Web Authorization C API Developer'sReference.

HPDAC1555E aznAPI -- Invalid EAS Weighting.

Explanation: The weighting value specified wasnegative or zero or the string could not be converted toan unsigned integer.

Administrator response: Ensure that the weighting isa positive non-zero integer value that is no greater thanMAXULONG.

HPDAC1556E aznAPI -- Unknown parameterspecified in EAS plugin servicedefinition.

Explanation: The EAS service definition is incorrectlyformatted.

Administrator response: Ensure that the EAS servicedefinitions conform to the criteria outlined in the IBMSecurity Access Manager for WebAuthorization C API Developer's Reference.

HPDAC1557E aznAPI -- One or more protectedObject functions not implemented inthe Administration Service plugin'sshared library.

Explanation: The aznAPI administration serviceshared library does not export both anazn_admin_get_object() and anazn_admin_get_objectlist() interface.

Administrator response: Review the service sourcecode and build process to ensure that the serviceplugin shared library exports both theazn_admin_get_object() and theazn_admin_get_objectlist() functions to applications.

HPDAC1558E aznAPI -- Invalid Protected Object.

Explanation: The protected object structure passed asa parameter is invalid.

Administrator response: Ensure that the protectedobject structure parameter is valid.

HPDAC1559E aznAPI -- Invalid Protected ObjectReference.

Explanation: The protected object structure referencepassed as a parameter is invalid.

Administrator response: Ensure that the protectedobject structure reference parameter is not NULL.

HPDAC1560E aznAPI -- Attribute Value is not oftype pobj.

Explanation: The function interface requires anazn_pobj_t typed attribute value.

Administrator response: Ensure that the attributevalue is of type azn_pobj_t.

HPDAC1561E aznAPI -- Unknown parameterspecified in Administration serviceplugin's definition.

Explanation: The Administration Service plugindefinition has a parameter that is invalid.

Administrator response: Ensure that you havespecified the correct parameter in the AZNAdministration Service plugin definition. Refer to thepublications for information about supported

parameters.

HPDAC1562E aznAPI -- Protected Object path is notspecified in Administration serviceplugin's definition.

Explanation: The Administration Service plugindefinition specifies the -pobj parameter without aprotected object hierarchy name following it.

Administrator response: Ensure that you havespecified the correct protected object hierarchy namefollowing the -pobj parameter in the AdministrationService plugin definition.

HPDAC1563E aznAPI -- One of the task functions isnot found in the Administration serviceplugin's shared library.

Explanation: The aznAPI administration serviceshared library does not export both anazn_admin_get_tasklist() and an azn_admin_get_task()interface.

Administrator response: Review the service sourcecode and build process to ensure that the service





plugin shared library exports both theazn_admin_get_tasklist() and the azn_admin_get_task()functions to applications.

HPDAC1564E aznAPI -- Protected Object hierarchyname has already been registered byanother Administration service

definition.

Explanation: Another Administration Servicedefinition has already registered the protected objecthierarchy name being registered by the currentAdministration Service definition.

Administrator response: Specify another protectedobject hierarchy name for this Administration Servicedefinition or modify the definition that uses thisprotected object hierarchy name.

HPDAC1565E aznAPI -- Invalid Message IDReference.

Explanation: The message ID pointer parameter isNULL.

Administrator response: Ensure that the message IDpointer parameter is not NULL

HPDAC1566E aznAPI -- Message for the major codeis not found.

Explanation: A message string for this major code wasnot found in the message catalogs.


HPDAC1567E aznAPI -- Attribute Value is not oftype unsigned long.

Explanation: The function interface requires anunsigned long attribute value.

Administrator response: Ensure that the attributevalue is of type unsigned long.

HPDAC1568E aznAPI -- Administration Service --Invalid Service Info Handle passed to

plugin's shared library.Explanation: An internal error has occurred.


HPDAC1569E aznAPI -- Administration Service --Invalid Argument Count passed toplugin's shared library.


Administrator response: Check IBM ElectronicSupport for additional information -


HPDAC1570E aznAPI -- Administration Service --Invalid Argument Array passed toplugin's shared library.



HPDAC1571E aznAPI -- Administration Service --Plugin's shared library received anout-of-memory error.


Administrator response: Ensure that the applicationhas been configured with sufficient virtual memory forits requirements. The IBM Security Access Manager forWeb Performance Tuning Guide contains instructionson how to ensure that the application is configuredwith the correct amount of virtual memory. Stop andrestart the process. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1574E aznAPI -- Entitlements Service --Invalid Service Info Handle passed toplugin's shared library.



HPDAC1575E aznAPI -- Entitlements Service --Invalid Argument Count passed toplugin's shared library.



































HPDAC1576E aznAPI -- Entitlements Service --Invalid Argument Array passed toplugin's shared library.




HPDAC1577E aznAPI -- Entitlements Service --Plugin's shared library received anout-of-memory error.


Administrator response: Ensure that the applicationhas been configured with sufficient virtual memory forits requirements. The IBM Security Access Manager forWeb Performance Tuning Guide contains instructions

on how to ensure that the application is configuredwith the correct amount of virtual memory. Stop andrestart the process. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1579E aznAPI -- EAS -- Invalid Service InfoHandle passed to plugin's sharedlibrary.



HPDAC1580E aznAPI -- EAS -- Invalid ArgumentCount passed to plugin's shared library.



HPDAC1581E aznAPI -- EAS -- Invalid ArgumentArray passed to plugin's shared library.



HPDAC1582E aznAPI -- EAS -- Plugin's sharedlibrary received an out-of-memory error.


Administrator response: Ensure that the applicationhas been configured with sufficient virtual memory for

its requirements. The IBM Security Access Manager forWeb Performance Tuning Guide contains instructionson how to ensure that the application is configuredwith the correct amount of virtual memory. Stop andrestart the process. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1584E aznAPI -- Credential ModificationService -- Invalid Service Info Handlepassed to plugin's shared library.



HPDAC1585E aznAPI -- Credential ModificationService -- Invalid Argument Countpassed to plugin's shared library.



HPDAC1586E aznAPI -- Credential ModificationService -- Invalid Argument Arraypassed to plugin's shared library.



HPDAC1587E aznAPI -- Credential ModificationService -- Plugin's shared libraryreceived an out-of-memory error.


Administrator response: Ensure that the applicationhas been configured with sufficient virtual memory forits requirements. The IBM Security Access Manager forWeb Performance Tuning Guide contains instructions onhow to ensure that the application is configured withthe correct amount of virtual memory. Stop and restart









































the process. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1589E aznAPI -- PAC Service -- InvalidService Info Handle passed to plugin's

shared library.



HPDAC1590E aznAPI -- PAC Service -- InvalidArgument Count passed to plugin'sshared library.



HPDAC1591E aznAPI -- PAC Service -- InvalidArgument Array passed to plugin'sshared library.



HPDAC1592E aznAPI -- PAC Service -- Plugin'sshared library received anout-of-memory error.


Administrator response: Ensure that the applicationhas been configured with sufficient virtual memory forits requirements. The IBM Security Access Manager forWeb Performance Tuning Guide contains instructionson how to ensure that the application is configuredwith the correct amount of virtual memory. Stop and

restart the process. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1594E aznAPI -- Initialization failed becausea non-zero SSL-listening port is notspecified.

Explanation: aznAPI could not be initialized because anon-zero SSL-listening port has not been specified. This

SSL-listening port is needed either because an AZNAdministration Service is registered OR local mode has

been configured and listen-flags have been set toenable.

Administrator response: Use svrsslcfg or edit theaznAPI configuration file to specify a non-zeroSSL-listening port

HPDAC1595E aznAPI -- Major code is invalid.

Explanation: The major code portion of the aznAPIstatus is invalid. So, the error string corresponding to itcannot be retrieved by this API.

Administrator response: Make sure you enter a validaznAPI major code. Look in the ogauthzn.h header filefor valid values for aznAPI major code.

HPDAC1596E aznAPI -- Modification of theattribute is prohibited.

Explanation: The specified attribute is read-only.Modification of the attribute is prohibited. This is because the attribute is an important attribute for thepurposes of authorization that will affect the user'saccess permissions if it is changed.

Administrator response: Specify the name of anattribute that is not a read-only attribute. If you want toadd group memberships to the credential then refer tothe IBM Security Access Manager for Web Authorization C API Developer's Reference for information about thesupplied credentials modification service that can beused to add groups to a credential.

HPDAC1597E aznAPI -- azn_init_ssl_local_domaincannot override the SSL-local-domainentry in the aznAPI client configurationfile.

Explanation: The azn_init_ssl_local_domaininitialization attribute cannot override ssl-local-domainentry that is specified in the aznAPI clientconfiguration file. These two entries must always match

because a client can be configured to run in only onedomain.

Administrator response: The simplest action is toaccept the configured default for the authzn_authorityparameter by specifying NULL.

HPDAC1598E aznAPI -- Uninitialized MechanismInfo structure.


Administrator response: Ensure that the mechanisminfo structure is initialized to 0 for those un-used fields.

























HPDAC1650E AZN Entitlements ExtendedAttributes Service - app_context doesnot contain any attribute names.

Explanation: No entitlements can be returned by thisAPI because the provided app_context does not specifythe object for which attributes are needed.

Administrator response: Ensure that the app_contextcontains one of the following valid attribute names -OBJ, ACL, or POP.

HPDAC1651E AZN Entitlements ExtendedAttributes Service - app_context containsmore than one attribute name.

Explanation: No entitlements can be returned by thisAPI because the provided app_context contains morethan one object name for which attributes are needed.

Administrator response: Ensure that the app_contextcontains only one of the following valid attribute

names - OBJ, ACL, POP

HPDAC1652E AZN Entitlements ExtendedAttributes Service - app_context containsan invalid attribute name.

Explanation: No entitlements can be returned by thisAPI because the provided app_context contains aninvalid object name for which attributes are needed.

Administrator response: Ensure that the app_contextcontains only one of the following valid attributenames - OBJ, ACL, POP

HPDAC1653E AZN service plug-in %s failed toshutdown (0x%x /0x%x).

Explanation: A plug-in failed to shutdown correctlyand returned an error code to the service dispatcher.

Administrator response: Check the returned errorstatus for more detail.

HPDAC1654E The SOAP client of the AMWebARSentitlement service returned an error.

Explanation: The SOAP request failed, and the gSOAPclient returned an error code which is printed in theerror log.

Administrator response: Consult gSOAPdocumentation for the meaning of the error code thataccompanies this message in the error log.

HPDAC1655E The SOAP client of the AMWebARSentitlement service returned the errorcode: %d.

Explanation: The SOAP request failed, and the gSOAPclient returned the error code which is printed in theerror log.

Administrator response: Consult gSOAPdocumentation for the meaning of the error code thataccompanies this message in the error log.

HPDAC1656E The AMWebARS entitlement servicereturned the internal error: %s.

Explanation: The SOAP request succeeded, but theAMWebARS Web Service returned an error messagewhich was printed to the error log.

Administrator response: Review the accompanyingerror message and ensure that the AMWebARS serviceis configured correctly.

HPDAC1657E The AMWebARS entitlement serviceURL is NULL.


Administrator response: Review the Security AccessManager authorization client configuration file and

ensure that the AMWebARS service URL has beenspecified correctly.

HPDAC1658E An error occurred loading the aznAPIconfiguration file.


Administrator response: Review the aznAPIconfiguration file used to initialize the AMWebARSservice and ensure that it exists and is a valid stanzaformat file and that the entries conform to stanzaformat syntax.

HPDAC1659W No configuration file specified forthe credential attributes entitlementservice %s.

Explanation: This service might not function correctlywithout proper configuration either from a file or APIinput.

Administrator response: If a configuration file wasintended, check that it is passed to the service either asan attribute or argument to the service library.

HPDAC1660W No service configuration informationwas found in the specified file %s .

Explanation: Service and attribute configuration wasnot found in the configuration file. This causes theservce to return withoout any entitlements.

Administrator response: Check that the service andattributes are configured correctly in the configurationfile.

HPDAC1650E • HPDAC1660W




HPDAC1661W The registry operations for source %sfailed.

Explanation: A registry operation failed for thespecified source. This source is skipped.

Administrator response: No action needed.

HPDAC1667E The AXIS client of the AMWebARSentitlement service returned the error :%s.

Explanation: The AXIS request failed, and the AXISC++ client returned the error wh ich is printed in theerror log.

Administrator response: Consult AXIS documentationfor the meaning of the error.

HPDAC1668E The AXIS client of the AMWebARSentitlement service returned the unknown error.



HPDAC1669E An unexpected AXIS exception wascaught during the call to AMWebArs web service. Refer to the error log for moreinformation about the exception.

Explanation: AXIS C++ client returned an exceptioncondition to AMWebArs entitlemen t service that wasnot handled and not expected.

Administrator response: Refer to the error log todetermine if an error message accompanied th e exception.

HPDAC1670E An unexpected AXIS exception wascaught during the call to AMWebArs web service. Error message %s wasreturned with the exception.

Explanation: AXIS returned an exception condition tothe AMWebARS entitlement servi ce that was nothandled and not expected.

Administrator response: Refer to the error log todetermine if an error message accompanied th e exception.

HPDAC1950E Registry client unavailable.

Explanation: This failure can occur when the registryserver configuration settings are incorrect, or when theSecurity Access Manager runtime is incorrectlyconfigured for a registry type other than that required.

Administrator response: Ensure that you havecorrectly configured the Security Access ManagerRuntime package for the desired user registry. Thecurrent user registry setting can be determined bylooking at the 'user-reg-type' entry in the [pdrte] stanzaof the 'etc/pd.conf' file in the Security Access Managerinstall directory. If the runtime is configured incorrectly,you will need to unconfigure all packages andreconfigure the machine again. If the runtime has beencorrectly configured, then ensure that the configurationparameters specified for the user registry server arecorrect.

HPDAC1951E Registry client returned a memoryerror.

Explanation: The registry client encountered amemory error.

Administrator response: Ensure that the affectedprocess has been configured with sufficient virtualmemory for its requirements. Stop and restart the

process. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1952E Registry configuration file has invalidcontents.

Explanation: The user registry configuration file isinvalid.

Administrator response: Review the registryconfiguration file in the Security Access Manager 'etc'directory and ensure that the entries are valid. If the

problems persists then reconfigure the Security AccessManager runtime package.

HPDAC1953E Registry failed opening or closing adatabase file.


Administrator response: Shutdown and restart theregistry server. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1954E SSL communications with the registryreturned an error.



HPDAC1661W • HPDAC1954E




HPDAC1955E Non-SSL registry communicationsreturned an error.


Administrator response: Shutdown and restart theregistry server. If the problem persists, check IBMElectronic Support for additional information -


HPDAC1956E Registry client initialization failed.

Explanation: A registry API call was made with aninvalid parameter, or the registry type could not bedetermined or the registry is not configured correctly.


HPDAC1957E Registry server is down or cannot becontacted.

Explanation: The user registry server is not running.

Administrator response: Ensure that the user registryserver is running and that the registry client has beencorrectly configured to communicate with the server.

HPDAC1958E Authentication data was incorrectlyspecified or it is missing.

Explanation: The aznAPI runtime was unable toauthenticate to the user registry.

Administrator response: Ensure that the user registryis configured correctly, that it is operational and thatthe authentication parameters supplied are valid.

HPDAC1959E Specified member was not found inthe registry group.

Explanation: The group has no members or thespecified member was not found in the group.

Administrator response: Verify that the group nameand member name is spelled correctly and that they

both exist in the registry database for the domain to

which you are logged in.

HPDAC1961E Multiple registry routing is notsupported.

Explanation: An attempt was made to use multipleregistry routing, which is not a supported function.

Administrator response: Disable multiple registryrouting in the client and your applications. Check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/


HPDAC1962W The end of the registry list has beenreached.

Explanation: An internal error has occurred. Aprogram processing a list of registry entries has tried toget an entry beyond the end of the list.


HPDAC1963E Unable to locate a group in theregistry with the name supplied.

Explanation: The specified group name was not foundin the registry database.

Administrator response: Verify that the group name isspelled correctly and that it exists in the registry

database for the domain to which you are logged in.

HPDAC1965E Invalid user type specified.

Explanation: An internal error has occurred. When thecalling program requested a list of users from theregistry it did not specify one of the 3 permitted usertypes.


HPDAC1966E Invalid group type specified.

Explanation: An internal error has occurred. When thecalling program requested a list of groups from theregistry it did not specify one of the 3 permitted grouptypes.


HPDAC1967E Group name is invalid or not foundin the registry.

Explanation: A group operation was attempted for thewrong domain or the group's registry GID value (alsoknown as the DN) was invalid. The DN entered mightcontain invalid characters or be in an invalid format.

Administrator response: Correct the registry groupname (or DN) that you specified and retry theoperation.





HPDAC1968E Policy name is invalid or not foundin the registry.

Explanation: An internal error has occurred. A userspecific policy that was expected to be in the registrywas not found.

Administrator response: Check IBM Electronic

Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAC1969E Resource name is invalid or notfound in the registry.

Explanation: An internal error has occurred. Aresource that was expected to be in the registry was notfound.



HPDAC1970E Resource group name is invalid ornot found in the registry.

Explanation: An internal error has occurred. Aresource group that was expected to be in the registrywas not found.


HPDAC1971E User's Resource Credentials areinvalid or not found in the registry.

Explanation: An internal error has occurred. Aresource credential that was expected to be in theregistry was not found.


HPDAC1972E The specified user is already in theregistry.

Explanation: A user with the specified name isalready in the registry.

Administrator response: Select another name or avariation for this user.

HPDAC1973E The specified group is already in theregistry.

Explanation: A group with the specified name isalready in the registry.

Administrator response: Select another name or avariation for this group.

HPDAC1974E The specified policy is already in theregistry.

Explanation: A policy object already exists for thespecified user.


HPDAC1975E The specified resource is already inthe registry.

Explanation: A resource object already exists with thespecified name.

Administrator response: Select another name for thenew resource object.

HPDAC1976E The specified resource group isalready in the registry.

Explanation: A resource group object with thespecified name already exists in the registry.

Administrator response: Select another name for thenew resource group object.

HPDAC1977E The specified resource credentials arealready in the registry.

Explanation: A resource credential object with the

specified name already exists.Administrator response: Select another name forwhich to create a resource credential object.

HPDAC1978E Multiple users found in the registryusing the specified search criteria.

Explanation: More than one user in the registry sharesthe specified name.

Administrator response: Select another user name ormodify the users to have unique names.

HPDAC1979E Multiple groups found in the registryusing the specified search criteria.

Explanation: More than one group in the registryshares the specified name.

Administrator response: Select another group name ormodify the groups to have unique names.





HPDAC1980E Registry client returned a failurestatus.

Explanation: The user registry client returned an errorcode that was unexpected or unknown to SecurityAccess Manager.



HPDAU0100E Invalid config URL

Explanation: A Non null config URL should be passedfor AMAuditServer constructor

Administrator response: Ensure that a non nullconfigURL is passed to the AMAuditServer constructor

HPDAU0101E Invalid listen port:

Explanation: Ensure that a non null port is specified,and the AMAuditServer is not already running.

Administrator response: Either the port is notspecified or the port is already in use

HPDAU0102E Socket listen error

Explanation: Error Listening to the socket

Administrator response: Error listening to the socket

HPDAU0103E Invalid command line argument list

Explanation: Invalid arguments, Make sure the

command line arguments are correct

Administrator response: Make sure the command linearguments are correct

HPDAU0104E Config file properties not found %s .

Explanation: Make sure the config file exists and it isvalid

Administrator response: A valid config file should bespecified.

HPDAU0105E Properties file %s not found.

Explanation: Make sure the properties file exists andit is valid

Administrator response: Ensure that the propertiesfile exists and is valid.

HPDAU0106E Properties not found.

Explanation: Make sure the properties exists and it isvalid

Administrator response: Ensure that the propertiesexists and is valid.

HPDAU0107E Acceptor wait failed; no connectionwas created

Explanation: Acceptor wait failed; no connection wascreated

Administrator response: Acceptor wait failed; noconnection was created

HPDAU0108E AMAudit component is alreadyinited.

Explanation: AMAudit component is already inited.

Administrator response: AMAudit component isalready inited.

HPDAU0109E AMAudit component is not inited.

Explanation: AMAudit shutdown called before callingAMAudit init.

Administrator response: AMAudit component should be inited before calling shutdown.

HPDAU0110E AMAudit component is notshutdown.

Explanation: AMAudit component is not shutdown.

Administrator response: AMAudit component is notshutdown.

HPDAU0111E No acceptor class.Explanation: No acceptor class specified.

Administrator response: Specify a valid acceptor

HPDAU0112E Bad acceptor class : %s.

Explanation: Bad acceptor class specified.

Administrator response: Specify a valid acceptor

HPDAU0113E Could not initialize acceptor : %s onon attempt # %s

Explanation: Bad or no acceptor class.Administrator response: Specify a valid acceptor

HPDAU0114E Invalid argument: Null messages.

Explanation: A nonnull PDMessages object is requiredto hold any return messages that might be generatedduring the operation. Typically, this object contains nomessages on input.

Administrator response: Ensure that the messagesargument is nonnull.

HPDAC1980E • HPDAU0114E




HPDAU0116E Wild char not in template.

Explanation: Wild char required in the template.

Administrator response: Ensure that the wild char isin the template.

HPDAU0117E Invalid Archive file prefix.

Explanation: Archive file names cannot be a directory.

Administrator response: Ensure that the Archive filename is not a directory.

HPDAU0118E Archive file create error.

Explanation: No write permission on the archivedirectory

Administrator response: Ensure that you have writepermission on the directory where the archive file iscreated.

HPDAU0119E Unable to execute archive program%s.

Explanation: Archive cmdFile should exist.

Administrator response: Ensure that executable fileexists.

HPDAU0120E A database error occured whileexporting the table

Explanation: A database error occured while exportingthe table.

Administrator response: No action required.

HPDAU0121E Archive program was interrupted byuser

Explanation: Archive program was interrupted byuser.


HPDAU0122E Invalid command line option wasspecified

Explanation: Valid command line options arerequired.

Administrator response: Ensure that the commandline options are valid.

HPDAU0123E Unable to purge audit record.

Explanation: Unable to purge audit record.


HPDAU0124E Archive and signing was successfulfor file %s .

Explanation: Archive and signing was successful.


HPDAU0125E Archive and signing failed for file%s.

Explanation: Archive and signing failed.


HPDAU0126E Signing key could not be unlocked

Explanation: Signing key should be accessible.

Administrator response: Ensure that the signing keyis accesible.

HPDAU0127E Unable to write to the signature file.

Explanation: Unable to write to signature file.

Administrator response: Ensure that you have validsignature file.

HPDAU0128E Unable to sign data.

Explanation: Unable to sign data.

Administrator response: Ensure that you can sign thedata.

HPDAU0134E Unable to send audit event to server,%s :

Explanation: AuditServer should be up and running.

Administrator response: Ensure that the AuditServeris running

HPDAU0135E Unknown host : %s , port : %s

Explanation: Valid host and port where AuditServer isrunning, is required.

Administrator response: Ensure that the host and portare valid

HPDAU0136E Connection exception, connecting tohost : %s , port : %s



HPDAU0116E • HPDAU0136E




HPDAU0137E IOException connecting to auditserver : %s , port : %s



HPDAU0138E Bad properties file %s.

Explanation: Make sure the properties file exists andit is valid

Administrator response: A valid properties file should be specified.

HPDAU0139E Could not check if there are morerecord from audit_log query

Explanation: Make sure that there is no problem,while reading the log.

Administrator response: Ensure that there is noproblem while querying the log.

HPDAU0140E Audit record access failed.

Explanation: Make sure that there is no problemaccessing the audit records.

Administrator response: Ensure that there is noproblem accessing the audit records.

HPDAU0142E Couldn't get client source

Explanation: Client source should be present in the

client properties file.

Administrator response: Ensure that the clientproperties file contains client source.

HPDAU0143E Couldn't get server port

Explanation: Server port should be present in theclient properties file.

Administrator response: Ensure that the clientproperties file contains server port.

HPDAU0144E Couldn't get server host

Explanation: Server host should be present in theclient properties file.

Administrator response: Ensure that the clientproperties file contains server host.

HPDAU0145E Couldn't get doAudit string

Explanation: doAudit string should be present in theclient properties file.

Administrator response: Ensure that the client

properties file contains doAudit string.

HPDAU0146E Couldn't get delivery policy

Explanation: Delivery policy should be present in theclient properties file.

Administrator response: Ensure that the client

properties file contains delivery policy.

HPDAU0147E Error initializing client deliverypolicy

Explanation: A valid client properties file required.

Administrator response: Ensure that the clientproperties file is valid.

HPDAU0148E AMAuditServer connection is notinitialized

Explanation: AMAuditServer should be running so

client can connect to it.Administrator response: Ensure that theAMAuditServer is running.

HPDAU0149E Invalid driver manager: %s

Explanation: Driver manager should be valid.

Administrator response: Ensure that the drivermanager is valid.

HPDAU0150E Could not connect to database, url =%s

Explanation: A valid database url is required.

Administrator response: Ensure that the database urlis valid.

HPDAU0151E Failed to InitializeAMAuditLogWriter

Explanation: Ensure that AMAuditLogWriter can beinitialized without any errors.

Administrator response: Ensure thatAMAuditLogWriter can be initialized without anyerrors.

HPDAU0152E Audit record insertion failed :

Explanation: Ensure that there is no SQL error.

Administrator response: Ensure that there is no SQLerror.





HPDAU0153E Config file is already specified incommand args

Explanation: Config file is already specified incommand args.

Administrator response: Config file is alreadyspecified in command args.

HPDAU0158E Audit database is not initialized

Explanation: Audit database should be initialized.

Administrator response: Ensure that the Auditdatabase is initialized.

HPDAU0159E No Services configured : %s

Explanation: Services should be configured.

Administrator response: Ensure that at least oneservice is configured.

HPDAU0208E Error Reading input stream;abandoning Connection.

Explanation: A valid message input stream required.

Administrator response: Ensure that the messageInputStream valid

HPDAU0209E Error Reading input stream end offile ; aborting Connection.

Explanation: A valid End of File for input streamrequired.

Administrator response: Ensure that the input streamhas a valid End of File.

HPDAU0210E Unexpected connection termination.

Explanation: A valid connection required.

Administrator response: Ensure that there is noUnexpected connection termination.

HPDAU0211E Bad configuration file: %s

Explanation: A valid configuration required.

Administrator response: Ensure that the configuration

is valid.

HPDAU0212E Bad configuration, cannot continue.


Administrator response: Ensure that the configurationis valid.

HPDAU0213E Input stream or output stream is null.

Explanation: A valid Input and output streamrequired.

Administrator response: Ensure that the input streamor output stream is not null..

HPDAU0214E Error reading configuration file


Administrator response: Ensure that the configurationis valid.

HPDAU0215E Configuration file not found: %s


Administrator response: Ensure that the configurationexists and is valid.

HPDAU0216E Configuration file not found:


Administrator response: Ensure that the configurationexists and is valid.

HPDAU0217E Event config filename cannot be null

Explanation: A Non null config file required.

Administrator response: Ensure that the config file isnot null.

HPDAU0218E Bad event stream format : %s

Explanation: Event stream should contain 'true' or'false'.

Administrator response: Expecting 'true' or 'false' inevent stream.

HPDAU0219E Bad event stream format : %s

Explanation: Event stream should contain numbers.

Administrator response: Expecting number in eventstream.

HPDAU0220E Bad event stream format, type value= : %s

Explanation: Event config stream should containstring.

Administrator response: Expecting string in eventconfig stream.





HPDAU0221E Bad event stream format, type value= : %s

Explanation: Event stream should contain character.

Administrator response: Expecting character in eventconfig stream.

HPDAU0222E Daemon configuration error, configfile = : %s

Explanation: Error configuring daemon.

Administrator response: Error configuring daemon.

HPDAU0224E SQL error : Daemon could not accessSystem table

Explanation: The system table should be accessible.

Administrator response: Ensure that the system tableis accessible.

HPDAU0225E SQL error : Could not insert event todatabase

Explanation: Could not insert the event into thedatabase.

Administrator response: Ensure that the database isaccessible.

HPDAU0226E SQL error : Could not insert elementto database: %s

Explanation: Could not insert the element into thedatabase.


HPDAU0227E SQL error : Could not insert attributeto database: %s

Explanation: Could not insert the attribute into thedatabase.


HPDAU0228E Can't find

COM.ibm.db2.jdbc.app.DB2Driver

Explanation: COM.ibm.db2.jdbc.app.DB2Drivershould be in the classpath.

Administrator response: Ensure that the classCOM.ibm.db2.jdbc.app.DB2Driver is in path

HPDAU0300E Invalid service name

Explanation: A Non null eventName is required.

Administrator response: Ensure that a non nulleventName is specified

HPDAU0301E Invalid service count

Explanation: A valid service count is required.

Administrator response: Ensure that a valid servicecount is specified

HPDAU0302E Invalid event count

Explanation: A valid event count is required.

Administrator response: Ensure that a valid eventcount is specified

HPDAU0303E Error reading event table

Explanation: A valid event table is required.

Administrator response: Ensure that the event table isvalid.

HPDAU0304E Error reading event config table: %s

Explanation: A valid event config table is required.

Administrator response: Ensure that the event configtable is valid.

HPDAU0305E Event could not be found in configtable: %s

Explanation: Config table should contain the event.

Administrator response: Ensure that the event existsin the config table.

HPDAU0400E Could not find msg class name inmsg header

Explanation: A valid message class required inmessage header.

Administrator response: Ensure that the messageheader has message class.

HPDAU0401E Message class could not be found

Explanation: A valid message class required in inputstream.

Administrator response: Ensure that input stream hasvalid message class.





HPDAU0402E Message class could not beinstantiated

Explanation: A valid message class that can beinstantiated is required.

Administrator response: Ensure that message classcan be instantiated.

HPDAU0403E 'End-of-msg' char not found in stream

Explanation: A valid 'End-of-msg' character requiredin message input stream.

Administrator response: Ensure that message inputstrean has 'End-of-msg' character.

HPDAU0404E Unexpected end of msg stream : %s

Explanation: A valid 'End-of-msg' character requiredin message input stream.

Administrator response: Ensure that message inputstrean has 'End-of-msg' character.

HPDAU0405E Failed closing service : %s

Explanation: Service could not be closed.

Administrator response: Failed closing service.

HPDAU0406E Control object %s has no boundservice.

Explanation: Control object should be bound to aservice.

Administrator response: Control object is not boundto a service.

HPDAU0500E Cannot bind service %s to controlobject

Explanation: A valid control service name is required.

Administrator response: Ensure that a valid controlservice name is specified

HPDAU0501E Service could not be initialized.Service name = %s

Explanation: A valid service is required.

Administrator response: Ensure that a valid servicename is specified

HPDAU0502E Deleivery policy initialization failed.Service name = %s

Explanation: A valid delivery policy service isrequired.

Administrator response: Ensure that a valid deliverypolicy is specified

HPDAU0505E Problem decoding audit event

Explanation: Problem decoding audit event

Administrator response: Problem decoding auditevent

HPDAZ0100E Unknown message code: %s .

Explanation: The text for the message code could not be found in the message catalogs installed on the localsystem. This typically means that the policy server is ata more recent level than the client and has returned acode undefined in the client runtime. Thedocumentation associated with the policy serverinstallation should include the message code.

Administrator response: Consult the Error MessageReference to obtain the message text, explanation, andsuggested actions for the message code.

HPDAZ0101E The specified configuration or

keystore file already exists.

Explanation: The 'create' configuration action isdesigned to check for existing files and fail if they arefound in order not to overwrite them accidentally.

Administrator response: To preserve existing files,specify new configuration and keystore file names. Tooverwrite existing files, specify the 'replace'configuration action.

HPDAZ0102E An unexpected error has occurred.


Administrator response: See the error log for moreinformation. Check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman.

HPDAZ0200E Invalid argument: Null name.

Explanation: A nonnull name object is required whenadding to a PDAttrs object.

Administrator response: Ensure that the nameargument is nonnull.

HPDAZ0201E Invalid argument: Null collection.

Explanation: A nonnull Collection object is requiredwhen adding to a PDAttrs object.

Administrator response: Ensure that the collectionargument is nonnull.

HPDAU0402E • HPDAZ0201E




HPDAZ0202E Invalid argument: Null value.

Explanation: A nonnull value object is required whenadding to a PDAttrs object.

Administrator response: Ensure that the valueargument is nonnull.

HPDAZ0203E Invalid argument: Null PDAttrs.

Explanation: A nonnull PDAttrs object is requiredwhen adding to a PDAttrs object.

Administrator response: Ensure that the PDAttrsargument is nonnull.

HPDAZ0204E Invalid argument: Null or invalidQOP value.

Explanation: A valid, nonnull Quality Of Protectionvalue is required.

Administrator response: Ensure that the QOPargument is nonnull and is one of the QOP_* constantsdefined in the PDStatics class.

HPDAZ0205E Server error: No data was returned.

Explanation: No data was returned by the server. Thisusually indicates a server crash. If this reoccurs, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

Administrator response: Ensure that theAuthorization server is up and rerun this operation.

HPDAZ0206E Server error: Unexpected tag in data.

Explanation: Unexpected data was returned by theserver. This usually indicates a client/server mismatch.

Administrator response: Ensure that the Java client iscurrent with (within two releases of) the SecurityAccess Manager server. If so, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAZ0207E Invalid argument: Null name.

Explanation: A nonnull name object is required whenconstructing a PDAttr object.

Administrator response: Ensure that the nameargument is nonnull.

HPDAZ0208E Invalid argument: Null value.

Explanation: A nonnull value object is required whenconstructing a PDAttr object.

Administrator response: Ensure that the valueargument is nonnull.

HPDAZ0209E Server error: Unexpected number ofvalues in data: %d.


Administrator response: Ensure that the Java client iscurrent with (within two releases of) the Security

Access Manager server. If so, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAZ0210E Server error: Unexpected type ofattrlist: %d.


Administrator response: Ensure that the Java client iscurrent with (within two releases of) the SecurityAccess Manager server. If so, check IBM Electronic


HPDAZ0211E Invalid argument: Collection containsobjects other than PDAttrValue.

Explanation: The constructor only permitsPDAttrValue objects in the Collection.

Administrator response: Ensure that the inputCollection only contains PDAttrValue.

HPDAZ0212E Invalid argument: Only PDAttrValue

objects can be in this PDAttrValueList.

Explanation: A PDAttrValueList is only forPDAttrValue objects.

Administrator response: Ensure that the input is aPDAttrValue.

HPDAZ0213E Invalid argument: Null Collection.

Explanation: A nonnull Collection object is requiredwhen adding to a PDAttrValueList object.

Administrator response: Ensure that the Collectionargument is nonnull.

HPDAZ0214E Invalid argument: Null bytes.

Explanation: A nonnull bytes object is required whenconstructing a PDBufferAttrValue object.

Administrator response: Ensure that the bytesargument is nonnull.

HPDAZ0202E • HPDAZ0214E




HPDAZ0215E Invalid argument: NullPDAdmSvcPobj.

Explanation: A nonnull PDAdmSvcPobj object isrequired when constructing a PDPobjAttrValue object.

Administrator response: Ensure that thePDAdmSvcPobj argument is nonnull.

HPDAZ0216E Invalid argument: Null string.

Explanation: A nonnull string object is required whenconstructing a PDStringAttrValue object.

Administrator response: Ensure that the stringargument is nonnull.

HPDAZ0256E Zero or more than one base entry isconfigured for the custom repository [%s ]. Only one base entry is allowed.

Explanation: This repository only allows one base

entry.Administrator response: Check the base entry that isconfigured with the custom repository in WebSphereVirtual member manager (VMM). Fix the VMMconfiguration for this repository and retry.

HPDAZ0257E The custom configuration property [%s ] and its value [ %s ] is either invalidor incorrect.

Explanation: Either the custom configuration propertyis not supported or its value is incorrect.

Administrator response: Check WebSphere Virtual

member manager (VMM) custom repositoryconfiguration for the property. Fix the VMMconfiguration for this repository and retry.

HPDAZ0258E Cannot modify the entity property [%s ]. The Security Access Managercustom registry adapter for WebSphereVirtual member manager does notsupport renaming an entity.

Explanation: The Security Access Manager customregistry adapter for WebSphere Virtual membermanager does not support renaming an entity.

Administrator response:

HPDAZ0259E The specified JRE (%s) does not exist.

Explanation: The path does not contain a valid JRE

Administrator response: Try again with a valid JREpath

HPDAZ0260E The \'full\' or \'standalone\' are theonly options for configuration type.

Explanation:


HPDAZ0261E 'yes' or 'no' are the only acceptablevalues.

Explanation: The value supplied was not 'yes' or 'no'.

Administrator response: Try again with an acceptablevalue of 'yes' or 'no'.

HPDAZ0262E Unable to query information frompd.conf file.


Administrator response: Check the file permissionsand path. Ensure the file is not locked by anotherprocess.

HPDAZ0263E Unable to query local host name.


Administrator response: Ensure the machine has avalid host name.

HPDAZ0264E The %s entry for the entity with DN:%s in the domain is missing the %sattribute.

Explanation: The secUser or secGroup entry for theuser or group in the domain is missing the required

attribute that contains the entities ID.

Administrator response: Fix the inconsistency in theregistry for the domain.

HPDAZ0265W The entity with DN: %s was notremoved as others are still using it.

Explanation: The secUser or secGroup entry for theuser or group has been removed, however, it was alsorequested that the Native registry entry also beremoved, and that was not possible. This is likely dueto the entry being used by other applications or is amember of another Security Access Manager domain.

Administrator response: This warning can be ignoredif it is acceptable that the Native registry entry was notremoved. The entity has been removed from SecurityAccess Manager domain so the entity will no longer beaccessable through that domain.

HPDAZ0215E • HPDAZ0265W




HPDAZ0266E The Security Access Manager domain%s does not exist.

Explanation: The Security Access Manager domainname provided was not found in the registry.

Administrator response: Provide a domain name toan existing domain.

HPDAZ0267E There is no Security Access Managerentity in the domain with ID %s.

Explanation: The Security Access Manager user orgroup with the specified ID does not exist in thedomain.

Administrator response: Verify the correct user orgroup ID was provided.

HPDAZ0268E Unable to modify membership of thegroup %s , it is likely a dynamic group.

Explanation: It is likely that the user is a member of the group through a dynamic technique for which thisAPI is not capable of modifying.

Administrator response: Use other methods toexclude or remove the user from the groupmembership.

HPDAZ0269E The entity DN %s is already amember of the Security Access Managerdomain.

Explanation: The user/group DN is already a memberof the Security Access Manager domain and it is notvalid to have more than one Security Access Managerentity for a DN in the domain.

Administrator response: Either delete the existingSecurity Access Manager entity associated with the DNor do not attempt the import/create.

HPDAZ0270E The entity ID %s is already in use forthe Security Access Manager domain.

Explanation: The user/group ID is used by anotheruser/group within the domain. The ID must be unique.

Administrator response: Choose another user/groupID that is unique within the domain.

HPDAZ0271E The entity ID %s is missing it'sregistry entry.

Explanation: The user/group ID has Security AccessManager domain information but is missing theunderlying registry user/group entry. This situationshould not be encountered in normal operation.

Administrator response: Fix the inconsistency in theregistry for the domain.

HPDAZ0272E The supplied DN, %s , to create theentity with has characters that are notvalid.

Explanation: Some characters can not be used in DNs.

Administrator response: Ensure the DN has validcharacters.

HPDAZ0273E The supplied entity ID, %s , to createthe entity with has characters that arenot valid.

Explanation: Some characters can not be used in IDs.

Administrator response: Ensure the ID has validcharacters.

HPDAZ0274E The %s attribute value %s containscharacters that are not valid.

Explanation: Some or all of the characters in the

attribute value are not valid.Administrator response: Remove the invalidcharacters from the attribute and retry.

HPDAZ0275E The %s attribute must be providedwhen creating the entity.

Explanation: The attribute must be supplied for thecreation of the entity.

Administrator response: Include the missing attributeand retry the operation.

HPDAZ0276E The entity DN %s can not be createdas it already exists.

Explanation: The user/group DN already exists, butthe API failed as it was asked to create it.

Administrator response: Consider importing theentity rather than attempting to create it.

HPDAZ0277E Failed to add entity DN %s to ADAMregistry, the DN is likely invalid.

Explanation: ADAM returns operations error whenthe DN provided is not valid. This error has beenmapped by the API to a more appropriate exception so

that the caller of the API is presented with a moreconsistent interface.

Administrator response: Ensure the DN is valid forthe ADAM registry and retry.

HPDAZ0278E None of the configured LDAP serversof the appropriate type for the operationcan be contacted.

Explanation: Communication to all LDAP servers thatare of the appropriate type, 'readwrite' for modification





operation, 'readwrite' or 'readonly' for read operations,have failed, so the operation cannot be completed andhas reported this failure.

Administrator response: Examine the log files foradditional information about the server connectionfailures. Ensure at least one LDAP is operational andretry the operation..

HPDAZ0279E The password must contain at leastone character.

Explanation: The API will not permit emptypasswords to be used. This is done to emulate the same

behavior of other Security Access Manager components.The use of empty passwords with LDAP can causeauthentications to succeed even if the accountpassword is not empty, causing a security issue.

Administrator response: Retry with a longerpassword.

HPDAZ0280E There are more matching entries butthe limit to return has been exceeded.

Explanation: Either a supplied limit or an LDAPserver configured limit on the number of matchingentries to return has been exceeded. There are morematching entries, but they will not be returned.

Administrator response: If the additional entries arerequired, increase the limites and retry.

HPDAZ0281E The old password supplied wasrejected by the LDAP server.

Explanation: Some LDAP servers returnNoSuchAttribute errors when the old password, in apassword change operation, is bad. The error has beenremapped to a more appropriate InvalidOldPassworderror.

Administrator response: Retry with the correct oldpassword.

HPDAZ0282E The password contains spaces and thepolicy does not permit this.

Explanation: The password policy for the user doesnot permit password containing spaces.

Administrator response: Retry with a password thatdoes not contain spaces.

HPDAZ0283E The password contains the samecharacter repeated consecutively morethan is permitted by policy: %s.

Explanation: The password policy for the user doesnot permit password containing repetitions of the samecharacters.

Administrator response: Retry with a password that

does not contain repeated characters.

HPDAZ0284E The password is too short, the policyminimum is %s.

Explanation: The password policy for the userspecifies a minimum length and the password suppliedis less that the minimum.

Administrator response: Retry with a longerpassword that conforms to policy.

HPDAZ0285E The password does not containenough alphabetic characters, the policyminimum is %s.

Explanation: The password policy for the userspecifies a minimum number of alphabetic charactersthat must be present in the password.

Administrator response: Retry with enough alphabeticcharacters in the password to conform to policy.

HPDAZ0286E The password does not containenough non-alphabetic characters, thepolicy minimum is %s .

Explanation: The password policy for the userspecifies a minimum number of non-alphabeticcharacters that must be present in the password.

Administrator response: Retry with enoughnon-alphabetic characters in the password to conformto policy.

HPDAZ0287E The password must not begin with

the %s character.

Explanation: The LDAP server does not permitpassword beginning with the specified character.

Administrator response: Retry with a password that begins with a different character.

HPDAZ0288E A date value, %s , fetched from anLDAP value is not of form expected.

Explanation: This API expects the date value to be of the form 'YYYYMMDDhhmmss.0Z'. The value fetchedwas not of this form so the operation cannot becompleted.

Administrator response: The value must be correctedin the registry, before the operation will succeed.

HPDAZ0289E The account has been disabled.

Explanation: The account was previously temporarilylocked out due to many authentication attempts whichare not valid. However, policy changed to requireaccount disablement instead.

Administrator response: Contact the account





administrator to determine what can be done.

HPDAZ0290E The account has been locked out.

Explanation: The account was previously disabled dueto many authentication attempts which are not valid,however, policy has changed since to only requiretemporary lockout instead.

Administrator response: Wait for the lockout periodand retry. You can also contact the accountadministrator to determine what can be done.

HPDAZ0291E The account is disabled.

Explanation: The account is disabled and can not beused.

Administrator response: Contact the accountadministrator to determine what can be done.

HPDAZ0292E The account has been temporarily

locked.

Explanation: The account has been temporarily lockedand cannot be used for a preset wait period.

Administrator response: Wait for the lockout periodand retry. You can also contact the accountadministrator to determine what can be done.

HPDAZ0293E The account cannot be used at thistime due to time-of-day policyrestrictions.

Explanation: The account has a Time-Of-Day policy

associated with it that restricts access to specific timeson specific days.

Administrator response: Retry at a time when accountpolicy permits access.

HPDAZ0294E The account is set invalid.

Explanation: The account valid flag on the account isset to false.

Administrator response: The account cannot be used,Contact the account administrator to determine whatcan be done.

HPDAZ0295E The account password is flagged asnot valid.

Explanation: The password valid flag on the accountis set to false. This can be done by the accountadministrator to force a password change, or policy canautomatically trigger it.

Administrator response: The account password validflag is false must be changed to true before login canoccur. Typically flag can be reset by changing thepassword on the account.

HPDAZ0296E The time-of-day policy value, %s ,fetched from an LDAP value is not ofform expected.

Explanation: This API expects the date value to be of the form 'days:start:end:zone' where: days - is adecimal number representing a bit mask of days of theweek. start - is a decimal number representing the startminute of the day of allowed access. end - is a decimalnumber representing the end minute of the day of allowed access. zone - if set to 1 indicates that GMTtime of day should be used, else server local time. Thevalue fetched was not of this form so the operationcannot be completed.

Administrator response: The value must be correctedin the registry, before the operation will succeed.

HPDAZ0297E The required configuration property%s was not found.

Explanation: The API can not be used without the

missing property being provided in the configurationfile.

Administrator response: Add the required property tothe configuration file.

HPDAZ0298E The configuration property %s has aninvalid value %s.

Explanation: The value assigned to the configurationproperty is not of the expected form.

Administrator response: Correct the property value inthe configuration file.

HPDAZ0299E The configuration property %s value%s is not in the range %s to %s .

Explanation: The value assigned to the configurationproperty is not within the acceptable range for thatproperty.

Administrator response: Correct the property value inthe configuration file.

HPDAZ0300E The configuration property %s has aninvalid server entry %s.

Explanation: The server entry is not of the expected

form 'host:port:type:rank'.

Administrator response: Correct the server entry inthe configuration file.

HPDAZ0301E The configuration property %s has aninvalid server entry %s port %s.

Explanation: The server entry port must be a decimalinteger in the range 1 to 65535.





Administrator response: Correct the server entry portin the configuration file.

HPDAZ0302E The configuration property %s has aserver entry %s type %s which is notvalid.

Explanation: The server entry type must be either'readwrite' or 'readonly'.

Administrator response: Correct the server entry typein the configuration file.

HPDAZ0303E The configuration property %s has aserver entry %s rank %s which is notvalid.

Explanation: The server entry ranking must be adecimal integer in the range 0 to 10.

Administrator response: Correct the server entryranking in the configuration file.

HPDAZ0304E The Relative Distinquished Name,%s , is of an unexpected form.

Explanation: The first RDN of the DN provided is notof the expected form..

Administrator response: Resubmit the request with avalid Distinquished Name.

HPDAZ0305E The registry reported the passwordhas expired.

Explanation: The underlying registry reported the

password has expired. This is not due to any SecurityAccess Manager policy, rather the policy of theunderlying registry.

Administrator response: This condition might becleared by updating the password.

HPDAZ0306E The registry reported the account islocked.

Explanation: The underlying registry reported theaccount is locked. This is not due to any SecurityAccess Manager policy, rather the policy of theunderlying registry.

Administrator response: Contact the underlyingregistry administrator for a solution.

HPDAZ0307E The registry reported the passwordmust be changed after reset.

Explanation: The underlying registry reported thepassword needs changing as the password was resetand no other other actions can take place for thisaccount until then. This is not due to any SecurityAccess Manager policy, rather the policy of theunderlying registry.

Administrator response: This condition might becleared by updating the password.

HPDAZ0308E The registry reported the passwordcan not be changed.

Explanation: The underlying registry reported that thepassword can not be be changed. This is not due to anySecurity Access Manager policy, rather the policy of theunderlying registry.


HPDAZ0309E The registry reported the passwordold password must be supplied duringthe change.

Explanation: The underlying registry reported that thepassword cannot be be changed without supplying theexisting password as well as the new password. This isnot due to any Security Access Manager policy, rather

the policy of the underlying registry.


HPDAZ0310E The registry reported the newpassword does not pass its policy syntaxrules.

Explanation: The underlying registry reported that thenew password supplied does not have the correct mixof character types in it. This is not due to any SecurityAccess Manager policy, rather the policy of theunderlying registry.

Administrator response: Change the content of thepassword and resubmit.

HPDAZ0311E The registry reported the newpassword is too short.

Explanation: The underlying registry reported that thenew password supplied is not long enough. This is notdue to any Security Access Manager policy, rather thepolicy of the underlying registry.

Administrator response: Increase the length of thenew password and resubmit

HPDAZ0312E The registry reported that more timeis required before the password can bechanged again.

Explanation: The underlying registry reported that itwill not allow changes to the passwod until a presetamount of time has passed since the last change. This isnot due to any Security Access Manager policy, ratherthe policy of the underlying registry.

Administrator response: Resubmit at a later time.





HPDAZ0313E The registry reported the passwordhas been recently used and can not bereused.

Explanation: The underlying registry reported that itwill not allow changes to the passwod until a presetamount of time has passed since the last change. This isnot due to any Security Access Manager policy, ratherthe policy of the underlying registry.

Administrator response: Create a new password notpreviously used and resubmit.

HPDAZ0314E The registry reported an unexpectedpassword policy error %s .

Explanation: The underlying registry reported apassword policy error that was not expected, and as asecurity precaution the account will be consideredlocked.

Administrator response: Contact the underlying

registry administrator to help determine why.

HPDAZ0315E Unable to communicate to the registryserver.

Explanation: The API failed to connect to the LDAPregistry server. Additional information may be availablein the attached Naming Exception.

Administrator response: Ensure the registry server isoperating and a clear communications path exists to it.

HPDAZ0316E The entry already exists in theregistry.

Explanation: An attempt to create a new entry in theLDAP registry failed because the entry already exists.

Administrator response: Choose a new DN and retrythe operation.

HPDAZ0317E The registry is too busy and hasrejected the operation.

Explanation: The LDAP registry server reported that itwas too busy to process the request.

Administrator response: Retry when the registry isless busy.

HPDAZ0318E The operation took longer than theregistry time limit and was aborted.

Explanation: The LDAP registry server aborted theoperation as it was taking too long to process.

Administrator response: Retry with a simpleroperation, increase the registry time limit, improve theregistry performance, or if the registry is under heavyload, wait for a better time.

HPDAZ0319E The operation failed due toinsufficient access rights.

Explanation: Access Controls set in the LDAP registryserver do not permit this APIs account to invoke theoperation.

Administrator response: Contact the LDAP registry

administrator to gain the necessary access rights.

HPDAZ0320E The Distinguished Name providedhas incorrect syntax.

Explanation: An invalidly formated DN wasprovided.

Administrator response: Correct the DN provided toadhear to the rules for LDAP DN string representation.

HPDAZ0321E The Distinguished Name does notmap to an existing entry in the registry.

Explanation: The object was not found in the registry.Administrator response: Ensure the DN provided iscorrect.

HPDAZ0322E An attribute with the given valuedoes not exist for the entry.

Explanation: The object does not contain the attributewith the specified value so the operation failed.

Administrator response: Ensure the attribute nameand value is correct for the operation.

HPDAZ0323E The operation violates the schemarules for the registry.

Explanation: The operation requested would violatethe schema rules of the registry.

Administrator response: Do not attempt to violateschema rules.

HPDAZ0324E The attribute type specified is notvalid.

Explanation: The attribute type specified is not valid.This should not occur during normal operation.

Administrator response: Reconsider how this API is being used.

HPDAZ0325E Partial results were returned due to areferral not being followed.

Explanation: This error results from LDAP referralsnot being followed. If they were followed all the resultscould be obtained.

Administrator response: This should not occur, as theAPI is configured to follow referrals.





HPDAZ0326E The request to the registry includedan extension that is not supported bythe registry.

Explanation: The request to the registry included anextension that is not supported by the registry.

Administrator response: Examine the configuration of

the registry to ensure the required extension is enabled.

HPDAZ0327E The value specified for the attributeviolates the attributes schema definition.

Explanation: The value specified for the attributewould violate the attributes schema definition.

Administrator response: Ensure the attribute valueand name are correct.

HPDAZ0328E The non-leaf entry can not be deleted.

Explanation: Other entries in the registry have been

created below this one and the registry will not permitits removal while the other entries exist.

Administrator response: If the entry was specifiedcorrectly, remove the entries under it so it becomes aleaf entry and can be removed.

HPDAZ0329E The credentials provided can not beauthenticated by the registry.

Explanation: The DN provided does not match anyexisting user in the registry or the password providedis not correct for the user.

Administrator response: Provide correct credentials

and retry.

HPDAZ0330E An attribute type or attribute valuespecified already exists in the entry.

Explanation: An attribute type or attribute valuespecified already exists in the entry.

Administrator response: Ensure the correct attributeand value was provided.

HPDAZ0331E An unexpected error was reported bythe registry.

Explanation: An unexpected error was reported by theregistry.

Administrator response: Ensure the registry and thisAPI are configured correctly, and that the registry is anoffically supported one.

HPDAZ0332E Unable to read in the configurationURL: %s .

Explanation: Opening and reading in the contents of the configuration properties file failed.

Administrator response: Ensure the configuration filespecified is correct.

HPDAZ0333E Unable to determine the registryserver type. Error message %s.

Explanation: The API will attempt to determine thetype of LDAP registry it is configured to use. Thisoperation will test some of the essential basicconfiguration options are correct when the registryinstance is provisioned.

Administrator response: Examine the error messagetake corrective action, and retry.

HPDAZ0334E Many instances of the registry API

are open. The maximum is %s.

Explanation: There is a maximum number of registryinstances that can be instanciated at the same time andthis limit has been reached.

Administrator response: Reduce the number of simultaneously open registry instances.

HPDAZ0335E The cryptographic algorithm %s needfor SSL to the registry is not available.

Explanation: To ensure the SSL certificate recievedfrom the LDAP server is trusted this algorithm is usedand must be available.

Administrator response: Ensure the correctcom.ibm.crypto.provider.IBMJCE is in the Java classpath.

HPDAZ0336E The configured trust key store, %sdoes not exist. This is needed for SSL tothe registry.

Explanation: If the trust key store is configured, itmust exists.

Administrator response: Ensure trust key store isconfigured correctly and exists.

HPDAZ0337E The configured trust key store, %s oftype %s from provider %s can not beloaded. This is needed for SSL to theregistry.

Explanation: The configured trust key store cannot beloaded.

Administrator response: Ensure trust key store isconfigured correctly, exists and if of the correct type.





HPDAZ0338E The configured trust key store, %scannot be initialized by the trust storefactory. This is needed for SSL to theregistry.

Explanation: The configured trust key store could not be initilized by the trust store factory.

Administrator response: Ensure trust key store isconfigured correctly, and has the correct type.

HPDAZ0339E Unexpected error using theconfigured trust key store, %s. This isneeded for SSL to the registry.

Explanation: Unexpected error using the configuredtrust key store.

Administrator response: Ensure trust key store isconfigured correctly, is of the correct type.

HPDAZ0340E Unexpected error setting up SSL to

the registry.

Explanation: Unexpected error setting up SSL to theregistry.


HPDAZ0341E The registry returned a generic errorthat indicates the registries passwordpolicy was violated.

Explanation: An attribute value exception, which isnot valid, can be returned by various LDAP registries if the password supplied does not conform to the LDAPregistries password policy. This is not caused bySecurity Access Manager password policy.

Administrator response: Ensure the passwordcomplies to the underlying LDAP registries passwordpolicy.

HPDAZ0342E No avaliable method for verifying thepassword is available.

Explanation: Two methods of verifying the passwordare used by the API. Either by binding to the LDAPserver using the credentials, or by using the LDAP todirectly compare the password to the passwordattribute of the account. Neither of these two methods

are available, possibly due to a combination of thelimitations of the LDAP server and theldap.auth-using-compare setting.

Administrator response: Ensure theldap.auth-using-compare configuration setting isappropriate.

HPDAZ0343E The registry reported an error toindicate the account is locked.

Explanation: The underlying registry reported theaccount is locked. This is not due to any SecurityAccess Manager policy, rather the policy of theunderlying registry.


HPDAZ0344E The password is not correct.

Explanation: The password does not match thepassword of the account.

Administrator response: Retry with the correctpassword

HPDAZ0345E The entity is not a Security AccessManager entity, so the attribute, %s , isnot appropriate.

Explanation: The attribute being modified is onlyapplicable to Security Access Manager entites, and theentity in this operation is not one.

Administrator response: Ensure the attribute isappropriate for the entity being modified.

HPDAZ0346E The operation is not valid forattribute, %s.

Explanation: The operation is not valid for attribute.

Administrator response: Ensure the attribute name iscorrect.

HPDAZ0347E GSO enabled user accounts can notbe deleted.

Explanation: The API does not support deleting useraccounts that are GSO enabled.

Administrator response: Remove GSO enablementfrom the user account before deleting.

HPDAZ0348W The registry reported the passwordwill expire soon.

Explanation: The underlying registry reported the

password will expire soon. This is not due to anySecurity Access Manager policy, rather the policy of theunderlying registry.

Administrator response: This condition can beignored, and might be cleared by updating thepassword.

HPDAZ0338E • HPDAZ0348W




HPDAZ0349E The suffix %s configured to beignored cannot be parsed.

Explanation: The suffix string provided is not acorrectly formatted DN.

Administrator response: Ensure the suffix syntax iscorrect.

HPDAZ0350E The suffix %s used internally cannotbe parsed.

Explanation: The suffix string set internally in theprogram cannot be parsed by the Java API, which isunexpected.

Administrator response: Internal error, check forupdates to this program.

HPDAZ0351W Authentication failed. The account isnot activated.

Explanation: The LDAP registry failed theauthentication and reported that the account is notactivated.

Administrator response: Contact the administrator forthe LDAP registry to activate the account.

HPDAZ0352E An LDAP operations error occurred.

Explanation: An unexpected error was returned fromthe LDAP server while attempting the operation. Thiserror can be returned from a search of the suffix:cn=schema.

Administrator response: Make sure that special LDAP

suffixes are excluded from searches.

HPDAZ0353E Unable to setup Audit logger for filepattern %s

Explanation: An error occured when setting up theAudit Java Logger to output to the specified file.

Administrator response: Ensure the file patternprovided is valid, and that the operating system userrunning this applicaton has permission to update theseaudit files. Also examine the cause exception foradditional details.

HPDAZ0354E Failed to convert attribute/valueinformation into PDAdmin PDAttrs inpreparation for authorization checks.

Explanation: An error occured when creatingPDAdmin attribute class instances.

Administrator response: This error is not expected.Examine the cause exception for possible solution.

HPDAZ0355E Failed to get obtain PDAdmincredentials for user %s.

Explanation: An error occured when determinig thecredentials for the user that is to be used inauthorization decisions when using the administrationmethods.

Administrator response: Ensure the administratoruser name is valid. Ensure that the AuthorizationServer is running. Examine the cause exception foraddition information.

HPDAZ0356E Unable to generate PDPermissionobjects.

Explanation: An error occured when creatingPDPermission objects used for authorizingadministration methods.

Administrator response: Examine the cause exceptionfor addition information.

HPDAZ0357E Unable to determine if the user ispermitted access.

Explanation: An error occured when checking if theuser has permission to invoke the administrationmethod.

Administrator response: Ensure the AuthorizationServer is running. Examine the cause exception foraddition information.

HPDAZ0358E The user '%s' is not authorized for'%s' action on '%s'.

Explanation: The administration user is not permittedaccess to the method.

Administrator response: Use a different user, orupdate the ACL on the object to permit the action.

HPDAZ0359E Domain '%s' is not valid, onlydomain '%s' can be used.

Explanation: The permitted domains is restrictedwhen running the application as it is configured.

Administrator response: Use the correct domain. Notethat when authorization is enabled, the only domain

permitted is the one configured for the PDAdmin API.

HPDAZ0360E The user '%s' is not permitted toinvoke this operation on their ownaccount.

Explanation: Some operations are not permitted whena user is manipulating their own account.

Administrator response: Use a different user toinvoke this operation.





HPDAZ0361E Unable to create a PDAdminPDAuthorizationContext forauthorization evaluation.

Explanation: This API attempted to create a PDAdminPDAuthorizationContext, required when authorizationis enabled.

Administrator response: Ensure the configuration iscorrect. Examine the cause exception for additionaldetails.

HPDAZ0362E Attribute '%s' can only have onevalue, %s values were provided.

Explanation: An update was attempted on anattribute which would result in more than one valuefor the attribute when the attribute only allows onevalue.

Administrator response: Retry the operation with justone value.

HPDAZ0363E Attribute '%s' must be of String type.

Explanation: The attribute only accepts String typevalues.

Administrator response: Retry the operation with aString value, not a byte[] value.

HPDAZ0364E The value '%s' is not valid forattribute '%s'.

Explanation: The attribute only accepts String typevalues.

Administrator response: Retry the operation with aString value, not a byte[] value.

HPDAZ0365E The condensed resource credentialvalue '%s' can not be parsed.

Explanation: The value provided was likely notproduced from the API and is not formatted correctly.

Administrator response: Correct the value and retrythe operation.

HPDAZ0366E %s resource credential values arerequired, %s was provided.

Explanation: A resource credential is made of of fourvalues: the resoure name, type, user and password.

Administrator response: Provide the correct numberof values and retry the operation.

HPDAZ0400E Invalid argument: Null PDConfig.

Explanation: A nonnull PDConfig object is required toconstruct an AuthNCertCmd.

Administrator response: Ensure that the configargument is nonnull.

HPDAZ0401E Invalid argument: Null accountNameor passphrase or domainName.

Explanation: A nonnull input is required to constructan AuthNPasswordCmd.

Administrator response: Ensure that theaccountName, passphrase and domainName argumentsare nonnull.

HPDAZ0402E Invalid argument: Some nonnullinput needs to be provided.

Explanation: Nonnull input is required to construct an

AuthSignCertificateCmd.Administrator response: Ensure that some input isnonnull.

HPDAZ0403E Transmission error: Parameters couldnot be encoded.

Explanation: I/O error occurred even before therequest could be transmitted.


HPDAZ0404E Invalid argument: Null accountnameor passphrase.

Explanation: Nonnull input is required to construct aProxyAuthenticateCmd.

Administrator response: Ensure that the input isnonnull.

HPDAZ0405E Invalid argument: Null userName.

Explanation: A userName is required to construct aProxyGetCredsCmd.

Administrator response: Ensure that the userNameargument contains meaningful input.

HPDAZ0500E Configuration error: This applicationserver's account is marked invalid.

Explanation: The Security Access Manager serverindicates that this server's account is invalid.

Administrator response: Ensure that the correct configfile is being used. If it is, ensure that this applicationserver's account has not been marked invalid.





HPDAZ0501E Configuration error: This applicationserver's account is unknown.

Explanation: The Security Access Manager serverindicates that this server's account is unknown.

Administrator response: Ensure that the correct configfile is being used. If it is, ensure that this application

server's account exists. If it does not, re-run SvrSslCfg.

HPDAZ0502E Transmission error: No response fromserver at %s , port %d.

Explanation: The Security Access Manager server didnot respond to this request.

Administrator response: Ensure that the correct configfile is being used, and that the desired server isoperational. If all was correct, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAZ0503E Transmission error: Could not connectto the server, and no alternative serversare configured.

Explanation: No communication is possible to thisSecurity Access Manager server.

Administrator response: Ensure that the correct configfile is being used, and that the desired server isoperational. If all was correct, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDAZ0504E Failover error: cannot contact aconfigured server.

Explanation: No communication could be made toany of the configured servers.

Administrator response: Ensure that networkconnectivity exists between the client and servermachines and verify that the server process is runningon the configured port.

HPDAZ0512E The Security Access Manager customregistry adapter for WebSphere Virtual

member manager (VMM) cannot updategroup membership for group [ %s ] .Security Access Manager does notsupport nested groups.

Explanation: The Security Access Manager does notsupport nested groups; therefore, the Security AccessManager custom registry adapter for WebSphere Virtualmember manager does not allow nested groupmembership update.

Administrator response: Remove the groupmembership update for nested group.

HPDAZ0513W Server %s has recovered.

Explanation: An LDAP server that previously failedhas been detected as funtioning again. It will be added

back into the pool of available servers.


HPDAZ0514W The LDAP server is an IBM TivoliDirectory Server and is running inconfiguration only mode. SecurityAccess Manager will not be able tooperate normally with the LDAP serverin this mode.

Explanation: The LDAP server is an IBM TivoliDirectory Server and the server is currently running inconfiguration only mode. In this mode, most normalLDAP operations (such as update) cannot beperformed. Since many LDAP operations whichSecurity Access Manager performs are not possible,Security Access Manager will not be able to operate

normally until the LDAP server is configured properlyand restarted in normal mode.

Administrator response: View the IBM TivoliDirectory Server error logs and correct any identifiederrors which prevent the LDAP server from starting innormal mode. See the IBM Tivoli Directory Serverdocumentation for the location of the error log andinformation for configuring the server properly. Oncethe conditions have been corrected, restart the LDAPserver in normal mode and restart Security AccessManager.

HPDAZ0600E Invalid argument: Null URL on

constructor.

Explanation: An internal error occurred.


HPDAZ0601E Invalid argument: Could not convertport number to an integer.

Explanation: The supplied value was not a validinteger.

Administrator response: Supply a valid integer valuefor the server port number.

HPDAZ0602E Corrupted file: Insufficientinformation to contact a Policy Server.

Explanation: The configuration file did not correctlyspecify a Policy Server servername and port.

Administrator response: Re-run SvrSslCfg to generatea valid configuration file.





HPDAZ0603E Corrupted file: Insufficientinformation to contact an AuthorizationServer.

Explanation: The configuration file did not correctlyspecify a Authorization Server servername and port.

Administrator response: Re-run SvrSslCfg to generate

a valid configuration file.

HPDAZ0604E Invalid argument: Duplicate serverspecified.

Explanation: When trying to add a server to theconfiguration file, it was discoverd that the server wasalready in the list of servers. Retry without theduplicate entry.

Administrator response: Only supply a server once.

HPDAZ0605E Corrupted configuration: Cannot usekeystore.

Explanation: The keystore file supposed to be used inclient-server SSL communication could not be openedwith the derived password, or the certificate does nothave the correct alias, or the encrypted password has

been tampered with.

Administrator response: Re-run SvrSslCfg.

HPDAZ0768E Value '%s' is not valid for option '%s'.It must be one of 'true' or 'false'

Explanation: The option can only be set to either 'true'or 'false'. Neither of these values were provided.

Administrator response: Retry the commandproviding a correct value for the option.

HPDAZ0769E Invalid value '%s' for option '%s'. Itmust be an integer in the range %s to%s

Explanation: The option value must be an integer inthe range noted in the error text.


HPDAZ0770E Invalid value '%s' for option '%s'. The

value must be a non-empty list ofvalues separated by '%s' characters.

Explanation: The option value must be a non-emptylist of values separated by the separator charactednoted in the error text.


HPDAZ0771E The password for '%s' can not be zerocharacters in length.

Explanation: Password must be at least one characterin length.


HPDAZ0772E At least one LDAP server must bespecified for option '%s'.

Explanation: The option requires at least one LDAPserver to be specified.


HPDAZ0773E Option '%s' has an LDAP server entry'%s' which is not valid. It must be of theform 'host:port:type:rank'

Explanation: The command was not able to find fourvalues separated by ':' characters for the LDAP serverentry.


HPDAZ0774E Option '%s' has entry '%s' with a portvalue '%s' that is not valid. It must bean integer in the range 1 to 65535.

Explanation: The value for the LDAP server port ineither not in the range 1 to 65535, or is not an integer.

Administrator response: Retry the command

providing a correct value for the option.

HPDAZ0775E Option '%s' has entry '%s' with aserver type '%s' that is not valid. Useone of 'readwrite' or 'readonly'

Explanation: The server type can only be one of 'readwrite' or 'readonly'.


HPDAZ0776E Option '%s' has entry '%s' with aserver rank '%s' that is not valid. The

rank must be an integer in the range 1to 10.

Explanation: The value for rank is in either not in therange 1 to 10, or is not an integer.






HPDAZ0777E For option '%s' the '%s' must be avalid file that exists.

Explanation: The file must exist and be accessable tothe user running this command.


HPDAZ0779E The configuration properties file '%s'already exists.

Explanation: The create command will not overwriteexisting files.

Administrator response: Retry the commandproviding the name of a file that does not exist.

HPDAZ0780E An unknown configuration propertyname '%s' was provided. Use one of: %s.

Explanation: An unknown configuration property

name was given.Administrator response: Retry the commandproviding one of the valid property names.

HPDAZ0781E The option '%s' is required and cannot be removed.

Explanation: The property can not be removed as itmust be present in the configuration properties file.

Administrator response: Do not attempt to removethe option from the configuration properties file.

HPDAZ0782E Unable to create the configurationproperty file '%s', error '%s'.

Explanation: The configuration properties file can not be created (either for the first time, or due to anupdate). If this is an update, the original configurationpropertes file is renamed with the extention .bkp, and anew file is written in it's place. If the write fails, theoriginal file is restored.

Administrator response: Ensure there is sufficent diskspace. Ensure file system permissions permit the create.

HPDAZ0783E Unable to write to configurationproperties file '%s', error '%s'.

Explanation: The program is unable to write theproperties to the configuration properties file.

Administrator response: Ensure there is sufficent diskspace and retry.

HPDAZ0784E Unable to open configurationproperties file '%s' for reading. Error'%s'.

Explanation: The program is unable to open the theconfiguration properties file to read the properties.

Administrator response: Ensure permissions on the

file allow the action.

HPDAZ0785E Unable to read propertes fromconfiguration properties file '%s'. Error'%s'

Explanation: The program is unable to read theproperties from the configuration properties file.

Administrator response: Ensure file is a correctlyformated properties file.

HPDAZ0786E The input properties file is missingthe required 'ldap.ssl-truststore'

property.

Explanation: 'ldap.ssl-enable' property was set to 'true'which requires 'ldap.ssl-truststore' property.

Administrator response: Either set ldap.ssl-enable to'false' or add the propery 'ldap.ssl-truststore' in theinput properties file.

HPDAZ0787E The input properties file is missingthe required 'ldap.ssl-truststore-pwd'property.

Explanation: 'ldap.ssl-enable' property was set to 'true'which requires 'ldap.ssl-truststore-pwd' property.

Administrator response: Either set ldap.ssl-enable to'false' or add the propery 'ldap.ssl-truststore-pwd' inthe input properties file.

HPDAZ0788E The input properties file is missingthe required '%s' property.

Explanation: The property is required and must besupplied in the input properties file.

Administrator response: Add the missing propery tothe input properties file.

HPDBA0100E No data accompanied the serverresponse to the request.


Administrator response: Verify the status of theserver.

HPDAZ0777E • HPDBA0100E




HPDBA0101E Memory allocate request failed.

Explanation: A request to allocate memory failed.

Administrator response: Check the amount of systempaging and swap space available as well as the amountof available memory. You might also consider rebootingthe system. If the problem persists, check IBM

Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0107E Unable to map file %s , error (rc=%d).


Administrator response: Retry the command. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0108E Unable to unmap file %s , error(rc=%d).



HPDBA0111E The Tivoli Common Directoryconfiguration file cannot be read.

Explanation: Security Access Manager was configuredto use the Tivoli Common Directory serviceabilityscheme; but the Tivoli Common Directory configurationfile cannot be read.

Administrator response: Verify that the TivoliCommon Directory configuration file is located in thecorrect directory and that its has proper file accesspermissions.

HPDBA0112W Serviceability messages will not berecorded in the Tivoli CommonDirectory.

Explanation: Security Access Manager was configured

to use the Tivoli Common Directory serviceabilityscheme; but the Tivoli Common Directory has beenrelocated since the configuration was performed.

Administrator response: The location of the TivoliCommon Directory has been relocated since SecurityAccess Manager was configured. Move the SecurityAccess Manager serviceability files into the newlocation and update the Security Access Managerconfiguration to use the correct directory.

HPDBA0200E The server Distinguished Name (DN)specified in the configuration file doesnot match the DN in the certificatereceived from the server.

Explanation: The DN specified in the "master-dn"attribute of the "manager" stanza of the configurationfile does not match the DN in the certificate receivedfrom the server.

Administrator response: Verify that the server'shostname, port number, and Distinguished Name arecorrect and that the correct server certificate is beingused.

HPDBA0202E The keyfile is not configured or itcould not be opened or accessed.

Explanation: The keyfile does not exist or permissionsprevent the application from reading the keyfile.

Administrator response: Ensure that the keyfile

specified by the "ssl-keyfile" attribute in the "ssl" stanzaof the configuration file exists and that the permissionspermit reading. Verify that it can be viewed using akeyfile management program.

HPDBA0203E The keyfile password is incorrect.

Explanation: The password stash file does not exist orits permissions prevent the application from reading it.

Administrator response: Ensure that the file specified by the "ssl-keyfile-stash" attribute in the "ssl" stanza of the configuration file exists and is readable.

HPDBA0204E The specified certificate could not beused because it does not exist or isotherwise invalid.

Explanation: The certificate in the keyfile has expiredor the keyfile is invalid.

Administrator response: Ensure that the correctcertificate is specified and that it has not expired.

HPDBA0205E The certificate presented by the SSLpartner could not be successfullyvalidated.

Explanation: The certificate presented by the

application is invalid.

Administrator response: Ensure that the correctconfiguration file is being used by the application.

HPDBA0206E The specified SSL V3 sessiontime-out value is invalid.

Explanation: The configuration file contains an invalidvalue.

Administrator response: Specify a valid value (an

HPDBA0101E • HPDBA0206E




integer in the range: 10-86400) in the appropriateconfiguration file for the attribute (ssl-v3-timeout) orinitialization parameter (azn_init_ssl_timeout). SecurityAccess Manager components do not operate correctlywith small time-out values in some networkenvironments.

HPDBA0207E A communication error occurredwhile initializing the SSL connection.

Explanation: An internal error has occurred. It might be caused by a TCP/IP connection problem.


HPDBA0208E The requested action cannot beperformed because the SSL environment

is not initialized.Explanation: An internal error has occurred.


HPDBA0209E The requested action cannot beperformed because the SSL environmentis already initialized.



HPDBA0210E The SSL environment could not beclosed.


Administrator response: Retry the command. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/

software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0211E The SSL attribute could not be setbecause the value is invalid.




HPDBA0212E The SSL environment could not beinitialized. Ensure all required SSLconfiguration parameters are correct.

Explanation: The configuration might be corrupted.

Administrator response: Retry the command. If theproblem persists, unconfigure and reconfigure theapplication.

HPDBA0213E The WinSock library could not beloaded.


Administrator response: Ensure that WinSock supportis installed and the library directory is in the PATHthen retry the command. If the problem persists, checkIBM Electronic Support for additional information -


HPDBA0214E The SSL socket could not beinitialized. Ensure all required SSLconfiguration parameters are correct.

Explanation: The configuration might be corrupted.

Administrator response: Retry the command. If theproblem persists, unconfigure and reconfigure theapplication.

HPDBA0215E Information about the SSL session

could not be determined.



HPDBA0216E The SSL session could not be reset.


Administrator response: Retry the command. If the

problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0217E The SSL session type cannot be set toclient on a server.


Administrator response: Retry the command. If theproblem persists, check IBM Electronic Support for





additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0218E An error occurred writing data to anSSL connection.



HPDBA0219E An error occurred reading data froman SSL connection.


Administrator response: Retry the command. If theproblem persists, check IBM Electronic Support for


HPDBA0220E The partner's SSL certificateinformation could not be determined.



HPDBA0221E The requested action could not beperformed because the SSL client isalready bound to the server.



HPDBA0222E The TCP/IP host information could

not be determined from the serverhostname. Ensure that the serverhostname is correct.



HPDBA0223E The SSL communication cannot beperformed because the socket is invalid.




HPDBA0224E The specified authentication methodis invalid. Ensure that the specifiedauthentication method is a supportedvalue.

Explanation: The configuration file contains an invalidvalue.

Administrator response: Correct the authenticationmethod specified in the configuration file, orunconfigure and reconfigure the application.

HPDBA0225E A configuration action could not beperformed because the SSL server isalready initialized and running.



HPDBA0228E The data could not be sent over SSLbecause the buffer size was insufficient.



HPDBA0229E The certificate or keyfile password isexpired.

Explanation: The certificate or the keyfile password isexpired and auto-refresh is not enabled.

Administrator response: Refresh the password or

enable auto-refresh in the configuration file.

HPDBA0230E The certificate label or DN is invalid.


Administrator response: Reconfigure the application.If the problem persists, check IBM Electronic Supportfor additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman





HPDBA0231E The date for the partner certificate isinvalid.


Administrator response: Reconfigure the application.If the problem persists, check IBM Electronic Supportfor additional information - http://www.ibm.com/


HPDBA0232E The type of the partner certificate isunsupported.



HPDBA0233E No certificate was presented by theSSL partner.



HPDBA0234E The SSL communications could notbe completed. The socket was closed.


Administrator response: If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0236W The server could not locate thesession for the client.

Explanation: The client disconnected before theoperation completed.


HPDBA0237E The client is not bound. The clientmust be bound to perform thisoperation.



HPDBA0242W The server could not find a handlerfor the command: (0x%x).

Explanation: This might indicate that the client orserver should be upgraded.

Administrator response: Ensure that the client andserver software are at a compatible level. Update the

client or server software if necessary.

HPDBA0245E GSKKM API failed. %s return (%d).



HPDBA0263E Accept failed, errno: (0x%x).



HPDBA0269E The session performing the operationlost its credentials.

Explanation: This is an internal error.


HPDBA0272E The SSL keyfile name is invalid.

Explanation: The configuration file is corrupted orcontains invalid data.

Administrator response: Unconfigure and reconfigurethe application.

HPDBA0273E The SSL version is invalid. Thespecified version is incorrect orunsupported.

Explanation: The configuration file is corrupted or

contains invalid data.Administrator response: Unconfigure and reconfigurethe application.

HPDBA0274E The SSL keyfile stash file name areinvalid.







HPDBA0275E The client is not configured properlyfor this call. No replicas have beenspecified.

Explanation: The configuration is incomplete.

Administrator response: Use the svrsslcfg-add_replica command to add appropriate replica

authorization servers.

HPDBA0276E The server name is invalid.



HPDBA0277E The server port is invalid.



HPDBA0279E A domain must be specified forauthentication.

Explanation: A domain has not been specified beforecontacting the server.

Administrator response: Ensure a domain is specifiedin the configuration file.

HPDBA0280E An invalid Privilege Attribute

Certificate (PAC) was specified.Explanation: An internal error has occurred.


HPDBA0281E An unexpected exception was caught.


Administrator response: See the error log for moreinformation. Check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0282E An unknown exception was caught.No exception information is available.



HPDBA0285E Automatic refresh could not beperformed because of a GSKKM APIerror.


Administrator response: Verify that there is enoughdisk space on the machine. If the problem persists,

check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0286W An invalid data packet was receivedand discarded.

Explanation: Incoming data is unrecognized.


HPDBA0287E Automatic refresh could not beperformed because the certificate has

expired.

Explanation: The certificate has expired and must bemanually refreshed.

Administrator response: Refresh the certificate in thekeyfile. For C applications, use the svrsslcfg commandwith the -chgcert option to attempt a manual refresh of the certificate. For Java applications, usecom.tivoli.pd.jcfg.SvrSslCfg -action replcert.

HPDBA0288W Automatic refresh of the certificatecould not be performed because of error(0x%8.8x).


Administrator response: The operation will beautomatically retried. No action is required.

HPDBA0289W Automatic refresh of the certificatecould not be performed because of error(0x%8.8x).


Administrator response: The operation will beautomatically retried. No action is required.

HPDBA0292E The certificate has expired or the dateis invalid.

Explanation: The date in the certificate is not valid.

Administrator response: Renew the certificate. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman





HPDBA0293E ICC API failed. %s returns %d , %s



HPDBA0294W Could not get ICC context.

Explanation: This is an informational message. Anerror occurred while attempting to get icc context.


HPDBA0295W Could not get ICC random number

Explanation: This is an informational message. Anerror occurred while attempting to get icc randomnumber.


HPDBA0296E The SSL communications could notbe completed. An incorrectly formattedSSL message was received from thepartner.

Explanation: The FIPS setting might not be the same.All machines in a secure Security Access Managerenvironment must be configured with the same"ssl-enable-fips" value.

Administrator response: Ensure that the value for the"ssl-enable-fips" entry in the "[ssl]" stanza of pd.conf isthe same on both the local machine and the machine

where communication is attempted. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0297E Timeout expired. The timeout periodelapsed before obtaining a connectionfrom the client to the server.

Explanation: See Message.

Administrator response: Increase the value of the'ssl-client-connection-timeout' entry in the [ssl] stanza

of the 'etc/ivmgrd.conf' file in the Security AccessManager install directory. And ensure server is runningand listening.

HPDBA0298W Certified FIPS mode is not availableon this platform because the underlyingFIPS provider is not currently certified.Security Access Manager will run innon-certified FIPS mode.

Explanation: See Message. This is a usually atemporary condition, and should be aleviated on this

platform in a subsequent version of GSKit.

Administrator response: When available, upgrade tothe FIPS certified version of GSKit for this platform.

HPDBA0300E Invalid protected object policy name.

Explanation: The protected object policy (POP) name

that was specified is not valid.

Administrator response: Specify a valid POP name.Valid characters are a-z, A-Z, 0-9, underscore (_),hyphen (-), and backslash (\) or any character from adouble-byte character set.

HPDBA0301E The protected object policy specifiedwas not found.


Administrator response: Retry the command with avalid protected object policy name.

HPDBA0302E Policy is attached to one or moreprotected objects. A policy cannot bedeleted while it is still attached.


Administrator response: Detach the policy from allprotected objects and retry the command.

HPDBA0303E A protected object policy with thisname already exists.

Explanation: An attempt was made to create a newprotected object policy. A protected object policy by the

same name already exists.

Administrator response: Determine if this conflictneeds to be resolved and take action accordingly.

HPDBA0305E The protected object policy cannot beattached to the specified protectedobject. The protected object has beenmarked to not accept the protectedobject policy.

Explanation: The creator or administrator of thespecified protected object has set the attributes of theprotected object such that no policy can be attached.

Administrator response: The administator of thespecified protected object must change the attributes of the protected object before a policy can be attached.

HPDBA0306E The ACL cannot be attached to thespecified protected object. The protectedobject has been marked to not acceptthe ACL policy.

Explanation: The creator or administrator of thespecified protected object has set the attributes of the





protected object such that no policy can be attached.

Administrator response: The administator of thespecified protected object must change the attributes of the protected object before a policy can be attached.

HPDBA0308E Invalid authorization rule name.

Explanation: The rule name that was specified is notvalid.

Administrator response: Specify a valid authorizationrule name. Valid characters are a-z, A-Z, 0-9,underscore (_), hyphen (-), and backslash (\) or anycharacter from a double-byte character set.

HPDBA0309E Invalid authorization rule text string.

Explanation: The rule text string that was specified isnot valid.

Administrator response: Specify a valid authorizationrule test string. Valid characters are a-z, A-Z, 0-9,underscore (_), hyphen (-), and backslash (\) or anycharacter from a double-byte character set.

HPDBA0310E The authorization rule specified wasnot found.


Administrator response: Specify the correct rule andretry the command.

HPDBA0311E An authorization rule with this namealready exists.

Explanation: An attempt was made to create a newauthorization rule. An authorization rule by the samename already exists.

Administrator response: Determine if this conflictneeds to be resolved and take action accordingly.

HPDBA0312E The authorization rule cannot beattached to the specified protectedobject. The protected object has beenmarked to not accept protected objectpolicies.

Explanation: The creator or administrator of the

specified protected object has set the attributes of theprotected object so that no authorization rule can beattached.

Administrator response: The administator of thespecified protected object must change the attributes of the protected object such that authorization rule will beaccepted.

HPDBA0313E The authorization rule is attached toone or more protected objects. Theauthorization rule cannot be deletedwhile it is still attached


Administrator response: Use the authzrule find

command to get a list of the protected objects that areattached to the rule. Detach all protected objects fromthe authorization rule then retry the command.

HPDBA0401E ASN.1 encoding error (0x%8.8lx).



HPDBA0406E ASN.1 decoding error. The version of

ASN.1 encoded data wasunexpected.The most likely cause is thatthe sender is at different version.



HPDBA0407E ASN.1 general error. Unsupportedoperation.



HPDBA0408E The ASN.1 data stream endedprematurely.




HPDBA0409E An ASN.1 integer value is too large.







HPDBA0410E ASN.1 data length is invalid. Thedata buffer is invalid.




HPDBA0411E ASN.1 data invalid encoding. Thedata buffer contains unexpected data.



HPDBA0412E ASN.1 data invalid parameter.

Explanation: An internal error has occurred.Administrator response: Check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0413E ASN.1 indefinite data type is notallowed. The data buffer containsunexpected data.




HPDBA0414E The ASN.1 data type must beprimitive. The data buffer containsunexpected data.



HPDBA0415E The ASN.1 type must be constructed.The data buffer contains unexpecteddata.



HPDBA0416E An ASN.1 data value is not set. Thedata buffer contains unexpected data.




HPDBA0417E The ASN.1 indefinite data type is notsupported. The data buffer containsunexpected data.



HPDBA0418E The unused bitcount is invalid for the

ASN.1 bitstream type. The data buffercontains unexpected data.



HPDBA0419E The segmented bitcount is invalid forthe ASN.1 bitstream type. The databuffer contains unexpected data.



HPDBA0420E An unexpected ASN.1 data type wasfound. The data buffer containsunexpected data.




HPDBA0421E The ASN.1 data buffer is too long.The data buffer contains unexpecteddata.








HPDBA0422E The ASN.1 data stream is missingmembers of a sorted set. The data buffercontains unexpected data.



HPDBA0423E The ASN.1 choice index is out ofrange.



HPDBA0424E The ASN.1 choice data type is notinitialized.

Explanation: An internal error has occurred. Anattempt was made to set a value to an unselectedchoice.


HPDBA0425E The ASN.1 asn_any data type has

specific syntax.



HPDBA0426E The ASN.1 utc/gmt time type has aninvalid value.




HPDBA0427E The ASN.1 UTF-8 string could notconvert the string to or from the localcode page.




HPDBA0428E The specified codeset is not permittedfor this ASN.1 data type.



HPDBA0600E Keyfile password change failed. File:%s. Error: %d

Explanation: An unexpected error occurred whilechanging the password for the specified key file.

Administrator response: Change the passwordmanually using the -chgpwd option. If the problempersists, check IBM Electronic Support for additional

information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBA0601E Keyfile password change failedbecause GSKit could not resolve thestash file. File: %s. Error: %d

Explanation: An error occurred while changing thepassword for the specified key file. The key stash file ismissing.

Administrator response: The stash file may bemissing or corrupted. Attempt to locate the stash filefor the specified key file.

HPDBA0602E Keyfile password change failedbecause permissions on the file are notcorrect. File: %s.

Explanation: An error occurred while changing thepassword for the specified key file. The file permissionsare incorrect, or the owner is incorrect.

Administrator response: Ensure that the owner of thefile matches the identity of the application. Ensure thatthe identity has permission to create and write the file.Then change the password manually using the-chgpwd option.

HPDBA0603E Keyfile password change failedbecause GSKit could not change thepassword. File: %s. Error: %d

Explanation: An unexpected error occurred whilechanging the password for the specified key file. GSKitchange key password returned an error.

Administrator response: The key file or stash file may be corrupted.





HPDBA0604E Keyfile password change rollbackfailed. GSKit reports an error. File: %s.Error: %d

Explanation: An error occurred while attempting torestore the password for the specified key file.

Administrator response: The key file or stash file may

be missing or corrupted.

HPDBA0605W Warning mode is enabled for thisprotected object policy (POP). Completeaccess to the protected object using thisPOP is permitted regardless of otherrestrictions in the POP.

Explanation: When the warning mode attribute for thePOP is set to yes, any user can perform any action onthe object where the POP is attached. Any access to theobject is permitted even if the security policy attachedto the object is set to deny this access. This message is aprecautionary warning to safeguard that this is the

desired behavior.

Administrator response: If unrestricted access isdesired to the object where the POP is attached, noaction is required. To enable restrictions in the POP,modify the POP by setting the value of the warningmode attribute to no.

HPDBA0608E Unable to map interface name '%s' toaddress. getaddrinfo returned error %d:%s.

Explanation: The interface name (IP address) providedwas not accepted by the operating system.

Administrator response: Change the name of theinterface (IP address) and retry.

HPDBF0020E The specified JRE (%s) version (%s)does not meet supported JRE versionrequirement.Consult the manual for alist of supported JREs.


Administrator response: Install a supported JRE andretry the command.

HPDBF0021E This Java Runtime Environment (%s)has already been configured.Unconfigure first then retry thecommand.

Explanation: The specified JRE is already configuredand cannot be configured twice.

Administrator response: Unconfigure JRE if youwould like to configure again.

HPDBF0022E This Java Runtime Environment (%s)has already been configured.Unconfigure first or specify a different JRE path then retry the command.

Explanation: The specified JRE is already configuredand cannot be configured twice.

Administrator response: Unconfigure JRE if youwould like to configure again or specify a different JREpath.

HPDBF0025E Unable to create the PD.properties filein the specified JRE.Ensure you havethe correct permissions to do so.

Explanation: Unable to create PD.properties file inPolicyDirector directory of the JRE being configured.

Administrator response: Ensure that the user has thenecessary permissions to create the PolicyDirectordirectory and the PD.properties file in the

<JRE_HOME>/PolicyDirector directory.

HPDBF0026W Unable to rename the PD.propertiesfile.


Administrator response: Ensure the permissions onthe file allow this process to modify it.

HPDBF0027E An error occurred while creatingPD.properties file.

Explanation: Unable to create PD.properties file inPolicyDirector directory of the JRE being configured.

Administrator response: Ensure that the user has thenecessary permissions to create the PolicyDirectordirectory and the PD.properties file in the<JRE_HOME>/PolicyDirector directory.

HPDBF0029E No JRE has been configured. Unableto unconfigure %s .

Explanation: pdjrte_paths file does not exist. As such,no JREs have been configured already.

Administrator response: Configure a JRE. Or, if a JREis already configured and this message is still

displayed, create the <PDHOME>/etc/pdjrte_paths filew/ the JRE path listed.

HPDBF0030W The JRE (%s) is notconfigured for theSecurity Access Manager Runtime for Java.


Administrator response: Configure the JRE for theSecurity Access Manager Runtime for Java.

HPDBA0604E • HPDBF0030W




HPDBF0031E This Java Runtime Environment hasalready been configured.

Explanation: The JRE specified is already listed in thepdjrte_paths file.

Administrator response: Unconfigure this JRE beforetrying to configure.

HPDBF0032E There was an internal error duringinitialization.


Administrator response: Make sure the CLASSPATHis set correctly.

HPDBF0073W Unable to stop IBM WebSphereApplication Server.

Explanation: The server could not be stopped.Perhaps it was not running.


HPDBF0075W Unable to Regenerate IBMWebSphere Application Server PluginConfiguration.

Explanation: The plugin configuration could not beregenerated. Perhaps the server name is not the defaultserver1

Administrator response: From the command line, runthe command GenPluginCfg -server.name<servername> where servername is the name of yourIBM WebSphere Application Server.

HPDBF0078W Unable to start IBM WebSphereApplication Server.

Explanation: The command to start the server failed.Perhaps it is already running.


HPDBF0080E Unable to deploy Security AccessManager Web Portal Manager.

Explanation: An error occurred during the installationof the product.

Administrator response: Refer to previous messagesthat have appeared on the screen for more details. Fixthe problem and then retry the command.

HPDBF0083E The Security Access Manager runtimemust be configured first.


Administrator response: Configure the SecurityAccess Manager rutime before configuring Web PortalManager.

HPDBF0084E Unable to perform SvrSslCfgconfiguration forSecurity AccessManager Web Portal Manager.


Administrator response: Refer to previous messagesthat have appeared on the screen for more details. Fix

the problem and then retry the command.

HPDBF0085E Unable to find the iscwpm.wardirectory. Make sure that the WPMapplication is deployed in theWebSphere systemApps directory.


Administrator response: See message

HPDBF0086E The WebSphere server installation fullpath is not valid.Possible causes are:Make sure you have installed a

supported version of WebSphere. Makesure you have configured SecurityAccess Manager Runtime for Java to thisWebSphere Java path.

Explanation: The path specified for WebSphere is notvalid.

Administrator response: Install a supported version of WebSphere.

HPDBF0087E The Security Access Manager WebPortal Manager has already beenconfigured.


Administrator response: Unconfigure the SecurityAccess Manager Web Portal Manager first, then retrythe command.

HPDBF0088E The Security Access Manager WebPortal Manager has already beenunconfigured.



HPDBF0089E Unable to configure Security AccessManager Runtime for Java into the IBMWebSphere Application Server.



HPDBF0031E • HPDBF0089E




HPDBF0091E Security Access Manager Web PortalManager could not be removedfromWebSphere. Continuing with theunconfig operation.

Explanation: An internal error occurred during theuninstall process.

Administrator response: Refer to previous messagesthat have appeared on the screen for more details. Fixthe problem and then retry the command. Use theWebSphere Admin Console to remove the SecurityAccess Manager Web Portal Manager.

HPDBF0094E Unable to unconfigure Security AccessManager Runtime for Javafrom IBMWebSphere Application Server.




HPDBF0095E The SvrSslCfg unconfigurationcommand cannot be performedforSecurity Access Manager Web PortalManager.



HPDBF0097E IBM WebSphere Application Server

plug-in configuration could not beregenerated.



HPDBF0098E The Windows registry could not beopened.

Explanation: The API that is used to manipulate theregistry failed.

Administrator response: Ensure you are using asupported operating system. Refer to previousmessages that have appeared on the screen for moredetails. Fix the problem and then retry the command.

HPDBF0099E The registry key value could not beset.

Explanation: The API that is used to manipulate theregistry failed.

Administrator response: Ensure you are using a

supported operating system. Refer to previousmessages that have appeared on the screen for moredetails. Fix the problem and then retry the command.

HPDBF0100E The IBM HTTP server installationpath could not be obtained.


Administrator response: Ensure that IBM HTTPserver is properly installed.

HPDBF0101E The httpd.conf file could not bemodified. SSL is not available forconnecting toSecurity Access ManagerWeb Portal Manager.

Explanation: Unable to access the configuration filefor the IBM HTTP server. SSL will not functionproperly.

Administrator response: Check the file permissions

and path. Ensure the file is not locked by anotherprocess.

HPDBF0102E The pdwpm.conf file could not bemodified.

Explanation: Unable to access the configuration filefor Security Access Manager Web Portal Manager.

Administrator response: Check the file permissionsand path. Ensure the file is not locked by anotherprocess.

HPDBF0116E The port number is not valid. The

port must be an integer greater than orequal to zero.


Administrator response: Retry the command with avalid port number.

HPDBF0119E The local host name cannot beobtained. Specify the host name usingthe - policysvr option.


Administrator response: Specify a value for -policysvr

option, and retry the command.

HPDBF0120E Could not contact the Security AccessManager policy server. Possible causesare:The Policy server is not running.ThePolicy server host name or port numberis incorrect.


Administrator response: Make sure the policy serveris running and specify a correct value for host name





and port number, and retry the command.

HPDBF0122E The value specified for -action option(%s) was not valid. The value must beone of the following:config|unconfig|status|name


Administrator response: Specify a correct value forthe -action option. Retry the command.

HPDBF0153E An error occurred backing up thedata.



HPDBF0154E An error occurred restoring the

archive.

Explanation: An error occurred during the restorationprocess.


HPDBF0155E Could not resolve path for SecurityAccess Manager runtime.

Explanation: The Security Access Manager runtimepath could not be obtained from the registry.

Administrator response: Ensure Security AccessManager runtime is installed on the system.

HPDBF0156E Could not parse the line: %s.

Explanation: The line in the backup list is misformed.

Administrator response: Correct the line and retry thecommand.

HPDBF0157E Could not backup the registry subkey:%s.

Explanation: The registry subkey could not be saved.


HPDBF0158E Could not restore the registry subkey:%s.

Explanation: The registry subkey could not berestored.



HPDBF0159E Could not copy %s to %s .

Explanation: An error occurred copying the file.

Administrator response: Check the paths andpermissions of the directories.

HPDBF0160E Could not open file: %s

Explanation: The specified file could not be opened.

Administrator response: Check the path, name, andpermissions of the file and retry the command.

HPDBF0161E Could not access list: %s

Explanation: The backup list could not be accessed.


HPDBF0162E The drive %s is not a fixed drive.

Explanation: The drive specified must be a fixed drivefor the restore to occur.

Administrator response: Specify the correct driveletter and retry the command.

HPDBF0163E Could not access the path: %s

Explanation: The path specified does not exist.

Administrator response: Check the path and retry thecommand.

HPDBF0169E Could not open file: %s



HPDBF0171E Could not resolve path for SecurityAccess Manager runtime.

Explanation: The Security Access Manager runtimepath could not be obtained from the registry.

Administrator response: Ensure Security Access

Manager runtime is installed on the system.

HPDBF0172E The file, %s , could not be read.


Administrator response: Check the file's permissionsand path and retry the command.





HPDBF0178E Error opening or reading the responsefile %s. Ensure the file exists and that itcontains the correct stanza name, %s.

Explanation: The response file could not be accessedor the stanza name is invalid.

Administrator response: Check the path and

permissions of the file, make sure it has a valid stanzaname, then retry the command.

HPDBF0229E The configuration action is invalid.Valid actions are 'create' or 'replace'.


Administrator response: Retry the command with avalid configuration action.

HPDBF0230E The port number is invalid. The portmust be an integer greater than or equalto zero.


Administrator response: Retry the command with avalid port number.

HPDBF0231E The rank is invalid. The rank must bean integer.


Administrator response: Retry the command with avalid rank.

HPDBF0232E The format of the servers option ishost1:port1:rank1,host2:port2:rank2,...

Explanation: An invalid servers format was entered.

Administrator response: Rerun the command with avalid servers format.

HPDBF0233E An invalid server option was entered.The format of the server option ishost:port:rank.


Administrator response: Rerun the command with avalid server option.

HPDBF0234E Unable to load pd.properties.

Explanation: Not able to load pd.properties files.

Administrator response: Make sure pdjrte isconfigured.

HPDBF0235E Invalid key file or configuration filename.


Administrator response: Retry the command withvalid key file or configuration file name.

HPDBF0236E The directory does not exist.


Administrator response: Ensure the specifieddirectory exist and has appropriate permissions.

HPDBF0237E The mode value is invalid. The valuemust be 'remote' or 'local'.


Administrator response: Retry the command withvalid mode value.

HPDBF0238E The server option is invalid. Specifyone policy server or authorization serverparameter.


Administrator response: Retry the command withvalid server parameter.

HPDBF0239E The listening option is invalid. Thevalue must be 'true' or 'false'.


Administrator response: Retry the command withvalid listening value.

HPDBF0240E The refresh interval is invalid. Thevalue must be an integer greater than orequal to zero.


Administrator response: Retry the command with avalid refresh value.

HPDBF0247E The local host name cannot beobtained. Specify the host name using

the -host option.


Administrator response: Specify a value for -hostoption. and retry the command.

HPDBF0248W The following options are ignoredwhen configuring a remote-mode server:%s

Explanation: The -dblisten, -dbrefresh and -dbdir

HPDBF0178E • HPDBF0248W




options are valid only for local-mode servers. Remotemode was specified.

Administrator response: No action required, but beaware that the values for the listed options are notincluded in the application server's configuration. If theapplication server is required to use the options, itmust be unconfigured and reconfigured as a local-mode

server.

HPDBF0250E The certificate refresh is invalid. Thevalue must be true or false.


Administrator response: Retry the command with avalid appsvr-certrefresh setting.

HPDBF0253E The SSL V3 protocol enable flag isinvalid. The value must be true or false.


Administrator response: Retry the command with avalid ssl_v3_enable setting.

HPDBF0255E The TLS V1.0 protocol enable flag isinvalid. The value must be true or false.


Administrator response: Retry the command with avalid tls_v10_enable setting.







HPDBF0283E Invalid LDAP SSL information was

entered.


Administrator response: Provide the correct key file,key label, password and ssl port number, then retry thecommand.

HPDBF0289E Incorrect Security Access Manageradministrator name or password.

Explanation: An incorrected administrator name orpassword was given.

Administrator response: Correct the information andretry the command.

HPDBF0292E The PDMgrProxyd service could notbe deleted.



HPDBF0295E An error occurred whileunconfiguring the Security AccessManager proxy server.

Explanation: See message.Administrator response: Refer to previous messagesthat have appeared on the screen for more details. Fixthe problem and then retry the command.

HPDBF0298E Security Access Manager runtimemust be configured first.


Administrator response: Configure Security AccessManager runtime, then retry the command.

HPDBF0299E Security Access Manager policy serverhas already been unconfigured.

Explanation: The policy server is alreadyunconfigured.

Administrator response: This process only works if the policy server is currently configured. Configure theserver and retry the command.

HPDBF0300E The PDMgrProxyd service could notbe deleted.



HPDBF0301E The PDMgrProxyd service could notbe registered.







HPDBF0302E An error occurred openingconfiguration file.


Administrator response: Check the permissions of thefile and make sure it is not in use by another process,then retry the command.

HPDBF0303E An error occurred whileunconfiguring the Security AccessManager proxy server.



HPDBF0304E A memory allocation error resulted inthe termination of the program. Checkthe maximum allowable memory and

the amount of system paging space asthese may both need to be increased.


Administrator response: Increase the maximumallowable memory and the system paging space or shutdown one or more applications.

HPDBF0305E An error occurred while starting theSecurity Access Manager policy proxyserver.



HPDBF0348W An error occurred while checking theproperties of the target Java RuntimeEnvironment (%s). The JRE might needpost-configuration modification.

Explanation: During Security Access ManagerRuntime for Java configuration, the version and vendorof the target JRE are examined. Since the version andvendor could not be determined, the configurationcontinues as if the JRE needs no modification.

Administrator response: After Security AccessManager Runtime for Java configuration, determine thetarget Java runtime version and vendor manually. Thiscan be done by executing 'java -version', where the javainvoked is in the target runtime. The output shouldindicate the version and vendor. If the version is JRE1.4 or later and the vendor is Sun Microsystems, the

JRE can then be modified manually: The jsse.jar filepresent in the JRE's lib directory must be moved to a

backup location outside of the lib directory. Note thatwhen the Security Access Manager Runtime for Java is

unconfigured for that JRE, the jsse.jar file must bemanually restored from its backup location to the libdirectory.

HPDBF0349E The Java Runtime Environment (%s)cannot be configured. Configure byusing the pdjrtecfg command in

non-interactive mode.

Explanation: During Security Access ManagerRuntime for Java configuration, it was determined thatthe target JRE must be modified. The currently running

JRE is the target JRE and cannot be modified asrequired.

Administrator response: Configure the SecurityAccess Manager Runtime for Java by executing thepdjrtecfg command found in the Security AccessManager sbin directory. The pdjrtecfg command must

be executed in non-interactive mode. Also, do not use aresponse file when executing pdjrtecfg.

HPDBF0350E Unable to start Security AccessManager Web Portal Manager.

Explanation: An error occurred while starting SecurityAccess Manager Web Portal Manager.

Administrator response: Stop and restart the IBMWebSphere Application Server.

HPDBF0351W An error occurred while restoring theoriginal state of the target Java RuntimeEnvironment (%s). The JRE might needpost-unconfiguration modification.

Explanation: During Security Access ManagerRuntime for Java configuration, the target JRE wasmodified so that the jsse.jar file in its lib directory wasmoved to a jarbackup directory created under lib. Theunconfiguration program is unable to move the jsse.jarfile back to its original location and remove the

jarbackup directory, possibly due to file system accessproblems.

Administrator response: Manually restore the state of the Java Runtime Environment by moving the jsse.jarfile in JRE lib/jarbackup directory to its originallocation in the lib directory. Then remove the jarbackupdirectory.

HPDBF0352W The temporary file %s cannot bedeleted. Manually delete the file.

Explanation: During Security Access ManagerRuntime for Java configuration, a temporary file wascreated, but cannot be deleted, possibly due to filesystem access problems.

Administrator response: Manually delete the namedfile.

HPDBF0302E • HPDBF0352W




HPDBF0358E Could not contact the Security AccessManager authorization server. Possiblecauses are:The Authorization server isnot running.The Authorization serverhost name or port number is incorrect.


Administrator response: Make sure the authorizationserver is running and specify a correct value for hostname and port number, and retry the command.

HPDBF0366E Could not contact the Security AccessManager authorization server. Possiblecauses are:The Authorization server isnot running.The Authorization serverhost name or port number is incorrect.


Administrator response: Make sure the authorizationserver is running and specify a correct value for host

name and port number, and retry the command.

HPDBF0367E Could not contact the WebSphereserver. Possible causes are:TheWebSphere server is not running.TheWebSphere server host name or portnumber is incorrect.


Administrator response: Make sure the IBMWebSphere Application Server or Deployment Manageris running and specify a correct value for host nameand port number, and retry the command.

HPDBF0368E Could not find a IBM WebSphereApplication Server or Cluster. Possiblecauses are:The WebSphere server hostname or port number is incorrect. Thespecified cluster or application server isinvalid.


Administrator response: Specify a correct value forhost name and port number, and retry the command.

HPDBF0369E Invalid hostname for the Security

Access Manager policy server. Possiblecauses are:The Policy server host nameis incorrect.


Administrator response: Specify a correct value forthe host name and retry the command.

HPDBF0370E Invalid hostname for the SecurityAccess Manager authorization server.Possible causes are:The Authorizationserver host name is incorrect.


Administrator response: Specify a correct value for

the host name and retry the command.

HPDBF0371E Invalid hostname for the WebSphereserver. Possible causes are:TheWebSphere host name is incorrect.


Administrator response: Specify a correct value forthe host name and retry the command.

HPDBF0372E The required option (%s) was notspecified.

Explanation: See message.Administrator response: Specify all of the requiredoptions. Retry the command.

HPDBF0388E Unable to create thePDJLog.properties file in the specified JRE.Ensure you have the correctpermissions to do so.

Explanation: Unable to create PDJLog.properties filein PolicyDirector directory of the JRE being configured.

Administrator response: Ensure that the user has thenecessary permissions to create the PolicyDirector

directory and the PDJLog.properties file in the<JRE_HOME>/PolicyDirector directory.

HPDBF0399E The Security Access Manager Runtimefor Java cannot run with the FIPS modeset.

Explanation: The Security Access Manager Runtimefor Java has configured FIPS mode that is differentfrom the WebSphere FIPS mode.

Administrator response: Make sure that theWebSphere and Security Access Manager Runtime for

Java are configured with the same FIPS setting.

HPDBF0413E The Security Access Manager Runtimefor Java installed within the JRE (%s)version (%s) is outdated.Upgrade theSecurity Access Manager Runtime for Java.

Explanation: Security Access Manager Runtime for Java needs to be upgraded.

Administrator response: Upgrade the Security AccessManager Runtime for Java configured to the JRE.





HPDBF0440E The file %s could not be accessed.

Explanation: The file does not exist or does not havethe correct permissions.

Administrator response: Reissue the commandspecifying a valid file.

HPDBF0443E The server audit configuration file %scould not be created.

Explanation: The server audit configuration file couldnot be created.

Administrator response: Ensure that there is enoughspace and that the directory has the correct permissionsThen, reissue the command.

HPDBF0444E Configuration data could not bewritten to %s .

Explanation: The server audit configuration file could

not be created.Administrator response: Ensure that there is enoughspace and that the directory has the correct permissionsThen, reissue the command.

HPDBF0445E Invalid value specified for-disk_cache_mode. Valid values are\'auto\', \'always\', and \'never\'.

Explanation: Invalid value specified for-disk_cache_mode. Valid values are \'auto\','\always'\, and \'never\'.

Administrator response: Reissue the command

specifying a valid value for -disk_cache_mode.

HPDBF0446E Invalid value specified for -enable_ssl.Valid values are \'yes\' and \'no\'.

Explanation: Invalid value specified for -enable_ssl.Valid values are \'yes' and \'no\'.

Administrator response: Reissue the commandspecifying a valid value for -enable_ssl.

HPDBF0447E Invalid value specified for-enable_pwd_auth. Valid values are\'yes\' and \'no\'.

Explanation: Invalid value specified for-enable_pwd_auth. Valid values are \'yes' and \'no\'.

Administrator response: Reissue the commandspecifying a valid value for -enable_pwd_auth.

HPDBF0448E The audit server could not becontacted.

Explanation: The audit server is down or theinformation provided for the audit server is incorrect.

Administrator response: After verifying the auditserver is running and the information provided for the

audit server is correct, reissue the command.

HPDBF0450E Option %s is required with option %s.

Explanation: Required option is not specified.

Administrator response: Reissue the commandspecifying the missing option.

HPDBF0451E The server audit configuration file %scould not be created.



HPDBF0452E Configuration data could not bewritten to %s .



HPDBF0453E Invalid value specified for-disk_cache_mode. Valid values are\'auto\', \'always\', and \'never\'.

Explanation: Invalid value specified for-disk_cache_mode. Valid values are \'auto\','\always'\, and \'never\'.

Administrator response: Reissue the commandspecifying a valid value for -disk_cache_mode.

HPDBF0454E Invalid value specified for -enable_ssl.Valid values are \'yes\' and \'no\'.

Explanation: Invalid value specified for -enable_ssl.Valid values are \'yes' and \'no\'.

Administrator response: Reissue the commandspecifying a valid value for -enable_ssl.

HPDBF0455E Invalid value specified for-enable_pwd_auth. Valid values are\'yes\' and \'no\'.

Explanation: Invalid value specified for-enable_pwd_auth. Valid values are \'yes' and \'no\'.





Administrator response: Reissue the commandspecifying a valid value for -enable_pwd_auth.

HPDBF0456E The audit server could not becontacted.

Explanation: The audit server is down or theinformation provided for the audit server is incorrect.

Administrator response: After verifying the auditserver is running and the information provided for theaudit server is correct, reissue the command.

HPDBF0478E The audit key file is invalid.

Explanation: The audit key file is invalid.

Administrator response: Specify a valid key file.

HPDBF0479E Invalid value specified for-temp_storage_full_timeout. Valid valuesare \'-1\', \'0\', and any positive

integer.

Explanation: Invalid value specified for-temp_storage_full_timeout. Valid values are \'-1\','\0'\, and any positive integer.

Administrator response: Reissue the commandspecifying a valid value for -temp_storage_full_timeout.

HPDBF0480E The option-temp_storage_full_timeout is only validwhen -disk_cache_mode is set to\'auto\' or \'always\'.

Explanation: The option -temp_storage_full_timeout isonly valid when -disk_cache_mode is set to \'auto\' or'\always\'.

Administrator response: Reissue the commandspecifying a proper value for -disk_cache_mode.

HPDBF0481E The audit ID password is invalid.

Explanation: The audit ID password is invalid.

Administrator response: Specify a valid audit IDpassword.

HPDBF0482E The audit server URL is invalid.

Explanation: The audit server URL is invalid.

Administrator response: Specify a valid audit serverURL.

HPDBF0483E The audit cache file is invalid.

Explanation: The audit cache file is invalid.

Administrator response: Specify a valid audit cachefile.

HPDBF0484E Incorrect Security Access Managervalue for policysvr. The value shouldcontain host:port:rank.

Explanation: An incorrect entry was given forpolicysvr. It should have host:port:rank.

Administrator response: Correct the information and

retry the command.

HPDBF0487E Invalid value specified for-temp_storage_full_timeout. Valid valuesare \'-1\', \'0\', and any positiveinteger.

Explanation: Invalid value specified for-temp_storage_full_timeout. Valid values are \'-1\','\0'\, and any positive integer.

Administrator response: Reissue the commandspecifying a valid value for -temp_storage_full_timeout.

HPDBF0488E The option-temp_storage_full_timeout is only validwhen -disk_cache_mode is set to\'auto\' or \'always\'.

Explanation: The option -temp_storage_full_timeout isonly valid when -disk_cache_mode is set to \'auto\' or'\always\'.

Administrator response: Reissue the commandspecifying a proper value for -disk_cache_mode.

HPDBF0503E The -ldap_ssl_enable option must beeither 'true' or 'false'.


Administrator response: Retry the command withvalid -ldap_ssl_enable value.

HPDBF0504E The -ldap_mgmt option must be set to'true' to use the -ldap_ssl_truststoreoption.


Administrator response: Retry the command withvalid -ldap_mgmt value.

HPDBF0505E The file specified by the-ldap_ssl_truststore is not accessible.


Administrator response: Ensure that the specified fileexists and that it has appropriate permissions.





HPDBF0506E The -ldap_ssl_truststore option mustbe set to use the-ldap_ssl_truststore_pwd option.


Administrator response: Retry the command with-ldap_ssl_truststore set.

HPDBF0507E The -ldap_ssl_truststore_pwd optionmust be set to use the-ldap_ssl_truststore option.


Administrator response: Retry the command with-ldap_ssl_truststore_pwd set.

HPDBF0508E The LDAP server type is not valid.Thetype must be one of 'readwrite' or'readonly'.

Explanation: See message.Administrator response: Retry the command with avalid LDAP server type.

HPDBF0509E The LDAP server rank is notvalid.The rank must be an integer from0 to 10.


Administrator response: Retry the command with avalid rank value.

HPDBF0510E The -ldap_mgmt option must be set to'true' to use the -ldap_ssl_enable option.



HPDBF0511E The -ldap_ssl_enable option must beeither 'true' or 'false'.


Administrator response: Retry the command withvalid -ldap_ssl_enable value.

HPDBF0512E The -ldap_mgmt option must be set to'true' to use the -ldap_ssl_truststoreoption.



HPDBF0513E The file specified by the-ldap_ssl_truststore is not accessible.


Administrator response: Ensure that the specified fileexists and that it has appropriate permissions.

HPDBF0514E The -ldap_ssl_truststore option mustbe set to use the-ldap_ssl_truststore_pwd option.


Administrator response: Retry the command with-ldap_ssl_truststore set.

HPDBF0515E The -ldap_ssl_truststore_pwd optionmust be set to use the-ldap_ssl_truststore option.


Administrator response: Retry the command with-ldap_ssl_truststore_pwd set.

HPDBF0534E The Security Access Manager Runtimefor Java cannot run as the WebSpheresecurity standard does not match theconfigured compliance.

Explanation: The Security Access Manager Runtimefor Java has configured a compliance mode that isdifferent from the WebSphere security standardcompliance.

Administrator response: Make sure that the

WebSphere and Security Access Manager Runtime for Java are configured with the same setting.

HPDBG0001E Unsupported operating system type:%s.

Explanation: The command is not supported on thisoperating system.

Administrator response: Change to a supportedoperating system and retry the command.

HPDBG0003E Login to the server failed.

Explanation: An attempt to login to the server wasunsuccessful.

Administrator response: Ensure the server is running,that all ports, user IDs and passowrds are correct, thenretry the command.

HPDBF0506E • HPDBG0003E




HPDBG0005E This script must be executed by 'root'(uid = 0).

Explanation: Invalid credentials detected running thisprocess.

Administrator response: Login as the root user andretry the command.

HPDBG0017E The policy server must first beinstalled in the secure domain.Installthe Security Access Manager policyserver on one of the systemsin yoursecure domain and retry the command.

Explanation: Same as text.

Administrator response: Same as text.

HPDBG0019W The policy server is not running inthis secure domain.Start the policyserver and retry the command.

Explanation: The policy server cannot be contacted.

Administrator response: Start the policy server andretry the command.

HPDBG0028W The parent directory does notexist.Cannot create the document rootdirectory.

Explanation: The directory cannot be created.

Administrator response: Check the file permissionsand ensure there is enough disk space.

HPDBG0043W Could not restart the server.

Explanation: The server could not be restarted.

Administrator response: Check the error logs, correctthe problem, then retry the command.

HPDBG0062W The post-configuration phase of thepackage failed.

Explanation: A problem has occurred that preventedthe package from configuring successfully.

Administrator response: Review the log files, correctthe problem, then retry the command.

HPDBG0063W The pre-configuration phase of thepackage failed.

Explanation: A problem has occurred that preventedthe package from configuring successfully.


HPDBG0064W The package is already configured.

Explanation: The package cannot be configured because it is already configured.

Administrator response: Unconfigure the packagefirst, then retry the command.

HPDBG0066W The pre-removal of the package hasfailed.

Explanation: An error occurred during the pre-removephase of the process.

Administrator response: Review log files, correct theproblem, then retry the command.

HPDBG0087W Could not contact the LDAP server.


Administrator response: Ensure the port,administrator id, and password are correct, and ensurethe server is running on the specified host name.

HPDBG0106W SBS configuration error.

Explanation: An error occurred during theconfiguration.


HPDBG0107W SBS unconfiguration error.

Explanation: An error occurred during theunconfiguration.


HPDBG0108W Cannot connect to the LDAP server.


Administrator response: Ensure the administrator id,password, and port are correct and that the server isrunning on the specified machine.

HPDBG0109W Invalid LDAP authentication.

Explanation: A password, administrator id, keyfilepassword, etc. was invalid.

Administrator response: Ensure the correct passwordsand ids have been specified, then retry the command.

HPDBG0110W The LDAP server is not available.

Explanation: The LDAP server is not responding.

Administrator response: Ensure the server name andport have been speified correctly then retry thecommand.

HPDBG0005E • HPDBG0110W




HPDBG0111W Not authorized to perform the LDAPoperation.

Explanation: The LDAP server denied the requestedoperation.

Administrator response: Ensure the user hasappropriate access then retry the command.

HPDBG0112W Cannot connect to the LDAP serverusing SSL.


Administrator response: Ensure the SSL key file isvalid, the password and port is correct, and that theserver is running. Also check the date on the machinesand validate that the key file has not expired.

HPDBG0113W An unexpected LDAP error hasoccurred.

Explanation: Same as text.Administrator response: Check the log files on thismachine and on the LDAP server, correct the problem,then retry the command.

HPDBG0114W Unable to disable the SecurityAccess Manager WebSEAL server.



HPDBG0115W Unable to disable the NetSEALserver.



HPDBG0117W LDAP client version %s does notappear to be installed.The LDAP clientmust be installed and configured inorder to use the LDAP user registry.



HPDBG0119W Configure the net package before thetrap package. The configuration failed.

Explanation: A configuration was attempted out of sequence.

Administrator response: Configure the packages inorder.

HPDBG0123W Unconfigure the authorization serverpackage before the base package. Theunconfiguration failed.

Explanation: The unconfiguration was attempted outof sequence.


HPDBG0131W This package is partiallyconfigured.Unconfigure this packagebefore configuring it. Tounconfigure,return to the SecurityAccess Manager Configuration Menuand select Exit.



HPDBG0147W Configure the Security AccessManager Runtime package before this

package. The configuration failed.



HPDBG0148W Configure the Security AccessManager Runtime package before theNet package. The configuration hasfailed.



HPDBG0149W Configure the runtime packagebefore the authorization server package.The configuration failed.



HPDBG0150W Unconfigure the policy serverpackage before the runtime package.The unconfiguration failed.



HPDBG0111W • HPDBG0150W




HPDBG0151W Unconfigure the authorization serverpackage before the runtime package.The unconfiguration failed.



HPDBG0152W Unconfigure the Net package beforethe runtime package. Theunconfiguration failed.



HPDBG0153W Could not initialize the SSLconfiguration.


Administrator response: Ensure the key file,password, and port are correct and that the server isrunning in SSL mode.

HPDBG0154W Could not initialize the Base SSLconfiguration.


Administrator response: Ensure the key file,password, and port are correct and that the server isrunning in SSL mode.

HPDBG0163W Install all required Security AccessManager packageson the system beforerunning pdconfig.



HPDBG0164W Configure the runtime packagebefore the application developer kit.The configuration failed.



HPDBG0165W Configure the runtime packagebefore the console package. Theconfiguration failed.



HPDBG0166W Unconfigure the applicationdeveloper kit before the runtimepackage.



HPDBG0167W Unconfigure the console packagebefore the runtime package.



HPDBG0192W Unconfigure the Web package beforethe policy server package. Theunconfiguration failed.

Explanation: An unconfiguration was attempted out

of sequence.Administrator response: Same as text.

HPDBG0193W Unconfigure the Web package beforethe runtime package. Theunconfiguration failed.



HPDBG0205W Some packages have not been

upgraded yet.Upgrade the remainingpackages and retry the command.



HPDBG0207W The upgrade failed.

Explanation: The upgrade did not completesuccessfully.

Administrator response: Review log files or otherprevious messages, correct the problem, then retry thecommand.

HPDBG0210W %s was not found.

Explanation: A file could not be found.

Administrator response: Ensure the file exists and can be accessed, then retry the command.





HPDBG0211W Configure the policy server beforethe authorization server. Theconfiguration failed.



HPDBG0212W Configure the policy server beforethe net package. The configurationfailed.



HPDBG0213W Configure the policy server beforethe Web package. The configurationfailed.



HPDBG0214W The version of the installed LDAPclient must be %s or higher.


Administrator response: Install the LDAP client andretry the command.

HPDBG0215W Security Access Manager policy

server must be upgraded on the system.Explanation: Same as text.


HPDBG0217W The LDAP server host name doesnot exist.


Administrator response: Ensure the LDAP server hostname was entered correctly, that the server is running,and that the port was specified correctly.

HPDBG0232E Load the Security Access Managerschema entries.

Explanation: The schema for secAuthority=Default hasnot been set up on the LDAP server.

Administrator response: Apply the schema then retrythe command.

HPDBG0275W The necessary LiveCONTENTdirectory components have not beeninstalled.They must be installed beforeconfiguration can continue.



HPDBG0277W Security Access Manager policyserver (%s ,%s) cannot be contacted.

Explanation: The specified host and port cannot beaccessed.

Administrator response: Ensure the port and hostname are correct, then retry the command.

HPDBG0278E Login to the Security Access Managerpolicy server failed.Ensure that thepassword is correct and the policy serveris running, then retry the command.



HPDBG0284E Unable to read necessary files. Ensureread permission is set forthe currentuser on the following files located inthe directory specifiedabove:ivmgrd.conf, ivmgrd.kdb, ivmgrd.sth,pdcacert.b64



HPDBG0297W Unconfigure the policy proxy serverbefore the policy server. Theunconfiguration failed.



HPDBG0298W Unconfigure the policy proxy serverbefore the runtime package. Theunconfiguration failed.



HPDBG0322E The specified administrator ID is notauthorized to configurethe server. Checkthe ID, password, and port and be surethe policy serveris configured andrunning.


HPDBG0211W • HPDBG0322E




Administrator response: Log in as an administrativeuser and retry the command.

HPDBG0323E The specified administrator ID is notauthorized to configurethe server. Checkthe ID, password, and port and be surethe policy serveris configured and

running.


Administrator response: Ensure the correct username, password, and port are specified.

HPDBG0327E LDAP client version %s does notappear to be installed.The LDAP clientmust be installed to use the ActiveDirectory user registry.



HPDBG0331E The version of the installed %s mustbe %s or higher.



HPDBG0348E The environment variable JAVA_HOME must be set to an existingvalid JRE before executing thiscommand.

Explanation: JAVA_HOME is necessary to determine

what JRE to use for the process.Administrator response: Set the JAVA_HOME variablethen retry the command.

HPDBG0349E The LDAP client package %s , version%s does not appear to be installed.


Administrator response: Install the package and trythe command again.

HPDBG0350E The Tivoli Common Loggingdirectory cannot be a relative directory.

Explanation: The path is invalid. It must be anabsolute path.

Administrator response: Re-enter the directory.

HPDBG0351E The Tivoli Common Loggingdirectory cannot be created.

Explanation: The path is invalid. It must be anabsolute path and must allow creation.

Administrator response: Re-enter the directory.

HPDBG0358E The management domain name,%s ,already exists within LDAP.

Explanation: The domain name must not already existwithin LDAP.

Administrator response: Retry the commandspecifying a different domain name or remove the

existing one from LDAP.

HPDBG0367E Instance '%s' is already configured('%s').

Explanation: A configuration file for the instancespecified already exists.

Administrator response: Use a different name orremove the existing configuration file and its associatedkey files.

HPDBG0812E An Administrative account must beused to run this program.

Explanation: The user is not qualified to run theprogram.

Administrator response: Log in as an administrativeuser and retry the command.

HPDBG0813E Security Access Manager registryentries could not be created.

Explanation: A problem was detected while trying tocreate entries in the system registry.

Administrator response: Be sure another process isnot accessing the registry and retry the command.

HPDBG0826E The %s service failed to start.

Explanation: The service could not be started.

Administrator response: Review log files, the EventViewer, or other messages, then retry the command.

HPDBG0827E The directory %s could not becreated.

Explanation: The specified directory could not becreated.

Administrator response: Check the permissions of theparent directory and disk space, then retry thecommand.

HPDBG0828E The unconfiguration of the %s serverfailed.


Administrator response: Review log files, the EventViewer, or other messages, correct the problem, thenretry the command.

HPDBG0323E • HPDBG0828E




HPDBG0829W The %s service could not be deleted.



HPDBG0830E The %s server could not beconfigured.



HPDBG0832E The directory %s could not becreated.


Administrator response: Check permissions on theparent directory and disk space, then retry thecommand.

HPDBG0836E Could not create keytab directory: %s

Explanation: The directory could not be created.

Administrator response: Check permissions of theparent directory and disk space, then retry thecommand.

HPDBG0837E Startup of Security Access ManagerPolicy Server failed.


Administrator response: Review the logs, EventViewer, or other messages, correct the problem, thenretry the command.

HPDBG0838E Startup of Security Access ManagerSecurity Server failed.



HPDBG0839E Startup of Security Access ManagerAuthorization Server failed.



HPDBG0840E An error occurred configuring the %sservice.



HPDBG0841E Could not get configurationinformation from the Security AccessManager registry.

Explanation: The process could not access the systemregistry properly.

Administrator response: The package may need to bereinstalled or the registry may be corrupt.

HPDBG0843E Could not stop the %s service.



HPDBG0844E The %s package must be removedfirst.


Administrator response: Remove the specifiedpackage, then retry the command.

HPDBG0857W The Security Access Manager Policy

Server is already configured in thissecure domain.The Security AccessManager Policy Server must be removedcompletely before installing.



HPDBG0858W The Security Access Manager PolicyServer appears to be configured onanother machine in the secure domain.The local Security Access ManagerPolicy Server cannot be unconfigured.

Explanation: Same as text.Administrator response: Same as text.

HPDBG0860E GsoInit error 1: Invalid Parameters

Explanation: An invalid parameter was specified.

Administrator response: Correct the parameter andretry the command.





HPDBG0861W GsoInit error 2: No LDAPConnection

Explanation: The LDAP host could not be reached.

Administrator response: Ensure the information iscorrect, then retry the command.

HPDBG0862W GsoInit error 3: Not Authorized

Explanation: The user is not authroized to performthe task.

Administrator response: Increase the user's authorityor try the command again as a different user.

HPDBG0863W GsoInit error 4: Object Exists

Explanation: The object that is trying to be createdalready exists.

Administrator response: Delete the object then retrythe command.

HPDBG0864W GsoInit error 5: Object Not Found

Explanation: The object could not be found.

Administrator response: Ensure the configuration wassuccessful, then retry the command.

HPDBG0865W GsoInit error 6: No GSO Database

Explanation: The GSO database does not exist.



HPDBG0866W GsoInit error 7: No Suffix

Explanation: The suffix does not exist.

Administrator response: Ensure the configuration wassuccessful, then retry the command.

HPDBG0867W GsoInit error 8: GSO Database Exists

Explanation: The database could not be created because it already exists.

Administrator response: The database could not becreated because it already exists. Check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBG0868W GsoInit error 9: GSO UnrecoverableError

Explanation: An unknown error occurred.



HPDBG0869W GsoInit error 10: Can't get LDAPConnection

Explanation: The LDAP server could not be reached.

Administrator response: Ensure the server is runningand that the information is correct, then retry thecommand.

HPDBG0870W GsoInit error 11: Not GSO User

Explanation: The user is not a valid GSO user.

Administrator response: Retry the command as avalid GSO user.

HPDBG0905E SBS Unconfiguration Error

Explanation: An error occurred unconfiguring SBS.Administrator response: Review log files or othermessages, then retry the command.

HPDBG0906W Cannot connect to the LDAP server.

Explanation: The LDAP server could not be reached.


HPDBG0907W Invalid LDAP authentication

Explanation: The LDAP server denied the request.

Administrator response: Ensure the LDAPadministrator id and password are correct.

HPDBG0908W LDAP server not available


Administrator response: Ensure the LDAP server isrunning and the ports are correct, then retry thecommand.

HPDBG0909W Not authorized to perform LDAP

operation

Explanation: The LDAP server denied the request.

Administrator response: Ensure the LDAPadministrator id and password are correct.

HPDBG0910W Cannot connect to registry serverusing SSL.

Explanation: SSL could not be used to communicateto the registry server.





Administrator response: Ensure the ports, key file,passowrd, and ids are correct, and that the registryserver can use SSL, then retry the command.

HPDBG0938E Configuration failed.\r

Explanation: The configuration process failed.

Administrator response: Review logs, correct theproblem, then retry the command.

HPDBG0957E Error attempting to shutdown thesystem.

Explanation: The system could not be shut down.

Administrator response: Shut down and restart thesystem manually.

HPDBG0964E ERROR: SecAuthority=Default suffixnot found on LDAP server. Loadsecschema.def before configuring

Security Access Manager

Explanation: The LDAP server configuration may not be completely finished.

Administrator response: Apply the schema asdirected, then retry the command.

HPDBG0972W Security Access Manager PolicyServer must first be upgraded on thissystem.

Explanation: The policy server must be upgraded before this package.

Administrator response: Upgrade the policy server,then retry the command.

HPDBG0973E SecAuthority=Default suffix notfound on LDAP server, Security AccessManager initialization of LDAP failed

Explanation: The LDAP server configuration was notcompleted before running this process.

Administrator response: Apply the schema on theLDAP server, then retry this command.

HPDBG0991E URAFCFG environment variable notset.


Administrator response: Set the variable, then retrythe command.

HPDBG0992E Notes_ExecDirectory environmentvariable not set.


Administrator response: Set the variable, then retrythe command.

HPDBG0993E The Notes install directory is not inthe PATH


Administrator response: Set the PATH to include theNotes install directory, then retry the command.

HPDBG0994E The EXTMGR_ADDINS parameter isnot set in notes.ini.


Administrator response: Set the parameter in thenotes.ini file, then retry the command.

HPDBG0997W The notes.ini file does not exist inthe Windows directory.


Administrator response: Ensure the product wasinstalled correctly, then retry the command.

HPDBG1005E Could not contact the LDAP server.Possible causes are:The LDAP server isnot running.The LDAP server host nameor port is incorrect.There is an SSL

configuration mismatch betweenSecurity Access Manager and theregistry server.


Administrator response: Same as text - correct theproblem, then retry the command.

HPDBG1006E Could not contact the Security AccessManager Policy Server.Ensure that youhave specified a valid host name andport number and that Security AccessManager Policy Server is started beforeretrying this operation.



HPDBG1007W Could not get the TCP/IP host nameof local machine.



HPDBG0938E • HPDBG1007W





HPDBG1032W You are not authorized to update theschema!


Administrator response: Log in as a different user

and retry the command.

HPDBG1049W Unable to read necessary files. Makesure that the readpermission is set forthe current user on the following fileslocated inthe directory specified:ivmgrd.conf, ivmgrd.kdb, ivmgrd.sth,pdcacert.b64



HPDBG1054W Cannot contact the host

server.Possible causes are:The hostserver is not running.The host servername is incorrect.



HPDBG1056W Could not contact the Dominoserver. Possible causes are:The Dominoserver is not running.The Dominoserver host name is incorrect.The Notes

client password is incorrect for theactive Notes ID file.Verify thatinformation and then unconfigure andreconfigure the Runtime componentwith the correct values.



HPDBG1080E Could not contact the Security AccessManager Policy Server.Ensure that youhave specified a valid ID, password anddomain name and that Security Access

Manager Policy Server is started beforeretrying this operation.



HPDBG1083E Error: Command %s failed (0x%x).Make sure java is in the path.

Explanation: See text.

Administrator response: See text, review logs, correct

the problem, then retry the command.

HPDBG1096E The environment variable JAVA_HOME must be set to an existingvalid JRE before executing thiscommand.

Explanation: JAVA_HOME is necessary to determinewhat JRE to use for the process.

Administrator response: Set the JAVA_HOME variablethen retry the command.

HPDBG1097E The Security Access Manager Licenseregistry key is missing.

Explanation: The current version of Security AccessManager License must be installed to configure otherSecurity Access Manager components.

Administrator response: Install Security AccessManager License from the Security Access Manager

CDs then retry this command.

HPDBG1098E Security Access Manager License isnot installed.

Explanation: The current version of Security AccessManager License must be reinstalled to configure otherSecurity Access Manager components. The registry keymay contain an incorrect 'Path' or the path doesn'tmatch the path returned by the pd_get_path command.

Administrator response: Install Security AccessManager License from the Security Access ManagerCDs to the same path as the other Security AccessManager components then retry this command.

HPDBG1099E Security Access Manager License isnot at the required version level.

Explanation: Security Access Manager License must be at the current level to configure other SecurityAccess Manager components.

Administrator response: Reinstall the Security AccessManager License from the current Security AccessManager CDs then retry this command.

HPDBG1100E Security Access Manager Policy

Server must be unconfigured before it isremoved.

Explanation: The policy server must be unconfigured before removal.

Administrator response: Unconfigure the policyserver and then retry the removal.





HPDBG1101E Security Access Manager policy proxyserver must be unconfigured before it isremoved.

Explanation: The policy proxy server must beunconfigured before removal.

Administrator response: Unconfigure the policy proxy

server and then retry the removal.

HPDBG1102E Security Access ManagerAuthorization Server must beunconfigured before it is removed.

Explanation: The authorization server must beunconfigured before removal.

Administrator response: Unconfigure theauthorization server and then retry the removal.

HPDBG1104E Could not contact the ActiveDirectory server. Possible causes are:The

Active Directory server is notrunning.The Active Directory GlobalCatalog server is not running.The ActiveDirectory server host name or domain isincorrect.

Explanation: Same as text

Administrator response: Make sure that the ActiveDirectory server or Active Directory Global Catalogserver is running and that the host name specified isthe fully qualified host name.

HPDBG1105E The domain name is different from

the local domain and Security AccessManager Policy Server is installed onthis machine.If the Policy Server is to beconfigured on this machine, make surethe domain is correct.If Security AccessManager is configured with the ActiveDirectory multiple domains option,make sure this domain is the root of theActive Directory forest. Policy Servermust be installed and configured on theroot domain of the forest.When using anLDAP client to communicate with theActive Directory server for a SecurityAccess Manager blade server or user

application it's necessary to remove theSecurity Access Manager Policy Serverpackage then retry the configuration.


Administrator response: If the Policy Server will beconfigured on this machine and it is a client of anActive Directory server, make sure the machine islogged in to the correct domain. Also note that in orderfor Security Access Manager to be configured withActive Directory multiple domain, the Policy Servermust be installed and configured on the root of the

Active Directory forest or a client machine of that rootdomain. Correct the problem and retry.

HPDBG1106E Invalid authentication information.Either the Active Directory admin IDdoesn't exist or the admin password isincorrect.


Administrator response: Correct the user ID andpassword and retry.

HPDBG1107E Unable to locate the Active Directorydata location information. Make surethe Active Directory domain is up andrunning or check to make sure thedistinguished name for the data locationexists on the Active Directory serverbefore using it.

Explanation: The Active Directory data location may

not exist or is not yet created in the Active Directoryserver.

Administrator response: Correct the the ActiveDirectory data location information and retry.

HPDBG1120E The pdcacert.b64 file could not bedownloaded from the policy server.

Explanation: The certificate automatic downloadfailed.

Administrator response: Make sure the policy serveris running.

HPDBG1133W The management domain locationDN, %s , was not found in the LDAPserver. Create the location DN on theLDAP server or specify a different one.

Explanation: The user specified a location DN forprivate policy server data but the DN does not alreadyexist on the LDAP server.

Administrator response: Create the location DN onthe LDAP server first, or specify an existing one.

HPDBG1137E The windows socket library could not

be loaded.Explanation: An internal error has occurred.

Administrator response: Ensure that windows socketsupport is installed and the library directory is in thePATH then retry the command. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBG1101E • HPDBG1137E




HPDBG1156E The file %s could not be deleted.Errno %d

Explanation: The specified file could not be deleted.

Administrator response: Check the permissions of thefile, then retry the command.

HPDBG1169W The compliance type is not valid. Itmust be one of: none, fips,sp800-131-transition, sp800-131-strict,suite-b-128, suite-b-192.



HPDBI0026E An error occurred configuring %s.

Explanation: Configuration failed for the component.


HPDBI0027E An error occurred while installing %s.

Explanation: The installation of the component failed.


HPDBI0036E Could not change to directory: %s.

Explanation: The directory does not exist or thepermissions are not correct.

Administrator response: Check the permissions andpath of the directory.

HPDBI0084E %s completed with errors. The exit codewas %s.

Explanation: Indicates that the process finishedunsucsessfully.


HPDBI0133W The file, %s , did not exist duringGSKit configuration.

Explanation: Message indicating that a non-critical filewas not available on the CD during configuration of GSKIT.


HPDBI0134E The ldapdb2 user did not get created.Aborting the configuration.

Explanation: The creation of the ldapdb2 user failedand configuration cannot continue.

Administrator response: Remove the installed LDAPserver components, reboot, and retry the command.

HPDBI0136E This script only works on: %s.

Explanation: These are the only platforms on whichthis process works.

Administrator response: Use this process on one of the listed platforms only.

HPDBI0140E Unable to determine the machine type.



HPDBI0141E The response file, %s , could not be read.

Explanation: The specified response file could not beread.

Administrator response: Verify the path andpermissions of the response file and retry thecommand.

HPDBI0146E You must be the root user to run this

process.Explanation: See message.

Administrator response: Log in as root and retry thecommand.

HPDBI0159E Could not load %s .

Explanation: An expected installation file could not beloaded.


HPDBI0162E Ezinstall failed to complete successfully.

Explanation: An error occurred durnig the ezinstallprocess.


HPDBG1156E • HPDBI0162E




HPDBI0163E The file, %s , could not be read.


Administrator response: Check the existence andpermissions of the file and retry the command.

HPDBI0170E You must have administrator authorityto run this program.

Explanation: The user does not have authority to runthis program.

Administrator response: Log in as the administrativeuser and retry the command.

HPDBI0175E The file, %s , could not be created.

Explanation: The file could not be created.

Administrator response: Check the permissions of thedirectory and available disk space, then retry thecommand.

HPDBI0196E The current %s version is %s. %s orhigher is required.

Explanation: The process cannot migrate componentsthat are too old.

Administrator response: Use the supported versionand retry the command.

HPDBI0215E The backup or restore of theinformation failed.

Explanation: The migration process could not be

completed.


HPDBI0217W Start the %s and policy servers if theyare not already started.

Explanation: The servers must be running beforecontinuing.

Administrator response: Start the servers at this time,then continue.

HPDBI0222E Ezinstall is not supported on thisplatform.


Administrator response: Move to a supportedplatform and retry the command.

HPDBI0232E Solaris version 2.7 or later is required torun the LDAP server.


Administrator response: Upgrade the operatingsystem and retry the command.

HPDBI0237E %s could not be removed from theregistry.


Administrator response: Remove the key manually,reboot, and retry the command.

HPDBI0263E Cannot upgrade the LDAP client. Aprevious version of the server exists.

Explanation: A previous version of the LDAP serverexists on this machine.

Administrator response: Upgrade the LDAP server onthis machine before continuing.

HPDBI0264E Upgrade the server first, then retry thecommand.

Explanation: A previous version of the server existson this machine.

Administrator response: Upgrade the LDAP server onthis machine before continuing.

HPDBI0266E Cannot upgrade Security AccessManager runtime because a previous

version of the policy server exists.Explanation: See message.

Administrator response: Upgrade the policy serverthen retry the command.

HPDBI0276E Check that the server is configuredproperly and running.

Explanation: Inform the user that the host namespecified was invalid.

Administrator response: Check the host name enteredand make sure it is running the software.

HPDBI0283E The %s server did not start properly.

Explanation: A problem prevented the server fromstarting.


HPDBI0163E • HPDBI0283E




HPDBI0285E An error occurred while installing %spatches.

Explanation: The patch could not be installed due toan error.



HPDCF0002E A memory allocation error resulted inthe termination of the program. Checkthe maximum allowable memory andthe amount of system paging space asthese may both need to be increased.


Administrator response: Increase the maximumallowable memory and the system paging space or shutdown one or more applications.

HPDCF0003E The file, %s , could not be opened.Ensure that file exists and that the filepermissions allow access.


Administrator response: Make sure the file exists andthat the permissions are set so this process can accessit.

HPDCF0004E The file, %s , could not be read.Ensure that file exists and that the filepermissions allow read access.



HPDCF0005E The current time could not beobtained.


Administrator response: Retry the command and if the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/

index.html?ibmprd=tivman

HPDCF0006E The file, %s , could not be modified.Ensure that file exists and that the filepermissions allow write access.



HPDCF0009E The installation directory could not bedetermined. Ensure that the product isinstalled correctly.


Administrator response: Reinstall the product.

HPDCF0033E The file, %s , is in use.You must stopthe server or application before usingthis command.

Explanation: An attempt was made to modify theconfiguration of an active server application.

Administrator response: Stop the server and retry thecommand.

HPDCF0051E The file, %s , was not found.


Administrator response: Check the path to the file, itspermissions, fix the problem then retry the command.

HPDCF0052E The request to change the key filepassword failed.

Explanation: An internal error has occurred or accessto perform the operation was denied.

Administrator response: Ensure that the administratorID being used to permorm this cmmand has authority.

HPDCF0053E The request to renew the servercertificate failed.

Explanation: An internal error has occurred or accessto perform the operation was denied.

Administrator response: Ensure that the administratorID being used to permorm this cmmand has authority.

HPDCF0054E An operating system function forobtaining the local TCP/IP host namehas failed. The error code is %d.

Explanation: See message text.

Administrator response: Ensure that the TCP/IP hostname of the system is properly configured and retrythe command.

HPDCF0055E Socket initialization failed. The errorcode is %d.

Explanation: Unable to initialize a necessary socketcommunication.

Administrator response: Retry the operation and if the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDBI0285E • HPDCF0055E




HPDCF0057E A replica entry for the specified hostname already exists in the configurationfile.

Explanation: An attempt was made to add anauthorization server replica that already exists in thespecified configuration file.

Administrator response: If the replica name wasincorrectly specified, retry the command specifying thecorrect name.

HPDCF0058E A replica entry for the specified hostname was not found in theconfiguration file.

Explanation: An attempt was made to change anauthorization server replica that does not exist in thespecified configuration file.

Administrator response: Retry the commandspecifying the correct parameters.

HPDCF0059E A replica entry in the configurationfile is corrupted.

Explanation: The configuration file contains invaliddata.

Administrator response: First unconfigure thenreconfigure the server application and then retry thecommand.

HPDCF0060E The user registry type cannot bedetermined. Ensure that Security AccessManager runtime is properly installed

and configured.

Explanation: Unable to determine the registry type.

Administrator response: Reconfigure Security AccessManager runtime.

HPDCF0061E The function, %s , returned the errorcode: 0x%8.8lx.


Administrator response: Retry the command and if the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/


HPDCF0062E Could not connect to the SecurityAccess Manager policy server. Errorcode is 0x%8.8lx.Ensure that the policyserver host name, port and local domainname are correct.

Explanation: The policy server may not be properlyconfigured or is not started.

Administrator response: Ensure that the policy serveris properly configured and started and retry thecommand.

HPDCF0074E The keyring database files alreadyexist. This indicates that the servermight already be configured or partially

configured.


Administrator response: The server must first beunconfigured before retrying this command.

HPDCF0079E SSL configuration failed. The errorcode is 0x%8.8lx.

Explanation: The command failed. This message ispreceded by other messages that more fully describethe cause of the failure.

Administrator response: Refer to previous messages

that have appeared on the screen for more details. Fixthe problem and then retry the command.

HPDCF0084E File %s is missing essentialinformation.You must first use the-config action to create the initialconfiguration file.


Administrator response: Specify a valid configurationfile or use the -config action to create one.

HPDCF0085E The configuration file %s is not

valid.Ensure that Security AccessManager runtime is properlyconfigured.


Administrator response: Ensure that the SecurityAccess Manager runtime is properly configured.

HPDCF0086E The configured user registry type isnot supported.


Administrator response: Ensure that the Security

Access Manager runtime is properly configured.

HPDCF0101E Configuration cannot be performedfor server %s .File %s already exists. Theserver might already be configured.


Administrator response: The server must first beunconfigured before it can be reconfigured.

HPDCF0057E • HPDCF0101E




HPDCF0104W This usage is deprecated. Refer to thehelp for the correct usage of thiscommand.

Explanation: A usage error has occurred.

Administrator response: Type the command andaction to see the command help.

HPDCF0116E The keyring database or file, %s ,could not be modified. Ensure that fileexists and that the file permissionsallow write access.



HPDCF0117E An error occurred in the IKeyManAPI. Configuration failed.


Administrator response: Retry the command and if the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDCF0118E Configuration failed. The specifiedconfiguration file does not exist or youdo not have the proper permissions toaccess the configuration file.

Explanation: The specified configuration file isinvalid.

Administrator response: Ensure that the configurationfile exists and that you have the required permissionsto write to the file.

HPDCF0120E An application server with thespecified name is already configured.You must use a different name orunconfigure the existing application


Administrator response: The server must first be

unconfigured before retrying the command.

HPDCF0122E If listen mode is enabled, thelistening port must be specified withthe -r parameter.

Explanation: A port parameter is required whenlistening mode is enabled.

Administrator response: Specify the missing portparameter.

HPDCF0123E The currently configured SSLlistening port number cannot be zero iflistening mode is enabled.


Administrator response: Configure a listening port before enabling listening mode or disable listening

mode.

HPDCF0126W The Security Access Manager policyserver has been configured to disallowdownloading of its CA certificate. A rootCA certificate base64 file must beavailable on the local machine in orderto configure.


Administrator response: Contact your Security AccessManager administrator to obtain the secure domain'sroot CA certificate. This file was saved as

"pdcacert.b64" when the policy server was configured.Retry the command specifying the location of the"pdcacert.b64" file on your local machine.

HPDCF0127E Download of the root CA certificatefailed. Ensure that the Security AccessManager policy server host and port arespecified correctly and that the correctversion of the policy server isconfigured and running properly.

Explanation: Unable to download the root CAcertificate file.

Administrator response: Be sure the policy server isconfigured to allow automatic download of this fileand that the specified host and ports are correct.

HPDCF0129W The value %s of ca-cert-download-enabled keyword in ivmgrd.conf file isincorrect. Acceptable values are yes orno. Downloading of the secure domain'sroot CA certificate is disabled.


Administrator response: If the root CA certifcatedownloading is desired, edit the ivmgrd.conf file andcorrect the ca-cert-download-enabled parameter to "yes"

or "no", then restart the policy server.

HPDCF0133E The Security Access Manager policyserver is not responding. Verify the hostname and port, and verify that theserver is started.


Administrator response: Start the policy server thenretry the command, and ensure that the port and hostname was entered correctly.

HPDCF0104W • HPDCF0133E




HPDCF0134E A listening port number of zero isallowed only if the [aznapi-admin-services] stanza in the configuration fileis empty.

Explanation: An invalid value was detected in theconfiguration files.

Administrator response: Either specify a non-zeroport number or edit the configuration file to removethe "[aznapi-admin-services]" stanza before retrying thecommand.

HPDCF0140E The keyring database could not belocated using the specified configurationfile.

Explanation: Either the wrong configuration file wasspecified, it contains invalid data or the keyringdatabase does not exist.

Administrator response: Ensure that the specified

configuration file is correct or unconfigure andreconfigure the application.

HPDCF0157E The specified configuration file doesnot exist or you do not have the properpermissions to access the file.

Explanation: The specified configuration file cannot beopened.

Administrator response: Ensure that the configurationfile exists and that you have the required permissionsto write to the file.

HPDCF0158E The specified stanza/key pair does notexist in the specified configuration file.

Explanation: The specified stanza/key pair is invalid.They do not exist in the given configuration file.

Administrator response: Ensure that the specifiedstanza/key pair are valid values.

HPDCF0159E The specified configuration file maybe corrupted.


Administrator response: Ensure that the configurationfile is a valid stanza-based file.

HPDCF0160E Unknown error occurred whilereading and writing to the configurationfile.


Administrator response: Ensure that the configurationfile is a valid stanza-based file.

HPDCF0161E The configuration file is missingessential information.

Explanation: The configuration file does not containinformation required to perform the command. Theconfiguration file is not valid or the application must

be configured.

Administrator response: Specify a valid configurationfile or use the -config action to create one.

HPDCF0164E Configuration failed. An erroroccurred creating the specified DN,accessing a configuration file, or settingup the keyfile.

Explanation: An error occurred in relation to creatingthe DN.

Administrator response: Ensure that the configurationfile exists, that you have the required permissions towrite to the file, and that the DN does not already

exist.

HPDCF0165E Cannot display configuration fileinformation from the obfuscated versionof the file.

Explanation: The specified stanza/key pair cannot bedisplayed because the pair is in the obfuscated versionof the configuration file.

Administrator response: None

HPDCF0166E Cannot modify information in thespecified version of the configuration

file because it exists in the alternateversion.

Explanation: If a stanza/key/value exists in theobfuscated config file then trying to modify it in thenon-obfuscated config file is not allowed. The samerestriction applies to modifying a stanza/key/value inthe non-obfuscated config file, that already exists in theobfuscated config file

Administrator response: Remove thestanza/key/value from the appropriate config file

before setting a new value to the alternate config file

HPDCF0170E Instance '%s' is already configured('%s').

Explanation: A configuration file for the instancespecified already exists.

Administrator response: Use a different name orremove the existing configuration file and its associatedkey files.

HPDCF0134E • HPDCF0170E




HPDCF0179E The compliance value '%s' is not validfor ssl-compliance in pd.conf. It must beone of the following values: 'none','fips', 'sp800-131-transition','sp800-131-strict', 'suite-b-128','suite-b-192'.

Explanation: The pd.conf [ssl] ssl-compliance value isnot a valid value.

Administrator response: Correct the value in pd.conf and retry the command.

HPDCF0180E The -C compliance value '%s' is notvalid and must be one of the followingvalues: 'none', 'fips','sp800-131-transition', 'sp800-131-strict','suite-b-128', 'suite-b-192'.

Explanation: The -C value is not a valid value.

Administrator response: Retry the command with a

valid value.

HPDDB0150E Not implemented

Explanation: This message is obsolete.


HPDDB0450W Could not bind to server (%s ,0x%8.8lx).

Explanation: The application is unable to contact thepolicy server.

Administrator response: Verify that the policy server

host name and port number are configured correctlyand that the remote host can be contected directlythrough the network.

HPDDB0451E CDS entry for database server doesnot exist (%s).

Explanation: Message is obsolete.


HPDDB0601E Could not close backing database(0x%8.8lx).

Explanation: The policy database could not be closedduring replication or server shutdown.

Administrator response: Restart the application.

HPDDB0602E Could not create backing database(%s , 0x%8.8lx).

Explanation: The primary policy database could not be created or initialized.

Administrator response: Verify the policy databasepathname configuration and file permissions. Ensure

that sufficent disk space is available in the file system.

HPDDB0603E Could not fetch object from backingdatabase (%s , 0x%8.8lx).

Explanation: The policy server is unable to retrieve anitem from the policy database.


HPDDB0604E Could not write object to backingdatabase (%s , 0x%8.8lx).

Explanation: The policy server is unable to update thepolicy database.

Administrator response: Ensure that sufficient diskspace is available in the file system. If a server restartdoes not resolve the problem, use the pdacld_dumputility to verify the policy database. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/

sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0605E Could not delete object from backingdatabase (%s , 0x%8.8lx).

Explanation: The policy server is unable to update thepolicy database.

Administrator response: Ensure that sufficient diskspace is available in the file system. If a server restartdoes not resolve the problem, use the pdacld_dumputility to verify the policy database. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0606E Could not initialize database iterator(0x%8.8lx).


Administrator response: Use the pdacld_dump utilityto verify that the policy database can be read. Comparethe number of objects read with the expected numberof objects. If these numbers differ, use thepdacld_dump utility to rebuild the policy database. If

the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0607E Could not fetch next databaseelement (0x%8.8lx).


Administrator response: Use the pdacld_dump utility

HPDCF0179E • HPDDB0607E




to verify that the policy database can be read. Comparethe number of objects read with the expected numberof objects. If these numbers differ, use thepdacld_dump utility to rebuild the policy database. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0608E Could not build initial databasereplica (%s , 0x%8.8lx).

Explanation: A policy database replication operationhas failed and a replica policy database is unavailable.

Administrator response: If a policy replica exists,move it to a temporary location. Try an applicationrestart. If the problem persists, check Electronic Supportfor additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0609E Could not rebuild database replica(%s , 0x%8.8lx).

Explanation: A policy database replication operationhas failed.

Administrator response: If a policy replica exists,move it to a temporary location. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0611E Invalid database specified forreplication.

Explanation: The policy server is unable to providereplication services.

Administrator response: Restart the policy server. If this problem persists, check Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0612E Replica database version isincompatible and will be replaced.

Explanation: The application has detected anincompatible version of the policy database. Thedatabase is replaced automatically.


HPDDB0750E Invalid object name (%s).



HPDDB0751E Could not decode object (%ld ,0x%8.8x).

Explanation: An error occurred interpreting an itemfrom the policy database.

Administrator response: Run the pdacld_dump utilityto verify the database integrity and if necessary, rebuild

the policy database.

HPDDB0752E Could not encode object (%ld ,0x%8.8x).

Explanation: An error occurred while storing an itemto the policy database.

Administrator response: Restart the policy server andrun the pdacld_dump utility to verify the databaseintegrity.

HPDDB0753E Could not find object (%s).



HPDDB0754E Object type is unknown.



HPDDB0755E Unexpected object type.



HPDDB0756E The policy database is not ready foruse.

Explanation: An internal error has occurred whichprevents the application from retrieving records fromsecurity policy database.

Administrator response: If a server restart does notresolve the problem, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB0901E Could not bind to client fornotification (%s , 0x%8.8lx).

Explanation: The policy server was unable to contactthe client for a policy database update notification.

Administrator response: Ensure that the application isavailable to receive notifications.

HPDDB0608E • HPDDB0901E




HPDDB0906E Client not found.

Explanation: An attempt was made to retrieveinformation about an unknown client.


HPDDB0907E Client already exists.

Explanation: An attempt was made to add a clientwhich already exists.


HPDDB1050E Could not download object (%s ,0x%8.8lx).



HPDDB1051E Remote update detected - aborting

download.

Explanation: The application received multiple policyupdate notifications. The secondary notifications arediscarded.


HPDDB1052E Could not read database header(0x%8.8lx).

Explanation: The policy database could not be openedand initialized.

Administrator response: The database file might have

incorrect permissions br truncated or corrupted. Verifythat policy database file permissions are valid. Also,ensure that sufficient disk space is available in the filesystem and restart the application. For local-modeapplications, if the problem persists, recreate the replica

by moving the database to a temporary location andrestarting the application. For the policy server, restorea backup database or use the pdacld_dump utility tosalvage the existing database.

HPDDB1053E Could not write database header(0x%8.8lx).

Explanation: The primary policy database could not

be created or initialized.Administrator response: Verify the policy databasepathname configuration and file permissions. Ensurethat sufficent disk space is available in the file system.

HPDDB1054W Master database server isunavailable (0x%8.8lx).

Explanation: The application is unable to contact thepolicy server.

Administrator response: Verify that the policy server

host name and port number are configured correctlyand that the remote host can be contected directlythrough the network.

HPDDB1060W Could not check synchronizationwith master database server - using localreplica instead.

Explanation: A new policy database could not bedownloaded. The existing database is used.


HPDDB1061E Critical failure during DB replication- aborting (0x%8.8lx).

Explanation: The application is unable to create apolicy database replica. The application aborts.

Administrator response: If a policy replica exists,move it to a temporary location. Ensure that the filessystem has sufficent disk space and that file and

directory permissions are correct. Try an applicationrestart. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDDB1062W Could not rebuild local replica -continuing to use existing replica(0x%8.8lx).

Explanation: The application is not able to update theexisting policy database. The existing database is used.

Administrator response: Ensure that the file systemhas sufficent disk space. If this problem persists, restartthe policy server.

HPDDL0001E Database not open.

Explanation: The database was not opened before thisdatabase call.

Administrator response: Call pd_db_open before thisdatabase procedure.

HPDDL0002E Database filename missing.

Explanation: The database filename was not suppliedwhen trying to open the database with pd_db_open.

Administrator response: Call pd_db_open with avalid database filename.

HPDDL0004E The data type is not known or isincorrectly specified.

Explanation: An attempt was made to create adatabase without specifying an index type or to openan existing database with an incorrect type.

Administrator response: When creating a new

HPDDB0906E • HPDDL0004E




database, the data_type (pd_db_type_t) parameter must be either pd_db_type_ivobj or pd_db_type_encoded.When opening an existing database, the data type mustmatch the type used when the database was firstcreated.

HPDDL0005E The data type (pd_db_type_t) in the

flags parameter does not match the typein the database.

Explanation: The data type parameter to pd_db_opendid not match the type stored in the database.

Administrator response: Call pd_db_open with thedata type that matches the database data type.

HPDDL0009E Database create failure - data filealready exists.

Explanation: When attempting to open a databasewith the PD_DB_CREATE flag the specified databasefile was found to already exist.

Administrator response: Do not open an existingdatabase with the PD_DB_CREATE flag, Or, you canremove the database file if a new (and empty) databaseis desired.

HPDDL0011E Database open failure - permissiondenied

Explanation: The server does not have permission toopen the database file. The open call returned EACCES.

Administrator response: Run the process as theoperating system user who has permission to access thedatabase, or change the permission of the database fileitself or the path to it.

HPDDL0012E Database open failure.

Explanation: The database-open procedure has failed.

Administrator response: Examine the global variable,errno, for further information. Database open failurescan also occur if codepage conversion tables are notaccessible or could not be initialized.

HPDDL0013E Database store failure.

Explanation: The database-store procedure has failed.

Administrator response: Examine the global variable,errno, for further information.

HPDDL0014E Database fetch failure.

Explanation: The database-fetch procedure has failed.


HPDDL0015E Database delete operation failure.

Explanation: The database-delete procedure has failed.


HPDDL0017E This database does not contain avalid header.

Explanation: An attempt to fetch the database headerfailed. The database might be truncated or otherwisecorrupted.

Administrator response: Use the pdacld_dump utilityto validate and if necessary, repair the database.

HPDDL0023E The operation is not allowed whileiterating.

Explanation: A call to either a function that alters a backing store (a store or delete operation) or one that

starts another iteration was attempted while iterating.This is not allowed.

Administrator response: Do not call routines that alterthe backing store or nest iterations while in an iterationloop.

HPDED0100E Invalid argument: Null context.

Explanation: A nonnull PDContext object is requiredto communicate with the Security Access Managerpolicy server.

Administrator response: Ensure that the contextargument is nonnull.

HPDED0101E Unknown message code: %s .



HPDED0102E The specified configuration orkeystore file already exists.



HPDDL0005E • HPDED0102E







HPDED0201E The AmIdentity does not contain avalid name.

Explanation: The AmIdentity does not contain a validname.

Administrator response: Refer to the Security AccessManager error log for more information. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDED0202E The AmObject cannot be created fromthe encoded object.

Explanation: The AmObject cannot be created fromthe encoded object.


HPDED0203E The object type requested is

unexpected.

Explanation: The object type requested is unexpected.The object cannot be decoded.


HPDED0204E The configuration information cannotbe stored to file.

Explanation: The configuration information cannot bestored to file.

Administrator response: Ensure that the configurationfile is writable.

HPDED0205E The temporary database file %scannot be written.

Explanation: The temporary database file cannot bewritten.


HPDED0206E Could not get socket input stream.

Explanation: Could not get socket input stream.


HPDED0207E Could not read data from data inputstream or socket.

Explanation: Could not read data from data input

stream or socket.


HPDED0208E Could not write data to data outputstream or socket.

Explanation: Could not write data to data outputstream or socket.


HPDED0209E An error occurred while creatingdatabase sequence property file.

Explanation: Unable to create database sequenceproperty file in PolicyDirector/db directory of theAM_INSTALL_DIR.

Administrator response: Ensure that the user has thenecessary permissions to create file in the<AM_INSTALL_DIR>/PolicyDirector/db directory.

HPDED0210E An error occurred while loadingdatabase sequence property file.

Explanation: Unable to load database sequenceproperty file in PolicyDirector/db directory of theAM_INSTALL_DIR.

Administrator response: Ensure that the user has the

HPDED0200E • HPDED0210E




necessary permissions to read/write database sequenceproperty file in the <AM_INSTALL_DIR>/PolicyDirector /db directory.

HPDED0211E The database sequence informationcannot be stored to file.

Explanation: The database sequence informationcannot be stored to file.

Administrator response: Ensure that the user has thenecessary permissions to read/write database sequenceproperty file in the <AM_INSTALL_DIR>/PolicyDirector /db directory.



Administrator response: Ensure that the context

argument is nonnull.

HPDED0400E Invalid argument: Too manyproperties.

Explanation: The database filename configured for theapplication is not specified correctly in theconfiguration file.

Administrator response: Ensure that thekeyword/value for 'filename=<db pathname>' iscorrectly specified in the configuration file.

HPDED0401E Invalid argument: Filename property

not found.

Explanation: The database filename configured for theapplication is not specified correctly in theconfiguration file.


HPDED0402E Invalid argument: Filename notsupplied.

Explanation: The database filename configured for theapplication is not specified correctly in the

configuration file.


HPDED0403E Invalid state: Could not opendatabase.

Explanation: The database file specified in theconfiguration file could not be opened.


HPDED0404E Invalid state: Expected %d , but got %dfrom database.

Explanation: An internal error occurred. The databasemay have been corrupted.


HPDED0405E The version of the local replicateddatabase is downlevel and notsupported.


Administrator response: Ensure the versions of thelocal Security Access Manager runtime environmentand policy server are supported. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDED0406E A database object cache storeoperation failed.

Explanation: An error occurred while attempting toretrieve an entry from the database object cache.


HPDED0407E A database object cache retrieveoperation failed.

Explanation: An error occurred while attempting towrite an entry to the database object cache.

Administrator response: Refer to the Security Access

Manager error log for more information. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDED0408E A database file read operation failed.

Explanation: An error occurred while attempting toread the database file. The database could be corrupted.

Administrator response: Refer to the Security Access

HPDED0211E • HPDED0408E




Manager error log for more information. Ensure theSecurity Access Manager is up and running and theapplication is properly configured. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDED0409E The database file was not found.

Explanation: The database file was not found in thelocation specified by the configuration file.

Administrator response: Ensure the Security AccessManager is up and running and the application isproperly configured.

HPDED0410E Could not read policy databaseheader.

Explanation: The policy database header informationcould not be read. The database could be corrupted or

have incorrect permissions.

Administrator response: Verify that the policydatabase file permissions are valid. Also, ensure thatsufficient disk space is available in the file system andrestart the application. For local-mode applications, if the problem persists, recreate the replica by moving thedatabase to a temporary location and restarting theapplication.

HPDED0411E Invalid state: Policy retrieval error.

Explanation: An unexpected error occurred whileretrieving policy data from the database. The database

could be currupted.

Administrator response: Ensure the Security AccessManager is up and running and the application isproperly configured. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDED0412E Startup failure: Local policy databaseunavailable.

Explanation: An error occurred while attempting toretrieve the policy database from the Security Access

Manager policy server at application statup. Asubsequent attempt to start the application with a validlocal copy of the database also failed.

Administrator response: Ensure both the SecurityAccess Manager and the user registry server are up andrunning, and the application is properly configured.

HPDHZ0001E Unable to parse the file:

Explanation: The file is either invalid or cannot beread.

Administrator response: Ensure the file is valid andcan be read.

HPDHZ0002E Unable to read the file:

Explanation: The file is either invalid or cannot beread.

Administrator response: Ensure the file is valid andcan be read.

HPDIA0100E An internal error has occurred.

Explanation: The authentication switch encounteredan unexpected internal error.

Administrator response: Retry the operation. If theproblem persists contact your IBM servicerepresentative.

HPDIA0101E An unexpected error code wasencountered.

Explanation: The authentication switch encounteredan unexpected error code.

Administrator response: Retry the failing operation. If the problem persists, contact your IBM servicerepresentative.

HPDIA0102E Unable to open shared library.

Explanation: An attempt to open a shared libraryfailed.

Administrator response: Make sure that the path tothe shared library is correct, or if the full path is notspecified make sure that the library is present in/usr/lib on UNIX systems or is in the path onWindows systems.

HPDIA0103E Unable to locate symbol in sharedlibrary.

Explanation: An attempt to retrieve a symbol from ashared library failed. The most probable reason for the

error is that the library was built incorrectly.Administrator response: If the failing library issupplied as part of Security Access Manager, retry theoperation. If the problem persists, contact your IBMservice representative.

HPDED0409E • HPDIA0103E




HPDIA0104E The authentication mechanism isincorrectly specified.

Explanation: The authentication mechanism is notspecified or invalid in the .conf configuration file.

Administrator response: Make sure the correctauthentication mechanism is specified in the

[authentication-mechanisms] stanza of the .conf configuration file.

HPDIA0105W Invalid authentication method.

Explanation: The specified authentication method iseither invalid or unsupported in the current productconfiguration.

Administrator response: Verify the validity of thespecified authentication method.

HPDIA0110E An authentication mechanism modulespecific error occurred.

Explanation: A configured authentication mechanismmodule generated an unexpected error.

Administrator response: If the failing authenticationmechanism module is supplied as part of SecurityAccess Manager, retry the operation. If the problempersists, contact your IBM service representative.

HPDIA0111E A memory allocation call failed.

Explanation: In most cases this error due to theapplication program running out of memory.


has been configured with sufficient virtual memory forits requirements. The Security Access ManagerPerformance Tuning Guide contains instructions onhow to ensure that the application is configured withthe correct a mount of virtual memory. Stop and restartthe process. If the problem persists then contact yourIBM service representative.

HPDIA0112E The current authentication moduleoperation terminated due to anexception.



HPDIA0113E Could not acquire a client credential.Major status = 0x%8.8lx , minor status =0x%8.8lx

Explanation: A request to create a client credentialwas denied by the Security Access ManagerAuthorization API.


HPDIA0114E Could not acquire a client credential.

Explanation: A request to create a client credentialwas denied by the Security Access ManagerAuthorization API.


HPDIA0115E Unknown identity type.

Explanation: Unrecognized identity informationreturned from an authentication mechanism module.

Administrator response: Check the identityinformation returned from the module and, if thefailing authentication mechanism module is supplied as

part of Security Access Manager, retry the failingoperation. If the problem persists, contact your IBMservice representative.

HPDIA0116E Can't load extended attributes into theclient credential.

Explanation: Security Access Manager was unable toannotate the client credentials with extended attributesreturned from an authentication mechanism module.


HPDIA0117E Can't select authentication mechanism.

Explanation: Security Access Manager was unable toauthenticate a client because no suitable authenticationmechanisms are configured.

Administrator response: Make sure the correctauthentication mechanism is configured in the[authentication-mechanisms] stanza of the .conf configuration file.

HPDIA0118W Authentication method is notsupported.

Explanation: Security Access Manager was unable toauthenticate a client because the authentication methodemployed is not supported.

Administrator response: Use a different authenticationmethod.

HPDIA0104E • HPDIA0118W




HPDIA0119W Authentication mechanism is notavailable.

Explanation: Security Access Manager was unable toauthenticate a client because the authenticationmechanism is currently out of service.

Administrator response: Make sure the registry server

(LDAP server,or DOMINO server, or other type of registry server) is up running.

HPDIA0120W Not authorized to perform the currentoperation.



HPDIA0121W The requested operation is not valid.

Explanation: Security Access Manager was unable to

perform a requested operation because it is not valid.An example would be a token authentication userattempting to change their password

Administrator response: Consult documentation foroperation.

HPDIA0122E Unable to open shared library %s : %s.

Explanation: An attempt to open a shared libraryfailed.

Administrator response: Examine the reason given inthe error message, and attempt to correct the problem.Make sure that the path to the shared library is correct,

or if the full path is not specified make sure that thelibrary is present in /usr/lib on UNIX systems or is inthe path on Windows systems.

HPDIA0123E Unable to locate symbol %s in sharedlibrary %s : %s .

Explanation: An attempt to retrieve a symbol from ashared library failed, probably because the symbol wasnot found. The most probable reason for the error isthat the library was built incorrectly.

Administrator response: If the failing library issupplied as part of Security Access Manager, retry the

operation. If the problem persists, contact your IBMservice representative.

HPDIA0125W Authentication method (%s) is notsupported.

Explanation: Security Access Manager was unable toauthenticate a client because the authentication methodemployed is not supported.

Administrator response: Use a different authenticationmethod.

HPDIA0126W Authentication method (%s) is notconfigured.

Explanation: Security Access Manager was unable toauthenticate a client because the authentication methodemployed is not configured.

Administrator response: Make sure the employed

authentication method is configured in the[authentication-mechanisms] stanza of the .conf configuration file.

HPDIA0127W User %s is not authorized to performthe current operation.



HPDIA0128W The requested operation by user %sis not valid.

Explanation: Security Access Manager was unable toperform a requested operation because it is not valid.An example would be a token authentication userattempting to change their password


HPDIA0200W Authentication failed. You have usedan invalid user name, password or clientcertificate.


Administrator response: Check your authenticationinformation and try again.

HPDIA0201W The client supplied invalidauthentication information.

Explanation: Invalid authentication information waspresented to Security Access Manager.

Administrator response: Check the format of theauthentication information and try again.

HPDIA0202W An unknown user name waspresented to Security Access Manager.

Explanation: Security Access Manager could not locatethe supplied user name in the authentication registry.

Administrator response: Check the supplied username information and try again.

HPDIA0119W • HPDIA0202W




HPDIA0203W Authentication retry limit reached.

Explanation: The user has performed too manyconsecutive invalid authentication attempts.

Administrator response: Contact your Security AccessManager administrator.

HPDIA0204W The user's password has expired.


Administrator response: Contact your Security AccessManager administrator, and change your password.

HPDIA0205W The user's account has expired.



HPDIA0206W Login rejected due to policyviolation.

Explanation: Login rejected due to policy enforced forthe account.

Administrator response: Contact your Security AccessManager network administrator.

HPDIA0207W A PIN must be assigned to enableaccount

Explanation: A PIN must be assigned to enableaccount

Administrator response: Contact system administratorto assign new PIN

HPDIA0208W User's account has been disabled.



HPDIA0209W Next token required forauthentication

Explanation: Next token required for authentication

Administrator response: Enter next token

HPDIA0210W The login data entered could not bemapped to an Security Access Manageruser

Explanation: A mapping function, such as that in alibrary or CDAS, failed to map the login information toa Security Access Manager user.

Administrator response: Check the login data,registry, or mapping function.

HPDIA0211W A client certificate could not beauthenticated.

Explanation: A client certificate could not beauthenticated.

Administrator response: Check the client certificate

HPDIA0212W The data contained in the HTTPheader %s failed authentication.

Explanation: The request an HTTP header thatSecurity Access Manager was configured to use asauthentication data. This data failed authentication.

Administrator response: Check the request, the proxyserver (if one is used), and the mapping library

HPDIA0214W IP address based authenticationfailed

Explanation: Security Access Manager is configured to

authenticate using the client IP address, which waseither unavailable or invalid

Administrator response: Check Security AccessManager configuration and/or authentication library

HPDIA0215E The supplied username does not existin the registry.

Explanation: The administrator attempting to SUentered a username which does not exist in the registry.

Administrator response: Verify that username existsin user registry.

HPDIA0216E Administrator does not havepermission to su to this account.

Explanation: The administrator attempted to SU to aprivileged user, and the authentication mechanism didnot allow them to do so.

Administrator response: Make sure that theadministrator has the permissions needed to switchusername to the desired account.

HPDIA0217W Authentication by user %s denied atthis time of day.

Explanation: A user attempted to authenticate duringa time of day when his/her account is restricted.

Administrator response: Contact your Security AccessManager administrator to validate or change the timeof day for which this user is allowed to authenticate.





HPDIA0218W Authentication by user denied at thistime of day.

Explanation: A user attempted to authenticate duringa time of day when his/her account is restricted.

Administrator response: Contact your Security AccessManager administrator to validate or change the time

of day for which this user is allowed to authenticate.

HPDIA0219W An unknown user, %s , was presentedto Security Access Manager.

Explanation: Security Access Manager could not locatethe user name in the authentication registry.

Administrator response: Check the supplied username information and try again.

HPDIA0221W Authentication for user %s failed.You have used an invalid user name,password or client certificate.


Administrator response: Check your authenticationinformation and try again.

HPDIA0222W The client, %s , supplied invalidauthentication information.

Explanation: Invalid authentication information waspresented to Security Access Manager.

Administrator response: Check the format of theauthentication information and try again.

HPDIA0223W The authentication retry limit for user%s was reached.

Explanation: The user has performed too manyconsecutive invalid authentication attempts.


HPDIA0224W The password for user %s hasexpired.


Administrator response: Contact your Security AccessManager administrator, and change your password.

HPDIA0225W The account for user %s has expired.



HPDIA0226W The login for user %s was rejecteddue to a policy violation.

Explanation: Login rejected due to policy enforced forthe account.

Administrator response: Contact your Security AccessManager network administrator.

HPDIA0227W The account for user %s has beendisabled.



HPDIA0228W A client certificate for user %s couldnot be authenticated.



HPDIA0229W IP address authentication failed foraddress %s.

Explanation: Security Access Manager is configured toauthenticate using the client IP address, which waseither unavailable or invalid

Administrator response: Check Security AccessManager configuration, or authentication library

HPDIA0230E The supplied username %s does notexist in the registry.

Explanation: The administrator attempting to use theswitch username command and entered a usernamethat does not exist in the registry.

Administrator response: Verify that username existsin user registry.

HPDIA0231E Administrator %s does not havepermission to use switch username onthis account.

Explanation: The administrator attempted to SU to aprivileged user, and the authentication mechanism didnot allow them to do so.

Administrator response: Make sure that theadministrator has the permissions needed to switchusername to the desired account.

HPDIA0232W The data contained in the HTTPheader failed authentication.

Explanation: The request an HTTP header thatSecurity Access Manager was configured to use asauthentication data. This data failed authentication.

Administrator response: Check the request, the proxy





server (if one is used), and the mapping library

HPDIA0233W Authentication failed. You have usedan invalid password. This account hasbeen temporarily locked due to toomany failed login attempts.

Explanation: The Security Access Manageradministrator has set a disable-time-interval to lock thisaccount when the maximum number of login failures isexceeded.


HPDIA0234W Authentication failed. You have usedan invalid password. This account hasbeen disabled due to too many failedlogin attempts.

Explanation: The Security Access Manageradministrator has set a disable-time-interval to disablethis account when the maximum number of loginfailures is exceeded.


HPDIA0235W Authentication for user %s failed.You have used an invalid password.This account has been temporarilylocked due to too many failed loginattempts.

Explanation: The Security Access Manageradministrator has set a disable-time-interval to lock thisaccount when the maximum number of login failures isexceeded.


HPDIA0236W Authentication for user %s failed.You have used an invalid password.This account has been disabled due to

too many failed login attempts.



HPDIA0237W Authentication failed. The accountcould not be logged into as thepassword has expired.

Explanation: The LDAP registry failed theauthentication and reported that the password hasexpired.

Administrator response: Contact the administrator forthe LDAP registry to reset the password.

HPDIA0238W Authentication for user %s failed.The account could not be logged into asthe password has expired.

Explanation: The LDAP registry failed theauthentication and reported that the password hasexpired.

Administrator response: Contact the administrator forthe LDAP registry to reset the password.

HPDIA0239W Authentication failed. The account islocked.

Explanation: The LDAP registry failed theauthentication and reported that the account is locked.

Administrator response: Contact the administrator forthe LDAP registry to reset the account.

HPDIA0240W Authentication for user %s failed.The account is locked.

Explanation: The LDAP registry failed theauthentication and reported that the account is locked.

Administrator response: Contact the administrator forthe LDAP registry to reset the account.

HPDIA0241W Authentication failed. The account isdeactivated.

Explanation: The LDAP registry failed theauthentication and reported that the account isdeactivated.


HPDIA0242W Authentication for user %s failed.

The account is deactivated.

Explanation: The LDAP registry failed theauthentication and reported that the account isdeactivated.






HPDIA0300W Password rejected due to policyviolation.

Explanation: A password violates the rules for validpasswords set in a policy for the account.

Administrator response: Contact your Security AccessManager administrator for a list of password policies.

HPDIA0301W Password rejected due to minimumlength policy.

Explanation: A password does not meet the minimumlength requirement set in a policy for the account.


HPDIA0302W Password rejected due to the spacespolicy.

Explanation: A password does not meet the spaces

requirement set in a policy for the account.Administrator response: Contact your Security AccessManager administrator for a list of password policies.

HPDIA0303W Password rejected due to themaximum repeated characters policy.

Explanation: A password does not meet the maximumrepeated characters requirement set in a policy for theaccount.


HPDIA0304W Password rejected due to theminimum alphabetic characters policy.

Explanation: A password does not meet the minimumalphabetic characters requirement set in a policy for theaccount.


HPDIA0305W Password rejected due to theminimum non-alphabetic characterspolicy.

Explanation: A password does not meet the minimumnon-alphabetic characters requirement set in a policyfor the account.


HPDIA0306W This account has been temporarilylocked out due to too many failed loginattempts.


Administrator response: Wait untildisable-time-interval has elapsed, or contact yourSecurity Access Manager administrator to unlock andenable login to the account.

HPDIA0307W Post password change processing foruser %s failed.

Explanation: A configured post password changeprocessing module returned a failure status.

Administrator response: Check the post passwordchange processing module's log file.

HPDIA0309W This account is disabled.

Explanation: This account is disabled in the userregistry. Logins will not succeed until the account isenabled.

Administrator response: Contact your Security AccessManager administrator to enable this account.

HPDIA0310W The password for user %s wasrejected due to policy violation.

Explanation: A password violates the rules for validpasswords set in a policy for the account.


HPDIA0311W The password for user %s wasrejected due to minimum length policy.

Explanation: A password does not meet the minimumlength requirement set in a policy for the account.


HPDIA0312W The password for user %s was

rejected due to the spaces policy.

Explanation: The password does not meet the spacesrequirement set in a policy for the account.






HPDIA0313W The password for user %s wasrejected due to the maximum repeatedcharacters policy.

Explanation: A password does not meet the maximumrepeated characters requirement set in a policy for theaccount.


HPDIA0314W The password for user %s wasrejected due to the minimum alphabeticcharacters policy.

Explanation: A password does not meet the minimumalphabetic characters requirement set in a policy for theaccount.


HPDIA0315W The password for user %s wasrejected due to the minimumnon-alphabetic characters policy.

Explanation: A password does not meet the minimumnon-alphabetic characters requirement set in a policyfor the account.


HPDIA0316W The account for user %s has beentemporarily locked due to too manyfailed login attempts.


Administrator response: Wait untildisable-time-interval has elapsed, or contact yourSecurity Access Manager administrator to unlock andenable login to the account.

HPDIA0317W The account for user %s is disabled.

Explanation: This account is disabled in the userregistry. Logins will not succeed until the account is

enabled.

Administrator response: Contact your Security AccessManager administrator to enable this account.

HPDIA0318W The user does not have permission tomodify their password.

Explanation: The LDAP registry rejected the passwordchange as the user does not have permission.

Administrator response: Contact the administrator for

the LDAP registry to gain access.

HPDIA0319W The user %s does not havepermission to modify their password.

Explanation: The LDAP registry rejected the passwordchange as the user does not have permission.

Administrator response: Contact the administrator forthe LDAP registry to gain access.

HPDIA0320W The user is not permitted to changetheir password this early after the priorchange.

Explanation: The LDAP registry rejected the passwordchange as it reported that the password can not bechanged this early after a prior change.

Administrator response: Avoid changing thepassword, or contact the administrator for the LDAPregistry to reset the password.

HPDIA0321W The user %s is not permitted tochange their password this early afterthe prior change.

Explanation: The LDAP registry rejected the passwordchange as it reported that the password can not bechanged this early after a prior change.

Administrator response: Avoid changing thepassword, or contact the administrator for the LDAPregistry to reset the password.

HPDIA0322W The user is not permitted to use the

new password as it has already beenused recently.

Explanation: The LDAP registry rejected the passwordchange as it reported that the password has already

been used by the user and cannot be reused.

Administrator response: Choose a new password thathas not been used with the account before.

HPDIA0323W The user %s is not permitted to usethe new password as it has already beenused recently.

Explanation: The LDAP registry rejected the password

change as it reported that the password has already been used by the user and cannot be reused.

Administrator response: Choose a new password thathas not been used with the account before.

HPDIA0500W Authentication failure (error status0x%x).

Explanation: An error occurred that was outside the bounds of expected authentication errors.





Administrator response: Contact your IBM servicerepresentative with the given error status.

HPDIA0501E Authentication failed for user %s(error status 0x%x).



HPDIA0502E Password change failed for user %s(error status 0x%x).



HPDJA0100E Invalid argument: Null context.

Explanation: A nonnull context object is required tocommunicate with the Security Access Manager policyserver and define values for message and trace logging.


HPDJA0101E Invalid argument: Null messages.

Explanation: A nonnull PDMessages object is requiredto hold any return messages that might be generatedduring the operation. Typically, this object contains nomessages on input.

Administrator response: Ensure that the messagesargument is nonnull.

HPDJA0102E Invalid argument: Null or zero-lengthuser or group name.

Explanation: A valid, nonnull name is required.

Administrator response: Ensure that the user orgroup name argument is nonnull and has a positivelength.

HPDJA0103E Invalid argument: Null or zero-lengthregistry name.

Explanation: A valid, nonnull registry name isrequired.

Administrator response: Ensure that the registryname argument is nonnull and that the name returned

by its getRgyName() method is nonnull and has apositive length.

HPDJA0104E Invalid argument: Null or zero-lengthpassword.

Explanation: A valid, nonnull password is required.

Administrator response: Ensure that the passwordargument is nonnull and has a positive length.

HPDJA0105E Invalid argument: Null or zero-lengthpattern.

Explanation: A valid, nonnull pattern is required.

Administrator response: Ensure that the patternargument is nonnull and has a positive length.

HPDJA0106E Invalid argument: Negative maximumreturn number.

Explanation: The number of returned items must benonnegative.

Administrator response: Ensure that the maximumreturn argument is greater than or equal to 0.

HPDJA0107E Invalid argument: Null locale.

Explanation: A valid, nonnull locale is required. Touse the default locale, use the method that does nottake a locale argument.

Administrator response: Ensure that the localeargument is nonnull.

HPDJA0108E Invalid argument: Null configurationURL.

Explanation: A valid, nonnull URL is required. Inaddition, the caller must have adequate permission toaccess and read the URL. The configuration data in theURL must be in the proper format and must contain allthe data necessary to locate and communicate with aSecurity Access Manager policy server.

Administrator response: Ensure that the configurationURL argument is nonnull.

HPDJA0109W A nonnull value is being passed toan unsupported argument.

Explanation: The method being invoked has one or

more unsupported arguments. A nonnull value is beingpassed for an unsupported argument.

Administrator response: Ensure that a value of null ispassed for unsupported arguments. Refer to productdocumentation to find out what arguments areunsupported for the method being invoked.

HPDIA0501E • HPDJA0109W




HPDJA0110E Invalid data received from theSecurity Access Manager policy server.

Explanation: The data received from the SecurityAccess Manager policy server is invalid. Requiredvalues might be missing or the values might have beencorrupted during transmission. Data values might bemissing because the policy server is incompatible withthe client.

Administrator response: Ensure the Security AccessManager policy server supports the release level of theclient. If the policy server is compatible with the client,try the operation again.

HPDJA0111W The component has not beeninitialized or has already been shutdown.

Explanation: The shutdown() method was called on acomponent that has already been shut down or wasnever initialized.


HPDJA0112W The component has already beeninitialized.

Explanation: The initialize() method of a componentinitialization class might be called more than once, butonly the first caller sets the program name for thecomponent log output.

Administrator response: No action is required, but theprogram name might differ from what is expected. Usethe getProgramName() method to determine theprogram name that appears in the component messageand trace log output.

HPDJA0113W The component was not shut down.There might be other users.

Explanation: Several calls might have been made toinitialize a component using the initialize() method.The component is shut down only after the samenumber of calls have been made to the shutdown()method. Each program that calls the initialize() methodshould also call the shutdown() method.


HPDJA0114E Invalid argument: Null or zero-lengthattribute name.

Explanation: A valid, nonnull attribute name isrequired.

Administrator response: Ensure that the attributename argument is nonnull and has a positive length.

HPDJA0115E Invalid argument: Null attribute value.

Explanation: A nonnull attribute value is required.

Administrator response: Ensure that the attributevalue argument is nonnull.

HPDJA0116E Cannot contact server.

Explanation: The client cannot connect to the server.This can mean that the server process is not running orthat network connectivity does not exist between theclient and server machines due to network partitioningcaused by an intervening firewall or a nonfunctionalintermediate router. The server address and port can befound in the trace log file.

Administrator response: Ensure that networkconnectivity exists between the client and servermachines (issue a ping, for example) and verify that theserver process is running on the expected port.

HPDJA0117E Invalid argument: Null descriptiontext.

Explanation: A nonnull description value is required.

Administrator response: Ensure that the descriptionargument is nonnull.

HPDJA0118E Invalid argument: Port number is lessthan or equal to 0.

Explanation: Only port numbers greater than 0 arevalid. It is usually good practice to assign port numbersgreater than 1024 to user applications because manysystems reserve port numbers below that value forspecial purposes.

Administrator response: Ensure that the input portnumber is greater than 0.

HPDJA0119E Invalid argument: Null or zero-lengthserver host name.

Explanation: A valid, nonnull host name is required.

Administrator response: Ensure that the server hostname argument is nonnull and has a positive length.

HPDJA0120W The outData information received

from the policy server was not returnedbecause the input outData parameter isnull.

Explanation: A nonnull outData argument is requiredto return outData information received from the policyserver.

Administrator response: Ensure the outData argumentis nonnull.

HPDJA0110E • HPDJA0120W




HPDJA0122E Unknown message code: %s.



HPDJA0123E Invalid argument: Null properties.

Explanation: A valid, nonnull properties object isrequired.

Administrator response: Ensure that the propertiesargument is nonnull.

HPDJA0124E Invalid argument: Null or zero-lengthcredentials.

Explanation: A valid, nonnull credentials array isrequired.

Administrator response: Ensure that the delegatedcredentials argument is nonnull and has a positivelength.

HPDJA0125E The data for %s that was receivedfrom the Security Access Managerpolicy server is not valid.

Explanation: The data received from the SecurityAccess Manager policy server is not valid. Requiredvalues might be missing or the values might have beengarbled during transmission. Data values might bemissing because the policy server is incompatible withthe client.

Administrator response: Ensure that the SecurityAccess Manager policy server supports the release levelof the client. If the policy server is compatible with theclient, try the operation again.

HPDJA0126E Connection pool closed.

Explanation: Attempting to acquire a connection from

a connection pool when in the process of closing or isclosed. This is usually due to resuing a PDContext aftercalling its close() method. Create a new PDContext ordefer calling PDContext.close() method.

Administrator response: Do not re-use a PDContextafter calling its close() method.

HPDJA0127E No PDContext available.

Explanation: There is no more free PDContext in thePDContextPool to service the getPDContext() call.

Administrator response: Increase the PDContextPoolsize and ensure application calls PDContext.close() toreturn the PDContext back into the pool it's no longer

needed.

HPDJA0200E Invalid operation: The current objectdoes not represent a Security AccessManager user.

Explanation: An operation was attempted on aPDUser object that represents a user that exists in theuser registry but is undefined in Security AccessManager. Therefore, certain Security Access Manageroperations are invalid.

Administrator response: Ensure that the user thisobject represents is defined in Security Access Manager.

That is, there must be a user defined to the SecurityAccess Manager policy server with the registry nameused to instantiate this object.

HPDJA0201E Invalid argument: The user nameobject is not a valid type or iszero-length.

Explanation: The input user name argument can be aString object representing a Security Access Manageruser name or an instance of the PDRgyUserName classif the name being specified is a registry name. No otherobject types are allowed. If the input name argument isa String, it must have a positive length. If the input

name is a PDRgyUserName object, the String returnedfrom its getRgyName() method must be nonnull andhave a positive length.

Administrator response: Ensure that the user nameargument is an instance of the String class for SecurityAccess Manager user names or an instance of thePDRgyUserName class for registry names. Ensure theinput String or the name returned from thePDRgyUserName object getRgyName() method isnonnull and has a positive length.

HPDJA0300E Invalid operation: The current objectdoes not represent a Security Access

Manager group.

Explanation: An operation was attempted on aPDGroup object that represents a group that exists inthe user registry but is undefined in Security AccessManager. Therefore, certain Security Access Manageroperations are invalid.

Administrator response: Ensure that the group thisobject represents is defined in Security Access Manager.That is, there must be a group defined to the SecurityAccess Manager policy server with the registry nameused to instantiate this object.

HPDJA0122E • HPDJA0300E




HPDJA0301E Invalid argument: The group nameobject is not a valid type or iszero-length.

Explanation: The input group name argument can bea String object representing a Security Access Managergroup name or an instance of the PDRgyGroupNameclass if the name being specified is a registry name. Noother object types are allowed. If the input nameargument is a String, it must have a positive length. If the input name is a PDRgyGroupName object, theString returned from its getRgyName() method must benonnull and have a positive length.

Administrator response: Ensure that the group nameargument is an instance of the String class for SecurityAccess Manager group names or an instance of thePDRgyGroupName class for registry names. Ensure theinput String or the name returned from thePDRgyGroupName object getRgyName() method isnonnull and has a positive length.

HPDJA0302E Invalid argument: Null or emptymember name list.

Explanation: At least one valid, nonnull membername is required.

Administrator response: Ensure that the membername list argument is nonnull and has at least onemember.

HPDJA0400E Invalid argument: The maximumnumber of login failures is outside ofthe allowed range.

Explanation: The maximum number of login failuresis enforced to be a nonnegative integer.

Administrator response: Ensure that the maximumnumber of login failures argument is greater than orequal to 0.

HPDJA0401E Invalid argument: The account-disabletime interval argument is outside of theallowed range.

Explanation: The account-disable time interval isenforced to be an integer greater than or equal to 0(where 0 indicates an unlimited time interval).

Administrator response: Ensure that the accountdisable time interval argument is greater than or equalto 0.

HPDJA0402E Invalid argument: The accountexpiration date argument is outside ofthe allowed range.

Explanation: The account expiration date is enforced by the API logic. The maximum value is consistentwith existing Security Access Manager installations thatimpose this limitation.

Administrator response: Ensure that the accountexpiration date argument falls within the acceptablerange, current time - 2035-12-31-23:59:59.

HPDJA0403E Invalid argument: The maximumpassword age argument is outside of theallowed range.

Explanation: The maximum password age must be anonnegative integer.

Administrator response: Ensure that the maximumpassword age argument is greater than or equal to 0.

HPDJA0404E Invalid argument: The maximumrepeated characters argument is outsideof the allowed range.

Explanation: The range of the maximum repeatedcharacters value is enforced to be a nonnegative integer.

Administrator response: Ensure that the maximum

repeated characters argument is greater than or equalto 0.

HPDJA0405E Invalid argument: The minimumalphabetic characters argument isoutside of the allowed range.

Explanation: The minimum alphabetic charactersvalue is enforced to be a nonnegative integer.

Administrator response: Ensure that the minimumalphabetic characters argument is greater than or equalto 0.

HPDJA0406E Invalid argument: The minimumnonalphabetic characters argument isoutside of the allowed range.

Explanation: The minimum nonalphabetic charactersvalue is enforced to be a nonnegative integer.

Administrator response: Ensure that the minimumnonalphabetic characters argument is greater than orequal to 0.

HPDJA0407E Invalid argument: The minimumpassword length argument is outside ofthe allowed range.

Explanation: The minimum password length value isenforced to be a nonnegative integer.

Administrator response: Ensure that the minimumpassword length argument is greater than 0.

HPDJA0408E Invalid argument: The time-of-dayaccess days specification argument doesnot correspond to any predefined value.

Explanation: The bitmaps defined in the PDPolicy





class represent the days of the week positionally withinan 8-bit structure.

Administrator response: Ensure that the access daysare specified using the predefined bitmaps. These

bitmaps can be used individually. A logical ORoperation can be performed on two or more of the

bitmaps to generate the desired bitmap.

HPDJA0409E Invalid argument: The time-of-daystart time is either less than 0 or greaterthan the maximum allowable time.

Explanation: The time-of-day start time must fallwithin 0 through 1439.

Administrator response: Ensure that the time-of-daystart time falls within the acceptable range, 0 through1439.

HPDJA0410E Invalid argument: The time-of-dayend time is either less than 0 or greater

than the maximum allowable time.

Explanation: The maximum value is the number of minutes in 24 hours, less 1 minute.

Administrator response: Ensure that the time-of-dayend time falls within the acceptable range, 0 through1439.

HPDJA0411E Invalid argument: The time-of-daytime zone is not UTC or local.

Explanation: Only two time zone values aresupported: UTC or local. These values are represented

by constants in the PDPolicy class.

Administrator response: Ensure that the time zone isone of the predefined constants,PDPOLICY_TIME_UTC or PDPOLICY_TIME_LOCAL,found in the PDPolicy class.

HPDJA0412E Invalid argument: The maximumnumber of concurrent web sessions isoutside of the allowed range.

Explanation: The maximum number of concurrentweb sessions is enforced to be a nonnegative integerand greater than zero.

Administrator response: When specifying a numberfor the maximum number of concurrent web sessions,ensure that it is an integer greater than 0.

HPDJA0500E Invalid argument: Null or zero-lengthACL name.

Explanation: An ACL name is required.

Administrator response: Ensure that the ACL nameargument is nonnull.

HPDJA0502E Invalid argument: NullPDAclEntryUser object.

Explanation: A nonnull PDAclEntryUser argument isrequired.

Administrator response: Ensure that thePDAclEntryUser argument is nonnull.

HPDJA0503E Invalid argument: NullPDAclEntryGroup object.

Explanation: A nonnull PDAclEntryGroup argumentis required.

Administrator response: Ensure that thePDAclEntryGroup argument is nonnull.

HPDJA0504E Invalid argument: NullPDAclEntryAnyOther object.

Explanation: A nonnull PDAclEntryAnyOther

argument is required.Administrator response: Ensure that thePDAclEntryAnyOther argument is nonnull.

HPDJA0505E Invalid argument: NullPDAclEntryUnAuth object.

Explanation: A nonnull PDAclEntryUnAuth argumentis required.

Administrator response: Ensure that thePDAclEntryUnAuth argument is nonnull.

HPDJA0506E Invalid argument: Null or zero-lengthuser name field for the ACL entry.

Explanation: A user name is required to create anACL entry.

Administrator response: Ensure that the user namefor the ACL entry is nonnull.

HPDJA0507E Invalid argument: Null or zero-lengthgroup name field for the ACL entry.

Explanation: A group name is required to create anACL entry.

Administrator response: Ensure that the group namefor the ACL entry is nonnull.

HPDJA0508E Invalid argument: Null permissionsfield for the ACL entry.

Explanation: A nonnull permissions field is requiredto create an ACL entry.

Administrator response: Ensure that the permissionsfield for the ACL entry is nonnull.





HPDJA0509E An ACL entry present in theUserAclEntries HashMap is not aPDAclEntryUser object.

Explanation: Only PDAclEntryUser objects can bepresent in the UserAclEntries HashMap. Use theGroupAclEntries HashMap for passing in thePDAclEntryGroup objects.

Administrator response: Ensure that theUserAclEntries HashMap contains onlyPDAclEntryUser objects.

HPDJA0510E An ACL entry present in theGroupAclEntries HashMap is not aPDAclEntryGroup object.

Explanation: Only PDAclEntryGroup objects can bepresent in the GroupAclEntries HashMap. Use theUserAclEntries HashMap for passing in thePDAclEntryUser objects.

Administrator response: Ensure that theGroupAclEntries HashMap contains onlyPDAclEntryGroup objects.

HPDJA0600E Invalid argument: Null or zero-lengthprotected object name.

Explanation: A nonnull protected object name isrequired.

Administrator response: Ensure that the protectedobject name argument is nonnull.

HPDJA0601E Invalid argument: Null or zero-length

permission string

Explanation: A nonnull permission string is required.

Administrator response: Ensure that the permissionstring is nonnull.

HPDJA0602E Invalid argument: Length of inputarrays do not match.

Explanation: Matching Input array lengths required.

Administrator response: Ensure that the size of allinput arrays match.

HPDJA0700E Invalid argument: Null or zero-lengthprotected objectspace name.

Explanation: A nonnull protected objectspace name isrequired.

Administrator response: Ensure the protectedobjectspace name argument is nonnull.

HPDJA0800E Invalid argument: Null or zero-lengthapplication server name.

Explanation: A valid, nonnull name is required.

Administrator response: Ensure that the applicationserver name argument is nonnull and has a positivelength.

HPDJA0801E Invalid argument: Null group list.

Explanation: A valid, nonnull group list is required.

Administrator response: Ensure that the applicationserver group list argument is nonnull. An empty listmay be used to clear an existing group list.

HPDJA0802E Invalid argument: Null URL or invalidprotocol.

Explanation: A valid, nonnull URL is required. Inaddition, only the 'file' protocol is currently supported.

Administrator response: Ensure that the URLargument is nonnull and that the URL uses the 'file'protocol.

HPDJA0803E Database URL does not specify adirectory.

Explanation: The operation requires an existingdirectory in which to locate the local policy database.

Administrator response: Ensure that the databaseURL argument specifies an existing directory on thelocal system.

HPDJA0804E Invalid argument: Null or emptySecurity Access Manager server list.

Explanation: Configuration and use of Javaapplication servers require communication with theSecurity Access Manager policy server and anauthorization server.

Administrator response: Ensure that there is at leastone server in the server list argument.

HPDJA0805E Invalid argument: Preference rankmust be greater than 0.

Explanation: Internal logic requires that all SecurityAccess Manager servers specified in an applicationconfiguration have a rank greater than 0.

Administrator response: Ensure that the rankargument is greater than 0.





HPDJA0806E Invalid argument: Unsupportedconfiguration action.

Explanation: The configureAppSvr() method verifiesthat a known action is specified and executes differentlogic based on that action.

Administrator response: Ensure that one of the

configuration action constants defined in thePDAppSvrConfig class is used.

HPDJA0807E Invalid argument: Null applicationserver specification.

Explanation: The nonnull application serverspecification is required.

Administrator response: Ensure that the applicationserver specification argument is nonnull.

HPDJA0808E The specified configuration orkeystore file already exists.



HPDJA0809E Cannot create the specifiedconfiguration or keystore file.

Explanation: Failure to create the configuration orkeystore file might be caused by a variety of reasonssuch as access restrictions or limited resources (filedescriptors or disk space).

Administrator response: Try another file name oranother directory. Ensure that the process haspermission to create and write to the file.

HPDJA0810E The signature needed to sign acertificate request is not supported.

Explanation: Only RSA is used to create applicationserver certificate requests. If the Security AccessManager policy server's certificate has not been signedusing RSA, then information required to complete the

application server certificate request is not available.

Administrator response: Ensure that the keystoreused by the Security Access Manager policy server hasnot been corrupted and that the signature algorithm forthe server certificate is RSA. Other signaturealgorithms, such as DSA, are not supported.

HPDJA0811W Some aspect of local unconfigurationfailed.

Explanation: When unconfiguring a Java applicationserver, a number of operations are performed locally.These steps include removing configuration data fromthe configuration URL and deleting the keystore file.One or more of these steps failed, so the files must bemanually cleaned up.

Administrator response: Manually remove theconfiguration or keystore file, or both, if desired.Alternatively, information in the files can beoverwritten by configuring another Java applicationserver using the 'replace' action.

HPDJA0812E Invalid argument: Unrecognizedserver type.

Explanation: A recognized server type is required.

Administrator response: Ensure the server type

argument is one of the server type constants defined inthe PDAppSvrConfig class.

HPDJA0813E Invalid argument: Null server object.

Explanation: A nonnull server object is required.

Administrator response: Ensure the server argumentis nonnull.

HPDJA0814E The specified server already exists inthe configuration.

Explanation: A server cannot be added to theconfiguration if it already exists.

Administrator response: Check that the input serverhas been specified properly. Ensure that the host, portand server type are correct. The configurationinformation can be examined using the getAppSvrInfo()method for further information.

HPDJA0815E The specified server does not exist inthe configuration.

Explanation: A server of the specified type with thegiven host and port cannot be found the configuration.

Administrator response: Check that the input server

has been specified properly. Ensure that the host, port,and server type are correct. The configurationinformation can be examined using the getAppSvrInfo()method.

HPDJA0816E Cannot remove last server.

Explanation: At least one policy server and oneauthorization server must be specified in a Javaapplication server configuration. The last policy serverand authorization server cannot be removed.





Administrator response: Add another server of thespecified type before trying to remove this one.

HPDJA0817E The specified server is ambiguous. Itmatches more than one server in theconfiguration.

Explanation: When searching for a match to the inputserver, first both host and port are examined. If a serverin the configuration matches both host and port, thesearch is done. If no server in the configurationmatches both host and port, a match is made on hostalone. If more than one server matches on host, theresults are ambiguous.

Administrator response: Change the port specificationof the server so that the combination of host and portmatches one and only one server of its type in theconfiguration. The configuration information can beexamined using the getAppSvrInfo() method.

HPDJA0818E Cannot set value for remote modeapplication server.

Explanation: The configuration data that is being setis used only by local mode Java application servers,and the specified configuration URL indicates a remotemode server.

Administrator response: Verify that the applicationserver was configured correctly. If it is supposed tooperate in local mode, the server must be unconfiguredand configured again. If it is not supposed to operate inlocal mode, the attempted operation is not applicableand no further action is necessary.

HPDJA0819W Failure restoring originalconfiguration or keystore information.

Explanation: The configuration operation failed butthe original contents of the configuration or keystorefile, or both, could not be restored, possibly due to asystem-dependent file I/O error. The informationcontained in the files is lost, but this is significant onlyif there was application-specific data in theconfiguration file. If that was the case, the onlyrecovery is to reconfigure the application server andsupply any extra information to the new configuration.

Administrator response: The Java application server

should be unconfigured and then reconfigured.

HPDJA0820W Local unconfiguration ignored;specified application server name orhost does not match data inconfiguration file.

Explanation: Before performing local unconfigurationoperations, a check is made to verify that the userspecified the same server and host data that is presentin the configuration file. This check prevents a userfrom inadvertently removing local configuration for the

wrong application server. Since this check is made aftercalling the policy server to unconfigure the applicationserver, it has no effect on remote unconfigurationoperations.

Administrator response: Ensure that the applicationserver name and host specified to the unconfigurationoperation matches the application server name and

host present in the configuration file.

HPDJA0821E Cannot create temporary configurationfile.

Explanation: Failure to create the configuration filemight be caused by a variety of reasons such as accessrestrictions or limited resources (file descriptors or diskspace).


HPDJA0822E Cannot store information in temporaryconfiguration file.

Explanation: Failure to create the configuration filemight be caused by a variety of reasons such as accessrestrictions or limited resources (file descriptors or diskspace).


HPDJA0823E Cannot set Local LDAP Managementvalue as it is not enabled.

Explanation: The configuration data that is being setis used only by the Local LDAP Management API, andthe specified configuration URL indicates a it is notenabled.

Administrator response: Verify that Local LDAPManagement was configured correctly. If it is supposedto be enabled, the server must be unconfigured andconfigured again. If it is not supposed to have LocalLDAP Management, the attempted operation is notapplicable and no further action is necessary.

HPDJA0900E Invalid argument: Null or zero-length

SSO resource name.Explanation: A valid, nonnull SSO resource name isrequired.

Administrator response: Ensure the SSO resourcename argument is nonnull and has a positive length.





HPDJA1000E Invalid argument: Null or zero-lengthSSO resource group name.

Explanation: A valid, nonnull SSO resource groupname is required.

Administrator response: Ensure the SSO resourcegroup name argument is nonnull and has a positive

length.

HPDJA1100E Invalid argument: SSO resource type.

Explanation: The SSO resource type must be eitherPDSSOCRED_SSORESOURCE orPDSSOCRED_SSORESOURCEGROUP, defined in thePDSSOCred class.

Administrator response: Ensure the SSO resource typeis one of the supported types.

HPDJA1101E Invalid argument: SSO resource username.

Explanation: A nonnull SSO resource user name isrequired.

Administrator response: Ensure the SSO resource username argument is nonnull.

HPDJA1102E Invalid argument: SSO resourcepassword.

Explanation: A nonnull SSO resource password isrequired.

Administrator response: Ensure the SSO resourcepassword argument is nonnull.

HPDJA1200E Invalid argument: Null or zero-lengthaction name.

Explanation: A valid, nonnull action name is required.

Administrator response: Ensure that the action nameargument is nonnull and has a positive length.

HPDJA1201E Invalid argument: Null action type.

Explanation: A valid, nonnull action type is required.

Administrator response: Ensure that the action typeargument is nonnull.

HPDJA1202E Invalid argument: Null or zero-lengthaction group name.

Explanation: A valid, nonnull action group name isrequired.

Administrator response: Ensure that the action groupname argument is nonnull and has a positive length.

HPDJA1300E Invalid argument: Null or zero-lengthserver name.

Explanation: A valid, nonnull server name is required.

Administrator response: Ensure that the server nameargument is nonnull and has a positive length.

HPDJA1301E Invalid argument: Null task name.

Explanation: A valid, nonnull task name is required.

Administrator response: Ensure that the task nameargument is nonnull and has a positive length.

HPDJA1400E Invalid argument: Null or zero-lengthPOP name.

Explanation: A valid, nonnull POP name is required.

Administrator response: Ensure that the POP nameargument is nonnull and has a positive length.

HPDJA1401E Invalid argument: Null or invalidQOP value.

Explanation: A valid, nonnull QOP value is required.

Administrator response: Ensure that the QOPargument is nonnull and is one of the PDPOP_QOP_*constants defined in the PDPop class.

HPDJA1402E Invalid argument: Invalid audit levelvalue.

Explanation: A valid, nonnull value for the audit levelis required.

Administrator response: Ensure that the audit levelargument is set to one of the PDPOP_AUDIT_LEVEL_*constants defined in the PDPop class or a logical ORoperation on these constants.

HPDJA1403E Invalid argument: Null todAccessInfoargument.

Explanation: A nonnull todAccessInfo argument isrequired.

Administrator response: Ensure that thetodAccessInfo argument is nonnull. Use thePDTodAccessInfo constructor to create a validPDTodAccessInfo object.

HPDJA1404E Invalid argument: Null or emptyIPAuthInfo argument.

Explanation: A nonnull and nonempty IPAuthInfoargument is required.

Administrator response: Ensure that the IPAuthInfoargument is nonnull and nonempty. Use thePDPop.IPAuthInfo constructor to create IPAuthInfo





objects and pass them as elements of the IPAuthInfoArrayList argument.

HPDJA1405W IPAuthInfo specified at index %salready exists for this POP.

Explanation: New IPAuthInfo cannot be specified if IPAuthInfo already exists for a given IP address andnetmask.

Administrator response: Ensure that the existingIPAuthInfo for the specified IP address and netmask isremoved before specifying a new one for the same IPaddress and netmask.

HPDJA1406W IPAuthInfo specified at index %s notfound for this POP.

Explanation: Only IPAuthInfo entries that exist can beremoved.

Administrator response: Ensure that the IPAuthInfo

entry exists. If the entry does not exist, remove it fromthe input list.

HPDJA1407E Specified IP address is not valid.

Explanation: A valid IP address is required.

Administrator response: Ensure that the IP address isspecified in dotted decimal format with valid numericcharacters.

HPDJA1408E Specified netmask is not valid.

Explanation: A valid netmask is required.

Administrator response: Ensure that the netmask isspecified in dotted decimal format with valid numericcharacters.

HPDJA1500E Invalid argument: Null or zero-lengthdomain name.

Explanation: A valid, nonnull domain name isrequired.

Administrator response: Ensure that the domainname argument is nonnull and has a positive length.

HPDJA1600E Invalid argument: Null or zero-lengthrule name.

Explanation: A valid, nonnull rule name is required.

Administrator response: Ensure that the rule nameargument is nonnull and has a positive length.

HPDJA1601E Invalid argument: Null or zero-lengthrule text.

Explanation: A valid, nonnull rule text is required.

Administrator response: Ensure that the rule textargument is nonnull and has a positive length.

HPDJA1602E Invalid argument: Null fail reason.

Explanation: A nonnull fail reason is required.

Administrator response: Ensure that the fail reasonargument is nonnull.

HPDJA1700E Command does not pass validationcheck.

Explanation: The command syntax was incorrect. Thiscan occur when an argument of the wrong type isspecified.

Administrator response: Verify the correct syntax forthe command and try again.

HPDJA1708E The server did not start.

Explanation: A problem occurred when the commandline program tried to start the server.

Administrator response: Try to start the serverindependently of the command line administration tool;it might start successfully under those circumstances. If the server fails to start, any errors that are written tothe terminal or to the server's trace logs can be used tohelp determine the problem.

HPDJA1710E The server did not stop. Check thehost and port number.

Explanation: A problem occurred when the commandline program tried to stop the server.

Administrator response: Ensure that the host and portspecify a valid audit server. If the host and port specifya different type of server, the stop command will notwork. If the host and port do specify a valid auditserver, try to stop the server independently of thecommand line administration tool; it might stopsuccessfully using that method. If the server fails tostop, any errors that are written to the terminal or to

the server's trace logs can be used to help determinethe problem.

HPDJA1711E Invalid argument: Port number mustbe greater than 0.

Explanation: A valid, positive port number is requiredin order to try to connect to the server.

Administrator response: Ensure that the specified portnumber is greater than 0.

HPDJA1405W • HPDJA1711E




HPDJA1712E Could not detect a server running onhost %s , port %s.

Explanation: The command line program cannot stopa server if it cannot connect to it using the specifiedhost and port.

Administrator response: Ensure that the specified host

and port number are correct. Also, test connectivityfrom the system on which the command line programis running to the target system.

HPDMG0150E Invalid object name.

Explanation: The Security Access Manager policyserver received a request containing an invalid objectname.

Administrator response: Ensure that the object has been specified properly.

HPDMG0155E Too many subjects found within the

client credential.

Explanation: The Security Access Manager policyserver encountered a client credential that containedmore than one subject.

Administrator response: Ensure that the request oroperation deals with a single identity.

HPDMG0156E Unable to sign a certificate.Unexpected error from %s (0x%8.8lx).

Explanation: An unexpected error was encounteredwhile attempting to issue a certificate.

Administrator response: Ensure that the keystoreused by the Security Access Manager policy server hasnot been corrupted.

HPDMG0157E The policy server failed to sign acertificate.

Explanation: The Security Access Manager policyserver encountered an unexpected error whileattempting to sign a certificate.

Administrator response: Ensure that there is enoughdisk space on the policy server machine. Seeivmgrd.log for more information.

HPDMG0158E Could not open %s because thepassword stash file does not exist or iscorrupted.

Explanation: The server's configuration has possibly been corrupted.

Administrator response: Ensure that the keystore hasnot been corrupted. If the failure persists, reconfigurethe failed server.

HPDMG0160E SSL database (ivmgrd.kdb) could notbe opened.

Explanation: The Security Access Manager policyserver keystore file, ivmgrd.kdb, could not be opened.

Administrator response: Ensure that the keystoreused by the Security Access Manager policy server

exists and has not been corrupted. Should the failurepersist, stop the policy server, and run mgrsslcfg tore-configure the policy server.

HPDMG0162E ASN1 decode error %d occurred. Thecertificate buffer received is invalid andcannot be decoded.

Explanation: The Security Access Manager policyserver has received a corrupted or invalid request.

Administrator response: Retry the operation. If theproblems persists, unconfigure and reconfigure theclient application or remote server.

HPDMG0164E The Policy Server could not bestarted (0x%8.8lx).

Explanation: The Security Access Manager policyserver encountered an error during initialization.Probably the password or login DN is incorrect or thepassword has expired. This error should not occur if the program is correctly configured, but if [ldap]admin-dn or admin-pwd values in .conf files have beenmodified then it is possible.

Administrator response: Check ivmgrd.log foradditional information.

HPDMG0165W The application has received adatabase update notification howeverthe version of the command is incorrect.The policy database will not beupdated.

Explanation: The policy server has sent a databaseupdate notification however the policy server isunaware that this system has been upgraded.

Administrator response: This is typically aself-correcting problem and no action is normallyrequired. If the problem persists beyond a restart of theapplication, check the application logs and policy

server logs for additional information.

HPDMG0166W Memory allocation failure.Attempted to allocate %d bytes ofmemory.

Explanation: The Security Access Manager policyserver attempted to allocate memory, and an erroroccurred.

Administrator response: This error might be atemporary condition. Attempt to free up memory by

HPDJA1712E • HPDMG0166W




closing other running applications. If the problempersists, increase the system memory in the machine.

HPDMG0167E Domain in the certificate to besigned does not match the local domain.

Explanation: PDMgr received a certificate to be signed but the domain in the certificate distinguished name isdifferent from the local domain contained in theauthenticated credentials for the session.

Administrator response: Log in to the correct domainfor the certificate.

HPDMG0169E Database migration failed!

Explanation: The Security Access Manager policyserver has opened a down-level version of the policydatabase, and encountered an error in the process of migrating the database to the current level.

Administrator response: Ensure that system resources

are available and retry. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDMG0170E The policy server is unable to signcertificates. The policy server's CAcertificate has expired.

Explanation: The policy server's CA certificate lifetimeof 20 years has expired.

Administrator response: Unconfigure and re-configurethe policy server, then unconfigure and re-configure allclients and applications in the secure domain.

HPDMG0301E No command handler is installed forthe command.

Explanation: The Security Access Manager policyserver received an unsupported request. This can occurwhen Security Access Manager is running in anunsupported configuration.

Administrator response: Ensure that the clientapplication version is supported by Security AccessManager.

HPDMG0451E Invalid server name.Explanation: The Security Access Manager policyserver has received a server request containing aninvalid server name. This error is likely due to a syntaxerror in the name.

Administrator response: Ensure that the server nameargument is nonnull.

HPDMG0452E Server not found.

Explanation: The Security Access Manager policyserver has received a server request containing a servername that cannot be found in the policy database.

Administrator response: Ensure that the server nameappears in the list of configured servers.

HPDMG0453E A server with the same name alreadyexists.

Explanation: The Security Access Manager policyserver has received a configure server requestcontaining a server name of an already configuredserver.

Administrator response: Ensure that the server nameis not in the list of configured servers.

HPDMG0455W The API function is not supportedby this registry type.

Explanation: An attempt was made to use a registryAPI function that is not supported by the installedregistry type.


HPDMG0462E The AZN application returned anerror.

Explanation: The admin service plugin has returnedan error.

Administrator response: Refer to the admin serviceplugin documentation.

HPDMG0463E A protected object %s was requestedfrom the %s application. The applicationreturned the following error: (0x%8.8lx).

Explanation: The Security Access Manager policyserver will request protected object information fromapplications at various times. This information is usedto facilitate management of the protected object space.An error has occurred while attempting to retrieve thisinformation.

Administrator response: The application might not beconfigured correctly. Check the returned error code,make any necessary corrections, and retry theoperation.

HPDMG0464E A list of child protected objectsunder the parent protected object %swas requested from the %s application.The application returned the followingerror: (0x%8.8lx).

HPDMG0167E • HPDMG0464E




Explanation: The Security Access Manager policyserver will request protected object information fromapplications at various times. This information is usedto facilitate management of the protected object space.An error has occurred while attempting to retrieve thisinformation.

Administrator response: The application might not be

configured correctly. Check the returned error code,make any necessary corrections, and retry theoperation.

HPDMG0465E An administration task wasforwarded to the %s application. Theapplication returned the following error:(0x%8.8lx).

Explanation: The Security Access Manager policyserver attempted to forward the requestedadministration task to the application. The applicationreturned an error indicating the task could not beperformed.

Administrator response: The application might not beconfigured correctly. Check the returned error code,make any necessary corrections, and retry theoperation.

HPDMG0466E A list of supported administrationtasks was forwarded to the %sapplication. The application returnedthe following error: (0x%8.8lx).

Explanation: The Security Access Manager policyserver requested the list of supported administrationtasks from the application. The application returned an

error indicating that the list could not be provided.Administrator response: The application may not beconfigured correctly. Check the returned error code,make any necessary corrections, and retry theoperation.

HPDMG0467E A policy database update notificationwas sent to the %s application. Theapplication returned the following error:(0x%8.8lx).

Explanation: The Security Access Manager policyserver sent a database update notification to the

application. This notification informs the applicationthat a change has been made to the policy database.

Administrator response: The application may not beconfigured correctly. Check the returned error code andmake any necessary corrections. You can force adatabase update notification to be sent by using the"server replicate" administration command.

HPDMG0600E Object not found.

Explanation: The Security Access Manager policyserver received a request that referenced an objectwhich was not found in the policy database.

Administrator response: Ensure that the requestedobject exists and is referenced correctly.

HPDMG0601E Object already exists.

Explanation: The Security Access Manager policyserver received a create protected object request for anobject name that already exists in the policy database.

Administrator response: Ensure that the requestedprotected object name does not already exist.

HPDMG0609E The specified group container cannotbe used as it corresponds to an existinggroup name.

Explanation: The Security Access Manager policyserver received a request to create a group containerspecifying a container name that already exists as agroup name.

Administrator response: Ensure that the group namedoes not already exist.

HPDMG0611E This operation is not supported forthe objects in this object space.

Explanation: A Security Access Manager adminservice plugin has received a request that is notsupported.

Administrator response: Refer to the admin serviceplugin documentation to determine the capabilities of the plugin.

HPDMG0612E The operation requested cannot beperformed on the root object.

Explanation: The Security Access Manager policyserver received a request to create, delete, or modifythe root object. These operations are not permitted.


HPDMG0613E One or more of the child object

names was invalid.

Explanation: The Security Access Manager policyserver received a request with a protected object as anargument. The object string contained at least one childobject that was not present in the policy database.

Administrator response: Ensure that the protectedobject is specified correctly.





HPDMG0614W One or more ACL entries containboth the Add (A) and Password (W)capabilities. These capabilitiespotentially create a securityvulnerability if they are granted to anadministrator of a group. Theadministrator may then add any user to

the group and then change the user'spassword.

Explanation: With both capabilities, the administratorof a group of users may add any user to the group andthen change the user's password.

Administrator response: Only grant both of thesecapabilities to the same administrator under specialcontrolled circumstances or to a highly trusted user.

HPDMG0615W One or more ACL entries containboth the Add (A) and Modify (m)capabilities. These capabilities

potentially create a securityvulnerability if they are granted to anadministrator of a group. Theadministrator may then add any user tothe group and then change the user'sdata.

Explanation: With both capabilities, the administratorof a group of users may add any user to the group andthen change the user's data.


HPDMG0616W One or more ACL entries containboth the Add (A) and Delete (d)capabilities. These capabilitiespotentially create a securityvulnerability if they are granted to anadministrator of a group. Theadministrator may then add any user tothe group and then delete the user.

Explanation: With both capabilities, the administratorof a group of users may add any user to the group andthen delete user.


HPDMG0619E The user is not authorized to viewattached ACL information.

Explanation: Attached ACL information is available atthe specified protected object location, however, theuser is not authorized to view ACLs.


HPDMG0620E The user is not authorized to viewattached POP information.

Explanation: Attached POP information is available atthe specified protected object location, however, theuser is not authorized to view POPs.


HPDMG0621E The user is not authorized to viewattached Rule information.

Explanation: Attached Rule information is available atthe specified protected object location, however, theuser is not authorized to view Rules.


HPDMG0622E The user is not authorized to vieweffective ACL information.

Explanation: Effective ACL information is available at

the specified protected object location, however, theuser is not authorized to view ACLs.


HPDMG0623E The user is not authorized to vieweffective POP information.

Explanation: Effective POP information is available atthe specified protected object location, however, theuser is not authorized to view POPs.


HPDMG0624E The user is not authorized to vieweffective Rule information.

Explanation: Effective Rule information is available atthe specified protected object location, however, theuser is not authorized to view Rules.


HPDMG0625E The user is not authorized to viewone or more protected objects where therequested ACL is attached.



HPDMG0626E The user is not authorized to viewone or more protected objects where therequested POP is attached.



HPDMG0614W • HPDMG0626E




HPDMG0627E The user is not authorized to viewone or more protected objects where therequested authzrule is attached.



HPDMG0628E The specified network addressescannot be processed by the SecurityAccess Manager policy server.

Explanation: This error may occurr if the networkaddresses are invalid, or the addresses are in IPv6format and the Security Access Manager policy serveris running on an operating system that does notsupport IPv6.


HPDMG0752E More than one matchingDistinguished Name (DN) was found.

Explanation: Multiple entries have been found in theLDAP registry when only one was expected.

Administrator response: Ensure that the LDAPregistry has not been modified using external tools.

HPDMG0753E An invalid format of theauthorization mechanism attribute wasfound in the user entry.

Explanation: The correct format is<AppName>:<mechanism>[,<mechanism>....]. Thedefault is Default:LDAP. This information is stored inthe secUser object's secLoginType attribute.

Administrator response: Ensure that the LDAPregistry has not been modified using external tools.

HPDMG0754W The entry was not found. If a useror group is being created, ensure thatthe Distinguished Name (DN) specifiedhas the correct syntax and is valid.

Explanation: A search of the LDAP registry did notlocate the entry.

Administrator response: Ensure that the namespecified is correct. If a user or group is being created

or imported, ensure that the Distinguished Name (DN)specified has the correct syntax and is valid.

HPDMG0755W The specified Distinguished Name(DN) does not exist.


Administrator response: Make sure the specified DNis a valid LDAP entry.

HPDMG0756W Incorrect current password.

Explanation: The correct current password must beprovided to be able to change the password.

Administrator response: Retry the change passwordoperation specifying the correct current password.

HPDMG0757W The Distinguished Name (DN) isalready configured as a user.

Explanation: This error can occur when creating orimporting a user. It is generated because the DNprovided has been successfully created or imported

before.

Administrator response: Ensure that the DN specifiedis correct.

HPDMG0758W The Distinguished Name (DN) isalready configured as a group.

Explanation: This error can occur when creating orimporting a group. It is generated because the DNprovided has been successfully created or imported

before.

Administrator response: Ensure that the DN specifiedis correct.

HPDMG0759W The user name already exists in theregistry.

Explanation: A user already exists with the user namechosen. If Microsoft Active Directory registry is used,the error may apply to the sAMAccountName,userPrincipalName or the CN attributes of the registryuser object.

Administrator response: Specify a different username.

HPDMG0760W The group name already exists inthe registry.

Explanation: A group already exists with the groupname chosen.

Administrator response: Specify a different groupname.

HPDMG0761W The entry referred to by theDistinguished Name (DN) must be aperson entry.

Explanation: Security Access Manager validates thatthe Distinguished Name (DN) provided is the DN of aperson entry.

Administrator response: Ensure that the DN specifiedrefers to a person type entry.

HPDMG0627E • HPDMG0761W




HPDMG0762W The entry referred to by theDistinguished Name (DN) must be agroup entry.

Explanation: Security Access Manager validates thatthe Distinguished Name (DN) provided is the DN of agroup (accessGroup, groupOfNames, orgroupOfUniqueNames).

Administrator response: Ensure that the DN specifiedrefers to a group type entry.

HPDMG0763E LDAP is not configured as a registryof users and groups.

Explanation: During configuration of Security AccessManager, LDAP was not chosen as the registry type tostore user and group information.

Administrator response: Reconfigure Security AccessManager if the LDAP registry should have beenselected.

HPDMG0764E An internal error has occurred.

Explanation: This error indicates an unexpectedcondition has occurred. For example, this may begenerated if a return code is received from the LDAPserver that was unexpected.

Administrator response: Retry the operation. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDMG0765W The request made to the LDAPserver exceeded the server's configuredtime limit.

Explanation: The LDAP server can be configured forthe maximum amount of time allowed to process arequest. If it takes too long to fulfill a particularrequest, then this error is returned.

Administrator response: Ensure that the LDAP serveris configured to allow adequate time to processrequests. This time might have to be extended if theserver is busy.

HPDMG0766W The search request exceeded themaximum number of entries the LDAPserver is allowed to return.

Explanation: This limit is imposed from two sources.First, the LDAP server has a configurable size limitsetting. Second, Security Access Manager has a defaultsize limit of 2048. The effective size limit will be thesmaller of the two.

Administrator response: Ensure that the LDAP serveris configured to allow the number of entries required to

be returned. The Security Access Manager limit can be

set using the max-search-size parameter in the [ldap]stanza of the .conf configuration file.

HPDMG0767E The Distinguished Name (DN) hasan invalid syntax.

Explanation: A Distinguished Name (DN) consists of aset of attribute value assertions (for example, o=ibm)separated by commas. Either the DN specified isinvalid or a value input when used to construct the DNcaused an invalid DN to be constructed.

Administrator response: Ensure the DN syntax iscorrect.

HPDMG0768E Unable to login.

Explanation: The password or login DistinguishedName (DN) is incorrect.

Administrator response: Ensure that the admin-dn oradmin-pwd in the [ldap] stanza of the .conf

configuration files have not been modified. If theconfiguration has been modified or corrupted, restorethe configuration from a backup copy or reconfigure.

HPDMG0769E There were insufficient LDAP accessprivileges to allow Security AccessManager to create and delete entries inthe registry.

Explanation: The portion of the LDAP namespacewhere users and groups are created or maintained musthave access contol lists (ACLs) set to permit theSecurity Access Manager Security Group properauthority. This access is normally set when the policy

server is configured.

Administrator response: Ensure that the LDAP serveraccess controls allow the Security Access ManagerSecurity Group to create and delete entries in thenamespace.

HPDMG0770E The settings defined for the entry areinvalid (object class violation).

Explanation: An attempt to create or update an entryin the LDAP registry failed because it did not agreewith the LDAP schema definition. For example, anattribute was given a value larger than the maximum

size allowed by the attribute's LDAP schema definition.Administrator response: Ensure that the SecurityAccess Manager schema is correctly applied. This isnormally automatically done when the policy server isconfigured.

HPDMG0771E Cannot delete the entry completelybecause it has unexpected subentries inthe LDAP registry. This is usuallybecause the user or group being deletedis a member of another domain.





Explanation: An attempt was made to delete an entryin the LDAP namespace. However, the entry containssubentries that cannot be deleted. If a user or group is

being deleted, ensure the user or group DistinguishedName (DN) is not a member of another domain.

Administrator response: Security Access Manager isunable to delete the entry. If a user or group is being

deleted with the -registry option, check to ensure thatthe user or group is not a member of another domainand retry the operation.

HPDMG0772W The entry already exists.


Administrator response: Choose a different name oraccept the existing entry.

HPDMG0773E The request failed because the LDAPserver is down.

Explanation: See message.Administrator response: Activate the LDAP server,restart Security Access Manager, and retry theoperation.

HPDMG0774E Illegal characters were specified inthe LDAP search filter.

Explanation: When Security Access Managerattempted a search request, the resulting filter wasunacceptable to LDAP.

Administrator response: If a pattern is beingspecified, ensure that it is syntactically correct. If a user

or group name is being specified, ensure that it doesnot contain special characters that could cause the filterto be invalid.

HPDMG0775E Not enough memory was available toperform the operation.


Administrator response: Restart Security AccessManager and retry the operation.

HPDMG0776E An error connecting to the LDAPserver has occurred.

Explanation: A connection could not be establishedwith the configured LDAP server.

Administrator response: Ensure that the LDAP serverhas the correct configured host name and port numberand that the server is active.

HPDMG0777W The LDAP referral limit wasexceeded.

Explanation: The LDAP servers can be configuredwith referrals from one server to another to split thenamespace. There is a maximum number of referralsthat is followed to locate the final server. This default is10.

Administrator response: Ensure that the network of LDAP servers using referrals does not exceed the limit.

HPDMG0778E The SSL initialization failed forconnection to the LDAP server.

Explanation: Security Access Manager attempted tocreate an SSL connection with the LDAP server but theSSL session could not be established.

Administrator response: Ensure that the server's SSLcertificate is correct and that the Security AccessManager key file contains a certificate of the Certificate

Authority (signer) that can validate the certificate.

HPDMG0779E An SSL parameter error occurredwhen connecting to the LDAP server.


Administrator response: Ensure that the server's SSLcertificate is correct and that the Security AccessManager key file contains a certificate of the CertificateAuthority (signer) which can validate that certificate.

HPDMG0780E The SSL handshake failed whenconnecting to the LDAP server.


Administrator response: Ensure that the server's SSLcertificate is correct and that the Security AccessManager key file contains a certificate of the CertificateAuthority (signer) which can validate that certificate.

HPDMG0781E SSL failed to establish the requestedencryption cipher level when connecting

to the LDAP server.Explanation: Security Access Manager attempted toestablish an SSL connection with the LDAP server butwas unable to acquire the required cipher.

Administrator response: Configure the LDAP serverSSL settings for a lower encryption cipher level andretry the operation.





HPDMG0782E SSL was not available for connectionto the LDAP server.

Explanation: Security Access Manager was configuredto use SSL for connection with the LDAP server but theSSL support is not available.

Administrator response: Ensure that the GSKit is

properly installed. See the Security Access ManagerBase Installation Guide for information to install GSKit.

HPDMG0783E The SSL Key Database File was notfound for connection to the LDAPserver.

Explanation: Security Access Manager attempted toopen an SSL connection with the LDAP server butcould not locate the specified key database file.

Administrator response: Ensure that the configuredKey Database File has the correct name and that thepermissions allow Security Access Manager to read the

file.

HPDMG0784E The SSL password was not specifiedfor connection to the LDAP server.

Explanation: Security Access Manager attempted toopen an SSL connection with the LDAP server but nopassword for the key database file was specified.

Administrator response: Ensure that the correctpassword is configured for the Security AccessManager key database file.

HPDMG0786E Unable to sign certificate because of

missing attribute definitions in theLDAP schema.

Explanation: The LDAP schema for the secCertDNand secCertSerialNumber attributes is missing.

Administrator response: Ensure that LDAP isproperly configured and that the Security AccessManager schema has been correctly applied. This isnormally automatically done when the policy server isconfigured.

HPDMG0787E Unable to sign certificate due tounexpected error (0x%8.8lx).

Explanation: An unexpected internal processing errorhas occurred while trying to create an SSL certificate.


HPDMG0788E Unable to sign certificate due to anunexpected error.

Explanation: An unexpected internal processing errorhas occurred while trying to create an SSL certificate.

Administrator response: Refer to the Security AccessManager error log for more information. If the problem

persists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDMG0789W The user Distinguished Name (DN)cannot be created because it alreadyexists.

Explanation: This error can occur when creating auser. It is generated because the DN provided alreadyexists in the registry.

Administrator response: You can either choose to

delete this DN and retry the operation or use theimport command to make the DN specified a SecurityAccess Manager user.

HPDMG0790W The group Distinguished Name(DN) cannot be created because italready exists.

Explanation: This error can occur when creating agroup. It is generated because the DN provided alreadyexists in the registry.

Administrator response: You can either choose todelete this DN and retry the operation or use theimport command to make the DN specified a SecurityAccess Manager group.

HPDMG0793E Duplicate member assignment wasattempted. No members have beenadded.

Explanation: All members to be added to a groupmust be new members.

Administrator response: Remove users from the listthat are already members of the group.

HPDMG0900E The Distinguished Name (DN)

cannot be determined.Explanation: The specified entry cannot be found onthe LDAP server, or more than one exists when onlyone was expected.

Administrator response: Ensure the resource orresource group name is correct.





HPDMG0901E Cannot determine the exportedsuffixes on the LDAP Server.

Explanation: The LDAP server encountered an errorwhile performing a suffix search.

Administrator response: Refer to the Security AccessManager error log for more information. If the problem


HPDMG0902E LDAP server SSL initializationfailed.

Explanation: Security Access Manager cannot initializean SSL session with the LDAP server.

Administrator response: Ensure the LDAP server isproperly configured and is up and running.

HPDMG0903E The LDAP server cannot be located.

Explanation: Security Access Manager cannot initializean SSL session with the LDAP server.

Administrator response: Ensure the LDAP server isproperly configured and is up and running.

HPDMG0904E LDAP server bind options cannot beinitialized.

Explanation: Security Access Manager hasencountered bind option errors while attempting tocontact the LDAP server.


HPDMG0905E Invalid parameters passed to GSOManagement API.

Explanation: Invalid parameter data has beenprovided to the Global Sign-On (GSO) ManagementAPI.


HPDMG0906E The configured LDAP server is notcorrect version.

Explanation: A downlevel version of The LDAP serveris configured into Security Access Manager. This canresult from upgrading Access Manager withoutupgrading the LDAP server.

Administrator response: Ensure the supported versionof LDAP server is configured into the Security AccessManager environment.

HPDMG0907E A memory allocation error in theGSO Management API.

Explanation: A error occurredThe Global Sign-On(GSO) Management API attempted to allocate memory.

Administrator response: This is potentially atemporary condition. Attempt to free up memory byclosing other running applications. If the problempersists, increase the system memory in the machine

HPDMG0908E Cannot perform remove operation,because subdirectories exist.

Explanation: An attempt was made to removeSecurity Access Manager Global Sign-On (GSO)resource object without first removing its subobjects.

Administrator response: Remove the GSO subobjectsthen retry the operation.

HPDMG0909E GSO Management API reports thatinvalid data was specified.

Explanation: Invalid parameter data has beenprovided to the Global Sign-On (GSO) ManagementAPI.


HPDMG0910E Cannot find the member resource.

Explanation: An attempt was made to remove aGlobal Sign-On (GSO) resource from a resource group,

but the resource was not a member.

Administrator response: Ensure that the name of theresource to be removed exists and is a member of theresource group.

HPDMG0911E Cannot access GSO database. Invaliduser name or password.

Explanation: The Security Access Manager policyserver attempted to access the Global Sign-On (GSO)database but the identity was not authorized





Administrator response: Ensure that the directoryserver access control settings have not been altered. Thepolicy server identity, specified in the ivmgrd.conf file,must have the authority to search and make updates tothe Global Sign-On (GSO) data.

HPDMG0912E User not authorized to perform

operation.

Explanation: The portion of the LDAP namespacewhere users and groups are created or maintained musthave access contol lists (ACLs) set to permit theSecurity Access Manager Security Group properauthority. This access is normally set when the policyserver is configured.

Administrator response: Ensure that the LDAP serveraccess controls allow the Security Access ManagerSecurity Group to access entries in the namespace.

HPDMG0913E Cannot connect to GSO database

LDAP Server. Either the LDAP Server isinactive or busy.


Administrator response: Retry this operation whenthe LDAP Server is available.

HPDMG0914E GSO database not found on LDAPserver.

Explanation: The Security Access Manager is unableto locate the Global Sign-On (GSO) objects in the userregistry.

Administrator response: Ensure the Security AccessManager Global Sign-On (GSO) definition is properlydefined in the user registry. Also, verify the AccessManager is configured properly.

HPDMG0915E No SSL connection exists betweenSecurity Access Manager and the LDAPserver.


Administrator response: Ensure that the server's SSLcertificate is correct and that the Security Access

Manager key file contains a certificate of the CertificateAuthority (signer) that can validate the certificate.

HPDMG0916E No account information for GSOresource credential found.

Explanation: A request was made to retrieve theaccount information from a Global Sign-On (GSO)resource credential but none was found.

Administrator response: Either create or modify theresource credential for the specified user to specify the

account information (user id and password).

HPDMG0917E The specified GSO resourcecredential was not found.

Explanation: The Global Sign-On (GSO) resourcecredential was not found at the LDAP server.

Administrator response: Ensure that the GlobalSign-On (GSO) resource credential is specified correctlyfor the user indicated and that the resource credentialtype (web or group) is specified correctly. The pdadminrsrccred list user command can be used to determinethe set of defined credentials for the user.

HPDMG0918E The requested GSO resource was notfound.

Explanation: The Global Sign-On (GSO) resource wasnot found at the LDAP server.

Administrator response: Ensure that the Global

Sign-On (GSO) resource is specified correctly. Thepdadmin rsrc list command can be used to determinethe current set of defined resources.

HPDMG0919E The GSO resource type could not bedetermined.

Explanation: The Global Sign-On (GSO) resource typecould not be retrieved from the LDAP server.


HPDMG0920E Resource group not found.

Explanation: The specified Global Sign-On (GSO)resource group was not found at the LDAP server.

Administrator response: Ensure that the resourcegroup was specified correctly. The pdadmin rsrcgrouplist command can be used to determine the current setof defined resource groups.

HPDMG0921E The specified user identity was not

found.Explanation: The specified user is not known toSecurity Access Manager.

Administrator response: Specify a user that is definedto Security Access Manager.





HPDMG0922E The specified user is not a GSO user.

Explanation: The specified user is not configured as aGlobal Sign-On (GSO) user.

Administrator response: Use pdadmin to configurethe user as a Global Sign-On (GSO) user.

HPDMG0923E Object already exists.

Explanation: The Global Sign-On (GSO) resource,resource group or resource credential already exists.

Administrator response: Either choose a differentname for the object being created or delete the existingobject and re-create it.

HPDMG0924E Object not found.

Explanation: The specified Global Sign-On (GSO)resource, resource group or resource credential couldnot be found.

Administrator response: Ensure that the name of theresource, resource group or resource credential isspecified correctly.

HPDMG0925E An unexpected exception occurred inthe GSO Management API.

Explanation: Security Access Manager encountered anunexpected error while processing Global Sign-On(GSO) data.

Administrator response: Check the Security AccessManager error log for additional information. If afterre-trying the operation, the problem persists, check IBM


HPDMG0931E The specified user is inactive.

Explanation: The specified user is a defined SecurityAccess Manager user, but is not active.

Administrator response: Ensure the desired user is both an active Security Access Manager user, and aGlobal Sign-On (GSO) user.

HPDMG0932E The GSO Management Function is

not implemented.

Explanation: Security Access Manager attempted toperform a Global Sign-On (GSO) function which is notsupported.


HPDMG0937E LDAP is not enabled in the ivmgrdconfiguration file.

Explanation: LDAP is not enabled in the ldap stanzaof the iv.conf file.

Administrator response: Modify the configuration fileto enable LDAP.

HPDMG0942E The GSO management functionreturns unknown error.

Explanation: An unknown error has been returned bythe Global Sign-On (GSO) Management API


HPDMG0943E Invalid name.

Explanation: Security Access Manager invoked theGlobal Sign-On (GSO) interface with an invalid name.


HPDMG0957E Resource Type

Explanation: none needed

Administrator response: none needed

HPDMG0960E An LDAP limit (timelimit orsizelimit) was exceeded.


Administrator response: Ensure the LDAP server iscorrectly configured.

HPDMG0961E An unrecoverable LDAP error hasoccurred.







HPDMG1052E A registry memory allocation failed.

Explanation: An attempt to allocate memory using theregistry adapter API returned a NULL pointer.



HPDMG1053E The configuration file is invalid.

Explanation: One of the configuration files (forexample, domino.conf) could not be opened or wasmissing some required information.

Administrator response: Repair or replace the serverand/or registry .conf files in the etc subdirectory. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDMG1054E A registry input/output error hasoccurred.

Explanation: The registry server had an error whileprocessing a request.

Administrator response: Verify that the registry serveris functioning normally before retrying the operation.

HPDMG1055E A registry SSL error has occurred.

Explanation: An error occurred during Secure SocketsLayer (SSL) communications with the registry server.


HPDMG1056E A registry initialization error hasoccurred.

Explanation: A registry API call was made with aninvalid parameter, or the registry type could not bedetermined or is not configured correctly.



HPDMG1057E A registry data error has occurred.

Explanation: One of several basic registry functionshas failed.

Administrator response: Verify that the registry serveris functioning normally before retrying the operation.

HPDMG1058E The user is not defined in theregistry.

Explanation: The specified user ID was not found inthe registry database.

Administrator response: Verify that the user ID isspelled correctly and that it exists in the registry

database for the domain to which you are logged in.

HPDMG1059E Group is not defined in the Registry.

Explanation: The specified group ID was not found inthe registry database.

Administrator response: Verify that the group ID isspelled correctly and that it exists in the registrydatabase for the domain to which you are logged in.

HPDMG1064E The group member was not found.

Explanation: The group has no members or the

specified member was not found in the group.Administrator response: Verify that the group nameand member ID is spelled correctly and that they bothexist in the registry database for the domain to whichyou are logged in.

HPDMG1065E An invalid user type was specified.

Explanation: When the calling program requested alist of users it did not specifiy one of the 3 allowedtypes.



HPDMG1066E An invalid group type was specified.

Explanation: When the calling program requested alist of groups it did not specifiy one of the 3 allowedtypes.


HPDMG1067E The Universal Unique Identifier(UUID) was not specified.

Explanation: The UUID used to find a user in theregistry was missing from the lookup operation.






HPDMG1068E An invalid group identification orDistinguished Name (DN) wasspecified.

Explanation: A group operation was attempted for thewrong domain or the group's registryGID value (alsoknown as the DN) was invalid. The DN entered maycontain invalid characters or be in an invalid format.

Administrator response: Correct the registry group ID(or DN) that you specified and retry the operation.

HPDMG1069E An invalid policy identification wasspecified.

Explanation: A user specific policy that was expectedto be in the registry was not found.


HPDMG1070E An invalid resource identificationwas specified.

Explanation: A resource that was expected to be in theregistry was not found.


HPDMG1071E An invalid resource groupidentification was specified.

Explanation: A resource group that was expected to be in the registry was not found.


HPDMG1072E Invalid resource credentialsidentification was specified.

Explanation: A resource credential that was expectedto be in the registry was not found.


HPDMG1073E The user is already defined in theregistry.

Explanation: A user with the name you chose isalready in the registry.

Administrator response: Select another name or avariation for this user.

HPDMG1074E The group is already defined in theregistry.

Explanation: A group with the name you chose isalready in the registry.

Administrator response: Select another name or avariation for this group.

HPDMG1075E The policy is already defined in theregistry.

Explanation: A policy object already exists for thechosen user.


HPDMG1076E The resource is already defined inthe registry.

Explanation: A resource object already exists with thespecified name.

Administrator response: Select another name for thenew resource object.

HPDMG1077E The resource group is alreadydefined in the registry.

Explanation: A resource group object with the

specified name already exists in the registry.Administrator response: Select another name for thenew resource group object.

HPDMG1078E The resource credentials are alreadydefined in the registry.

Explanation: A resource credential object with thespecified name already exists.

Administrator response: Select another name forwhich to create a resource credential object.

HPDMG1079E The user registry identification is notunique in the registry.

Explanation: More than one user in the registry sharesthe specified registryID.

Administrator response: Select another user registryIDor modify the users to have unique registry IDs.





HPDMG1080E The group registry identification isnot unique in the registry.

Explanation: More than one group in the registryshares the specified registryID.

Administrator response: Select another groupregistryID or modify the groups to have unique

registry IDs.

HPDMG1081W Not all requested users wereassigned to group (%s).

Explanation: There was a problem assigning one ormore users to a group.

Administrator response: Make sure the users in theuser list are specified correctly.

HPDMG1082W Not all requested users wereremoved from group (%s).

Explanation: There was a problem removing one ormore users from a group.

Administrator response: Make sure the users in theuser list are specified correctly.

HPDMG1083W The domain name already exists.

Explanation: The name that you specified for the newdomain already exists in the registry.

Administrator response: Choose another name for thenew domain.

HPDMG1084W The domain name is unknown.Explanation: The domain name that you specifiedcould not be found in the registry.

Administrator response: Verify the spelling of thename of the domain and retry the command.

HPDMG1085E The location specified in which tocreate the management domain does notexist.

Explanation: The location in which to create themanagement domain that you specified could not befound in the registry.

Administrator response: Verify the location to be usedto create the management domain and retry thecommand.

HPDMG1086W The domain has been re-createdsuccessfully.

Explanation: The domain being created hadpreviously existed and had not been removed from theregistry.

Administrator response: Ensure that the administrator

intended to re-create a previously deleted domain.

HPDMG1087E The domain name specified isinvalid.

Explanation: The domain name specified is notallowed. Either the name is too long, contains invalidcharacters, or does not match the Active Directorydomain name.

Administrator response: Ensure that the domainname is not too long and that for Active Directory itmatches the Active Directory domain name.

HPDMG1088W The registry client is not available.

Explanation: An attempt was made to access aregistry type that is not installed.

Administrator response: Make sure the same registrytype is configured for all servers.

HPDMG1089W Multiple registry routing is notsupported.

Explanation: An attempt was made to use multipleregistry routing, which is not a supported function.


HPDMG1090W The registry server is down orcannot be contacted.

Explanation: An attempt to contact the registry serverfailed. Either the server is not up or thecommunications path to it has been disrupted.

Administrator response: Verify that the registry serveris up and functioning normally and that this client cancommunicate with it. If Active Directory is used as auser registry, an incorrect distinguished name (DN)input (if applicable) also results in this error.

HPDMG1091W The user does not have the rights toperform requested operation.

Explanation: The server has indicated the user doesnot have the right to perform the requested operation.

Administrator response: Verify that the user whosecredentials are being used has the authority to performthe requested operation.

HPDMG1092W The registry client received anon-SSL communications error whencommunicating with the registry server.

Explanation: A non-SSL communication error occurred between this server and the server that provides theregistry service.

HPDMG1080E • HPDMG1092W




Administrator response: Verify that this server and itsregistry server are configured correctly for non-SSLcommunications.

HPDMG1093W No more entries are in the list.

Explanation: A program processing a list of registryentries has tried to get an entry beyond the end of thelist.


HPDMG1094W The required list parameter ismissing from the API call.

Explanation: A program failed to provide a listparameter that is required for the API call it made.



HPDMG1950E The user is already a member of thegroup.

Explanation: The Security Access Manager policyserver received a request to add a user to a group inwhich the user was already a member.


HPDMG1951E The management domain is empty.

Explanation: The Security Access Manager policyserver returned an empty value for the domain name.

Administrator response: Ensure that the policy serveris configured correctly and is reachable.

HPDMG1952E The requested command is no longersupported.

Explanation: An attempt was made to use a commandthat is no longer supported in the installed version of Security Access Manager.

Administrator response: Upgrade your application or

revert to the previously installed version of SecurityAccess Manager.

HPDMG1953E The admin command input data thatis required is missing or invalid.

Explanation: The Security Access Manager policyserver received a request that contained incomplete ormissing input data.

Administrator response: Ensure that all input datarequired for the admin command is provided.

HPDMG1954E The requested command is notsupported for the registry specified.

Explanation: The Security Access Manager policyserver received an administration command that is notsupported using the currently configured registry.

Administrator response: Ensure that the

administration command is supported by the registryconfigured for Security Access Manager.

HPDMG2100E The policy proxy server could not bestarted (0x%8.8lx).

Explanation: The policy proxy server encountered anerror during initialization.

Administrator response: Check pdmgrproxyd.log foradditional information.

HPDMS0406E Could not read from rule file %s

Explanation: The specified rule file could not beopened or read.

Administrator response: Ensure that the specified rulefile exists on the system and that the user who invokedpdadmin has read permission on the file.

HPDMS0412E Invalid argument

Explanation: An invalid argument was passed to alibrary routine that accesses a non-LDAP registry.

Administrator response: Ensure that all argumentssupplied to the command line or programminginterface are valid.

HPDMS0416E Unknown internal exception

Explanation: This typically means that there is inter-or intra-process contention for access to the policydatabase.

Administrator response: Stop and restart all of theSecurity Access Manager servers running on the systemthat exhibits the error. If the problem persists, increasethe per-process limits of system resources (availablethreads, available open file handles, and so forth),reboot the system, and restart the Security AccessManager servers.

HPDMS0429E Invalid command

Explanation: The Security Access Manager policyserver has received a command it does not recognize.This may mean that the server is incompatible with theclient.

Administrator response: Ensure the Security AccessManager policy server supports the release level of theclients.

HPDMG1093W • HPDMS0429E




HPDMS0461E Extract of entry %s from stanza %s inconfiguration file %s failed

Explanation: The specified entry could not be foundin the specified stanza in the configuration file.

Administrator response: Ensure that the entry, stanza,and configuration file have been specified correctly.

HPDMS0462E Entry does not exist

Explanation: The specified entry could not be foundin the specified stanza in the configuration file.

Administrator response: Ensure that the entry, stanza,and configuration file have been specified correctly.

HPDMS0463E Extract of stanza %s fromconfiguration file %s failed

Explanation: The specified stanza could not be foundin the configuration file.

Administrator response: Ensure that the stanza andconfiguration file have been specified correctly.

HPDMS0465E The write operation to theconfiguration file %s failed with errorcode %d.

Explanation: The specified configuration file could not be written to.

Administrator response: Ensure that the user whoinvoked pdconf has write permission on theconfiguration file.

HPDMS0466E Can not retrieve information from theldap.conf configuration file.

Explanation: Required information could not be readfrom the %PD_HOME%\etc\ldap.conf file.

Administrator response: Ensure that the ldap.conf configuration file exists and is not corrupted. If the fileis missing or corrupted, then unconfigure the SecurityAccess Manager Runtime component and reconfigure.

HPDMS4047E Non-local authentication (login) isrequired to perform this operation

Explanation: For security reasons, most SecurityAccess Manager administration operations require anauthenticated session with the Security Access Managerpolicy server.

Administrator response: Login using the 'login'subcommand and retry the operation. Do not use thelogin -l option.

HPDMS4061E Local authentication (local login) isrequired to perform this operation

Explanation: For security reasons, most SecurityAccess Manager administration operations require anauthenticated session to perform local tasks.

Administrator response: Login using the 'login -l'

subcommand and retry the operation.

HPDMS4068E The specified network IP address isnot in a valid IPv4 address format.

Explanation: The network IP address specified is notin one of the industry standard formats permitted forIPv4 addresses. See the Security Access Managerdocumentation for further information regarding IPv4formats.

Administrator response: Specify the address in a validIPv4 format

HPDMS4069E The specified netmask IP address isnot in a valid IPv4 address format.

Explanation: The netmask IP address specified is notin one of the industry standard formats permitted forIPv4 addresses. See the Security Access Managerdocumentation for further information regarding IPv4formats.

Administrator response: Specify the address in a validIPv4 format

HPDMS4070E The specified network IP address isnot in a valid IPv6 address format.

Explanation: The network IP address specified is notin one of the industry standard formats permitted forIPv6 addresses. Alternatively, on Win2k clients, IPv6addresses cannot be specified since IPv6 addresses arenot supported by this platform. See the Security AccessManager documentation for further informationregarding IPv6 formats.

Administrator response: Specify the IP address in avalid IPv6 format. For Win2k clients, specify an IPv4address or use an alternative client platform to specifythe IPv6 address.

HPDMS4071E The specified netmask IP address isnot in a valid IPv6 address format.

Explanation: The netmask IP address specified is notin one of the industry standard formats permitted forIPv6 addresses. Alternatively, on Win2k clients, IPv6addresses cannot be specified since IPv6 addresses arenot supported by this platform. See the Security AccessManager documentation for further informationregarding IPv6 formats.

Administrator response: Specify the IP address in avalid IPv6 format. For Win2k clients, specify an IPv4

HPDMS0461E • HPDMS4071E




address or use an alternative client platform to specifythe IPv6 address.

HPDMS4072E The specified network and netmaskIP addresses must both be in IPv4 orIPv6 address formats.

Explanation: The network IP address was specified inIPv4 or IPv6 format and the netmask address was notspecified in the same format. Both IP addresses must bespecified in the same industry standard format foreither IPv4 or IPv6 addresses. See the Security AccessManager documentation for further informationregarding IPv4 and IPv6 formats.

Administrator response: Specify the network andnetmask addresses using the same IP address format.

HPDMS4073E The network or netmask IP addresswas specified as zero.

Explanation: The network IP address or netmask IP

address was specified using zeros. See the SecurityAccess Manager documentation for further informationregarding IPv4 and IPv6 formats.

Administrator response: Specify the network andnetmask addresses as valid, non-zero addresses.

HPDMS4074E The binary AND of network andnetmask addresses must be non-zero.

Explanation: The network IP address and netmask IPaddress are combined using a bitwise AND. Theresulting masked network address cannot be zero. Seethe Security Access Manager documentation for further

information regarding IPv4 and IPv6 formats.

Administrator response: Specify the network andnetmask addresses that do not result in a zero maskednetwork when combined.

HPDMS4075E Incorrect account-expiry-date.Acceptable dates are between thecurrent date and 2035-12-31-23:59:59.

Explanation: The date specified was earlier than thecurrent date or greater than 2035-12-31-23:59:59.

Administrator response: Specify an validaccount-expiry-date for the policy. Acceptable values

can be the current date or later but not greater than2035-12-31-23:59:59

HPDMS4076E Incorrect max-return value specified.Use a value that is greater than or equalto zero. Use zero to return all found.

Explanation: The max-return value that was specifiedwas not an integer equal to or greater than 0.

Administrator response: Specify a valid integer valuefor the max-return argument. Use a value that is

greater than or equal to 0. Use zero to return all entriesthat are found.

HPDMS4077E Name cannot begin with a spacecharacter.

Explanation: The first character of the name was aspace character.

Administrator response: Specify a valid name withoutleading space characters. For string names, ensure thereare no space characters after the opening quotationmark.

HPDMS4078E User specified does not have an entryin the ACL specified.

Explanation: The user specified does not exist for theACL specified.

Administrator response: No action required. If desired, specify a different user or a different ACL.

HPDMS4079E Group specified does not have anentry in the ACL specified.

Explanation: The group specified does not exist forthe ACL specified.

Administrator response: Specify a different group or adifferent ACL.

HPDMS4080W The any-other entry does not existfor the ACL specified.



HPDMS4081W The unauthenticated entry does notexist for the ACL specified.



HPDMS4082E ACL name contains characters thatare not allowed.

Explanation: The ACL name specified contains one ormore characters that are not allowed in ACL names.

Administrator response: Specify an ACL name thatcontains valid characters. For information aboutcharacters that are valid in ACL names, see the " IBMSecurity Access Manager for Web AdministrationGuide".

HPDMS4072E • HPDMS4082E




HPDMS4083E Value for the 'type' option is not aninteger greater than or equal to zero.


Administrator response: Specify an integer value thatgreater than or equal to zero.

HPDMS4084E Value for the 'ispolicyattachable'option is not a valid Boolean value.


Administrator response: Specify a valid Booleanvalue. Acceptable values are 'yes','no','true','false','1','0','on', or 'off'.

HPDMS4085E Value is not an integer greater thanor equal to zero.


Administrator response: Specify an integer valuegreater than or equal to zero.

HPDMS4086E Value specified for option 'rsrctype' isnot 'web' or 'group'.


Administrator response: Specify a valid value for thersrctype parameter. Valid values include 'web' and'group'.

HPDPZ0001E Exception: %s File: %s %d Error:%dNo text has been defined for this

exception.Explanation: An exception was caught that has noappropriate text to display. This is an internal error.


HPDPZ0002E Memory allocation failure.

Explanation: A request to allocate memory failed.

Administrator response: Ensure that sufficient diskspace and memory are available in the system. If restarting the server does not resolve the problem,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDPZ0003E Unexpected error opening XPG4converter for codepage %s to %sconversion. The iconv_open error codeis %d.

Explanation: The required codepage tables could not be located.

Administrator response: On the Windows platforms,ensure that LOCPATH and LANG environmentvariables are set correctly.

HPDPZ0004E Unexpected error frompthread_mutex_init(). The error code is%d.

Explanation: An internal coding error has occurred.

Administrator response: This is an internal error.Check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/


HPDPZ0005E Unexpected error frompthread_mutex_destroy(). The error codeis %d.


Administrator response: This is an internal error.Check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDPZ0006E Unexpected error frompthread_mutex_lock(). The error code is%d.



HPDPZ0007E Unexpected error frompthread_mutex_unlock(). The error code

is %d.Explanation: An internal coding error has occurred.


HPDMS4083E • HPDPZ0007E




HPDPZ0008E Unexpected error frompthread_cond_init(). The error code is%d.


Administrator response: This is an internal error.Check IBM Electronic Support for additional


HPDPZ0009E Unexpected error frompthread_cond_destroy(). The error codeis %d.




HPDPZ0010E Unexpected error frompthread_cond_wait(). The error code is%d.



HPDPZ0011E Unexpected error frompthread_cond_signal(). The error code is%d.



HPDPZ0012E This function is not supported on thisplatform.

Explanation: An attempt was made to use an API thatis not supported on the current operating system.


HPDPZ0013E Unexpected error from WindowsRegOpenKeyEx(). Opening of theregistry key %s failed with error %s.

Explanation: An attempt to open a Windows registrykey has failed.

Administrator response: This is an internal error.

Check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDPZ0014E Unexpected error from WindowsRegQueryValueEx(). Reading of thevalue %s failed with error %s.

Explanation: An attempt to read a value from aWindows registry key has failed.



HPDPZ0015E Object is not cloneable.



HPDPZ0016E Unexpected error frompthread_attr_init(). The error code is %d.



HPDPZ0017E Unexpected error frompthread_attr_setdetachstate(). The errorcode is %d.



HPDPZ0008E • HPDPZ0017E




HPDPZ0018E Unexpected error frompthread_create(). The error code is %d.


Administrator response: This is an internal error.Check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/


HPDPZ0019E Unexpected error frompthread_attr_destroy(). The error code is%d.



HPDPZ0020E An unknown exception was caught.No exception information is available.



HPDPZ0021E Unexpected error from pthread_join().The error code is %d.



HPDPZ0022E Unexpected error frompthread_cond_timedwait(). The errorcode is %d.



HPDPZ0023E A function or method was called withan invalid parameter.




HPDPZ0024E Unexpected error from WSAStartup().The error code is %d.



HPDPZ0025E Unexpected error from gethostname().The error code is %d.




HPDPZ0026E Unexpected error fromgethostbyname(). The error code is %d.



HPDPZ0027E Unexpected error frompthread_cond_broadcast(). The errorcode is %d.



HPDPZ0028E The configuration file %s is missingthe required attribute %s in stanza %s.

Explanation: A required attribute is missing probably because the configuration file is damaged or wasmodified incorrectly.

Administrator response: Provide a valid value for theattribute or reconfigure the application.





HPDPZ0029E Unexpected error frompthread_key_create(). The error code is%d.




HPDPZ0030E Unexpected error frompthread_setspecific(). The error code is%d.




HPDPZ0031E The requested function is notimplemented.

Explanation: An attempt was made to use an API thatis not implemented.


HPDPZ0032E An unexpected lock state wasdetected. The current lock state is %s.

Explanation: An internal coding error has occurred.The current state of the resource lock is not valid forthe requested operation.


HPDPZ0033E An unexpected error was received

when trying to obtain a process lock.The error code is %d.



HPDPZ0034E An unexpected error was receivedwhen trying to release a process lock.The error code is %d.




HPDPZ0035E A read operation failed for a processlock. The error code is %d.



HPDPZ0036E A write operation failed for a processlock. The error code is %d.



HPDPZ0037E A create operation failed for a processlock. The error code is %d and the lock

file name is %s.



HPDPZ0038E A close operation failed for a processlock. The error code is %d and the lockfile name is %s.







HPDPZ0039E The configuration file %s has aninvalid value %s for key %s in stanza%s.

Explanation: An attribute value is incorrect.

Administrator response: Provide a valid value orreconfigure the application.

HPDPZ0040E The configuration file %s has aninvalid numeric value %s for key %s instanza %s .

Explanation: A numeric attribute has a non-numericvalue. The configuration file might be damaged or wasmodified incorrectly.


HPDPZ0041E The configuration file %s has aninvalid boolean value %s for key %s in

stanza %s .

Explanation: A boolean attribute has an invalid value.The configuration file might be damaged or wasmodified incorrectly.


HPDPZ0042E The iterator for configuration file %sis in an invalid state for the operation.

Explanation: The current state of the iterator does notpermit the attempted access.


HPDPZ0043E An access function failed forconfiguration file %s. The accessfunction was %s and return code was%d.

Explanation: An Input/Output operation could not beperformed on a configuration file. The daemon processmight not have proper permissions to access the file.

Administrator response: Ensure that the file anddirectory permissions permit program access to the file.

HPDPZ0044E The configuration file %s containsinvalid data at line %d.Data: %s.

Explanation: The specified configuration file containsvalid data. This might be caused by a duplicate stanzaname in the file.

Administrator response: Correct the invalid data orreconfigure the application.

HPDPZ0045E The AMTISDIR environment variableis not set.

Explanation: The AMTISDIR environment variablewas not available to the application.

Administrator response: Ensure that application isproperly configured.

HPDPZ0046E The tis_mblen() function failed.Probable cause is an invalid multi-bytecharacter.

Explanation: The function returned -1 if it could notdetermine the length of the multibyte character.



HPDPZ0047E The handle for codeset %s could notbe created.The AMTISDIR environmentvariable is %s.

Explanation: The function failed. The AMTISDIR,LC_CODE or LANG might not be correct.

Administrator response: Verify that the product isproperly installed and configured.

HPDPZ0048E The function or operation is notsupported.



HPDPZ0049E A string could not be converted fromthe local codeset %s to UTF-8.




HPDPZ0050E A string could not be converted fromUTF-8 to the local codeset %s.







HPDPZ0051E Shared Library error (%s) %d. %s

Explanation: An error occured loading or unloading ashared library. Verify installation, permissions and pathsettings to ensure that the library can be located.



HPDPZ0052E Shared Library resolve error (%s:%s)%d. %s

Explanation: An error occured resolving a symbol in ashared library. Verify installation to determine that thecorrect library is being loaded.


HPDPZ0053E Unexpected end of file encountedwhile reading %s.

Explanation: An end of file character wasunexpectedly encountered while reading a file. Verifythat the file is valid.


HPDPZ0054E Internal error encountered while

loading Java property file %s.

Explanation: An internal state error was encounteredwhile loading a Java property file. The file was notloaded.


HPDRA0001E Trace is not initialized.



HPDRA0002E Trace initialization failed.




HPDRA0004E Component already exists.




HPDRA0005E Component not found.

Explanation: The specified trace component is not aknown component.

Administrator response: Retry the operationspecifying a valid component.

HPDRA0006E Component handle is invalid.



HPDRA0007E Trace level is invalid.

Explanation: An invalid trace level has been specified.

Administrator response: Specify a valid trace leveland retry the operation.

HPDRA0008E Component name is invalid.

Explanation: The specified component name does notconform to the rules for a valid component name.

Administrator response: Specify a valid componentname. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRA0010E The specified destination is invalid.

Explanation: The log agent specified is invalid.

Administrator response: Specify a valid log agent andretry the operation.

HPDRA0011W Serviceability component %s couldnot be registered for dynamic trace:0x%x: %s

Explanation: A serviceability component could not beregistered for dynamic trace for the reason indicated.This condition is benign and does not stop operation of the product however trace points for the identifiedcomponent can not be activated dynamically.


HPDPZ0051E • HPDRA0011W





HPDRA0064E Unable to perform requested task:0x%x: %s

Explanation: The task could not be performed for theindicated reason.

Administrator response: Correct the problemindicated and retry the operation.

HPDRA0065E The requested task is incomplete ormalformed.

Explanation: The task command is badly formed.

Administrator response: Specify a valid taskcommand and retry the operation.

HPDRA0066E The requested task does not exist.

Explanation: A task name was specified that is nothandled by this server.

Administrator response: Specify a valid task nameand retry the operation.

HPDRA0068E The specified destination (%s) isinvalid.

Explanation: The log agent specified is invalid.

Administrator response: Correct the log agentspecification and retry the operation.

HPDRA0192E Statistics gathering is alreadyregistered for this component.



HPDRA0193E Statistics gathering is not registeredfor this component.

Explanation: No statistics gathering capability is

available for the specified component.

Administrator response: Only specify componentswith statistics capabilities with statistics tasks.

HPDRA0194E Statistics gathering for thiscomponent is already on.




HPDRA0195E Statistics gathering for thiscomponent is always on.




HPDRA0196E Statistics gathering for thiscomponent is not on.



HPDRA0197E The structure containing statisticsgathering functions is invalid.



HPDRA1091E The specified component has notbeen registered with the framework.

Explanation: A command has been received for which

there is no registered component.Administrator response: Re-issue the command witha valid component.

HPDRA1093E The component is already writingtransactional information to a file.

Explanation: An attempt was made to start thetransaction logging while it was already running.

Administrator response: Stop the componenttransaction logging before issuing the start command.

HPDRA1094E A supplied transaction record islarger than the specified maximum filesize: %d

Explanation: A transaction record was received whichexceeded the specified maximum file size.

Administrator response: Increase the maximum sizeof the transaction log file.

HPDRA0064E • HPDRA1094E




HPDRA1095E The filename must not contain anypath information.

Explanation: A base path for the transaction log fileshas been statically configured and as such the suppliedfile name should not contain any path information.

Administrator response: Specify the file name with no

path information.

HPDRG0100E The operation in the Active Directoryregistry for %s failed with return error%lx.

Explanation: An unknown Active Directory userregistry error has occurred.

Administrator response: Retry the failing operation. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0101E The user password violates the ActiveDirectory user password policies.

Explanation: Make sure that the specified passwordconforms to the password policies and/or complexityrequirements of the Active Directory domain controller.If the problem persists, check IBM Electronic Supportfor additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

Administrator response: This password may violateone of the Active Directory general password policiesor the password complexity requirements.

HPDRG0102E An invalid user name ordistinguished name (DN) was presentedto Security Access Manager. The username or DN may contain incorrectinformation, invalid characters orviolates a registry user name limitation.

Explanation: If Security Access Manager is configuredusing Active Directory multiple domains, the usernameor distinguished name may belong to different domainsor the domain suffix doesn't exist or is unreachable.

Administrator response: Check the user name and

DN information and try again. For Active Directoryuser registry, note that a "." as the 20th character of theuser name is not allowed.

HPDRG0103E The specified group is a dynamicgroup and dynamic group membershipcannot be modified.

Explanation: Use the tools or utilities provided withthe Microsoft Active Directory server product tomanage a dynamic group.

Administrator response: The specified group is adynamic group in which its membership is determined

by its LDAP query filter . Security Access Manager canuse dynamic groups but cannot create or manage them.Use the tools or utilities provided with the directoryserver product to manage the group.

HPDRG0104E The specified group is a registrydynamic group and Security AccessManager dynamic group support is notenabled.

Explanation: Must enable dynamic group support inSecurity Access Manager in order to use registrydynamic group.

Administrator response: Use the padmin command tomodify the configuration file to enable dyanmic groupsupport. Restart server service and retry.

HPDRG0105W Unable to remove Security Access

Manager meta data from ActiveDirectory domain %s. Either the datadoesn't exist in the Active Directorydomain or this domain can not becontacted.

Explanation: Either the Active Directory domain is nolonger existed or is unreachable or the data doesn'texist in the specified Active Directory domain.

Administrator response: To ensure that no SecurityAccess Manager data is left behind after it isunconfigured, manually delete the Security AccessManager data from the domain once it's available. If the problem persists, check IBM Electronic Support for


HPDRG0107E The value of the userPrincipalNamein the Active Directory registry is notunique. Duplicate userPrincipalNamevalues are not allowed to be used forthe Security Access Manager user orpolicy ID.

Explanation: There may exist more than one user inthe registry with the same userPrincipalName. SecurityAccess Manager requires the userPrincipalName

attribute of the registry user object to be unique,otherwise it can cause unexpected results for SecurityAccess Manager operations.

Administrator response: Duplication of theuserPrincipalName must be resolved before using it asan object ID in Security Access Manager or choose adifferent object ID.

HPDRA1095E • HPDRG0107E




HPDRG0108E The Active Directory Global Catalogserver may be down or unreachable.The Global Catalog is required to be upand reachable from the Security AccessManager configured Active Directorydomain.

Explanation: The Global Catalog server may be downor unreachable by the Security Access Managerconfigured Active Directory Domain.

Administrator response: Ensure the Global Catalogserver is up and/or check the firewall to ensureconnections between the Global Catalog server and theActive Directory domain/client are allowed.

HPDRG0109W Unable to migrate user %s to thealternate userPrincipalName/e-mailformat. Microsoft Active DirectoryRegistry error: 0x%x.

Explanation: Unable to modify registry data for the

user. Security Access Manager blade server identitymight not have the privilege to modify registry userdata.

Administrator response: Make sure the SecurityAccess Manager blade server identity has theadministrative privilege to modify user if it's desiredand the Microsoft returned error is access denial.Otherwise, migration is done at a later time.

HPDRG0150E The registry object could not befound.


Administrator response: Change the supplied DN tothat of an existing registry object.

HPDRG0151E Unable to load the IBM Directoryclient library.

Explanation: Security Access Manager could not beable to locate and dynamically load the IBM Directoryclient library in order to use the LDAP client tocommunicate with the Microsoft Active Directoryserver.

Administrator response: Ensure that the IBMDirectory client is installed and has the correct

permissions to allow Security Access Manager to loadthe library.

HPDRG0152W Unable to contact the Policy Serverto create the registry handle. The PolicyServer may be down.

Explanation: Blade Servers that use a LDAP client tocommunicate with Active Directory servers require thePolicy Server to be up in order to perform the registrywrite operation. The Policy Server may currently bedown.

Administrator response: Make sure that the PolicyServer is up and running. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0153E Either Secure Socket Layer (SSL)

support is not enabled or the SSL keyfile or key file password are missing orincorrect. If the 'change user passwordusing LDAP APIs' option is enabled,SSL is required to be enabled with avalid key file and key file password.

Explanation: Either Secure Socket Layer (SSL) is notenabled or SSL key file and/or key file password aremissing. Change user passwords using LDAP APIsrequires SSL to be enabled with a valid key file and keyfile password.

Administrator response: Check to see if SSL isenabled and ensure the key file and key file password

are valid.

HPDRG0154E The Active Directory Global Catalogserver hostname(s) is either missing orincorrect. The hostname(s) must bespecified and reachable when thee-mail/UPN support is enabled.

Explanation: The Global Catalog server hostname isrequired and must be available when the e-mail/UPNformat ID support is enabled.

Administrator response: Mofify the registryconfiguration file and try again.

HPDRG0200E The specified group is a dynamicgroup and cannot be modified.

Explanation: The specified group is a dynamic groupin which its membership is specified as a filter. SecurityAccess Manager can use dynamic groups but cannotcreate or manage them. Use the tools or utilitiesprovided with the directory server product to managethe group.

Administrator response: Use the tools or utilitiesprovided with the directory server product to manage adynamic group.

HPDRG0201E Error code 0x%x was received fromthe LDAP server. Error text: %s.

Explanation: Security Access Manager attempted toperform a request to the LDAP server and received anunexpected error code. The error code returned toSecurity Access Manager from the LDAP server isdisplayed in hexadecimal and error text describing thecode is displayed.

Administrator response: Use the tools or utilitiesprovided with the directory server product to examine

HPDRG0108E • HPDRG0201E




the error logs of the LDAP server for possibleadditional information. The documentation includedwith the LDAP server being used, should haveadditional information for possible causes for errorcodes. If the error code and error text indicate aproblem with Secure Socket Layer (SSL) initialization,

be sure that the correct SSL Key Database (sometimesreferred to as a "keyring" or "keyfile"), password andlabel are configured. Also ensure that the SSL KeyDatabase file has read and write permission for theprocess attempting to establish an SSL connection tothe LDAP server. If, after retrying the operation, theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0202E Unable to load the IBM Directoryclient library. The LDAP registry cannotbe initialized.

Explanation: To use the LDAP registry, SecurityAccess Manager must locate and dynamically load theIBM Directory client and it could not.

Administrator response: Ensure that the IBMDirectory client is installed and has the correctpermissions to allow Security Access Manager to loadthe library.

HPDRG0203E Unable to load the Access ControlInformation dynamic library. The LDAPregistry cannot be initialized.

Explanation: The Generic LDAP Access ControlInformation dynamic library has been configured in the

ldap.conf configuration file and therefore SecurityAccess Manager must dynamically load the library andit could not.

Administrator response: Ensure that the AccessControl Information dynamic library is configuredproperly, installed and has the correct permissions toallow Security Access Manager to load the library. If the Access Control Information dynamic library is notrequired, unconfigure it by modifying the ldap.conf configuration file and comment out theexternal-aci-libpath parameter.

HPDRG0204E The LDAP server is an IBM TivoliDirectory Server proxy and the requiredcn=itamproxy container is missing. ThePolicy Server cannot be configured.

Explanation: Security Access Manager attempted toconfigure the Policy Server but the LDAP server beingused is an IBM Tivoli Directory Server proxy. When theproxy server is used, a container called cn=itamproxy isrequired to exist on the proxy. This required containerwas not found.

Administrator response: Use the tools provided with

the directory server proxy to create a partition calledcn=itamproxy and instantiate the container object onthe back-end server. See the Security Access Managerdocumentation for information about setting up andconfiguring the proxy server for use with SecurityAccess Manager. Also ensure that the LDAPadministration DN identity being used has sufficientauthority to create LDAP objects on the back-endserver(s) being used. The LDAP administration DNidentity should usually be a member of the globaladministration group (ex. cn=manager,cn=ibmpolicies).If, after retrying the operation, the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0205E The LDAP server is an IBM TivoliDirectory Server proxy. The requestedaction cannot be performed with a proxyserver.

Explanation: Security Access Manager attempted toperform an action but the LDAP server being used isan IBM Tivoli Directory Server proxy. The proxy serverhas some restrictions about the set of LDAP actionswhich can be performed. For example, schema cannot

be applied, Access Control Lists (ACLs) cannot be setand the partition object cannot be modified through theproxy.

Administrator response: See the Security AccessManager documentation for information about settingup and configuring the proxy server for use withSecurity Access Manager. Also ensure that the LDAPadministration DN identity being used has sufficient

authority to create LDAP objects on the back-endserver(s) being used. The LDAP administration DNidentity should usually be a member of the globaladministration group (ex. cn=manager,cn=ibmpolicies).If, after retrying the operation, the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0206E The secAuthority=Default suffix isrequired but was not found on theLDAP server. The requested operation

cannot be performed.

Explanation: Security Access Manager attempted tocreate the management domain but the required LDAPsuffix (secAuthority=Default) was not found.

Administrator response: See the Security AccessManager documentation for information about settingup and configuring the LDAP server for use withSecurity Access Manager. Ensure that thesecAuthority=Default suffix has been created and thatthe LDAP server has been restarted to allow the suffixto be used.

HPDRG0202E • HPDRG0206E




HPDRG0207W The LDAP server is an IBM TivoliDirectory Server and is running inconfiguration only mode. SecurityAccess Manager will not be able tooperate normally with the LDAP serverin this mode.

Explanation: The LDAP server is an IBM TivoliDirectory Server and the server is currently running inconfiguration only mode. In this mode, most normalLDAP operations (such as update) cannot beperformed. Since many LDAP operations whichSecurity Access Manager performs are not possible,Security Access Manager will not be able to operatenormally until the LDAP server is configured properlyand restarted in normal mode.

Administrator response: View the IBM TivoliDirectory Server error logs and correct any identifiederrors which prevent the LDAP server from starting innormal mode. See the IBM Tivoli Directory Serverdocumentation for the location of the error log and

information for configuring the server properly. Oncethe conditions have been corrected, restart the LDAPserver in normal mode and restart Security AccessManager.

HPDRG0208E The %s suffix is required but was notfound on the LDAP server. Therequested operation cannot beperformed.

Explanation: Security Access Manager attempted tocreate the management domain but the required LDAPsuffix was not found.

Administrator response: See the Security AccessManager documentation for information about settingup and configuring the LDAP server for use withSecurity Access Manager. Ensure that the suffix has

been created and that the LDAP server has beenrestarted to allow the suffix to be used.

HPDRG0209E Ensure the LDAP administrator is amember of the CN=Administratorsgroup of the partition.

Explanation: Security Access Manager attempted tocreate the management domain but the required LDAPsuffix was not found.

Administrator response: See the Security AccessManager documentation for information about settingup and configuring the ADAM server for use withSecurity Access Manager. Ensure that the suffix has

been created and that the LDAP administrator has theauthority to manage the partition.

HPDRG0210E The requested operation cannot beperformed. Ensure SSL has beenconfigured with the ADAM instance orthe ADAM SSL requirement forpassword operations has been disabled.

Explanation: Security Access Manager could notperform a password operation with the ADAM registry.By default, ADAM requires an SSL connection for anypassword operation or the SSL requirement to bedisabled on the ADAM instance.

Administrator response: See the Security AccessManager documentation for information about settingup and configuring the ADAM server for use withSecurity Access Manager.

HPDRG0211E The LDAP server reports a namingviolation. Ensure the distinguishedname (DN): %s is allowed by the LDAPserver schema.

Explanation: Security Access Manager could notperform the requested operation because the LDAPserver did not allow the DN used in the operation. TheDN may not be allowed because the LDAP serverschema is not configured to allow the DN containmentor the RDN values are not defined.

Administrator response: See the Security AccessManager documentation for information about settingup and configuring the LDAP server for use withSecurity Access Manager.

HPDRG0250E A user that you tried to add to agroup is already a member of that group

Explanation: Users that are already members of agroup cannot be added a second time.

Administrator response: Use the pdadmin 'groupshow-members' command to see the current groupmembership. Avoid attempts to add those members asecond time.

HPDRG0251E A user registry request to the Dominodatabase failed with return code %lx.

Explanation: The Domino server may be down, theDomino server may be stopped, or the server is

unreachable over the network.Administrator response: Verify that the Dominoserver is functioning normally. This can beaccomplished by temporarily starting the Notes clientapplication and verifying that the Notes name andaddress book is accessible.

HPDRG0207W • HPDRG0251E




HPDRG0252E The Domino error message is: %s

Explanation: The Domino server may be down, theDomino server may be stopped, or the server isunreachable over the network.

Administrator response: Refer to the Lotus Notes orDomino documentation for more information.

HPDRG0300E Memory allocation failure.

Explanation: A memory allocation request issued bythe amldif2v6 program failed.

Administrator response: Ensure that sufficient diskspace and memory are available in the system. If rerunning the amldif2v6 program does not resolve theproblem, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0301E The amldif2v6 program hasexperienced an internal error caused bythe failure of a system call. (%s , rc=%d)

Explanation: The amldif2v6 program experienced aninternal error caused by the failure of a system call.

Administrator response: Ensure that sufficient diskspace and memory are available in the system. If rerunning the amldif2v6 program does not resolve theproblem, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0302E The amldif2v6 program hasexperienced an internal error caused byan unusable input LDIF file.

Explanation: While processing the input LDIF file, theamldif2v6 program experienced an internal processingerror caused by an unusable input LDIF file.

Administrator response: Ensure that the input LDIFfile was generated using one of the LDAP toolsspecified by the Security Access Managerdocumentation.

HPDRG0303E The input LDIF file contains morethan one object with the distinguishedname %s.

Explanation: While processing the input LDIF file, theamldif2v6 program detected more than one object withthe same distinguished name.

Administrator response: Ensure that the input LDIFfile was generated using one of the LDAP toolsspecified by the Security Access Managerdocumentation.

HPDRG0304E A failure occurred while trying toopen file %s.

Explanation: A failure occurred while amldif2v6 wastrying to open the specified file.

Administrator response: Check the permissions on thedirectory that contains the specified file.

HPDRG0305E A failure occurred while trying tomake a temporary copy of the inputLDIF file (%s.tmp).

Explanation: A failure occurred while amldif2v6 wastrying to make a temporary copy of the input LDIF file.

Administrator response: Ensure that directorypermissions allow this file to be created.

HPDRG0306E A failure occurred while trying towrite to the file %s.

Explanation: A failure occurred while trying to writeto the specified file.

Administrator response: Ensure that directorypermissions allow this file to be written.

HPDRG0307E A failure occurred while trying toread file %s.

Explanation: A failure occurred while trying to readthe specified file.

Administrator response: Ensure that directorypermissions allow this file to be read.

HPDST0102W The security translation layer is notinitialized.


Administrator response: Initialize the securitytranslation layer by calling the security translation layerinitialization interface.

HPDST0104E A memory address that is not validwas supplied to the security translationlayer.


Administrator response: Retry the failing operation. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDRG0252E • HPDST0104E




HPDST0105E A credential that is not valid wassupplied to the security translationlayer.

Explanation: The credential supplied to the securitytranslation layer is not valid.

Administrator response: Retry the failing operation

after obtaining a valid credential. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0106E The context input token supplied tothe security translation layer is notvalid.

Explanation: The security translation layer waspresented a security token which could not bevalidated for security context negotiation.

Administrator response: Retry the failing operationwith a valid security token. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0118E The security context presented to thesecurity translation layer was not valid.

Explanation: The security context presented to thesecurity translation layer was not valid. Either it hasexpired, has been destroyed, or the reference presentedwas to a security context that has not been initialized.

Administrator response: Establish a valid securitycontext and retry the failing operation. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0120E The security translation layer wasunable to perform the memoryoperation because memory is full.

Explanation: Memory has been exhausted and there isno available memory to perform the memory operation.

Administrator response: Check the memory status of the system and retry the failing operation. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0121E The security translation layer couldnot load the security library.

Explanation: The security library required by thesecurity translation layer could not be found on thesystem, or could not be loaded.

Administrator response: Check that the security

library is installed. Retry the failing operation. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0122E The security translation layer couldnot find the initializer function for thesecurity system.

Explanation: The security library that was loadeddoes not have the required initializer function.

Administrator response: Ensure that the correct

security library is installed on the system. Retry thefailing operation. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0123E The security translation layer couldnot initialize the security function table.

Explanation: The security translation layerinitialization using the security library initializationfunction failed.

Administrator response: Check the system securityconfiguration and system event log for details. Retrythe failing operation. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0126E The buffer type encountered by thesecurity translation layer is unknown.

Explanation: An unknown buffer type wasencountered by the security translation layer.

Administrator response: Retry the failing operation. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/


HPDST0127E An undiagnosed error was detected bythe security translation layer. Thesecurity system specific error code was:%08x.

Explanation: An undiagnosed error was detected bythe security translation layer. The security systemspecific error is provided to assist with debugging.

HPDST0105E • HPDST0127E




Administrator response: Check system event logs andsystem documentation for further details of theproblem. Retry the failing operation. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0128E A routine was called with one or moreparameter values that were not correct.

Explanation: The parameter values supplied to thesecurity translation layer are very important. If thevalues supplied by a caller are incorrect the routinescannot continue to process the parameters. Thistypically occurs when required length parameters havea value of less than or equal to zero.

Administrator response: Retry the failing operation. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/


HPDST0129E The security service function %sreturned major error code %d and minorerror code %d.

Explanation: A security service function failed andprovided a minor error code.

Administrator response: Look in the IBM SecurityAccess Manager for Web Troubleshooting Guide sectiondealing with common Web security SPNEGO problems.If no documentation describing the solution isavailable, consult the OS specific documentation for the

security service (Kerberos or SSPI). If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0130E The security service function %sreturned the error '%s' (code0x%08x / %d).

Explanation: A security service function failed. Theerror string and error code provide a more detailedreason for the failure.

Administrator response: Look in the IBM SecurityAccess Manager for Web Troubleshooting Guide sectiondealing with common Web security SPNEGO problems.If no documentation describing the solution isavailable, consult the OS specific documentation for thesecurity service (Kerberos or SSPI). If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

HPDST0128E • HPDST0130E




Chapter 3. Security Access Manager WebSEAL Messages

These messages are provided by the Security Access Manager WebSEALcomponent.

DPWAD0309E The WebSEAL administration servicehas not been initalized.

Explanation: The WebSEAL administration serviceplug-in failed to initialize properly.

Administrator response: Check for other initializationerrors and/or configuration problems that may havepreviously occurred.

DPWAD0312E Object list failed: %s

Explanation: The object list command failed to

complete correctly.

Administrator response: This is a generic error whichwill contain further details when output.

DPWAD0328E The junction import commandreceived invalid data

Explanation: An error occurred when trying to extractone or more of the junction attributes sent in the admincommand.

Administrator response: Check that the data beingpassed into the junction import command is valid.

DPWAD0329E The junction import commandreceived an invalid version

Explanation: The version in the junction definition isnot supported by this version of WebSEAL

Administrator response: Check the version of the junction in the XML definition

DPWAD0330E The junction import could not createthe junction file

Explanation: WebSEAL can not create the junction file.

Administrator response: Check the filesystem to makesure there is space available, or that the WebSEALserver has permissions to create/write the file.

DPWAD0331E The junction import could not writethe junction file

Explanation: An error occurred writing the junctiondefinition.

Administrator response: Check the filesystem to makesure there is space available, or that the WebSEAL

server has permissions to create/write the file.

DPWAD0332E The junction export could not readthe junction directory

Explanation: An error occurred while trying to readthe contents of the junction database directory.

Administrator response: Check to make sure thatWebSEAL is able to read the contents of the directorywhich is configured to contain the junction definitions.

DPWAD0333E Unable to add junction attributesinto command handler

Explanation: An error occurred returning the junctiondata to the client

Administrator response: This is an internal errorwhich occurs when WebSEAL is marshalling the

junction data to the export command. Check for othererrors occurring previously.

DPWAD0334E An invalid junction point wasspecified.

Explanation: WebSEAL was unable to build the

junction filename.

Administrator response: An internal error occurred inWebSEAL when trying to build the encoded filename.Check for previous errors.

DPWAD0335E Error reading junction point %s.

Explanation: The file name representing the junctioncould not constructed.

Administrator response: An internal error occurred inWebSEAL when trying to build the encoded filename.Check for previous errors.

DPWAD0336E Error reading junction file %s.

Explanation: There was an error opening or parsingthe junction definition file.

Administrator response: Verify the .xml file exists, isreadable, and has valid data.

DPWAD0342E Error reading input user session id.

Explanation: There was an error parsing the usersession id.




Administrator response: Verify that the input is beingpassed correctly.

DPWAD0343E Error reading input user id.

Explanation: There was an error parsing the user ID.

Administrator response: Verify that user ID is being

input correctly.

DPWAD0345E No matching User Session found.

Explanation: Bad input, or User session was alreadyterminated.

Administrator response: Verify validity of input, orassume session was already terminated.

DPWAD0362E The dynurl configuration file %scannot be opened for reading.

Explanation: An attempt to open the dynurl

configuration file for reading failedAdministrator response: Ensure that the file exists onthe WebSEAL server and is readable

DPWAD0363E The jmt configuration file %s cannotbe opened for reading.

Explanation: An attempt to open the jmt configurationfile for reading failed

Administrator response: Ensure that the file exists onthe WebSEAL server and is readable

DPWAD0364E You must specify a junction point toread or write an fsso configuration file.

Explanation: A junction point is necessary todetermine which fsso configuration file to read or write

Administrator response: Add the junction point to the junction attribute of the indata attribute list

DPWAD0365E The junction: %s is not a validjunction on this WebSEAL server.

Explanation: An invalid junction point was provided.

Administrator response: Ensure that the junctionattribute in indata is a valid junction

DPWAD0366E The junction: %s is not an fssojunction on this WebSEAL server.

Explanation: The junction specified is not an FSSO junction.

Administrator response: Ensure that the junctionspecified is an FSSO junction.

DPWAD0367E The fsso configuration file: %s couldnot be opened for reading.

Explanation: The junction specified could not beopened.

Administrator response: Ensure that the fssoconfiguration file for the junction specified exists and is

readable.

DPWAD0368E Could not create dynurlconfiguration file: %s

Explanation: WebSEAL was unable to create thedynurl conf file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the dynurl configuration file will be stored

DPWAD0369E Reloading the in memory dynurltable failed

Explanation: An error occurred while trying to readthe dynurl configuration file.

Administrator response: Ensure that the new filespecified is in the proper format

DPWAD0370E Could not create jmt configurationfile: %s

Explanation: An error occured while trying to openthe jmt configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directory

where the jmt configuration file will be stored

DPWAD0371E Reloading the in memory jmt tablefailed

Explanation: An error occurred while trying to read inthe new jmt configuration file.

Administrator response: Ensure that the new filespecified is in the proper format.

DPWAD0372W The junction specified does notexist. The configuration file: %s wascreated.

Explanation: An fsso junction may not be createdwithout the configuration file being inplace. This allowsthe file to be created before the junction

Administrator response: The junction may now becreated using this new configuration file

DPWAD0343E • DPWAD0372W




DPWAD0373E Could not create fsso configurationfile: %s

Explanation: An error occurred while trying to read inthe new fsso configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directory

where the fsso configuration file will be stored

DPWAD0374E The backup operation failed for %s

Explanation: An error occurred while attempting tocreate a backup copy of the original configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the configuration file resides.

DPWAD0375E Reloading junction: %s failed

Explanation: An error occurred while trying to load

the fsso configuration file.Administrator response: Ensure that the new filespecified is in the proper format.

DPWAD0376E The restore operation failed for %s

Explanation: An error occurred while trying to restorea backed up version of a configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the configuration file resides.

DPWAD0386E Failed to open the supplied junctionarchive file.

Explanation: An error occurred when trying to accessa junction archive file.

Administrator response: Ensure that the specified filename is correct and that the WebSEAL server canaccess the file.

DPWAD0387E The supplied junction archive filecontains an invalid junction definition.

Explanation: An error occurred while trying to accessa junction archive file.

Administrator response: Ensure that the supplied fileis correctly formatted.

DPWAD0391W Failed to execute the program (%s).(Errno = %d).

Explanation: An error occurred when attempting torun the specified program.

Administrator response: If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/


DPWAD0394W The requested file segmentcontained binary characters.

Explanation: A request to display a binary file wassubmitted. A binary file can be displayed only if the'-encode' option is supplied.

Administrator response: Ensure that the correct filehas been requested and if so that the '-encode' option issupplied to the command.

DPWAD0404E Failed to locate the authorizationserver password, required for the serversync command.

Explanation: The server sync command is notavailable because the authorization server passwordcould not be determined.

Administrator response: Check the log file for

additional errors. For the error code from the messageand additional troubleshooting steps, see the IBMSecurity Access Manager for Web TroubleshootingGuide.

DPWAD0405E Failed to synchronize the WebSEALserver.

Explanation: The server sync command did notcomplete successfully.

Administrator response: Check the log file foradditional errors. For the error code from the messageand additional troubleshooting steps, see the IBMSecurity Access Manager for Web TroubleshootingGuide.

DPWAD0406E The server name supplied was notvalid.

Explanation: The server name supplied to the serversync command was not valid.

Administrator response: Ensure that a valid servername is supplied with the server sync command. Theserver name must not be the same as the name of theserver that runs the command.

DPWAD0411E The TCP/IP host information couldnot be determined from the serverhostname: %s. Ensure that the serverhostname is correct and that the domainname server is functioning correctly.

Explanation: The TCP/IP address for the specifiedhost could not be determined.

Administrator response: Ensure that the IP addressfor the specified host name can be resolved. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/

DPWAD0373E • DPWAD0411E

Chapter 3. Security Access Manager WebSEAL Messages 147




DPWAD0412E The configuration entry found withinthe %s stanza was not valid: %s = %s.

Explanation: The specified configuration entrycontained a value that must be corrected.

Administrator response: Correct the configurationentry which is not valid.

DPWAD0413E An attempt to create a temporary filefailed.

Explanation: An attempt was made to create atemporary file and the file could not be created.

Administrator response: Check the log file foradditional errors. Also check the file system to ensurethat there is adequate disk space available.

DPWAD0415E An ICAP Server for the '%s' resourcewas not found.

Explanation: An unknown ICAP resource wasspecified.

Administrator response: Check the ICAPconfiguration within both the WebSEAL configurationfile and the policy database.

DPWAD0416E An ICAP Server for the specifiedresource was not found.

Explanation: An unknown ICAP resource was

specified.Administrator response: Check the log file foradditional errors.

DPWAD0417E A bad response was received fromthe ICAP server.

Explanation: The response which was received fromthe ICAP server was incorrectly formatted.

Administrator response: Check the configuration of the ICAP server.

DPWAD0418E Failed to connect to the ICAP server:%s.

Explanation: An attempt to contact an ICAP serverfailed. The ICAP server is required to be able tocorrectly service the Web request.

Administrator response: Ensure that the configurationfor the ICAP server is correct and that the ICAP serveris available. Check the log file for additional errors.

DPWAD0419E Failed to connect to a required ICAPserver.

Explanation: An attempt to contact an ICAP serverfailed. The ICAP server is required to be able tocorrectly service the Web request.

Administrator response: Ensure that the configuration

for the ICAP server is correct and that the ICAP serveris available. Check the log file for additional errors.

DPWAD0420E The maximum number of concurrentrequests which can be processed for thissession has been reached.

Explanation: The user session has reached themaximum number of simultaneous requests which can

be processed by WebSEAL.

Administrator response: Either increase theconfigured maximum number of requests which can beprocessed by a session, or wait for existing requests for

the user session to complete.

DPWAD0421W The session, owned by %s , hasreached it's soft limit of %d concurrentrequests.

Explanation: The user session has reached thewarning point for the number of simultaneous requestswhich can be processed by WebSEAL.

Administrator response: Prepare to increase the hardlimit of concurrent requests for a user session, or waitfor existing requests for the user session to complete.

DPWAD0431E Failed to locate the authorizationserver password, required for the clusterfunctionality.

Explanation: The cluster support is not available because the authorization server password could not bedetermined.


DPWAD0432E Failed to execute the server task '%s'on %s : %s

Explanation: An attempt to execute a server taskcommand failed.






DPWAD0433E Failed to execute a server taskcommand

Explanation: An attempt to execute a server taskcommand failed.

Administrator response: Check the log file foradditional errors. For the error code from the message

and additional troubleshooting steps, see the IBMSecurity Access Manager for Web TroubleshootingGuide.

DPWAD0434E Failed to create the administrationcontext for %s: %s

Explanation: An attempt to create an administrationcontext failed.

Administrator response: Check the log file foradditional errors. For the error code from the messageand additional troubleshooting steps, see the IBMSecurity Access Manager for Web Troubleshooting

Guide.

DPWAD0435E Failed to create an administrationcontext

Explanation: An attempt to create an administrationcontext failed.


DPWAD0436E An unexpected result was receivedfrom the server task command: %s (%s)

Explanation: An unexpected result was received fromthe server task command.


DPWAD0438E Failed to synchronize with the clustermaster

Explanation: An attempt to synchronize the localconfiguration with the cluster master server failed.


DPWAD0439E Failed to restart the cluster

Explanation: An attempt to restart the cluster failed.

Administrator response: Check the log file foradditional errors. For the error code from the messageand additional troubleshooting steps, see the IBMSecurity Access Manager for Web Troubleshooting

Guide.

DPWAD0440E Failed to restart the cluster: 0x%lx

Explanation: An attempt to restart the cluster failed.


DPWAD0441E Failed to restart the cluster as acluster restart is already in progress

Explanation: An attempt to restart the cluster failed asa prior request to restart the cluster is still in progress.


DPWAD0442E The server, %s , failed to restartwithin a reasonable period of time.

Explanation: The specified server did not restartwithin the allocated period of time. This restart wasperformed as a part of the cluster synchronisation.


DPWAD0445E %s

Explanation: An unspecified error has occurred.

Administrator response: Check the log file foradditional errors. For the error code from the message

and additional troubleshooting steps, see the IBMSecurity Access Manager for Web TroubleshootingGuide.

DPWAD0446E Both the '-ripple' and '-status' optionscannot be specified at the same time.

Explanation: The cluster restart command cannot have both the '-ripple' and '-status' options specified in thesame command.

Administrator response: Re-issue the command with





either of the options, but not both.

DPWAD0447E The server is not fully initialized.

Explanation: An attempt to access the server faileddue to the fact that it is not fully initialized. This canoccur during server start-up or shutdown.

Administrator response: Allow extra time for theserver to finish initialization and then retry theoperation. If the problem persists check the log file foradditional errors.

DPWAD0448E The new user identity (%s) does notmatch the current authenticated useridentity (%s).

Explanation: The identity which is provided in asubsequent authentication operation must match theidentity which was used during the originalauthentication operation.

Administrator response: The user must present thesame user ID provided in the previous authenticationoperation.

DPWAD0449E The new user identity does notmatch the current authenticated useridentity.

Explanation: The identity which is provided in asubsequent authentication operation must match theidentity which was used during the originalauthentication operation.

Administrator response: The user must present thesame user ID provided in the previous authenticationoperation.

DPWAD0452E eCSSO authentication is enabled butno Master Authorization Server isdefined.

Explanation: The e-community-sso-auth has been setwithout setting a master authorization server.

Administrator response: Update the configuration fileand set a master authorization server in themaster-authn-server value under the [e-community-sso]stanza.

DPWAD0453E Duplicate eCSSO domain '%s'defined under the [e-community-domains] stanza.

Explanation: Each domain under the[e-community-domains] stanza must be unique.

Administrator response: Remove the duplicate entryand retry.

DPWAD0454E Unable to configure the eCSSOauthentication module for domain/host'%s': status 0x%lx.

Explanation: The eCSSO (consume or create)authentication module configured for the domain/hostspecified returned an error while being initialised.

Administrator response: Either a bad shared librarywas specified for the authentication module or theconfiguration is incorrect, for example the key filesspecified are missing or inaccessible.

DPWAD0455E The value '%s' is not a valid optionfor ip-support-level. Use one of'displaced-only', 'generic-only', or'displaced-and-generic'.

Explanation: An invalid setting was set for thewebseald configuration file option ip-support-level.

Administrator response: Change the setting for

ip-support-level to a valid one.

DPWAD0456E The value displaced-only is not avalid option for ip-support-level whenipv6-support is enabled.

Explanation: displaced-only can not be set whenipv6-support = yes.

Administrator response: Change the setting forip-support-level to generic-only or displaced-and-generic.

DPWAD0457E The authentication challenge type

specified is not valid: %s

Explanation: The challenge type string located in theWebSEAL configuration file was not valid.

Administrator response: Change the setting forauth-challenge-type to be a valid challenge type.

DPWAD0458E The corresponding authenticationmethod for the challenge type, %s , isnot enabled.

Explanation: The corresponding authenticationmethod for the specified challenge type is not enabled.

Administrator response: Either remove the failingchallenge type from the auth-challenge-typeconfiguration entry, or enable the correspondingauthentication method.

DPWAD0459E The authentication challenge typecontains multiple entries for %s.

Explanation: The challenge type string located in theWebSEAL configuration file contains multiple rule setsfor a single mechanism.





Administrator response: Remove the duplicate entriesin the auth-challenge-type configuration entry.

DPWAD0460E The following authenticationchallenge type contains a syntax error orinvalid pattern.%s

Explanation: The challenge type string located in theWebSEAL configuration file contains a syntax error.

Administrator response: Correct the syntax error forthe auth-challenge-type configuration entry.

DPWAD0600E An error occurred attempting todetermine the current installed versionof WebSEAL. WebSEAL cannot start.

Explanation: This error occurs if the current installedversion of WebSEAL cannot be determined. Thisindicates a severe problem.

Administrator response: If the problem persists, check

IBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWAD0601E The version string '%s' is invalid.

Explanation: This error occurs if an invalid versionnumber is found.


DPWAD0602E An error occurred attempting todetermine the originally installedversion of WebSEAL to verify that theconfiguration file is up-to-date.WebSEAL cannot start.

Explanation: This error occurs if the originallyinstalled version of WebSEAL cannot be determined.This indicates a severe problem.


DPWAD0603E An error occurred attempting tobackup the configuration file.

Explanation: This error occurs when WebSEAL istrying to make a backup copy of the originalconfiguration file before upgrade.

Administrator response: Examine the log file foradditional errors. More information about the problemthat occurred will be present.

DPWAD0604E An error occurred attempting torestore the configuration file.

Explanation: This error occurs when WebSEAL istrying to restore a backed up copy of the configurationfile.

Administrator response: Examine the log file for

additional errors. More information about the problemthat occurred will be present.

DPWAD0605W The configuration file entry [%s]%swas not found.

Explanation: This error occurs when WebSEAL istrying to determine the version of the WebSEAL serverthat created the configuration file.

Administrator response: No action is necessary - theWebSEAL server will try another method to determinethe original version of WebSEAL installed, and updatethe configuration file as necessary.

DPWAD0606E An error occurred attempting tomigrate the configuration file entry[%s]%s.

Explanation: This error occurs when WebSEAL istrying to perform migration of a configuration fileentry.

Administrator response: You may need to manuallyupdate the entry to allow migration to proceed.Examine the configuration file and documentation formore information on the particular entry.

DPWAD0607E An error occurred attempting tomigrate the configuration file entry [%s].

Explanation: This error occurs when WebSEAL istrying to perform migration of a configuration filestanza.

Administrator response: You may need to manuallyupdate the entry to allow migration to proceed.Examine the configuration file and documentation formore information on the particular entry.

DPWAD0611E A serious error occurred performingconfiguration file migration. You may

need to perform manual migration ofsome configuration options.

Explanation: This message indicates that a seriousproblem occurred while attempting to update theconfiguration file.

Administrator response: Refer to other log messagesto attempt to determine the problem. You may be ableto perform manual migration of configuration fileentries. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/





support/index.html?ibmprd=tivman. If you wish toattempt to manual migration, comment the problematicentries out of the WebSEAL configuration file andrestart the WebSEAL server. Once the WebSEAL serverhas started successfully, manually modify theconfiguration file to restore the functionality you havedisabled, refering to the WebSEAL AdministrationGuide where necessary.

DPWAD0752E A replica set must be specified forthe virtual host junction '%s'.

Explanation: When the SMS is used for sessionstorage, all virtual host junctions must have a replicaset specified with the -z junction option.

Administrator response: Create the junction using the-z <replica-set> option. The <replica-set> must be oneof the replica sets listed in the WebSEAL configurationfile.

DPWAD0753E A replica set must be specified forthe junction.

Explanation: When the SMS is used for sessionstorage, all virtual host junctions must have a replicaset specified with the -z junction option.

Administrator response: Create the junction using the-z <replica-set> option. The <replica-set> must be oneof the replica sets listed in the WebSEAL configurationfile.

DPWAD0754E The Virtual Host junction '%s' musthave an eCSSO domain key in theconfiguation file for it's virtual hostname '%s'.

Explanation: When the Virtual Host junction wascreated or restored from the junction database it'svirtual host name was discovered not to have a eCSSOdomain key. These are configured using[e-community-domains] and [e-community-domain-keys:<domain>]

Administrator response: Add a eCSSO key for thedomain the Virtual Host junction is in using the[e-community-domains] and [e-community-domain-keys:<domain>] stanzas and restart WebSEAL so itrecognises the changes. Then retry creating the Virtual

Host junction.

DPWAD0755E The Virtual Host junction must havean eCSSO domain key in theconfiguration file for it's virtual hostname.

Explanation: When the Virtual Host junction wascreated or restored from the junction database it'svirtual host name was discovered not to have a eCSSOdomain key. These are configured using

[e-community-domains] and [e-community-domain-keys:<domain>]

Administrator response: Add a eCSSO key for thedomain the Virtual Host junction is in using the[e-community-domains] and [e-community-domain-keys:<domain>] stanzas and restart WebSEAL so itrecognises the changes. Then retry creating the Virtual

Host junction.

DPWAD0756W The junction reload command didnot complete for regular junctions as aprevious reload is still in effect. Tryagain later.

Explanation: A reload command issued earlier is stillwaiting for some requests using the older junctiondefinitions to complete. New reload commands will nothave an effect until these requests complete. VirtualHost junctions are independent and you should lookfor a separate message if they are busy too.

Administrator response: The command has had noeffect on junctions, retry the command at a later time.

DPWAD0757W The junction reload command didnot complete for Virtual Host junctionsas a previous reload is still in effect. Tryagain later.

Explanation: A reload command issued earlier is stillwaiting for some requests using the older Virtual Host

junction definitions to complete. New reloadcommands will not have an effect until these requestscomplete. Regular junctions are independent and youshould look for a separate message if they are busy too.

Administrator response: The command has had noeffect on Virtual Host junctions, retry the command at alater time.

DPWAD0782E Could not take junction offline

Explanation: This message is followed by anexplanation of why the junction could not be takenoffline.

Administrator response: Correct the problemdescribed in the message displayed after this message.

DPWAD0783E Could not take Virtual Host junctionoffline

Explanation: This message is followed by anexplanation of why the Virtual Host junction could not

be taken offline.






DPWAD0784E Could not throttle junction

Explanation: This message is followed by anexplanation of why the junction could not be throttled.


DPWAD0785E Could not throttle Virtual Hostjunction


be throttled.


DPWAD0786E Could not bring junction online

Explanation: This message is followed by anexplanation of why the junction could not be brought

online.Administrator response: Correct the problemdescribed in the message displayed after this message.

DPWAD0787E Could not bring Virtual Hostjunction online


be brought online.


DPWAD0788E You can only change the operationstate of TCP, SSL, TCP Proxy, and SSLProxy junctions.

Explanation: Not all junction types supportoperational state changes.

Administrator response: Ensure you are applying thecommand to the correct junction.

DPWAD0789E You can only change the operationstate of TCP, SSL, TCP Proxy, and SSLProxy Virtual Host junctions.

Explanation: Not all Virtual Host junction typessupport operational state changes.

Administrator response: Ensure you are applying thecommand to the correct Virtual Host junction.

DPWAD0790E Invalid server ID

Explanation: The argument passed to -i was not avalid server UUID.

Administrator response: Obtain the correct UUID byusing the 'show' command.

DPWAD0791E Invalid server ID

Explanation: The argument passed to -i was not avalid server UUID.

Administrator response: Obtain the correct UUID byusing the 'virtualhost show' command.

DPWAD0792E Server %s not found at junction %s

Explanation: An attempt was made to change theoperational state of a junction server based on a UUIDwhich did not match any of the servers of the junction.

Administrator response: Use the 'show' command tofind the correct UUID.

DPWAD0793E Server %s not found at Virtual Hostjunction %s

Explanation: An attempt was made to change theoperational state of a Virtual Host junction server based

on a UUID which did not match any of the servers of the Virtual Host junction.

Administrator response: Use the 'virtualhost show'command to find the correct UUID.

DPWAD1050E The filename must not contain anypath information.

Explanation: A base path for the database files has been statically configured and as such the supplied filename should not contain any path information.

Administrator response: Specify the name of thedatabase without any path information.

DPWAD1053E An error occurred while writing theWebSEAL flow data to disk.

Explanation: An error occured while WebSEAL wascommitting the collected flow data to disk. One ormore records may be missing for the last time period.


DPWAD1054E The %s system routine failed: %d.

Explanation: An error occured when WebSEALattempted to execute a system routine.


DPWAD1055E A system routine failed.

Explanation: An error occured when WebSEALattempted to execute a system routine.

Administrator response: If the problem persists, checkIBM Electronic Support for additional information -






DPWAD1056E A process terminated unexpectedly:%d.

Explanation: A process which was currently beingmonitored terminated unexpectedly. This process will

be automatically restarted.


DPWAD1200E The incoming connection from %shas been blocked.

Explanation: The incoming connection has beentemporarily blocked by the Web Application Firewallfunctionality.


DPWAD1201E An invalid csv field was provided:%s

Explanation: An invalid field was provided.

Administrator response: Examine the configurationand correct the offending field.

DPWAD1202E An invalid configuration value wasprovided: %s

Explanation: An invalid configuration value wasprovided.

Administrator response: Examine the configurationand correct the offending value.

DPWAD1203E An invalid number of fields wereprovided within the csv file: %s

Explanation: An invalid number of fields werediscovered in a csv file.

Administrator response: Examine the configurationand correct the offending csv file.

DPWAD1204E An unknown issue was discovered,%d , and as such no action was taken.

Explanation: An issue was discovered for which therewas no configured action.

Administrator response: Examine the configurationand ensure that an action exists for the specified issue.

DPWAD1206E An incompatible ISS protocolanalysis module library was found.

Explanation: An incompatible ISS protocol analysismodule was specified within the WebSEALconfiguration.

Administrator response: Install a compatible ISS

protocol analysis module distribution, or disable thisfunctionality within WebSEAL.

DPWAD1207E An internal error was encounteredwithin the ISS protocol analysismodule.

Explanation: An error was returned from the ISSprotocol analysis module.

Administrator response: Check the log file foradditional errors. If necessary, look up the error codefrom the message in the IBM Security Access Managerfor Web Troubleshooting Guide for additional

troubleshooting steps.

DPWAD1208E An unrecoverable error wasencountered within the ISS protocolanalysis module : %s.

Explanation: An error was returned from the ISSprotocol analysis module.

Administrator response: Check the log file foradditional errors. If necessary, look up the error codefrom the message in the IBM Security Access Managerfor Web Troubleshooting Guide for additionaltroubleshooting steps.

DPWAD1209E An insufficient amount of memorywas supplied to an internal WAFroutine.

Explanation: An insufficient amount of memory wassupplied to one of the internal WAF routines.

Administrator response: Check the log file foradditional errors. If necessary, look up the error codefrom the message in the IBM Security Access Managerfor Web Troubleshooting Guide for additionaltroubleshooting steps.

DPWAD1210E The client connection has beenblocked due to a security attack whichwas detected by the protocol analysismodule.

Explanation: The protocol analysis module detected apotential attack in a prior request from the client and assuch has blocked all connections from this client for aperiod of time.

Administrator response: Check the log file foradditional errors. If necessary, look up the error codefrom the message in the IBM Security Access Manager





for Web Troubleshooting Guide for additionaltroubleshooting steps.

DPWCA0150E Invalid UNIX user name (%s)


Administrator response: Use a valid user name

DPWCF0450E The IBM Security Access ManagerRuntime installation directory could notbe found. Install IBM Security AccessManager Runtime.

Explanation: The installation directory for AMRTEcould not be found in the registry. This is probably

because AMRTE is not installed.

Administrator response: Make sure that AMRTE isinstalled.

DPWCF0451E The IBM Security Access Manager

WebSEAL installation directory couldnot be found. Install IBM SecurityAccess Manager WebSEAL.

Explanation: The installation directory for AMWebcould not be found in the registry. This is probably

because AMWeb is not installed.

Administrator response: Make sure that IBM SecurityAccess Manager WebSEAL is installed.

DPWCF0452E The configuration file '%s' could notbe opened.

Explanation: The configuration file may not exist, orfile system permissions may prevent it from beingopened.

Administrator response: Make sure that theconfiguration file exists and can be read and written.

DPWCF0453E The file '%s' could not be opened.Error code: %d

Explanation: The file could not be opened. The systemfunction returned the indicated error code

Administrator response: Make sure that the file existsin the system, and that it is readable and writable. If

necessary, look up the system error code to determinethe problem.

DPWCF0454E The file '%s' could not be closed.Error code %d.

Explanation: A file could not be closed because of theindicated system error.

Administrator response: Make sure that the filesystem on which the file is located is not full. Alsomake sure that the directory for the file exists and is

writable. If necessary, look up the system error code toidentify the problem.

DPWCF0455E The directory '%s' could not beopened. Error code: %d

Explanation: The directory could not be opened because of the indicated system error code.

Administrator response: Make sure that the directoryexists and file system permissions allow it to be read.

DPWCF0456E The directory '%s' could not beclosed. Error code: %d

Explanation: Closing a directory failed because of theindicated system error code.

Administrator response: Make sure that the directoryexists and is writable.

DPWCF0457E The instance name '%s' is already in

use.

Explanation: The instance name is already in use.

Administrator response: Use a different instancename.

DPWCF0458E The length of the instance name '%s'is more than %d characters.

Explanation: The provided instance name is morethan 20 characters.

Administrator response: Use an instance name thathas less than 20 characters.

DPWCF0459E The instance name '%s' containsinvalid characters. Instance names mustconsist of alphanumeric characters plusthe symbols: '-' '_' '.'

Explanation: The provided instance name containsillegal characters.

Administrator response: Use an instance name thatcontains only valid characters.

DPWCF0460E The IP address '%s' does not exist inthe system.

Explanation: The provided IP address does not existin the system.

Administrator response: Make sure that the providedIP address exists in the system.

DPWCA0150E • DPWCF0460E




DPWCF0461E The key file '%s' does not exist in thesystem.

Explanation: The provided key file does not exist inthe system.

Administrator response: Make sure the provided keyfile exists in the system.

DPWCF0462E The key file password is incorrect.

Explanation: The key file password may have beenentered incorrectly.

Administrator response: Make sure that the key filepassword is entered correctly.

DPWCF0463E The LDAP server could not becontacted through SSL on port %d.

Explanation: The SSL LDAP port may have beenentered incorrectly, or the LDAP server may not be

running.Administrator response: Make sure the LDAP serveris running. Correct the SSL LDAP port if necessary.

DPWCF0464E The key file for SSL communcationwith the LDAP server is invalid.

Explanation: The wrong key file may have beenentered.

Administrator response: Make sure that the providedkey file is a valid key file for SSL communication withthe LDAP server

DPWCF0465E SSL environment could not beopened. Error: %s.

Explanation: An internal SSL error occurred.

Administrator response: The action to correct thisproblem depends on details in the error message.

DPWCF0466E Port '%s' is already in use.

Explanation: The provided port is already in use.

Administrator response: Use a different port, orremove the service that is using the port.

DPWCF0467E Fields marked with an asterisk (*) arerequired.

Explanation: Not all required inputs were provided.

Administrator response: Fill in values for all of therequired fields.

DPWCF0468E The Policy Server could not becontacted. Make sure the Policy Serveris running and try again.

Explanation: The Policy Server must be running inorder to configure WebSEAL.

Administrator response: Make sure the Policy Server

is functioning properly. Restart the Policy Server if necessary.

DPWCF0469E The file '%s' could not be copied to'%s'

Explanation: An error occurred when trying to copy afile.

Administrator response: Make sure the orginal fileexists and the directory for the new file exists. Makesure the file system has sufficient space to copy the file.Make sure the destination directory is writable.

DPWCF0470E The directory '%s' could not be copiedto the directory '%s'.

Explanation: The original directory or the path of thenew directory may not be existed.

Administrator response: Make sure the orginaldirectory exists and the path of the new directory alsoexists.

DPWCF0471E The directory '%s' could not becreated.

Explanation: The path to the directory that want to becreated may be not existed in the system.

Administrator response: Make sure the path to thedirectory that want to be created exists in the system.

DPWCF0472E The random password could not begenerated.

Explanation: Memory allocation operation failed.

Administrator response: Check memory limits onyour machine, and increase availabel memory if possible

DPWCF0473E The WebSEAL instance '%s' failed to

configure.

Explanation: WebSEAL instance cannot be configureddue to the error that displayed before this message

Administrator response: Unconfigure this WebSEALinstance and run configuration program again.

DPWCF0461E • DPWCF0473E




DPWCF0474E The WebSEAL instance '%s' failed tounconfigure.

Explanation: WebSEAL instance cannot beunconfigured due to the error that displayed before thismessage

Administrator response: Run unconfiguration

program again.

DPWCF0475E The specified document root directory'%s' does not exist.

Explanation: The provided document root directorydoes not exist.

Administrator response: Make sure the document rootdirectory exists in the system.

DPWCF0476E The specified option '%s' is invalid.

Explanation: The specified option is invalid. Only the

flags in the usage message are valid.Administrator response: The specified option isinvalid. Use one of the options from the usage and tryagain.

DPWCF0477E The specified option '%s' needs aparameter.

Explanation: The specified option must have aparameter.

Administrator response: Need to specify a parameterfor the specified action.

DPWCF0478E The action option needs to bespecified.

Explanation: The "action" option needs to be specifiedto configure or unconfigure WebSEAL instance fromcommand line.

Administrator response: Need to specify the "action"option in the command line inputs.

DPWCF0479E The specified certificate label '%s' isinvalid.

Explanation: The provided certificate label is incorrect.

Administrator response: Make sure the certificatelabel is entered correctly.

DPWCF0480E The response file '%s' could not beopened.

Explanation: The provided response file does notexist.

Administrator response: Make sure the response fileexists.

DPWCF0481E The instance name '%s' does not existto unconfigure.

Explanation: No instance with the provided name wasfound on the system.

Administrator response: Make sure the instance namewas typed correctly.

DPWCF0482E Could not determine the hostname ofthe machine. Error code: %d

Explanation: An error occurred when attempting todetermine the host name of the local system.

Administrator response: Make sure the networkconfiguration on the machine is correct.

DPWCF0483E The entry '%s' in the response filedoes not have a value

Explanation: A needed entry in the response file did

not have a value.Administrator response: Make sure that the value of the entry exists in the response file.

DPWCF0484E Error: the configuration program mustbe run as root.

Explanation: The configuration program needs to berun as the root user in order to be able to functionproperly.

Administrator response: Run the configurationprogram as the root user.

DPWCF0485E The ownership of '%s' cannot bechanged to user ivmgr, group ivmgr.Error code: %d.

Explanation: An attempt to change the ownership of afile or directory failed. The system error number can beused to determine the cause of the failure.

Administrator response: Make sure the file ordirectory exists.

DPWCF0486E Could not create symbolic link from'%s' to '%s'. Error code: %d.

Explanation: An attempt to create a symbolic linkfailed.

Administrator response: Make sure the destinationdirectory for the symlink exists, and no file or directoryexists in that location already. Look up the system errorcode for further information if necessary.





DPWCF0487E The hash table for configurationoptions cannot be initialized.

Explanation: The hash table can not be initialized because the allocation of the options failed.

Administrator response: Check memory limits onyour machine, and increase available memory if

possible

DPWCF0488E The file '%s' could not be moved to'%s'

Explanation: An error occurred when trying to movea file.

Administrator response: Make sure the orginal fileexists and the directory for the new file exists. Makesure the file system has sufficient space to move thefile. Make sure the destination directory is writable.

DPWCF0489E ERROR: For WebSEAL to function

correctly the maximum number ofthreads per process should be at least96. This value can be increased bymodifying the MAXTHREADPROC orMAX_THREAD_PROC kernel parameterthrough the sam utility.

Explanation: The MAXTHREADPROC orMAX_THREAD_PROC must be greater than 96 forWebSEAL to function correctly.

Administrator response: Use the sam utility toincrease the MAXTHREADPROC orMAX_THREAD_PROC and run the configurationprogram again.

DPWCF0490E The configuration status could not beset.

Explanation: This problem should not occur. If it doeshappen, the machine should be restarted and run theconfiguration program again.

Administrator response: Restart the machine and runthe configuration program again.

DPWCF0491E The file '%s' could not be deleted.Error code: %d.

Explanation: An attempt to delete a file failed.

Administrator response: Make sure that the file andthe directory containing the file are both writable.

DPWCF0492E The socket could not be created. Errorcode: %d

Explanation: An error occured when attempting toinitialize a socket.

Administrator response: Look up the system error

code for additional information. Check system resourcelimits on the number of file descriptors, and increasethe limits if necessary.

DPWCF0493E The -interactive option is notsupported on this platform.

Explanation: The amwebcfg utility does not supportthe -interactive flag on Windows.

Administrator response: Should not use interactiveoption for the amwebcfg utility on windows

DPWCF0494E The executable file 'ldapsearch' couldnot be found.

Explanation: The installlation directory for the LDAPclient could not be found.

Administrator response: Make sure the LDAP client isinstalled correctly.

DPWCF0495E The configuration value of an entry[%s] '%s' could not be retrieved from theconfiguration file '%s'.

Explanation: An attempt to retrieve an entry from aconfiguration file failed.

Administrator response: Check logs for additionalerrors. The configuration file may not exist or mightnot be readable. The entry might not exist in theconfiguration file.

DPWCF0496E The user '%s' does not havepermission to unconfigure the server.

Explanation: Only IBM Security Access ManagerAdministrators are allowed to configure or unconfigureWebSEAL.

Administrator response: Run the configurationprogram again, supplying the ID and password of anAdministrative user.

DPWCF0497E The response file '%s' does not exist.

Explanation: The provided response file does not existor is not readable.

Administrator response: Make sure the response file

exists and is readable.

DPWCF0498E The user '%s' could not be removedfrom the group '%s'. Error message: '%s'

Explanation: The functionivadmin_group_removemember failed to remove theuser from the group because of the indicated error.

Administrator response: Fix the problem indicated bythe error message.





DPWCF0499E The objectspace '%s' could not becreated. Error message: '%s'

Explanation: The function ivadmin_objectspace_createfailed to create the objectspace because of the indicatederror.

Administrator response: Fix the problem indicated by

the error message.

DPWCF0500E The ACL '%s' could not be createdwith an error: '%s'

Explanation: The function ivadmin_acl_create failed tocreate the ACL because of the indicated error.


DPWCF0501E The description of ACL '%s' could notbe set to '%s'. Error message: '%s'

Explanation: The function ivadmin_acl_setdescriptionfailed because of the indicated error.


DPWCF0502E The permissions for group '%s' in theACL '%s' could not be set. Errormessage: '%s'

Explanation: The function ivadmin_acl_setgroup failedto set the group permissions because of the indicatederror.


the error message.

DPWCF0503E The permissions for user '%s' in theACL '%s' could not be set. Errormessage: '%s'

Explanation: The function ivadmin_acl_setuser failedto set the user permissions because of the indicatederror.


DPWCF0504E The permissions for anyother in the

ACL '%s' could not be set. Errormessage: '%s'

Explanation: The function ivadmin_acl_setanyotherfailed to set the permissions for anyother because of theindicated error.


DPWCF0505E The permissions for unauthenticatedin the ACL '%s' could not be set to '%s'.Error message: '%s'

Explanation: The function ivadmin_acl_setunauthfailed to set the permissions for unauthenticated

because of the indicated error.


DPWCF0506E The ACL '%s' could not be attached tothe protected object '%s'. Error message:'%s'

Explanation: The function ivadmin_protobj_attachaclfailed to attach the acl to a protected object because of the indicated error.


DPWCF0507E The protected object '%s' could not becreated. Error message: '%s'

Explanation: The function ivadmin_protobj_createfailed to create a protected object because of theindicated error.


DPWCF0508E The protected object '%s' could not bedeleted. Error message: '%s'

Explanation: The function ivadmin_protobj_createfailed to delete the protected object because of theindicated error.


DPWCF0509E The group '%s' could not be retrieved.Error message: '%s'

Explanation: The function ivadmin_group_get fails toretrieve the group because of the indicated error.


DPWCF0510E The group '%s' could not be created.Error message: '%s'

Explanation: The function ivadmin_group_createfailed to create a group because of the indicated error.






DPWCF0511E The descript for group '%s' could notbe set to '%s'. Error message: '%s'

Explanation: The functionivadmin_group_setdescription failed because of theindicated error.


the error message.

DPWCF0512E The DN of the group '%s' could notbe retrieved. Error message: '%s'

Explanation: The function ivadmin_group_getdnfailed because of the indicated error.


DPWCF0513E The directory '%s' could not bedeleted.

Explanation: The directory may not exist.Administrator response: Make sure the directoryexists.

DPWCF0514E The ivadmin context could not becreated. Error message '%s'. Usepdadmin to manually create 'su-admins'and 'su-excluded' groups as instructed inthe appendix of WebSEAL upgradedocument.

Explanation: The functionivadmin_context_createdefault2 failed because of theindicated error.


DPWCF0515E Use pdadmin to manually create'su-admins' or 'su-excluded' groups asinstructed in the appendix of WebSEALupgrade document.

Explanation: The 'su-admins' or 'su-groups' could not be created in the upgrade process. It should be createdmanually.


the message.

DPWCF0516E The tivoli_common_dir entry in thelog.properties file has an empty value.

Explanation: The tivoli_common_dir entry mustcontain Tivoli Common Directory in log.properties fileif Tivoli Common Directory is used.

Administrator response: Add a Tivoli CommonDirectory to tivoli_common_dir entry in log.propertiesfile.

DPWCF0517E The log.properties file does not exist.

Explanation: The log.properties file must exist inTivoli Common Directory if Tivoli Common Directoryis used.

Administrator response: Make sure the log.propertiesfile exists in Tivoli Common Directory.

DPWCF0518E Failed to create Tivoli CommonDirectory for WebSEAL.

Explanation: An error occurred when creating TivoliCommon Directory for WebSEAL.

Administrator response: The action to correct thisproblem depends on details displayed in previous errormessages.

DPWCF0519E Failed to relocate Tivoli CommonDirectory for WebSEAL.

Explanation: An error occurred when relocating theTivoli Common Directory for WebSEAL.

Administrator response: The action to correct thisproblem depends on details displayed in previous errormessages.

DPWCF0520E The '%s' option must be provided onthe command line.

Explanation: The option displayed in the messagemust be provided in the command line in order tosuccessfully configure WebSEAL.

Administrator response: Provide the option displayed

in the message on the command line.

DPWCF0521E The '%s' option only uses 'y' or 'n' forits parameter.

Explanation: The option displayed in the messagerequires 'y' or 'n' for its value.

Administrator response: Need to provide 'y' or 'n' asthe value of the option displayed in the message on thecommand line.

DPWCF0522E The administrator ID or password isinvalid.

Explanation: A valid administrator ID and validpassword are required to configure WebSEAL.

Administrator response: Make sure that theadministrator ID and password provided are correct.





DPWCF0523E The request-log-format entry in thelogging stanza contains an invaliddirective: %s

Explanation: The request-log-format value is invalid.

Administrator response: Correct the invalidrequest-log-format configuration value.

DPWCF0524E The request-log-format entry in thelogging stanza contains an invalidparameter for a directive.

Explanation: The request-log-format value is invalid.

Administrator response: Correct the invalidrequest-log-format configuration value.

DPWCF0525W The ping-method value of '%s' is nota valid ping-method, defaulting toHEAD.

Explanation: The ping-method specified is notsupported. A default value of 'HEAD' has been used.

Administrator response: No action is necessary.

DPWCF0527W The configuration item (%s , %s) ismissing, defaulting to a value of: '%s'.

Explanation: The required configuration entry ismissing, a default value will be used.

Administrator response: Add the requiredconfiguration entry to the configuration file.

DPWCF0528W The configuration file entryencountered is not valid.

Explanation: A configuration entry was retrieved fromthe configuration file which was not of the expectedtype or formatting.

Administrator response: Examine the log files foradditional information.

DPWCF0529E Domain cookies cannot be sharedwhen the session management serverhas been configured.

Explanation: The configuration items [session]

shared-cookie-name and [session] dsess-enabled aremutually exclusive. If you are attempting to acheivesingle sign-on in an SMS environment, Disable theshared-cookie-name configuration entry. If you are inan environment without the SMS, disable thedsess-enabled configuration entry.

Administrator response: Correct the configuration asneeded and restart the WebSEAL daemon.

DPWCF0530E A login redirect page cannot bespecified when JavaScript redirection isenabled.

Explanation: The configuration items [acnt-mgt]enable-js-redirect and [acnt-mgt] login-redirect-page aremutually exclusive.


DPWCF0531E The configured single sign-offresource is invalid. The resource mustreside on a standard junction.

Explanation: The single sign-off resource must resideon a standard junction and the URI specified must

begin with a '/'.


DPWCF0532E The configured list of user-agentpatterns will not match all user-agentstrings. The list must contain amatch-all pattern.

Explanation: The configured list of user-agent patternswill not match against all possible user-agent strings.Add a new entry to the [user-agents] stanza with thepattern '*'.


DPWCF0533E The [user-agents] stanza must be

configured when flow data is enabled.

Explanation: The configuration stanza [user-agents]must be configured and contain at least one entry whenusing the flow data functionality.


DPWNS0150E Process can't access directory '%s',error: 0x%8.8lx

Explanation: The process is trying to change it'sworking directory

Administrator response: Check the UID running theprocess has the correct permissions

DPWNS0165E The certificate revocation check resultwas undetermined. The subject issuer is'%s'.

Explanation: An OCSP CRL check could notdetermine if the certificate is revoked. This is usuallydue to an unresponsive OCSP responder.

DPWCF0523E • DPWNS0165E




Administrator response: Check the OCSP responder isoperating.

DPWNS0166E The junction server, '%s', certificaterevocation check result wasundetermined. The subject issuer is '%s'.

Explanation: An OCSP CRL check could notdetermine if the junctions certificate is revoked. This isusually due to an unresponsive OCSP responder.

Administrator response: Check the OCSP responder isoperating.

DPWNS0301W Junction server '%s:%d' isrenegotiating SSL sessions at a rate of%ld per minute.

Explanation: The SSL server junctioned behindWebSEAL is forcing WebSEAL to renegotiate new SSLSessions at a rate higher than specified by [junction]

jct-ssl-reneg-warning-rate.

Administrator response: Ensure the junctioned SSLserver has SSL session caching enabled and functioningcorrectly, or check that any intervening load balancersare not causing this issue by forcing WebSEAL toalternate between two SSL servers.

DPWNS0450E The pattern '%s' is not a valid MIMEtype matching pattern.

Explanation: MIME type patterns must be either exact(type/subtype), subtype wild cards (type/*), or typeand subtype wildcards (*/*).

Administrator response: Make sure the mime typespecified is valid.

DPWNS0451E Invalid MIME matching pattern.

Explanation: Mime type patterns must be either exact(type/subtype), subtype wild cards (type/*), or typeand subtype wildcards (*/*).

Administrator response: Make sure the mime typespecified is valid.

DPWNS0452E Invalid MIME type '%s'.

Explanation: An attempt was made to lookup a match

for a MIME type that did not contain a '/'.

Administrator response: Check the MIME typeconfiguration of your servers to verify that they arereturning valid MIME types for all documents.

DPWNS0453E Invalid MIME type.

Explanation: An attempt was made to lookup a matchfor a MIME type that did not contain a '/'.

Administrator response: Check the MIME type

configuration of your servers to verify that they arereturning valid MIME types for all documents.

DPWNS0600E Compression initialization failedwith error code %d (%s).

Explanation: Initialization of compression failed. Thiserror should never occur.


DPWNS0601E Compression failed with error code%d (%s).

Explanation: Compression of a document failed. Thiserror should never occur.



DPWNS0602E Completion of compression failedwith error code %d (%s).

Explanation: The completion of documentcompression failed. This error should never occur.


DPWNS0603E An error occured during documentcompression.

Explanation: This error is returned when a problemwas encountered during document compression.

Administrator response: Examine log files foradditional information.

DPWNS0750E The HTTP header key '%d' is invalid.

Explanation: This message indicates an internal error.An attempt was made to reference an HTTP headerusing an invalid key.


DPWNS0900E The client certificate EAI requestfailed: %s (0x%lx)

Explanation: This error is returned when the EAIrequest which has been generated by WebSEAL doesnot return a valid HTTP response.

DPWNS0166E • DPWNS0900E




Administrator response: Examine log files foradditional information.

DPWNS0901E No EAI authentication data wasprovided with the EAI response.

Explanation: This error is returned when the EAIresponse lacks all of the configured EAI authenticationheaders.

Administrator response: Examine the log files foradditional information. Check the EAI application toensure that valid authentication headers are being set.

DPWNS1050E Session cache creation failed.

Explanation: This message can indicate a failure dueto system resource limitations.

Administrator response: Check available systemmemory and process resource usage limits.

DPWNS1051E Addition or update of a session cacheentry failed.

Explanation: This message indicates an internal error.


DPWNS1052W A session cache entry was not found.

Explanation: This message indicates that an expectedsession cache entry was not found.

Administrator response: No action is necessary unlessother problems are experienced.

DPWNS1053E Session owner tracking is notsupported in this configuration.

Explanation: This message indicates that an attemptwas made to get a list of the sessions associated with auser when session owner tracking was not enabled.

Administrator response: Refer to the WebSEALAdministration Guide for instructions on how to enabletracking of session owners.

DPWNS1054E Invalid session ID.

Explanation: This message indicates that an invalidsession ID was encountered when trying to generate aninternal representation of the ID. The most likely causeof this error is a malformed session cookie from a

browser.

Administrator response: No action is necessary. Anew session and session cookie is created as needed.

DPWNS1055E You are already logged in fromanother client. You can either wait forthe other login to end or contact yourlocal support personnel to cancel theexisting login.

Explanation: This message indicates that themaximum number of concurrent sessions for the userhas been reached and no new sessions will bepermitted until one of the existing sessions has ended.

Administrator response: Refer to the WebSEALAdministration Guide discussion of concurrent loginsessions for more complete information.

DPWNS1056W You are already logged in fromanother client. Do you want to terminateyour existing login or cancel this newlogin request?

Explanation: This message indicates that themaximum number of concurrent sessions for the user

has been reached, and that the user can choose toreplace an existing session.

Administrator response: The action depends on thereason for the previous session. If the user closed their

browser without properly logging out or does not needtheir old session, they can press the 'Terminate existinglogin' button. If the user does need their old session,they should press the 'Cancel this new login' button.

DPWNS1057E Unable to intialize the distributedsession API (error code 0x%08lx)

Explanation: Initialization of the distributed session

API failed. This error should never occur. The errorcode in the message might reveal more informationabout the problem.

Administrator response: Look up the error codeincluded in the message in the IBM Security AccessManager for Web Troubleshooting Guide.

DPWNS1058E Unable to join the replica set '%s'(error code 0x%08lx)

Explanation: The WebSEAL server attempted to join aparticular replica set but the operation failed. The SMSmight not be available, or may have prevented the

WebSEAL server from joining the replica set for somereason.

Administrator response: Make sure the correctprotocol, host name, and port for the SMS in theWebSEAL configuration file are correct. Make sure theSMS server is running and can be reached from theWebSEAL server machine. Make sure the SMS server isconfigured to host the specified replica set. Check thelog file for additional errors. If necessary, look up theerror code from the message in the IBM Security AccessManager for Web Troubleshooting Guide for additionaltroubleshooting steps.





DPWNS1059E Unable to shut down the distributedsession API (error code 0x%08lx)

Explanation: Shutdown of the distributed session APIfailed. This error should never occur. The error code inthe message might reveal more information about theproblem.


DPWNS1060E Unable to leave the replica set '%s'(error code 0x%08lx)

Explanation: The WebSEAL server attempted to leavea particular replica set but the operation failed. TheSMS might not be available or there might have beenanother problem when leaving the replica set.

Administrator response: Look up the error codeincluded in the message in the IBM Security Access

Manager for Web Troubleshooting Guide.

DPWNS1061E An attempt to create a session failedwith error code 0x%08lx.

Explanation: An attempt to create a session at theSMS failed.

Administrator response: Repeat the operation. If theproblem continues to occur, look up the error codeincluded in the message in the IBM Security AccessManager for Web Troubleshooting Guide. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWNS1062E An attempt to update a session failedwith error code 0x%08lx.

Explanation: An attempt to update a session at theSMS failed.

Administrator response: Repeat the operation. If theproblem continues to occur, look up the error codeincluded in the message in the IBM Security AccessManager for Web Troubleshooting Guide. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/


DPWNS1063E An attempt to delete a session failedwith error code 0x%08lx.

Explanation: An attempt to delete a session at theSMS failed.

Administrator response: Repeat the operation. If theproblem continues to occur, look up the error codeincluded in the message in the IBM Security Access

Manager for Web Troubleshooting Guide. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWNS1064E Unknown replica set '%s'

Explanation: An attempt was made to locate a replicaset that was not configured.

Administrator response: Check that the replica setrequested is included in the WebSEAL configurationfile as a replica set that the WebSEAL server should

join.

DPWNS1065E Unknown replica set.

Explanation: An attempt was made to locate a replicaset that was not configured.

Administrator response: Check that the replica set

requested is included in the WebSEAL configurationfile as a replica set that the WebSEAL server should join.

DPWNS1066E An error with code 0x%08lx occurredwhen decoding a session from the SMS.

Explanation: An attempt to decode a session from theSMS failed.


DPWNS1067E An attempt to generate a newexternal session ID failed with errorcode 0x%08lx.

Explanation: An attempt to generate a new externalsession ID for a session failed.

Administrator response: Repeat the operation. If theproblem continues to occur, look up the error codeincluded in the message in the IBM Security AccessManager for Web Troubleshooting Guide. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWNS1068E An attempt to register anauthentication failure for user '%s' failedwith status code 0x%08lx.

Explanation: An attempt to notify the SMS of anauthentication failure was unsuccessful.

Administrator response: Check the log file foradditional errors. If necessary, look up the error codefrom the message in the IBM Security Access Manager





for Web Troubleshooting Guide for additionaltroubleshooting steps.

DPWNS1070E Session version mismatch whiledeserializing session data.

Explanation: WebSEAL attempted to deserializesession data but encountered an invalid session version.This indicates that the session was not compatible withthe WebSEAL server that generated this error. Thesession was discarded.

Administrator response: No action is necessary. Anew session will be created as needed. Refer to thedocumentation for the server that generated the invalidsession version for information on compatibility withthe WebSEAL server that generated this error.

DPWNS1071E The max-concurrent-web-sessionspolicy value of '%d' is invalid.

Explanation: The max-concurrent-web-sessions policy

returned from the IBM Security Access ManagerRuntime had an unexpected value. A default value of 'unlimited' has been assumed.

Administrator response: Reset themax-concurrent-web-sessions policy for the user. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWNS1072W WebSEAL received notification thatthe SMS session cache for replica-set'%s' was cleared. All local references tosessions are being discarded tosynchronize the local session cache withthe SMS session cache.

Explanation: The SMS notified the WebSEAL serverthat the SMS session cache was lost. Any sessionsremaining on the WebSEAL server are no longer validand will be removed. This message will also bedisplayed when the WebSEAL server first regainscontact with the SMS after WebSEAL is restarted.


DPWNS1074E The single sign-off attempt for the

user '%s' failed because the singlesign-off resource is unavailable.

Explanation: The single sign-off attempt failed because the configured single sign-off resource is notaccessible by WebSEAL.

Administrator response: Check that the configuredsingle sign-off resource URI points to a resource on a

junction which is accessible by WebSEAL.

DPWNS1075E The single sign-off attempt to %s foruser '%s' failed because the configuredsingle sign-off resource is notresponding.

Explanation: A single sign-off request was sent to theconfigured single sign-off resource but no response wasreceived.

Administrator response: Check that the configuredsingle sign-off application is running and functioningcorrectly.

DPWNS1076E The single sign-off attempt to %s foruser '%s' failed because the configuredsingle sign-off resource returned aresponse with the HTTP status code %d.

Explanation: An unexpected response was receivedfrom the configured single sign-off resource. WebSEALexpects a response with the HTTP status code 200.

Administrator response: Check that the configuredsingle sign-off application is running and functioningcorrectly.

DPWNS1200W The application server you areaccessing has been taken offline by thesystem administrator.

Explanation: The application server being accessedhas been taken offline or throttled by the systemadministrator.

Administrator response: Try again at a later time orcontact the system administrator for more information.

DPWNS1201E The server is temporarily unable toservice your request. Try again later.

Explanation: The WebSEAL server is unable to servicea request because a needed resource is unavailable.

Administrator response: The WebSEAL server log filewill have more detailed information about why theWebSEAL server is unable to service the request. Checkthe WebSEAL server log file and correct the problem.

DPWNS1202E An error occurred processing a HTTPtransformation.

Explanation: The WebSEAL server is unable to servicea request because a HTTP transformation rule causedan error.

Administrator response: The WebSEAL server log filewill have more detailed information about why theHTTP transformation failed. Check the WebSEALserver log file and correct the HTTP transformationrule.





DPWNS1203E An invalid XML message documentwas used as part of a HTTPtransformation operation.

Explanation: The WebSEAL server is unable to servicea request because an invalid XML message documentwas used as part of a HTTP transformation operation.

Administrator response: The WebSEAL server log filewill have more detailed information about the XMLobject used. Check the WebSEAL server log file andcorrect the HTTP transformation rule.

DPWNS1204E The XML element %s was missingfrom the document generated by aHTTP transformation operation.

Explanation: The WebSEAL server is unable to servicea request because an expected XML element wasmissing from the output document of a HTTPtransformation operation.

Administrator response: Correct the HTTPtransformation rule to ensure the rule includes allrequired elements.

DPWNS1205E The XML attribute %s was missingfrom the %s element for the documentgenerated by a HTTP transformationoperation.

Explanation: The WebSEAL server is unable to servicea request because an expected XML attribute wasmissing from the output document of a HTTPtransformation operation.


DPWNS1206E The XML element %s was missingfrom the request change documentgenerated by a HTTP transformationoperation.

Explanation: The WebSEAL server is unable to servicea request because an expected XML element wasmissing from the request change document as part of aHTTP transformation operation.

Administrator response: Correct the HTTP

transformation rule to ensure the rule includes allrequired elements.

DPWNS1207E The XML element %s was missingfrom the response change documentgenerated by a HTTP transformationoperation.

Explanation: The WebSEAL server is usable to servicea request because an expected XML element wasmissing from the response change document as part of a HTTP transformation operation.


DPWNS1208E The action attribute %s is unknownand therefore cannot be used by a HTTPtransformation operation.

Explanation: The WebSEAL server is unable to servicea request because an unexpected action attribute wasfound as part of a HTTP transformation operation.

Administrator response: Correct the HTTPtransformation rule to ensure the rule outputssupported actions.

DPWNS1209W A configuration entry for theresource %s was not defined in thehttp-transformation stanza of theWebSEAL configuration file andtherefore HTTP transformation cannot

take place.Explanation: A HTTPTransformation resource wasdefined as an extended attribute on a POP but theWebSEAL configuration does not include atransformation rule for this resource.

Administrator response: Correct the WebSEALconfiguration or the POP HTTPTransformation attributeto ensure the resource references an appropriatetransformation rule.

DPWNS1210E The cookie attribute %s is unknownand therefore cannot be used by a HTTPtransformation operation.

Explanation: The WebSEAL server is unable to servicea request because an unexpected cookie attribute wasfound as part of a HTTP transformation operation.

Administrator response: Correct the HTTPtransformation rule so that it does not referenceunsupported cookie attributes.

DPWNS1211W The cookie %s already exists in theHTTP message and as such it cannot beadded by the transformation rule.

Explanation: The WebSEAL server is unable to add a

cookie to a HTTP message as it already exists in theHTTP message being transformed.

Administrator response: Modify the HTTPtransformation so that it either checks for the existenceof the cookie before adding the new cookie, or specifiesthe update action so that the cookie is updated.

DPWNS1203E • DPWNS1211W




DPWNS1212W The authentication challenge typerules could not be applied becauseWebSEAL received a request withoutthe User-Agent HTTP header.

Explanation: A client which did not present a UserAgent header in their request has made a request toauthenticate with WebSEAL. WebSEAL was unable todetermine the authentication challenge type for thisrequest.


DPWNS1350W Failed to load ARM library '%s':error code %d: error message '%s'. ARMsupport will be disabled.

Explanation: WebSEAL attempted to dynamically loadthe ARM shared library and failed.

Administrator response: Check the shared libraryname is correct and present on the system. Refer to the

error message for more specific information. The sharedlibrary name is specified by the library entry under the[arm] stanza. If loading the ARM library is not desiredset enable = no under the [arm] stanza.

DPWNS1351W ARM library is missing function'%s': error code %d: error message '%s'.ARM support will be disabled.

Explanation: WebSEAL dynamically loaded the ARMshared library and can not find a required function init.

Administrator response: Check the shared libraryname is correct. Refer to the error message for morespecific information. The shared library name isspecified by the library entry under the [arm] stanza.

DPWNS1352W Failed to register the WebSEALapplication with ARM: error code %d:error message '%s'. ARM support willbe disabled.

Explanation: WebSEAL was unable to register itself with ARM.

Administrator response: Check ARM setup isoperational. Refer to the error message for morespecific information.

DPWNS1353W Failed to register WebSEALtransaction '%s' with ARM: error code%d: error message '%s'. ARM supportwill be disabled.

Explanation: WebSEAL was unable to register thetransaction with ARM.

Administrator response: Check ARM setup. Refer tothe error message for more specific information.

DPWNS1354W Failed to start WebSEAL as an ARMapplication: error code %d: errormessage '%s'. ARM support will bedisabled.

Explanation: WebSEAL was unable to start as an ARMapplication.

Administrator response: Check ARM setup. Refer tothe error message for more specific information.

DPWNS1356W Failed to stop WebSEAL running asan ARM application: error code %d:error message '%s'.

Explanation: WebSEAL was unable to stop running asan ARM application using arm_stop_application().

Administrator response: Refer to the error messagefor more specific information.

DPWNS1357W Failed to unregister the WebSEAL

application from ARM: error code %d:error message '%s'.

Explanation: WebSEAL was unable to unregister as anARM application using arm_destroy_application().


DPWNS1358W Failed to get ARM transaction '%s'arrival time: error code %d: errormessage '%s'.

Explanation: The call to ARM functionarm_get_arrival_time() failed unexpectedly. Thetransaction will not be reported.


DPWNS1359W Failed to get the length of an ARMcorrelator: error code %d: error message'%s'.

Explanation: The call to ARM functionarm_get_correlator_length() failed unexpectedly. Thecorrelator will not be used.

Administrator response: Refer to the error message

for more specific information.

DPWNS1360W An invalid correlator string waspassed to WebSEAL: '%s'. It will not beused for subsequent transactions.

Explanation: An ARMCorrelator header was received by WebSEAL with an invalid value.

Administrator response: Check the applicationmaking the request to WebSEAL. Or disable WebSEALfrom using incoming ARM Correlator by setting

DPWNS1212W • DPWNS1360W




accept-correlators = no in the [arm] stanza.

DPWNS1361W Failed to start ARM transaction '%s':error code %d: error message '%s'. Thetransaction will not be reported.

Explanation: The call to ARM functionarm_start_transaction() failed unexpectedly. Thetransaction will not be reported.

Administrator response: ARM can limit the numberof concurrent transactions being reported. It may bepossible to increase the limit. Also refer to the errormessage for more specific information.

DPWNS1362W Failed to stop ARM transaction '%s':error code %d: error message '%s'.

Explanation: The call to ARM functionarm_stop_transaction() failed unexpectedly.

Administrator response: Refer to the error message

for more specific information.

DPWNS1363W Unable to start ARM transactionreporting as ARM initialization failed.See log files for more information.

Explanation: The 'arm on' command cannot completeas the ARM initialization failed.

Administrator response: Examine the log files for thereason ARM initization failed. Correct this, restartWebSEAL and try again.

DPWNS1364W Unable to start ARM transaction

reporting as WebSEAL ARM supporthas been disabled.

Explanation: The 'arm on' command cannot completeas the WebSEAL ARM support has been disabled in theconfiguration file.

Administrator response: To enable ARM support setenable = yes in the [arm] stanza and restart WebSEAL.

DPWNS1365W ARM transaction reporting isalready on.

Explanation: The 'arm on' command is redundant andwill be ignored as arm transaction reporting is already

on.

Administrator response: Don't run the 'arm on'command while transaction reporting is on.

DPWNS1366W ARM transaction reporting isalready off.

Explanation: The 'arm off' command is redundant andwill be ignored as arm transaction reporting is alreadyoff.

Administrator response: Don't run the 'arm off'command while transaction reporting is off.

DPWNS1367W Failed to load ARM library '%s':error code %d: error message '%s'. ARMsupport will be disabled.

Explanation: WebSEAL attempted to dynamically loadthe ARM shared library and failed.

Administrator response: Check the shared libraryname is correct and present on the system. Refer to theerror message for more specific information. The sharedlibrary name is specified by the library entry under the[arm] stanza. If loading the ARM library is not desiredset enable-arm = no under the [arm] stanza.

DPWNS1368W Unable to start ARM transactionreporting as WebSEAL ARM supporthas been disabled.

Explanation: The 'arm on' command cannot complete

as the WebSEAL ARM support has been disabled in theconfiguration file.

Administrator response: To enable ARM support setenable-arm = yes in the [arm] stanza and restartWebSEAL.

DPWNS1500E The interface '%s', defined in the [%s]stanza, contains an invalid value for'%s'. You must specify either 'http' or'https'.

Explanation: The web-http-protocol andweb-https-protocol interface settings can only contain

'http' or 'https'.

Administrator response: Set the value to either 'http'or 'https'

DPWNS1501E The option '%s', defined in the [%s]stanza, contains an invalid value. Youmust specify either 'http' or 'https'.

Explanation: The web-http-protocol andweb-https-protocol settings can only contain 'http' or'https'.

Administrator response: Set the value to either 'http'or 'https'

DPWNS1502E The option '%s' defined in the [%s]stanza contains an invalid port value.

Explanation: The port value provided is either out of the valid range, or is not a number.

Administrator response: Provide a valid value for aTCP/IP port in the range 1 to 65535.

DPWNS1361W • DPWNS1502E




Chapter 4. Security Access Manager Plug-in for Web ServersMessages

These messages are provided by the Security Access Manager Plug-in for WebServers component.

AMZCO0005W The IBM Security Access Manageruser registry type could not bedetermined.

Explanation: The type of user registry that IBMSecurity Access Manager has been configured to usecould not be determined.

Administrator response: Ensure that the IBM SecurityAccess Manager runtime environment is correctlyconfigured.

AMZCO0075E The server could not be started.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers authorization server could not

be started the configuration program. This message isinformational.

Administrator response: Examine earlier messages todetermine the reason why the IBM Security AccessManager Plug-in for Web Servers authorization servercould not be started and take appropriate action.

AMZCO0077E The server could not be stopped.


be stopped the configuration program. This message isinformational.

Administrator response: Examine earlier messages todetermine the reason why the IBM Security AccessManager Plug-in for Web Servers authorization servercould not be stopped and take appropriate action.

AMZCO0079E The server could not be stopped.


be stopped the configuration program. This message isinformational.

Administrator response: Examine earlier messages todetermine the reason why the IBM Security AccessManager Plug-in for Web Servers authorization servercould not be stopped and take appropriate action.

AMZCO0080E The server could not be started.


be started the configuration program. This message isinformational.

Administrator response: Examine earlier messages todetermine the reason why the IBM Security AccessManager Plug-in for Web Servers authorization servercould not be started and take appropriate action.

AMZCO0160E The LDAP SSL client key file %scould not be opened: system error: %s(system error code: %d).

Explanation: The specified LDAP SSL client key filecould not be opened for the indicated reason.

Administrator response: Correct the problem andretry the operation.

AMZCO0166E The specified LDAP SSL client keyfile could not be opened.

Explanation: The specified LDAP SSL client key filecould not be opened for the indicated reason.


AMZCO0167E All virtual hosts have already beenprotected.

Explanation: You cannot perform a configurationusing the configuration utility if no virtual hosts have

been left unprotected. The configuration utility is onlyuseful for protecting currently unprotected virtualhosts.

Administrator response: Either add more virtual hoststo the web server, or unprotected one or more existingvirtual hosts before running the configuration utilityagain.

AMZCO0196E A stanza in the configuration filecould not be located.

Explanation: A stanza being searched for could not belocated.

Administrator response: Examine earlier messages fordetails of the particular stanza and stanza file, correctthe problem, and retry the operation.




AMZCO0198E The authorization server IPCinterface was not configuredsuccessfully.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers authorization server IPCinterface was not successfully configured.

Administrator response: Examine earlier messages fordetails of the failure, correct any problems and retry theoperation.

AMZCO0201W The authorization server IPCinterface failed to unconfigure.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers authorization server IPCinterface was not successfully unconfigured.


AMZCO0205E The authorization server could not be

configured for the virtual hostsspecified.

Explanation: The virtual host was not successfullyconfigured.

Administrator response: Examine earlier messages fordetails of the failure, correct the problem, and retry theoperation.

AMZCO0211E The authorization server could not beconfigured to start automatically onsystem restart.


be configured to start automatically on system restart.

Administrator response: Examine earlier messages fordetails of the problem, correct it and retry theoperation.

AMZCO0212E The authorization server could not beconfigured to start automatically onsystem restart.


be configured to start automatically on system restart.

Administrator response: Examine earlier messages fordetails of the problem, correct it and retry theoperation.

AMZCO0214W The authorization server could notbe removed from the list of services tobe automatically started on systemrestart.


be removed from the list of services to be automaticallystarted on system restart.

Administrator response: If the IBM Security AccessManager Plug-in for Web Servers authorization serverstill appears as an operating system service use theoperating system service administration tools to removeit manually.

AMZCO0215W The authorization server will nolonger be automatically started onsystem restart.


be removed from the list of services to be automaticallystarted on system restart.

Administrator response: If the IBM Security AccessManager Plug-in for Web Servers authorization serverstill appears as an operating system service use theoperating system service administration tools to remove

it manually.

AMZCO0216E The IBM Security Access Managerpolicy server is not responding. Verifythat the IBM Security Access Managerpolicy server is running.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers configuration orunconfiguration cannot be completed because the IBMSecurity Access Manager policy server cannot becontacted.

Administrator response: Ensure that the location of the IBM Security Access Manager policy server wasspecified correctly during configuration and retry theoperation.

AMZCO0217E A IBM Security Access Manageradministration operation failed.

Explanation: A IBM Security Access Manageradministration operation has failed.

Administrator response: Examine earlier messages fordetails on the failure, correct the problem, and retry theoperation.

AMZCO0220E Failure obtaining local host name:system error: %s (system error code: %d).

Explanation: The host name of the machine could not be determined for the indicated reason.


AMZCO0198E • AMZCO0220E




AMZCO0226E The authorization server IPCinterface file could not be created.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers authorization serverinter-process communication (IPC) interface file couldnot be created.

Administrator response: Examine earlier messages inthe log file containing this message for more detailederrors, correct the problem, and retry the configurationoperation.

AMZCO0227E The Sun Java System (formerlySunONE) Web Server plug-in is notsupported on this operating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for Sun JavaSystem (formerly SunONE) Web Server on anunsupported operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for Sun Java System(formerly SunONE) Web Server on this operatingsystem.

AMZCO0228E An error occurred while parsing theSun Java System (formerly SunONE)Web Server configuration file %s for thevirtual host %s.

Explanation: An error occurred while parsing the Sun Java System (formerly SunONE) Web Serverconfiguration file.

Administrator response: Check the Sun Java System(formerly SunONE) Web Server configuration file toensure that it is of the correct format. Start the Sun JavaSystem Web Server to see if it accepts the configurationfile.

AMZCO0229E There appears to be an error with theIHS configuration file %s .

Explanation: An error occurred while parsing the IBMHTTP Server (IHS) configuration file.

Administrator response: Check the IBM HTTP Server(IHS) configuration file to ensure that it is of the correctformat. Start the Web server to see if it accepts the

configuration file.

AMZCO0230E The IHS Web server plug-in is notsupported on this operating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for IBM HTTPServer (IHS) on an unsupported operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for IBM HTTP Server(IHS) on this operating system.

AMZCO0231E The directory %s does not exist or isnot accessible: error: %s (error code:%#x).

Explanation: The specified directory could not beaccessed.

Administrator response: Check the availability of the

specified directory.

AMZCO0232E The virtual host '%s' does not exist.

Explanation: The specified virtual host could not belocated in the Web server's configuration data.

Administrator response: Check the name of thevirtual host and retry the configuration.

AMZCO0233E The file %s could not be opened.

Explanation: The specified file could not be accessed.

Administrator response: Check the availability of thespecified file.

AMZCO0234E The stanza %s in the %sconfiguration file could not be accessed.

Explanation: The requested stanza within theconfiguration file could not be accessed.

Administrator response: Check the availability of thespecified file, and also check whether the file containsthe required stanza.

AMZCO0235E The %s entry of the %s stanza of the

%s configuration file could not beaccessed.

Explanation: The requested stanza and entry withinthe configuration file could not be accessed.

Administrator response: Check the availability of thespecified file, and also check whether the file containsthe required stanza and entry.

AMZCO0236E The necessary configuration optionscould not be found in the configurationfile.

Explanation: The required items could not be

retrieved from the file.Administrator response: Check that the correct file isspecified.

AMZCO0238W The IBM Security Access ManagerPlug-in for Web Servers could not beunconfigured as a IBM Security AccessManager server.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers could not be unconfigured as a

AMZCO0226E • AMZCO0238W

Chapter 4. Security Access Manager Plug-in for Web Servers Messages 171



IBM Security Access Manager server.

Administrator response: Use the svrsslcfg utilityprovided with the IBM Security Access Managerruntime environment to manually unconfigure IBMSecurity Access Manager Plug-in for Web Servers as aIBM Security Access Manager server. The server nameto use when performing the unconfiguration manually

is 'PDWebPI'.

AMZCO0240E The plug-in already appears to beconfigured. Unconfigure and try again.

Explanation: The IBM Security Access Manager Webserver plug-in is already configured.

Administrator response: Unconfigure the IBMSecurity Access Manager Web server plug-in and retrythe operation.

AMZCO0241E The Web server plug-in is notconfigured.

Explanation: An attempt has been made tounconfigure the Web server plug-in when it is notconfigured.


AMZCO0242E The configuration was not successful.

Explanation: The configuration was not successful.

Administrator response: Examine earlier messages fordetails of the configuration failure, correct the problemsidentified, and retry the operation.

AMZCO0243E The configuration was not successful.

Explanation: The configuration was not successful.

Administrator response: Examine earlier messages fordetails of the configuration failure, correct the problemsidentified, and retry the operation.

AMZCO0244E The unconfiguration was notcompleted successfully.

Explanation: The unconfiguration failed.

Administrator response: Examine earlier messages fordetails of the unconfiguration failure, correct theindicated problems, and retry the operation.

AMZCO0245E The unconfiguration was notsuccessful.

Explanation: The unconfiguration failed.


AMZCO0246E The IBM Security Access ManagerPlug-in for Web Server configuration asa IBM Security Access Manager serverfailed.

Explanation: The IBM Security Access ManagerPlug-in for Web servers configuration as a IBM SecurityAccess Manager server was not successful.

Administrator response: Examine earlier messages fordetails of the configuration failure, correct the indicatedproblems, and retry the operation.

AMZCO0247E The administration service failed toconfigure.

Explanation: The administration service configurationwas not successful.


AMZCO0248W The administration service failed tounconfigure.

Explanation: The administration serviceunconfiguration was not successful.


AMZCO0249E The necessary ACLs could not becreated.

Explanation: The access control lists for the IBMSecurity Access Manager Plug-in for Web Servers couldnot be created.


AMZCO0250W The IBM Security Access ManagerPlug-in for Web Server ACLs could notbe deleted.

Explanation: The IBM Security Access ManagerPlug-in for Web Server ACLs could not be deleted.


AMZCO0251E No Web server plug-in package hasbeen installed.

Explanation: An attempt has been made to configurethe IBM Security Access Manager Web server plug-inwhen no plug-in package has been installed.

Administrator response: Install a IBM Security Access





Manager Web server plug-in package and retry theoperation.

AMZCO0252E No Web server plug-in package hasbeen installed.

Explanation: An attempt has been made to configurethe IBM Security Access Manager Web server plug-inwhen no plug-in package has been installed.

Administrator response: Install a IBM Security AccessManager Web server plug-in package and retry theoperation.

AMZCO0253E The requested Web server plug-in isnot currently supported.

Explanation: A request has been made to configure aIBM Security Access Manager Web server plug-in thatis installed but is not supported.



AMZCO0254E The requested Web server plug-in isnot currently supported.

Explanation: A request has been made to configure aIBM Security Access Manager Web server plug-in thatis installed but is not supported.


AMZCO0255E The IIS Web server plug-in is notsupported on this operating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for MicrosoftInternet Information Services (IIS) on an unsupportedoperating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for Microsoft InternetInformation Services (IIS) on this operating system.

AMZCO0384E The Windows service database couldnot be opened: system error: %s (systemerror code: %d).

Explanation: The Windows service database could not be opened for the reason indicated.

Administrator response: Ensure that you are loggedin as a user with sufficient privileges to administerWindows services. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0385E The Windows service database couldnot be opened.

Explanation: The Windows service database could not be opened.

Administrator response: Ensure that you are loggedin as a user with sufficient privileges to administer

Windows services. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0386E The %s service could not be accessedin the Windows service database: systemerror: %s (system error code: %d).

Explanation: A service in the Windows servicedatabase could not be opened for the reason indicated.



AMZCO0387E The service could not be accessed inthe Windows service database.

Explanation: A service in the Windows servicedatabase could not be opened.


AMZCO0388E The current state of the %s servicecould not be determined: system error:%s (system error code: %d).

Explanation: A service in the Windows servicedatabase could not be queried for its status for thereason indicated.

Administrator response: Ensure that you are loggedin as a user with sufficient privileges to administerWindows services. If the problem persists, check IBM


AMZCO0389E The current state of the service couldnot be determined.

Explanation: A service in the Windows servicedatabase could not be queried for its status.







AMZCO0390E The %s service could not be stopped:system error: %s (system error code: %d).

Explanation: A service in the Windows servicedatabase could not be stopped for the reason indicated.


AMZCO0391E The service could not be stopped.

Explanation: A service in the Windows servicedatabase could not be stopped.


AMZCO0392E The %s service could not be started:system error: %s (system error code: %d).

Explanation: A service in the Windows servicedatabase could not be started for the reason indicated.

Administrator response: Ensure that you are loggedin as a user with the sufficient privileges to administerwindows services. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0393E The service could not be started.

Explanation: A service in the Windows servicedatabase could not be started.

Administrator response: Ensure that you are loggedin as a user with sufficient privilege to administerWindows services. If the problem persists, check IBM


AMZCO0394E The %s service has taken longer than%d seconds since the last checkpoint tostart.

Explanation: A service in the Windows servicedatabase took longer than expected to start.

Administrator response: Using the service control

panel applet, wait until the identified service starts. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0395E The service took too long to start.

Explanation: A service in the Windows servicedatabase took longer than expected to start.

Administrator response: Using the service controlpanel applet, wait until the identified service starts. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0396E The %s service has taken longer than%d seconds to stop.

Explanation: A service in the Windows service

database took longer than expected to stop.

Administrator response: Using the service controlpanel applet, wait until the identified service stops andretry the operation. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0397E The service took too long to stop.

Explanation: A service in the Windows servicedatabase took longer than expected to stop.

Administrator response: Using the service controlpanel applet, wait until the identified service stops andretry the operation. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0398E The Web server could not berestarted: error: %s (error code: %#x).

Explanation: An attempt to restart the Web server wasmade but failed.



AMZCO0399E The Web server could not berestarted.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers configuration programattempted to restart the Web server but failed.

Administrator response: Restart the Web servermanually. If the problem persists, check IBM Electronic






AMZCO0400E The configuration information forthe %s service could not be accessed:system error: %s (system error code: %d).

Explanation: A service in the Windows servicedatabase could not be queried for its configuration forthe reason indicated.

Administrator response: Ensure that you are loggedin as a user with sufficient privilege to administerWindows services. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0401E The configuration information forthe service could not be accessed.

Explanation: A service in the Windows servicedatabase could not be queried for its configuration.

Administrator response: Ensure that you are loggedin as a user with privilege to administer Windowsservices. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0402E The configuration program must berun as root.

Explanation: The IBM Security Access Manager

Plug-in for Web Servers configuration program needsto be run as the root user.

Administrator response: Run the IBM Security AccessManager Plug-in for Web Servers configurationprogram as the root user.

AMZCO0403E No user was found for the virtualhost %s.

Explanation: A user could not be found for aparticular virtual host. A user is required to allowpermissions to be set up correctly for the sharedmemory used to communicate between the IBM

Security Access Manager Plug-in for Web Serversauthorization server and the Web server plug-in.

Administrator response: Ensure that the Web serverconfiguration is correct.

AMZCO0409E The URAF initialization was notsuccessful: %s (%#x).

Explanation: The URAF initialization was notsuccessful.



AMZCO0410E The user %s could not be added tothe group %s: (URAF error code: %#x).

Explanation: The identified user could not be addedto the identified group.

Administrator response: Ensure that the user registryis available and retry the operation. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

AMZCO0412E The response file %s could not beprocessed: error: %s (error code: 0x%x).

Explanation: An invalid response file was provided tothe IBM Security Access Manager Plug-in for Web

Servers configuration program.

Administrator response: Examine the IBM SecurityAccess Manager Plug-in for Web Servers configurationprogram log file for more details on the errors found inthe response file.

AMZCO0413E An invalid DN was retrieved for theadmin group %s

Explanation: The admin group is required as a DNtemplate in creation of other groups. The DN for theadmin group which was retrieved does not contain thename of the admin group.


AMZCO0414E No Sun Java System (formerlySunONE) Web Server configurationinformation for the virtual host %scould be found under the %s directory.Ensure that the correct directory isspecified and that file permissions allowread access to the appropriate users.

Explanation: No configuration file could be foundunder the specified directory for the identified virtualhost.

Administrator response: Retry the configurationoption making sure you specify the correct Sun JavaSystem (formerly SunONE) Web Server installationdirectory and valid virtual host names. Ensure that thecorrect permissions are assigned to the files containedwithin the Web server installation directory, allowingread access for the appropriate users.





AMZCO0415E The SSL keyfile %s permissions donot permit read-write access by the user%s or group %s .

Explanation: In order to use the identified SSL keyfilethe identified user requires read-write access. Normally,the configuration program will change the ownershipor permissions of the file so that the identified user canaccess the keyfile appropriately. It will not do this if thekeyfile is owned by the ivmgr user and a group otherthan ivmgr and the group permissions on the file donot permit read-write access. This protectsconfigurations where the administrator has carefully setthe keyfile permissions from being overridden by thisconfiguration program.

Administrator response: Change the permissions of the file so that the identified user will have read-writeaccess or specify an alternate keyfile to use.

AMZCO0416E The specified SSL keyfile

permissions do not permit read-writeaccess.

Explanation: In order to use the identified SSL keyfilethe IBM Security Access Manager Plug-in for WebServers authorization server requires read-write access.Normally, the configuration program will change theownership or permissions of the file so that theauthorization server can access the keyfileappropriately. It will not do this if the keyfile is owned

by the ivmgr user and a group other than ivmgr andthe group permissions on the file do not permitread-write access. This protects configurations wherethe administrator has carefully set the keyfilepermissions from being overridden by this

configuration program.

Administrator response: Change the permissions of the file so that the identified user will have read-writeaccess or specify an alternate keyfile to use.

AMZCO0417E The file permissions for file %scould not be set to %#o: error: %s (errorcode: %#x).

Explanation: The configuration requires that theidentified file have the specified permissions and thespecified error occurred while attempting to change thepermissions.

Administrator response: Change the permissionsmanually and retry the operation.

AMZCO0418E The user %s could not be added tothe group %s: error: %s (error code:%#x).

Explanation: The identified user could not be addedto the identified group.

Administrator response: Ensure that the user registryis available and retry the operation. If the problem


AMZCO0419E The properties for file %s could notbe set to user %s , group %s , and

permissions %#o: error: %s (error code:%#x).

Explanation: The configuration requires that theidentified file have the specified permissions andownership properties and the specified error occurredwhile attempting to change the properties.

Administrator response: Change the ownership andpermissions manually and retry the operation.

AMZCO0420E The Web server plug-in is notconfigured.

Explanation: An attempt has been made to

unconfigure the Web server plug-in when it is notconfigured.


AMZCO0422E The action '%s' is not a recognizedaction.

Explanation: An invalid value for the '-action'parameter of the configuration program has beenspecified either on the command line or in the responsefile.

Administrator response: Run the configurationprogram specifying a valid action.

AMZCO0423E An unrecognized action wasspecified.

Explanation: An invalid value for the '-action'parameter of the configuration program has beenspecified either on the command line or in the responsefile.

Administrator response: Run the configurationprogram specifying a valid action.

AMZCO0424E No value has been specified for the

required '%s' configuration item.Explanation: No value has been specified for therequired configuration item.

Administrator response: Run the configurationprogram specifying a value for identified configurationitem on the command line or in a response file.Alternatively, you may run the configuration programin interactive mode (-interactive yes) and be promptedfor the item value.





AMZCO0425E No value has been specified for arequired configuration item.

Explanation: No value has been specified for therequired configuration item.

Administrator response: Examine earlier errormessage to identify the particular configuration item

that has not been specified. Run the configurationprogram specifying a value for that configuration itemon the command line or in a response file.Alternatively, you may run the configuration programin interactive mode (-interactive yes) and be promptedfor the item's value.

AMZCO0426E The value '%s' specified for the'remove' configuration item is not valid.

Explanation: An invalid value for the 'remove'configuration item has been specified either on thecommand line or in the response file.

Administrator response: Run the configurationprogram specifying a valid value for the 'remove'configuration item.

AMZCO0427E The value specified for the 'remove'configuration item is not valid.

Explanation: An invalid value for the 'remove'configuration item has been specified either on thecommand line or in the response file.

Administrator response: Run the configurationprogram specifying a valid value for the 'remove'configuration item.

AMZCO0428E The virtual host does not exist.

Explanation: A virtual host could not be located in theWeb server's configuration data.

Administrator response: Examine earlier messages toidentify the virtual host that does not exist. Check thename of the virtual host and retry the configuration.

AMZCO0429E The IHS Web server plug-in is notsupported on this operating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for IBM HTTP

Server (IHS) on an unsupported operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for IBM HTTP Server(IHS) on this operating system.

AMZCO0430E The configuration program must berun as root.

Explanation: The IBM Security Access ManagerPlug-in for Web Servers configuration program needsto be run as the root user.

Administrator response: Run the IBM Security AccessManager Plug-in for Web Servers configurationprogram as the root user.

AMZCO0431E The Sun Java System (formerlySunONE) Web Server plug-in is notsupported on this operating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for Sun JavaSystem (formerly SunONE) Web Server on anunsupported operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for Sun Java System(formerly SunONE) Web Server on this operatingsystem.

AMZCO0432E The command line option '-%s' is notvalid.

Explanation: The identified command line option is

not valid for the operation requested of theconfiguration program.

Administrator response: Re-run the configurationprogram either without the option or with the correctoption for the operation.

AMZCO0433E The option '%s' in the [%s] stanza ofthe %s response file is not valid.

Explanation: The identified option read from theresponse file is not valid for the operation requested of the configuration program.

Administrator response: Correct the options in theresponse file and re-run the command.

AMZCO0434E The value '%s' for command lineoption '-%s' is inconsistent with thepreviously set value '%s'.

Explanation: The identified command line option ishas been specified more than once with different valuesto the configuration program.

Administrator response: Re-run the configurationprogram without specifying inconsistent values for theoption.

AMZCO0435E The value '%s' for option '%s' in the[%s] stanza of the %s response file isinconsistent with the previously setvalue '%s'.

Explanation: The identified option read from theresponse file is not valid for the operation requested of the configuration program.

Administrator response: Correct the options in theresponse file and re-run the command.





AMZCO0436E '%s' is not a valid Web server type.

Explanation: The specified Web server type is notvalid.

Administrator response: Specify a valid Web servertype and re-run the command. The usage message of the configuration program lists the valid Web server

types.

AMZCO0437E The specified Web server type is notvalid.

Explanation: The specified Web server type is notvalid.

Administrator response: Specify a valid Web servertype and re-run the command. The usage message of the configuration program lists the valid Web servertypes.

AMZCO0438W The Web server type could not be

determined.

Explanation: The configuration program has reportedthat there are configuration parameters that are invalid.This might be because the parameters are specific to aparticular Web server plug-in but the type of Webserver plug-in to be configured was not explicitlyspecified and could not be determined automatically.

Administrator response: Re-run the configurationprogram using the 'web_server' configurationparameter to explicitly specify the Web server type forwhich the IBM Security Access Manager Plug-in forWeb Severs is being configured.

AMZCO0439E The Web server type could not bedetermined.

Explanation: More than one Web server plug-inpackage has been installed and the configurationprogram was not able to automatically determinewhich Web server type to use.

Administrator response: Re-run the configurationprogram using the 'web_server' configurationparameter to explicitly specify the Web server type forwhich the IBM Security Access Manager Plug-in forWeb Severs is being configured.

AMZCO0444E '%s' is not a valid Apache serverversion.

Explanation: The specified Apache server version isnot valid.

Administrator response: Specify a valid Apacheserver version and re-run the command. The usagemessage of the configuration program lists the validApache server versions.

AMZCO0445E The specified Apache server versionis not valid.

Explanation: The specified Apache server version isnot valid.

Administrator response: Specify a valid Apacheserver version and re-run the command. The usage

message of the configuration program lists the validApache server versions.

AMZCO0446E The specified Apache Web Serverversion is not supported on thisoperating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for Apache WebServer against a version of the Apache Web Server thatis not supported on the operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for Apache Web

Server against this version of Apache Web server onthis operating system.

AMZCO0447E The specified Apache Web Serverversion is not supported on thisoperating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for Apache WebServer against a version of the Apache Web Server thatis not supported on the operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for Apache WebServer against this version of Apache Web server onthis operating system.

AMZCO0448E '%s' is not a valid IBM HTTP Serverversion.

Explanation: The specified IBM HTTP Server versionis not valid.

Administrator response: Specify a valid IBM HTTPServer server version and re-run the command. Theusage message of the configuration program lists thevalid IBM HTTP Server versions.

AMZCO0449E The specified IBM HTTP Serverversion is not valid.

Explanation: The specified IBM HTTP Server versionis not valid.

Administrator response: Specify a valid IBM HTTPServer version and re-run the command. The usagemessage of the configuration program lists the validIBM HTTP Server versions.





AMZCO0450E The specified IBM HTTP Serverversion is not supported on thisoperating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for IBM HTTPServer against a version of the IBM HTTP Server that isnot supported on the operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for IBM HTTP Serveragainst this version of IBM HTTP Server on thisoperating system.

AMZCO0451E The specified IBM HTTP Serverversion is not supported on thisoperating system.

Explanation: An attempt was made to configure theIBM Security Access Manager Plug-in for IBM HTTPServer against a version of the IBM HTTP Server that isnot supported on the operating system.

Administrator response: Do not configure the IBMSecurity Access Manager Plug-in for IBM HTTP Serveragainst this version of IBM HTTP Server on thisoperating system.

AMZCO0452E An error occurred during theconfiguration of the IBM SecurityAccess Manager Plug-in for MicrosoftInternet Information Services. Ensurethat Microsoft Internet InformationServices is installed on the system.

Explanation: An attempt was made to configure the

IBM Security Access Manager Plug-in for MicrosoftInternet Information Services. This attempt failed andthe most likely reason for this is that IIS is notcurrently installed on the system.

Administrator response: Ensure that the MicrosoftInternet Information Services component is installed onthe system.

AMZCO0454W The following IIS Web sites cannotbe represented in a code page supportedby IBM Security Access ManagerPlug-in for Web Servers. To beprotected, IIS Web site names must not

contain characters that cannot berepresented in a supported code page.Rename each Web site to enableprotection. %s

Explanation: The listed IIS Web sites are named usingcharacters that cannot be represented in a supportedcode page. Only those code pages corresponding tolanguages with full translations are supported.

Administrator response: Rename each of the listedWeb sites using only characters from supported codepages. Only those code pages corresponding to

languages with full translations are supported.

AMZCO0455E The version number of the ApacheWeb server could not be determined.

Explanation: The version number could not beobtained from the Apache Web server.

Administrator response: The version number for theApache Web server is determined by passing the -voption to the httpd command. The output of thiscommand did not contain a valid version number.Check the Apache Web server installation.

AMZCO0456E No IHS Web server package has beeninstalled.

Explanation: An attempt has been made to configurethe IBM Security Access Manager Web server plug-inwhen no IHS package has been installed.

Administrator response: Install a supported version of

the IHS Web server package and retry the operation.

AMZCO0457E An error has occured whileattempting to access the configuration ofthe IIS Web Server (%s). Ensure that theIIS Web Server has been installed andconfigured correctly on the host system.(system error code: %d)

Explanation: An attempt has been made to configurethe IBM Security Access Manager Web server plug-inwith an invalid IIS Web server configuration.

Administrator response: Install a supported version of the IIS Web server, ensure that all of the requiredcomponents are installed, and retry the operation.





Chapter 5. Security Access Manager Session ManagementServer Messages

These messages are provided by the Security Access Manager Session ManagementServer component.

CTGSC0150E An SSL toolkit failure occurred whilecalling %s. Error: %s .


Administrator response: The action required to correctthis problem depends on details in the error message.

CTGSC0151E Memory could not be allocated.

Explanation: An error occurred when the process

attempted to allocate memory. There is not enough freememory available to complete the request.

Administrator response: Examine the system forprocesses consuming excessive memory and restartthem. Ensure the system has sufficient physical andvirtual memory for its expected load. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0152E No more entries were found in thespecified list.

Explanation: An operation requested another entryfrom a list when there were no remaining entries.

Administrator response: This message is logged as aclarifying addition to another error message. Refer tothe recommended action for that error message. Forfurther detailed information about the failure examineearlier messages in the log containing this message.Correct any problems and retry the operation.

CTGSC0153E The requested data is not available.

Explanation: An operation requested data that wasnot available.

Administrator response: This message is logged asthe reason part of an error message. Refer to therecommended action for that error message. For furtherdetailed information about the failure examine earliermessages in the log containing this message. Correctany problems and retry the operation.

CTGSC0154E Access is denied.

Explanation: Insufficient permission to access aresource.

Administrator response: Examine the log foradditional information. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0155E Input data to a system routine isinvalid.

Explanation: Input data to a system routine is invalid.


CTGSC0156E The %s system routine failed: systemerror code: %d

Explanation: A system routine failed for the reasonindicated by the system error code.

Administrator response: Examine the log foradditional information. If the problem persists, checkIBM Electronic Support for additional information -


CTGSC0157E A system routine failed.

Explanation: A system routine failed.


CTGSC0158E Expected configuration data could notbe located in the configuration file.

Explanation: An expected configuration item is notpresent in the configuration file.

Administrator response: Examine the log for furtherdetails of the error, correct the configuration, and retrythe operation.

CTGSC0159E The %s stanza of %s requiresspecification of the %s configurationparameter.




Explanation: An expected configuration item is notpresent in the configuration file.

Administrator response: Correct the configuration andretry the operation.

CTGSC0160E The supplied configuration data wasnot valid.

Explanation: A configuration entry was found to beinvalid.

Administrator response: Examine the log for furtherdetails of the error, correct the configuration, and retrythe operation.

CTGSC0161E The configuration file could not belocked (system error code: %d).

Explanation: The configuration file could not belocked for the indicated reason.

Administrator response: Check for other processeshave the same configuration file open. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0162E Could not open file %s (system errorcode: %d).

Explanation: The identified file could not be openedfor the specified reason.

Administrator response: Check to ensure that the fileexists and has the correct permissions.

CTGSC0163E A multi-byte character string couldnot be converted to a Unicode string: %s

Explanation: A multi-byte character string could not be converted to a Unicode string.


CTGSC0164E There is no terminating bracket on thestanza name: %S .

Explanation: Configuration file stanza names must beterminated by a closing bracket: ']'.

Administrator response: Correct the invalidconfiguration file entry.

CTGSC0165E A Unicode string could not beconverted to a multi-byte characterstring: %S

Explanation: A Unicode string could not be convertedto a multi-byte character string.



CTGSC0166E A configuration entry is invalid. Thereis no separator between the entry nameand value on the line '%S' in stanza[%s].

Explanation: No separator was found between aconfiguration parameter name and its value.Configuration parameter names and values must beseparated by an equal sign: '='. Configurationparameter names may not have white space within

them.

Administrator response: Correct the invalidconfiguration file entry.

CTGSC0167E An invalid argument was passed to aninternal stanza file processing routine.

Explanation: An internal stanza file routine failed because of an invalid argument.


CTGSC0168E The configuration file could not beopened.


Administrator response: Check that the file exists andhas the correct permissions.

CTGSC0169E A configuration file operation has notbeen performed as it would block whenrequested not to.

Explanation: A configuration file operation has not

been performed as it would block when requested notto.


CTGSC0160E • CTGSC0169E




CTGSC0170E The configuration file is not open.

Explanation: An operation was requested on a filethat has not been opened.



CTGSC0171E The stanza file is incorrectlyformatted.

Explanation: An operation was requested on a filewhich is incorrectly formatted.

Administrator response: Examine other errormessages for further information. Correct theformatting of the stanza file and then retry theoperation.

CTGSC0172E An internal error occurred within the

stanza processing code.

Explanation: An internal error occurred within thestanza processing code.

Administrator response: Examine other errormessages for further information. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0173E Text in the configuration file couldnot be updated.

Explanation: Text in the configuration file could not be updated.

Administrator response: Examine other errormessages to find the name of the particularconfiguration file, correct any problem, and retry theoperation.

CTGSC0174E The configuration file was opened inread-only mode and cannot be updated.

Explanation: An update operation was attempted on aconfiguration file that was opened in read-only mode.


CTGSC0175E The configuration file could not beread.

Explanation: A configuration file read operationfailed.

Administrator response: Examine other error

messages for more detail, correct any problem, andretry the operation.

CTGSC0176E An invalid number was supplied.

Explanation: The system was expecting a number to be supplied, but something else was supplied instead.

Administrator response: Examine other errormessages for more detail, correct any problem, andretry the operation.

CTGSC0177E The number which was supplied istoo large.

Explanation: The number which was supplied to thesystem was too large to fit into the allocated memory.

Administrator response: Examine other errormessages for more detail, correct any problem, andretry the operation.

CTGSC0178E An ICC toolkit failure occurred.

Explanation: An internal ICC error occurred.

Administrator response: This error is alwaysaccompanied with a serviceability log error messagedetailing the ICC routine which failed and the reasonfor the failure. The action to correct this problemdepends on details in the serviceability log message. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0179E An ICC toolkit failure occurred whilecalling %s. Error: %s .


Administrator response: The action to correct thisproblem depends on details in the error message. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0180E An ICC toolkit failure occurred whilecalling %s. No further details are

known.Explanation: An internal ICC error occurred.However, no details about the error we able to bedetermined beyond the name of the ICC functionwhich failed.



Chapter 5. Security Access Manager Session Management Server Messages 183



CTGSC0300E No server DN was found within theprovided server certificate.

Explanation: The server certificate, provided by theSMS Administration Web Service, did not contain aserver DN.

Administrator response: Ensure the correct server

certificate is supplied. For further detailed informationabout the failure examine earlier messages in the logcontaining this message. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0301E The DN contained within the servercertificate, %s , is not a configured DN.

Explanation: The DN found within the servercertificate was not listed as a valid DN within theconfiguration file.

Administrator response: Ensure the correct servercertificate is supplied, or modify the list of valid DNswithin the configuration file.

CTGSC0302E An error occurred when attempting tocommunicate with the administrationinterface of the session managementserver using the URL %s: %s (0x%x).

Explanation: An attempt was made to communicatewith the administration interface of the sessionmanagement server and a failure occurred within theunderlying communications layer.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Ensure the administration interface of thesession management server is available and reachable.If the problem persists, check IBM Electronic Supportfor additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0303E The administration interface of thesession management server could not beaccessed.

Explanation: An unsuccessful attempt has been made

to communicate with the administration interface of thesession management server.

Administrator response: Ensure the administrationinterface of the session management server is availableand can be reached by the client. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0304E The %s operation of the sessionmanagement server administrationinterface returned some data for the %sattribute which was not in the expectedformat.

Explanation: The return data from a sessionmanagement server administration operation was of anunexpected format.

Administrator response: Ensure the correct version of the session management server and client is beingused. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSC0305E The administration interface of thesession management server returnedsome unexpected data.

Explanation: The return data from a session

management server administration operation was of anunexpected format.


CTGSC0306E The %s operation of the sessionmanagement server administrationinterface did not return all expecteddata: %s .

Explanation: The indicated return data from a sessionmanagement server administration operation ismissing.


CTGSC0307E The administration interface of thesession management server did not

return all expected data.

Explanation: Return data from a session managementserver administration operation was missing.






CTGSC0309W No replicas were found for thespecified replica set.

Explanation: A request was made to display aspecified replica set, but no replicas are currentlyregistered with the replica set.

Administrator response: No action is required, this is

a status message.

CTGSC0310W The specified realm is not known tothe session management server.

Explanation: A request was made for a session realmwhich is not known to the session management server.

Administrator response: Ensure a valid session realmis being specified by examining the configuration of thesession management server. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/


CTGSC0311W No replica sets were found for thespecified session realm.

Explanation: A request was made to show a specifiedsession realm, but no replica sets are currentlyconfigured within the session realm.

Administrator response: No action is required, this isa status message.

CTGSC0315W No session realms have beenconfigured within the session

management server.

Explanation: A request was made to list all knownsession realms, but no session realms are configuredwithin the session management server.


CTGSC0316W No sessions were found which matchthe specified search criteria.

Explanation: A request was made to list sessionswhich match specified criteria, but no matchingsessions were found.


CTGSC0318W The '%s' parameter of the commandis invalid.

Explanation: The specified parameter, supplied for anadministration task, was invalid.

Administrator response: Review the format of thecommand text to ensure all parameters are correct.

CTGSC0319W The configured '%s' URL, identifiedby the '%s' entry within the [%s] stanzaof %s , is invalid.

Explanation: The specified configuration entry is not avalid URL. The URL should start with either http:// orhttps://

Administrator response: Correct the configured URL.

CTGSC0320W The configured Web service URLs,identified by the '%s' entries within the[%s] stanza of %s , are not all of thesame type. They must be all HTTP orall HTTPS.

Explanation: All of the Web service URLs must be of the same type. A mixture of HTTP and HTTPS URLs isnot supported.

Administrator response: Correct the configured URLs,ensuring they are all of the same type.

CTGSC0326W An invalid command parameter wassupplied.

Explanation: One of the command parameters,supplied for an administration task, was invalid.


CTGSC0327W The '%s' instance is invalid.

Explanation: The specified instance, supplied for anadministration task, was invalid.


CTGSC0328W An unknown SMS instance wassupplied.

Explanation: An instance which was supplied for anadministration task was not a recognized instance.


CTGSD0151E The %s action requires the %sargument.

Explanation: An argument required for the action wasnot provided to the deployment program.

Administrator response: Read the usage message forthe configuration program and verify all requiredarguments are provided.

CTGSC0309W • CTGSD0151E




CTGSD0154E The WebSphere application serversetupCmdLine script must be run beforethis program can be run.

Explanation: The environment variables specifying theWebSphere application server installation path were notfound.

Administrator response: Run the setupCmdLine scriptin the WebSphere application server installationdirectory and run the command again. On Unixplatforms, the script must be run using the 'source'command, rather than run directly. For WebSphereapplication server version 6 installations, the script forthe active application server profile must be run.

CTGSD0157E An error occurred during theconfiguration process: %s

Explanation: An error occurred during theconfiguration process. The error message is given.

Administrator response: Examine the error messageto determine the cause of the problem. Take anynecessary corrective action and retry the command.

CTGSD0160E The configuration tool is unable toaccess the WebSphere applicationmanagement interface.

Explanation: The configuration tool must be able tolocate WebSphere's application management interface toperform application management tasks.

Administrator response: Verify the WebSphereapplication server is running correctly. If in a networkdeployment environment, verify the configuration toolis connecting to the deployment manager server, ratherthan a node agent or managed process.

CTGSD0163E The specified parameters match morethan one application server in theWebSphere cell, %s . The serversmatched are: %s Use the '-was_node'and '-was_server' parameters to specify asingle application server.

Explanation: The WebSphere server and nodeparameters specified on the command line match morethan one application server. The requested action can

only be performed on a single application server.Administrator response: Retry the command, using

both the '-was_server' and '-was_node' arguments tospecify a single application server.

CTGSD0165E The WebSphere cell, %s , containsmultiple clusters. The cluster namesare:%sUse the '-was_cluster' option tospecify a cluster.

Explanation: The configuration tool can only deploythe session management server to a single application

server or cluster. More than one cluster exists in thecell, so a cluster must be specified using the'-was_cluster' command line option.

Administrator response: Retry the command,specifying a single cluster using the '-was_cluster'command line option.

CTGSD0166E Both a cluster name and a WebSphereserver identifier were specified.

Explanation: When deploying the sessionmanagement server application, either a WebSpherecluster or a single application server must be specified.

Administrator response: Retry the command, usingeither the '-was_cluster' option, or one or both of the'-was_server' and '-was_node' options.

CTGSD0167E The configuration tool cannot deploythe session management serverapplication to a WebSphere cluster

when it is not connected to thedeployment manager.

Explanation: The configuration tool cannot deploy thesession management server application to a WebSpherecluster when it is not connected to the deploymentmanager.

Administrator response: Retry the commandspecifying connection parameters for the deploymentmanager. Alternatively, retry the command specifyingone or both of the '-was_server' and '-was_node'options instead of '-was_cluster'.

CTGSD0168E The cluster, %s , could not be found inthe WebSphere cell, %s.

Explanation: The cluster specified on theconfiguration tool command line could not be found.

Administrator response: Verify the cluster name isspecified correctly and the configuration tool isconnecting to the correct deployment manager, thenretry the command.

CTGSD0169E The server, %s , on the node, %s , inthe WebSphere cell, %s , either could notbe found or is not a suitable

deployment target.Explanation: The server specified on the commandline either could not be found, or is not a suitabledeployment target. The session management server cannot be deployed onto node agent or deploymentmanager servers.

Administrator response: Verify the server name andthe node are specified correctly, and the configurationtool is connecting to the correct deployment manager,then retry the command.

CTGSD0154E • CTGSD0169E




CTGSD0170E No clusters or application serversexist in the WebSphere cell, %s .

Explanation: The session management server cannot be deployed until an application server or cluster has been created in the WebSphere cell.

Administrator response: Create an application server

or a cluster and retry the command.

CTGSD0171E The session management server isalready being configured. The existingconfiguration client is %s.

Explanation: The selected instance of the sessionmanagement server is already being configured.

Administrator response: Either close the existingconfiguration client or try the operation again,specifying the option to displace an existingconfiguration client.

CTGSD0174E WebSphere eXtreme Scale is notinstalled on the WebSphere ApplicationServer Deployment Manager.

Explanation: WebSphere eXtreme Scale was not foundon the WebSphere Application Server DeploymentManager.

Administrator response: Install a supported version of WebSphere eXtreme Scale onto the WebSphereApplication Server Deployment Manager.

CTGSD0175E An unsupported version ofWebSphere eXtreme Scale (%s) was

found on the WebSphere ApplicationServer Deployment Manager.

Explanation: An unsupported version of WebSphereeXtreme Scale was found on the WebSphereApplication Server Deployment Manager.

Administrator response: Install a supported version of WebSphere eXtreme Scale onto the WebSphereApplication Server Deployment Manager.

CTGSD0176W WebSphere eXtreme Scale is notinstalled on the %s WebSphereApplication Server.

Explanation: WebSphere eXtreme Scale was not foundon a WebSphere Application Server.

Administrator response: Install a supported version of WebSphere eXtreme Scale onto the WebSphereApplication Server Deployment Manager and allWebSphere Application Server instances within thecluster.

CTGSD0177W An unsupported version ofWebSphere eXtreme Scale (%s) wasfound on the %s WebSphereApplication Server.

Explanation: An unsupported version of WebSphereeXtreme Scale was found on a WebSphere ApplicationServer instance.

Administrator response: Install a supported version of WebSphere eXtreme Scale onto the WebSphereApplication Server Deployment Manager and allWebSphere Application Server instances within thecluster.

CTGSD0178W Unable to determine the version ofWebSphere eXtreme Scale running onthe %s WebSphere Application Server.

Explanation: The SMS configuration process wasunable to determine the version of WebSphere eXtremeScale on an WebSphere Application Server.

Administrator response: Ensure all cluster membersare running and have a supported version of WebSphere eXtreme Scale installed.

CTGSD0179W Unable to determine the version ofWebSphere eXtreme Scale running onthe %s WebSphere Application Serverbecause it is unreachable.

Explanation: The smscfg tool was unable to determinethe version of WebSphere eXtreme Scale on anWebSphere Application Server because it could not becontacted.

Administrator response: Ensure all cluster membersare running and are contactable by the deploymentmanager.

CTGSD0180E Unable to find a supported version ofWebSphere eXtreme Scale on allmembers of the WebSphere ApplicationServer cluster.

Explanation: One or more cluster members wereunreachable. They contain either an unsupportedversion of WebSphere eXtreme Scale or no WebSphereeXtreme Scale at all.

Administrator response: Install a supported version of WebSphere eXtreme Scale onto every WebSphereApplication Server in the cluster and ensure they are allrunning.

CTGSD0181W The version of WebSphere eXtremeScale installed across the cluster isinconsistent.

Explanation: The version of WebSphere eXtreme Scaleinstalled across the cluster is inconsistent.

CTGSD0170E • CTGSD0181W




Administrator response: Ensure that all clustermembers share the same version of WebSphere eXtremeScale.

CTGSD0300E An error occurred while processingthe WebSphere eXtreme Scaleconfiguration file %s: %s

Explanation: An error occurred while processing anWebSphere eXtreme Scale configuration file.

Administrator response: Examine the error messageto determine the cause of the problem. Retry theconfiguration operation.

CTGSD0306E The configuration program must berun as root.

Explanation: The configuration program must be runas the root user.

Administrator response: Run the configuration

program as the root user.

CTGSD0307E The command line option, -%s , is notvalid for the %s action.

Explanation: The command line option is not valid forthe specified action of the configuration program.

Administrator response: Check the usage of theconfiguration program and re-run it with the correctoptions.

CTGSD0308E The value, %s , for command lineoption, -%s , is inconsistent with the

previously set value, %s.

Explanation: The identified command line option has been supplied to the configuration program more thanonce with different values.

Administrator response: Re-run the configurationprogram with consistent values for the option.

CTGSD0309E The following command line optionsare missing: %s.

Explanation: The identified command line options aremissing. They must be specified to perform theoperation.

Administrator response: Re-run the configurationprogram specifying the required command line options.

CTGSD0310E A required command line option hasnot been supplied.

Explanation: One or more command line options aremissing. They must be specified to perform theoperation.

Administrator response: Re-run the configuration

program and include the missing command lineoptions.

CTGSD0311E A command line option was not ofthe correct format.

Explanation: A command line option was notspecified correctly.

Administrator response: Re-run the configurationprogram ensuring the correct command line options areprovided.

CTGSD0312E The specified file could not beopened.

Explanation: An attempt to open a file has failed.

Administrator response: Ensure the specified fileexists and the correct permissions have been assigned.

CTGSD0313E There is no default value for this

configuration item. Provide a value.

Explanation: No value was given for a requiredconfiguration option.

Administrator response: Supply the requiredconfiguration option when asked.

CTGSD0321E The command line extension isalready configured. Unconfigure and tryagain.

Explanation: The IBM Security Access ManagerSession Management Command Line is already

configured.Administrator response: Unconfigure the IBMSecurity Access Manager Session ManagementCommand Line and retry the operation.

CTGSD0324E The file, %s , could not be created: %s.

Explanation: The specified file could not be createdfor the reason indicated by the error message.

Administrator response: Take any necessary correctiveaction indicated by the error message.

CTGSD0328E The session management server actionon %s failed due to a transientcondition.

Explanation: The configuration operation of thesession management server on the named server hasfailed due to a transient condition. The configurationoperation can be retried once this condition has beenresolved.

Administrator response: Examine the configurationlog data to determine the cause of the failure. Once theproblem has been corrected, restart the specified server





or retry the configuration operation.

CTGSD0329E The session management server actionon %s failed.

Explanation: The configuration operation of thesession management server on the named server hasfailed. Changes to the session management server arerequired.

Administrator response: Examine the configurationlog data to determine the cause of the failure and thechanges to the session management serverconfiguration that are required to correct it. Retry theconfiguration operation.

CTGSD0334E The WebSphere application serverhome directory is not specified. Thismust be set in either the WAS_HOMEenvironment variable or with the'-was_home' command line option.

Explanation: The session management Web interfaceconfiguration program cannot run without the homedirectory of the WebSphere application server beingspecified either by the WAS_HOME environmentvariable or the -was_home command line option.

Administrator response: Specify the WebSphereapplication server home directory and retry theoperation.

CTGSD0409E The command line extension upgradewas unsuccessful.

Explanation: The configuration upgrade was not

successful.

Administrator response: Examine earlier messages fordetails of the upgrade failure, correct the problemsidentified, and retry the operation.

CTGSD0412E The command line option, -%s , is notvalid.

Explanation: The command line option is not valid forthe current program.

Administrator response: Check the usage of theprogram and re-run it with the correct options.

CTGSD0413E The IBM Security Access Managerproduct must be installed beforeintegration is possible.

Explanation: The user has requested to integrate withIBM Security Access Manager when it has not beeninstalled on the system.

Administrator response: Install the required IBMSecurity Access Manager components and then attemptto re-configure.

CTGSD0414E The property, %s , has been specifiedmore than once.

Explanation: A property was specified more thanonce.

Administrator response: Remove duplicate entriesand try again.

CTGSD0415E No running SMS instances werelocated within the WebSphereApplication Server. Ensure that theWebSphere Application Server detailsare correct and that the SMS instanceshave been started.

Explanation: No running SMS instances were locatedwithin the specified WebSphere Application Server.

Administrator response: Ensure that the suppliedWebSphere Application Server details are correct andthat the SMS instances have been started.

CTGSD0416E The JNI library, %s , failed to load.

Explanation: An attempt to load a JNI library was notsuccessful.


CTGSD0418E WebSphere eXtreme Scale is notfunctioning correctly on the followingservers:%s

Explanation: WebSphere eXtreme Scale is notfunctioning correctly on the cluster of WebSphereApplication Servers hosting the session managementserver application. The session management servercannot be configured unless WebSphere eXtreme Scaleis functioning correctly.

Administrator response: Examine the configurationprogram logs and the logs of the specified servers todetermine the cause of the problem. Check that theWebSphere eXtreme Scale catalog server configurationis correct, and that any firewalls and packet filters areconfigured to allow connections between theWebSphere Application Server processes. When the

problem has been corrected, retry the configurationoperation.

CTGSD0419E WebSphere eXtreme Scale has notbeen configured on the server, %s.

Explanation: The WebSphere eXtreme Scaleconfiguration files for the session management serverapplication have not been distributed to the server.Without these files in place, the session managementserver cannot be configured.





Administrator response: Ensure that the WebSphereApplication Server configuration is correctlysynchronized to all nodes in the cell.

CTGSD0420E WebSphere eXtreme Scale is notavailable. The current WebSphereeXtreme Scale state is: %s

Explanation: The session management server cannot be configured unless WebSphere eXtreme Scale isavailable.

Administrator response: Check the logs of each serverfor more information about the problem. It may benecessary to restart one or more servers in the cell.

CTGSD0421E An operation to check thatWebSphere eXtreme Scale is functioningcorrectly has failed.

Explanation: The session management server cannot be configured unless WebSphere eXtreme Scale is

functioning correctly.

Administrator response: Check the logs of each serverfor more information about the problem. It may benecessary to restart one or more servers in the cell.

CTGSD0422W The value %s is an invalidmax_logins value for a session realmwhen session limit policy has beendisabled. Defaulting to 0.

Explanation: The data which was supplied should beof the format: <realm>:0=<rset1>,<rset2> when sessionlimit policy is disabled

Administrator response: Retry the operation, withsession limit policy enabled to enforce a maximumnumber of sessions per realm.

CTGSD0423E An error occurred while processingthe WebSphere eXtreme Scale zonesconfiguration: %s

Explanation: An error occurred while processing theWebSphere eXtreme Scale zones configuration.

Administrator response: Examine the error messageto determine the cause of the problem. Retry theconfiguration operation.

CTGSD0424E WebSphere eXtreme Scale zones havebeen defined but node %s is not part ofa zone.


Administrator response: If zones are defined, ensurethat all nodes within the cluster are within a zone.Retry the configuration operation.

CTGSD0425E WebSphere eXtreme Scale zones havebeen defined and node %s is part ofmore than 1 zone.


Administrator response: If zones are defined, ensure

that all nodes within the cluster are not within morethan 1 zone. Retry the configuration operation.

CTGSD0426E Node %s is part of an undefined zone%s.


Administrator response: Ensure that nodes within thecluster are part of a defined zone. Retry theconfiguration operation.

CTGSD0453E A binary has been executed with

incorrect arguments.

Explanation: A binary has been executed withincorrect arguments.

Administrator response: Examine the log files forfurther error messages, correct any problem, and retrythe operation.

CTGSD0480E The SMS application instance, %s , isat a newer version, %s , than theavailable fixpack, %s.

Explanation: The SMS application instance is at anewer level than the currently available fixpack. TheSMS application instance can only be upgraded to anewer fixpack.

Administrator response: To move the SMS instance toa previous fixpack version, use the 'revert' action.

CTGSD0750E The action parameter must besupplied to the configuration program.Valid action arguments are 'deploy','config', 'unconfig', 'undeploy', 'extract','upgrade', 'revert'.

Explanation: A parameter specifying the action to takemust be specified to the configuration program.

Administrator response: Read the usage message forthe configuration program and check that the actionargument is specified correctly.

CTGSD0751E An unrecognized action argument, %s ,was supplied to the configurationprogram. Valid action arguments are'deploy', 'config', 'unconfig', 'undeploy','extract', 'upgrade', 'revert'.

Explanation: An unrecognized action argument was





supplied to the configuration program.

Administrator response: Read the usage message forthe configuration program and check that the actionargument is specified correctly.

CTGSD0752E The response file contained a linethat could not be parsed: %s

Explanation: The response file contained a line thatthe configuration program was unable to parse.

Administrator response: Correct the mistakeidentified in the response file and retry the operation.

CTGSD0755E An error occurred when attempting toread the response file, %s: %s

Explanation: An error occurred when attempting toread the response file that was specified.

Administrator response: Check that the response filespecified is valid. Examine the error details for furtherinformation.

CTGSD0757E %s is not a valid configurationparameter.

Explanation: An invalid configuration parameter wasspecified.

Administrator response: Read the usage message forthe configuration program to determine the validconfiguration parameters.

CTGSD0758E The configuration parameter, %s , does

not have a value associated with it.Explanation: The configuration parameter specifieddoes not have a corresponding value.

Administrator response: Read the usage message forthe configuration program to determine a valid valuefor the required configuration parameter.

CTGSD0760E The configuration parameter, %s , hasbeen specified more than once.

Explanation: A configuration parameter was specifiedmore than once on the command line.

Administrator response: Remove duplicate entriesand re-run the configuration program.

CTGSD0769E The configuration of the sessionmanagement server failed.

Explanation: The configuration of the sessionmanagement server has failed for reasons indicated byearlier error messages.

Administrator response: Examine the configurationlog file for earlier messages indicating the cause of theconfiguration failure. Take any necessary corrective

action and retry the operation.

CTGSD0773E An error occurred when attempting tocreate an administration client to theWebSphere application server: %s

Explanation: An administration client to theWebSphere application server could not be created.

Administrator response: Ensure that the WebSphereapplication server parameters have been specifiedcorrectly. Ensure that the WebSphere application serveris running. Examine the error details for additionalinformation.

CTGSD0774E An error occurred when attempting todetermine if the session managementserver configuration application wasdeployed: %s

Explanation: An error occurred when attempting todetermine if the session management server

configuration application was deployed.

Administrator response: Ensure that the WebSphereapplication server is running. Examine the error detailsfor additional information.

CTGSD0776E An error occurred when attempting todeploy the session management serverconfiguration application: %s

Explanation: An error occurred when attempting todeploy the session management server configurationapplication.


CTGSD0778E An error occurred when attempting tocommunicate with the WebSphereapplication server: %s

Explanation: An error occurred when attempting tocommunicate with the WebSphere application server.

Administrator response: Ensure that the WebSphereapplication server parameters have been specifiedcorrectly. Ensure that the WebSphere application serveris running. Examine the error details for additional

information.

CTGSD0779E The session management server hasnot been deployed to the WebSphereapplication server. The sessionmanagement server needs to bedeployed before it can be configured.

Explanation: The session management server has not been deployed to the WebSphere application server. Itneeds to be deployed before it can be configured.





Administrator response: Ensure that the WebSphereapplication server parameters have been specifiedcorrectly.Ensure that the WebSphere application serveris running. Ensure that the session management serverhas been deployed to the specified WebSphereapplication server.

CTGSD0785E An error occurred when attempting tostart the session management serverapplication.

Explanation: An error occurred when attempting tostart the session management server application.

Administrator response: Examine the applicationserver logs for more information.

CTGSD0786E An error occurred when attempting tostop the session management serverapplication.

Explanation: An error occurred when attempting to

stop the session management server application.

Administrator response: Examine the applicationserver logs for more information.

CTGSD0820E An error occurred when attempting toperform the Session Management Serverconfiguration :%s.

Explanation: An error occurred when attempting toperform the Session Management Server configuration.

Administrator response: Examine the error details forinformation regarding the cause of this error.

CTGSD0822E An error occurred when attempting toundeploy the Session ManagementServer : %s

Explanation: An error occurred when attempting toundeploy the Session Management Server.


CTGSD0848E An error occurred when attempting todeploy the session management serverapplication: %s .

Explanation: An error occurred when attempting todeploy the session management server application.


CTGSD0854E An error occurred while accessing theWebSphere application serverconfiguration: %s

Explanation: An error occurred while accessing theWebSphere application server configuration.

Administrator response: Examine the error details for

information regarding the cause of this error.

CTGSD0855E A WebSphere application serverconfiguration object of type %s couldnot be located.

Explanation: A required WebSphere application serverconfiguration object could not be located.

Administrator response: If in a WebSphere applicationserver network deployment environment, ensure thatthe deployment manager is running. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/


CTGSD0856E Failed to read data from the console:%s

Explanation: An error occurred while attempting toread some data from the console.


CTGSD0857E An error occurred when attempting towrite the response file, %s: %s

Explanation: An error occurred when attempting towrite to the response file that was specified.

Administrator response: Check that the response filespecified is valid. Examine the error details for furtherinformation.

CTGSD0859E %s is an invalid value for the %sparameter. The %s parameter must be aboolean value (yes, true, no or false).

Explanation: The data which was supplied should

have the value of either 'yes', 'true', 'no' or 'false'

Administrator response: Retry the operation,supplying either 'yes', 'true', 'no' or 'false'

CTGSD0860E The value which was supplied couldnot be resolved to a valid internetaddress.

Explanation: The supplied data does not correspondto a valid internet address, or a known host name.





Administrator response: Retry the operation,supplying a known host name.

CTGSD0861E The value which was supplied doesnot correspond to a valid number.

Explanation: The supplied data was not actually anumber.

Administrator response: Retry the operation,supplying a valid number.

CTGSD0862E The specified file could not be found.

Explanation: A file which matches the specified namecould not be found.

Administrator response: Retry the operation,supplying an existing file.

CTGSD0863E The value which was supplied doesnot correspond to a valid option.

Explanation: The supplied data was not actually anumber, or it did not correspond to the index value of one of the supplied options.

Administrator response: Retry the operation,supplying a valid index number.

CTGSD0864E The SMS instance parameter was notsupplied. The instance names which arecurrently valid include: %s

Explanation: The SMS instance which is to be used bythe configuration utility was not supplied.

Administrator response: Execute the configurationutility again, supplying a valid SMS instance name.

CTGSD0866E %s is an invalid value for a sessionrealm.

Explanation: The data which was supplied should beof the format: <realm>:<max logins>=<rset1>,<rset2>

Administrator response: Retry the operation,supplying a correctly formatted string.

CTGSD0867E %s is an invalid value for a IBMSecurity Access Manager authorizationserver. Ensure that a valid host name,port and rank is supplied.

Explanation: The data which was supplied should beof the format <host>:<port>:<rank>. The data whichwas supplied did not contain all of the necessary fields,or one or more of the fields were invalid.

Administrator response: Retry the operation,supplying the correct fields.

CTGSD0868E %s is an invalid value for a credentialrefresh operation. Ensure that a validoperation and rule is supplied. Theoperation must be either 'preserve' or'refresh'.

Explanation: The data which was supplied should beof the format <op>:<rule>. The data which wassupplied did not contain all of the necessary fields, orone or more of the fields were invalid.

Administrator response: Retry the operation,supplying the correct fields.

CTGSD0869E An error occurred when attempting tounconfigure an instance of the SessionManagement Server : %s

Explanation: An error occurred when attempting tounconfigured an instance of the Session ManagementServer.


CTGSD0870E An error occurred while attempting toconfirm that the supplied addresscorresponds to a local address: %s

Explanation: An error occurred while attempting toconfirm that the supplied address is one of the localmachine address.


CTGSD0871E The session management serverconfiguration and administrationmodule for the Integrated SolutionsConsole can only be deployed to thelocal host.

Explanation: The ISC instance can only be deployedto the local host. An attempt was made to deploy theinstance to a WebSphere Application Server which washosted on another machine.

Administrator response: Execute the configurationutility on the machine which is hosting the destination

WebSphere Application Server.

CTGSD0872E The directory, %s , does not exist, or isnot a directory.

Explanation: The specified directory does not exist.

Administrator response: Ensure that the specifieddirectory is correct and that it does in fact exist on thesystem.





CTGSD0873E A tempory file could not be created:%s

Explanation: An attempt to create a temporary filefailed.



CTGSD0874E %s is not a known session realm.

Explanation: The session realm supplied was notknown to the Session Management Server.

Administrator response: Retry the operation,supplying a known session realm name.

CTGSD0875E The SMS instance parameter, %s , isnot a recognized instance. The instancenames which are currently valid

include: %s

Explanation: The SMS instance which is to be used bythe configuration utility was invalid.

Administrator response: Execute the configurationutility again, supplying a valid SMS instance name.

CTGSD0902E The argument, %s , is not recognized.

Explanation: An unrecognized argument was passedthe smscars.jacl configuration program.

Administrator response: Examine the usage messagedisplayed with this message, correct the command line

options and re-run the command.

CTGSD0903E The -action option must be set toeither 'config' or 'unconfig'. The value,%s , is not valid.

Explanation: An unrecognized value was specified forthe -action option.

Administrator response: Retry the operationspecifying a valid value for the -action option.

CTGSD0904E The required option, %s , was notspecified.

Explanation: The specified option is required but wasnot specified.

Administrator response: Retry the operationspecifying missing option.

CTGSD0905E The WebSphere application servernode, %s , in cell, %s , has no servers.

Explanation: The specified WebSphere node does nothave any servers configured on it.

Administrator response: Retry the operation ensuringthe wsadmin connection parameters are correctly

specified.

CTGSD0906E The WebSphere application servernode, %s , in cell, %s , has more than oneserver. You must specify a single serverusing the -server option

Explanation: The specified WebSphere node has morethan one server configured on it. A default servercannot be chosen.

Administrator response: Retry the operationspecifying the -server option.

CTGSD0907E The server, %s , is not recognized onnode, %s , within cell, %s.

Explanation: The specified WebSphere node does nothave a server configured matching the specified servername.

Administrator response: Retry the operation ensuringthe wsadmin connection parameters are correct andthat the -server option is specified correctly.

CTGSD0914E The directory, %s , does not exist. The-cars option setting is not valid.

Explanation: The common audit and reporting service(CARS) installation directory must have client/etc andclient/lib subdirectories but does not.

Administrator response: Retry the operation ensuringthe -cars option specifies the correct common audit andreporting service (CARS) installation directory.

CTGSD0922W The %s application must be restartedbefore the configuration changes willtake effect.

Explanation: This message records that configurationchanges requiring the applicaton to be restarted have

been made.

Administrator response: Restart the application whenyou are ready so that the configuration changes willtake effect.

CTGSD0923W The %s application must be enabledto use the %s shared library.

Explanation: This message records that the applicationhas not yet been enabled to use the newly configuredshared library.

CTGSD0873E • CTGSD0923W




Administrator response: Re-run this commandwithout the -noenable option.

CTGSD1200E The option, %s , requires an argumentbut one was not provided.

Explanation: The option specified in the messagerequires an argument.

Administrator response: Re-run the commandspecifying an argument for the specified option.

CTGSD1201E The option, %s , is not recognized.

Explanation: The option specified in the message isnot recognized by the command.

Administrator response: Consult the documentationfor the command and re-run it with the correct options.

CTGSD1202E The argument, %s , is not recognized.

Explanation: The argument specified in the message isnot valid for the command.

Administrator response: Consult the documentationfor the command and re-run it with the correctarguments.

CTGSD1203E The WebSphere Application Serverinstalled at, %s , does not have a profilenamed, %s.

Explanation: The WebSphere Application Server doesnot have a profile with the specified name.

Administrator response: Run the command again

ensuring the profile name is specified correctly, and theWAS_HOME environment variable or -was_homecommand line option is specified correctly.

CTGSD1204E There does not appear to be aWebSphere Application Server installedat, %s.

Explanation: The contents of the specified directorydo not look like a WebSphere Application Serverinstallation.

Administrator response: Run the command againensuring the WAS_HOME environment variable or

-was_home command line option is specified correctly.

CTGSD1205E A value for the WAS_USER_SCRIPTenvironment variable could not bedetermined.

Explanation: The WAS_USER_SCRIPT environmentvariables specifies the name of the script that definesWebSphere Application Server environment variablesfor a particular profile. The location of this script couldnot be determined.

Administrator response: Run the command againensuring the WAS_HOME environment variable or-was_home command line option is specified correctly.

CTGSD1206E The WAS_USER_SCRIPT, %s , couldnot be accessed.

Explanation: The WAS_USER_SCRIPT environmentvariables specifies the name of the script that definesWebSphere Application Server environment variablesfor a particular profile. The file specified by theWAS_USER_SCRIPT environment variable eitherdoesn't exist or is not accessible.

Administrator response: Run the command againensuring the WAS_HOME environment variable or-was_home command line option is specified correctlyand ensuring that you are running the command withthe required privileges.

CTGSD1207E Conversion of SSL repertoire, %s , to

CMS key database, %s , failed.Explanation: The SSL repertoire to CMS key databaseconversion failed.

Administrator response: Examine the erorr messagereported and take action indicated for the message.

CTGSD1208E The SSL repertoire, %s , is notdefined.

Explanation: The settings of the specified SSLrepertoire could not be determined.

Administrator response: Ensure the name of the SSLrepertoire is specified correctly and that it is configuredat cell or node scope.

CTGSD1209E The format, %s , of key file, %s , ofSSL repertoire, %s , is not recognized.

Explanation: The format specified in the WebSphereAppplication Server configuration for the specified keyfile is not recognized by the program.


CTGSD1210E The %s command failed with exitcode %d:%s

Explanation: An executed command terminatedindicating failure. The exit code of the command andthe output of the command are logged in the message.

Administrator response: The exit code of thecommand and the command's output should beexamined to determine the cause of the error and theappropriate action to take.





CTGSI0301E Initialization of the session managementserver failed.

Explanation: The session management server wasunable to initialize and cannot function until the causeof the failure is corrected.

Administrator response: Inspect the application server

log files for details, take any necessary correctiveaction, and restart the session management server.

CTGSI0302W The client is not registered with thesession management server.

Explanation: The client is not registered with thesession management server. Clients must register beforeperforming any operations.


CTGSI0303E The client is not authorized to performthe requested operation.

Explanation: The client attempted to perform anoperation that it is not authorized to perform.

Administrator response: If the client is expected to beauthorized to perform the requested operation thencorrect the security policy that applies to the sessionmanagement server.

CTGSI0304W The concurrent session limit for theuser has been reached.

Explanation: The attempt to create a new session forthe user failed because creating another session wouldexceed the concurrent session limit for the user.


CTGSI0305W The client attempted to create asession with a session ID that is alreadyin use.

Explanation: The session ID specified for the newsession already exists in the shared session cache. Theclient must choose a new ID for the session.


CTGSI0306E The client attempted to use a replica set

that does not exist in the sessionmanagement server configuration.

Explanation: The client attempted to use a replica setthat has not been specified in the session managementserver configuration. All replica set names must bespecified in the session management serverconfiguration.

Administrator response: Verify the client'sconfiguration specifies all replica set names correctlyand the session management server's configuration

includes all any necessary replica sets.

CTGSI0307E The client attempted to perform anoperation on a replica set that it has notjoined.

Explanation: When clients connect to the sessionmanagement server they must specify the names of allreplica sets they will use. This error indicates a clienthas not done so.

Administrator response: Verify the client is correctlyconfigured.

CTGSI0308E The client attempted to create or modifya session such that its concurrentsession key would not be valid.

Explanation: Sessions stored by the sessionmanagement server can include session data itemsindicating the concurrent session key. Either all of thesesession data items must be present and valid, or none

of them. This error indicates that some, but not all, of the session data items were present.

Administrator response: This error indicates aproblem with the configuration of the client or aprogramming error. Examine the sections of the clientconfiguration relating to concurrent session limits andsession displacement. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0309W The client's version of the session isout of date.

Explanation: The client issued a session modificationrequest based on an out of date version of the session.The client must retrieve the current version of thesession and retry the request.


CTGSI0310W The client specified a capability maskthat does not match the active capabilitymask.

Explanation: The client specified a capability maskthat does not match the active capability mask. The

client will not be able to register until the sessionmanagement server is restarted and initialized with amatching capability mask.

Administrator response: Ensure all clients accessingthe session management server are compatible with theversion of the session management server. It may benecessary to restart the session management server andall active clients to correct this condition. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0301E • CTGSI0310W




CTGSI0311E The session management server wasunable to generate a new key.

Explanation: The session management server wasunable to generate a new key.

Administrator response: Examine the sessionmanagement server logs for further details. It may be

necessary to restart the session management servercompletely to correct this condition.

CTGSI0312W The session was not found.

Explanation: The session management server wasunable to find a session with the session ID specified

by the client.


CTGSI0313E A parameter value was not valid.

Explanation: The client specified a parameter value

that was not valid to the session management server.Administrator response: If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0314E The specified client instance ID hasalready been registered by anotherclient.

Explanation: Each client that makes use of the sessionmanagement server must register a unique instance ID.This message indicates a client attempted to use aninstance ID that another client had already registered.

Administrator response: Restart the client. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0315E The session management serverencountered an error and was unable tocomplete the operation.

Explanation: While processing the client's request, thesession management server encountered an error thatprevented it from completing the operation.

Administrator response: Inspect the sessionmanagement server logs to identify the nature andcause of the error. Take any necessary correctivemeasures. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0316E The client attempted to register using anactive client name from a different IPaddress than was used to register theactive instance.

Explanation: The client attempted to register using anactive client name from a different IP address than wasused to register the active instance.

Administrator response: Inspect the client'sconfiguration to ensure each client uses a uniquereplica name. The session management server logsindicate the IP addresses of the clients using the sameclient name. If the IP address of the client has recentlychanged, wait until the session management serverexpires the previous registration before restarting theclient. The amount of time to wait is controlled by thesession management server's client idle timeoutconfiguration parameter.

CTGSI0317W The client attempted an idle timeout

operation but the capabilities requiredto support idle timeouts have not beenenabled.

Explanation: The first client to start-up requested a setof capabilities from the session management server thatdid not include the session interest list capability. Thiscapability is required to support idle timeout of sessions.

Administrator response: Examine any clientconfiguration options relating to session managementserver capabilities. To change the active set of capabilities, all clients must be shut-down, and thesession management server restarted. If the problem


CTGSI0319E The client issued a change sessionrequest with no session data changes.

Explanation: The client issued a change sessionrequest with no session data changes.


CTGSI0320E The interface version requested by theclient is not supported by this server.

Explanation: The interface version requested by theclient is not supported by this server.

Administrator response: Ensure the versions of clientsoftware and server software are compatible.

CTGSI0311E • CTGSI0320E




CTGSI0321W The session management serverdetected a conflict resulting fromreplication of the changes.

Explanation: The session management server detecteda conflict resulting from replication of the changes.


CTGSI0322E An invalid request parameter waspassed to the session administrationinterface.

Explanation: An invalid request parameter was passedto the session administration interface.

Administrator response: Retry the operationspecifying valid parameters. Consult the IBM SecurityAccess Manager Shared Session Administration Guidefor information about valid request parameters.

CTGSI0323E An unrecognized administration

operation was passed to the sessionmanagement server's administrationinterface.

Explanation: The session management server'sadministration interface can only handle known requesttypes from its clients. An unrecognized request typewas sent from a client.

Administrator response: Ensure the requestedadministration operation is currently enabled and thatthe version of the client software in use is supported bythis version of the session management server.

CTGSI0324E The request from the client requires acapability of the session managementserver that is not enabled by the sessionmanagement server.

Explanation: The request from the client requires acapability of the session management server that is notenabled by the session management server.


CTGSI0325E The client attempted to use a sessionrealm that does not exist in the sessionmanagement server configuration.

Explanation: The client attempted to use a sessionrealm that does not exist in the session managementserver configuration. All session realm names must bespecified in the session management serverconfiguration.

Administrator response: Retry the operationspecifying a defined session realm.

CTGSI0327W The session management server wasnot able to replicate the changes acrossthe cluster.

Explanation: The session management server was notable to replicate the changes resulting from the requestacross the cluster.

Administrator response: Check the sessionmanagement server logs for more informationconcerning this error. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0328E Authentication failed. You have used aninvalid user name or password.

Explanation: An invalid user name or password wassupplied.

Administrator response: Check your authentication

information and try again.

CTGSI0329E Authentication failed. The accountassociated with the user has expired.

Explanation: The users account has expired.

Administrator response: Contact your systemadministrator to have the account reactivated.

CTGSI0330E Authentication failed. The credentialassociated with the user has expired.

Explanation: The user's credential has expired. Thiserror might indicate that the user's password hasexpired.

Administrator response: Contact your systemadministrator to renew the users credential.

CTGSI0331W The session limit for this sessionrealm has been reached.

Explanation: The attempt to create a new session forthe user failed because creating another session wouldexceed the session limit for the session realm.


CTGSM0301E The new instance, %s , of the client,%s , could not be stored.

Explanation: The session management server wasunable to store the details of the client.

Administrator response: Examine the log for furtherdetailed messages regarding the error, take anynecessary corrective action, and restart the client. Itmay also be necessary to restart the sessionmanagement server.

CTGSI0321W • CTGSM0301E




CTGSM0303E The list of keys stored in the sessionlist store, %s , for the replica set, %s ,could not be retrieved.

Explanation: The session management server wasunable to retrieve the list of keys stored in the givensession list.

Administrator response: Examine the log for earliermessages regarding this error and take any necessarycorrective action. If the problem persists, restart thesession management server.

CTGSM0304E The session, %s , in the replica set,%s , does not have a concurrent sessionkey.

Explanation: Every session must include the data itemused as the key for maintaining concurrent sessioncounts. A session was either created without the dataitem, or the data item was removed as part of a sessionupdate.


CTGSM0305E The session, %s , in replica set, %s ,could not be stored.

Explanation: A session could not be stored in thesession cache.

Administrator response: Examine the log for othermessages regarding the error and take any necessarycorrective action. The error might indicate resourceexhaustion.

CTGSM0306W The session management server hasrejected a session modification requestfrom the client, %s , for the session, %s ,in the replica set, %s , based on anoutdated version of the session. Theclient has version number %s , while %sis the current version number.

Explanation: A client has issued a session updaterequest based on an outdated version of the session.The request has been rejected.

Administrator response: This condition cansometimes occur during normal operation of thesession management server. The client can correct thecondition by first requesting the current version of thesession, and then re-issuing the update request basedon that version. This error could also indicate aproblem with the client.

CTGSM0310W The client, %s , is not registered.

Explanation: The client attempted the perform anoperation without first registering with the sessionmanagement server.


CTGSM0311W Returning result: %s (code: 0x%s).

Explanation: The specified result is being returned tothe client. This message is usually only logged when anerror result is returned.

Administrator response: If the result indicates anerror has occurred, examine the log for further detailsand take any necessary corrective action.

CTGSM0312E A new instance of the client, %s , hasattempted to start-up. The existinginstance ID is %s , with the client ID of%s. The second instance ID is %s , with

IP address %s.

Explanation: A replica attempted to register with thesession management server using a replica name thatwas already active, and its client ID was different tothat used to register the active instance. The replica'sregistration was denied by the session managementserver.

Administrator response: This message indicates tworeplicas are configured with the same replica name, and

both are attempting to register with the sessionmanagement server. If this message coincides with aplanned client ID change for a replica machine, thereplica cannot be restarted until its previous instance isexpired. Otherwise, examine the configuration on themachines with the client ID's given to determinewhether they have been configured to use the samereplica name. If so, change the replica name on onemachine. It may be necessary to explicitly configure thereplica name on both machines to avoid a conflict.

CTGSM0316E Single sign-on was requested insession realm, %s , but there is no singlesign-on mapping configured.

Explanation: A client requested a session be createdusing single sign-on within a session realm, but the

session management server configuration does notspecify a single sign-on mapping for the session realm.

Administrator response: Modify the sessionmanagement server configuration so it specifies a singlesign-on mapping to use within the session realm. Thesession management server must be restarted for thischange to take effect.

CTGSM0303E • CTGSM0316E




CTGSM0317E An error occurred during statisticsgathering setup: %s.

Explanation: An error occurred during statisticsgathering setup. Statistics will not be recorded until theerror is corrected and the session management serverapplication is restarted.

Administrator response: Examine this and earlier logmessages for more information regarding the error.Once the error has been corrected, restart the sessionmanagement server.

CTGSM0318E Initialization of the event timer class,%s , failed: %s

Explanation: The session management server usesdifferent event timer classes in different runtimeenvironments. This message indicates the event timerclass for this environment is not available. The sessionmanagement server will not function without an eventtimer.


CTGSM0319E The database, %s , could not beopened.

Explanation: The database may not exist or may haveother problems.


CTGSM0321E The event does not specify a session.

Explanation: The event may be corrupt or incorrectlycreated because it does not specify a session.


CTGSM0322E The session management server could

not copy the file %s to %s: %sExplanation: The session management server couldnot copy a file.

Administrator response: Examine the error messagefor more information on the error. Restart the sessionmanagement server application to retry the operation.If the problem persists, check IBM Electronic Supportfor additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0323E The administration interface version,%s , requested by the client is notsupported by the server. The serversupports the following versions of theadministration interface: %s.

Explanation: The interface version requested by theclient is not supported by this server.

Administrator response: Ensure the versions of clientsoftware and server software are compatible.

CTGSM0324W J2EE security is disabled for thisapplication server. No security checkswill be performed by the sessionmanagement server administrationinterface.

Explanation: The session management serveradministration interface security depends on J2EEsecurity being enabled in the application server.

Administrator response: If security is required for thesession management server administration interfacethen enable J2EE security and restart the applicationserver.

CTGSM0325E Unable to retrieve message text formessage code {0}.

Explanation: The message text for the specifiedmessage code could not be retrieved.

Administrator response: Verify the files that make upthe session management server application are presentin the WebSphere application server installedapplications directory. The session management serverwill not function correctly until this problem iscorrected. It may be necessary to reinstall the sessionmanagement server application to correct this problem.

CTGSM0326E The file, %s , could not be deleted.

Explanation: A file could not be deleted.

Administrator response: Check that the file system iswritable, and that the file system permissions allow thefile to be deleted.

CTGSM0327E An error occurred during

initialization of the class, %s , specifiedby property, %s: %s

Explanation: An error occurred during initialization of an event handler class.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. The session managementserver application must be restarted.





CTGSM0328E An error occurred while replicatingsession management server data: %s

Explanation: An error occurred while replicatingsession management server data. This error mayindicate communication problems between clustermembers.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. It may be necessary torestart the session management server application. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0329E The session management server wasnot able to replicate an operation on thekey, %s , in the map, %s .

Explanation: The session management server was not

able to replicate an operation on an entry in a storagemap to other nodes in the cluster. The client issuing therequest that resulted in the operation will be notified of the failure.

Administrator response: Check that all WebSpherecluster members are running correctly, and that thenetwork connections between each node arefunctioning. Multiple instances of this error mayindicate resource starvation or server availabilityproblems. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0330E The session management serverinstance was not able to establishcommunication with other instances inthe cluster: %s.

Explanation: The session management server instancewas not able to establish communication with otherinstances in the cluster.

Administrator response: Restart the server on whichthis instance of the session management server runs. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0332E The session management server wasnot able to obtain a cluster-wide lock onthe item, %s : %s

Explanation: The session management server was notable to obtain a cluster-wide lock on a data item inorder to update it.

Administrator response: Check that all WebSpherecluster members are running correctly, and that the

network connections between each node arefunctioning. Multiple instances of this error mayindicate resource starvation or server availabilityproblems. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0333E The session management server wasnot able to release a lock on the item,%s: %s

Explanation: The session management server was notable to release a cluster-wide lock on a data item afterupdating it.

Administrator response: Check that all WebSpherecluster members are running correctly, and that thenetwork connections between each node arefunctioning. Multiple instances of this error mayindicate resource starvation or server availabilityproblems. If the problem persists, check IBM Electronic


CTGSM0334E Transfer of existing sessionmanagement server data to a newinstance, %s , failed: %s.

Explanation: Transfer of existing session managementserver data to a new instance failed. The new instancewill not process requests until it is restarted.

Administrator response: Restart the server on whichthe new instance runs. If the problem persists, check


CTGSM0335E An error occurred while receivingsession management server data fromanother instance: %s

Explanation: An error occurred while receivingsession management server data. This error mayindicate communication problems between clustermembers.

Administrator response: Examine the error message

for information regarding the error and take anynecessary corrective action. It may be necessary torestart the session management server application. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman





CTGSM0336E The replication operation messagewas badly formed.

Explanation: A replication operation message, used totransfer data between session management serverinstances, was badly formed.

Administrator response: This message indicates a

serious problem relating to session management serverdata replication. Restart the session management serverapplication. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0337E Initialization of the event workerclass, %s , failed: %s

Explanation: The session management server usesdifferent event worker classes in different runtimeenvironments. This message indicates the event workerclass for this environment is not available.


CTGSM0450E An SQL error has occurred: %s (SQLerror code: %s , SQL state: %s).

Explanation: The session management server hasencountered an SQL error during a database operation.

Administrator response: This message may indicateresource starvation problems, such as disk space ormemory exhaustion. Examine the system's resourceusage to see if this is the case. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0451E The JDBC driver could not beinitialized: %s

Explanation: The JDBC driver required to access thesession management server database tables could not

be initialized.

Administrator response: Check the properties of the

JDBC data source configured for use by the sessionmanagement server and restart the sessionmanagement server.

CTGSM0452E The database table, %s , was notfound.

Explanation: One of the session management serverdatabase tables is missing.

Administrator response: Correct the databaseconfiguration and restart the session management

server. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0453E The column, %s , in the databasetable, %s , was not found.

Explanation: A column in one of the sessionmanagement server database tables is missing.

Administrator response: Correct the databaseconfiguration and restart the session managementserver. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0454E The column, %s , in the databasetable, %s , has the wrong type. Theexpected type is %s , but the type in the

database is %s.Explanation: A column in one of the sessionmanagement server database tables has the wrong type.


CTGSM0457E The column, %s , in the databasetable, %s , is not a primary key.

Explanation: A column in one of the sessionmanagement server database tables is not a primarykey.


CTGSM0458E The column, %s , in the databasetable, %s , is not configured to use aforeign key.

Explanation: A column in one of the sessionmanagement server database tables is not configured touse a foreign key.






CTGSM0459E The foreign key column, %s , in thedatabase table, %s , imports its key fromthe table, %s , but it should import fromthe table, %s.

Explanation: A column in one of the sessionmanagement server database tables has amisconfigured foreign key.


CTGSM0460E The foreign key column, %s , in thedatabase table, %s , imports its key fromthe column, %s , but it should importfrom the column, %s.

Explanation: A column in one of the session

management server database tables has amisconfigured foreign key.


CTGSM0461E The foreign key column, %s , in thedatabase table, %s , uses the update rule,%s , but it should use the update rule,%s.



CTGSM0462E The foreign key column, %s , in thedatabase table, %s , uses the delete rule,

%s , but it should use the delete rule, %s.



CTGSM0463E No index was found for the column,%s , in the database table, %s .

Explanation: The database does not contain an indexfor the specified column.

Administrator response: Correct the databaseconfiguration and restart the session management

server. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0464E The JDBC driver could not beinitialized.

Explanation: The JDBC driver required to access thesession management server database tables could not

be initialized.

Administrator response: Check the properties of the JDBC data source configured for use by the session

management server. The session management servermay need to be restarted.

CTGSM0602E The session management server wasnot able to load the class %s : %s.

Explanation: The session management serverconfiguration specifies that it must load the given classfor SSO mapping, session data inspection, or datareplication. The class could not be loaded, for the givenreason.

Administrator response: Verify all class namesspecified in the session management serverconfiguration are spelled correctly, and all necessaryfiles are present in the application's class path.

CTGSM0603E The session management server wasnot able to create an instance of theclass %s: %s.

Explanation: The session management serverencountered an error while trying to instantiate theclass.

Administrator response: Check the class name iscorrect, and the Java security policy allows the sessionmanagement server to instantiate the class, then restartthe application. If the problem persists, check IBM


CTGSM0604E The session management serverconfiguration specifies an illegal valuefor the %s property: %s .

Explanation: The property value must be a positiveinteger, but the configuration file specifies either anon-integer or a negative value.





Administrator response: Modify the configuration fileso a positive integer is specified for the namedproperty, and restart the session management server.

CTGSM0617E An unknown single sign-onmapping, %s , was specified for thesession realm, %s.

Explanation: The single sign-on mapping namespecified in the configuration for a session realm doesnot match any of the configured single sign-onmappings.

Administrator response: Verify the single sign-onmapping name is correctly specified and restart thesession management server.

CTGSM0618E The session management server wasunable to identify the version ofWebSphere application server.

Explanation: The session management server

application needs to identify the application serverversion in order to perform statistics gathering. Thismessage indicates that it was not able to do so.

Administrator response: Ensure you are running thesession management server application on a supportedversion of WebSphere application server. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0619E A Java class name is required to bespecified in the session managementserver configuration by property %s.

Explanation: Each extension specified in the sessionmanagement server configuration must include thename of a Java class implementing the extensionfunctionality. The specified property does not specify aclass name.

Administrator response: Examine the sessionmanagement server configuration. Verify all extensionnames and property names are specified correctly, andeach extension configuration includes the correct Javaclass name. Restart the session management serverapplication.

CTGSM0620E The Java class, %s , specified byproperty, %s , is not a valid sessionmanagement server %s class.

Explanation: The Java class configured for thespecified property name does not an implementation of the expected interface.

Administrator response: Ensure all Java class namesspecified in the session management serverconfiguration are correct. Restart the sessionmanagement server application.

CTGSM0622W The session management server wasunable to read the Tivoli CommonDirectory configuration file: %s

Explanation: The session management server wasunable to read the Tivoli Common Directoryconfiguration file. The Tivoli Common Directory can beused in the logging destination configuration. Any loghandlers configured to use the Tivoli CommonDirectory variable will write to an incorrect locationuntil the problem is corrected.

Administrator response: Verify the Tivoli CommonDirectory configuration file exists and is readable.Restart the session management server once theproblem has been corrected

CTGSM0626E An error occurred while reading theconfiguration file %s: %s

Explanation: An error occurred while attempting toread the configuration file.

Administrator response: Examine the error messageto determine the cause of the problem. Once theproblem has been corrected, restart the sessionmanagement server.

CTGSM0627E An error occurred while writing theconfiguration file %s: %s

Explanation: An error occurred while attempting towrite the configuration file.

Administrator response: Examine the error messageto determine the cause of the problem. Once theproblem has been corrected, restart the sessionmanagement server.

CTGSM0633W The session management server wasunable to access the Windows registry:%s

Explanation: The session management server attemptsto access the Windows registry in order to locate theTivoli Common Directory configuration file and theproduct installation directory. In this case the sessionmanagement server was unable to access the Windowsregistry.

Administrator response: Examine the error message

to determine the cause of the problem. Verify theWebSphere application server configuration includes ashared library definition for the session managementserver registry access library. Check the sessionmanagement server deployment descriptor includes areference to this shared library. If Java 2 security policyis enforced, ensure the session management serverpolicy file includes the permissions required to load theregistry access shared library. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/

CTGSM0617E • CTGSM0633W





CTGSM0634E The session management serverinstallation directory could not bedetermined: %s

Explanation: The session management server wasunable to determine the directory in which it is storedunder the WebSphere application server installapplications directory.

Administrator response: Examine the error messageto determine the cause of the problem. If Java 2security policy is enforced, ensure the sessionmanagement server policy file includes the permissionsrequired to read files in the WebSphere applicationserver configuration directory. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0637W An error was encountered whilereading output from the process, %s: %s

Explanation: An error was encountered while readingoutput from a process run during session managementserver configuration.

Administrator response: No action is necessary. If theconfiguration process failed, not all of the output fromthe process will be available.

CTGSM0638E The command, %s , run duringsession management serverconfiguration has exceeded the timelimit of %s seconds and has beenterminated.

Explanation: A process run during sessionmanagement server configuration has exceeded thetime limit. The process has been terminated, andsession management server configuration will fail as aresult. The captured output from the process will beincluded in a later log message.

Administrator response: Examine the output from theprocess, which is included in a later log message, todetermine the reason the process did not complete

within the time limit. Restart the session managementserver to retry the configuration process. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0639E An error was encountered whileattempting to execute the command, %s ,during session management serverconfiguration: %s

Explanation: An error was encountered whileattempting to execute a process during sessionmanagement server configuration.

Administrator response: Examine the error messageto determine the cause of the problem. Restart thesession management server application to retry theconfiguration process. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0640E The directory, %s , could not becreated.

Explanation: A directory could not be created.

Administrator response: Check that the file system iswritable and has sufficient free space, and that the filesystem permissions allow the directory to be created.

CTGSM0641E An error was encountered whileconfiguring the Tivoli CommonDirectory: %s

Explanation: An error was encountered whileconfiguring the Tivoli Common Directory.

Administrator response: Examine the error messageto determine the cause of the error. Restart the sessionmanagement server application to retry theconfiguration process. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0642E Activation of the session managementserver configuration MBean failed: %s

Explanation: Activation of the session managementserver configuration MBean failed.

Administrator response: Examine the error messageto determine the cause of the error. It may be necessaryto restart the WebSphere application server deploymentmanager to correct the problem.

CTGSM0644E The session management serverconfiguration application could notcreate a new WebSphere applicationserver SSL configuration: %s

Explanation: The session management server couldnot create a new WebSphere application server SSLconfiguration.

Administrator response: Examine the error messageto determine the cause of the error. Run the session





management server configuration program again toretry the operation. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0645E The session management server

configuration application could notremove the WebSphere applicationserver SSL configuration, %s : %s

Explanation: The session management serverconfiguration application could not remove theWebSphere application server SSL configuration.

Administrator response: Examine the error messageto determine the cause of the error. Attempt to removethe SSL configuration manually through the WebSphereapplication server administration console. Run thesession management server configuration programagain to retry the operation. If the problem persists,check IBM Electronic Support for additional


CTGSM0648E Failed to access the WebSphereapplication server configuration service.

Explanation: The session management server couldnot access the WebSphere application serverconfiguration service in order to complete itsconfiguration.



CTGSM0649E Failed to locate the WebSphereapplication server securityconfiguration.

Explanation: The session management server couldnot locate the WebSphere application server securityconfiguration in order to complete its configuration.



CTGSM0651W An error occurred while parsing theWebSphere application serverconfiguration: %s

Explanation: An error occurred while parsing theWebSphere application server configuration. Thelogging for the Session management server may notfunction correctly until the problem is resolved.

Administrator response: The message showndescribes the error condition that occurred. Take the

appropriate corrective action based on the detailscontained within the message.

CTGSM0652E An error occurred while retrievingthe list of applications installed on theWebSphere application server: %s

Explanation: An error occurred while retrieving thelist of applications installed on the WebSphereapplication server. The session management serverconfiguration application will not function correctlyuntil the problem is resolved.

Administrator response: The message showndescribes the error condition that occurred. Take theappropriate corrective action based on the detailscontained within the message.

CTGSM0653E An error occurred while parsing theconfiguration of the application, %s : %s

Explanation: An error occurred while parsing the

configuration of the named application. The sessionmanagement server configuration application will notfunction correctly until the problem is resolved.

Administrator response: The message showndescribes the error condition that occurred. Take theappropriate corrective action based on the detailscontained within the message.

CTGSM0654E An error occurred while attempting torestart the application, %s: %s

Explanation: An error occurred while attempting torestart the named application.

Administrator response: The message showndescribes the error condition that occurred. Take theappropriate corrective action based on the detailscontained within the message. The session managementserver configuration process will not proceed until thesession management server application is restarted. If the session management server application is restartedmanually, the configuration process will proceed, butthe results will not be reported to the configurationprogram.

CTGSM0659E The deployment descriptor for thesession management server application

could not be located.

Explanation: The deployment descriptor for thesession management server application could not belocated.






CTGSM0663E The session management server wasnot able to create an instance of theclass %s.

Explanation: The session management serverencountered an error while trying to instantiate theclass.

Administrator response: Examine the log for earliermessages indicating why the class could not beinstantiated. Check the class name is correct, and the

Java security policy allows the session managementserver to instantiate the class, then restart theapplication. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0666E The specified configuration session isnot active.

Explanation: The specified configuration session is not

active. This may mean that the target sessionmanagement server instance has been restarted, or thatthe configuration session has been displaced by anewer session.

Administrator response: Retry the configurationaction.

CTGSM0667E The session management server wasnot able to lock the distributedconfiguration: %s

Explanation: Before updating its configuration, thesession management server first locks the configuration

to protect against concurrent updates. This failure mayindicate there are communication problems between theWebSphere application servers hosting the sessionmanagement server.

Administrator response: Examine the detailed errormessage and previous entries in the WebSphereapplication server logs for more information about theerror.

CTGSM0668E The session management server wasnot able to unlock the distributedconfiguration: %s

Explanation: Before updating its configuration, thesession management server first locks the configurationto protect against concurrent updates. This failure mayindicate there are communication problems between theWebSphere application servers hosting the sessionmanagement server.


CTGSM0669E The session management server wasnot able to retrieve the configurationstate from other instances in the cluster:%s

Explanation: This may indicate there arecommunication problems between the WebSphereapplication servers hosting the session managementserver.


CTGSM0670E The session management server wasnot able to distribute the updatedconfiguration across the cluster: %s

Explanation: The session management server was notable to distribute the updated configuration to otherinstances in the cluster. This may indicate that there are

communication problems between the WebSphereapplication servers hosting the session managementserver. Unless this problem is corrected, futureconfiguration operations may operate on an outdatedversion of the configuration.

Administrator response: Examine the detailed errormessage and previous entries in the WebSphereapplication server logs for more information about theerror. It may be necessary to restart the applicationserver instance that logged this message.

CTGSM0671E The session management server wasnot able to distribute configuration

result information across the cluster: %s

Explanation: The session management server was notable to distribute the updated configuration to otherinstances in the cluster. This may indicate that there arecommunication problems between the WebSphereapplication servers hosting the session managementserver.

Administrator response: Examine the detailed errormessage and previous entries in the WebSphereapplication server logs for more information about theerror. It may be necessary to restart the applicationserver instance that logged this message.

CTGSM0672E The new configuration is based on aprevious version of the configuration.The current configuration is version %dand the new configuration is version%d.

Explanation: An update to the session managementserver configuration has a version number older thanor equal to that of the current configuration.

Administrator response: Retry the configurationoperation.





CTGSM0673E A component with the name %salready exists in the %s component set.

Explanation: An attempt was made to add acomponent to a set using a name already present inthat component set.

Administrator response: Retry the operation using a

different name for the component.

CTGSM0674E The component %s from componentset %s failed to initialize: %s

Explanation: An SMS component failed to initialize.The component will not be available until the problemis fixed. This may make the session management serverunavailable until the problem is fixed.

Administrator response: Examine the error messagefor details of the failure. It may be necessary toreconfigure or restart the session management server.

CTGSM0675E The component %s was not found inthe component set %s .

Explanation: The specified component does not existin the configuration.

Administrator response: Check the component nameand retry the configuration operation.

CTGSM0676E An unknown configurationcomponent set identifier, %d , wasspecified.

Explanation: The configuration component setspecified does not match any of the known componentsets.

Administrator response: Check the component setidentifier and retry the configuration operation.

CTGSM0677E The session realm, %s , cannot beremoved because it still contains replicasets.

Explanation: Session realms cannot be removed whilethey still contain replica sets.

Administrator response: Remove the replica sets thatare still in the session realm before removing the

session realm.

CTGSM0678E An unknown session realm name, %s ,is specified in the configuration for thereplica set, %s.

Explanation: The configuration for the replica setspecifies a session realm name that does not match anyconfigured session realm.

Administrator response: Check the session realmname for the replica set. Either create a session realm

matching the name specified in the replica setconfiguration or change the replica set configuration tomatch an existing session realm. The replica set will not

be available until the problem is corrected.

CTGSM0679E An attempt to process an SMS eventfailed: %s.

Explanation: The session management serverencountered an error while trying to process an event.

Administrator response: Examine the log for othermessages relating to this error, and take any necessarycorrective action. If the problem persists, restart thesession management server.

CTGSM0750E The SecureRandom algorithm, %s ,could not be loaded: %s

Explanation: The SecureRandom algorithm specifiedin the session management server configuration couldnot be loaded.

Administrator response: Verify the SecureRandomalgorithm specified in the session management serverconfiguration is correct, and restart the application.

CTGSM0751E The SecureRandom provider, %s , wasnot found: %s

Explanation: The SecureRandom provider specified inthe session management server configuration could not

be found.

Administrator response: Verify the SecureRandomprovider specified in the session management serverconfiguration is correct, and restart the application.

CTGSM0752E The session management server wasunable to determine the current keydetails.

Explanation: The session management server wasunable to determine the current key details. The keyinformation may have become corrupted.

Administrator response: Request a change of keyusing the administration interface. If the problempersists, restart the session management server.

CTGSM0753E The session management server wasunable to find the key with ID: %s.

Explanation: The session management server wasunable to find the key. The key information may have

become corrupted.

Administrator response: Request a change of keyusing the administration interface. If the problempersists, restart the session management server.





CTGSM0754E An error occurred while updating thekey distribution information. Theparameter, %s , could not be associatedwith the value: %s.

Explanation: While updating the key distributioninformation, the session management serverencountered an error.

Administrator response: Examine the log for othermessages relating to this error, and take any necessarycorrective action. Request a key change using theadministration interface. If the problem persists, restartthe session management server.

CTGSM0755W An error occurred while updatingthe key distribution information. Theexpired key, %s , could not be removed.

Explanation: While updating the key distributioninformation, the session management serverencountered an error. This condition does not effect the

operation of the session management server, but it mayindicate future errors.

Administrator response: Examine the log for othermessages relating to this error, and take any necessarycorrective action. Unless the other messages indicate aserious problem, it is not necessary to request a newkey or restart the session management server.

CTGSM0901E The session management server wasnot able to initialize the IBM SecurityAccess Manager Runtime for Java: %s

Explanation: The session management server must

initialize the IBM Security Access Manager Runtime for Java. This message indicates the initialization failed

Administrator response: Examine this and earlier logmessages for information regarding the error and takeany necessary corrective action. Verify the IBM SecurityAccess Manager Runtime for Java configuration URL isspecified correctly. The session management serverapplication must be restarted.

CTGSM0902W An error occurred while accessing aIBM Security Access Managercredential: %s

Explanation: An error occurred while accessing a IBMSecurity Access Manager credential.

Administrator response: Examine the error messagefor specific details of the error. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0903W The session, %s , does not contain aIBM Security Access Managercredential.

Explanation: The identified session does not contain aIBM Security Access Manager credential. Allauthenticated sessions stored in the sessionmanagement server must contain a credential.


CTGSM0904E A configuration value required toconfigure the IBM Security AccessManager Runtime for Java is missing:%s.

Explanation: One of the configuration values requiredto configure the IBM Security Access Manager Runtimefor Java is missing.


CTGSM0905E Configuration of the IBM SecurityAccess Manager Runtime for Java failed:%s

Explanation: Configuration of the IBM Security AccessManager Runtime for Java has failed.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. Verify that the IBM SecurityAccess Manager policy server and the user registryserver are available. The session management serverapplication must be restarted.

CTGSM0906E Unconfiguration of the IBM SecurityAccess Manager Runtime for Java failed:%s

Explanation: Unconfiguration of the IBM SecurityAccess Manager Runtime for Java has failed.

Administrator response: Examine the error messagefor information regarding the error and take any

necessary corrective action. Verify that the IBM SecurityAccess Manager policy server and the user registryserver are available. The session management serverapplication must be restarted.

CTGSM0907E An error was encountered whilecreating the key and trust store filesused to authenticate clients of thesession management server: %s

Explanation: An error was encountered while creatingthe key and trust store files used to authenticate clients





of the session management server.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. Verify that the necessary

Java security providers are available. The sessionmanagement server application must be restarted.

CTGSM0908E IBM Security Access Managerintegration has not been enabled for thesession management server.

Explanation: A Security Access Manager configurationoperation was requested, but Security Access Managerintegration has not been enabled.

Administrator response: Enable Security AccessManager integration before attempting further SecurityAccess Manager configuration.

CTGSM0909E The IBM Security Access ManagerRuntime for Java is not currently

available.

Explanation: The IBM Security Access ManagerRuntime for Java is not currently available.

Administrator response: Examine earlier log messagesto determine the cause of the problem. This mayindicate a problem with the IBM Security AccessManager policy server. The session management servermay need to be restarted.

CTGSM0910W The session, %s , does not contain auser UUID.

Explanation: The identified session does not contain auser UUID. This information is required for therecording of last login information. The informationshould be supplied either as session data, or as a partof a IBM Security Access Manager credential.


CTGSM1050E Multiple values for the %s attributeof the %s session management serveradministration interface request were

specified but no more than one valuemay be specified.

Explanation: The client sent multiple values for theindicated request attribute but the attribute may onlyhave a single value.

Administrator response: Ensure the version of theclient software in use is supported by this version of the session management server.

CTGSM1051E The %s attribute of the %s sessionmanagement server administrationinterface request must be an integervalue - the %s value cannot be parsed asan integer.

Explanation: The specified request attribute must bean integer but the value provided by the client cannot

be parsed as an integer value.


CTGSM1052E The %s attribute of the %s sessionmanagement server administrationinterface request has a lower bound of%s - the value %s is too low.

Explanation: The client specified a value for thespecified request attribute that is less than theidentified attribute's minimum valid value.


CTGSM1053E The %s attribute of the %s sessionmanagement server administrationinterface request has an upper bound of%s - the value %s is too high.

Explanation: The client specified a value for thespecified request attribute that is greater than theidentified attribute's maximum valid value.


CTGSM1054E The required %s attribute of the %ssession management serveradministration interface request was notprovided by the client.

Explanation: A required request attribute was not sent by the session management server administrationinterface client.

Administrator response: Ensure the version of theclient software in use is supported by this version of

the session management server.

CTGSM1055E The value (%s) of the %s attribute ofthe %s session management serveradministration interface request couldnot be processed. Error: %s.

Explanation: The indicated value of the indicatedattribute is not valid when specified as part of theindicated session management server administrationinterface request.






CTGSM1059E The session realm %s specified in a%s request of the session management

server's administration interface is notrecognized by the session managementserver.

Explanation: The request from the client specified anundefined session realm name.

Administrator response: Retry the operationspecifying a defined session realm name.

CTGSM1060E The %s request failed with error: %s

Explanation: The request from the client could not beexecuted.

Administrator response: Examine the log for furtherdetailed messages regarding the error and take anynecessary corrective action.

CTGSM1061E The %s request caused an exception:%sException stack trace:%s

Explanation: The request from the client caused theindicated exception.


CTGSM1062E No HTTP request for administrationservice authorization.

Explanation: The HTTP request object could not beaccessed while authorizing an administration serviceoperation.


CTGSM1063E The user %s is not permitted to

delegate access to the administrationservice.

Explanation: The identified user is not permitted todelegate access to the administration service.

Administrator response: If the identified user isexpected to be able to delegate access to theadministration service ensure they have thesms-delegator role.

CTGSM1064E Unable to authorize access for the %soperation requiring the %s role for user%s delegated by user %s.

Explanation: Authorization of a user for this operationhas failed. For further detailed information about thefailure examine earlier messages in the log containingthis message. Correct any problems and retry theoperation.

Administrator response: Examine the log containingthis message for more information describing the errorthat occurred and take the appropriate correctiveaction.

CTGSM1065E Authorization of user %s for role %sfailed. %s exception: %s

Explanation: The specified exception occurred whileattempting to authorize the user for the role.

Administrator response: The message shown

describes the error condition that occurred. Take theappropriate corrective action.

CTGSM1066E The administration request type, %s ,cannot be handled by class, %s , asspecified by handler, %s , as it is alreadyconfigured to be handled by the class,%s.

Explanation: The session management serveradministration requests may only be configured to behandled by one handler. This message indicates that asingle request type is configured to be handled by morethan one handler.

Administrator response: Ensure the sessionmanagement server administration request handlers areconfigured correctly and restart the application.

CTGSM1067E Failed to locate the DSessAdminrequest dispatcher.

Explanation: The request from the client could not beexecuted.


CTGSM1363E Validation of the last logininformation database table failed.

Explanation: The last login information database tablehas not been correctly created.

Administrator response: Refer to earlier log messagesregarding the creation of the last login informationdatabase table. Check that the table exists in thedatabase. It may be necessary to modify the tablemanually to allow the table validation to succeed.





CTGSM1369E An error occurred while installing acomponent into the WebSphereapplication server runtime. The file, %s ,could not be copied to the targetlocation, %s .

Explanation: An error occurred while installing acomponent into the WebSphere application serverruntime.

Administrator response: Check that the permissionson the target directory permit the file to be copied andthat there is sufficient disk space. The file may also becopied into place manually. Restart the sessionmanagement server application.

CTGSM1500W The host name of this machine couldnot be determined.

Explanation: The host name of the machine on whichthe session management server is running could not bedetermined.

Administrator response: Check that the system hostname and network devices have been configuredcorrectly. Restart the session management serverapplication.

CTGSM1501E User information is required to reportan audit event but no sessioninformation is available.

Explanation: User information is required to report anaudit event but no session information is available.


CTGSM1505W The session creation time, %s , is inthe future. Check time synchronizationbetween SMS and client %s.

Explanation: The session creation timestampassociated with the session being terminated is laterthan the current time. This indicates clock skew

between the SMS and the client that created thesession.

Administrator response: Synchronize the clocks of the

SMS system and its clients and restart the SMS.

CTGSM1506E The auditing emitter configurationhas been set to debug mode. Events willnot be sent to a CARS emitter, they willbe written to the log file.

Explanation: The auditing emitter configuration has been set to debug mode. Events will not be sent to aCARS emitter, they will be written to the log file.


CTGSM1507E The CARS Security Event Factoryreported an error while constructing anevent: %s

Explanation: The common audit reporting service(CARS) Security Event Factory reported an error whileconstructing an event for the reported reason.

Administrator response: Examine the reason for thefailure and take any necessary corrective action.

CTGSM1509E The CARS emitter reported an errorwhile sending an event: %s

Explanation: The common audit reporting service(CARS) emitter reported an error while sending anevent for the reported reason.


CTGSM1514E The common audit and reporting

service (CARS) encountered a severeerror when initializing: Error: %s , cause:%sError stack trace:%sCause stacktrace:%s

Explanation: The common audit and reporting service(CARS) encountered a severe error when initializing.


CTGSM1515E The common auditing serviceencountered a severe error whenshutting down: Error: %s , cause: %sError

stack trace:%sCause stack trace:%s

Explanation: The common auditing serviceencountered a severe error when shutting down.


CTGSM1654E The command line option, %s , is notrecognized.

Explanation: The identified command line option of the smsbackup command is not recognized by thesmsbackup command.

Administrator response: Re-run the smsbackup

command with correct command line options.

CTGSM1655E The %s command line optionrequires an argument.

Explanation: The identified smsbackup command lineoption requires an argument.

Administrator response: Consult the documentationfor the smsbackup command and re-run it specifying avalid argument for the option.





CTGSM1656E The argument to the -list option mustbe a readable file. The value provided,%s , is not a readable file.

Explanation: The value provided for the -list option of the smsbackup command does not identify a readablefile.

Administrator response: Re-run the smsbackupcommand specifying a valid value for the -list option.

CTGSM1657E The file, %s , could not be opened: %s

Explanation: The identified file could not be openedfor the specified reason.

Administrator response: Ensure that the name of thefile is correct, that it exists and is that it is readable.

CTGSM1658W Line %s of the list file %s , %s ,cannot be interpreted.

Explanation: Not all of the contents of the filespecified by the -list option could be interpretedcorrectly.

Administrator response: Ensure the list file name isspecified correctly and that the contents of the file arenot corrupt.

CTGSM1659E The file, %s , could not be backed up:%s

Explanation: The file was indicated to be backed up by the list file and does exist but could not be backedfor the reason indicated by the exception shown.

Administrator response: Ensure that all files requiredto be backed up are accessible to the smsbackupprogram.

CTGSM1660E The command, %s , could not beexecuted: %s

Explanation: The command was indicated to beexecuted by the list file but execution failed for thereason indicated by the exception shown.

Administrator response: Ensure that all programsrequired to be executed are accessible to the smsbackupprogram.

CTGSM1662E The directory, %s , could not becreated: %s

Explanation: The directory specified as the outputpath does not exist and could not be created.

Administrator response: Re-run the smsbackupcommand specifying a different value for -path optionor ensuring that you have permission to create thespecified directory.

CTGSM1663E An error occurred writing to the file,%s: %s

Explanation: The file specified could not be written tofor the reason indicated.

Administrator response: Ensure that the file systemcontaining the file has sufficient space and that the

directory containing the file may be written to.

CTGSM1800E The property, %s , which is requiredto configure the Java client API ismissing.

Explanation: One of the configuration values requiredto configure the Java client API is missing.

Administrator response: Add the property to thesupplied properties object.

CTGSM1801E A configuration value required toconfigure the Java client API is missing:

%s.

Explanation: The specified configuration item has not been supplied to the DSessClientConfig class.

Administrator response: Ensure that the specifiedconfiguration item is passed into the DSessClientConfigclass.

CTGSM1802E The session management interface ofany configured session managementserver could not be accessed.

Explanation: An unsuccessful attempt has been madeto communicate with the session management interfaceof each configured session management server.

Administrator response: Ensure the sessionmanagement interface of at least one configured sessionmanagement server is available and can be reached bythe client. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM1803E An internal error occurred within the Java client API: %s .

Explanation: An internal error occurred within the

Java client API.






CTGSM1804E The MAC algorithm, %s , could not beloaded: %s

Explanation: The MAC algorithm which is used forSession ID generation and validation could not beloaded.



CTGSM1805E The provided session ID, %s , isinvalid.

Explanation: The session ID that was provided to the Java client API failed the cyrpographic check which isused to validate ID's.

Administrator response: The client of the API shoulddisregard the locally cached session and should returnan error back to the client.

CTGSM1806E The provided session ID, %s , wasincorrectly formatted.

Explanation: The session ID that was provided to the Java client API was of an incorrect format.

Administrator response: The client of the API shoulddisregard the locally cached session and should returnan error back to the client.

CTGSM1807E A request was made to send a sessionwhich contained no data to the SMS.

Explanation: The session which was to be sent to theSMS contains no session data.

Administrator response: The client of the API shouldnot be sending any empty sessions to the SMS. Areview of the client code should be conducted.

CTGSM1950E An exception occurred whileperforming a WebSphere eXtreme Scaledata replication operation: %s

Explanation: An exception occurred while performinga WebSphere eXtreme Scale data replication operation.

Administrator response: Examine the details of the

WebSphere eXtreme Scale error to determine the causeand take appropriate action. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM1951E The session management server wasunable to initialize the WebSphereeXtreme Scale data replication service.

Explanation: The session management server wasunable to initialize the WebSphere eXtreme Scale datareplication service.

Administrator response: Examine previous logmessages for more details of the underlying cause of the failure. Once the underlying problem has beencorrected, restart the application server.

CTGSM1952E Initialization of the WebSphereeXtreme Scale data replication servicefailed: %s

Explanation: Initialization of the WebSphere eXtremeScale data replication service failed. The sessionmanagement server will not function until this problemis corrected.

Administrator response: Examine the details of theWebSphere eXtreme Scale error to determine the cause.Once the underlying problem has been corrected,restart the application server. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM1954E An exception occurred during aremote WebSphere eXtreme Scaleoperation on server %s: %s

Explanation: An exception occurred during a

WebSphere eXtreme Scale operation on a remote server.Administrator response: Examine the details of thismessage and the logs on the named server for moreinformation on the cause of the problem and take anyappropriate action.





Chapter 6. Security Access Manager Web Runtime Messages

These messages are provided by the Security Access Manager Web Runtimecomponent.

DPWCA0151E Invalid UNIX group name (%s)

Explanation: See message

Administrator response: Put user in a valid group.

DPWCA0152E Could not change process GID (%s)


Administrator response: Contact support.

DPWCA0153E Could not change process UID (%s)



DPWCA0154E Could not become backgroundprocess (%d)



DPWCA0155W Could not start background process



DPWCA0156E Could not use RPC protocol sequence(%s ,%s ,0x%8.8lx)



DPWCA0157E Could not fetch RPC bindings(0x%8.8lx)



DPWCA0158E Could not release RPC bindings(0x%8.8lx)


Administrator response: Contact Support.

DPWCA0159E Caught signal (%d)



DPWCA0160E Could not create new thread (%d)



DPWCA0161E Could not cancel thread (%d)



DPWCA0162E Could not join thread (%d)



DPWCA0163E Could not set RPC authorizationfunction (0x%8.8lx)



DPWCA0164E Could not setup authentication info(0x%8.8lx)

Explanation: Unable to perform login.

Administrator response: Check login parameters.

DPWCA0165E Could not set server login context(0x%8.8lx)

Explanation: Unable to set the network credentials tothose specified by login context.

Administrator response: Check that networkcredentials are correct.

DPWCA0166E Could not perform network login(%s ,%s ,0x%8.8lx)


Administrator response: Verify that user/password iscorrect.

DPWCA0167E Could not fetch key from keytab file(%s ,%s ,0x%8.8lx)





Administrator response: Check that the keyfile is setup correctly, and the user information is valid.

DPWCA0168E Could not refresh login context(0x%8.8lx)

Explanation: WebSEAL was unable to refresh thelogin based on existing login information.

Administrator response: Check validity of logininformation

DPWCA0169E Could not determine login contextexpiration (0x%8.8lx)


Administrator response: Check validity of logininformation.

DPWCA0170E Could not set RPC interface(0x%8.8lx)


Administrator response: Check interfaces.

DPWCA0171E Could not register RPC endpoints(%s ,0x%8.8lx)


Administrator response: Check endpoints.

DPWCA0172E Could not unregister RPC interface(0x%8.8lx)


Administrator response: Check validity and status of interfaces.

DPWCA0173E Could not export bindings to nameservice (%s ,%s ,0x%8.8lx)


Administrator response: Check status of name service.

DPWCA0174E Could not unregister RPC endpoints(0x%8.8lx)


Administrator response: Check validity and status of endpoints.

DPWCA0175E Could not unexport bindings fromname service (%s ,0x%8.8lx)


Administrator response: Check validity of interfacesand name service.

DPWCA0176E Malloc failure (0x%8.8lx)


Administrator response: Check status of memory onthe system.

DPWCA0177E This CDAS does not support thisauthentication style: (%d)


Administrator response: Check validity of authentication style

DPWCA0178E General CDAS (Cross DomainAuthentication Service) failure (%s ,0x%8.8lx)


Administrator response: See message.

DPWCA0179E Pthread error occurred: %d


Administrator response: Check system resources.

DPWCA0180E An invalid rule was supplied: %s

Explanation: An invalid rule was retrieved from therules file.

Administrator response: Correct the rule within thespecified rules file.

DPWCA0181E No rules were found in the rules file

Explanation: No valid rules were found in the rulesfile.

Administrator response: Add a valid rule to the rulesfile, or specify a different rules file.

DPWCA0182W The cache entries have exceeded themaximum cache size.

Explanation: The cache has reached its configuredlimit.

Administrator response: Increase the permitted size of

the cache.

DPWCA0300E API internal error: (%s , %d)



DPWCA0168E • DPWCA0300E




DPWCA0301W A timeout occurred while waitingfor authentication information from %s.

Explanation: A requested authentication operationrequired further authentication information. Thisinformation was not received in a timely fashion.


DPWCA0458E malloc() failure

Explanation: The application was unable to allocatethe required memory.

Administrator response: Ensure that there is enoughsystem memory.

DPWCA0751E There is no user authenticationinformation available.

Explanation: The user did not provide theirinformation for authentication

Administrator response: Check user information forauthentication

DPWCA0753E Unable to encode certificate data


Administrator response: Verify that xauthn_cert isvalid

DPWCA0754E Failure reading string key or value ofreplacementString from WebSEALconfiguration file.


Administrator response: Ensure the value exists forthe replacementString in the WebSEAL configurationfile.

DPWCA0755E Unable to perform DN mapping.

Explanation: An internal error has occurred. Afunction was called with invalid parameters.


DPWCA0756E Error building replacement string.

Explanation: An error occurred while preparing anLDAP search filter.

Administrator response: Check for other errors in theconfiguration file which may provide more information.If no other errors are found, call support.

DPWCA0757E Failure extracting key-value pairsfrom CERT-DN.

Explanation: An error occurred while parsing the DNfrom a certificate.

Administrator response: Check that the certificate DNis valid.

DPWCA0759E Invalid parameter passed toget_name_value


Administrator response: Call support.

DPWCA0760E Invalid replacement string entryfound

Explanation: The entries in the replacement stringstanza must contain '=' characters.

Administrator response: Check that all entries in thereplacement string stanza contain an equals sign.

DPWCA0761E Out of memory in get_name_valuefunction

Explanation: Memory allocation failed.

Administrator response: Check per process memoryallocation limits.

DPWCA0762E Calloc function could not allocatememory



DPWCA0763E The last character in the DN was the= following the name

Explanation: The format of the certificate DN was notvalid.

Administrator response: Make sure the certificate DNis valid.

DPWCA0764E Unexpected end of string

encountered parsing certificate DN


Administrator response: Check the format of the laststring in certifcate DN

DPWCA0765E The search string is NULL



DPWCA0301W • DPWCA0765E

Chapter 6. Security Access Manager Web Runtime Messages 217



DPWCA0766E The return dn is NULL



DPWCA0768E Error loading XKMS CDASconfiguration file.

Explanation: There was an error in the XKMS CDASconfiguration file.

Administrator response: Look for other log messagesindicating which entries were not found.

DPWCA0769E Error searching suffix '%s', returnstatus = 0x%x

Explanation: An LDAP search failed.

Administrator response: Verify the LDAP server isrunning and that the suffix exists.

DPWCA0770E Bad Parameters passed tobuild_search_filter function.


Administrator response: Call support

DPWCA0771E Error retrieving value from certificateDN.

Explanation: Make sure that the DN contains all of the strings specified in the replacement strings list.

Administrator response: An error occurred while

trying to replace a value from the certificate DN.

DPWCA0774E Unable to attach thread to existing JVM.

Explanation: An error occurred when trying to attacha thread to a JVM.

Administrator response: Make sure the JVM beingused is a supported JVM.

DPWCA0775E Unable to create JVM or attach to anexisting JVM.

Explanation: An error occurred when trying todiscover whether or not a JVM already existed in thecurrent process.

Administrator response: Make sure the JVM beingused is a supported JVM.

DPWCA0778E Unable to attach thread in shutdown.Aborting cleanup.

Explanation: An error occurred while trying to attachto the JVM to perform clean up activities.

Administrator response: None necessary.

DPWCA0779E Cannot load class: %s

Explanation: An error occurred while trying to load a java class.

Administrator response: Make sure the classpath in

webseald.conf is correct and that the class can be foundin a jar file in the classpath.

DPWCA0780E Cannot create new object: %s

Explanation: An error occurred while creating a newobject.

Administrator response: Make sure the classpath inwebseald.conf is correct and that the class can be foundin a jar file in the classpath.

DPWCA0781E Cannot load class method: %s .init

Explanation: An error occurred while trying to loadthe init method for the class.

Administrator response: Make sure that the class isvalid and implements the 'init' method.

DPWCA0782E Exception ocurred in %s.init(%s)

Explanation: An exception occurred while invokingthe init method of a class.

Administrator response: Check the log file for otherdetails about the exception and make sure theproperties file contains no errors.

DPWCA0783E Cannot load class method:%s.validate

Explanation: An error occurred while trying to loadthe validate method for the class.

Administrator response: Make sure that the class isvalid and implements the 'validate' method.

DPWCA0785E Exception ocurred in validate,certificate DN = %s

Explanation: An exception occurred while invokingthe validate method of a class with the specified

certificate DN.

Administrator response: Check the log file for otherdetails about the exception.

DPWCA0787E DN of first entry is NULL.

Explanation: An LDAP search returned an entrywithout a DN.






DPWCA0788E Parsing the names and values forreplacement string failed.

Explanation: An error occurred retrieving valuesneeded to certificate DN mapping.

Administrator response: Check the log file foradditional errors. Verify the replacement strings in

webseald.conf are correct.

DPWCA0900E Unable to open ITIM CDASconfiguration file.

Explanation: An error occurred while opening theITIM CDAS configuration file.

Administrator response: Check the file path in theWebSEAL configuration file and verify that the ITIMCDAS configuration file exists.

DPWCA0901E Incorrect number of arguments usedfor ITIM CDAS initialization.

Explanation: Bad number of arguments used in ITIMCDAS configuration.

Administrator response: Verify that the correctnumber of arguments are specified in the WebSEALconfiguration file for initializaion of the ITIM CDAS.

DPWCA0902E No ITIM CDAS configuration file oraction in the WebSEAL configurationfile.

Explanation: Bad parameter for ITIM CDASconfiguration file name or action type.

Administrator response: Verify that the ITIM CDASconfiguration file name path are correct in theWebSEAL configuration file and that the CDAS actiontype is either 'check' or 'sync'.

DPWCA0904E Could not create the sending messageto ITIM.



DPWCA0905W Function call, func , failed error: errorcode error text.

Explanation: The specified GSKit function failed whilesetting up for SSL connections to junctions or from

browsers. Or perhaps the initial handshake failed dueto invalid certificates or the browser simply closed theconnection abruptly.

Administrator response: Examine the error text fordetails. Typical problems might be that the PKCS#11library is incorrectly specified, or the PKCS#11 token ortoken password is incorrect, or the PKCS#11 token isnot set up.

DPWCA0906E Could not create socket (%d)

Explanation: This message is overloaded in itsmeaning. It can mean there was a failure in creating asocket for connecting, setting socket options on it, orcreating sockets for HTTP and HTTPS connections.

Administrator response: Check WebSEAL has not

exceeded system resource limits. Examine the errno inthe system error header file for details.

DPWCA0907E Could not connect socket (%d)

Explanation: This message means that there was afailture to connect to a specific socket.

Administrator response: Examine the errno in thesystem error header file for details.

DPWCA0908E Could not get the ITIM server hostaddress

Explanation: See the message.Administrator response: Check whether ITIM serveris already running. If ITIM is running, check the ITIMCDAS configuration file to verify the ITIM server URLis specified correctly.

DPWCA0909E Windows library call failed. Couldnot call the function WSAStartup.

Explanation: The WSAStartup function must be thefirst Windows Sockets function called by an applicationor DLL. It allows an application or DLL to specify theversion of Windows Sockets required and to retrievedetails of the specific Windows Sockets implementation.The application or DLL can only issue further WindowsSockets functions after a successfully callingWSAStartup.

Administrator response: Check WS2_32.DLL in thesystem environment.

DPWCA0910E Unable to allocate memory



DPWCA0911E Could not find host name or IPaddress of ITIM server in the ITIMCDAS configuration file.

Explanation: See the message.

Administrator response: Check the ITIM PasswordURL part in the ITIM CDAS configuration file.





DPWCA0912E Could not find KeyDataBase in theITIM CDAS configuration file.


Administrator response: Verify that the KeyDataBaseentry exists in the ITIM CDAS configuration file.

DPWCA0913E Could not find KeyDataBasePassword in the ITIM CDASconfiguration file.


Administrator response: Verify that the KeyDataBasePassword entry exists in the ITIM CDAS configurationfile.

DPWCA0914E Could not find Source DN in theITIM CDAS configuration file.


Administrator response: Verify that the Source DNentry exists in the ITIM CDAS configuration file.

DPWCA0915E Could not find ITIM Principal Namein the ITIM CDAS configuration file.


Administrator response: Verify that the ITIM PrincipalName entry exists in the ITIM CDAS configuration file.

DPWCA0916E Could not find ITIM PrincipalPassword in the ITIM CDAS

configuration file.Explanation: See the message.

Administrator response: Verify that the ITIM PrincipalPassword entry exists in the ITIM CDAS configurationfile.

DPWCA0917E Could not find ITIM message header.

Explanation: ITIM server replied with an invalidHTTP message header.

Administrator response: Check ITIM server for errormessage details. Verify the version of the reversepassword server component.

DPWCA0922E The password could not be changedin ITIM. The password has beeenchanged in TAM.

Explanation: Message indicates that module failed tochange the password in ITIM. Password in TAM has

been changed.


DPWDS0150E An attempt to create a UUID hasfailed with the following error: %s(error code: 0x%x)

Explanation: An attempt to create a UUID has failed.

Administrator response: Examine additional messagesto determine the cause of the error and correct the

problem. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0151E An attempt to retrieve the machineaddress code (MAC) failed: %s (errorcode: 0x%lx)

Explanation: An attempt to retrieve the MAC of theserver failed.

Administrator response: Examine additional messages

to determine the cause of the error and correct theproblem. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0300E The session management client failedto initialized.

Explanation: The client for the session managementinterface could not be initialized.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0301E A general failure has occured withinthe session management client.

Explanation: An error has occured within the sessionmanagement client.



DPWDS0302E A replica set which is unknown tothe session management client has beensupplied (%s).

Explanation: An operation on a unknown sessionmanagement replica set has been requested.

DPWCA0912E • DPWDS0302E





DPWDS0303E A replica set which is unknown tothe session management client has beensupplied.

Explanation: An operation on a unknown sessionmanagement replica set has been requested.


DPWDS0304E The requested version %d of thesession key was not found for replica%s in replica set %s.

Explanation: A request was made for a session keywhich is not currently stored. This error occurs whenan old session ID is used.

Administrator response: Either increment the keyexpiration time within the configuration file, or ensurethat old session ID's are not used.

DPWDS0305E The requested key was not found.

Explanation: A request was made for a session keywhich is not currently stored. This will usually occurwhen an old session ID is used.

Administrator response: Either increment the keyexpiration time within the configuration file, or ensurethat old session ID's are not used.

DPWDS0306E No session keys are currentlyavailable.

Explanation: A request was made for the currentsession key, but no key has been stored in the key table

.Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0307E An error occurred when attempting tocommunicate with the SOAP serverURL %s: %s (error code: %d /0x%x).

Explanation: An attempt was made to communicatewith the SOAP server and a failure occured within theunderlying communications layer.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Ensure that the SOAP server is running andreachable. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0309E An error was returned from theSOAP server in cluster %s when callingthe %s interface: %s (code: 0x%x).

Explanation: The session management server returnedan error.

Administrator response: Examine messages within thesession management server log. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0310E An invalid key size was returned bythe session management server: %d ,whereas it should be: %d.

Explanation: The session management server haspassed a key to the client which is not the expected key

size.Administrator response: Examine messages within thesession management server log. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0311E An incorrect key version wasreturned by the session managementserver to replica %s in replica set %s :%d , whereas it should be: %d.

Explanation: The session management server haspassed a key to the client which is not the expectedversion.

Administrator response: Examine messages within thesession management server log. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0303E • DPWDS0311E




DPWDS0312E The session management server couldnot be reached.

Explanation: An unsuccessful attempt has been madeto communicate with an interface of the sessionmanagement server.

Administrator response: Ensure that the session

management server is running and can be reached bythe client. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0313E The cryptographic routine, %s , failed: %s (error code: 0x%x).

Explanation: A call in to a cryptographic routine hasfailed.



DPWDS0314E The cryptographic routine, %s , failed.

Explanation: A call in to a cryptographic routine hasfailed.


DPWDS0315W An invalid session key was providedto the session management server client.

Explanation: A session key with an invalid formatwas provided to the session management server client.

Administrator response: Ensure that the sessionmanagement server is running and can be reached bythe client. Restart the process. If the problem persists,check IBM Electronic Support for additional


DPWDS0316E The session management server didnot return a response.

Explanation: The session management server did notreturn a response to a request made by the sharedsession management client.

Administrator response: Ensure that the session

management server is running and can be reached bythe client. Examine the session management server'slogs for error messages relating to this failure. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0319E The session management server clientattempted to join the replica set '%s'twice with the replica name '%s'.

Explanation: The session management server clienthas been configured to join a replica set twice using thesame replica name. The client must use different replicanames for each server instance in a replica set.

Administrator response: Modify the configuration fileto specify different replica names for each serverinstance joining the same replica set. Restart the server.

DPWDS0320E The DN contained within the servercertificate, %s , is not recognised byreplica %s in replica set %s .

Explanation: The DN found within the servercertificate was not listed as a valid DN within theconfiguration file.

Administrator response: Ensure that the correct servercertificate is supplied, or modify the list of valid DN'swithin the configuration file.

DPWDS0321E The replica %s in replica set %s doesnot have permission to access thesession management server.

Explanation: The session management server has beenconfigured to require authentication, but the sessionmanagement client either did not authenticate, orauthenticated using an identity that does not havepermission to access the session management server.

Administrator response: Ensure the sessionmanagement client has been configured to use HTTPSto access the session management server, and that theconfiguration file specifies the correct client certificate.Check that the session management server security rolemappings are correct. It may be necessary to restart theclient.

DPWDS0322E The session management server forthe replica set, %s , of the replica, %s ,could not be reached.

Explanation: An unsuccessful attempt has been madeto communicate with an interface of the sessionmanagement server.

Administrator response: Ensure that the sessionmanagement server is running and can be reached bythe client. If the problem persists, check IBM ElectronicSupport for additional information -

DPWDS0312E • DPWDS0322E





DPWDS0323E No session keys are currentlyavailable for replica %s in replica set%s.

Explanation: A request was made for the currentsession key, but no key has been stored in the key table.


DPWDS0450E Error parsing STS response elementline %d , column %d: '%s'. The element

text was '%s'.Explanation: The STS returned an unintelligible XMLresponse.

Administrator response: If other elements of the STSresponse are complete, SSO will continue. Otherwise,SSO will fail. If SSO fails, exmaine the element todetermine why the STS response was invalid.

DPWDS0451E Unable to parse timestamp '%s'

Explanation: The timestamp returned from the STSwas unintelligible.

Administrator response: Examine the element todetermine why the timestamp was invalid.

DPWDS0452E Unable to parse timestamp.

Explanation: The timestamp returned from the STSwas unintelligible.

Administrator response: Examine the element todetermine why the timestamp was invalid.

DPWDS0453E The STS response did not contain theelement '%s'

Explanation: The STS response was incomplete.

Administrator response: The TFIM server may not befunctioning properly, or the STS module may need to

be modified to return the necessary data.

DPWDS0454E The STS response did not contain anecessary element.

Explanation: The STS response was incomplete.

Administrator response: Examine other entries in thelogs to determine which element was missing. The

TFIM server may not be functioning properly, or theSTS module may need to be modified to return thenecessary data.

DPWDS0455E Token types other than 'kerberos'require that you specify an HTTPheader name with the 'header-name'

configuration option or an HTTP cookiename with the 'cookie-name'configuration option.

Explanation: A configuration option was missing fromthe configuration file

Administrator response: Add the needed entries tothe configuration file.

DPWDS0456E Error %08x occurred when retrievinga token for user '%s' to access '%s'. Referto other log messages for additionaldetail.

Explanation: An attempt to retrieve a token to accessa resource failed. Other messages with greater detailhave been logged.

Administrator response: Examine other entries in thelogs to determine the root cause of the failure.

DPWIV0151E Could not initialize serviceabilitycomponent (%s , 0x%8.8lx)

Explanation: WebSEAL was unable to register theservice component with the serviceibility subsystem orregister an in memory catalog. The error code output inthe message will give finer details as to why. Most

likely it will be due to a lack of memory or a designflaw.

Administrator response: Check memory ulimit onUNIX platforms, and available memory on all types of platforms. Increase available memory to the WebSEALprocess if applicable.

DPWIV0152E Could not register serviceabilitymessage table (%s , 0x%8.8lx)

Explanation: WebSEAL was unable to register an inmemory catalog. The error code output in the messagewill give finer details as to why. Most likely it will be

due to a lack of memory or a program design flaw.Administrator response: Check memory ulimit onUNIX platforms, and available memory on all types of platforms. Increase available memory to the WebSEALprocess if applicable.

DPWIV0154E Could not open configuration file (%s ,%d)

Explanation: The configuration file output in themessage was not able to be opened. The error code also

DPWDS0323E • DPWIV0154E




output in the message will give finer details. This codeis likely to be one of: 8, failed to lock the file, genericlocking catch-all code. 10, unable to open the file,general open catch-all code. 11, bad argument tofunction from program design flaw. 12, failed to lockthe file, it is already locked. 13, File permissions don'tallow the program to open the file. 14, Insufficentmemory available to the program.

Administrator response: Based on the error codeoutput in the message do one of the following actions.8 or 12, the program may already be running, or theanother process may have the file open and locked. 10or 13, check the file exists and in the case of 13, checkthe ownership and access permissions. WebSEAL canchange the user it is running as so examine theWebSEAL configuration file for unix-user. 11 contacttechnical support. 14, check the data ulimit for theprocess and the available memory. Increase it if possible.

DPWIV0155E Configuration stanza missing (%s)Explanation: A necessary configuration file stanza wasnot found.

Administrator response: Make sure the name of thestanza is spelled correctly in the configuration file.

DPWIV0156E Configuration item missing (%s , %s)

Explanation: The configuration entry, output in theerror message, is missing from under the stanza, alsooutput in the error message. The entry is not optional.Possibly a spelling mistake, or a new WebSEAL binarywas installed that requires additional new entries.

Administrator response: Fix any spelling errors oradd the missing entry.

DPWIV0157E Could not initialise servicibilitymessaging (0x%8.8lx)


Administrator response: The message contains anerror code that gives more specific details on the cause.Also until the servicibility messaging is setup, Englishmessages may be output, and on UNIX platforms thesemay additionally be put into syslog under the userfacility. Once the first servicibility message file is

initialised successfully errors may be output tostandard error log files. Check for these messages formore specific details. Also check the language pack forthe locale has been installed.

DPWIV0158E Could not set process rlimit.

Explanation: The UNIX process attempted to set it'sulimit values for the number of file handles and onsome platforms the virtual memory size. If theoperatining system has set hard ulimits smaller thanthe ones requested then it could fail.

Administrator response: Increase relevant operatingsystem kernel specific limits. Typically WebSEAL needs2048 file handles (except on Solaris, where it is 1024).On Solaris WebSEAL attempts to ensure it has aminimum virtual memory ulimit of 192MB. Anotherreason this might fail is that the process was not started

by root.

DPWIV0161E Server is already running (PID %d)

Explanation: The program can not have multipleinstances running. In the case of WebSEAL, only oneWebSEAL process can be running per instance. Theconfilicting program was determined by reading it'sProcess ID (PID) from the a file and determining if thatPID was active.

Administrator response: Ensure only one instance isrunning. On UNIX examine the output of the pscommand to determine the offending instance. It ispossible that if an old PID is in the PID file, andanother process has aquired this old PID that the

message is in error. In that case simply remove the PIDfile and start the process again.

DPWIV0162E Could not create PID file (%s , %d)

Explanation: The program could not create the file,specified in the message text. The reason can bedetermined in more detail from the error number, alsofound in the error text. On UNIX the meaning of thiserror code can typically be found in/usr/include/sys/errno.h. Windows may need tocontact technical support as the included files are notshipped with the operating system. Typical problemsmight be insufficent priviledges, or lack of disk space.

Administrator response: Check the ownership andpermissions on the file, or directory containing the file,allow the process to create or recreate it. Check there issufficent disk space on the file system/partition tocontain the file.

DPWIV0163E Could not become backgroundprocess because output redirectionfailed (%d)

Explanation: One of the four steps to creating a background daemon process has failed. If the errornumber specified in the error text is -1 or -2, then it

was unable to connect standard error or standard outto a log file. For WebSEAL this log file is the server-logentry in the configuration file. Typically this can becaused by insufficent priviledges on the file or thedirectory containing the file for WebSEAL.

Administrator response: Examine the error code, if -1or -2 then check the ownership and permissions of theservers log file and containing directory.

DPWIV0155E • DPWIV0163E




DPWIV0164W Could not start background process

Explanation: If this message is generated during anattempt to start WebSEAL then the attempt byWebSEAL to fork itself into the background has failed.Typpically some initialization failed in the child processand an additional message will be logged by the

background child process. But it could also be due toinsufficent operating system resources.

Administrator response: For WebSEAL startup checkfor additional errors that indicate why the backgroundprocess stopped.

DPWIV0166E Could not load configuration

Explanation: Unable to load WebSEAL configuration(typically webseald.conf) for for locating LDAPconfiguration information or unable to load ldapconfiguration file (typically ldap.conf). Additionalmessages should be logged detailing why.

Administrator response: Locate additional loggedmessage to determine the problem. If no additionalmessages, examine the ownership, permissions, andexistance of these files.

DPWIV0167E Invalid UNIX user name (%s)

Explanation: The server (typically WebSEAL) failed toget information for the user. It is likely that it is aninvalid user name.

Administrator response: Update the WebSEALconfiguration file (typically webseald.conf) and correctthe user name for 'unix-user' to a valid one.

DPWIV0168E Invalid UNIX group name (%s)

Explanation: The server (typically WebSEAL) failed toget information for the group. It is likely that it is aninvalid group name.

Administrator response: Update the WebSEALconfiguration file (typically webseald.conf) and correctthe group name for 'unix-group' to a valid one.

DPWIV0169E Could not change process GID (%s)

Explanation: The server (typically WebSEAL) failed tochange the processes group ID to the one specified.

This can happen if the server does not have theprivaledges required.

Administrator response: Start the server as root orchange the owner of the program to root and set the 's'

bit in it's perms.

DPWIV0170E Could not change process UID (%s)

Explanation: The server (typically WebSEAL) failed tochange the processes user ID to the one specified. Thiscan happen if the server does not have the privaledgesrequired.

Administrator response: Start the server as root or

change the owner of the program to root and set the 's' bit in it's perms.

DPWIV0172E Unexpected end of byte stream

Explanation: Message is not used. This is purely usedas in internal status code.

Administrator response: No action is required

DPWIV0173E Could not stop background process(errno %d)

Explanation: Message is not used. This is purely used

as in internal status code.Administrator response: No action is required

DPWIV0174E Could not change the workingdirectory (errno %d)

Explanation: A child CGI process of WebSEAL isunable to change to the directory containing the CGI.The meaning of the errno value can typically be foundin /usr/include/sys/errno.h and will give finer detailson the cause.

Administrator response: Lookup the errno in errno.hfor the cause.

DPWIV0175E Could not open a pipe (errno %d)

Explanation: WebSEAL failed to create a pipe forcommunicating to a child CGI process of WebSEAL.The meaning of the errno value can typically be foundin /usr/include/sys/errno.h and will give finer detailson the cause.

Administrator response: Lookup the errno in/usr/include/sys/errno.h for the cause.

DPWIV0176E Could not fork (errno %d)

Explanation: WebSEAL failed for fork so that it couldexecute a CGI. This could be due to insufficentoperating system resources.


DPWIV0164W • DPWIV0176E




DPWIV0177E Could not duplicate file descriptor(errno %d)

Explanation: A CGI created by WebSEAL failed toredirect it's standard out or standard in to the pipesused to communicate with the parent WebSEALprocess.


DPWIV0178E Operation forbidden by the operatingsystem



DPWIV0179E Unknown user

Explanation: Message is not used. This is purely used

as in internal status code.Administrator response: No action is required

DPWIV0180E Missing .conf file setting

Explanation: The expected bind-dn or bind-pwdentries in the ldap configuration file (typicallyldap.conf) are missing.

Administrator response: Add the missing bind-pwdor bind-dn entry.

DPWIV0181E %s: Missing [%s] setting: %s

Explanation: An ldap entry is missing from theconfiguration file.

Administrator response: Add the missing entry.

DPWIV0186E Unable to setup a connection to theLDAP server



DPWIV0187E Invalid LDAP 'replica' entry in config

file



DPWIV0189E Unable to configure LDAP replicainto server.



DPWIV0192W LDAP server %s has failed

Explanation: The LDAP server named in the messageis not responding to requests.

Administrator response: Check the LDAP server is

operational. Once operational WebSEAL will start usingit again automatically. Check the LDAP server name iscorrect.

DPWIV0193W LDAP server %s has recovered

Explanation: The LDAP server named in the messagewas previously non-operational. It is now respondingcorrectly to requests and will be used again.


DPWIV0194E Could not become backgroundprocess because pipe failed. (%d)

Explanation: The pipe() function failed. This errorvalue can typically be found in /usr/include/sys/errno.h and will give finer details on the cause.

Administrator response: Make sure server has thepermission to create interprocess pipes.

DPWIV0195E Could not become backgroundprocess because fork failed. (%d)

Explanation: The fork() function failed. This functionfails when insufficient memory is available, or machineprocess limit is reached. The error value can typically

be found in /usr/include/sys/errno.h and will givefiner details on the cause.

Administrator response: Make sure server machineresources are available.

DPWIV0196W Could not start background process:%s

Explanation: This is due to the failure to execute aCGI program. Either the program is not executable, orsystem resources are not available to run the program.

Administrator response: WebSEAL could notsuccessfully start a child process. Most likely the

program does not exist or is not executable.

DPWIV0197E Error in stanza file %s on line %d: %s

Explanation: An error occurred while attempting toread data from a stanza file.

Administrator response: Correct the problem in thestanza file.





DPWIV0198E Error in stanza file.

Explanation: An error occurred while attempting toread data from a stanza f ile. Log files will containmore information.

Administrator response: Examine log files to identifythe error in the stanza file.

DPWIV0199E An unexpected exception occurred atline %s:%d



DPWIV0200E An unexpected exception occurred



DPWIV0201E The azn-api function '%s' returned0x%lx

Explanation: An unexpected azn-api function failureoccurred.



DPWIV0202E An azn-api function unexpectedlyfailed

Explanation: An unexpected azn-api function failureoccurred.

Administrator response: Check log files for additionaldetails. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWIV0203E Additional information from azn-api:%s = %s

Explanation: An azn-api error occurred, and thismessage contains more detail about the error.

Administrator response: Check log files for additionaldetails. The exact action to take depends on the contextof the error.

DPWIV0204E An invalid permission string, %s , waslocated for the %s method within the %sstanza.

Explanation: A configured permission string is invalidand not recognized by the IBM Security AccessManager Authorization engine.

Administrator response: Correct the specifiedpermission string within the configuration file andensure that the permission string is valid.

DPWIV0205E The system function '%s' returned0x%lx.

Explanation: An unexpected system function failureoccurred.


DPWIV0450E Could not create new thread (%d)

Explanation: WebSEAL failed to create an additionalthread. This may be due to running out of operatingsystem resources or exceeding process limits.

Administrator response: Check memory and threadlimits for the process, and available memory. The errornumber can be looked up in /usr/include/sys/errno.hfor more details on the problem.

DPWIV0452E Could not cancel thread (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to stop a thread that monitors a

junctions health.

Administrator response: Contact technical support,this is an unexpected internal error. The error numbercan be looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0453E Could not join thread (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to cleanup a stopped thread thatmonitors junction health.


DPWIV0454E Could not create mutex (%d)

Explanation: WebSEAL failed to create a mutex usedto protect internal resources. This may be due toinsufficent Operating System resources or exceedingprocess limits such as memory.





Administrator response: Check memory limits for theprocess, and available memory. The error number can

be looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0455E Could not destroy mutex (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to cleanup a mutex used to protectsystem resources.


DPWIV0456E Could not lock mutex (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to lock a mutex used to protectsystem resources.


DPWIV0457E Could not unlock mutex (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to lock a mutex used to protectsystem resources.


DPWIV0458E Could not create condition variable(%d)

Explanation: WebSEAL failed to create a conditionvariable used to wait for events to occur. This may bedue to insufficent Operating System resources orexceeding process limits such as memory.

Administrator response: Check memory limits for theprocess, and available memory. The error number can

be looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0459E Could not destroy condition variable(%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to release resources used by acondition variable.


DPWIV0460E Could not wait on condition variable(%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to wait on a condition variable.

Administrator response: Contact technical support,this is an unexpected internal error. The error number

can be looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0461E Could not broadcast on conditionvariable (%d)

Explanation: This message indicates a serious internalerror involving the threading library.


DPWIV0462E Could not signal on conditionvariable (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to signal a condition variable.


DPWIV0463E Could not set thread cancelability(%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to modify a threads cancel state.


DPWIV0465E Error msg returned from stanzafunction: (%s).For entry: %s / %s.

Explanation: The migrate tool has had an error whilemanipulating a configuration file full of stanzas andentries. The bracketted error string within the errormessage gives more detail.

Administrator response: Correct the error specified bythe bracketted error string.

DPWIV0466E Unsupported configuration item type(%d)

Explanation: The migrate tool has had anunrecoverable internal error. It has encountered anunknown entry type.

Administrator response: Contact technical support,





this is an unexpected internal error.

DPWIV0467E Could not create new pthread key(%d)


Administrator response: Contact product support.

DPWIV0468E Could not create default pthreadattributes.

Explanation: WebSEAL failed to create pthreadattributes.

Administrator response: Check available memory forthe process.

DPWIV0469E pthread_attr_setdetachstate() failed(%d)

Explanation: This message indicates a serious internal

error involving the threading library.Administrator response: If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWIV0470E Could not destroy pthread attributes.

Explanation: WebSEAL failed to delete pthreadattributes.

Administrator response: Check available memory forthe process.

DPWIV0471E pthread_rwlock_init() failed (%d)

Explanation: This message indicates a serious internalerror involving the threading library.


DPWIV0750E Could not unlink file (%s , %d)

Explanation: Unable to remove the file used to storethe process ID (PID) of the server (typically WebSEAL).

This file is used when WebSEAL is started to detect if WebSEAL is already running. Only one process perinstance of WebSEAL can be running.

Administrator response: Remove the file by hand.Check the permissions and ownership of the directorywhere the file is stored to ensure the server can updateit. Check the error number returned for greater detailsof the cause. It can be looked up in/usr/include/sys/errno.h.

DPWIV0752E Could not open file (%s , %d)

Explanation: Unable to open the file specified in theerror text. This error message is only used internally byWebSEAL and some test programs.

Administrator response: The error number specifiedin the error text gives more details. It can be looked up

in /usr/include/sys/errno.h.

DPWIV0753E Error resetting file pointer (%d)

Explanation: An attempt to setup for reading orwriting a file from the start failed. This file is beingused to supply content for a local junction.

Administrator response: This is unexpected and if itpersists should be reported to technical support. Theerror number in this message can be looked up in/usr/include/sys/errno.h for additional details on thecause.

DPWIV0754E Could not close file (%d)

Explanation: Closing a file used for supplying contentfor a local junction failed.


DPWIV0755E Could not truncate file (%d)

Explanation: Truncating a file in a local junctionfailed.


DPWIV0756E Could not deallocate file descriptor%d. (errno: %d)

Explanation: Unable to close unused file handles inchild CGI process.

Administrator response: This is unexpected and if it

persists should be reported to technical support. Theerror number in this message can be looked up in/usr/include/sys/errno.h for additional details on thecause.

DPWIV0759W Directory (%s) could not be created.(Errno = %d)

Explanation: Unable to create the directory specifiedin the error message. The directory is created to storecontent from a PUT HTTP request.

DPWIV0467E • DPWIV0759W




Administrator response: This may be due to lack of disk space or permissions on parent directories. Formore details on the cause lookup the errno in/usr/include/sys/errno.h

DPWIV0760W The specified path is invalid. (%s)

Explanation: The path specified to the DELETE HTTPrequest is not valid on the local junction.

Administrator response: Correct the HTTP URL tocontain a valid path on the local junction.

DPWIV0761W The file (%s) attributes cannot beobtained. (Errno = %d)

Explanation: Unable to fetch information on the filespecified in the error message. This file is possiblygoing to be the target of a HTTP PUT request.

Administrator response: This may be due topermissions on the file. For more details on the cause

lookup the errno in /usr/include/sys/errno.h

DPWIV0762W Can't delete non-empty directory (%s)

Explanation: This is only used as an internal status. Itoccurs either during a PUT or DELETE HTTP requestwhen the replaced or deleted directory is not empty.

Administrator response: Don't PUT or DELETE onthis directory until it is empty.

DPWIV0763W Failed to delete file (%s) (Errno = %d)

Explanation: A HTTP PUT or DELETE request is

either replacing or deleting a file on a local junction.This failed.

Administrator response: This may be due topermissions on the file. For more details on the causelookup the errno in /usr/include/sys/errno.h

DPWIV0764E Could not rename file (%s , %s , %d)

Explanation: Unable to rename/move the file to thedestination. This is done in response to a HTTPDELETE request when the delete files are to bearchived.

Administrator response: This may be due to

permissions on the source or destination file or theirdirectories. For more details on the cause lookup theerrno in /usr/include/sys/errno.h

DPWIV0766W Write to file (%s) failed. (Errno = %d)

Explanation: The server failed to write to an open file.

Administrator response: This may be due topermissions on the file or because there is insufficientroom in the file system. For more details on the causelookup the errno in /usr/include/sys/errno.h

DPWIV0767E List of directory (%s) failed. (Errno =%d)

Explanation: A system error occurred while trying toread a directory's contents.

Administrator response: Examine the directoryspecified and attempt to determine and correct the

problem that caused the system error.

DPWIV0768E Could not copy file (%s , %s , %d)

Explanation: Unable to copy the file to thedestination. The source of this error depends on thecontext of the operation that failed.

Administrator response: This may be due topermissions on the source or destination file or theirdirectories. For more details on the cause lookup theerrno in /usr/include/sys/errno.h

DPWIV0769W Read from file (%s) failed. (Errno =

%d)

Explanation: The server was unable to read from thefile specified.

Administrator response: This may be due topermissions on the file. For more details on the causelookup the errno in /usr/include/sys/errno.h

DPWIV0770W Could not close file (%s). (Errno =%d)

Explanation: The server was unable to close an openfile.

Administrator response: This may be due toinsufficient file system space. For more details on thecause lookup the errno in /usr/include/sys/errno.h

DPWIV1050E Could not create socket: ERRNO = %d

Explanation: WebSEAL failed to create a socket forconnections to junctions, or failed to create the listeningsockets for HTTP and HTTPS connections from client

browsers.

Administrator response: Check WebSEAL has notexceeded system resource limits. For more details onthe cause lookup the errno in /usr/include/sys/

errno.h.

DPWIV1051E Could not bind socket to port (%d ,%d)

Explanation: WebSEAL failed to bind a socket to theHTTP or HTTPS port specified in it's configuration file.

Administrator response: Check WebSEAL has notexceeded system resource limits. Check the portnumbers are valid in the WebSEAL configuration file.Check these ports don't clash with other servers on the

DPWIV0760W • DPWIV1051E




same system. For more details on the cause lookup theerrno in /usr/include/sys/errno.h.

DPWIV1052E Could not bind socket to port %d ,interface %s (errno %d)

Explanation: WebSEAL failed to bind a socket to theHTTP or HTTPS port specified in it's configuration fileon a specific network interface address.

Administrator response: Check WebSEAL has notexceeded system resource limits. Check the portnumbers and interface addresses are valid in theWebSEAL configuration file. Check these ports don'tclash with other servers on the same system. For moredetails on the cause lookup the errno in/usr/include/sys/errno.h.

DPWIV1053E Cannot understand requested networkinterface %s

Explanation: WebSEAL failed to validate the HTTP or

HTTPS network interface address specified in itsconfiguration file.

Administrator response: Check the interface addressesare valid in the WebSEAL configuration file.

DPWIV1054E Could not connect

Explanation: WebSEAL was unable to connect to a junctioned Web server.

Administrator response: Check that the host nameand port number specified for the junction are correct.Check that the junctioned Web server is available andresponding.

DPWIV1055E Could not read from socket

Explanation: WebSEAL was unable to read from a junctioned Web server, or from a browser. The browseror Web server may have closed the connectionprematurely.

Administrator response: Retry the operation, the errorcondition may be temporary. If the error reoccurs checklog files for related messages. Verify that the browser or

junctioned Web server is functioning properly.

DPWIV1056E Could not write to socketExplanation: WebSEAL was unable to write to a

junctioned Web server, or to a browser. The browser orWeb server may have closed the connectionprematurely.

Administrator response: Retry the operation, the errorcondition may be temporary. If the error reoccurs checklog files for related messages. Verify that the browser or

junctioned Web server is functioning properly. If thisoccurs when WebSEAL is writing to a junctioned Webserver, try sending the request to the junctioned Web

server directly and examine the response from theserver.

DPWIV1057E Could not close socket (errno %d)

Explanation: WebSEAL encountered an error whenattempting to close a socket.


DPWIV1058E Could not call select() on socket

Explanation: WebSEAL encountered an error whileusing the select function on a socket.


DPWIV1059E Timeout occurred while attempting toread from socket

Explanation: A timeout occurred when WebSEAL wasattempting to read from a socket.


DPWIV1060E Could not read from socket (%d)

Explanation: A timeout occurred when WebSEAL wasattempting to read from a socket.


DPWIV1061E Could not write to socket (%d)

Explanation: An unexpected error occurred whilewriting to a socket.


DPWIV1062E Unable to resolve IP address forhostname '%s' (Error %d: %s)

Explanation: An attempt to resolve a hostname to anIP address failed. There are many possible reasons forfailure, and the system error code and error text can beused to isolate the problem.

Administrator response: The source for this errordepends on the exact context of the error.Administrators should verify that the hostnamespecified is correct, and that DNS can resolve thehostname properly. Check the DNS configuration theserver logging this error. The system error code anderror text may provide more detail about the problem.

DPWIV1063E Unable to resolve IP address forhostname.

Explanation: An attempt to resolve a hostname to anIP address failed.

Administrator response: Check the logs for additionalerror messages. Other messages will contain moredetail about the problem.





DPWIV1064E Could not set socket options (%d)

Explanation: There was a failure in setting socketoptions.

Administrator response: Check that WebSEAL has notexceeded system resource limits. For more details onthe cause, lookup the errno in /usr/include/sys/

errno.h.

DPWIV1065E Could not get socket options (%d)

Explanation: There was a failure trying to get socketoptions.

Administrator response: Check that WebSEAL has notexceeded system resource limits. For more details onthe cause, look up the errno in /usr/include/sys/errno.h.

DPWIV1066E Could not obtain the socket details:ERRNO = %d

Explanation: WebSEAL failed to obtain the connectiondetails for a connected socket.

Administrator response: Check WebSEAL has notexceeded system resource limits. For more details onthe cause lookup the errno in /usr/include/sys/errno.h.

DPWIV1200E Could not write to SSL connection

Explanation: This is used only as an internal errorcode. It should not be visible.


DPWIV1201E Could not read from SSL connection



DPWIV1203E Could not create new SSL connection



DPWIV1210W Function call, func , failed error: errorcode error text.

Explanation: The specified GSKit function failed whilesetting up for SSL connections to junctions or from

browsers. Or perhaps the initial handshake failed dueto invalid certificates or the browser simply closed theconnection abruptly.

Administrator response: Examine the error text togain insite on the problem. Typical problems might bethat the PKCS#11 library is incorrectly specified, or the

PKCS#11 token or token password is incorrect, or thePKCS#11 token is not setup.

DPWIV1212W No server DN is defined for '%s'.The junctioned server DN verification isnot performed.

Explanation: No server DN is defined in the junctiondatabase. DN verification against server certificate will

be ignored.

Administrator response: Recreate the junctionspecifying the junctioned servers certificate DN or turnoff mutual authentication on the junction.

DPWIV1213E Could not get junctioned server (%s)certificate

Explanation: The SSL connection to the specified junction did not have a certificate presented from the junctioned server.

Administrator response: Check the server side'scertificate has been configured.

DPWIV1214E Could not get junctioned server (%s)certificate's DN


Administrator response: Check the junctioned serveris presenting a certificate that has a printable DNpresent

DPWIV1215E Error in junctioned server DNverification (%s)

Explanation: The DN in the certificate presented bythe junctioned server contains a DN that does notmatch the one specified when the junction was created.

Administrator response: Check the junctioned server'sDN with the one specified during the junction creation.

DPWIV1216E The junctioned server presented aninvalid certificate.

Explanation: The certificate presented by the backendserver failed validation.

Administrator response: Install the CA root certificate

in the WebSEAL certificate key database.

DPWIV1217W SSL connection error.

Explanation: This is an internal error status notvisible. Error code returned when an ssl connectionfailed

Administrator response: Check logs for more details.

DPWIV1064E • DPWIV1217W




DPWIV1218E Error in junctioned server DNverification.

Explanation: The DN specified when the junction wascreated did not match the DN in the certificatepresented by the server.

Administrator response: Check the junctioned server's

DN with the one specified during the junction creation.

DPWIV1219E An SSL toolkit failure occured whilecalling %s. Error: %s .


Administrator response: The action to correct thisproblem depends on details in the error message.

DPWIV1220E An ICC toolkit failure occurred.


Administrator response: This error is alwaysaccompanied with a serviceability log error messagedetailing the ICC routine which failed and the reasonfor the failure. The action to correct this problemdepends on details in the serviceability log message. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWIV1221E An ICC toolkit failure occurred whilecalling %s. Error: %s .


Administrator response: The action to correct thisproblem depends on details in the error message. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWIV1222E An ICC toolkit failure occurred whilecalling %s. No further details areknown.

Explanation: An internal ICC error occurred.However, no details about the error we able to bedetermined beyond the name of the ICC function

which failed.


DPWIV1350E An error occurred when loading ashared library.

Explanation: This message indicates that a problemoccurred when loading a shared library. Other logmessages will have additional information.

Administrator response: Examine log files for more

detailed error messages.

DPWIV1351E The shared library '%s' could not beloaded because of system error code %d.System error text: %s.

Explanation: Opening a shared library failed. Theshared library may not exist, permissions on the librarymay be incorrect, or it may contain other errors thatprevent it from loading.

Administrator response: Examine the system errorcode and text to determine the nature of the problem.Make sure the shared library exists and is readable.

Make sure all of the symbols in the library can beresolved.

DPWIV1352E The symbol '%s' in the shared library'%s' could not be loaded because ofsystem error code %d. System error text:%s.

Explanation: Resolving a symbol from a shared libraryfailed after the library was initially loaded. The symbolmay not exist in the library or other symbols on whichthis symbol depends might not be available.

Administrator response: Examine the system errorcode and text to determine the nature of the problem.Make sure the shared library implements and exportsthe function being resolved. Make sure all of thesymbols required by the shared library can be resolved.

DPWWA0150E Cannot allocate memory

Explanation: Memory allocation operation failed.

Administrator response: Check memory limits onyour machine, and increase available memory if possible.

DPWWA0151E An insufficient amount of memory

was supplied.Explanation: An insufficient amount of memory waspassed into a function.


DPWIV1218E • DPWWA0151E




DPWWA0305E The '%s' routine failed for '%s', errno= %ld

Explanation: This is a major internal server failure. Aninternal function call failed.

Administrator response: Contact customer support.

DPWWA0306E Error in configuration file: %s

Explanation: The configuration file contained an error.

Administrator response: Edit the configuration file tocorrect the error.

DPWWA0308W Function name failed with errnovalue

Explanation: This is a generic message used toidentify specific non-fatal function calls failing.

Administrator response: Determine why the functioncall failed.

DPWWA0309E Badly formatted config entry for %scache

Explanation: The configuration defined in the[content-cache] stanza was incorrect.

Administrator response: Correct the values in the[content-cache] stanza of the configuration file.

DPWWA0310E Could not open IBM Security AccessManager WebSEAL configuration file(%s)


Administrator response: Correct problem preventingconfiguration file from being opened.

DPWWA0314E Initialization of authorization APIfailed. Major status=0x%x , minor status= 0x%x


Administrator response: Look up the specifiedmajor/minor status codes either through the ErrorMessage Reference Book or the pdadmin errtxtcommand. Analyze and fix the error based on thatinformation.

DPWWA0315E Initialization of authentication layerfailed: %s

Explanation: One of the authentication libraries failedto load.

Administrator response: Correct the entries for theauthentication libraries in webseald.conf

DPWWA0316W Configuration item value has beenassumed for %s

Explanation: The configuration item value did notmake sense and a default value was assumed

Administrator response: Correct the configurationvariable in webseald.conf

DPWWA0318E Error in configuration file, invalidaccept-client-certs value: %s


Administrator response: Correct the accept-client-certsparameter in webseald.conf

DPWWA0319E Error in configuration file. Whenaccept-client-certs is set to optional orrequired, you must specify a librarywith the cert-ssl option, or you mustspecify an eai-uri option.


Administrator response: Set the cert-ssl parameter inwebseald.conf

DPWWA0320W Error in configuration. Clients andMPAs cannot use the same sessiontypes.

Explanation: Clients and MPAs cannot use the samesession types.

Administrator response: Configure clients and MPAsto use different session types.

DPWWA0321E Value for stanza [%s] entry '%s'contains an illegal trailing backslashcharacter.

Explanation: Backslash characters are used to removeany special meaning of the character following it. Theend of line cannot be treated this way.

Administrator response: Remove the trailing \\character from the the entries value.

DPWWA0322E Value for stanza [%s] entry '%s'contains an unmatched quote.

Explanation: Quote characters are used to allowsvalues to have leading and trailing space characters.The values that have this requirement must have aquote at the begining and end of the region of chars. Aunpaired quote is not legal unless its special meaning isremoved using the backslash character.

Administrator response: Remove the unmatched "character from the the entries value or place a \\ char

before it to remove its special meaning.

DPWWA0305E • DPWWA0322E




DPWWA0323E Value for stanza [%s] entry '%s'contains a 'name = value' with a missingname.

Explanation: Stanza entries of this type have a specialformat. This format consists of multiple name = valuepairs separated by semicolon characters. In this case thename part of a pair is missing or empty.

Administrator response: Provide a name before the =character.

DPWWA0324E Value for stanza [%s] entry '%s'contains a 'name = value' with a missing= character.

Explanation: Stanza entries of this type have a specialformat. This format consists of multiple 'name = value'pairs separated by semicolon characters. In this case the= separating the pair is missing.

Administrator response: Insert the missing =

character.

DPWWA0325E Value for stanza [%s] entry '%s'contains two name value pairs with thesame name '%s'.

Explanation: Stanza entries of this type have a specialformat. This format consists of multiple 'name = value'pairs separated by semicolon characters. In this casethere are two of these pairs with the same name. Thisis illegal as all names must be unique.

Administrator response: Remove or rename one of the name value pair with the duplicate name.

DPWWA0326E Stanza [%s] contains an illegalduplicate entry '%s'.

Explanation: This stanza expects entries with uniquenames.

Administrator response: Remove or rename one of the entry names.

DPWWA0327W The default WebSEAL TCP and SSLinterfaces have both been disabled,which also disables the defaultWebSEAL worker threads.

Explanation: When both the default WebSEALinterfaces are disabled using [server] https = no andhttp = no the default worker threads are also notcreated. This will make WebSEAL unaccessable unlessadditional interfaces are defined under [interfaces]stanza. Note that these additional interfaces will not beable to share the 'default' worker threads as they willnot have been created.

Administrator response: No action required, it just anunusual situation.

DPWWA0328E The interface '%s' defined in the [%s]stanza contains an illegal empty valuefor '%s'.

Explanation: The worker threads setting in theconfiguration of an interface must be set to either thenumber of worker threads to create, or the name of another interface to share worker threads with.Typically this entry will look like 'worker-threads = 50'

Administrator response: Supply a non-empty valuefor worker-threads.

DPWWA0329E The interface '%s' defined in the [%s]stanza contains an illegal value for '%s'.

Explanation: The worker threads setting in theconfiguration of an interface must be set to either thenumber of worker threads to create, or the name of another interface to share worker threads with.Typically this entry will look like 'worker-threads = 50'

Administrator response: Provide the name of aninterface that has it's own worker threads or providethe number of worker threads it should create for itself.

DPWWA0330E The interface '%s' defined in the [%s]stanza contains an invalid value for '%s'.

Explanation: The port value provided is either out of the legal range or is not a number.

Administrator response: Provide a legal value for aTCP/IP port in the range 1 to 65535.

DPWWA0331E The interface '%s' defined in the [%s]

stanza contains an illegal TCP/IPaddress value for '%s'.

Explanation: The TCP/IP value provided is either255.255.255.255 or not a valid string for an TCP/IPaddress

Administrator response: Provide a legal value for aTCP/IP port.

DPWWA0332E Invalid certificate authenticationconfiguration for interface '%s' definedin the [%s] stanza. Incompatiblecombination of accept-client-certs and

ssl-id-sessions values.Explanation: See message.

Administrator response: Change theaccept-client-certs or ssl-id-sessions parameter inwebseald.conf.





DPWWA0333E Invalid certificate cacheconfiguration to support interface '%s'defined in the [%s] stanza.


Administrator response: Change the values of thecertificate cache configuration items.

DPWWA0334E Error in configuration file, invalidaccept-client-certs value: %s for interface'%s' defined in the [%s] stanza.


Administrator response: Correct the accept-client-certsparameter in webseald.conf

DPWWA0335E Error in configuration file relating tointerface '%s' defined in the [%s] stanza.When accept-client-certs is set tooptional, required, or

prompt_as_needed, specify a librarywith the cert-ssl option or the eai-urioption.


Administrator response: Set the cert-ssl parameter inwebseald.conf

DPWWA0336E The interface '%s' defined in the [%s]stanza must have one of http-port orhttps-port enabled.

Explanation: An interface has no function unless atleast one port is defined.

Administrator response: Assign a port to either or both of http-port or https-port.

DPWWA0337W The '%s' routine failed in '%s' forinterface %s:%d , errno = %d

Explanation: A non-fatal error was reported from thespecified function, called in a specified function inrelation to the specified interface and port. The systemerror code is given to help diagnose the reason.WebSEAL will continue to function. Typically thisoccurs when a connection from a browser is endedabnormally.

Administrator response: Keep an eye on this and if this occurs too often contact WebSEAL customersupport.

DPWWA0338E Not enough free file descriptors inthe process to configure even one of theworker threads wanted by the workerpool named '%s'.

Explanation: Each interface defined can have it's ownworker thread pool. If previous definintions have

consumed all available resources in creating their ownworker thread pools then there may be nothing left forthis interface. Each worker thread requires 2 filedescriptors. The number of available file descriptors isdependent on the Operating System WebSEAL is runon and is fixed when WebSEAL is constructed.

Administrator response: Reduce the number of

worker threads used by other worker pools.

DPWWA0339W Worker list '%s' has configured %dworker threads which is greater than thesystem can support. It has automaticallybeen reduced to %d.

Explanation: Each operation system has differentlevels of support for threads and open files. Thatcombined with compile time options will provide limitson the configurable number of worker threads.

Administrator response: The software automaticallyreduced the value. However to stop this message

appearing you may set the value in the configurationfile lower.

DPWWA0340E Unable to listen on interface %s:%d ,errno = %d

Explanation: The attempt to listen for connections onthe specified interface and port failed. The system errorcode is given to help diagnose the reason.

Administrator response: It is likely the reason forfailure is that another process or WebSEAL interface isalready listening on the same port and networkaddress. Change the port and/or network address toone not in use.

DPWWA0341E Error in configuration file, unknownsetting '%s' for interface '%s' defined inthe [%s] stanza.

Explanation: The interface has an unknownname=value pair in it's configuration. This could bedue to a spelling error.

Administrator response: Remove the unknown settingin the WebSEAL configuration file

DPWWA0342W The configuration data for this

WebSEAL instance has been logged in'%s'

Explanation: This is an informational message.

Administrator response: Informational. No action isrequired.

DPWWA0333E • DPWWA0342W




DPWWA0343E An error occurred trying to log theWebSEAL configuration data at startup.

Explanation: Check the server's error log file forspecific error conditions that could have led to thisfailure. It is possible that there are permission issueswith the configuration data log file or there are spacelimitations in the filesystem.

Administrator response: It is likely that logging theserver's configuration data failed because the desiredlocation for the log file is missing or was specifiedincorrectly in the server's configuration file.

DPWWA0345E The request was too large to store inthe session cache.

Explanation: The request size exceededrequest-max-cache or the message body exceededrequest-body-max-read, so the request could not bestored in the session cache.

Administrator response: Re-submit the request afterauthentication or increase request-max-cache and/orrequest-body-max-read

DPWWA0600E The requested single sign-on serviceis not supported by this server

Explanation: Junction created with an SSOspecification that the server was not built to support

Administrator response: Do not use the single-sign-onservice specified by the junction definition

DPWWA0601E Could not fetch SSO info for user

(%s ,0x%8lx)

Explanation: Could not map from username/pwd toprincipal/target in SSO

Administrator response: Check mappings fromprincipal/target to username/pwd in SSO

DPWWA0602E User '%s' does not have anyassociated SSO info

Explanation: SSO data either does not exist or isincorrect.

Administrator response: Check that SSO data for this

user exists and is correct.

DPWWA0603E User '%s' does not have a matchingSSO target

Explanation: The user was found in SSO, but notarget exists for them.

Administrator response: Create a target in SSO forthis user.

DPWWA0605E Can't perform single sign-on. User'%s' is not logged in

Explanation: User must be authenticated to use SSO.

Administrator response: Informative only. User must be logged in.

DPWWA0606E Could not sign user '%s' on due toincorrect target

Explanation: Could not sign user on due to incorrecttarget in SSO.

Administrator response: Check the target in SSO forthis user

DPWWA0607E Received basic authenticationchallenge for junction where filtering isbeing applied

Explanation: The junction type filters out Basic

Authentication data, but the junctioned server sent aBA challenge.

Administrator response: Either create the junctionwithout the -filter flag or modify the junctioned serverto not use Basic Authentication.

DPWWA0608E Unable to obtain binding to LDAPserver

Explanation: Unable to obtain binding to LDAP server

Administrator response: Check that LDAP server isrunning and can be accessed.

DPWWA0609E Unable to obtain binding toLDAP-GSO server (0x%8lx)

Explanation: Unable to obtain binding to LDAP-GSOserver

Administrator response: Check that LDAP-GSOserver is running and can be accessed.

DPWWA0625E Either the configuration file ismissing or it has errors.

Explanation: The iv.conf file is either missing, or theLDAP stanza does not have enough information to

bind to the LDAP server.Administrator response: Make sure that theconfiguration file has the ldap stanza and all the LDAPinformation is included in the stanza.

DPWWA0626E This script can only be used todecode form results.

Explanation: This error occurs when the user invokesthe update password URL directly from the browser.

Administrator response: The user needs to invoke the





cgi-bin program and change the password from the browser.

DPWWA0627E Could not get the LDAPdistinguished name (DN) for the remoteuser.

Explanation: The ira_get_dn(), to get the distinguishedname, failed.

Administrator response: Make sure that the LDAPentry is set for the remote user.

DPWWA0628E The selected resource or resourcegroup does not exist.

Explanation: The user selected a resource or aresource group that does not exist in the LDAPdatabase.

Administrator response: Make sure that the resourceor the resource group exists for the user.

DPWWA0629E Could not bind to the LDAP server.

Explanation: The ira_rgy_init call failed. Contact yourAdministrator.

Administrator response: Make sure that the LDAPserver can be reached and try again.

DPWWA0630E This script should be referencedwith a METHOD of POST.

Explanation: This error occurs when the user invokesthe update password URL directly from the browser.

Administrator response: The user needs to invoke thecgi-bin program and change the password from the

browser.

DPWWA0631E Passwords don't match.

Explanation: The user attempted to change their GSOtarget password and failed to confirm the newpassword.

Administrator response: The user must correct theirentries in the update password form, ensuring that thepasswords match.

DPWWA0632E Unable to retrieve user identity.

Explanation: This error occurs because theREMOTE_USER cgi environment variable was notpassed to the GSO chpwd program by WebSEAL.

Administrator response: Verify that the cgi-program is being invoked by WebSEAL and not called directly.

DPWWA0633E Either a user ID or a password mustbe specified.

Explanation: Either the user ID or a password must be specified to update the resource.

Administrator response: Enter the user ID orpassword and try again.

DPWWA0634E Select a resource or resource group.

Explanation: The required resource information wasmissing from the cgi form used to update a user's GSOtarget information.

Administrator response: The user must specify theproper resource information in the cgi form.

DPWWA0635E Completed successfully.

Explanation: Operation completed successfully.


DPWWA0636E No TFIM single sign-on tokens wereavailable.

Explanation: WebSEAL is correctly retrieving SSOtokens from TFIM, but these tokens have expired. Theproblem is most likely caused by the clocks on theWebSEAL server and the TFIM server being set todifferent times.

Administrator response: Check the timesynchronization between the TFIM server and theWebSEAL server.

DPWWA1055E Operation has insufficient Quality ofProtection

Explanation: This error occurs when a person tries toaccess an object that requires a secure communicationschannel over an insecure channel such as TCP.

Administrator response: Either access the object overSSL/TLS or modify the policy associated with theobject to reduce the QOP required.

DPWWA1061E Provide your authentication detailsfor method:

Explanation: This error is printed when a userattempts to access an object that requires a higher levelof authentication than they have provided.

Administrator response: The user should eitherprovide the higher level of authentication, or the policyassociated with the object should be modified to reducethe level of authentication required.





DPWWA1062E An invalid authentication level hasbeen detected in a POP object.

Explanation: A POP object specified an authenticationlevel that is not supported by the current WebSEALconfiguration.

Administrator response: Either modify the POP object

to correct the authentication level, or modify theWebSEAL configuration file to specify an authenticationmethod that can provide the required level.

DPWWA1076E Privacy required

Explanation: Indicates that requested object has theprivacy bit set, but the request is not using privacy

Administrator response: The user must connect usingprivacy to access the resource.

DPWWA1082E Invalid HTTP status code present inresponse. The response could have been

sent either by a third-party server or bya local resource, such as a CGI program.

Explanation: An invalid status code was received in aresponse. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

Administrator response: Check the status code in theresponse. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

DPWWA1083E Could not read HTTP status line in

response. Possible causes: non-specHTTP response, connection timeout, nodata returned. The response could havebeen sent either by a third-party serveror by a local resource, such as a CGIprogram.

Explanation: Data read failure. Possible causes:non-spec HTTP response, connection timeout, no datareturned. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

Administrator response: Check response for a missingHTTP status line. Also investigate a possible connection

timeout problem. The response could have been senteither by a third-party server or by a local resource,such as a CGI program.

DPWWA1084E Could not read HTTP headers inresponse. Possible causes: non-specHTTP headers, connection timeout, nodata returned. The response could havebeen sent either by a third-party serveror by a local resource, such as a CGIprogram.

Explanation: Data read failure. Possible causes:non-spec HTTP headers, connection timeout, no datareturned. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

Administrator response: Check response for badHTTP headers. Also investigate a possible connection

timeout problem. The response could have been senteither by a third-party server or by a local resource,such as a CGI program.

DPWWA1085E An HTTP message body sent in aresponse is too short. The responsecould have been sent either by athird-party server or by a local resource,such as a CGI program.

Explanation: The actual length of the response body isshorter that indicated by the Content-length HTTPheader in the response.

Administrator response: Correct problem with theresponse. The actual length of the response body isshorter that indicated by the Content-length HTTPheader of the response.

DPWWA1086E Could not read request line. Possiblecauses: non-spec HTTP headers,connection timeout, no data returned

Explanation: Data read failure. Possible causes:non-spec HTTP data, connection timeout, no datareturned

Administrator response: Check client request. Couldcontain bad HTTP headers or there might be aconnection timeout problem.

DPWWA1087E Invalid URL

Explanation: A client request contained a URL thatdoes not conform to HTTP specifications.

Administrator response: Check request from client.Does not conform to HTTP specifications.

DPWWA1088E Bad cookie header (or data readfailure)

Explanation: Data read failure. Possible causes:

timeout, connection problems, no data returned

Administrator response: Check response from either junctioned server or client. Could be bad Cookieheader, Set-cookie header or a connection timeoutproblem.





DPWWA1089E Invalid date string in HTTP header

Explanation: Invalid date string in HTTP header inclient request.

Administrator response: Check request from client.Contains invalid date string in HTTP header.

DPWWA1091W Failed to load portal map (0x%8lx)

Explanation: The portal service failed to load correctlydue to a problem with the information in the[portal-map] stanza of the configuration file.

Administrator response: Correct errors in the[portal-map] stanza of the configuration file.

DPWWA1092E Unable to open stanza file to readportal information

Explanation: The configuration file containing theportal mapping service information could not be

opened for reading.Administrator response: Ensure that the configurationfile exists and is readable.

DPWWA1093W Unable to find [portal-map] stanza

Explanation: The [portal-map] stanza was not foundin the configuration file.

Administrator response: Ensure that the [portal-map]stanza has been added to the configuration file.

DPWWA1094E Unable to read the URL field of the

portal mapExplanation: The URL attribute of a portal map entryin the configuration file was not found.

Administrator response: Ensure that the [portal-map]stanza of the configuration file contains the URL field.

DPWWA1095E Unable to read the Protected Objectfield of the portal map

Explanation: The Protected Object field of a portalmap entry in the configuration file was not found.

Administrator response: Ensure that the [portal-map]stanza of the configuration file contains the ProtectedObject field.

DPWWA1096E Unable to read the Action field ofthe portal map

Explanation: The Action field of a portal map entry inthe configuration file was not found.

Administrator response: Ensure that the [portal-map]stanza of the configuration file contains the Actionfield.

DPWWA1097E the Protected Object supplied to theportal map is invalid

Explanation: The Protected Object field in the[portal-map] stanza of the configuration file is not avalid Protected Object name

Administrator response: Correct the value entered in

the Protected Object field of the [portal-map] stanza of the configuration file.

DPWWA1100W POST request larger thanrequest-body-max-read, cannot applydynurl matching.

Explanation: WebSEAL attempted to apply dynurlmatching to a request, but received too much POSTdata from the client.

Administrator response: Increase therequest-body-max-read in the configuration file orrearchitect your site so that WebSEAL does not need to

apply dynurl rules to large POSTs.

DPWWA1110E Unable to build original URL forAttribute Retrieval Service

Explanation: WebSEAL was unable to obtain thehostname of the URL that client has requested. Theresult of this is that the original URL cannot beconstructed for consumption by the Attribute RetrievalService.

Administrator response: Ensure that configuraion iscomplete.

DPWWA1111E The SOAP client returned the errorcode: %d

Explanation: The SOAP request failed, and the gSOAPclient returned the error code contained in the messagetext.

Administrator response: Consult gSOAPdocumentation for error code definitions.

DPWWA1112E Attribute Retrieval Service internalerror: %s

Explanation: The SOAP request succeeded, but theAttribute Retrieval Service returned the error contained

in the message text.

Administrator response: Ensure that the AttributeRetrieval Service is configured correctly.

DPWWA1113E URL specifies an invalid Win32object name

Explanation: The client request specifies the objectname using a Win32 alias that points to the actualobject. The authorization check will have been





performed on the alias, and not the actual object, so therequest cannot be allowed.

Administrator response: Ensure that client requestsdo not use Win32 aliases.

DPWWA1114E URL contains invalid Win32characters or abbreviations

Explanation: The client request contains Win32abbreviations or '\' characters that are invalid.

Administrator response: Ensure that client requestsdo not contain invalid Win32 characters orabbreviations.

DPWWA1115E URL contains an illegal bytesequence

Explanation: The client request contains an illegal bytesequence, possibly from an attempted multibytecharacter encoding.

Administrator response: Ensure that client requestsdo not contain illegal byte sequences.

DPWWA1116E The requested method is notsupported

Explanation: One of the supported HTTP methods(that is: GET, PUT, POST, etc...) must be specified byeach client request. This request either contains anunsupported method, or none at all.

Administrator response: Ensure that client requestscontain a valid method.

DPWWA1117E The content-length of the clientrequest is invalid

Explanation: The content-length is either less thanzero, or it doesn't accurately describe the length of thePOST-body, or it should not be provided with therequest.

Administrator response: Ensure that thecontent-length specified correctly describes thecharacteristics of the request, and that this is not achunked request.

DPWWA1118E The 'host' header is not present in

the client request

Explanation: The client request specifies an HTTPversion of 1.1, but doesn't include the host header thatis required for this version.

Administrator response: Ensure that the host headeris present in request who's HTTP version is 1.1.

DPWWA1119E The HTTP version specified by theclient request is not supported


Administrator response: Ensure that the HTTPversion of the request is correct and supported.

DPWWA1120E The POST body of the client requestcontains misformated or invalid data


Administrator response: Ensure that the POST bodiesof client requests contain valid data.

DPWWA1121E An error occurred while reading thePOST body of the request


Administrator response: Ensure that the POST bodiesof client requests are valid.

DPWWA1122W Corrupted session cookie: %s.

Explanation: A session cookie was presented that wascorrupted. This could be a spoof attempt, a browser ornetwork problem, or a WebSEAL internal problem.

Administrator response: Investigate spoof attempt orsource of corruption.

DPWWA1123W The login data entered could not bemapped to an IBM Security AccessManager user

Explanation: A mapping function, such as that in alibrary or CDAS, failed to map the login information toan IBM Security Access Manager user.

Administrator response: Check the login data,registry, or mapping function.

DPWWA1124W A client certificate could not beauthenticated

Explanation: A client certificate could not beauthenticated


DPWWA1125W The data contained in the HTTPheader %s failed authentication

Explanation: The request an HTTP header that IBMSecurity Access Manager was configured to use asauthentication data. This data failed authentication.

Administrator response: Check the request, the proxyserver (if one is used), and the mapping library





DPWWA1126W IP address based authenticationfailed with IP address: %s

Explanation: IBM Security Access Manager isconfigured to authenticate using the client IP address,which was either unavailable or invalid

Administrator response: Check IBM Security Access

Manager configuration and/or authentication library

DPWWA1128E The current authentication methoddoes not support reauthentication.Contact the IBM Security AccessManager WebSEAL Administrator.

Explanation: Reauthentication is not supported by thecurrent WebSEAL authentication method. The user canabort the reauthentication process (by accessing anotherURL) and still participate in the secure domain byaccessing other resources that do not requirereauthentication.

Administrator response: Notify the IBM SecurityAccess Manager WebSEAL Administrator.

DPWWA1129E A reauthentication operation wasattempted with an initial authenticationmethod for which reauthentication isnot supported.

Explanation: A reauthentication misconfiguration hasoccurred. Administrators should not put areauthentication POP on a resource for clients whocannot actually perform a reauthentication.

Administrator response: The resource requestedrequires reauthentication but reauthentication issupported only by Forms, Token, and EAIauthentication.

DPWWA1130E Authentication level mismatch whenperforming reauthentication

Explanation: The authentication level supplied whilereauthenticating does not match the authenticationlevel of the existing authenticated user.

Administrator response: The user's authenticationlevel must be the same when reauthenticating as whenthey originally authenticated.

DPWWA1131W An entry in the [portal-map] stanzais invalid.

Explanation: [portal-map] stanza in the configurationfile contains an invalid entry.

Administrator response: Ensure that all entries in the[portal-map] stanza are valid.

DPWWA1132W Entry '%s = %s' in the [portal-map]stanza is invalid.

Explanation: [portal-map] stanza in the configurationfile contains an invalid entry.

Administrator response: Correct the entry in the[portal-map] stanza.

DPWWA1133E The 'host' header presented in theclient request does not conform toHTTP specifications.

Explanation: The client request contains a host headerwhich does not conform to the HTTP specification.

Administrator response: Ensure that the host headerconforms to the HTTP specification.

DPWWA1200E The requested junction type is notsupported by this server

Explanation: The requested junction type is notsupported by this server

Administrator response: Change junction definition.

DPWWA1201E Junction not found

Explanation: The named junction does not exist.

Administrator response: Verify the name, and if incorrect try the operation again.

DPWWA1202E Requested object does not exist

Explanation: Object on junctioned server does not

exist.

Administrator response: Informational only.

DPWWA1203E Permission denied

Explanation: You do not have permission to mount orunmount at this location.

Administrator response: Check the acl at this locationfor mount or unmount permissions.

DPWWA1204E Requested object is not a directory

Explanation: Requested object is not a directory

Administrator response: Informational only.

DPWWA1205E No query-contents on this server

Explanation: To list object space, a query_contents cgiprogram must be configured on the junctioned server.

Administrator response: To list object space, configurea query_contents cgi program on the junctioned server.

DPWWA1126W • DPWWA1205E




DPWWA1206E Illegal name for a junction point

Explanation: The junction point is illegal.

Administrator response: Use a different junction pointfor the new junction.

DPWWA1207E Trying to add wrong type of serverat this junction point

Explanation: Trying to add wrong type of server atthis junction point

Administrator response: Change junction definition.

DPWWA1208E Trying to add two servers with thesame UUID at a junction point

Explanation: Trying to add two servers with the sameUUID at a junction point

Administrator response: Change junction definition

DPWWA1209E Trying to add the same server twiceat the same junction point

Explanation: Trying to add the same server twice atthe same junction point

Administrator response: Change junction definition

DPWWA1210E Could not open junction database(%s ,0x%8x)

Explanation: Indicates a problem accessing the junction database maintained by the IBM SecurityAccess Manager server.

Administrator response: Check junction databasedirectory existance and permissions.

DPWWA1211E Could not load junction database(%s ,0x%8lx)

Explanation: An error occured when loading the junction database.

Administrator response: Check that all of the files inthe junction database can be read by the ivmgr userand are not corrupted. Check other error messages forother information about the error. If necessary, removeall of the files in the junction database and then addthem back one by one to isolate the problem to aspecific file.

DPWWA1212E Could not delete entry from junctiondatabase (%s ,0x%8lx)

Explanation: The XML File representing the junctioncould not be deleted.

Administrator response: Check the file permissions onthe junction XML file

DPWWA1213E Could not write entry to junctiondatabase (%s ,0x%8lx)

Explanation: Internal status code only. Database wasopened, but could not be written to.

Administrator response: Check system memory anddisk space.

DPWWA1214W Could not fetch entry from junctiondatabase (%s ,0x%8lx)

Explanation: Internal status code only. Database wasopened, but this junction could not be read.

Administrator response: Check that the xml filerepresenting the junction is not corrupt.

DPWWA1215E Invalid junction flags for thisjunction type

Explanation: Invalid junction flags for this junction

typeAdministrator response: Correct junction definition.

DPWWA1216E Invalid parameters for junction

Explanation: Invalid parameters for junction

Administrator response: Correct junction definition.

DPWWA1217E An error occurred when writing arequest to a junction. WebSEAL wasunable to dispatch the request toanother junction server.

Explanation: WebSEAL tried to send a request to a junction server. Sending the request failed. WhenWebSEAL is unable to send a request to a junction,WebSEAL attempts to 'rewind' the request from theclient so that it can be sent to another junction server. If the request from the client is large, it may not bepossible to retry the request. In that case, this error isreturned to the client.

Administrator response: Retry the request. If theproblem continues to occur, attempt to discover whythe request could not be written to the junction server.Check WebSEAL and junction server log files forunusual error messages. Try sending the request

directly to the junction.

DPWWA1218E Unknown junction server host

Explanation: Could not resolve a hostname usinggethostbyname()

Administrator response: Check the hostname in the junction configuration and make sure it is resolveable.





DPWWA1219E Could not build junction server URLmappings (0x%8lx)



DPWWA1220E Cannot delete the junction at theroot of the Web space. Try replacing itinstead

Explanation: Cannot delete the junction at the root of the Web space. Try replacing it instead

Administrator response: Cannot delete the junction atthe root of the Web space. Try replacing it instead

DPWWA1221E Cannot add two servers withdifferent options (case-sensitive, etc) atthe same junction

Explanation: Cannot add two servers with different

options (case-sensitive, etc) at the same junctionAdministrator response: Change junction definition

DPWWA1222E A third-party server is notresponding. Possible causes: the serveris down, there is a hung application onthe server, or network problems. This isnot a problem with the WebSEALserver.

Explanation: A junctioned server is not responding torequests. Possible causes: junctioned server down,network problems, hung application on junctionedserver.

Administrator response: Determine why the junctioned server is not responding and fix it.

DPWWA1224E Could not load junction database

Explanation: The database couldn't be loaded forsome reason.

Administrator response: Check the log files for moredetails.

DPWWA1225E Could not delete entry from junctiondatabase

Explanation: The file representing the junction couldnot be deleted from the filesystem.

Administrator response: Check the log files for moredetails.

DPWWA1226E Could not write entry to junctiondatabase



DPWWA1227W Could not fetch entry from junctiondatabase

Explanation: Internal status code only. Database wasopened, but this junctio n could not be read.

Administrator response: Check that the xml filerepresenting the junction is not corrupt.

DPWWA1228E Unable to contact junction serverhost at mount point: %s

Explanation: Could not resolve a hostname using

gethostbyname()Administrator response: Check for networkconectivity with the junctioned server

DPWWA1229E Unable to load junction file %s: %s

Explanation: An error occurred while loading a filefrom the junction database. The reason for the error isincluded in the message.

Administrator response: Correct the error.

DPWWA1230E Error building junction %s from file

%s: %sExplanation: An error occurred while building a

junction from an XML file loaded from the junctiondatabase. The XML file may have specified invalid

junction options.

Administrator response: Fix the problem in the XMLfile.

DPWWA1231E No such junction.

Explanation: A particular junction was not found inthe junction database.

Administrator response: Verify that the junction fileexists.

DPWWA1232E Could not remove file.

Explanation: The junction database was unable toremove a file.

Administrator response: Verify that all files in the junction database are writable by the ivmgr user andgroup.





DPWWA1233E Invalid junction file name.

Explanation: The junction file name specified did notmap to a valid junction name.

Administrator response: Make sure the junction filename ends with .xml and is a valid mime 64 encoding.

DPWWA1234E An invalid status code was receivedin a response sent by a third-partyserver. This is not a problem with theWebSEAL system.

Explanation: A junctioned server has sent an invalidstatus code in a response.

Administrator response: Check status code returnedfrom junctioned server.

DPWWA1235E Could not read the response statusline sent by a third-party server.Possible causes: non-spec HTTP

headers, connection timeout, no datareturned. This is not a problem with theWebSEAL server.

Explanation: Data read failure. Possible causes:non-spec HTTP headers, connection timeout, no datareturned

Administrator response: Check response from junctioned server. Could be bad HTTP headers or aconnection timeout problem.

DPWWA1236E Could not read the response headerssent by a third-party server. Possible

causes: non-spec HTTP headers,connection timeout, no data returned.This is not a problem with theWebSEAL server.

Explanation: Data read failure. Possible causes:non-spec HTTP headers, connection timeout, no datareturned

Administrator response: Check response from junctioned server. Could be bad HTTP headers or aconnection timeout problem.

DPWWA1237E An invalid HTTP header was sent by

a third-party server. This is not aproblem with the WebSEAL server.

Explanation: An HTTP response from a junctionedserver does not conform to HTTP specs.

Administrator response: Check response from junctioned server for non-spec HTTP headers.

DPWWA1238E An HTTP message body sent in aresponse by a third-party server is tooshort. This is not a problem with theWebSEAL server.

Explanation: The actual length of the response bodysent by a junctioned server is shorter that indicated bythe Content-length HTTP header in the response.

Administrator response: Correct problem with junctioned server response. The actual length of theresponse body is shorter that indicated by theContent-length HTTP header of the response.

DPWWA1239E A third-party server is notresponding. Possible causes: the serveris down, there is a hung application onthe server, or network problems. This isnot a problem with the WebSEALserver.

Explanation: A junctioned server is not responding to

requests. Possible causes: junctioned server down,network problems, hung application on junctionedserver.

Administrator response: Determine why the junctioned server is not responding and fix it.

DPWWA1240E Could not build Virtual Host Junction host mappings (0x%8lx)



DPWWA1241E Virtual Host Junction '%s' loadedfrom database illegally partners VirtualHost Junction '%s'. Virtual Host Junctionskipped.

Explanation: An error occured when loading theVirtual Host Junction from it's database file. It mayhave been incorrectly manually modified. The problemis the the Virtual Host Junction being loaded refers toone that also refers to another.

Administrator response: Manually edit the offendingVirtual Host Junction Database file and correct it.

DPWWA1242E Virtual Host Junction '%s' loadedfrom database illegally partners VirtualHost Junction '%s' that already haspartner '%s'. Virtual Host Junctionskipped.

Explanation: An error occured when loading theVirtual Host Junction from it's database file. It mayhave been incorrectly manually modified.






DPWWA1243E Virtual Host Junction '%s' loadedfrom database illegally partners VirtualHost Junction '%s' with different virtualhostname. Virtual Host Junctionskipped.

Explanation: An error occured when loading theVirtual Host Junction from it's database file. It mayhave been incorrectly manually modified. Virtual Host

Junctions that are partnered must have the same virtualhostname (excluding the ports).


DPWWA1244E Virtual Host Junction attempted topartner (-g) non-existant Virtual Host Junction


Administrator response: Use 'virtualhost list'

command to find a valid partner.

DPWWA1245E Virtual Host Junction attempted topartner (-g) a Virtual Host Junction witha different virtual hostname.


Administrator response: Use 'virtualhost show'command to help match virtual hostnames.

DPWWA1246E Virtual Host Junction illegallyattempted to partner (-g) itself.


Administrator response: Choose another partner.

DPWWA1247E Virtual Host Junction can not bechanged to partner (-g) another as it iscurrently being partnered.


Administrator response: Do not use -g for thisoperation.

DPWWA1248E Could not write entry to Virtual Host Junction database



DPWWA1249E Could not write entry to Virtual Host Junction database (%s ,0x%8lx)



DPWWA1250E Virtual Host Junction can not bedeleted until it's partner is deleted.


Administrator response: Delete the Partner VirtualHost Junction first.

DPWWA1251E Virtual Host Junctions created using-g don't have their own object space.List the partner's object space instead.

Explanation: Virtual Host Junctions created using -g

share their partnered Virtual Host Junction's protectedobject space. They don't have their own.

Administrator response: List the partnered VirtualHost Junctions object space instead as this Virtual Host

Junction uses it for access control.

DPWWA1252E Virtual Host Junctions partneredusing -g must have different protocoltypes (TCP and SSL).

Explanation: The concept of -g is to have the samecontent but opposite protocol, this was violated in thisattempt to create a Virtual Host junction using -g.

Administrator response: Either don't use -g or ensurethe type of the Virtual Host junction are of complementry protocols. For example localtcp andlocalssl will partner successfully.

DPWWA1253E The Virtual Host junction you areattempting to partner with using -g isalready in a partnership.

Explanation: The concept of -g is to have only twoVirtual host junctions in partnership, a third is notpermitted.

Administrator response: Either don't use -g or ensure

the Virtual Host junction being partnered to is notalready in a partnership.

DPWWA1254E Can't replace a Virtual Host junctionbeing partnered too with a new junctionhaving a different protocol type (TCPand SSL).

Explanation: The concept of -g is to have the samecontent but opposite protocol, this was violated in thisattempt to replace an existing Virtual Host junction.





Administrator response: Ensure the type of theVirtual Host junction is the same protocol as the VirtualHost juntion being replaced.

DPWWA1255E Can't replace a Virtual Host junctionbeing partnered too with a new junctionhaving a different virtual hostname.


Administrator response: Use 'virtualhost show'command to help match virtual hostnames.

DPWWA1256E Virtual Host junction has duplicatevirtual hostname (specificed by -v) asanother Virtual Host junction.

Explanation: Virtual Host junctions are selected basedon the host header in the client request matching thevirtual hostname (specified by -v) of the Virtual Host

junction. Thus the virtual hostname must be unique to be able to uniquely identify a Virtual Host junction.

Administrator response: Remove the Virtual Host junction with the duplicate virtual hostname beforeadding this one.

DPWWA1257E Could not load the local junction,%s , as the local junction functionalityhas been disabled.

Explanation: Local Junctions are disabled for thisinstance and a previously configured local junction,"%s", could not be loaded.

Administrator response: Remove the local junction orenable local junctions in the WebSEAL configurationfile.

DPWWA1350E Could not initialize mutex

Explanation: A resource required for properconcurrency could not be created. The global variableerrno may provide more specific information.

Administrator response: This is a fatal error. Norecovery is possible.

DPWWA1352E Could not lock mutex

Explanation: A resource required for proper

concurrency could not be locked. The global variableerrno may provide more specific information.


DPWWA1353E Could not unlock mutex

Explanation: A resource required for properconcurrency could not be unlocked. The global variableerrno may provide more specific information.


DPWWA1503E SSL function function failed, error0xerror code

Explanation: An SSL toolkit function has failed.

Administrator response: This is a fatal error. Norecovery is possible. Contact Support

DPWWA1504W SSL function function failed, error0xerror code

Explanation: An SSL toolkit function failed.

Administrator response: This is a warning message.Operation continues. If the warning persists contactsupport.

DPWWA1505W HTTP request does not containauthentication information

Explanation: HTTP request does not containauthentication information

Administrator response: Internal status code only.

DPWWA1506E Unknown HTTP authenticationscheme

Explanation: An authorization header contained aninvalid authentication scheme.

Administrator response: Check Authorization headerin request.

DPWWA1507E No password supplied in HTTPauthentication header

Explanation: No password supplied in HTTPAuthorization header

Administrator response: Check Authorization headerin request.

DPWWA1518W The specified certificate key label%s is incorrect. The default one will beused instead.

Explanation: The specified certificate key label cannot

be retrieved from the key database

Administrator response: check the webseald.conf ssl-keyfile-label option and the key database

DPWWA1950E Stanza '%s' is missing fromconfiguration file

Explanation: A necessary stanza is missing fromconfiguration file

Administrator response: The stanza should be addedto the configuration file





DPWWA1951E Configuration item '[%s]%s' ismissing from configuration file

Explanation: A necessary configuration item ismissing from configuration file

Administrator response: The configuration itemshould be added to the configuration file

DPWWA1952E Received invalid HTTP header inresponse. The response could have beensent either by a third-party server or bya local resource, such as a CGI program.

Explanation: Response HTTP headers do not conformto HTTP specs. The response could have been senteither by a third-party server or by a local resource,such as a CGI program.

Administrator response: Check HTTP headers inresponse. The response could have been sent either bya third-party server or by a local resource, such as a

CGI program.

DPWWA1953E HTTP document fetch failed withstatus %d

Explanation: Could not retrieve requested resource.

Administrator response: Check request forcorrectness.

DPWWA1954E HTTP list request failed

Explanation: Could not list directory on junctionedserver

Administrator response: Check permissions andexistence of directory being listed

DPWWA1955E Field missing from HTTP header

Explanation: Internal status code only.


DPWWA1962W CGI Script Failed



DPWWA1964E Invalid Content-Length headerreturned by TCP junction server

Explanation: The content-length is either less thanzero, or it doesn't accurately describe the length of thePOST-body.

Administrator response: Ensure that thecontent-length specified correctly describes thecharacteristics of the request.

DPWWA1965E Overflow of output buffer



DPWWA1966E Overflow of HTML filter workspace



DPWWA1967E Overflow of HTTP filter workspace



DPWWA1968E HTTP response truncated



DPWWA1969E HTTP request truncated



DPWWA1970E Cannot rewind HTTP response towrite error message (%lx)

Explanation: An internal error has occoured trying torewing the HTTP response.

Administrator response: MRQ Contact support

DPWWA1971E Cannot write HTTP error response toclient (%lx ,%lx)

Explanation: An internal error has occoured trying towrite the error response to the client.

Administrator response: MRQ Contact support

DPWWA1972E Cannot read HTTP request fromclient



DPWWA1973E HTTP response aborted







DPWWA1975W Unable to decode %s

Explanation: The decode of the specified token hasfailed.


DPWWA1976W Unable to encode %s

Explanation: The encode of the specified token hasfailed. This is an unexpected internal error.


DPWWA1977W %s for user %s , in domain %s hasexpired

Explanation: cdsso authentication token for a user hasexpired

Administrator response: The token has expired. Thiscould be due to clock skew, in which case fix the clocksor change the authentication token lifetime inconfiguration file. But beware of replay attacks

DPWWA1978W Badly formed single-sign-on URL

Explanation: Badly formed single-sign-on URL

Administrator response: Fix the cdsso link on the webpage.

DPWWA1979W Failover cookie contents haveexpired

Explanation: Failover cookie contents for a user hasexpired


DPWWA1980W Could not retrieve key for failovercookie



DPWWA1981W An internal error occurred whileencoding/decoding the %s



DPWWA1982W Could not find SSO key forserver/domain %s

Explanation: The SSO key file has not been correctlyconfigured for the server

Administrator response: Set up configuration toprovide correct key file for the specified server.

DPWWA1983W CDSSO cryptography error %doccurred



DPWWA1984W Unable to use failover cookies. Nofailover cookie key configured

Explanation: Failover cookies have been enabled, butno keyfile has been specified.

Administrator response: Either turn failover cookiesoff, or specify the keyfile for the failover cookie.

DPWWA1985W Unable to retrieve CDSSO refererfrom request

Explanation: Either the agent has not provided thereferer header or the client has directly typed in thelink and not been directed by a link


DPWWA1986W Error reading key file %s

Explanation: The CDSSO keyfile could not be readfrom

Administrator response: Check the keyfile forexistence and permissions.

DPWWA1987W Error writing key file %s

Explanation: The CDSSO keyfile could not be writtento

Administrator response: Check the keyfile forpermissions.

DPWWA1988E This action requires HTTP forms tobe enabled in the configuration file

Explanation: HTTP forms are required for this action but are not enabled in the configuration file

Administrator response: The forms-auth configurationitem should be set to both

DPWWA1989W Invalid protection level for %s

Explanation: The received token is of an insufficentprotection level

Administrator response: Ensure that vf-token-privacyand vf-token-integrity have the same settings on bothWebSEAL servers.

DPWWA1975W • DPWWA1989W




DPWWA1990W The e-community name %s does notmatch the configured name %s

Explanation: Another WebSEAL has passed ane-community name which does not match this serversconfigured e-community name

Administrator response: Synchronize the

e-community names

DPWWA1991W The e-community cookie passed hasexpired

Explanation: The contents of the e-community cookiepassed have expired


DPWWA1992E Can't retrieve fully qualified hostname for server. Disabling e-communitysingle-sign-on

Explanation: The fully qualified host name could not be retrieved

Administrator response: Ensure that networkconfiguration allows gethostbyname to retrieve thefully qualified name

DPWWA1993E Can't determine server domain name.Disabling e-community single-sign-on

Explanation: The domain name could not bedetermined

Administrator response: Specify value forec-cookie-domain setting or ensure that gethostbyname

returns the fully qualified host name

DPWWA1994E Disabling e-communitysingle-sign-on

Explanation: An error occurred when looking up thekey associated with the domain name for this server.

Administrator response: Ensure that networkconfiguration allows gethostbyname to retrieve thefully qualified name. You may need to place the fullyqualified host name of this server first in the hosts file.

DPWWA1995E Invalid master authentication server

configuration. Disabling e-communitysingle-sign-on

Explanation: master-authentication-server andis-master-authentication-serverare mutually exclusivesettings

Administrator response: Correctly configure thesettings for master authentication server

DPWWA1996E e-community-name has not beenspecified. Disabling e-communitysingle-sign-on

Explanation: An e-community name was notspecified. This is mandatory

Administrator response: Correctly configure an

e-community name

DPWWA1997W The machine %s could not vouchfor the user's identity

Explanation: The specified machine returned a tokenindicating that it could not vouch for the user's identity

Administrator response: Correct e-communityconfiguration

DPWWA1998W Unable to open the LTPA key filefor reading

Explanation: The LTPA key file configured for a junction could not be opened for reading

Administrator response: Check junction configuration

DPWWA1999W The version of the LTPA key file isnot supported

Explanation: Only certain versions of LTPA keyfilesare supported

Administrator response: Obtain right version of thekey file

DPWWA2000W Error parsing LTPA key fileExplanation: The LTPA Keyfile is either corrupt or thewrong version

Administrator response: Obtain new copy of keyfile

DPWWA2001W LTPA key file: password invalid orfile is corrupt

Explanation: The password specified could notdecrypt keyfile

Administrator response: Use correct key file passwordor ensure file is not corrupted

DPWWA2002W The LTPA cookie passed hasexpired

Explanation: An expired LTPA cookie was passed






DPWWA2004W LTPA text conversion error

Explanation: An iconv routine failed

Administrator response: Check locale settings

DPWWA2005W An error occurred while encodingan LTPA token

Explanation: Internal Error


DPWWA2006W An error occurred while decodingan LTPA token

Explanation: Internal Error


DPWWA2008E Error reading stanza '[%s]': %s

Explanation: One of the entries in the stanza couldn't be parsed.

Administrator response: Fix the malformed entry inthe stanza.

DPWWA2009E The forms single-sign-on argument'%s' needs a colon.

Explanation: One of the request arguments isn'tformatted properly.

Administrator response: Fix the argument.

DPWWA2010E Forms single-sign-on GSO argument

'%s' is not valid. GSO arguments mustbe either 'gso:username' or'gso:password.'

Explanation: One of the request arguments isn'tformatted properly.


DPWWA2011E The forms single-sign-on argument'%s' is not valid.

Explanation: Most likely a typo in the config file.


DPWWA2012E Forms single-sign-on configurationerror.

Explanation: This is a summary of the problem, andwill be preceded by a better explanation of the error.

Administrator response: Fix the configurationproblem.

DPWWA2013E Forms single-sign-on URLs must berelative to the junction point.

Explanation: The fsso URL from the configuration filedoes not begin with a / character.

Administrator response: Make the fsso URL relativeto the junction point.

DPWWA2014E An internal error in the formssingle-sign-on module occurred.

Explanation: This should never happen - perhapssome kind of unexpected configuration problem hasresulted in an internal error.

Administrator response: Call tech support.

DPWWA2015E A forms SSO authentication requestwould have been dispatched to adifferent junction than the loginrequest. The request has been aborted.

Explanation: For security reasons, forms SSO does notallow an authentication request to be dispatched to adifferent junction than the login page was returnedfrom.

Administrator response: Make sure that theapplication does not dispatch the authentication requestto a different junction than returned the login page.

DPWWA2016E No HTML form for single-sign-onwas found.

Explanation: This occurs when no HTML form withan action URI matching the login-form-action wasfound in the document returned from the junction.

Administrator response: Examine the login page being returned from the junction. Is it an HTML orWML document? Does it contain an HTML form? Doesthe form action URI match the login-form-action entryin the forms SSO configuration file?

DPWWA2017E The login form returned by thejunction did not contain all requiredform attributes.

Explanation: This occurs when the login formreturned from a junction did not cpontain an 'action' or

'method' attribute in the form start tag.

Administrator response: Examine the login form being returned from the junction. Did the login formcontain both the action and method attributes? Doesthe form action URI match the form action URIspecified in the configuration file?





DPWWA2018E The action URI in the login formreturned by the junction did not matchany WebSEAL junction.

Explanation: In order to dispatch a forms SSOauthentication request, WebSEAL must match theaction URI returned with the login form to a WebSEAL

junction. That match could not be made.

Administrator response: Examine the login form being returned by the junction. You may need to createa junction to the host referenced by the actoin URI.

DPWWA2019E The action URI in the login formreturned by the junction was invalid.

Explanation: An action URI such as '/../foo' will berejected by WebSEAL because /.. is not a valid location.

Administrator response: Examine the login form.Does it contain any invalid characters, or is the pathinvalid?

DPWWA2020E One or more of the argumentspassed to the SU authentication modulewere invalid.

Explanation: The suauthn library can take anargument to specify the authentication level for thecredential. It prints this error if the arguments areincorrect.

Administrator response: Check the flags being passedto the authentication library.

DPWWA2021E The SU authentication method

specified is not enabled.

Explanation: The POST to /pkmssu.form takes anauth_method parameter. This must correspond to anauthentication mechanism that is enabled in theconfiguration file.

Administrator response: Check the auth_method fieldin the SU form submission.

DPWWA2023E Configuration item '[%s]%s' has aninvalid value '%s'

Explanation: A configuration item in the configurationfile has a bad value. For example it is expecting an

integer and was provided with a string

Administrator response: The configuration itemshould be changed to a valid entry

DPWWA2024E %s [%s] %s: Value is out of range. Itmust be value from 0 to 100.

Explanation: WebSEAL will not start if theworker-thread-hard-limit or worker-thread-soft-limit isnot in the range 0 to 100 inclusive

Administrator response: You must edit theconfiguration file and adjust the value to a valid one

DPWWA2025W IBM Security Access ManagerWebSEAL has lost contact with junctionserver: %s


Administrator response: Check the network conection between WebSEAL and the junctioned server, and thatthe backend application server is running.

DPWWA2026W IBM Security Access ManagerWebSEAL has regained contact withjunction server: %s

Explanation: WebSEAL has regained contact with a junctioned server that was previously unreachable.


DPWWA2027E One or more of the form argumentsis either missing or invalid.

Explanation: One or more of the arguments passed inthe form submission is either missing or invalid.

Administrator response: Check the completed fieldsin the form submission.

DPWWA2028E New password verification failed.Make sure both new password fieldscontain the same data.

Explanation: New password double-check failed.

Make sure both new passwords are the same.Administrator response: Check the new passwordfields in the form submission.

DPWWA2029E Pam Module Internal Error

Explanation: Error with the Pam Handle. This is anunexpected internal error.

Administrator response: Notifiy the IBM SecurityAccess Manager WebSEAL Administrator.

DPWWA2030W Mismatch of Auth Token versions,check pre-410-compatible-tokens setting.

Explanation: A new encoding method for Auth tokenswas introduced in version 4.1.0 which is enabled bydefault. This can be overridden and made compatablewith earlier versions using the webseald.conf file entry,[server] pre-410-compatible. All WebSEAL servers must

be using the same version.

Administrator response: Update all WebSEAL serversto use the same setting for [server]pre-410-compatible-tokens.





DPWWA2031W Mismatch of %s Auth Tokenversions, check pre-410-compatible-tokens setting.

Explanation: A new encoding method for Auth tokenswas introduced in version 4.1.0 which is enabled bydefault. This can be overridden and made compatablewith earlier versions using the webseald.conf file entry,[server] pre-410-compatible. All WebSEAL servers must

be using the same version.

Administrator response: Update all WebSEAL serversto use the same setting for [server]pre-410-compatible-tokens.

DPWWA2032E CDSSO library error.

Explanation: The CDSSO library returned a failingstatus.

Administrator response: Check configuration andusage. See msg__webseald.log for details.

DPWWA2033E Invalid configuration file name.

Explanation: An invalid parameter was passed to afunction, indicating an internal error.


DPWWA2034E Some PKCS#11 options are missing.You must specify either all or none ofthe the options: pkcs11-driver-path,pkcs11-token-label, pkcs11-token-pwd

Explanation: WebSEAL will not start if only some of the PKCS#11 options are specified.

Administrator response: You must edit theconfiguration file and set all PKCS#11 settings

DPWWA2035E Credential generation failed duringthe credential refresh operation. Errorcode 0x%lx

Explanation: The azn-api function azn_id_get_credswas called to retrieve a new credential for a user. Theoperation failed.

Administrator response: Use the pdadmin 'errtext'command to look up the corresponding error code, and

take further action from there.

DPWWA2036E Credential generation failed duringthe credential refresh operation.

Explanation: The azn-api function azn_id_get_credswas called to retrieve a new credential for a user. Theoperation failed.

Administrator response: Check error logs for furtherinformation on the failure.

DPWWA2037E An invalid result for a credentialrefresh rule was specified.

Explanation: Credential refresh rules require that therule result be either 'preserve' or 'refresh.'

Administrator response: Verify that the syntax of credential refresh configuration in configuration files is

correct.

DPWWA2038E An internal error occurred during thecredential refresh operation.

Explanation: This error should not occur.


DPWWA2039W A credential attribute value of type%lu not supported by credential refresh

was found. The value was removedfrom the new credential.

Explanation: Credential attribute values can be of several types. Credential refresh is able to preservestring, buffer, unsigned long, and protected objectvalues. Other value types are removed from thecredential.

Administrator response: You may ignore this warningif you are not experiencing other difficulties involvingcredential refresh. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2040E User session IDs must be enabled inorder to use the credential refreshfeature.

Explanation: Refreshing a user's credential based ontheir username requires that user session IDs areenabled.

Administrator response: Enable User Session IDs inthe WebSEAL configuration file.

DPWWA2041E An invalid session cache entry was

found while refreshing a user'scredential.

Explanation: This message indicates that the usersession cache and the credential cache are inconsistent.






DPWWA2042W The user is not logged in to the webserver.

Explanation: If a user is not logged in to the webserver, their credential cannot be refreshed. There isalso no need to refresh their credential, since the nexttime they log in to the web server they will receive anew credential.


DPWWA2044E Invalid certificate authenticationconfiguration. Incompatiblecombination of accept-client-certs andssl-id-sessions values.


Administrator response: Change theaccept-client-certs or ssl-id-sessions parameter inwebseald.conf

DPWWA2045W A client attempted to Step-up tocertificates, but the server is notconfigured for Step-up to certificates.


Administrator response: Change theaccept-client-certs parameter to prompt_as_needed inwebseald.conf or unconfigure the step-up POPs.

DPWWA2046E Invalid certificate cacheconfiguration.


Administrator response: Change the values of thecertificate cache configuration items.

DPWWA2047E The activity timestamp is missingfrom the failover cookie.

Explanation: A request was made to update the lastactivity timestamp of the failover cookie, but theattribute was not found in the cookie.

Administrator response: An internal error occurred. If the problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/


DPWWA2048E The original authentication methodin the failover cookie is not recognizedfor failover authentication on thisserver. The value %s is invalid.

Explanation: A request could not be authenticatedusing the supplied failover cookie because theauthentication level specified in the cookie is not validfor this server.

Administrator response: Update the supportedfailover authentication methods in the configuration fileor correct the configuration of the server that generatedthe failover cookie.

DPWWA2049E The original authentication methodin the failover cookie is not recognized

for failover authentication on thisserver.

Explanation: A request could not be authenticatedusing the supplied failover cookie because theauthentication level specified in the cookie is not validfor this server.

Administrator response: Update the supportedfailover authentication methods in the configuration fileor correct the configuration of the server that generatedthe failover cookie.

DPWWA2050E An authentication system failure has

occurred.Explanation: A call to the authentication system failedwith an unexpected error.

Administrator response: Examine the log for thecontext of the failure and correct any indicatedproblem. In particular, ensure that your user registry isavailable and accessible. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2051E An authentication system failure hasoccurred: error: %s (error code: %#lx).

Explanation: A call to the authentication system failedwith an unexpected error.

Administrator response: Examine the log for thecontext of the failure and correct any indicatedproblem. In particular, ensure that your user registry isavailable and accessible. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2052E The cross domain single sign-onoperation failed.

Explanation: A call into the cross domain singlesign-on system failed with an unexpected error.

Administrator response: Examine the log for thecontext of the failure. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman





DPWWA2053E The cross domain single sign-onsystem failed with an unexpected error:%#x

Explanation: A call into the cross domain singlesign-on system failed with an unexpected error.

Administrator response: Examine the log for the

context of the failure. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2054E No default HTTP method permissionmap has been specified.

Explanation: A default HTTP method permission mapmust be specified in the configuration file but none has

been.

Administrator response: Specify a value for thedefault HTTP method permission map in the

configuration file.

DPWWA2055E The HTTP method permission mapconfiguration information could not befound in the configuration file.

Explanation: No HTTP method permission mapconfiguration information could be found in theconfiguration file.

Administrator response: Ensure that HTTP methodpermission map configuration information is present inthe configuration file.

DPWWA2056E HTTP method permission mapvalidation failed: API error: %s (APIerror code: [%#x:%#x]).

Explanation: The authorization API failed whilevalidating the configured HTTP method permissionmap.

Administrator response: Perform the action requiredto resolve the problem indicated by the identified APIerror. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2057E The SSO token moduleconfiguration data was missing orinvalid.

Explanation: The process using the SSO tokenmodules must provide some input data to configurethe modules. This data was not provided correctly. Thisis an unexpected internal error.



DPWWA2058E The integer value '%s' for the '%s'entry in the '%s stanza is not valid.

Explanation: The specified value is required to be anon-negative integer.

Administrator response: Correct the invalidconfiguration value.

DPWWA2059W The %s attribute could not beextracted from a credential: API error:%s (API error code [%x:%x]).

Explanation: The specified attribute could not beextracted from a credential. This may be due toresource exhaustion, and as such be transient.



DPWWA2060W The %s attribute could not beextracted from a credential: API errorcode [%x:%x].

Explanation: The specified attribute could not beextracted from a credential. This may be due toresource exhaustion, and as such be transient.


DPWWA2061W The number of values for the %sattribute could not be retrieved from anattribute list: API error: %s (API errorcode [%x:%x]).

Explanation: The number of values for the specifiedattribute could not be retrieved from an attribute list.This may be due to resource exhaustion, and as such betransient.


DPWWA2062W The number of values for the %sattribute could not be retrieved from anattribute list: API error code [%x:%x].

Explanation: The number of values for the specifiedattribute could not be retrieved from an attribute list.This may be due to resource exhaustion, and as such betransient.







DPWWA2063W The type of value %d for the %sattribute from an attribute list could notbe determined: API error: %s (API errorcode [%x:%x]).

Explanation: The type of a values for the specifiedattribute in an attribute list could not be determined.This may be due to resource exhaustion, and as such betransient.


DPWWA2064W The type of value %d for the %sattribute from an attribute list could notbe determined: API error code [%x:%x].

Explanation: The type of a values for the specifiedattribute in an attribute list could not be determined.This may be due to resource exhaustion, and as such betransient.


DPWWA2065W Value %d of the %s attribute cannotbe included in an SSO token, as it is oftype %s .

Explanation: The specified attribute value cannot beincluded in an SSO token, because it is of the wrongtype. Only string and unsigned long data types can beincluded in SSO tokens.

Administrator response: Remove the token attributespecification which matched this attribute, or, forcustom attributes, change the attribute type to onesuitable for inclusion in tokens.

DPWWA2066W The %s attribute could not beextracted from an attribute list: APIerror: %s (API error code [%x:%x]).

Explanation: The specified attribute could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.


DPWWA2067W The %s attribute could not beextracted from an attribute list: APIerror code [%x:%x].

Explanation: The specified attribute could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.


DPWWA2068W The attribute list could not beretrieved from a credential: API error:%s (API error code [%x:%x]).

Explanation: The attribute list could not be extractedfrom a credential. This may be due to resourceexhaustion, and as such be transient.



DPWWA2069W The attribute list could not beretrieved from a credential: API errorcode [%x:%x].

Explanation: The attribute list could not be extractedfrom a credential. This may be due to resourceexhaustion, and as such be transient.


DPWWA2070W The list of entry names could not beretrieved from an attribute list: APIerror: %s (API error code: [%x:%x]).

Explanation: The list of entry names could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.


DPWWA2071W The list of entry names could not beretrieved from an attribute list: APIerror code [%x:%x].

Explanation: The list of entry names could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.







DPWWA2072E No cryptographic keys areconfigured for cross domain singlesign-on in the stanza '%s'.

Explanation: No keys are configured for CrossDomain Single Sign-On in the specified stanza. ForCross Domain Single Sign-On to operate, keys must beconfigured in this stanza.

Administrator response: Correct the configuration, oruse the cdsso_key_gen utility to create keys for use byCDSSO. CDSSO keys must be securely shared by, andinstalled on, all CDSSO participant servers.

DPWWA2073E No cryptographic keys areconfigured for e-community singlesign-on in the stanza '%s'.

Explanation: No keys are configured for e-CommunitySingle Sign-On in the specified stanza. For

e-Community Single Sign-On to operate, keys must beconfigured in this stanza.

Administrator response: Correct the configuration, oruse the cdsso_key_gen utility to create keys for use byeCSSO. eCSSO keys must be securely shared by andinstalled on all servers participating in thee-Community.

DPWWA2074W The machine '%s' could not vouchfor the user's identity: error: %s (errorcode: %#lx)

Explanation: The specified machine returned a token

indicating that it could not vouch for the user's identity.This means that either the user's account is disabled, orthat the user was unable to authenticate to the specifiedmachine.

Administrator response: If the message indicates thatthe user's account is disabled, check whether thisshould be the case. If the message indicates anauthentication failure, the user may need to have theirpassword changed. If possible, check the log messageson the specified machine for more information.

DPWWA2075E The stanza '%s' contains an invalidSSO token incoming attribute

configuration item: '%s = %s '.

Explanation: The SSO token incoming attributestanzas specify attributes that are accepted and rejectedfrom incoming eCSSO or CDSSO tokens. The righthand side of the items in this stanza must be either'accept' or 'reject'.

Administrator response: Locate and correct theinvalid configuration item and try again.

DPWWA2076E Failed to construct a credential froma PAC supplied by an EAI server. Majorstatus = 0x%x , minor status = 0x%x.

Explanation: An EAI server constructed a PAC toauthenticate a user, but the PAC could not be convertedto a credential.

Administrator response: Investigate the PACconstruction and verify that the PAC data is valid forIBM Security Access Manager.

DPWWA2077E Could not authenticate user. An EAIserver returned invalid authenticationdata.

Explanation: An EAI server failed to return properauthentication data in an authentication response. Thisis typically due to a misconfigured EAI server.

Administrator response: Investigate and correct anyproblems with the authentication headers returned by

the EAI server.

DPWWA2078E Could not authenticate user. Anexternal authentication service did notreturn required authentication data.

Explanation: An EAI server did not return requiredauthentication data in an authentication response. Thisis typically due to a misconfigured EAI server notreturning attributes that it must return.

Administrator response: Investigate and correct anyproblems with the authentication headers returned bythe EAI server.

DPWWA2079E Configuration of the SSO createand/or consume authenticationmodule(s) failed: %s '.

Explanation: ECSSO and/or CDSSO is configured tocreate and/or consume authentication tokens, but themodules could not be configured. This means that theyare either not properly loaded, or there is a fatalproblem with the current configuration settings.

Administrator response: Ensure that thesso-create/sso-consume libraries are properly specifiedin the configuration file.

DPWWA2080E The session inactivity timestamp ismissing from the failover cookie.

Explanation: WebSEAL is configured to requireinactivity timestamps in all received failover cookies,and a failover cookie was received that did not havethe session inactivity timestamp.

Administrator response: Set failover-validate-inactivity-timestamp to optional.





DPWWA2081E The session lifetime timestamp ismissing from the failover cookie.

Explanation: WebSEAL is configured to requirelifetime timestamps in all received failover cookies, anda failover cookie was received that did not have thesession inactivity timestamp.

Administrator response: Set failover-validate-lifetime-timestamp to optional.

DPWWA2082E This system error code could not beconverted to an error string.

Explanation: The system error code has no equivalenterror string.


DPWWA2083E The shared library could not beopened.

Explanation: The shared library could not be opened.Administrator response: Examine earlier messages inthe log containing this message to identify the modulethat could not be opened. Check that the identifiedlibrary exists and is found within the configured librarypath.

DPWWA2084E Could not find the requestedsymbol.

Explanation: The requested symbol was not foundwithin the shared library.

Administrator response: Examine additional messages

to determine the cause of the error and correct theproblem. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2085E The shared library file '%s' could notbe opened: %s

Explanation: The specified shared library file couldnot be opened. The system error string is given.

Administrator response: Ensure the specified shared

library file exists and has appropriate permissions.Restart the process.

DPWWA2086E The symbol '%s' could not beresolved in the shared library '%s': %s

Explanation: The specified symbol could not beresolved. The system error string is given.

Administrator response: Ensure the specified sharedlibrary file is the appropriate type of library file. Restartthe process. If the problem persists, check IBM


DPWWA2087E The '%s' flag to the authenticationmodule requires an argument.

Explanation: The authentication module flag musthave an argument.

Administrator response: Add an argument to thespecified flag.

DPWWA2088E Unknown authentication moduleflag '%s'.

Explanation: An invalid option was provided to theauthentication module.

Administrator response: Provide correctauthentication module option.

DPWWA2089E The authentication module flag '%s'requires an integer argument.

Explanation: The argument of the authenticationmodule flag must be an integer.

Administrator response: Ensure that the argument of the authentication module flag is an integer.

DPWWA2090E The session activity timestamp ismissing from the failover cookie.

Explanation: WebSEAL is configured to requireactivity timestamps in all received failover cookies, and

a failover cookie was received that did not have thesession activity timestamp.

Administrator response: Set failover-require-activity-timestamp-validation to no.

DPWWA2091E Bad EAI trigger URL pattern '%s' inconfiguration file.

Explanation: The EAI trigger is not formattedcorrectly. If it is a Virtual Host junction trigger it must

begin with HTTP[S]://hostname[:port]/.

Administrator response: Correct the syntax of the EAItrigger.

DPWWA2092E Could not reset the cache sessionlifetime because the EAI serverprovided a bad value ('%s') in the'am_eai_xattr_session_lifetime' header.

Explanation: WebSEAL could not reset the cachesession lifetime because the header value returned bythe EAI server is invalid. The value must contain onlynumeric digits.

Administrator response: Investigate and correct any





problems with the 'am_eai_xattr_session_lifetime'extended attribute header returned by the EAI server.

DPWWA2093E Configuration item '[%s]%s' has aninvalid value '%s'

Explanation: A configuration item in the configurationfile has a bad value. For example it is expecting aninteger and was provided with a string

Administrator response: The configuration itemshould be changed to a valid entry

DPWWA2100E The new user ID does not match theuser ID previously presented toauthenticate.

Explanation: In the event of a step-up operation withverify-step-up-user set to true, the user ID presented tothis authentication level must match the user IDauthenticated to the previous level.

Administrator response: The user must present thesame user ID provided in the previous authenticationlevel.

DPWWA2101E The new user ID (%s) does notmatch the user ID (%s)previouslypresented to authenticate.

Explanation: In the event of a step-up operation withverify-step-up-user set to true, the user ID presented tothis authentication level must match the user IDauthenticated to the previous level.

Administrator response: The user must present thesame user ID provided in the previous authenticationlevel.

DPWWA2250E The ACL attached to the requestedresource does not permit the Traverseoperation.

Explanation: The ACL attached to the requestedresource does not permit the Traverse operation.

Administrator response: Modify the ACL if necessary,or inform the user that they are not permitted to accessthe resource.

DPWWA2251E The ACL attached to the requestedresource does not allow access by thisuser.

Explanation: The ACL attached to the requestedresource does not allow access by the client.

Administrator response: Modify the ACL if necessary,or inform the user that they are not permitted to accessthe resource.

DPWWA2252E The requested resource is protectedby a policy that restricts access tospecific time periods. This request isprohibited at this time.

Explanation: A time-of-day POP is attached to therequested resource that has prohibited access at thetime of the request.

Administrator response: Modify the POP if necessary,or inform the user of the policy details.

DPWWA2253E An External Authorization Serverhas denied access to the requestedresource.

Explanation: An External Authorization Server hasdenied access to the requested resource.

Administrator response: Modify the EAS if necessary,or inform the user that they are not permitted to accessthe resource.

DPWWA2254E The requested resource is protectedby a policy that restricts access tospecific clients. This request isprohibited for this client.

Explanation: Step-up is configured for the requestedresource, but the client IP address is forbidden tostep-up.

Administrator response: Modify the POP if necessary,or inform the user that they are not permitted to accessthe resource.

DPWWA2255E This user does not have permissionsto perform a delegated operation.

Explanation: This user does not have permissions toperform a delegated operation.

Administrator response: Modify the ACL attached tothe resource to grant the user delegation permissions,or inform the user that they are not permitted toperform the requested operation.

DPWWA2400E Invalid challenge header

Explanation: SPNEGO Authentication requiresdecoding a challenge header from the client. That

header had an invalid format.

Administrator response: Make sure that the client isone supported by WebSEAL.

DPWWA2401E An internal error occurred duringSPNEGO processing.

Explanation: SPNEGO authentication failed because of an internal error. This indicates a serious problem.







DPWWA2402E Initialization of Kerberosauthentication failed.

Explanation: Initialization of Kerberos authenticationfailed.

Administrator response: Check for additional errormessages in log files. Check your SPNEGOconfiguration entries to make sure they match thedocumentation.

DPWWA2403E Your browser supplied NTLMauthentication data. NTLM is notsupported by WebSEAL. Make sureyour browser is configured to useIntegrated Windows Authentication.

Explanation: If a browser is improperly unconfigured,

it will supply NTLM authentication data instead of SPNEGO data.

Administrator response: Make sure that the browseris located in the same domain as the WebSEAL server.Refer to your browser documentation to make sure it isconfigured properly for Integrated WindowsAuthentication.

DPWWA2404E An error occurred when creating theSPNEGO token.

Explanation: An error occurred when creating theSPNEGO token for the GSS-API token.

Administrator response: This problem is most likelydue to an internal error or misconfiguration. Check theSPNEGO related configuration items in your server forerrors.

DPWWA2405W Cannot update failover cookie forswitch-user admins

Explanation: A switch-user admin cannot get afailover cookie for the user impersonated; this is aknown limitation of failover with switch-user


DPWWA2406W Could not find the failover sessionID in the user's failover token

Explanation: A user is trying to authenticate with afailover token that should have a session ID encodedfrom another WebSEAL replica. The session ID ismissing from the token, indicating a configuration errorat one of the replicas.

Administrator response: Ensure failover-include-session-id configuration settings are correct.

DPWWA2407W The failover session ID in the user'sfailover token does not match thesession ID in the user's session cookie.

Explanation: When trying to establish a session withfailover-include-session-id enabled, the session IDstored in the session cookie and the user's failovertoken must match. A mismatch indicates a possiblesecurity breach. WebSEAL will issue new session andfailover cookies for the user.

Administrator response: Ensure failover-include-session-id configuration settings are correct.

DPWWA2408W Cannot find the session cookie inthe user's request for use in comparingwith the failover cookie.

Explanation: When attempting to establish a nonstickyfailover session, WebSEAL could not find the user'ssession cookie. The cookie is required for a comparisonwith the session id in the failover token. Ensure

configuration settings are correct.

Administrator response: Check cookie and nonstickyfailover settings.

DPWWA2409W Reverse lookup for host '%s'returned an alternate host name '%s'.This might prevent SPNEGOauthentication from functioningproperly.

Explanation: The SPNEGO authentication moduleattempted to validate the SPNEGO principal name bychecking that the reverse lookup for the specified host

name resolves to the same host name as the original.The host name returned for the reverse lookup did notmatch the original host name.

Administrator response: If server startup succeedsand SPNEGO authentication functions properly, noaction need be taken. If there are problems withSPNEGO authentication, make sure that your hostname resolution is properly configured. Refer to theTAM WebSEAL Administration Guide for additionalinformation about the problem.

DPWWA2410E Initialization of Kerberosauthentication for server principal '%s'

failed.

Explanation: Initialization of Kerberos authenticationfor the specified principal failed.

Administrator response: Check for additional errormessages in log files. Refer to the TAM WebSEALAdministration Guide for additional information.





DPWWA2411E No SPNEGO service principalcredential found for Virtual Host Junction '%s'.

Explanation: SPNEGO authentication cannot completeunless the SPNEGO keytab file contains a serviceprincipal matching the host name of the virtual host

junction and the service principal is listed in theWebSEAL configuration file.

Administrator response: Verify that the client is usingthe correct hostname to contact the virtual host. Verifythat the WebSEAL configuration file contains an entry'[spnego]spnego-krb-service-name =HTTP@<hostname>' for the virtual host. The SPNEGOkeytab file must contain a key for the principal.

DPWWA2550E Error initializing the credentialpolicy entitlements service

Explanation: An error occurred when loading thecredential policy entitlements service.

Administrator response: Check the log file foradditional error messages. The other error messagescontain more information about the problem.

DPWWA2551E Policy retrieval for user %s failed: %s(error code: 0x%lx)

Explanation: An error occurred when trying toretrieve credential policy attributes for the specifieduser.

Administrator response: Examine the status messageand code embedded in this message to identify the rootcause of the problem.

DPWWA2734W The authentication type isunknown. The audit event will not berecorded.

Explanation: An authentication event has occurred.However, the authentication type utilized is not aknown value and, as such, the audit event will not berecorded.


DPWWA2735W The reason for the session

termination is unknown. The auditevent will not be recorded.

Explanation: A session has been terminated. Thereason for this termination, however, is unknown.Because of this the audit record of this event could beconsidered broken and, as such, will not be audited.


DPWWA2850E A general failure has occured withinthe SOAP client.

Explanation: An error has occured within the SOAPclient.



DPWWA2851E An error was returned from theSOAP server in cluster %s when callingthe %s interface: %s (code: 0x%x).

Explanation: The web service returned an error.

Administrator response: Examine messages within thesession management server log. If the problem persists,


DPWWA2852E An error occurred when attemptingto communicate with the SOAP serverURL %s: %s (error code: %d /0x%x).

Explanation: An attempt was made to communicatewith the SOAP server and a failure occured within theunderlying communications layer.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Ensure that the SOAP server is running andreachable. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2853E The SOAP client failed to initialized.

Explanation: The SOAP client for a Web service couldnot be initialized.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Restart the process. If the problem persists,


DPWWM1299E Invalid flag '-%c'

Explanation: An invalid flag was passed to acommand.

Administrator response: Read the manual to identifythe flag you want to use.

DPWWA2411E • DPWWM1299E




DPWWM1300E Flag '-%c' does not take an argument

Explanation: An invalid argument was passed to acommand.

Administrator response: Correct the syntax of thecommand.

DPWWM1301E Missing argument for '-%c' flag

Explanation: An argument is required for the optionused.


DPWWM1302E Basic authentication type must beone of: ignore, filter,supply or gso

Explanation: An invalid argument followed the -bflag.


DPWWM1314E Must specify the junction typeusing the '-t' flag

Explanation: The junction type was not passed withthe create command.

Administrator response: Pass the junction type as anargument to the -t flag.

DPWWM1315E Must specify a junction point

Explanation: No junction point was passed as an

argument.


DPWWM1316W WARNING: A junction alreadyexists at %s

Explanation: A junction already exists at the specified junction point.

Administrator response: Either replace the existing junction or specify a different junction point.

DPWWM1318E Cannot create junction

Explanation: A junction create command failed.

Administrator response: This message is preceded bya detailed explanation of why the junction could not becreated. Correct the problem and try to create the

junction again.

DPWWM1320E Must specify the junction serverhostname using the '-h' flag

Explanation: No hostname was passed to the add orcreate command.

Administrator response: Include the hostname in thecommand.

DPWWM1321E Invalid port %s

Explanation: The port number specified was invalid.Port numbers must be integers greater than zero.

Administrator response: Specify a valid port number.

DPWWM1322E Invalid proxy port %s

Explanation: An invalid port number was passedusing the -P flag. Port numbers must be integersgreater than zero.

Administrator response: Pass a valid port number tothe create or add command.

DPWWM1323E A proxy TCP port must be suppliedwith the -P option

Explanation: No -P argument was specified to the addor create command even though the -H argument wasspecified.

Administrator response: Include the -P argument inthe command.

DPWWM1324E Can only use -T flag when using '-b

gso'Explanation: The -T flag was specified to the createcommand without the -b flag.

Administrator response: If you want to use GSO forthe junction, pass -b gso as an argument to the junctioncreate command. If you do not want to use GSO, thendo not pass the -T flag to the create command.

DPWWM1325E Must also use -T flag when using'-b gso'

Explanation: The -b gso flag was passed to the createcommand without a corresponding -T flag.

Administrator response: Include the name of the GSOtarget which should be used for the junction.

DPWWM1327E Must specify a file system directoryusing the '-d' flag

Explanation: No directory was specified when tryingto create a local junction.

Administrator response: If you want to create a local junction, pass the full path to the directory to use withthe -d flag. If you want to create another type of

DPWWM1300E • DPWWM1327E




junction, pass the correct type using the -t flag.

DPWWM1330E Must specify a server to removeusing the '-i' flag

Explanation: No -i flag was passed to the 'remove'command.

Administrator response: If you want to delete the junction entirely, use the 'delete' command. If you wantto remove a particular server, use the 'show' commandto loook up the UUID of the server to remove, andthen pass the UUID as the argument to the -i flag.

DPWWM1332E Invalid server ID

Explanation: The argument passed to -i was not avalid UUID.

Administrator response: Obtain the correct UUID byusing the 'show' command and pass a valid UUID asan argument to the 'remove' command.

DPWWM1333E Could not fetch junction definition

Explanation: This message is followed by anexplanation of the problem.

Administrator response: Correct the problemdescribed by the following message.

DPWWM1334E Can only remove servers from aTCP, SSL or mutual junction

Explanation: It is not possible to remove a server froma local junction.

Administrator response: Correct the junction pointspecified in the remove command. The junction pointshould belong to a TCP, SSL or mutual junction.

DPWWM1335E Server %s not found at junction %s

Explanation: An attempt was made to remove a junction server based on a UUID which did not matchany of the servers on the junction point.

Administrator response: Use the 'show' command tofind the correct UUID and pass the correct UUID to the'remove' command.

DPWWM1336E Could not delete junction

Explanation: This message is followed by anexplanation of why the junction could not be deleted.


DPWWM1337E Could not update junction

Explanation: This message is followed by anexplanation of why the junction could not be modified.


DPWWM1339E Junction not found at %s.

Explanation: An attempt was made to add or removea server from a junction point which does not exist.

Administrator response: Use the 'list' and 'show'commands to figure out which junction point youshould use.

DPWWM1341E Create junction

Explanation: This message is followed by anexplanation of why the creation failed.

Administrator response: Fix the problem described inthe message following this message.

DPWWM1342E Can't add servers to this type ofjunction

Explanation: It is not possible to add servers to local junctions.

Administrator response: Only add servers to TCP,SSL, TCP proxy, SSL proxy or mutual junctions. Figureout which junction you wish to add a server to usingthe 'list' and 'show' commands, and then pass thecorrect junction point to the 'add' command.

DPWWM1343E Add server

Explanation: An attempt to add a server failed.

Administrator response: This message is followed byan explanation of why the server could not be added.Correct the problem.

DPWWM1345E Cannot list junctions

Explanation: This message is followed by anexplanation of why junctions could not be listed.Correct the problem described in that message.

Administrator response: Correct the problemdescribed in the following message.

DPWWM1346E Cannot show junction

Explanation: This message is followed by anexplanation of the problem. Correct the problemdescribed in that message.






DPWWM1392E Bad value for path attribute.

Explanation: An item from a configuration file whichshould be set to a path name is an empty stringinstead.

Administrator response: Add the path to theconfiguration file.

DPWWM1416E Error: No filename specified inrequest.

Explanation: WebSEAL was unable to locate atemplate file to return to the user. The file may have

been specified using the /pkms.....?filename=name.htmlconstruct or may have been one of the default responsefiles.

Administrator response: If the link which producedthis error was a PKMS page that included a?filename=-name- query, make sure the format of thequery portion of the link is correct. If the link which

produced this error was not a PKMS page thatincluded a file name specification, make sure that allfiles in the www/lib/-lang- directories are readable bythe ivmgr user (on UNIX systems) or by all users (onWindows systems.)

DPWWM1417E Error: Could not retrieve file data.

Explanation: WebSEAL was unable to locate atemplate file to return to the user. The file may have

been specified using the /pkms.....?filename=name.htmlconstruct or may have been one of the default responsefiles.

Administrator response: If the link which producedthis error was a PKMS page that included a?filename=-name- query, verify that the file specified by-nameis located in the www/lib/-lang- (where -lang-is the language appropriate to the user's browser)directory and is readable by the ivmgr user (on UNIXsystems) or by all users (on Windows systems.) If thelink which produced this error was not a PKMS pagethat included a file name specification, make sure thatall files in the www/lib/-lang- directories are readable

by the ivmgr user (on UNIX systems) or by all users(on Windows systems.)

DPWWM1419E You can only use the -u flag with a

stateful junction.

Explanation: The -u flag was passed to the add orcreate command without the -s flag. UUIDs can only bespecified for stateful junctions.

Administrator response: If you wish to specify theUUID of the junction, then specify the -s flag as well asthe -u flag.

DPWWM1420E The UUID specified with the -u flagis in an invalid format.

Explanation: An invalid UUID was specified with the-u flag to the 'add' or 'create' commands.

Administrator response: Correct the format of theUUID. If you are unsure of the proper format for a

UUID, examine the output of the 'show' command for a junction. The 'ID' entry will contain a valid UUID.

DPWWM1427E -D flag only supported with ssl,sslproxy or mutual junctions.

Explanation: The -D flag can only be used for SSL,SSL proxy or mutual junctions.

Administrator response: Either make this an SSL/SSLProxy or Mutual junction or do not specify the DN of the junctioned server.

DPWWM1432W NOTE: Ensure the CA root

certificate used to sign the junctionedserver certificate is installed in theWebSEAL certificate key database.

Explanation: WebSEAL was unable to communicatewith an SSL junction because the junction presented acertificate WebSEAL could not validate.


DPWWM1435E -C flag only supported with ssl orsslproxy junctions.

Explanation: The -C flag can only be used for SSL orSSL proxy junctions.

Administrator response: Either make this an SSL orSSL Proxy junction or do not make the junction aWebSEAL to WebSEAL junction.

DPWWM1436E Either -K or -B can be defined for ajunction.

Explanation: Both -K and -B were specified in the junction creation command. The two options cannot beused simultaneously on the same junction.

Administrator response: Read the manual and figureout whether you want to use -K, -B, or neither.

DPWWM1437E Both -K and -B flag only supportedwith ssl, sslproxy or mutual junctions.

Explanation: The -K and -B flags can only be used forSSL, SSL proxy or mutual junctions.

Administrator response: Either make this an SSL/SSLProxy or Mutual junction or do not make the junctionmutually authenticated.





DPWWM1438E The -b option cannot be specifiedwith the -B option.

Explanation: Both -b and -B were specified in the junction creation command. The two options cannot beused simultaneously on the same junction.

Administrator response: Read the manual and figure

out whether you want to use -b, -B, or neither.

DPWWM1439E -U <username> and -W <password>must be supplied with the -B option.

Explanation: The -B flag was specified without the -Uand -W flags.

Administrator response: Specify the username andpassword for the junction with the -U and -W flags.

DPWWM1451W Too few authentication methodsconfigured.

Explanation: Too few authentication methods have been specified.

Administrator response: Add 1 or moreauthentication methods to the authentication levelsstanza configuration.

DPWWM1452W No unauthenticated methodconfigured.

Explanation: The unauthenticated method has not been specified

Administrator response: Ensure that theunauthenticated method occurs first in the

authentication levels stanza configuration.

DPWWM1453E Invalid authentication method.

Explanation: The specified authentication method iseither invalid or unsupported in the current productconfiguration.

Administrator response: Verify the validity of thespecified authentication method.

DPWWM1454E The requested operation is not valid

Explanation: IBM Security Access Manager was

unable to perform a requested operation beca use it isnot valid. An example would be a token authenticationuser attempting to change their password


DPWWM1461E Failed loading JMT table

Explanation: The JMT file could not be read fromdisk.

Administrator response: Make sure the JMT filespecifed in webseald.conf is present in the installationdirectory and is readable by the ivmgr user.

DPWWM1490E No dynurl.conf file found. Nochanges were made.

Explanation: No dynurl.conf file was present whenthe dynurl update command was issued.

Administrator response: Create the dynurl.conf file.

DPWWM1493E Junction '%s' has reached it's workerthread hard limit.

Explanation: The configured maximum number of worker threads for this junction has been reached. The

overloaded requests are being retured with 503, ServiceUnavailable. This could be due to either a slow junctionor too many requests.

Administrator response: Increase number of workerthreads, increase hard limit or decrease load.

DPWWM1494W Junction '%s' has reached it'sworker thread soft limit

Explanation: A configured warning level has beenreached for this junction on the number of workerthreads currently active on it. This could be due toeither a slow junction or too many requests.

Administrator response: Prepare to increase numberof worker threads, increase soft limit or decrease load.

DPWWM1499W The configured number of workerthreads, %d , is greater than the systemcan support, %d. It has automaticallybeen reduced.

Explanation: Each operation system has differentlevels of support for threads and open files. Thatcombined with compile time options will provide limitson the configurable number of worker threads.

Administrator response: The software automatically

reduced the value. However to stop this messageappearing you may set the value in the configurationfile lower.

DPWWM1510E One or more entries in dynurl.confdo not specify URLs


Administrator response: Examine dynadi.conf forformatting and content errors.





DPWWM1513W The stanza '%s' in the configurationfile contains an unrecognised P3Pcompact policy element: '%s'.

Explanation: The given entry is not a valid P3P HTTPheader configuration entry.

Administrator response: Correct the configuration file

entry. The list of valid P3P compact policy elements isgiven in the documentation.

DPWWM1514W The stanza '%s' in the configurationfile contains an unrecognised value forthe P3P compact policy element '%s':'%s'.

Explanation: The specified P3P HTTP headerconfiguration entry contains an invalid value.

Administrator response: Correct the configuration fileentry. The list of accepted values for each P3P compactpolicy element is given in the documentation.

DPWWM1515E The configuration for P3P HTTPheader insertion is invalid.

Explanation: One or more aspects of the P3P HTTPheader configuration are invalid. Earlier log messagesgive more specific details.

Administrator response: Examine other log messagesto determine the specific error or errors in theconfiguration file, and correct the configuration.

DPWWM1516W No P3P policy elements areconfigured in the stanza '%s', but P3P

header insertion has been enabled.

Explanation: P3P header insertion has been enabled inthe configuration file, but no P3P policy has beenconfigured. P3P headers cannot be inserted until theP3P policy is configured.

Administrator response: Either add P3P policyelements to the stanza, or disable P3P header insertion.

DPWWM1517E The -H and -P flags are valid onlyfor tcpproxy and sslproxy typejunctions.

Explanation: The -H and -P parameters are only valid

for tcpproxy or sslproxy type junctions. Either createone of those types of junctions or remove the -H and -Pparameters from this command.

Administrator response: Create a tcpproxy or sslproxytype junction.

DPWWM1518E A proxy hostname must be suppliedwith the -H option

Explanation: No -H argument was specified to theadd or create command even though the -P argumentwas specified.

Administrator response: Include the -H argument in

the command.

DPWWM1522E Only 'onfocus', 'inhead', 'xhtml10'and 'trailer' are supported with the -Joption.

Explanation: An invalid option was supplied with the-J flag.


DPWWM1523E You can not specify both -C and -Bflags when creating a junction.

Explanation: The -C and -B flags use the same methodto transmit authentication data and thus wouldoverwrite each other if used together.

Administrator response: Do not specify both flagswhen creating the junction.

DPWWM1524E The -P flag is valid only for mutual,tcpproxy and sslproxy type junctions.

Explanation: The -P parameter is only valid formutual, tcpproxy or sslproxy type junctions. Eithercreate one of those types of junctions or remove the -Pparameter from this command.

Administrator response: Create a mutual, tcpproxy orsslproxy type junction.

DPWWM1527E The supplied TCP and SSL portsmust be different.

Explanation: The TCP and SSL port values whichhave been supplied point to the same port. This is nota valid configuration.

Administrator response: Specify different port valuesfor the TCP and SSL port options.

DPWWM1528E The -V flag is valid only for mutualjunctions.

Explanation: The -V parameter is only valid formutual type junctions. Either create one of those typesof junctions or remove the -V parameter from thiscommand.

Administrator response: Remove the -V flag or createa mutual type of junction.

DPWWM1513W • DPWWM1528E




DPWWM1531W Error: The supplied keyfile mustnot contain any path information.

Explanation: A base path for LTPA keyfiles has beenstatically configured and as such the supplied file nameshould not contain any path information.

Administrator response: Specify the name of the

keyfile without any path information.

DPWWM1532W Error: The supplied FSSOconfiguration file must not contain anypath information.

Explanation: A base path for FSSO configuration fileshas been statically configured and as such the suppliedfile name should not contain any path information.

Administrator response: Specify the name of theFSSO configuration file without any path information.

DPWWM2041E Cannot create Virtual Host Junction

Explanation: A virtualhost create command failed.

Administrator response: This message is preceded bya detailed explanation of why the Virtual Host Junctioncould not be created. Correct the problem and try tocreate the Virtual Host Junction again.

DPWWM2044E Create Virtual Host Junction

Explanation: This message is followed by anexplanation of why the creation failed.

Administrator response: Fix the problem described inthe message following this message.

DPWWM2045E Can't add servers to this type ofVirtual Host Junction

Explanation: It is not possible to add servers to localVirtual Host Junctions.

Administrator response: Only add servers to TCP,SSL, TCP proxy, or SSL proxy Virtual Host Junctions.Figure out which Virtual Host Junction you wish toadd a server to using the 'virtualhost list' and'virtualhost show' commands, and then pass the correctVirtual Host Junction label to the 'virtualhost add'command.

DPWWM2047E Must specify the Virtual Host Junction type using the '-t' flag

Explanation: The Virtual Host Junction type was notpassed with the create command.

Administrator response: Pass the Virtual Host Junction type as an argument to the -t flag.

DPWWM2050W WARNING: A Virtual Host Junction already exists using label %s

Explanation: A Virtual Host Junction already existsusing the specified Virtual Host Junction label.

Administrator response: Either replace the existingVirtual Host Junction or specify a different Virtual Host

Junction label.

DPWWM2051E -C flag only supported with ssl orsslproxy Virtual Host Junctions.

Explanation: The -C flag can only be used for SSL orSSL proxy Virtual Host Junctions.

Administrator response: Either make this an SSL/SSLProxy Virtual Host Junction or do not make the VirtualHost Junction a WebSEAL to WebSEAL Virtual Host

Junction.

DPWWM2052E Can only use -T flag when using '-b

gso'

Explanation: The -T flag was specified to thevirtualhost create command without the -b flag.

Administrator response: If you want to use GSO forthe Virtual Host Junction, pass -b gso as an argumentto the virtualhost create command. If you do not wantto use GSO, then do not pass the -T flag to thevirtualhost create command.

DPWWM2053E Must also use -T flag when using'-b gso'

Explanation: The -b gso flag was passed to thevirtualhost create command without a corresponding -Tflag.

Administrator response: Include the name of the GSOtarget which should be used for the Virtual Host

Junction.

DPWWM2054E Either -K or -B can be defined for aVirtual Host Junction.

Explanation: Both -K and -B were specified in thevirtualhost create command. The two options cannot beused simultaneously on the same Virtual Host Junction.

Administrator response: Read the manual and figureout whether you want to use -K, -B, or neither.

DPWWM2055E Both -K and -B flag only supportedwith ssl or sslproxy Virtual Host Junctions.

Explanation: The -K and -B flags can only be used forSSL or SSL proxy Virtual Host Junctions.

Administrator response: Either make this an SSL/SSLProxy Virtual Host Junction or do not make the Virtual

DPWWM1531W • DPWWM2055E




Host Junction mutually authenticated.

DPWWM2056E -U <username> and -W <password>must be supplied with the -B option.

Explanation: The -B flag was specified without the -Uand -W flags.

Administrator response: Specify the username andpassword for the Virtual Host Junction with the -U and-W flags.

DPWWM2057E The -b option cannot be specifiedwith the -B option.

Explanation: Both -b and -B were specified in thevirtualhost create command. The two options cannot beused simultaneously on the same Virtual Host Junction.

Administrator response: Read the manual and figureout whether you want to use -b, -B, or neither.

DPWWM2058E Must specify the Virtual Host Junction server hostname using the '-h'flag

Explanation: No hostname was passed to thevirtualhost add or create command.

Administrator response: Include the hostname in thecommand.

DPWWM2059E The -H and -P flags are valid onlyfor tcpproxy and sslproxy type VirtualHost Junctions.

Explanation: The -H and -P parameters are only validfor tcpproxy or sslproxy type Virtual Host Junctions.Either create one of those types of Virtual Host

Junctions or remove the -H and -P parameters from thiscommand.

Administrator response: Create a tcpproxy or sslproxytype Virtual Host Junction.

DPWWM2060E A proxy hostname must be suppliedwith the -H option

Explanation: No -H argument was specified to thevirtualhost add or create command even though the -Pargument was specified.

Administrator response: Include the -H argument inthe command.

DPWWM2062E You can only use the -u flag with astateful Virtual Host Junction.

Explanation: The -u flag was passed to the virtualhostadd or create command without the -s flag. UUIDs canonly be specified for stateful Virtual Host Junctions.

Administrator response: If you wish to specify the

UUID of the Virtual Host Junction, then specify the -sflag as well as the -u flag.

DPWWM2063E -D flag only supported with ssl orsslproxy Virtual Host Junctions.

Explanation: The -D flag can only be used for SSL orSSL proxy Virtual Host Junctions.

Administrator response: Either make this an SSL/SSLProxy Virtual Host Junction or do not specify the DNof the Virtual Host Junctioned server.

DPWWM2064E The UUID specified with the -u flagis in an invalid format.

Explanation: An invalid UUID was specified with the-u flag to the 'virtualhost add' or 'virtualhost create'commands.

Administrator response: Correct the format of theUUID. If you are unsure of the proper format for a

UUID, examine the output of the 'virtualhost show'command for a Virtual Host Junction. The 'ID' entrywill contain a valid UUID.

DPWWM2065W NOTE: Ensure the CA rootcertificate used to sign the Virtual Host Junctioned server certificate is installedin the WebSEAL certificate keydatabase.

Explanation: WebSEAL was unable to communicatewith an SSL Virtual Host Junction because the VirtualHost Junction presented a certificate WebSEAL couldnot validate.


DPWWM2067E Must specify a virtual hostnameusing the '-v' flag

Explanation: No virtual hostname was specified whentrying to create a localtcp or localssl Virtual Host

Junction.

Administrator response: If you want to create alocaltcp or localssl Virtual Host Junction, you must setit's virtual hostname using the -v flag.

DPWWM2068E Must specify a file system directoryusing the '-d' flag

Explanation: No directory was specified when tryingto create a localtcp or localssl Virtual Host Junction.

Administrator response: If you want to create alocaltcp or localssl Virtual Host Junction, pass the fullpath to the directory to use with the -d flag. If youwant to create another type of Virtual Host Junction,pass the correct type using the -t flag.





DPWWM2069E Must specify a server to removeusing the '-i' flag

Explanation: No -i flag was passed to the 'virtualhostremove' command.

Administrator response: If you want to delete theVirtual Host Junction entirely, use the 'virtualhost

delete' command. If you want to remove a particularserver, use the 'virtualhost show' command to loook upthe UUID of the server to remove, and then pass theUUID as the argument to the -i flag.

DPWWM2071E Could not delete Virtual Host Junction

Explanation: This message is followed by anexplanation of why the Virtual Host Junction could not

be deleted.


DPWWM2072E Invalid server ID

Explanation: The argument passed to -i was not avalid UUID.

Administrator response: Obtain the correct UUID byusing the 'virtualhost show' command and pass a validUUID as an argument to the 'virtualhost remove'command.

DPWWM2073E Virtual Host Junction not foundwith label %s.

Explanation: An attempt was made to add or removea server from a Virtual Host Junction which does notexist.

Administrator response: Use the 'virtualhost list' and'virtualhost show' commands to figure out whichVirtual Host Junction point you should use.

DPWWM2074E Could not fetch Virtual Host Junction definition

Explanation: This message is followed by anexplanation of the problem.

Administrator response: Correct the problem

described by the following message.

DPWWM2075E Can only remove servers from aTCP or SSL Virtual Host Junction

Explanation: It is not possible to remove a server froma local Virtual Host Junction.

Administrator response: Correct the Virtual Host Junction label specified in the remove command. TheVirtual Host Junction label should belong to a TCP orSSL Virtual Host Junction.

DPWWM2076E Server %s not found at Virtual Host Junction %s

Explanation: An attempt was made to remove aVirtual Host Junction server based on a UUID whichdid not match any of the servers on the Virtual Host

Junction.

Administrator response: Use the 'virtualhost show'command to find the correct UUID and pass the correctUUID to the 'virtualhost remove' command.

DPWWM2077E Could not update Virtual Host Junction

Explanation: This message is followed by anexplanation of why the Virtual Host Junction could not

be modified.


DPWWM2080E Cannot list Virtual Host junctions

Explanation: This message is followed by anexplanation of why Virtual Host junctions could not belisted. Correct the problem described in that message.


DPWWM2081E Cannot show Virtual Host Junction

Explanation: This message is followed by anexplanation of the problem. Correct the problemdescribed in that message.


DPWWM2088E Must specify a Virtual Host Junctionlabel

Explanation: No Virtual Host Junction label waspassed as an argument.


DPWWM2089E A Virtual Host Junction label cannotcontain the '/' character


Administrator response: Correct the syntax of thecommand and try again.

DPWWM2090E A junction mount point must beginwith '/'


Administrator response: Correct the syntax of thecommand and try again.





DPWWM2091E The existing Virtual Host Junction isin an inconsistent state as it is missingit's virtual host name.


Administrator response: Contact product support.

DPWWM4023E Error reading configuration file %s:%s

Explanation: There was an error opening aconfiguration file.

Administrator response: Make sure the file exists andis readable.

DPWWM4024E Stanza '%s' is missing fromconfiguration file.

Explanation: A needed stanza was not found.

Administrator response: The stanza should be addedto the configuration file

DPWWM4025E Unknown configuration item'[%s]%s' in configuration file.

Explanation: Probably a typo of the configuration itemin the configuration file.

Administrator response: Correct the configurationitem in the configuration file.

DPWWM4041E Unable to read the stanza [%s]. Addthe stanza to theWebSEAL configuration

file to enable TFIM SSO for thejunction '%s'.


Administrator response: Add the configurationoptions to the WebSEAL config file and restart theWebSEAL server.

DPWWM4042E Unable to enable TFIM junctionSSO.


Administrator response: Add the configurationoptions to the WebSEAL config file and restart theWebSEAL server.

DPWWM4045E The address supplied with the -aoption, %s , is not a valid local address.


Administrator response: Ensure that the addresswhich is supplied is a valid local address for theWebSEAL server.





Chapter 7. Common Auditing and Reporting Servicemessages

These messages are provided by the Common Auditing and Reporting Servicecomponent.

CBACC0058W The maxCacheFiles property value ofmaxCacheFiles disk cache files has beenreached. This means no more disk cachefiles can be created until at least oneexisting cache file is drained anddeleted. The server must be availablefor this to happen. The value of thediskCachePath property is diskCachePath.The process will wait until it can createa new cache file or the amount of timespecified by the tempStorageFullproperty elapses, at which time eventswill be discarded.

Explanation: The maximum allowed number of diskcache files has been reached. This value is specified bythe value of the maxCacheFiles property.

Administrator response: The routine will wait until adisk cache file is deleted before proceeding. Check thevalues of the maxCacheFiles and maxCacheFileSizeproperties. The combination of these values limits theamount of disk space that will be used for diskcaching. When the limit is reached, the process willwait for a disk cache file to be deleted. If this limit is

too low, it can be increased by increasing the value of the maxCacheFiles property or the maxCacheFileSizeproperty, or both properties.

CBACC0059W The file system containing the diskcache files may be out of space. Thevalue of the diskCachePath property isdiskCachePath. The process is not beingterminated because this problem will becorrected when the server becomesavailable and existing disk cache filesare drained and deleted. The processwill wait until space becomes availableor the amount of time specified by the

tempStorageFull property elapses, atwhich time events will be discarded.

Explanation: An IOException was received whentrying to open or write to a disk cache file. This mayindicate that the file system is out of space.

Administrator response: Check the size of the filesystem containing the file path name displayed in themessage. If it is too small to contain the amount of diskcaching required, then increase the size.

CBACC0060E The file system containing the diskcache files may be out of space or nomore cache files can be created. numberevents were discarded.

Explanation: An event record could not be written tothe disk cache. Either the maximum number of cachefiles exist and are all full or the system is out of diskspace.

Administrator response: Check the size of the filesystem containing the file path name displayed in themessage. If it is too small to contain the amount of diskcaching required, then increase the size.

CBACC0066E The event cannot be cached becauseshutdown has started.

Explanation: An event record could not be written tothe disk cache because the disk cache is in the processof shutting down.

Administrator response: None.

CBACE0028E num_errors errors were reported while

attempting to send audit events,possibly resulting in discarded auditevents.

Explanation: An event queue processing threadreceived errors while attempting to send audit events.

Administrator response: One or more error messagesin the error log will be associated with this errormessage. Inspect the error log for error messages justprior to this one for more detailed information aboutthe error condition.

CBACE0037E An error occurred while sendingevents to the Common Auditing andReporting Service server: The SOAPfault is soapfault_string and the faultdetail is soapfault_detail.

Explanation: The SOAP function failed.

Administrator response: The error message from thecall is included. Inspect this message to obtain morespecific information about the error condition.

CBACE0038E An error occurred while opening thedisk cache file diskCachePath. The error




message is: errorMsg .

Explanation: The open of the disk cache file failed.


CBACE0042E An error occurred while writing to thedisk cache diskCachePath. The errormessage is: errorMsg.

Explanation: The write on the disk cache file failed.


CBACE0043E An error occurred while reading thedisk cache file diskCachePath The errormessage is: errorMsg.

Explanation: The read on the disk cache file failed.


CBACE0044E The disk cache directory diskCachePathdoes not exist.

Explanation: The configured disk cache directory doesnot exist.

Administrator response: Create the specified diskcache directory.

CBACE0045E The disk cache directory diskCachePathis not a directory.

Explanation: The configured disk cache directory isnot a file directory.

Administrator response: Specify the correct directory.

CBACE0046E An error occurred when creating a filein the specified cache directorydiskCachePath. The error message is:errorMsg.

Explanation: The configured disk cache directory isnot a file directory.

Administrator response: Specify the correct directory.

CBACE0047E Disk cache initialization failedbecause the minimum number of cachefiles could not be created.

Explanation: The disk cache must be able to create atleast one cache file for successful initialization. Thismay occur if there is not enough disk space available orthe configured value for the maximum number of cache files is reached.

Administrator response: Increase the maximumnumber of cache files or make more disk spaceavailable, or both.

CBACE0061E The initialization property propertyName value propertyValue cannotbe less than minValue or greater than

maxValue.

Explanation: A Properties object contains a propertyvalue that is not valid. The property name and theincorrect value are provided in the message.

Administrator response: Correct the configuration of the specified property.

CBACE0062E An unexpected exception was receivedduring the initialization of the diskcache. The text of the exception is:exceptionText

Explanation: An unexpected exception was received.

Administrator response: Check the exception text forthe cause of the problem. Correct the configuration, if necessary, then retry the operation.

CBACE0063W The Common Auditing andReporting Service server cannot becontacted. This may be due to aconfiguration error. Events will continueto be cached until contact isre-established. Events may be discardedif contact is not re-established beforethe maxCacheFiles parameter value ofmaxCacheFiles is exceeded or there is nomore disk space.

Explanation: The server cannot be contacted.

Administrator response: Verify that the configuredvalues for serverURL, keyFilePath, certLabel,stashFilePath, clientUserName, clientPassword,compress, and responseTimeout are correct, then makesure that the server is operational.

CBACE0064W The system has temporarily lostcontact with the Common Auditing andReporting Service server. Events willcontinue to be cached until contact is

re-established. Events may be discardedif contact is not re-established beforethe maxCacheFiles parameter value ofmaxCacheFiles is exceeded or there is nomore disk space.

Explanation: The server cannot be contacted.

Administrator response: Ensure that the server isoperational.

CBACE0042E • CBACE0064W




CBACE0800E The required initialization property propertyName is missing.

Explanation: A Properties object is missing a requiredproperty. This may be a property that is alwaysrequired, or may be a property that is required incontext of other property values.

Administrator response: Correct the configuration of the Common Auditing and Reporting Serviceproperties for the application to configure the missingproperty.

CBACE0801E The initialization property propertyName value propertyValue is notvalid.

Explanation: A Properties object contains a propertythat is set to a value that is not valid. The propertyname and the incorrect value are provided in themessage.

Administrator response: Correct the configuration of the Common Auditing and Reporting Serviceproperties for the application to correct the value of thespecified property.

CBACE0802E A Synchronization Mode NotSupported Exception has beengenerated: exception Text

Explanation: A synchronization mode that is notsupported by the configured emitter has been specified

by the calling application.

Administrator response: If the application requires thespecified synchronization mode, then correct theconfiguration to identify an emitter implementationthat can support that mode.

CBACE0803E An exception was generated by theinitialization of FileHandler( pattern ,auditFileSize , maxAuditFiles). Exception:exceptionText

Explanation: CARSTextFileEmitterImpl emitterimplementation received an exception fromFileHandler.

Administrator response: Check the exception text forthe cause of the problem. Correct the configuration to

specify values that are acceptable to FileHandler. Notethat the pattern is set according to configured values:(auditFileLocation)/(auditFilePrefix)_audit(g).log Where(g) is replaced by FileHandler with an incremented fileindex for use in rollover.

CBACE0804E An exception was generated by theevent validation code. Exception:exceptionText

Explanation: CARSTextFileEmitterImpl emitter

implementation received an exception from the eventvalidater.

Administrator response: Check the exception text forthe cause of the problem. Correct the configuration of the Common Auditing and Reporting Serviceproperties for the application to specify values that areacceptable to FileHandler.

CBACE0805E The required Properties object is nullor not valid.

Explanation: An initialization Properties object is nullor not valid. There may be a problem with theconfiguration of the application, or there may be aninternal error in the application.

Administrator response: Correct the configuration of the Common Auditing and Reporting Serviceproperties for the application.

CBACE0806E The interface method methodName is

not supported by the currentimplementation.

Explanation: An interface method has been called thatis not supported by the implementation class.

Administrator response: There may be a problemwith the configuration of the application.

CBACE0807E No emitter implementation is loaded.

Explanation: The emitter factory implementation doesnot have an emitter implementation loaded.

Administrator response: There might be a problem

with the configuration of the application. View the logfor previous errors logged during the building of theemitter implementation by the emitter factory.

CBACE0808E An exception was thrown byjava.util.logging.Logger when writing anaudit event to the audit text file.Exception: exceptionText.

Explanation: The event could not be written to theaudit text file. There might be a problem with the filesystem.

Administrator response: Check the exception text for

the cause of the problem, and correct the problem.

CBACE0809E The Common Auditing and ReportingService Web service is not available. Thefollowing exception was thrown whensending audit events to the Web service:exceptionText.

Explanation: The events could not be sent to theCommon Auditing and Reporting Service Web service.

Administrator response: Check the exception text for

CBACE0800E • CBACE0809E

Chapter 7. Common Auditing and Reporting Service messages 273



the cause of the problem, and correct the problem.

CBACE0810E The application server is listening, butthe URL mapping to the Web service isincorrect. exceptionText

Explanation: Unable to contact the Web service at theendpoint specified.

Administrator response: Verify the endpoint of theWeb service is correct in the configuration. Contact theserver administrator as the application may not berunning.

CBACE0811E The Web service communicated that ithad a problem with the message sent.exceptionText

Explanation: The server communicated that it had aproblem with the request sent.

Administrator response: Verify that the events being

sent to the server are of the proper format.

CBACE0812E An error occurred on the server.exceptionText

Explanation: This is not a client-side problem. Theserver had a problem while processing the request.

Administrator response: Notify the serveradministrator that the server is experiencing problems.

CBACE0813E An unknown error occurred whilecommunicating with the server.exceptionText

Explanation: An unknown error was generated whilecommunicating with the server.

Administrator response: Analyze the exception textfor more details.

CBACE0814E Both basic authentication and clientcertificate authentication are specified inthe configuration. At most one isallowed.

Explanation: Both basic authentication and clientcertificate authentication are specified in theconfiguration. At most one is allowed.

Administrator response: Modify the configurationproperties file to have at most one client authenticationmechanism.

CBACE0815E No service was listening on theprovided port. exceptionText

Explanation: Unable to connect to an applicationserver listening on the port specified in the Web serviceendpoint.

Administrator response: Contact the serveradministrator and make sure the server is running.Verify that the provided endpoint for the application iscorrect.

CBACE0816E The SOAP client experienced an errorduring the processing of the provided

event. exceptionText

Explanation: The SOAP client experienced an errorwhile processing the provided events to be sent to theWeb service

Administrator response: Verify that the sent event isvalid. Check the logs for more detail.

CBACE0817E The SOAP client found a providedevent to be null.

Explanation: The SOAP client experienced an errorwhile processing the provided events because an eventwas null.

Administrator response: Verify that the exploiter issending valid events.

CBACE0818E The specified password is not correctfor the Java keystore.

Explanation: The password that was specified is notcorrect for the Java keystore.

Administrator response: Verify that the specifiedpassword is correct for the specified Java keystore.

CBACE0819E The specified Java keystore could not

be found.

Explanation: The Java keystore that was specified iseither incorrect or does not exist.

Administrator response: Verify that the specified Javakeystore is correct.

CBACE0820E An unexpected exception occurredwhile contacting the service to validatesecurity properties.

Explanation: An unexpected exception occurred whilecontacting the service to validate security properties.

Administrator response: Analyze the caused byexception for more details.

CBACE0821E Could not establish an SSL connectionwith the server because the serverrequires client side certificateauthentication and an appropriatekeystore was not provided.

Explanation: The server communicated that it doesnot recognize the provided keystore as a clientcertificate it accepts.





Administrator response: Verify that the correct Javakeystore was specified and that the server wasconfigured correctly.

CBACE0822E Could not establish an SSL connectionwith the server because the server'spublic certificate is not in the specified

truststore.

Explanation: The server's public certificate must be inthe specified truststore in order to establish an SSLconnection with the server.

Administrator response: Verify that the correct Javatruststore was specified and verify that the server'spublic certificate has been added.

CBACE0823E The user name provided to the serveris not authorized to access the requestedresource.

Explanation: The user name provided to the server

must be authorized to access the requested resource.

Administrator response: Verify that the user namethat is configured is correct and that the permissionsfor this user are configured at the Web service.

CBACE0824E An incorrect user name, password, orboth was provided to the server forbasic authentication.

Explanation: A correct user name and password must be provided to the server for basic authentication.

Administrator response: Verify that a user name andpassword are configured and that they are correct forthe server being accessed.

CBACE0875E An incorrect user name, password, orboth was provided to the server forbasic authentication.

Explanation: A correct user name and password must be provided to the server for basic authentication.

Administrator response: Verify that a user name andpassword are configured and that they are correct forthe server being accessed.

CBACE0876E The user name provided to the serveris not authorized to access the requestedresource.

Explanation: The user name provided to the servermust be authorized to access the requested resource.

Administrator response: Verify that the user namethat is configured is correct and that the permissionsfor this user are configured at the Web service.

CBACE0877E Could not establish an SSL connectionwith the server because the server'spublic certificate is not in the specifiedtruststore.

Explanation: The server's public certificate must be inthe specified truststore in order to establish an SSLconnection with the server.

Administrator response: Verify that the correct Javatruststore was specified and verify that the server'spublic certificate has been added.

CBACE0878E Could not establish an SSL connectionwith the server because the serverrequires client side certificateauthentication and an appropriatekeystore was not provided.

Explanation: The server communicated that it doesnot recognize the provided keystore as a clientcertificate it accepts.

Administrator response: Verify that the correct Javakeystore was specified and that the server wasconfigured correctly.

CBACE0879E An unexpected exception occurredwhile contacting the service to validatesecurity properties.

Explanation: An unexpected exception occurred whilecontacting the service to validate security properties.

Administrator response: Analyze the caused byexception for more details.

CBACE0880E The specified Java keystore could notbe found.

Explanation: The Java keystore that was specified iseither incorrect or does not exist.

Administrator response: Verify that the specified Javakeystore is correct.

CBACE0881E The specified password is not correctfor the Java keystore.

Explanation: The password that was specified is notcorrect for the Java keystore.

Administrator response: Verify that the specifiedpassword is correct for the specified Java keystore.

CBACE0884E No service was listening on theprovided port. exceptionText

Explanation: Unable to connect to an applicationserver listening on the port specified in the Web serviceendpoint.

Administrator response: Contact the server





administrator and make sure the server is running.Verify that the provided endpoint for the application iscorrect.

CBACE0885E Both basic authentication and clientcertificate authentication are specified inthe configuration. At most one is

allowed.

Explanation: Both basic authentication and clientcertificate authentication are specified in theconfiguration. At most one is allowed.

Administrator response: Modify the configurationproperties file to have at most one client authenticationmechanism.

CBACE0886E An unknown error occurred whilecommunicating with the server.exceptionText

Explanation: An unknown error was generated while

communicating with the server.

Administrator response: Analyze the exception textfor more details.

CBACE0887E An error occurred on the server.exceptionText

Explanation: This is not a client-side problem. Theserver had a problem while processing the request.

Administrator response: Notify the serveradministrator that the server is experiencing problems.

CBACE0888E The Web service communicated that ithad a problem with the message sent.exceptionText

Explanation: The server communicated that it had aproblem with the request sent.

Administrator response: Verify that the events beingsent to the server are of the proper format.

CBACE0889E The application server is listening, butthe URL mapping to the Web service isincorrect. exceptionText

Explanation: Unable to contact the Web service at the

endpoint specified.

Administrator response: Verify the endpoint of theWeb service is correct in the configuration. Contact theserver administrator as the application may not berunning.

CBACE0890E The AXIS client found a providedevent to be null.

Explanation: The AXIS client experienced an errorwhile processing the provided events because an eventwas null.

Administrator response: Verify that the exploiter is

sending valid events.

CBACE0891E The AXIS client experienced an errorduring the processing of the providedevent. exceptionText

Explanation: The AXIS client experienced an errorwhile processing the provided events to be sent to theWeb service

Administrator response: Verify that the sent event isvalid. Check the logs for more detail.

CBACE0892E An error occurred while sending

events to the Common Auditing andReporting Service server: The AXISfault is axisfault_string and the faultdetail is axisfault_detail.

Explanation: The AXIS function failed.


CBACON001E An internal error occurred whileattempting to retrieve the CommonAudit Service configuration component.

The configuration component was notfound in the connected WebSphereApplication Server.

Explanation: The name of the MBean was badlyformed; consequently the Common Audit ServiceConsole could not find theCommonAuditServiceConfiguration MBean in theconnected WebSphere Application Server.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean is correctlydeployed and running in the target WebSphereApplication Server. The MBean name might have beenincorrectly formatted.

CBACON002E The Common Audit Serviceconfiguration component was not foundin the connected WebSphereApplication Server. Check whether theCommon Audit Service configurationcomponent is deployed and runninginto the WebSphere Application Server.

Explanation: The configuration component(CommonAuditServiceConfiguration MBean)communicates with the Common Audit Serivce Console

CBACE0885E • CBACON002E




to set and update Common Audit Service configurationsettings. This MBean was not found in the connectedWebSphere Application Server.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean isdeployed, running, and available in the connectedWebSphere Application Server. You can run the

wsadmin command from the command line of thesystem where the target WebSphere Application Serveris running to determine if the MBean is deployed:wsadmin>$AdminControl queryNamesWebSphere:*,type=CarsConfig If the MBean is present,the fully qualified ObjectName of the MBean isreturned; otherwise nothing is returned.

CBACON003E A WebSphere Application Serverconfiguration target object was notselected. Select a target object from theWebSphere Target drop-down list that isdisplayed on the WebSphere Target

Mapping panel.Explanation: A WebSphere configuration target must

be selected to configure the Common Audit Serviceserver. If no target objects are listed, theCommonAuditServiceConfiguration MBean might nothave returned the list of WebSphere configurationtarget objects that are available in the connectedWebSphere Application Server process. A null or emptylist can result if you do not provide correct WebSphereAdministrative user credentials in the WebSphereSecurity panel of the Common Audit Service Console.

Administrator response: Confirm that the MBean didnot return null or an empty list of WebSphere

Application Server configuration target names. Ensurethat you have provided the correct user credentials,then try the operation again.

CBACON004E The Common Audit Service Consolereceived a WebSphere configurationtarget object from the Common AuditService configuration component that isnot valid. Ensure that the selectedWebSphere configuration target objectexists in the connected WebSphereApplication Server or DeploymentManager process.

Explanation: The target object received from theWebSphere Application Server process cannot be used.

Administrator response: Determine if the selectedWebSphere cluster or server is present and running inthe connected WebSphere Application Server, then trythe operation again.

CBACON005E An error occurred while attemptingto display a page in the Common AuditService Console configuration wizard.

Explanation: A PageException error with an unknowncause was received while attempting to retrieve theCommon Audit Service Console wizard page from theWeb Component Library (WCL) page manager.

Administrator response: Check the WebSphereApplication Server log files to determine the cause of the error, then try the operation again. If the problempersists, contact IBM software support to resolve thisissue.

CBACON006E A record of the last configured AuditDatabase was received from theCommon Audit Service configurationcomponent that is not valid.

Explanation: This exception might have occurred because the $CARS_HOME/server/etc/

carsconfig.status and $CARS_HOME/server/etc/carsdb.properties files, which are related to theconfiguration status of the Audit Database, werecorrupted.

Administrator response: Try the operation again. If the problem persists, contact IBM software support toresolve the problem.

CBACON007W A JDBC handle that is not valid wasreceived from the Common AuditService configuration component.

Explanation: This warning might have occurred

because the JDBC resources were not configuredcorrectly in the selected WebSphere configuration targetobject.

Administrator response: Verify that Common AuditService JDBC resources are properly configured in theselected WebSphere configuration target. If the JDBCresources are not present, configure them manually oruse the Common Audit Service Console. Forinformation on manual configuration, refer to theAuditing Guide provided with your product.

CBACON008E A value that is not valid was enteredinto field {0}. A value of type {1} was

expected. Enter a valid value and try theoperation again.

Explanation: The specified value does not meet therequirements for this field.

Administrator response: Change the value to a validtype, then try the operation again.

CBACON003E • CBACON008E




CBACON009E The value specified in the {0} fieldmust be {1} digits long. Enter a validvalue and try the operation again.


Administrator response: Change the value to the

expected length, and try the operation again.

CBACON011E An exception was received from theCommon Audit Service configurationcomponent : {0}

Explanation: The Common Audit Serviceconfiguration component on the target server could notprocess the specified information, and returned anerror.

Administrator response: Use the text specified in theerror message to correct the error, then try theoperation again. If the problem persists, check the

WebSphere Application Server log files for moreinformation.

CBACON012E The Common Audit Serviceconfiguration component does not existin the selected WebSphere configurationtarget. The Common Audit Serviceconfiguration component must beinstalled and running in the connectedWebSphere Application Server process.

Explanation: The configuration component(CommonAuditServiceConfiguration MBean)communicates with the console to set and update

Common Audit Service configuration settings. ThisMBean was not found in the selected WebSphereApplication Server configuration target object. TheCommonAuditServiceConfiguration MBean might not

be installed correctly, or it might not be running.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean isdeployed, running, and available in the connectedWebSphere Application Server. You can run thewsadmin command from the command line of thesystem where the target WebSphere Application Serveris running to determine if the MBean is deployed:wsadmin>AdminControl queryNamesWebSphere:*,type=CarsConfig If the MBean is present,the fully qualified ObjectName of the MBean isreturned; otherwise nothing is returned.

CBACON013E {0}

Explanation: An MBean exception occurred from anunkonwn source.

Administrator response: Check the System.out log fileof the connected WebSphere Application Server todetermine the cause of the failure.

CBACON014E An internal error occurred whileinvoking the {0} method of the CommonAudit Service configuration component.

Explanation: This error should not occur. Theconfiguration component(CommonAuditServiceManagement MBean) might nothave been running when the error occurred.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean is installedcorrecty and running, then try the operation again. If the error occurs again, check the log files to determinethe cause of the error. If the problem persists, contactIBM software support.

CBACON015E The Common Audit Service Consolefailed to connect to the specifiedWebSphere Application Server process.The error that was received is: {0}

Explanation: The WebSphere Application Server that

is pointed to by the JMX host and port values mightnot be running; or the host name, port number, or bothcould be specified incorrectly in the Common AuditService Host panel of the Console.

Administrator response: Ensure that the targetWebSphere Application Server is running, and ensurethat the correct host name and SOAP port number arespecified in the Common Audit Service Host panel of the Common Audit Service Console, then try theoperation again.

CBACON016E An attempt to connect to theWebSphere Application Server process

failed. The following error wasreturned: {0}

Explanation: This error can result while attempting toconnect to the WebSphere Application server process if the wrong user name, password, or both, are specifiedon the WebSphere Security panel of the Common AuditService Console.

Administrator response: Ensure that you arespecifying the correct user name and password, andensure that the destination WebSphere ApplicationServer process is running, then try the operation again.

CBACON017E A valid configuration target was notfound in the connected WebpshereApplication Server process.

Explanation: The connected WebSphere ApplicationServer process might not contain a valid configurationtarget, or the CommonAuditServiceConfigurationMBean running in the connected WebSphereApplication Server process might have failed to returnto the console the list of available configuration targets.

Administrator response: Ensure that the configurationtarget is present in the connected WebSphere

CBACON009E • CBACON017E




Application Server, and that the list of availableconfiguration targets is returned to the console forselection. Try the operation again.

CBACON018E The name of the database specifiedin the {0} field must be between {1} and{2} characters long. Enter a valid value

and try the operation again.


Administrator response: Change the value to theexpected length, and try the operation again.

CBACON019E The JDBC connection setup failedbecause the previous attempt to createthe Audit Database failed.

Explanation: The Audit Database JDBC connector wasnot created because the creation of the Audit Databasewas not successful. The JDBC connector cannot be

created until the Audit Database is created successfully.

Administrator response: Ensure that the correctvalues are specified for for the creation of the AuditDatabase in the Audit Database panel. The JDBCconnector can then be created successfully.

CBACON020E The {0} field requires a value. Enter avalid value and try the operation again.

Explanation: The specified field is either empty orcontains a value that is not valid. A value must bespecified to continue.

Administrator response: Enter a valid value in thespecified field, and try the operation again.

CBACON022E The value specified in the {0} fieldmust be at least {1} digits long, but notgreater than {2} digits long. Enter a validvalue and try the operation again.


Administrator response: Change the value to theexpected length, and try the operation again.

CBACON023E The Database Instance OwnerPassword field requires a value. Enter avalid value and try the operation again.

Explanation: The specified field is either empty orcontains a value that is not valid. A value must bespecified to continue.

Administrator response: Enter a valid value in thespecified field, and try the operation again.

CBAIN0110E Prerequisite detection has not found aninstallation of IBM WebSphereApplication Server. The feature selectedfor installation requires IBM WebSphereApplication Server Version 7.0 or higher.Install the required version and run theinstallation again.

Explanation: The target machine does not IBMWebSphere Application Server installed.

Administrator response: Install the required minimumlevel of IBM WebSphere Application Server and run theCommon Audit Service installation again. Consult theproduct documentation for more information regardingthe software requirements.

CBAIN0120E Prerequisite detection has not found aninstallation of IBM DB2. The featureselected for installation requires eitherthe IBM DB2 Server or the IBM DB2

Client to operate. The versions allowedare Version 9.7 and higher. You mustinstall an allowable version of the IBMDB2 product either now or beforeattempting to use the selected productfeature.

Explanation: The target machine does not have eitheran IBM DB2 Server or IBM DB2 Client installed.

Administrator response: Install the required minimumlevel of IBM DB2 Server or Client before attempting toconfigure the Audit Service. Consult the productdocumentation for more information regarding thesoftware requirements.

CBAIN0130E Prerequisite detection has found aninstallation of either IBM DB2 Server orClient but it is not a correct version. Theversions allowed are Version 9.7 andhigher. You must install an allowableversion of the IBM DB2 product eithernow or before attempting to use theselected product feature.

Explanation: The target machine does not have acorrect version of either an IBM DB2 Server or IBMDB2 Client installed.

Administrator response: Install the required minimumlevel of IBM DB2 Server or Client before attempting toconfigure the Audit Service. Consult the productdocumentation for more information regarding thesoftware requirements.

CBAIN0200E The Common Audit Service installationfailed. An installation rollback has beenattempted.

Explanation: The Common Audit Service installation

CBACON018E • CBAIN0200E




failed and the system was returned to its preinstallstate.

Administrator response: Check the log file for details.Consult the product documentation for moreinformation regarding problem determination.

CBAIN0204E The Common Audit Serviceuninstallation failed.

Explanation: The Common Audit Service Serveruninstallation failed.


CBAIN0206E Check the version log. Run theuninstallation again.

Explanation: An error occurred during theuninstallation of the Common Audit Service.


CBAIN0207E Check the version log.

Explanation: An error occurred during the installationof the Common Audit Service.


CBAIN0216E Prerequisite detection has not found aninstallation of IBM WebSphereApplication Server. The feature selectedfor installation requires IBM WebSphereApplication Server Version version. If theIBM WebSphere Application Server isactually installed then continue theinstallation and enter the correctinstallation path when requested.Otherwise cancel the installation, installthe required software and run theinstallation again.

Explanation: The install could not locate an installedIBM WebSphere Application Server.

Administrator response: Install the required minimumlevel of IBM WebSphere Application Server and run theCommon Audit Service installation again. Consult theproduct documentation for more information regardingthe software requirements.

CBAIN0221E Please enter a value for version.

Explanation: An attempt to continue the installationwas made without providing input for a required userinput field.

Administrator response: Provide input for the userinput field and continue the installation. Consult the

product documentation for more information regardingrequired information during the installation.

CBAIN0227E Prerequisite detection has not found aninstallation of IBM WebSphereApplication Server. Install the requiredversion and run the installation again.

Explanation: The target machine does not IBMWebSphere Application Server installed.

Administrator response: Install the required minimumlevel of IBM WebSphere Application Server and run theCommon Audit Service installation again. Consult the

product documentation for more information regardingthe software requirements.

CBAIN0235E Please enter a value for:

Explanation: An attempt to continue the installationwas made without providing input for a required userinput field.

Administrator response: Provide input for the userinput field and continue the installation. Consult theproduct documentation for more information regardingrequired information during the installation.

CBAIN0335E The Common Audit Service is alreadyconfigured on this profile. The CommonAudit Service must be installed on adifferent directory path to configureagainst this profile. Use the Back buttonto select a different path and continue.

Explanation: This installation of the Common AuditService is already configured to a WebSphereApplication Server profile. You must install theCommon Audit Service on a different path to installagainst another profile.

Administrator response: Verify that Common auditService is already installed against the correct profile. If

not then uninstall the Common Audit Service andreinstall against this profile. Consult productdocumentation for more information regarding theundeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this uninstallation.

CBAIN0204E • CBAIN0335E




CBAIN0336E Configuration Management itemscannot be deployed or undeployed.Before continuing with the CommonAudit Service deployment: Check thatyou do not have another installation ofthe Common Audit Service on yourmachine. You may have already

deployed the ConfigurationManagement items form this otherinstallation. In this case you mustundeploy the Common audit servicefrom the selected profile using theinstaller in the other installation.

Explanation: The Common Audit Serviceconfiguration management items can only be deployedonce for a WebSphere Application Server profile. TheCommon audit service can be installed multiple timeson a host machine but can only be configured onceagainst each profile.

Administrator response: Verify the Common Audit

Service configuration management items areundeployed from the profile. Consult productdocumentation for more information regarding theundeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this installation.

CBAIN0337E The Configuration items were notundeployed correctly. Before continuingwith the Common Audit Serviceundeployment: Check the configurationlog for error conditions. Check that theWebSphere Application Server profile

you select is valid and running correctly.Explanation: Undeployment may fail for a WebSphereApplication Server profile if the profile is notconfigured correctly.

Administrator response: Verify the WebSphereApplication Server profile is correctly installed,configured and running correctly. Consult productdocumentation for more information regarding theundeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this installation.

CBAIN0338E The Configuration items were notdeployed correctly. Before continuingwith the Common Audit Servicedeployment: Check the configurationlog for error conditions. Check that theWebSphere Application Server profileyou select is valid and running correctly.

Explanation: Deployment may fail for a WebSphereApplication Server profile if the profile is notconfigured correctly.

Administrator response: Verify the WebSphere

Application Server profile is correctly installed,configured and running correctly. Consult productdocumentation for more information regarding thedeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this installation.

CBAIN0339E Please enter a value for the WebSphereprofile directory.

Explanation: The WebSphere profile directory field isempty

Administrator response: Provide a valid WebSphereprofile directory path and continue the installation.Consult the product documentation for moreinformation regarding required information during theinstallation.

CBAIN0340E Please enter a valid directory as aWebSphere profile directory.

Explanation: The WebSphere profile directory fieldvalue is not a valid directory.


CBAIN0341E Please enter a valid WebSphere profilepath. Either a valid cell or WebSphereinstall path could not be found for thisprofile.

Explanation: The setupCmdLine script for this profilewas not found or was invalid. The WAS_HOME andWAS_CELL variables were not found.


CBAIN0342E Please enter a valid WebSphere profilepath. The WebSphere edition andversion could not be determined for thisprofile.

Explanation: The WAS_HOME/properties/version/WAS.product file was not found or was invalid.WebSphere version information is contained in this file

Administrator response: Check the WebSphereinstallation related to this profile still exists andcontinue the installation. Consult the productdocumentation for more information regarding requiredinformation during the installation.





CBAIN0343E Please enter a valid WebSphere profilepath. Only the WebSphere Base editionor the WebSphere Network Deploymentedition are supported.

Explanation: The id attribute in the WAS.product filedid not contain either BASE or ND.

Administrator response: Install and configure thecorrect WebSphere edition and continue thisinstallation. Consult the product documentation formore information regarding prerequisite products.

CBAIN0344E Please enter a valid WebSphere profilepath. WebSphere version 7.0 or higher isa prerequisite for Common AuditService 7.0.

Explanation: The version attribute in the WAS.productfile was not of the form 7.0.x.x.

Administrator response: Install and configure the

correct WebSphere version and continue thisinstallation. Consult the product documentation formore information regarding prerequisite products.

CBAIN0345E Please enter a valid WebSphere profilepath. The type of profile could not bedetermined.

Explanation: The WAS_PROFILE/properties/version/profile.version file was not found or the id attribute init was not found.

Administrator response: Check the WebSphere profileis complete and continue this installation. Consult theproduct documentation for more information regardingrequired information during the installation.

CBAIN0346E Please enter a valid WebSphere profilepath. A managed node profile is notvalid.

Explanation: The id attribute in theWAS_PROFILE/properties/version/profile.version filedid not have value of dmgr yet the profile is part of acluster.

Administrator response: Check that a deploymentmanager or stand-alone profile is available andcontinue this installation. Consult the product

documentation for more information regarding requiredinformation during the installation.

CBAIN0347E The SOAP connector port for thisprofile could not be found. Check theprofile is configured correctly.

Explanation: The SOAP_CONNECTOR_PORTproperty in the WAS_PROFILE/properties/portdef.props file could not be found. This could be

because the file itself is not present or because theproperty entry is not in the file.

Administrator response: Check that the profile has been configured correctly, especially the portallocations. Consult the product documentation formore information regarding required informationduring the installation.

CBAIN0348E A connection could not be made with

the deployment manager or stand-aloneserver in this profile. Ensure thedeployment manager or stand-aloneserver is running.

Explanation: The installer uses the SOAP protocol tocommunicate with WebSphere services. For SOAP towork the corresponding server must be running.

Administrator response: Issue the startManager orstartServer servername command as appropriate.Consult the product documentation for moreinformation regarding required information during theinstallation.

CBAIN0349E An attempt to communicate with theWebSphere server failed due to aninternal fault. Check the profile isconfigured correctly and the server isrunning.

Explanation: The connection attempt failed due to theAdminClient object not being created correctly. This ismost likely because the WebSphere class jars were notcorrectly loaded or were corrupt.

Administrator response: Check that the value of theWAS_HOME property in the setupCmdLine scriptidentifies a valid WAS installation. Consult the product


CBAIN0350E Please enter a value for the WebSphereAdministrator user name.

Explanation: The WebSphere user name field is empty.

Administrator response: Provide a valid WebSphereuser name and continue the installation. Consult theproduct documentation for more information regardingrequired information during the installation.

CBAIN0351E Please enter a value for the WebSphere

Administrator password.

Explanation: The WebSphere password field is empty.

Administrator response: Provide a valid WebSpherepassword corresponding with the user name andcontinue the installation. Consult the productdocumentation for more information regarding requiredinformation during the installation.





CBAIN0352E This is not a valid administrator useridor password.

Explanation: Could not connect to WebSphere as avalid administrator.

Administrator response: Provide a valid WebSphereadministrator login. Consult the product


CBAIN0353E Common Audit Service is alreadyinstalled on this profile. Please chooseanother profile.

Explanation: The WebSphere profile already hasCommon Audit Service installed on it.

Administrator response: The WebSphere profiledirectory path contains an config/ibmcars subdirectory.Consult the product documentation for moreinformation regarding required information during the

installation.

CBAIN0354E The Common Audit Service is notinstalled on this profile. Please chooseanother profile.

Explanation: The WebSphere profile does not haveCommon Audit Service installed on it.

Administrator response: The WebSphere profiledirectory does not contain an config/ibmcarssubdirectory. Consult the product documentation formore information regarding required informationduring the uninstallation.

CBAIN0355E The Common Audit Service is notunconfigured from the profile - profile.Cancel this uninstall, fully unconfigurethe Common Audit Service then retry. Ifyou continue with this uninstall youmay need to manually unconfiguresome components of the Common AuditService.

Explanation: Common audit service has not beencompletely unconfigured from the WebSphere profile.

Administrator response: Inspect the install-path<CARS install path>/server/etc/carsconfig.status file

to determine which components are still configured.Consult the product documentation for moreinformation regarding manual unconfiguration.

CBAIN0356E This copy of the Common Audit Serviceis not installed against the selectedprofile. Reselect the profile andcontinue.

Explanation: This installer did not install the CommonAudit Service components on this profile.

Administrator response: The <CARS installpath>/server/profiles/profile_name does not match theprofile name selected. Consult the productdocumentation for more information regarding requiredinformation during the uninstallation.

CBAIN0357E The installer was unable to update the

installer properties file. Check theinstall directory is valid.

Explanation: This installer could not create or updatethe installer.properties file in the install directory.

Administrator response: Check the install directoryhas write permissions and file create permissions.

CBAIN0358E The installer was unable to extract filesinto directory directory_name. Check theinstall directory has the correctpermissions.

Explanation: This installer could not extract files from

its archive into the directory. It may not have been ableto create the directory initially.

Administrator response: Check the install directoryhas write permissions and file create permissions.

CBAIN0359E The installer was unable to install thecomponent component_name.

Explanation: The component could not be installed because of some installer or other unspecified error.This error occurs when the component only contains anaction that executes on uninstallation.

Administrator response: Check the vpd.properties filefor this user is not corrupt. It might already contain aninstance record for this component.

CBAIN0360E The installer was unable to update thefile file_name. check the file exists andhas the correct permissions.

Explanation: This parameter file could not beupdated. It might not exist or have the correctpermissions.

Administrator response: Check the file exists and haswrite permissions.

CBAIN0361E The installer was unable to create aregistry entry with the file file_name.

Explanation: This registry file failed when applied toa Win32 registry.

Administrator response: Check the state of theWindows registry.





CBAIN0362E The installer was unable to complete theConfiguration Console deployment.

Explanation: This console deployment failed. Eitherone of the deployment JACL scripts or a file operationfailed.

Administrator response: Check that the WebSphere

Application Server profile selected is active - either theserver or deployment manager in the profile is running.Check that the user running the installation hasfile/directory create and update permissions in theprofile subdirectory.

CBAIN0363E The installer was unable to complete theAudit Service deployment.

Explanation: This audit service deployment failed.Either one of the deployment JACL scripts or a fileoperation failed.

Administrator response: Check that the WebSphere

Application Server profile selected is active - either theserver or deployment manager in the profile is running.Check that the user running the installation hasfile/directory create and update permissions in theprofile subdirectory.

CBAJS0001E formatArgument unsupported.

Explanation: The argument specifying how to formatthe event is not supported. Refer to the Auditing Guidefor the list of supported formats.

Administrator response: Specify a supported outputformat.

CBAWS0700E The IBM Tivoli Common AuditingWeb service could not look up theconfigured emitter profile. A stack traceof the error follows.

Explanation: The Web service encountered an errorwhen looking up the emitter factory profile specified inthe configuration. This error message is accompanied

by a stack trace of the exception that caused theproblem.

Administrator response: Examine the exception stacktrace immediately following this message to see thecause of this problem. Ensure that the emitter factory

profile specified in the Web service configuration iscorrect. Ensure that the Common Event InfrastructureServer enterprise application is running properly. If theproblem persists, contact your IBM servicerepresentative.

CBAWS0701E The IBM Tivoli Common AuditingWeb service could not create a CommonEvent Infrastructure emitter. A stacktrace of the error follows.

Explanation: The IBM Tivoli Common Auditing Web

service could not be started due to an errorencountered when trying to connect to the CommonEvent Infrastructure server. This error message isaccompanied by a stack trace of the exception thatcaused the problem.

Administrator response: Examine the exception stacktrace immediately following this message to see the

cause of this problem. Ensure that the emitter factoryprofile specified in the Web service configuration iscorrect. Ensure that the Common Event Infrastructureenterprise application is running properly. If theproblem persists, contact your IBM servicerepresentative.

CBAWS0702E The IBM Tivoli Common AuditingWeb service could not create a J2EEtransaction context. A stack trace of theerror follows.

Explanation: The Web service could not be started dueto an error encountered creating a transaction context.

The Web service needs a transaction context for propertransactional processing of incoming events. This errormessage is accompanied by a stack trace of theexception that caused the problem.

Administrator response: Examine the exception stacktrace immediately following this message to see thecause of this problem. Ensure that you are running asupported version of WebSphere Application Server. If the problem persists, contact your IBM servicerepresentative.

CBAWS0703E The IBM Tivoli Common AuditingWeb service could not create a

SOAPFactory. A stack trace of the errorfollows.

Explanation: The Web service could not be started dueto an error encountered creating a JAX-RPCSOAPFactory. This error message is accompanied by astack trace of the exception that caused the problem.


CBAWS0704E The IBM Tivoli Common AuditingWeb service could not send an event tothe Common Event Infrastructure server.The failed event had the index index inan input message containing numEventsevents. Processing of the input messagewas stopped. A stack trace of theCommon Event Infrastructure errorfollows.

Explanation: The auditing Web service forwards

CBAIN0362E • CBAWS0704E




incoming events to the Common Event Infrastructureserver. The server failed to process an incoming event.This error message is accompanied by a stack trace of the exception that caused the problem.

Administrator response: Examine the exception stacktrace immediately following this message to see thecause of this problem. Ensure that the Common Event

Infrastructure Server enterprise application is workingproperly. If the problem persists, contact your IBMservice representative.

CBAWS0705E The IBM Tivoli Common AuditingWeb service could not deserialize anincoming Common Base Event from aSOAP message. The failed event hadthe index index in an input messagecontaining numEvents events. Processingof the input message was stopped. Thefailure reason was: cbeXmlMsg

Explanation: The Web service receives Common Base

Events from auditing clients, encoded in a SOAPmessage. One of these events could not be read due tosyntax that is not valid. This indicates a problem withthe client application.

Administrator response: Contact your IBM servicerepresentative.

CBAWS0706E The IBM Tivoli Common AuditingWeb service could not create a SOAPfault message. A stack trace of the errorfollows.

Explanation: When an error occurs processing events,

the Web service returns a SOAP fault message to theclient application, containing details of the error. Anerror was encountered trying to build the SOAP faultmessage. This indicates a problem with the WebSphereWeb services runtime. This error message isaccompanied by a stack trace of the exception thatcaused the problem.


CBAWS0707E The XML element element is not validwithin a container element.

Explanation: This is one of the possible reasons forthe error message CBAWS0705E.


CBAWS0708E Failed to create the any element dueto an XML serialization error. The errormessage was: xmlErrorMsg.

Explanation: This is one of the possible reasons forthe error message CBAWS0705E. This message indicatesa problem with the JAXP runtime.

Administrator response: Examine the enclosed errormessage for a detailed description of the error. Ensurethat you are running a supported version of WebSphereApplication Server. If the problem persists, contact yourIBM service representative.

CBAWS0709E Duplicate XML element field withinelement container. +



CBAWS0710E The Common Base Event situationcategory categoryName is not valid.



CBAWS0711E The XML attribute attribute is notvalid for element container.



CBAWS0712E No XML text is allowed in elementelement.



CBAWS0713E Unknown message code: code ;

message parameters: parameters

Explanation: This message appears when a messagecannot be found in the translation table. It indicates aproblem with the installation of the Web service.

Administrator response: Verify that the IBM TivoliCommon Auditing Web service is installed properly. If the problem persists, contact your IBM servicerepresentative.

CBAWS0705E • CBAWS0713E




CBAWS0714E The Common Base Event XML couldnot be converted to a string.EventFormatter methodeventFromCanonicalXML returned anexception : exception_text

Explanation: This message appears when an event'sXML cannot be converted to a string.

javax.xml.transform.TransformerTransformerConfigurationException orTransformerException has been encountered. The eventcould not be processed as a Common Base Event.

Administrator response: Ensure that the applicationthat submits events is working properly. If the problempersists, contact your IBM service representative.

CBAWS0715E The Common Base Event XML couldnot be converted to aCommmonBaseEvent object.EventFormatter method

eventFromCanonicalXML returned anexception : exception_text

Explanation: This message appears when an eventcannot be processed as a Common Base Event. org.eclipse. hyades. logging. events. cbe. util. EventFormatter Event Formatter. event From Canonical XMLmethod returned an exception. The event could not beprocessed as a Common Base Event.

Administrator response: Ensure that the applicationthat submits events is working properly. If the problempersists, contact your IBM service representative.

CBAXS0001E The specified relational database

management system is not supported.Database: rdbms_name Version:rdbms_version

Explanation: The Common Audit Service EJBconfiguration has been configured to store data in anunsupported relational database management system.

Administrator response: Configure the CommonAudit Service using the Common Audit ServiceConfiguration Wizard. Refer to your products AuditingGuide for a list of supported relational databasemanagement systems.

CBAXS0002E The relational database managementsystem reported the following error.Data source resource reference:data_source SQL state: sql_state Vendorcode: vendor_code Message: message

Explanation: The SQL state is the standard JDBC errorcode for the reported problem. The vendor code is thedatabase vendor specific error code. The messageparameter is the localized error message that isreturned by the relational database managementsystem.

Administrator response: Refer to the appropriaterelational database documentation for informationabout the SQL state, the vendor code, and the errormessage.

CBAXS0006E The Common Audit database schemais not at the required level. The

database schema version isactual_schema_version , but the requiredversion is required_schema_version.

Explanation: The Common Audit Service databaseschema is not at the required level and is aninconsistent state. Events cannot be stored to the XMLdata store till the problem is corrected.

Administrator response: Please contact your IBMrepresentative to resolve the problem.

CBAXS0008E The WebSphere Application Serverconnection pooling system returned a

database connection that is not valid.Data source resource reference:data_source

Explanation: The Common Audit Service XML datastore EJB received several StaleExceptionConnectionwhile trying to store events and the EJB has determinedthat database connection is not valid.

Administrator response: Refer to the WebSpehereApplication Server Administration guide and performthe recommended steps to recover from this errorcondition.

CBAXS0009E A database connection could not beobtained from the connection pool aftermaximum_retries attempts were made toobtain a connection. Data sourceresource reference: data_source

Explanation: The WebSphere Application Serverconnection pooling system was not able to return adatabase connection using the current configuration of the connection pool and the configured number of retries.

Administrator response: Try one or more of thefollowing actions: Configure the data source again andincrease the maximum number of connections. This

option improves performance and event throughput.Configure the data source again and increase theconnection timeout value. Increase the number of retries in the XML data store profile.

CBAXS0011E The XML data store cannot find theresource reference in JNDI. Resourcereference: resource_reference_name

Explanation: The XML data store uses resourcereferences to obtain the data source that is used toobtain connections to the database and for the object

CBAWS0714E • CBAXS0011E




that contains the configuration for the XML data store.The resource reference information that is specifiedduring the installation is not valid. For example, a JNDIname that is not valid was specified for the resourcereference. If the specified resource reference name is

java:comp/env/XmlStoreProfileReference, the XMLdata store cannot access the configuration data. If thespecified resource reference name is

java:comp/env/XmlDataSourceReference, the XMLdata store cannot access the data source.

Administrator response: In the administrative console,configure the specified resource reference to a valid

JNDI resource.

CBAXS0014E The relational database managementsystem reported the following error.Data source resource reference:data_source Database product: rdbms_nameDatabase version: rdbms_version SQLstate: sql_state Vendor code: vendor_code

Message: messageExplanation: The SQL state is the standard JDBC errorcode for the reported problem. The vendor code is thedatabase vendor specific error code. The messageparameter is the localized error message that isreturned by the relational database managementsystem.


CBAXS0016E The value property_value for the

property property_name cannot beconverted to an integer. The defaultvalue of default_value is used.

Explanation: The internal table used by the CommonAudit Service is in an inconsistent state.


CBAXS0017E The value property_value for theproperty property_name is larger than themaximum allowed value ofmaximum_value. The default value of

default_value is used.

Explanation: The internal table used by the CommonAudit Service is in an inconsistent state resulting in theerror..


CBAXS0018E The value property_value for theproperty property_name is less than theminimum allowed value ofminimum_value. The default value ofdefault_value is used.

Explanation: The internal table used by the CommonAudit Service is in an inconsistent state resulting in theerror.


CBAXS0023E The relational database managementsystem reported the following error.Data source resource reference:data_source Database product: rdbms_nameDatabase version: rdbms_version SQLstate: sql_state Vendor code: vendor_codeMessage: message

Explanation: The SQL state is the standard JDBC error

code for the reported problem. The vendor code is thedatabase vendor specific error code. The messageparameter is the localized error message that isreturned by the relational database managementsystem.


CBAXS0024E The length of the XML column cannotbe determined from the databasemetadata.

Explanation: The XML data store uses the databasemetadata to determine length of the column. The XMLdata store needs this information to determine whetherto store the event in the main table or use both themain and the overflow tables.

Administrator response: Please contact your IBMrepresentative to resolve this problem.

CBAXS0026E The XML data store cannot convert anevent from string format to binaryformat. The event cannot be stored.

Explanation: The XML data store stores an event as binary data, using the UTF-8 codeset to convert stringdata to binary data. Because the string-to-binary formatconversion failed, the event cannot be stored.

Administrator response: This error should not occur.If the problem persists, contact IBM Software Supportfor help.

CBAXS0014E • CBAXS0026E




CBAXS0027W The configuration value,interval_old_value , for the bucket checkinterval is not valid. The value has beenchanged to the default value, which isinterval_new_value seconds.

Explanation: The XML data store writes an event tothe current active bucket. The bucketCheckIntervalcustom property specifies the maximum time, inseconds, that the XML data store can function withoutchecking if the active bucket has been changed. Becausethe property value was set to a value that is less than 0,the XML data store will use the default value.

Administrator response: Set the value of the bucketCheckInterval property in the<WAS_HOME>/profiles/<profile_name>/config/ibmcars/ibmcarsserver.properties file to a positiveinteger, then restart WebSphere Application Server. In aclustered environment, restart the deployment managerand the managed nodes.

CBAXS0034W Either no value has been set or valueset is invalid for property property_nameDefault Value : default_value will beassigned to it.

Explanation: property_name : It will be eithercompress or checkbucketinterval default_value : Defaultvalues for these are true and 300000 respectively

CBAXS0035E The following error occured whilegetting handle toibmcarsserver.properties. error DefaultValues will be used for properties

compress and checkbucketintervalExplanation: error : The error that occured whileextracting handle of the repository fileibmcarsserver.properties

CBAXS0036E The following error occured whileloading ibmcarsserver.properties. errorDefault Values will be used forproperties compress andcheckbucketinterval

Explanation: error : The error that occured whileloading the repository file ibmcarsserver.properties

CBAXS0037W The event with global instance id globalInstanceId can not be inserted intothe table tableName since an event withthe same global instance id alreadyexists.

Explanation: error : The error occured because anevent with a similar global instance id already exists inthe database

CBAXS0038E The event with global instance id globalInstanceId can not be inserted intothe table tableName since the value fieldValue for the normalized field fieldName is not valid.

Explanation: error : The error occured because thevalue for the normalized field is not a valid value.

CFGMB0001E The CARS_HOME environmentvariable was not found at was_scope.

Explanation: The CARS_HOME environment variablemust be defined at the cell scope of the specifiedWebSphere Application Server deployment target.

Administrator response: Define the CARS_HOMEenvironment variable at the cell scope of thedeployment target, and try the operation again.

CFGMB0002E The CARS_HOME environment

variable defined at the was_scope scopewas not initialized with the installationlocation of the Common Audit Serviceserver.

Explanation: The CARS_HOME environment variabledefined at the cell scope of the deployment target must

be initialized with the installation location of the targetCommon Audit Service server.

Administrator response: Initialize the CARS_HOMEenvironment variable with the value of the installationlocation of the target Common Audit Service server,and try the operation again.

CFGMB0003E An internal error occurred whileretrieving the value of theCARS_HOME environment variable.The error message that was received is:err_msg.

Explanation: An attempt to retrieve the value of theCARS_HOME environment variable failed because aprocessing error occurred during the operation.

Administrator response: Try the operation again. If this error occurs again, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0004E The app_name application cannot bedeployed in the target_scope deploymenttarget scope because it already exists inthat deployment target scope.

Explanation: The application that is specified fordeployment into the deployment target scope must notalready be present in that scope.

Administrator response: Unconfigure (undeploy) theapplication from the deployment target scope using theconfiguration console and try the operation again.

CBAXS0027W • CFGMB0004E




CFGMB0005E The app_name application cannot beundeployed from the target_scopedeployment target scope because it doesnot already exist in that deploymenttarget scope.

Explanation: The application that is specified forundeployment from the deployment target scope musthave already been deployed in that scope.

Administrator response: Configure (deploy) theapplication in the deployment target scope using theconfiguration console and try the operation again.

CFGMB0006E The JDBC connector for the CommonAudit Service XML data store (database)cannot be created because the specifiedpath of the DB2 JDBC drivers, driver_dir ,is not valid. Enter the valid path of theDB2 JDBC drivers that are used tocreate the JDBC connector for the

Common Audit Service XML data store(database).

Explanation: The correct path of the type-4 DB2 JDBCdrivers must be specified in the JDBC Connectors panelof the configuration console. The DB2 JAR filedb2jcc.jar contains DB2 type-4 JDBC drivers and isusually located at DB2_INSTALL_ROOT/java folder onthe target system.

Administrator response: Specify the correct path of the directory on the target system containing type-4DB2 JDBC drivers, and try the operation again.

CFGMB0007E The configuration of the JDBC

connector for the Common AuditService XML data store (database) failedbecause a connection to the db_namedatabase cannot be established usingthe specified JDBC connectioninformation.

Explanation: Valid JDBC connection information must be specified in the JDBC Connectors panel of theconfiguration console to create the JDBC connector forthe Common Audit Service XML data store (database).

Administrator response: Specify correct values for theXML data store host name, instance port number,instance owner user name, instance owner userpassword, and the location of type 4 JDBC drivers inthe JDBC Connectors panel of the configuration consoleand try the operation again

CFGMB0008E Input validation for the meth_namemethod failed because the specifieddatabase name, db_name , does not exist.

Explanation: The target database that is specified forthe deployment of the Java stored procedures mustalready exist.

Administrator response: Ensure that the specifieddatabase exists and that a connection can be establishedto it, then try the operation again.

CFGMB0009E Input validation for the meth_namemethod failed because an incorrect levelof software was detected for the

specified database name, db_name.

Explanation: The software versions of the databaseschema components and the reporting tables must be atspecific software levels. For the database to be at thecorrect level, the values of schemaMajorVersion,schemaMinorVersion, and SchemaPtfLevel in theCEI_T_PROPERTIES table must be 6, 0, and 0,respectively. For the reporting tables to be at the correctlevel, the values of ReportTableSchemaMajorVersion,ReportTableSchemaMinorVersion, andReportTableSchemaPtfLevel must be 2, 0, and 0,respectively.

Administrator response: Upgrade the target database

used for the XML data store to the correct level, and trythe operation again.

CFGMB0011E Input validation for the meth_namemethod failed because the CommonEvent Infrastructure event server is notconfigured in the target_scope WebSphereApplication Server deployment target.

Explanation: The Common Event Infrastructure eventserver (EventService) must be configured in theWebSphere Application Server deployment target

before you can configure CommonAuditService to sendevents to the event server.

Administrator response: Ensure that Common EventInfrastructure EventService is configured in WebSphereApplication Server deployment target, and try theoperation again.

CFGMB0012E Input validation for the meth_namemethod failed because theibmcarsserver.properties file was notfound at target_scope.

Explanation: The ibmcarsserver.properties file must bepresent in the WAS_PROFILE_PATH/config/ibmcarsfolder to configure CommonAuditService to route

events to the Common Event Infrastructure eventserver.

Administrator response: Ensure thatibmcarsserver.properties file is located at the requiredlocation, and try the operation again.

CFGMB0005E • CFGMB0012E




CFGMB0013E An internal error occurred whileexecuting the meth_name method. Theerror message that was received is:actual_exception

Explanation: A processing error occurred during theoperation.


CFGMB0014E An internal error occurred whiledeploying the app_name application. Theerror message that was received is:actual_exception

Explanation: The specified application might not have been deployed successfully because a processing erroroccurred during the operation.

Administrator response: Check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error and the status of thedeployment.

CFGMB0015E An internal error occurred whileupdating the prop_val_pair key/value pairin the carsconfig.status file in theCARS_HOME/server/etc folder. Theerror message that was received is:actual_exception

Explanation: An attempt to update the specifiedinformation in the carsconfig.status file failed because a

processing error occurred during the operation.Administrator response: Try the operation again. If this error occurs again, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0016E An internal error occurred whileuninstalling the app_name application.The error message that was received is:actual_exception

Explanation: An attempt to uninstall the specifiedapplication might have failed because a processing

error occurred during the operation.Administrator response: Check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error and the status of theuninstallation.

CFGMB0017E The app_name application failed tostart in the target_scope WebSphereApplication Server deployment target.The error message that was received is:actual_exception

Explanation: An attempt to start the specifiedapplication on the deployment target failed because aprocessing error occurred during the operation.


CFGMB0018E The app_name application failed tostop running in the target_scopeWebSphere Application Serverdeployment target. The error messagethat was received is: actual_exception

Explanation: An attempt to stop the specifiedapplication on the deployment target failed because aprocessing error occurred during the operation.

Administrator response: Try the operation again. If this error occurs again, check the WebSphereApplication Server log file (SystemOut.log) to

determine the source of the error.

CFGMB0019E The enterprise applications related tothe Common Audit Service server couldnot be stopped in the target_scopeWebSphere Application Serverdeployment target because they werenot found in the specified deploymenttarget scope.

Explanation: Enterprise applications related to theCommon Audit Service server must be deployed intothe specified deployment target before they can bestopped.

Administrator response: Ensure that related enterpriseapplications are deployed and running in the specifieddeployment target, then try the operation again.

CFGMB0020E The changes made toibmcarsserver.properties file in theconfiguration repository of theDeployment Manager could not besynchronized with the copies of this filethat are located in the configurationrepositories of the managed nodes. Theerror message that was received is:actual_exception

Explanation: The configuration changes made to theDeployment Manager properties file were notpropagated to the corresponding managed nodes

because an internal processing error occurred duringthe operation.

Administrator response: Ensure that nodeagentservice that is associated with each managed node isrunning, then try the operation again.





CFGMB0021E The JNDI name of theXmlStorePlugin application in thedefault Common Event Infrastructureevent server could not be defined. Theerror message that was received is:actual_exception

Explanation: The attempt to define the specified JNDIname of the XmlStorePlugin application failed.

Administrator response: Use the services integrationpanel of the WebSphere Administrative Console toensure that the xmlStoreEjbJndiName custom propertydoes not exist in the default Common EventInfrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0022E The CARS Events event group couldnot be created in the default Common

Event Infrastructure event server. Theerror message that was received is:actual_exception

Explanation: The attempt to create the specified eventgroup failed.

Administrator response: Ensure that event groupnamed CARS Events does not exist in the defaultCommon Event Infrastructure event server, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)to determine the source of the error.

CFGMB0023E The event selector string of the

default All events event group in thedefault Common Event Infrastructureevent server could not be modified. Theerror message that was received is:actual_exception

Explanation: The attempt to change the event selectorstring of the specified event group failed.

Administrator response: Ensure that event groupnamed All events exists in the default Common EventInfrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the problem.

CFGMB0024E The JNDI name of theXmlStorePlugin application in thedefault Common Event Infrastructureevent server could not be removed. Theerror message that was received is:actual_exception

Explanation: The attempt to remove the JNDI name of the XmlStorePlugin application failed.

Administrator response: Use the services integration

panel of the WebSphere Administrative Console toensure that the xmlStoreEjbJndiName custom propertyexists in the default Common Event Infrastructureevent server, then try the operation again. If theproblem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the sourceof the error.

CFGMB0025E The CARS Events event group couldnot be removed from the defaultCommon Event Infrastructure eventserver. The error message that wasreceived is: actual_exception

Explanation: The attempt to remove the specifiedevent group failed.

Administrator response: Ensure that event groupnamed CARS Events exists in the default CommonEvent Infrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) to


CFGMB0026E The event selector string of thedefault All events event group in thedefault Common Event Infrastructureevent server could not be restored. Theerror message that was received is:actual_exception

Explanation: The attempt to restore the event selectorstring of the All events group failed.

Administrator response: Ensure that event groupnamed All events exists in the default Common Event

Infrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the problem.

CFGMB0027E The enable property of the target_appenterprise application could not be setto the enable_prop_val value. The errormessage that was received is:actual_exception

Explanation: The enable property was not set to thespecified value because a processing error occurredduring the operation.

Administrator response: Try the operation again. If the problem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the sourceof the error.

CFGMB0028E The file permissions on thecmdTemp.sh temporary file could not bechanged.

Explanation: The file permissions on the cmdTemp.shtemporary file were not changed because a processing





error occurred during the operation.


CFGMB0029E The database named db_name couldnot be created. Review the log, log_file ,to determine the cause of the failure.

Explanation: An error occurred while attempting tocreate the specified XML data store (database).

Administrator response: Ensure that the target DB2server is running and does not already contain thespecified database name, then try the operation again.If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) or theCommon Audit Service logs (dbconfig.log) to determinethe source of the error.

CFGMB0031E The reporting staging tables couldnot be created in the target databasenamed db_name.

Explanation: An error occurred while attempting tocreate the staging tables in the specified database.

Administrator response: Ensure that the target DB2server is running and that the specified database existson the DB2 server and can be contacted, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0032E The target database, db_name , couldnot be upgraded to the correct softwarelevel.

Explanation: The database that is specified for use asthe XML data store could not be upgraded to thecorrect software level. The software versions of thedatabase schema components and the reporting tablesmust be at specific software levels. For the database to

be at the correct level, the values of schemaMajorVersion, schemaMinorVersion, andSchemaPtfLevel in the CEI_T_PROPERTIES table must

be 6, 0, and 0, respectively. For the reporting tables to

be at the correct level, the values of ReportTableSchemaMajorVersion,ReportTableSchemaMinorVersion, andReportTableSchemaPtfLevel must be 2, 0, and 0,respectively.

Administrator response: Ensure that the target DB2server is running and that the specified database existson the DB2 server and can be contacted, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0033E The IBMCARS_DD_REPORT andIBMCARS_EVENT_DETAIL Java storedprocedures could not be deployed intothe db_name database.

Explanation: An error occurred while attempting todeploy the specified Java stored procedures into thetarget database.

Administrator response: Ensure that the target DB2server is running and that the target database exists onthe DB2 server and can be contacted. If the server isrunning on a UNIX or Linux system, ensure that thelinks to the required JDK libraries are created in theuser/sbin folder, then try the operation again. Refer tothe Auditing Guide for information on the settings thatare required before deploying Java stored procedureson UNIX and Linux platforms.

CFGMB0034E The record of the last created XMLdata store (db_name) could not be

updated in the carsdb.properties file,which is located at CARS_HOME/ server/etc folder on the target system.

Explanation: An error occurred while attempting toupdate the record in the carsdb.properties file of thelast created database that is used as the XML datastore.


CFGMB0035E The record of the last created XML

data store (db_name) could not beremoved from the carsdb.properties file,which is located at CARS_HOME/ server/etc folder on the target system.

Explanation: An error occurred while attempting toremove the record from the carsdb.properties file of thelast created database that is used as the XML datastore.


CFGMB0036E The value could not be set for theDB2UNIVERSAL_JDBC_DRIVER_PATHenvironment variable at the object_typelevel for the target_scope WebSphereApplication Server deployment target.

Explanation: An error occurred while attempting toset the value of theDB2UNIVERSAL_JDBC_DRIVER_PATH environmentvariable.

Administrator response: Try the operation again. If





the problem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the sourceof the error.

CFGMB0037E The JDBC resources that are used toaccess the XML data store (database)could not be created on the target_object

WebSphere Application Serverdeployment target because the specifieddeployment target does not exist.

Explanation: The WebSphere Application Serverdeployment target that is specified for creating the

JDBC resources must already exist and cannot alreadycontain the JDBC resources.

Administrator response: Verify that the deploymenttarget exists and that the JDBC resources do not alreadyexist in the deployment target, then try the operationagain.

CFGMB0038E The JDBC connection informationthat is used to access the XML data store(database) could not be updated in theibmcars.properties file that is located inthe CARS_HOME/server/etc folder onthe target system. The error messagethat was received is: target_exception

Explanation: The ibmcars.properties file was notupdated with the JDBC connection information becausea processing error occurred during the operation.

Administrator response: Try the operation again. If the problem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the source

of the error.

CFGMB0039E The JDBC resources that are used toaccess the XML data store (database)could not be created on the target_objectWebSphere Application Serverdeployment target. The error messagethat was received is: target_exception

Explanation: The JDBC resources were not created onthe specified WebSphere Application Serverdeployment target because an error occurred duringprocessing.


CFGMB0040E The JDBC resources that are used toaccess the XML data store (database)could not be removed from thetarget_object WebSphere ApplicationServer deployment target. The errormessage that was received is:target_exception

Explanation: The JDBC resources were not removedfrom the specified WebSphere Application Serverdeployment target because an error occurred duringprocessing.

Administrator response: Try the operation again. If the problem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the source

of the error.

CFGMB0041E An internal error occurred whilequerying the target_scope WebSphereApplication Server deployment target todetermine if the Common EventInfrastructure event server wasconfigured. The error message that wasreceived is: target_exception

Explanation: A query failed to determine if the defaultCommon Event Infrastructure event server wasconfigured successfully on the deployment target

because a processing error occurred during the

operation.


CFGMB0042E An internal error occurred whilequerying the target DB2 server todetermine if the db_name databasealready exists. The error message thatwas received is: target_exception

Explanation: The query failed to determine if the

specified database name already exists on the targetDB2 server because an internal processing erroroccurred.

Administrator response: Ensure that the target DB2server is running, then try the operation again. If theproblem persists, check the WebSphere ApplicationServer log file (SystemOut.log) or the Common AuditService logs (dbconfig.log) to determine the source of the error.

CFGMB0043E An error occurred while querying thetarget DB2 server to determine if thetarget db_name database is at the correct

software level. The error message thatwas received is: target_exception

Explanation: The query failed to determine if thespecified database is at the correct software level

because an internal processing error occurred.

Administrator response: Ensure that the target DB2server is running and that the target DB2 servercontains the specified database name, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) to






CFGMB0044E An error occurred while querying thetarget DB2 server to determine if theIBMCARS_DD_REPORT andIBMCARS_EVENT_DETAIL DB2 Javastored procedures are deployed into the

db_name database. The error messagethat was received is: target_exception

Explanation: The query failed to determine if thespecified Java stored procedures were deployedsuccessfully because a processing error occurred duringthe operation.

Administrator response: Ensure that the target DB2server is running and that the target DB2 servercontains the specified database name, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0045E An error occurred while checking theability of the app_name enterpriseapplication to start on the next restart ofthe target WebSphere ApplicationServer. The error message that wasreceived is: target_exception

Explanation: An attempt failed to determine if thespecified application will start successfully if theWebSphere Application Server instance is restarted.

Administrator response: Try the operation again. If this error occurs again, check the WebSphere

Application Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0046E An error occurred while querying thetarget DB2 server to determine if thestaging tables are present in the targetdb_name database. The error messagethat was received is: target_exception

Explanation: The query failed to determine if thestaging tables are present in the target database becausean error occurred during the operation.

Administrator response: Ensure that the target DB2

server is running and that the target DB2 servercontains the specified database name, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0047E An internal error occurred whileretrieving the value of theUSER_INSTALL_ROOT environmentvariable of the target WebSphereApplication Server. The error messagethat was received is: target_exception

Explanation: The USER_INSTALL_ROOT environmentvariable contains the profile path of the targetWebSphere Application Server profile. This value couldnot be retrieved because an internal processing erroroccurred during the operation.


CFGMB0048E An internal error occurred whileretrieving the value of theDB2UNIVERSAL_JDBC_DRIVER_PATH

environment variable defined at thetarget_scope level of the targetWebSphere Application Server process.The error message that was received is:target_exception

Explanation: The value of theDB2UNIVERSAL_JDBC_DRIVER_PATH environmentvariable could not be retrieved because an internalprocessing error occurred during the operation.


CFGMB0049E An internal error occurred whilechanging the values of the configurationstatus properties in the carsconfig.statusfile, which is located in theCARS_HOME/server/etc folder on thetarget system. The error message thatwas received is: target_exception

Explanation: The carsconfig.status file is located in theCARS_HOME/server/etc folder on the target systemand contains the properties that were initialize with thevalues that reflect the actual configuration status of various components of the Common Audit Service

server that are in place. The values might not have been updated correctly because a processing erroroccurred during the operation.

Administrator response: Check the WebSphereApplication Server log file (SystemOut.log) todetermine the cause of the error.





CFGMB0050E An internal error occurred whileretrieving the list of configurabledeployment target objects that arepresent in the connected WebSphereserver process. The error message thatwas received is: target_exception

Explanation: The list of configurable deploymenttarget objects was not retrieved successfully because aprocessing error occurred during the operation.


CFGMB0051W No configurable servers or clusterswere found in the target WebSphereApplication Server installation.

Explanation: This error occurs if a cluster has not beendefined in the target Deployment Manager cell on the

WebSphere Application Server Network Deploymentinstallation.

Administrator response: In the target DeploymentManager, define a cluster with at least one federatedcluster member, then try the operation again.

CFGMB0052E The current configuration status ofCommon Audit Service componentscannot be determined because aninternal error occurred while reading thevalues of the configuration properties inthe carsconfig.status file. The errormessage that was received is:

target_exception

Explanation: The values of the configurationproperties in the carsconfig.status file could not beretrieved because a processing error occurred duringthe operation.


CFGMB0053E An internal error occurred whileretrieving the list of enterprise

applications that are deployed in thetarget_scope WebSphere ApplicationServer deployment target. The errormessage that was received is:target_exception

Explanation: The list of enterprise applications couldnot be retrieved from the deployment target because aprocessing error occurred during the operation.

Administrator response: Try the operation again. If this error occurs again, check the WebSphereApplication Server log file (SystemOut.log) to


CFGMB0055E An internal error occurred whilequerying the target_scope WebSphereApplication Server deployment target todetermine if JDBC resources foraccessing the XML data store (database)

are present. The error message that wasreceived is: target_exception

Explanation: The query failed to determine if the JDBC resources are present in the WebSphereApplication Server deployment target because aprocessing error occurred during the operation.


CFGMB0056E The JDBC resources that are defined

in the target_object WebSphereApplication Server deployment targetcould not be used to connect to the XMLdata store (database). The error messagethat was received is: target_exception

Explanation: An error occurred while attempting toconnect to the database using the JDBC resources in thespecified WebSphere Application Server deploymenttarget.

Administrator response: Ensure that the JDBCprovider and data sources are created properly and thatthe target DB2 server containing the XML data store(database) is running. Restart the target WebSphere

Application Server to ensure that JNDI names of thedata sources are bound in the JNDI namespace. Try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)to determine the source of the error.

CFGMB0057W Enterprise applications that arerelated to Common Audit Service couldnot be started in the target_scopeWebSphere Application Serverdeployment target because theXmlStoreDS EJB application was notfound in the deployment target.

Explanation: The XmlStoreDS application was notfound on the deployment target. All enterpriseapplications that use the Common Audit Servicedepend on the XmlStoreDS application to store eventsin the XML data store (database).

Administrator response: Deploy the XmlStoreDSapplication in the specified WebSphere ApplicationServer deployment target, then try the operation again.

CFGMB0050E • CFGMB0057W




CFGMB0058W Enterprise applications that arerelated to Common Audit Service couldnot be started in the target_scopeWebSphere Application Serverdeployment target because the XMLdata store (database) does not exist.

Explanation: The XML data store was not found. Allenterprise applications that use the Common AuditService use the XML data store (database) to store auditevents.

Administrator response: Create the XML data store inthe target DB2 server, then try the operation again.

CFGMB0059E An internal error occurred whilereading the record of the last-createdXML data store (database) in theCARS_HOME/server/etc/ carsdb.properties file on the targetsystem. The error message that was

received is: target_exceptionExplanation: A processing error occurred whileattempting to read the record of the last-created XMLdata store (database) in the carsdb.properties file.


CFGMB0061E The Common Audit Service XMLdata store (database) cannot be createdbecause the DB2 instance profile path,inst_profile that is specified in the Audit

Database panel of the configurationconsole does not contain a valid locationon the target system. Enter a valid DB2instance profile path to create theCommon Audit Service XML data store.

Explanation: The DB2 instance profile path specifiedin the Audit Database panel of the configurationconsole must contain a valid location in the file systemof the target system where the MBean is running.

Administrator response: Specify a valid DB2 instanceprofile path, then try the operation again.

CFGMB0062E The specified XML data store,db_name , could not be deleted. Reviewthe log, log_file , to determine the causeof the failure.

Explanation: An error occurred while attempting todelete the specified database that is used as the XMLdata store.

Administrator response: Ensure that the target DB2server is running and that the target DB2 servercontains the specified database name. Also, make surethat the specified database is not active, then try the

operation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0063E The Common Audit Serviceconfiguration method, meth_name , failed

to execute because an invalid input_objectobject was passed as an input parameterto this method from the configurationconsole.

Explanation: The specified input parameter that waspassed to the specified method is not valid because theinput object or one or more of its members was null

Administrator response: Pass a valid input object tothe method and try again. If the problem persists, thencheck the WebSphere Application Server log file(SystemOut.log) or contact your system administrator

CFGMB0064E An internal error occurred whileupdating the value of thecars_server_prop property in theWAS_PROFILE_PATH/config/ibmcars/ ibmcarsserver.properties file. The errormessage that was received is:actual_exception.

Explanation: An attempt to update the specifiedproperty value in the ibmcarsserver.properties filefailed because a processing error occurred during theoperation.

Administrator response: Try the operation again. If this error occurs again, check the WebSphere

Application Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0065E The database named db_name is not avalid XML data store (database).

Explanation: The database specified for use as theXML data store cannot be used because it does notcontain the main XML schema tables, CEI_T_XML00and CEI_T_XML01.

Administrator response: Specify a valid databasename for the XML data store in the Audit Databasepanel, then try the operation again.

CFGMB0068E The Common Audit Service XMLdata store (database) cannot be createdbecause the instance profile pathinst_profile that is specified in the AuditDatabase panel of the configurationconsole does not contain a target systemlocation with a db2profile executablefile. Enter a valid DB2 instance profilepath to create the Common AuditService XML data store.

CFGMB0058W • CFGMB0068E




Explanation: The DB2 instance profile path that isspecified must contain a target system location with adb2profile executable file.

Administrator response: Specify a valid DB2 instanceprofile path, then try the operation again.

CFGMB0069E An error occurred while querying thetarget DB2 server to determine if theXML schema tables (CEI_T_XML*) arepresent in the target db_name database.The error message that was received is:target_exception

Explanation: The query failed to determine if the XMLschema tables are present in the target database

because an error occurred during the operation.

Administrator response: Ensure that the target DB2server is running and that the target DB2 servercontains the specified database name, then try theoperation again. If the problem persists, check the

WebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0070W Enterprise applications that arerelated to Common Audit Service couldnot be started in the target_scopeWebSphere Application Serverdeployment target because the JDBCconnector for the XML data store(database) does not exist.

Explanation: The JDBC connector for the XML datastore was not found. All enterprise applications that

use the Common Audit Service use the same JDBCconnector to connect to the XML data store.

Administrator response: Create the JDBC connectorfor the XML data store at the appropriate scope in thetarget WebSphere Application Server, then try theoperation again.

CFGMB0069E • CFGMB0070W




Notices

This information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in

other countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right may

be used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not give youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law :

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certaintransactions, therefore, this statement might not apply to you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.




IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreement

between us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurement may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy of

performance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject tochange before the products described become available.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment to




IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have not

been thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment toIBM for the purposes of developing, using, marketing, or distributing application

programs conforming to IBM's application programming interfaces.

Each copy or any portion of these sample programs or any derivative work, mustinclude a copyright notice as follows:

© (your company name) (year). Portions of this code are derived from IBM Corp.Sample Programs. © Copyright IBM Corp. _enter the year or years_. All rightsreserved.

If you are viewing this information in softcopy form, the photographs and colorillustrations might not be displayed.

Trademarks

IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the Web at "Copyright andtrademark information" at www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer and

Telecommunications Agency which is now part of the Office of GovernmentCommerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Officeof Government Commerce, and is registered in the U.S. Patent and TrademarkOffice.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Cell Broadband Engine and Cell/B.E. are trademarks of Sony ComputerEntertainment, Inc., in the United States, other countries, or both and is used underlicense therefrom.

Notices 301



Java and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.


isam error message reference

Documents