IBM Support

When starting PAGENT why is message EZZ8438I issued with policy type IPSEC?

Question & Answer


Question

The following messages are issued:

EZZ8432I PAGENT INITIALIZATION COMPLETE
EZZ8438I PAGENT POLICY DEFINITIONS CONTAIN ERRORS FOR image_name : IPSEC

Answer

The explanation can be determined by examining the PAGENT log file.

When starting the Policy Agent (PAGENT) as a started task, the output messages are written to the PAGENT log file, which can be specified by the PAGENT_LOG_FILE environment variable and defaults to /tmp/pagent.log.
If the PAGENT log shows the following messages, those messages indicate indicate that 3DES and AES_CBC encryption are not being supported:

OBJERR :005: process_IPSec_enum_att: HowToEncrypt 3Des not allowed on IpDataOffer because 3DES not enabled for image 'image_name'
OBJERR :005: process_IPSec_enum_att: HowToEncrypt AES_CBC not allowed on IpDataOffer because AES not enabled for image 'image_name'

The two IpDataOffer statements in the IPSEC policy file specify:

  • HowToEncrypt 3DES

  • HowToEncrypt AES_CBC

You need to install System SSL Security Level 3 (FMID JCPT3D1) on your system. System Security Level 3 supports 3DES and AES_CBC.

JCPT3D1 is a free and orderable feature.

For more information, see the manual z/OS Cryptographic Services System SSL Programming (SC24-5901-10)

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Document Information

Modified date:
11 January 2016

UID

dwa1186349