Question & Answer
Question
We are getting these error messages:
IST663I BIND FAIL REQUEST RECEIVED, SENSE=08480000
IST664I REAL OLU=olu_name REAL DLU=dlu_name
IST889I SID=sid
IST891I GENERATED FAILURE NOTIFICATION
IST893I ORIGINAL FAILING REQUEST IS BIND
IST314I END
Here is the VTAM security configuration:
Set the VTAM start option ENCRYPTN=CCA.
Specified ENCRTYPE=TDES24 and ENCR=REQD on the application major node.
The application seed key in the CKDS is defined as TYPE data.
ICSF installation/setup on both MVS images.
ICSF Master keys are defined to both systems.
CDRM Importer/exporter keys are set up on both systems, where the IMPORTER key on one system matches the EXPORTER on the OTHER system.
Answer
Sense code 08480000 indicates Cryptography function inoperative: The receiver of a request was not able to decipher the request because of a malfunction in its cryptography facility.
In VTAM session-level encryption, importer and exporter keys can be either single (8) or double (16) length. There is an importer-exporter key pair defined at each end of this bind. The importer key is used to encrypt the DATA
key and the exporter key is used to decrypt it at the other end. The customer creates the importer-exporter key pair, then passes the IMPORTER key to VTAM on the BIND. VTAM internally generates the triple length DATA key, using the Key Generate callable service.
In this particular situation, the session using VTAM session level encryption is an application-to-application session on the same host. The application major node is specifying ENCRTYPE=TDES24, indicating that VTAM is requested to generate a triple length (24-byte) DATA key for Triple DES.
But the Bind received by VTAM in this situation invalidly contains a DATA key, instead of an IMPORTER key. VTAM calls CRYPTO but CRYPTO is expecting an IMPORTER key instead of a DATA key. As a result, VTAM fails the session with sense code 08480000. The bind contains a DATA key because the application seed key in the CKDS was defined as type DATA.
To resolve this problem, change the application seed key in the CKDS from type DATA to type IMPORTER -
defaulting to length 8.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
11 September 2015
UID
dwa1213533