Sunteți pe pagina 1din 892

IBM Tivoli Access Manager

Error Message Reference

Version 5.1

SC32-1353-00

IBM Tivoli Access Manager

Error Message Reference

Version 5.1

SC32-1353-00

Note: Before using this information and the product it supports, read the information in “Notices,”
Note: Before using this information and the product it supports, read the information in “Notices,”

Note:

Note: Before using this information and the product it supports, read the information in “Notices,” on

Before using this information and the product it supports, read the information in “Notices,” on page 813.

Before using this information and the product it supports, read the information in “Notices,” on page

First Edition (November 2003)

This edition applies to version 5, release 1, modification 0 of IBM Tivoli Access Manager (product number 5724-C08) and to all subsequent releases and modifications until otherwise indicated in new editions.

© Copyright International Business Machines Corporation 2002, 2003. All rights reserved. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents

Preface

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. v

Who should read this book

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. v

What this book contains

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. v

Publications .

. Release information .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. vi

. vi

Base information

Web security information

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. vii

. vii

Developer references .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. viii

Technical supplements

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. viii

Related publications .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. viii

Accessing publications online

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. xi

. Contacting software support

Accessibility .

. Conventions used in this book .

.

.

.

.

.

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. xii

. xii

. xii

. Operating system differences

Typeface conventions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. xii

. xii

Chapter 1. Overview

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1

Message format .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1

Message ID format . Message text format .

. Finding message information associated with a message number .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 4

3

Presentation of messages in this book .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 4

Chapter 2. Tivoli Access Manager Base Messages

 

7

Chapter 3. Tivoli Access Manager for e-business WebSEAL Messages

 

191

Chapter 4. Tivoli Access Manager for e-business Plug-in for Web Servers Messages

277

Chapter 5. Tivoli Access Manager for e-business Messages for IBM WebSphere

 

Application Server

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

383

Chapter 6. Tivoli Access Manager for e-business Messages for IBM WebSphere Edge

Server

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

399

Chapter 7. Tivoli Access Manager for e-business Messages for BEA WebLogic Server

445

Chapter 8. Tivoli Access Manager for Business Integration Messages

 

477

Chapter 9. Tivoli Access Manager for Operating Systems Messages

 

597

Chapter 10. IBM Global Security Kit return codes

 

803

General return codes

.

.

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 803

Key management return codes

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 807

Appendix. Notices .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 813

Trademarks .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 814

Index

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 817

Preface

IBM ® Tivoli ® Access Manager (Tivoli Access Manager) is the base software that is required to run applications in the IBM Tivoli Access Manager product suite. It enables the integration of IBM Tivoli Access Manager applications that provide a wide range of authorization and management solutions. Sold as an integrated solution, these products provide an access control management solution that centralizes network and application security policy for e-business applications.

Note: IBM Tivoli Access Manager is the new name of the previously released software entitled Tivoli SecureWay ® Policy Director. Also, for users familiar with the Tivoli SecureWay Policy Director software and documentation, the management server is now referred to as the policy server .

This reference provides a list of all the messages associated with the Tivoli Access Manager family of products, along with additional information, such as a detailed explanation of the message text. When a message indicates an error condition, possible recovery actions are provided.

Who should read this book

Readers should be familiar with the following:

v

PC and UNIX ® operating systems

v

Database architecture and concepts

v

Security management

v

Internet protocols, including HTTP, TCP/IP, File Transfer Protocol (FTP), and Telnet

v

The user registry that Tivoli Access Manager is configured to use

v

Lightweight Directory Access Protocol (LDAP) and directory services, if used by your user registry

v

Authentication and authorization

If you are enabling Secure Sockets Layer (SSL) communication, you also should be familiar with SSL protocol, key exchange (public and private), digital signatures, cryptographic algorithms, and certificate authorities.

What this book contains

This book contains the following chapters and appendixes:

v

Chapter 2, “Tivoli Access Manager Base Messages,” on page 7

This chapter describes the messages issued by the base components of IBM Tivoli Access Manager.

v

Chapter 3, “Tivoli Access Manager for e-business WebSEAL Messages,” on page

191

This chapter describes the messages issued by IBM Tivoli Access Manager WebSEAL.

v

Chapter 4, “Tivoli Access Manager for e-business Plug-in for Web Servers Messages,” on page 277

This chapter describes the messages issued by IBM Tivoli Access Manager Plug-in for Web Servers.

v

Chapter 5, “Tivoli Access Manager for e-business Messages for IBM WebSphere Application Server,” on page 383

This chapter describes the messages issued by IBM Tivoli Access Manager in support of IBM WebSphere Application Server.

v

Chapter 6, “Tivoli Access Manager for e-business Messages for IBM WebSphere Edge Server,” on page 399

This chapter describes the messages issued by IBM Tivoli Access Manager in support of IBM WebSphere Edge Server.

v

Chapter 7, “Tivoli Access Manager for e-business Messages for BEA WebLogic Server,” on page 445

This chapter describes the messages issued by IBM Tivoli Access Manager in support of BEA WebLogic Server.

v

Chapter 8, “Tivoli Access Manager for Business Integration Messages,” on page

477

This chapter describes the messages issued by IBM Tivoli Access Manager for Business Integration.

v

Chapter 9, “Tivoli Access Manager for Operating Systems Messages,” on page

597

This chapter describes the messages issued by IBM Tivoli Access Manager for Operating Systems.

v

Chapter 10, “IBM Global Security Kit return codes,” on page 803

This chapter lists the return codes returned by the IBM Global Security Toolkit (GSKit). These return codes appear in several messages.

v

“Notices,” on page 813

This appendix provides copyright, legal, and trademark information.

Publications

Review the descriptions of the Tivoli Access Manager library, the prerequisite publications, and the related publications to determine which publications you might find helpful. After you determine the publications you need, refer to the instructions for accessing publications online.

Additional information about the IBM Tivoli Access Manager for e-business product itself can be found at:

The Tivoli Access Manager library is organized into the following categories:

v

“Release information”

v

“Base information” on page vii

v

“Web security information” on page vii

v

“Developer references” on page viii

v

“Technical supplements” on page viii

Release information

v

IBM Tivoli Access Manager for e-business Read This First (GI11-4155-00)

Provides information for installing and getting started using Tivoli Access Manager.

v

IBM Tivoli Access Manager for e-business Release Notes (GI11-4156-00)

Provides late-breaking information, such as software limitations, workarounds, and documentation updates.

Base information

v

IBM Tivoli Access Manager Base Installation Guide (SC32-1362-00)

Explains how to install and configure the Tivoli Access Manager base software, including the Web Portal Manager interface. This book is a subset of IBM Tivoli Access Manager for e-business Web Security Installation Guide and is intended for use with other Tivoli Access Manager products, such as IBM Tivoli Access Manager for Business Integration and IBM Tivoli Access Manager for Operating Systems.

v

IBM Tivoli Access Manager Base Administration Guide (SC32-1360-00)

Describes the concepts and procedures for using Tivoli Access Manager services. Provides instructions for performing tasks from the Web Portal Manager interface and by using the pdadmin command.

Web security information

v

IBM Tivoli Access Manager for e-business Web Security Installation Guide

(SC32-1361-00)

Provides installation, configuration, and removal instructions for the Tivoli Access Manager base software as well as the Web Security components. This book is a superset of IBM Tivoli Access Manager Base Installation Guide .

v

IBM Tivoli Access Manager Upgrade Guide (SC32-1369-00)

Explains how to upgrade from Tivoli SecureWay Policy Director Version 3.8 or previous versions of Tivoli Access Manager to Tivoli Access Manager Version

5.1.

v

IBM Tivoli Access Manager for e-business WebSEAL Administration Guide

(SC32-1359-00)

Provides background material, administrative procedures, and technical reference information for using WebSEAL to manage the resources of your secure Web domain.

v

IBM Tivoli Access Manager for e-business IBM WebSphere Application Server Integration Guide (SC32-1368-00)

Provides installation, removal, and administration instructions for integrating Tivoli Access Manager with IBM WebSphere ® Application Server.

v

IBM Tivoli Access Manager for e-business IBM WebSphere Edge Server Integration Guide (SC32-1367-00)

Provides installation, removal, and administration instructions for integrating Tivoli Access Manager with the IBM WebSphere Edge Server application.

v

IBM Tivoli Access Manager for e-business Plug-in for Web Servers Integration Guide

(SC32-1365-00)

Provides installation instructions, administration procedures, and technical reference information for securing your Web domain using the plug-in for Web servers.

v

IBM Tivoli Access Manager for e-business BEA WebLogic Server Integration Guide

(SC32-1366-00)

Provides installation, removal, and administration instructions for integrating Tivoli Access Manager with BEA WebLogic Server.

v

IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager Provisioning Fast Start Guide (SC32-1364-00)

Provides an overview of the tasks related to integrating Tivoli Access Manager and Tivoli Identity Manager and explains how to use and install the Provisioning Fast Start collection.

Developer references

v

IBM Tivoli Access Manager for e-business Authorization C API Developer Reference

(SC32-1355-00)

Provides reference material that describes how to use the Tivoli Access Manager authorization C API and the Tivoli Access Manager service plug-in interface to add Tivoli Access Manager security to applications.

v

IBM Tivoli Access Manager for e-business Authorization Java Classes Developer Reference (SC32-1350-00)

Provides reference information for using the Java language implementation of the authorization API to enable an application to use Tivoli Access Manager security.

v

IBM Tivoli Access Manager for e-business Administration C API Developer Reference

(SC32-1357-00)

Provides reference information about using the administration API to enable an application to perform Tivoli Access Manager administration tasks. This document describes the C implementation of the administration API.

v

IBM Tivoli Access Manager for e-business Administration Java Classes Developer Reference (SC32-1356-00)

Provides reference information for using the Java language implementation of the administration API to enable an application to perform Tivoli Access Manager administration tasks.

v

IBM Tivoli Access Manager for e-business Web Security Developer Reference

(SC32-1358-00)

Provides administration and programming information for the cross-domain authentication service (CDAS), the cross-domain mapping framework (CDMF), and the password strength module.

Technical supplements

v

IBM Tivoli Access Manager for e-business Command Reference (SC32-1354-00)

Provides information about the command line utilities and scripts provided with Tivoli Access Manager.

v

IBM Tivoli Access Manager Error Message Reference (SC32-1353-00)

Provides explanations and recommended actions for the messages produced by Tivoli Access Manager.

v

IBM Tivoli Access Manager for e-business Problem Determination Guide

(SC32-1352-00)

Provides problem determination information for Tivoli Access Manager.

v

IBM Tivoli Access Manager for e-business Performance Tuning Guide (SC32-1351-00)

Provides performance tuning information for an environment consisting of Tivoli Access Manager with the IBM Tivoli Directory server as the user registry.

Related publications

This section lists publications related to the Tivoli Access Manager library.

The Tivoli Software Library provides a variety of Tivoli publications such as white papers, datasheets, demonstrations, redbooks, and announcement letters. The Tivoli

Software Library is available on the Web at:

The Tivoli Software Glossary includes definitions for many of the technical terms related to Tivoli software. The Tivoli Software Glossary is available, in English only, from the Glossary link on the left side of the Tivoli Software Library Web page http://www.ibm.com/software/tivoli/library/

IBM Global Security Kit

Tivoli Access Manager provides data encryption through the use of the IBM Global Security Kit (GSKit) Version 7.0. GSKit is included on the IBM Tivoli Access Manager Base CD for your particular platform, as well as on the IBM Tivoli Access Manager Web Security CDs, the IBM Tivoli Access Manager Web Administration Interfaces CDs, and the IBM Tivoli Access Manager Directory Server CDs.

The GSKit package provides the iKeyman key management utility, gsk7ikm , which is used to create key databases, public-private key pairs, and certificate requests. The following document is available on the Tivoli Information Center Web site in the same section as the IBM Tivoli Access Manager product documentation:

v IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide

(SC32-1363-00)

Provides information for network or system security administrators who plan to enable SSL communication in their Tivoli Access Manager environment.

IBM Tivoli Directory Server

IBM Tivoli Directory Server, Version 5.2, is included on the IBM Tivoli Access Manager Directory Server CD for the desired operating system.

Note: IBM Tivoli Directory Server is the new name for the previously released software known as:

v

IBM Directory Server (Version 4.1 and Version 5.1)

v

IBM SecureWay Directory Server (Version 3.2.2)

IBM Directory Server Version 4.1, IBM Directory Server Version 5.1, and IBM Tivoli Directory Server Version 5.2 are all supported by IBM Tivoli Access Manager Version 5.1.

Additional information about IBM Tivoli Directory Server can be found at:

IBM DB2 Universal Database

IBM DB2 ® Universal Database Enterprise Server Edition, Version 8.1 is provided on the IBM Tivoli Access Manager Directory Server CD and is installed with the IBM Tivoli Directory Server software. DB2 is required when using IBM Tivoli Directory Server, z/OS , or OS/390 ® LDAP servers as the user registry for Tivoli Access Manager.

Additional information about DB2 can be found at:

IBM WebSphere Application Server

IBM WebSphere Application Server, Advanced Single Server Edition 5.0, is included on the IBM Tivoli Access Manager Web Administration Interfaces CD for the desired operating system. WebSphere Application Server enables the support of

both the Web Portal Manager interface, which is used to administer Tivoli Access Manager, and the Web Administration Tool, which is used to administer IBM Tivoli Directory Server. IBM WebSphere Application Server Fix Pack 2 is also required by Tivoli Access Manager and is provided on the IBM Tivoli Access Manager WebSphere Fix Pack CD.

Additional information about IBM WebSphere Application Server can be found at:

IBM Tivoli Access Manager for Business Integration

IBM Tivoli Access Manager for Business Integration, available as a separately orderable product, provides a security solution for IBM MQSeries ® , Version 5.2, and IBM WebSphere ® MQ for Version 5.3 messages. IBM Tivoli Access Manager for Business Integration allows WebSphere MQSeries applications to send data with privacy and integrity by using keys associated with sending and receiving applications. Like WebSEAL and IBM Tivoli Access Manager for Operating Systems, IBM Tivoli Access Manager for Business Integration, is one of the resource managers that use the services of IBM Tivoli Access Manager.

Additional information about IBM Tivoli Access Manager for Business Integration can be found at:

The following documents associated with IBM Tivoli Access Manager for Business Integration Version 5.1 are available on the Tivoli Information Center Web site:

v

IBM Tivoli Access Manager for Business Integration Administration Guide

(SC23-4831-01)

v

IBM Tivoli Access Manager for Business Integration Problem Determination Guide

(GC23-1328-00)

v

IBM Tivoli Access Manager for Business Integration Release Notes (GI11-0957-01)

v

IBM Tivoli Access Manager for Business Integration Read This First (GI11-4202-00)

IBM Tivoli Access Manager for WebSphere Business Integration Brokers

IBM Tivoli Access Manager for WebSphere Business Integration Brokers, available as part of IBM Tivoli Access Manager for Business Integration, provides a security solution for WebSphere Business Integration Message Broker, Version 5.0 and WebSphere Business Integration Event Broker, Version 5.0. IBM Tivoli Access Manager for WebSphere Business Integration Brokers operates in conjunction with Tivoli Access Manager to secure JMS publish/subscribe applications by providing password and credentials-based authentication, centrally-defined authorization, and auditing services.

Additional information about IBM Tivoli Access Manager for WebSphere Integration Brokers can be found at:

The following documents associated with IBM Tivoli Access Manager for WebSphere Integration Brokers, Version 5.1 are available on the Tivoli Information Center Web site:

v IBM Tivoli Access Manager for WebSphere Business Integration Brokers Administration Guide (SC32-1347-00)

v

IBM Tivoli Access Manager for WebSphere Business Integration Brokers Release Notes

(GI11-4154-00)

v IBM Tivoli Access Manager for Business Integration Read This First (GI11-4202-00)

IBM Tivoli Access Manager for Operating Systems

IBM Tivoli Access Manager for Operating Systems, available as a separately orderable product, provides a layer of authorization policy enforcement on UNIX systems in addition to that provided by the native operating system. IBM Tivoli Access Manager for Operating Systems, like WebSEAL and IBM Tivoli Access Manager for Business Integration, is one of the resource managers that use the services of IBM Tivoli Access Manager.

Additional information about IBM Tivoli Access Manager for Operating Systems can be found at:

The following documents associated with IBM Tivoli Access Manager for Operating Systems Version 5.1 are available on the Tivoli Information Center Web site:

v

IBM Tivoli Access Manager for Operating Systems Installation Guide (SC23-4829-00)

v

IBM Tivoli Access Manager for Operating Systems Administration Guide

(SC23-4827-00)

v

IBM Tivoli Access Manager for Operating Systems Problem Determination Guide

(SC23-4828-00)

v

IBM Tivoli Access Manager for Operating Systems Release Notes (GI11-0951-00)

v

IBM Tivoli Access Manager for Operating Systems Read Me First (GI11-0949-00)

IBM Tivoli Identity Manager

IBM Tivoli Identity Manager Version 4.5, available as a separately orderable product, enables you to centrally manage users (such as user IDs and passwords) and provisioning (that is providing or revoking access to applications, resources, or operating systems.) Tivoli Identity Manager can be integrated with Tivoli Access Manager through the use of the Tivoli Access Manager Agent. Contact your IBM account representative for more information about purchasing the Agent.

Additional information about IBM Tivoli Identity Manager can be found at:

Accessing publications online

The publications for this product are available online in Portable Document Format (PDF) or Hypertext Markup Language (HTML) format, or both in the Tivoli software library: http://www.ibm.com/software/tivoli/library

To locate product publications in the library, click the Product manuals link on the left side of the library page. Then, locate and click the name of the product on the Tivoli software information center page.

Product publications include release notes, installation guides, user’s guides, administrator’s guides, and developer’s references.

Note: To ensure proper printing of PDF publications, select the Fit to page check box in the Adobe Acrobat Print window (which is available when you click File Print ).

Accessibility

Accessibility features help a user who has a physical disability, such as restricted mobility or limited vision, to use software products successfully. With this product, you can use assistive technologies to hear and navigate the interface. You also can use the keyboard instead of the mouse to operate all features of the graphical user interface.

Contacting software support

Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support site by clicking the Tivoli support link at the following Web site: http://www.ibm.com/software/support/

If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web site:

The guide provides the following information:

v

Registration and eligibility requirements for receiving support

v

Telephone numbers, depending on the country in which you are located

v

A list of information you should gather before contacting customer support

Conventions used in this book

This reference uses several conventions for special terms and actions and for operating system-dependent commands and paths.

Typeface conventions

The following typeface conventions are used in this reference:

Bold Lowercase commands or mixed case commands that are difficult to distinguish from surrounding text, keywords, parameters, options, names of Java classes, and objects are in bold .

Italic Variables, titles of publications, and special words or phrases that are emphasized are in italic .

Monospace Code examples, command lines, screen output, file and directory names that are difficult to distinguish from surrounding text, system messages, text that the user must type, and values for arguments or command options are in monospace .

Operating system differences

This book uses the UNIX convention for specifying environment variables and for directory notation. When using the Windows command line, replace $variable with %variable% for environment variables and replace each forward slash (/) with a backslash (\) in directory paths. If you are using the bash shell on a Windows system, you can use the UNIX conventions.

Chapter 1. Overview

This reference provides a list of all the messages associated with the IBM Tivoli Access Manager family of products along with the return codes from the IBM Global Security Kit (GSKit). These messages and codes are presented in the following groups:

v

Chapter 2, “Tivoli Access Manager Base Messages,” on page 7

v

Chapter 3, “Tivoli Access Manager for e-business WebSEAL Messages,” on page

191

v

Chapter 4, “Tivoli Access Manager for e-business Plug-in for Web Servers Messages,” on page 277

v

Chapter 5, “Tivoli Access Manager for e-business Messages for IBM WebSphere Application Server,” on page 383

v

Chapter 6, “Tivoli Access Manager for e-business Messages for IBM WebSphere Edge Server,” on page 399

v

Chapter 7, “Tivoli Access Manager for e-business Messages for BEA WebLogic Server,” on page 445

v

Chapter 8, “Tivoli Access Manager for Business Integration Messages,” on page

477

v

Chapter 9, “Tivoli Access Manager for Operating Systems Messages,” on page

597

v

Chapter 10, “IBM Global Security Kit return codes,” on page 803

Messages can be located in this book by using the index. Messages are indexed by message identifier as well as by hexadecimal and decimal message numbers.

Message format

A displayed or printed message can appear by itself or with other information,

such as a time stamp. A message consists of a message identifier (ID) and message

text. A message number is also associated with a message. A message number is a unique 32-bit decimal or hexadecimal value that some commands and APIs return

to indicate that an operation was not successful.

Message ID format

A message ID consists of 10 alphanumeric characters that uniquely identify the

message. The message ID is composed of:

v

a 3-character product identifier

v

a 2-character component or subsystem identifier

v

a 4-digit serial number

v

a 1-character type code indicating the severity of the message

Figure 1 on page 2 shows the format of a message ID.

Figure 1. Format of a message ID Some valid message IDs are: DRQDD0111I AOSBJ1289E HPDRG0150E

Figure 1. Format of a message ID

Some valid message IDs are:

DRQDD0111I

AOSBJ1289E

HPDRG0150E

DPWAD0372W

AWXWS0046E

AWLSP0005E

Product identifiers

Messages associated with Tivoli Access Manager start with one of the product identifiers shown in Table 1.

Table 1. Product identifiers in messages

Product component prefix

Product or component

AMZ

Plug-in for Web Servers

AOS

Tivoli Access Manager for Operating Systems

AWD

Plug-in for IBM WebSphere Edge Server

AWL

BEA WebLogic Server integration

AWX

WebSphere Application Server integration

DPW

WebSEAL

DRQ

Tivoli Access Manager for Business Integration

HPD

Base and Web Portal Manager

Severity

The severity is indicated by the last character in the message ID.

Code

Severity

I

Informational

Provides information or feedback about normal events that occur.

HPDBI0236I To complete the installation and configuration, the system must be restarted. AOSAU0213I PDOSAUDITD successfully shutdown DRQDD0111I Port file already exists (%s, %d)

W

Warning

Indicates that potentially undesirable conditions have occurred, but processing can continue.

HPDMG1093W No more entries are in the list. AOSCF0020W The file %s did not exist. Unable to change attributes. DRQDM1515W The message sender %s does not have the permission to put the message on queue %s.

E

Error

Indicates that a problem has occurred that requires intervention or correction before processing can continue.

HPDAC0180E The Tivoli Access Manager authorization server could not be started (0x%8.8lx). AOSCF1349E The drvconfig command failed. DRQDM1201E Default queue manager name could not be found.

Message text format

The message text provides information on the error or condition that occurred. The message text might contain variable information. The variable information is represented by the following character strings that represent the type of value being substituted into the message text:

%s

Indicates a character string. This is used for user and group names, host names, and any other readable character data.

%d

Indicates a decimal number.

%i

Indicates an integer.

%ld

Indicates a decimal number obtained from a long integer.

%x

Indicates a hexadecimal number.

%lx

Indicates a hexadecimal number obtained from a long integer.

%8.8lx Indicates an 8-character hexadecimal number obtained from a long integer. If the number is less than eight characters in length, leading zeroes are added to make an 8-character value.

Some messages in this book show variable text using different notations. One notation specifies the variable text using a value in italics . Another notation specifies variable text using a number enclosed in braces, such as {1} .

Finding message information associated with a message number

Messages can be located in this book by using the index. Messages are indexed by message identifier as well as by hexadecimal and decimal message numbers.

In addition, the message number associated with a message can be used as input to the pdadmin command line interface to display the associated message text. The command syntax is as follows:

pdadmin

errtext message_number

where message_number is the number of the message. The number can be entered either as decimal or hexadecimal.

Some examples of the pdadmin command are shown in Figure 2.

examples of the pdadmin command are shown in Figure 2. Figure 2. Examples of the pdadmin

Figure 2. Examples of the pdadmin errtext command

Presentation of messages in this book

The following list describes the different parts of the message explanations in this book.

Explanation Describes the meaning of the message, including why the message was issued. Might describe what system actions were taken as a result of the message.

Action

Provides information on how to correct the problem.

Name Name of the constant used internally to produce the message. Provided for use by IBM customer support personnel.

Number A number that uniquely identifies the message. This 32-bit value is provided in both hexadecimal and decimal. Some commands and APIs return this number to indicate what error occurred during processing.

Severity The severity of the message.

Component Optional information further identifying the source of the error for IBM customer support personnel.

Messages in this book are shown in the following way.

HPDDB0610I Replica is at current level. No update is needed.

Explanation: A policy replication operation has determined that the local policy database is current.

Action: No action is required.

Name: ivdmd_s_replica_already_current

Number:

Severity: Notice

Component: idb / ivdmd_s_db

0x13279262 (321360482)

HPDDB0611E Invalid database specified for replication.

Explanation: The policy server is unable to provide replication services.

Action: Restart the policy server. If this problem persists, contact your IBM service representative.

Name: ivdmd_s_invalid_db_handle

Number:

Severity: Error

Component: idb / ivdmd_s_db

0x13279263 (321360483)

HPDDB0612E Replica database version is incompatible and will be replaced.

Explanation: The application has detected an incompatible version of the policy database. The database is replaced automatically.

Action: No action is required.

Name: ivdmd_s_db_downlevel

Number:

Severity: Error

Component: idb / ivdmd_s_db

0x13279264 (321360484)

Chapter 2. Tivoli Access Manager Base Messages

This chapter describes the messages provided by the Tivoli Access Manager Base.

HPDAC0153E Could not build ACL with the supplied ACL entries.

Explanation: An ACL entry failed the validity check. The Tivoli Access Manager policy server’s error log file will contain an error status message indicating the reason for the failure.

Action: Review the Tivoli Access Manager policy server’s error log to determine the reason that the ACL failed the validity check.

Name: ivacl_s_cant_build_acl

Number:

Severity: Error

Component: acl / ivacl_s_general

0x1005b099 (268808345)

HPDAC0178E Could not obtain local host name.

Explanation: The system library call to get the local host name failed.

Action: Ensure that the machine has a valid hostname.

Name: ivacl_s_hostname_failure

Number:

Severity: Error

Component: acl / ivacl_s_general

0x1005b0b2 (268808370)

HPDAC0179E Unexpected exception caught.

Explanation: An unexpected exception was caught while registering an azn administration service with the Tivoli Access Manager policy server.

Action: Ensure that the Tivoli Access Manager policy server is running and that the client and server versions are compatible with each other.

Name: ivacl_s_unexpected_exception

Number:

Severity: Error

Component: acl / ivacl_s_general

0x1005b0b3 (268808371)

HPDAC0180E The Tivoli Access Manager authorization server could not be started

(0x%8.8lx).

Explanation: The Tivoli Access Manager authorization server encountered an error during initialization.

Action: See the accompanying status code, which gives more information about the failure.

Name: ivacl_s_could_not_start

Number:

Severity: Fatal

Component: acl / ivacl_s_general

0x1005b0b4 (268808372)

HPDAC0450E There is no root ACL in the authorization policy database.

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the resource manager’s policy database, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_no_root_acl

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1c2 (268808642)

HPDAC0451E A protected object should have only one attached ACL (%s).

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the resource manager’s policy database, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_attached_acl

Number: 0x1005b1c3 (268808643)

Severity: Error

Component: acl / ivacl_s_acldb

HPDAC0452E An ACL that is attached to a protected object cannot be found in the policy database (%s,%s).

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the resource manager’s policy database, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_missing_acl

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1c4 (268808644)

HPDAC0453E Authorization policy database version is incompatible with the server version (%ld,%ld) and will be automatically replaced.

Explanation: The authorization client application has detected an incompatible version of the policy database. The database is replaced automatically.

Action: No action is required.

Name: ivacl_s_incompatible_db

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1c5 (268808645)

HPDAC0454E Could not initialize the authorization policy database (0x%8.8lx).

Explanation: An error occurred while attempting to access the authorization policy database. The authorization engine client was not initialized correctly.

Action: See the accompanying status code, which gives more information about failure.

Name: ivacl_s_authzn_db_init

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1c6 (268808646)

HPDAC0455E The authorization policy database has not been initialized.

Explanation: An error occurred during application initialization and the authorization policy database was not initialized correctly.

Action: Review the Tivoli Access Manager base error log and look for error messages during initialization that might account for problems with the authorization policy database.

Name: ivacl_s_authzn_db_not_found

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1c7 (268808647)

HPDAC0456E The ACL name specified was not found in the authorization policy database.

Explanation: See message.

Action: Review the ACL name and ensure that the name is a valid ACL name and that it matches an ACL that exists in the authorization policy database.

Name: ivacl_s_acl_not_found

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1c8 (268808648)

HPDAC0457E The protected object name is invalid.

Explanation: The protected object name is invalid. The name must begin with the ’/’ character. The name cannot contain carriage return or line-feed characters and it cannot contain two ’/’ characters in sequence.

Action: Review the protected object name and ensure that it adheres to the restrictions outlined in the message explanation.

Name: ivacl_s_invalid_pobj_name

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1c9 (268808649)

HPDAC0458E The protected object name specified was not found in the authorization policy database.

Explanation: See message.

Action: Review the protected object name and ensure that the name is a valid protected object name and that it matches an object that exists in the authorization policy database.

Name: ivacl_s_pobj_not_found

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1ca (268808650)

HPDAC0459E The protected object space specified was not found in the authorization policy database.

Explanation: See message.

Action: Review the protected object space name and ensure that the name is a valid protected object space name and that it matches an object space that exists in the authorization policy database.

Name: ivacl_s_pobjspace_not_found

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1cb (268808651)

HPDAC0460E The protected object space specified already exists in the authorization policy database.

Explanation: See message.

Action: Each protected object space name must be unique so choose a different name for the new protected object space.

Name: ivacl_s_pobjspace_already_exists

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1cc (268808652)

HPDAC0461E The extended attribute specified was not found.

Explanation: See message.

Action: Review the extended attributes on the target object and ensure that the extended attribute requested actually exists in the extended attribute list for this object.

Name: ivacl_s_extattr_not_found

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1cd (268808653)

HPDAC0462E The extended attribute name specified is invalid.

Explanation: See message.

Action: Review the extended attribute name to ensure that it is valid.

Name: ivacl_s_invalid_extattr_name

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1ce (268808654)

HPDAC0463E Extended attributes were not found attached to the specified protected object or authorization policy object.

Explanation: See message.

Action: Attach extended attributes to the specified object if you want to perform extended attribute operations on the object.

Name: ivacl_s_extattrs_not_found

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1cf (268808655)

HPDAC0464E A POP that is attached to a protected object cannot be found in the policy database (%s,%s).

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the resource manager’s policy database, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_missing_pop

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d0 (268808656)

HPDAC0465E A new action group could not be created because the count of action groups has reached the maximum permitted.

Explanation: See message.

Action: If you want to create another action group, then you must first reduce the count of defined action groups. Review the list of defined action groups and remove those that are no longer required.

Name: ivacl_s_no_available_action_groups

Number: 0x1005b1d1 (268808657)

Severity: Error

Component: acl / ivacl_s_acldb

HPDAC0466E A new action could not be created because the count of actions has reached the maximum permitted.

Explanation: See message.

Action: Before creating another action you must first reduce the count of defined actions. Review the list of defined actions and remove those that are no longer required.

Name: ivacl_s_no_available_actions

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d2 (268808658)

HPDAC0467E Unable to create the new action because the bitmask supplied is invalid.

Explanation: The bitmask must have only one of bits 0 to 31 set to be a valid action bitmask. Having multiple bits set or no bits at all is invalid.

Action: Review the specified action bitmask to ensure that at least one and only one action bit is set in the mask.

Name: ivacl_s_bad_action_bitmap

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d3 (268808659)

HPDAC0468E Unable to create new action group because an action group exists with the same name.

Explanation: See message.

Action: You must choose a unique name for the new action group.

Name: ivacl_s_duplicate_action_group_ name

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d4 (268808660)

HPDAC0469E Unable to locate an action group with the name supplied.

Explanation: See message.

Action: Review the action group name specified and ensure that it is a valid action group name and that the group exists.

Name: ivacl_s_action_group_name_not_ found

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d5 (268808661)

HPDAC0470E Unable to create the new action because an action exists with the same name.

Explanation: See message.

Action: You must choose a unique action name for the new action.

Name: ivacl_s_duplicate_action_name

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d6 (268808662)

HPDAC0471E Action name contains invalid characters or too many characters.

Explanation: The action name specified is invalid. The name must not be NULL and can contain only one character from the set [a-zA-Z].

Action: Review the action name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrator’s Guide.

Name: ivacl_s_invalid_action_name

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d7 (268808663)

HPDAC0472E Action group name contains invalid characters.

Explanation: The action group name specified is invalid. The name must not be NULL and can contain only characters from the set [a-zA-Z0-9 +-_:].

Action: Review the action group name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrator’s Guide.

Name: ivacl_s_invalid_action_group_name

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d8 (268808664)

HPDAC0473E The primary action group cannot be deleted.

Explanation: See message.

Action: No action is required.

Name: ivacl_s_cant_delete_primary_group

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1d9 (268808665)

HPDAC0474E A protected object should have only one rule attached (%s).

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the resource manager’s policy database, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_attached_rule

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1da (268808666)

HPDAC0475E A rule that is attached to a protected object cannot be found in the policy database (%s,%s).

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the resource manager’s policy database, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_missing_rule

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1db (268808667)

HPDAC0476E A protected object should have only one POP attached (%s).

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization

server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the policy database of the resource manager, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_attached_pop

Number:

Severity: Error

Component: acl / ivacl_s_acldb

0x1005b1dc (268808668)

HPDAC0750E Invalid ACL name.

Explanation: The ACL name received was invalid. The ACL name contained illegal characters or was NULL.

Action: Review the ACL name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrator’s Guide.

Name: ivacl_s_invalid_acl_name

Number:

Severity: Error

Component: acl / ivacl_s_mgmt

0x1005b2ee (268808942)

HPDAC0751E Invalid protected object name.

Explanation: The protected object name received was invalid. The protected object name contained illegal characters or was NULL.

Action: Review the protected object name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrator’s Guide.

Name: ivacl_s_invalid_object_name

Number:

Severity: Error

Component: acl / ivacl_s_mgmt

0x1005b2ef (268808943)

HPDAC0752E The requested object was not found.

Explanation: See message.

Action: Review the object name and ensure that it is valid and that it actually exists.

Name: ivacl_s_object_not_found

Number:

Severity: Error

Component: acl / ivacl_s_mgmt

0x1005b2f0 (268808944)

HPDAC0753E The ACL action specified could not be mapped.

Explanation: There is no mapping for this ACL action in the policy database.

Action: Review the ACL name and ensure that it is valid and refers to an existing ACL action in the policy database.

Name: ivacl_s_unknown_action

Number:

Severity: Error

Component: acl / ivacl_s_mgmt

0x1005b2f1 (268808945)

HPDAC0754E Privacy or data integrity quality of protection cannot be specified in the unauthenticated entry.

Explanation: Quality of protection cannot be enforced by the authorization client runtime for unauthenticated users.

Action: No action is required.

Name: ivacl_s_cant_have_unauth_qop

Number:

Severity: Error

Component: acl / ivacl_s_mgmt

0x1005b2f2 (268808946)

HPDAC0755E The ACL has an unauthenticated entry but there is no any-other entry. The any-other entry must be at least as permissive as unauthenticated.

Explanation: See message.

Action: Add an any-other entry to the ACL with permissions at least equal to those of the unauthenticated user.

Name: ivacl_s_missing_any_other_entry

Number:

Severity: Error

Component: acl / ivacl_s_mgmt

0x1005b2f3 (268808947)

HPDAC0756E The any-other entry is missing actions from the unauthenticated entry. The any-other entry must be at least as permissive as unauthenticated.

Explanation: See message.

Action: Ensure that the permissions in the ACL for the any-other entry are at least equal to