ACF2 ACFRPTOM report unexpected R_admin 8/16:4 Failed - ESM request failed

book

Article ID: 140891

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

An internal customer noticed the following entry from an ACFRPTOM report that occurs several times. What does this error message mean and why it is failing?

    SERVICE      USERID    GROUP        UID         GID    SAF     RC    RSN  
      DATE          TIME    JOBNAME   SOURCE   SYSID   CPU   SECLABEL         
R_admin          USER002  TESTGRP          N/A         N/A   8     16      4 
11/26/19  19.330   13.57.12 LDAPR151          SYS8     SYS8                  
Failed - ESM request failed  

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS, CA LDAP Server

Resolution

Sites can find out what the invalid ACF2 sub-command was by turning on the LDAP Server debug, re-creating the LDAP call and then browsing the stderr file in the LDAP Server installation directory.

Note that an application makes a LDAP call to the LDAP server and the LDAP Server backend will make R_Admin calls. Depending on the LDAP call the LDAP Server may generate multiple R_Admin calls to fulfill the application's LDAP request, and some of these calls may fail but behind the scenes the overall application's LDAP request completes successfully. For example if an application requests a list of all logonids in the ACF2 database the LDAP Server backend will issue multiple R_Admin 'LIST LIKE(A-)' to 'LIST LIKE(Z-)' commands rather than a single 'LIST LIKE(-) to avoid too much data being returned from a single call. In doing so some of these 'LIST LIKE(A-)' commands may fail with a 'ACF02010 RECORD(S) NOT FOUND' message which will equate to the R_Admin 8/16:4 entries in the ACFRPTOM report. The ACF02010 message will appear in the stderr file when debug is active.

The LDAP Server debug can be turned on and off dynamically using console modify commands.

To turn debug on:                                                            
F LDAP,APPL=SET,DEBUG,ANY     

To turn it off:                                     
F LDAP,APPL=SET,DEBUG,0

The following table list the possible debug values that can be set.

 

Text

Hex Value

Decimal Value

Type of Traced Information

 

0

                     0

OFF/None

ANY

-1

 

All levels of tracing

TRACE

0x00000001

1

Entrance/Exit to functions

PACKETS

0x00000002

2

Packet dumps

ARGS

0x00000004

4

Arguments to routines

CONNS

0x00000008

8

Connection information

BER

0x00000010

16

BER structures

FILTER

0x00000020

32

Filter information

CONFIG

0x00000040

64

Configuration; including dynamic schema information

ACL

0x00000080

128

Access control list

STATS

0x00000100

256

Timings

STATS2

0x00000200

512

Cipher Suites; Conversions

PARSE

0x00000800

2048

LDIF and attribute/Entry parsing

CACHE

0x00001000

4096

Caching

SYNC

0x00004000

16384

Log commands sent to the ESM and the return code

ENTRY

0x00010000

65536

Debug statements from within add_entry_value()

CS

0x00020000

131072

Debugging dealing with callable services

BUFS

0x00040000

262144

Buffer and cache maintenance

MUTEX

0x00080000

524288

mutex lock/unlock/init/delete

DB2

0x00100000

1048576

Interface to DB2/CMGR DB2 interface

POLICY

0x00200000

2097152

Interface to SQLITE/CMGR Policy File interface

CALLBACK

0x00400000

4194304

Interface to SQLITE Callback tracing