How to resolve CA XCOM error message XCOMM0780E Txpi 319: IRRSDL00 USERID=<XXXXXX > KEYRING=<KEYRINGY> SAF_RC=8 RACF_RC=8 RACF_RSN=84

book

Article ID: 18149

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - z/OS

Issue/Introduction

Some users get this error message trying to send an SSL transfer. Others are successful. Why?


 XCOMM0780E Txpi 319: IRRSDL00 USERID=<B48479 > KEYRING=<KEYRINGY> SAF_RC=8 RACF_RC=8 RACF_RSN=84     
 XCOMM0093E ERROR ACTIVATING SESSION - SESSION NOT ESTABLISHED 
 XCOMM0812I SECURE TCP/IP REMOTE CONNECTION REQUESTED FROM IP=10.200.300.45
 XCOMM0780E Txpi 308: TxpiInitSSL Failed msg = <error:1408F10B:SSLroutines:SSL3_GET_RECORD:wrong version number> value = 429496
 XCOMM0818I SECURE TCP/IP CONNECTION ENDED WITH IP=10.200.300.45
 XCOMM0780E Txpi 227: Socket received 0 bytes: partner closed socket. Last error 0
 XCOMM0818I SECURE TCP/IP CONNECTION ENDED WITH IP=10.200.300.45

Cause

Most probably the specified keyring is NOT defined for the user.

Environment

Release: CA XCOM Data Transport for z/OS
Component: XCMVS

Resolution

These error messages are passed back from the RACF callable service R_datalib (IRRSDL00) which is invoked to retrieve the SSL certificates from the RACF database.

SAF RC 08, RACF RC 08, RACF RSN 84 means that the userid/keyring combination specified in the message cannot be found in the RACF database.

You can use the RACF command RACDCERT LISTRING(*) ID(userid) to list all the keyrings defined for a specific user. Most probably the specified keyring is NOT defined for the user.

You can use the RACDCERT command to define the keyrings and add the certificates to the keyrings so that XCOM can retrieve them.