AT-TLS transfer fails with message BPXF024I RC=6 with XCOM for z/OS
Article ID: 207570
Updated On:
Products
Issue/Introduction
An AT-TLS TYPE=EXECUTE transfer fails with the following message in the output, receiving server xcomlog, and system log:
Transfer fails with messages:
XCOMM0785I STARTING TCP/IP CONNECTION TO PORT=10103, IP=
XCOMM0786I TCP/IP CONNECTION ESTABLISHED WITH DEST=**NONE**, PORT=10103,
XCOMM0402I REQUEST NUMBER 002000 ASSIGNED TO TRANSFER REQUEST
XCOMM1467E OMVS Error: EDC5140I Broken pipe. (errno2=0x77F37242)
XCOMM0780E Txpi 215: Socket send error return value = 140
XCOMM0783E FLUSH REQUEST ENDED DUE TO TCP/IP ERROR
Receiving Server:
Transfer failed with messages:
XCOMM1467E OMVS Error: EDC8124I Socket not connected. (errno2=0x749B0000)
XCOMM0780E Txpi 234: Error 1124 from getpeername; length : 28 IP=
XCOMM0666E TxpiInitConnection FAILED - UNKNOWN PARTNER - TERMINATING CONNECTION
XCOMM0805I TCP/IP CONNECTION ENDED WITH IP=
System log:
#002000 XCOM3BP XCOMM0785I STARTING TCP/IP CONNECTION TO PORT=10103, IP=
BPXF024I (BPXOINIT) Jan 29 18:54:05 system TTLS 17104957 : 13:54:05
TCPIP31 EZD1286I TTLS Error GRPID: 00000001 ENVID: 0000002A CONNID:
006568AF LOCAL: ipaddr ..56687 REMOTE: ipaddr..10103
JOBNAME: XCOM3BP USERID: xxxxxxx RULE: XCOM-Client 18 RC: 6
Initial Handshake 0000000000000000 0000005179200050 0000000000000000
XCOMM1467E OMVS Error: EDC8124I Socket not connected. (errno2=0x749B0000)
XCOMM0780E Txpi 234: Error 1124 from getpeername; length : 28 IP=
XCOMM0666E TxpiInitConnection FAILED - UNKNOWN PARTNER - TERMINATING CONNECTION
XCOMM0805I TCP/IP CONNECTION ENDED WITH IP=
#002000 XCOM3BP XCOMM0786I TCP/IP CONNECTION ESTABLISHED WITH DEST=**NONE**, PORT=10103, IP=
#002000 XCOM3BP XCOMM0402I REQUEST NUMBER 002000 ASSIGNED TO TRANSFER REQUEST
#002000 XCOM3BP XCOMM1467E OMVS Error: EDC5140I Broken pipe. (errno2=0x77F37242)
#002000 XCOM3BP XCOMM0780E Txpi 215: Socket send error return value = 140
#002000 XCOM3BP XCOMM0783E FLUSH REQUEST ENDED DUE TO TCP/IP ERROR
Environment
Release : 12.0
Component : CA XCOM Data Transport for z/OS
Cause
Based on the message and RC received, the problem was related to the Cert Label of the SSL certificate. In this case the actual SSL client and server certificate cert labels in the System SSL database being used by the XCOM task didn't matched the AT-TLS rules.
Resolution
Review the Cert Label of the SSL certificates being used and make the appropriate changes to the AT-TLS rules or to the actual SSL certificate.
Depending on the setup it may be possible to change the Cert Labels of the certificates in the IBM System SSL database using the IBM gskkyman utility. Speak and review this with the Systems Programmer and Security Admin before making changes.
Additional Information
The meaning of the message:
BPXF024I (BPXOINIT) Jan 29 18:54:05 system TTLS 17104957 : 13:54:05
TCPIP31 EZD1286I TTLS Error GRPID: 00000001 ENVID: 0000002A CONNID:
006568AF LOCAL: ipaddr..56687 REMOTE: ipaddr..10103
JOBNAME: XCOM3BP USERID: xxxxxxx RULE: XCOM-Client 18 RC: 6
Initial Handshake 0000000000000000 0000005179200050 0000000000000000
Here is the link where the RC was found:
6 Key label is not found.
Explanation
The requested key label is not found in the key database, Start of changePKCS #12 fileEnd of change, SAF key ring, or z/OS® PKCS #11 token. Start of changeWhen using a PKCS #12 file, this error can also occur when the file is being processed during the establishment of the SSL/TLS environment when a certificate is encountered where there is no friendly name PKCS #12 attribute and the certificate's subject distinguished name is empty.
User response
Specify a label that exists in the key database, Start of changePKCS #12 fileEnd of change, SAF key ring, or z/OS PKCS #11 token. Start of changeIf encountered when establishing a SSL/TLS environment using a PKCS #12 file, verify any certificate that has no subject distinguished name is assigned a PKCS #12 friendly name attribute.
Feedback
