z/OSMF Connection failures EZD1287I TTLS Error RC: 8 Initial Handshake
Article ID: 240983
Updated On:
Products
Issue/Introduction
Receiving the below errors while attempting to connect z/OSMF Resource monitoring (any of them) to DDS (Server Authentication). Client and Server certs and keyrings are in place. Top Secret is the Security Product.
22116 08:38:17.60 STC05428 00000090 EZD1287I TTLS Error RC: 8 Initial Handshake 935
935 00000090 LOCAL: 10.2.4.159..32609
935 00000090 REMOTE: 10.2.4.159..8803
935 00000090 JOBNAME: IZUSVR1 RULE: DDSClientRule
935 00000090 USERID: IZUSVR GRPID: 00000025 ENVID: 00000030 CONNID: 0004834A
22116 08:38:17.61 STC05428 00000090 EZD1287I TTLS Error RC: 503 Initial Handshake 936
936 00000090 LOCAL: 10.2.4.159..8803
936 00000090 REMOTE: 10.2.4.159..32609
936 00000090 JOBNAME: RMFDDS01 RULE: gpm
936 00000090 USERID: GPMSERVE GRPID: 00000023 ENVID: 00000031 CONNID: 0004834B
22116 08:38:17.68 STC05428 00000090 EZD1287I TTLS Error RC: 541 Initial Handshake 937
937 00000090 LOCAL: 10.2.4.159..8803
937 00000090 REMOTE: 10.2.4.159..32611
937 00000090 JOBNAME: RMFDDS01 RULE: gpm
937 00000090 USERID: GPMSERVE GRPID: 00000023 ENVID: 00000031 CONNID: 00048350
22116 08:38:17.69 STC05428 00000090 EZD1287I TTLS Error RC: 8 Initial Handshake 938
938 00000090 LOCAL: 10.2.4.159..32611
938 00000090 REMOTE: 10.2.4.159..8803
938 00000090 JOBNAME: IZUSVR1 RULE: DDSClientRule
938 00000090 USERID: IZUSVR GRPID: 00000025 ENVID: 00000030 CONNID: 0004834F
Environment
Release : Top Secret 16.0
Component : TSSMVS
Resolution
The Client did not have the sever CA certificate on the client keyring to be able to authenticate.
The below diagram shows what certificates are needed on the Client and Server side for Server Authentication:
Feedback
