z/OSMF Connection failures EZD1287I TTLS Error RC: 8 Initial Handshake
search cancel

z/OSMF Connection failures EZD1287I TTLS Error RC: 8 Initial Handshake

book

Article ID: 240983

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Receiving the below errors while attempting to connect z/OSMF Resource monitoring (any of them) to DDS (Server Authentication). Client and Server certs and keyrings are in place.   Top Secret is the Security Product.

22116 08:38:17.60 STC05428 00000090  EZD1287I TTLS Error RC:    8 Initial Handshake 935
                       935 00000090    LOCAL: 10.2.4.159..32609
                       935 00000090    REMOTE: 10.2.4.159..8803
                       935 00000090    JOBNAME: IZUSVR1 RULE: DDSClientRule
                       935 00000090    USERID: IZUSVR GRPID: 00000025 ENVID: 00000030 CONNID: 0004834A
22116 08:38:17.61 STC05428 00000090  EZD1287I TTLS Error RC:  503 Initial Handshake 936
                       936 00000090    LOCAL: 10.2.4.159..8803
                       936 00000090    REMOTE: 10.2.4.159..32609
                       936 00000090    JOBNAME: RMFDDS01 RULE: gpm
                       936 00000090    USERID: GPMSERVE GRPID: 00000023 ENVID: 00000031 CONNID: 0004834B
22116 08:38:17.68 STC05428 00000090  EZD1287I TTLS Error RC:  541 Initial Handshake 937
                       937 00000090    LOCAL: 10.2.4.159..8803
                       937 00000090    REMOTE: 10.2.4.159..32611
                       937 00000090    JOBNAME: RMFDDS01 RULE: gpm
                       937 00000090    USERID: GPMSERVE GRPID: 00000023 ENVID: 00000031 CONNID: 00048350
22116 08:38:17.69 STC05428 00000090  EZD1287I TTLS Error RC:    8 Initial Handshake 938
                       938 00000090    LOCAL: 10.2.4.159..32611
                       938 00000090    REMOTE: 10.2.4.159..8803
                       938 00000090    JOBNAME: IZUSVR1 RULE: DDSClientRule
                       938 00000090    USERID: IZUSVR GRPID: 00000025 ENVID: 00000030 CONNID: 0004834F

 

 

Environment

Release : Top Secret 16.0

Component : TSSMVS

Resolution

The Client did not have the sever CA certificate on the client keyring to be able to authenticate.  
The below diagram shows what certificates are needed on the Client and Server side for Server Authentication:
https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=LyaxmG1YtwAhOiHw1S14ZA==