I’m seeing the following error in my SSILOG once every minute. What does it mean and how do I resolve it?
NFSU81 TRACE NMI SUBTASK INIT FOR STACK TCPIP FAILED, RC: R15=00000000 CODE: 8 SUBCODE: 0
NFSU84 TRACE NMI AUTHORIZATION ERROR, EZBRCIFR FUNCTION: OPEN RETVAL: FFFFFFFF RETCODE: 0000006F RSNCODE: 786000DC
The Summary screen in the Netmaster region is likely showing IPSD0003 for Applications, TCP Server port, Remote Networks and IP Protocol.
NFSU8* messages are usually access problems with the SERVAUTH class resources.
The IPSD0003 messages are a result of the access issue.
The recommended method for collecting packets changed between 12.1 and 12.2.
In 12.1, maintenance was added to allow for the use of IBM's Trace NMI for collecting packets and a new parameter was added to the SSI parms, PATRACENMI.
By default, this parameter is set to NO.
In 12.2, The IBM Trace NMI packet capture capability was delivered as part of the base product, so the PATRACENMI parameter is set to YES by default.
Use of the IBM Trace NMI requires additional security definitions which are the same for both 12.1 and 12.2
If these are not defined, errors will appear in the SOLVESSI log as well as the IP Summary screen in the Netmaster region.
The presence of NFSU8n messages in the SOLVE SSI log indicates access problems to the SERVAUTH class resources EZB.TRCCTL.** and EZB.TRCSEC.** resources.
In order for the SOLVE SSI to make use of the IBM real-time application-controlled TCP/IP trace network management interface (Trace NMI), you must define new System Authorization Facility (SAF) profiles in the SERVAUTH class and authorize the user ID assigned to the SOLVE SSI address space to the profiles.
The user ID assigned to the SOLVE SSI address space must be permitted READ access to the following resources:
- 'sysname' specifies the MVS system name where the SOLVE SSI and TCP/IP stack are running.
- 'tcpname' specifies the TCP/IP stack name for which packet analysis is enabled.
If this has already been defined correctly, please check to ensure that the SERV- AUTH class is active.
If not, the command to activate this in RACF is
If the error condition persists long enough, it can result in excessive ESQA memory consumption with expansion into ECSA.
Fix RO97641 for 12.2 prevents more than 10 occurrences of the error so prevents storage problems but does not correct the underlying problem.
WORKAROUND: until security can be corrected, set PATRACENMI to NO in the SSIPARMS.
Additional Information can be found in the Install Guides under Preparing the IBM Communications Server -
If you are only seeing the IPSD0003 message, please review these additional documents for possible solutions: