Re: Need help with FTP error
- From: chrismason@xxxxxxxxxxxx (Chris Mason)
- Date: 4 Apr 2007 12:03:38 -0700
Hal
Have you followed the Google trail? If so, what were your results?
I just have. The only reference to the character string "Internal error reported by remote partner" associated with the code 438 is in a manual "Websphere MQ for z/OS Messages and Codes, Version 6.0", GC34-6602-00.
Following up on the suggestion to check "Cryptographic Services SSL Programming", eventually discovering that "Cryptographic Services" "SL Programming" sort-of worked and led to "z/OS V1R8.0 Cryptographic Services System SSL Programming", SC24-5901-05, I found the following :
<quote>
438
Internal error reported by remote partner.
Explanation: The peer application has detected an internal error while performing an SSL operation and has sent an alert to close the secure connection.
User response: Check the error log for the remote application to determine the nature of the processing error.
</quote>
Did you do this and, if so, what did it tell you?
Which product is producing the code FC0702 in a message? The code "FC0702" appears neither in "Websphere MQ for z/OS Messages and Codes, Version 6.0" nor "WebSphere MQ Messages", GC34-6601-00, - or my ability to manipulate the way this online manual is presented is deficient - very likely, in fact.
Then I tried raw "Googling on "FC0702". Imagine my feelings of having entered a time warp - or "wormhole" - when I discovered the following query from a certain "Hal Merritt", sent "Tuesday, October 10, 2006 4:54 PM" to newsgroup "bit.listserv.ibm-main":
<quote>
Subject: z/os FTP messages
Anyone tell me what FM I might find FC0702? The complete text is:
FC0702 authServer: secure_socket_init failed with rc = 8 (Certificate validation error)
I know some cert is invalid. But how do I find out which one, why is it invalid, and how do I make it valid?
z/os.e 1.4.
</quote>
Then I checked the rest of the thread and found the following:
<quote>
Re: z/os FTP messages
Hal Merritt
Thu, 12 Oct 2006 16:30:17 -0700
With all of your kind assistance on and off list, I think I finally cracked the nut. Note: I use the FTP server below, but all also applies to the TN3270 server.
The root problem was my scenario of using my own self signed CA to sign user certs. This worked, but only within one 'plex. That is, I can FTP from one host in a 'plex to another. For quite a while, that was my only way to test and learn. Silly me, I thought those test results would apply to other situations.
I found that self signed CA's are treated as 'invalid' when FTP'ing from *any* other host even when the CA was imported as trusted.
When I regenned the personal certs as self signed, the intra 'plex FTP stopped working, but FTP from other hosts stated working because they have options to accept such or to prompt for permission.
Complicating matters is some RACF panels don't work (the cert delete function, for example) and the FTP server sometimes won't pick up cert changes even when the server is stopped/started.
Another complication was RACDCERT was a little inconsistent. The scenario:
1. Add four certs via batch job. One for each server on each LPAR.
2. Delete these four certs.
3. Add same four certs.
The second add worked for one server/LPAR, but failed for the second pair because of duplication. The content of each cert was identical except for owner, CN (host name), and label. Why this worked the first time and failed the second probably can be explained by a missed REFRESH step. But still a bit frustrating.
I figured out how to make both servers use a common cert.
I suppose I ought to open some PMR's with IBM, but I simply don't have time: I have two processor upgrades and 12 LPAR's to upgrade from 1.4 to 1.7 before Thanksgiving.
The PMR's I should open:
1. RACF panels don't work.
2. Bouncing servers to pick up trivial changes is stupid. OK for PC's but not for the MF. Simple refresh functions are the way to go.
3. Trace instructions that actually work.
4. Inconsistent RACDCERT behavior.
Again, thanks to all.
</quote>
As a result of this earlier experience - including offline responses, indicating yet again how inappropriate offline responses can be when the benefit of archiving is taken into account, did you at least discover which product was responsible for code FC0702?
Chris Mason
----- Original Message ----- From: "Hal Merritt" <HMerritt@xxxxxxxxxxxx>
Newsgroups: bit.listserv.ibm-main
To: <IBM-MAIN@xxxxxxxxxxx>
Sent: Wednesday, April 04, 2007 5:33 PM
Subject: Need help with FTP error
Trying to get secure FTP running, getting
FC0702 authServer: secure_socket_init failed with rc = 438 (Internal
error reported by remote partner)
Any clues?
Thanks.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
.
- References:
- Need help with FTP error
- From: Hal Merritt
- Need help with FTP error
- Prev by Date: Re: IBM to the PCM market(the sky is falling!!!the sky is falling!!)
- Next by Date: RE: IBM to the PCM market(the sky is falling!!!the sky is falling!!)
- Previous by thread: RE: Need help with FTP error
- Next by thread: ADR793E -PDSE indicators in the VTOC and VVDS do not match
- Index(es):
Relevant Pages
|
|
