2063 (080F) (RC2063): MQRC_SECURITY_ERROR

Explanation

• On z/OS, there are two possible reasons for this:
  • An MQCONN or MQCONNX call was issued to connect to the queue manager using the BINDINGS transport from a JMS application running inside a WebSphere Application Server, or WebSphere Liberty Profile environment, passing in a username or password, or both, that were longer than 8 characters.
  • The security error was returned by the External Security Manager.

• If we are using Advanced Message Security (AMS), this could be a set up issue.

  An MQ API call was issued while AMS was enabled, but the call failed because a security error occurred during AMS processing.

  An MQOPEN call might fail if a valid certificate does not exist, for example.

  An MQGET call might fail due to certificates or policies being configured incorrectly, for example. For a failing MQGET call, messages might be delivered to the SYSTEM.PROTECTION.ERROR.QUEUE.

• If we are using connection authentication with an LDAP server, this could be as a result of connectivity failure to the LDAP server, or an error from the LDAP server.

Completion code

MQCC_FAILED

Programmer response

• If we are using Advanced Message Security, you should check the queue manager error logs.
• On z/OS, ensure that both the username and password specified, when connecting to the queue manager, have a maximum length of 8 characters. Ask the system programmer or security administrator to:
  • Check the queue manager and AMS job logs for additional messages
  • Verify that certificates are valid and have been correctly configured
  • Confirm that policies are valid and also correctly configured
  • Check for any messages on the SYSTEM.PROTECTION.ERROR.QUEUE.

• On IBM i, the FFST log will contain the error information.
• If we are using LDAP, use DISPLAY QMSTATUS to check the status of the connection to the LDAP server, and check the queue manager error logs for any error messages.

Parent topic: API reason codes