Since the JES2 documentation refers to a possible RACF violation, we recommend you set a SECTRACE for an AUTH call. There is likely a validation with LOG=NONE which would result in no SMF record for the ACFRPTRV report.
The SECTRACE operator command is as follows:
nn CAS...... SPECIFY RACROUTE PARAMETERS...
nn CAS......Continue SECTRACE SPECIFICATIONS...
This command will set a SECTRACE for AUTH calls. No CLASS is specified because it is unclear what the CLASS should be.
Set the SECTRACE before you test, then after you get the $HASP186 error, delete the SECTRACE using this operator command:
Run the ACFRPTST report using the SMF records generated during your test. You can use the ISPF panels to generate the report or use a batch job. The batch job only requires a few statements:
// EXEC PGM=ACFRPTST,PARM='DETAIL'
//SYSPRINT DD SYSOUT=*
//REC0001 DD DSN=SYS1.MAN1,DISP=SHR <--substitute the active SMF filename
The output report should contain a RACROUTE AUTH call with SFR/RFR codes of 8/8:0. This failed AUTH call is likely related to the $HASP186 message and the CLASS and ENTITY can be used to write an appropriate resource rule. A LOG keyword in the RACROUTE call specifying anything other than ASIS would explain why no SMF record was generated for the ACFRPTRV report.
Customers have reported that this can happen for the (JES2) resource classes WRITER and JESSPOOL. Note that the default internal SAFDEF records for these resource classes provided by CA ACF2 specify MODE=IGNORE for these validation requests.