How to resolve CA XCOM error message XCOMM0780E Txpi 319: IRRSDL00 USERID=<XXXXXX > KEYRING=<KEYRINGY> SAF_RC=8 RACF_RC=8 RACF_RSN=84

Document ID : KB000018149
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Some users get this error message trying to send an SSL transfer. Others are successful. Why?


 XCOMM0780E Txpi 319: IRRSDL00 USERID=<B48479 > KEYRING=<KEYRINGY> SAF_RC=8 RACF_RC=8 RACF_RSN=84     
 XCOMM0093E ERROR ACTIVATING SESSION - SESSION NOT ESTABLISHED 
 XCOMM0812I SECURE TCP/IP REMOTE CONNECTION REQUESTED FROM IP=10.200.300.45
 XCOMM0780E Txpi 308: TxpiInitSSL Failed msg = <error:1408F10B:SSLroutines:SSL3_GET_RECORD:wrong version number> value = 429496
 XCOMM0818I SECURE TCP/IP CONNECTION ENDED WITH IP=10.200.300.45
 XCOMM0780E Txpi 227: Socket received 0 bytes: partner closed socket. Last error 0
 XCOMM0818I SECURE TCP/IP CONNECTION ENDED WITH IP=10.200.300.45

Solution:

These error messages are passed back from the RACF callable service R_datalib (IRRSDL00) which is invoked to retrieve the SSL certificates from the RACF database.

SAF RC 08, RACF RC 08, RACF RSN 84 means that the userid/keyring combination specified in the message cannot be found in the RACF database.

You can use the RACF command RACDCERT LISTRING(*) ID(userid) to list all the keyrings defined for a specific user. Most probably the specified keyring is NOT defined for the user.

You can use the RACDCERT command to define the keyrings and add the certificates to the keyrings so that XCOM can retrieve them.