No factor Wide Data

Document ID : KB000098252
Last Modified Date : 31/05/2018
Show Technical Document Details
Issue:
We’ve successfully installed and tested IBM MFA on one LPAR in a sysplex sharing an ACF2 database with other systems.

When attempting to start the MFA STC AZFMFA on another LPAR we get the following error: AZF2411S STC Settings could not be loaded from RACF.

When we attempt to run the EXEC to define the STC we're getting an error message NO Factor Wide Data:
AZFM106 Either the factor is not defined to RACF or you do not have permission to access it.

Explanation:
The associated factor profile in the MFADEF class must be defined and take the name FACTOR.Factor-name.
The profile IRR.RFACTOR.MFADEF.Factor-name must be defined in the FACILITY class and you must have appropriate access to this profile for the operation you are trying to perform.

User Response: Contact your security administrator.
 
Environment:
ACF2 + MFA
Resolution:
Since Masked SYSID is broken, you can either default to the sysid of the LPAR by not specifying any sysid, or apply test fix that will correct the error.(ST01634 - Allow masking of SYSID for Factor Records.)

Verify you are observing the following in AZF#IN00 started task joblog:

.. AZF2109I Authenticator initialized : entry 0xA1690A0, name AZFRADP1 (strong) ..
...  ( the 0xA1690A0 part might be different at your site)

If the Profile records are new, do F ACF2,REBUILD(USR),C(P)
And for the factor records: ........ F ACF2,REFRESH(FAC),T(FAC)

Also, make sure the Logonid/s is/are not in the MFABYPASS rule.

Deleting records with SYSID(*****) should resolve the problem. If both, lpar specific and **** are present, delete the **** record.