friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajacmmessages.htm

339 lines
19 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Common VPN Connection Manager error messages" />
<meta name="abstract" content="Describes of some of the more common VPN Connection Manager error messages you may encounter." />
<meta name="description" content="Describes of some of the more common VPN Connection Manager error messages you may encounter." />
<meta name="DC.Relation" scheme="URI" content="rzajajoblogs.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajaviewatt.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajacmmessages" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Common VPN Connection Manager error messages</title>
</head>
<body id="rzajacmmessages"><a name="rzajacmmessages"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Common VPN Connection Manager error messages</h1>
<div><p>Describes of some of the more common VPN Connection Manager error
messages you may encounter.</p>
<p>In general, the VPN Connection Manager logs two messages in the QTOVMAN
job log when an error occurs with a VPN connection. The first message provides
details regarding the error. You can view information about these errors in <span class="keyword">iSeries™ Navigator</span> by right-clicking the connection
in error and selecting <span class="uicontrol">Error Information</span>.</p>
<p>The second message describes the action you were attempting to perform
on the connection when the error occurred. For example, starting or stopping
it. Messages TCP8601, TCP8602, and TCP860A, described below, are typical examples
of these second messages.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="void" border="0" rules="none"><thead align="left"><tr><th colspan="3" valign="top" id="d0e34">VPN Connection Manager error messages</th>
</tr>
<tr><th valign="top" id="d0e37">Message</th>
<th valign="top" id="d0e39">Cause</th>
<th valign="top" id="d0e41">Recovery</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e34 d0e37 ">TCP8601 Could not start VPN connection [<em>connection name</em>]</td>
<td valign="top" headers="d0e34 d0e39 ">Could not start this VPN connection due to one of these reason codes: <em>0</em> -
A previous message in the job log with the same VPN connection name has more
detailed information. <em>1</em> - VPN policy configuration. <em>2</em> - Communications
network failure. <em>3</em> - VPN Key Manager failed to negotiate a new security
association. <em>4</em> - The remote endpoint for this connection is not configured
properly. <em>5</em> - VPN Key Manager failed to respond to VPN Connection Manager. <em>6</em> -
IP Security Component VPN connection load failure. <em>7</em> - PPP Component
failure.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages.</li>
<li>Correct the errors and try the request again.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to view
the connection status. Connections that could not start will be in error state.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8602 Error occurred stopping VPN connection [<em>connection name</em>]</td>
<td valign="top" headers="d0e34 d0e39 ">The specified VPN connection was requested to be stopped, however,
it did not stop or stopped in error due to Reason Code: <em>0</em> - A previous
message in the job log with the same VPN connection name has more detailed
information. <em>1</em> - The VPN connection does not exist. <em>2</em> - Internal
communications failure with VPN Key Manager. <em>3</em> - Internal communications
failure with IPSec component. <em>4</em> - Communication failure with VPN connection
remote endpoint.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages.</li>
<li>Correct the errors and try the request again.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to view
the connection status. Connections that could not start will be in error state.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8604 Start of VPN connection [<em>connection name</em>] failed</td>
<td valign="top" headers="d0e34 d0e39 ">A start of this VPN connection failed due to one of these reason codes: <em>1</em> -
Could not translate the remote host name to an IP address. <em>2</em> - Could
not translate the local host name to an IP address. <em>3</em> - VPN policy
filter rule associated with this VPN connection is not loaded. <em>4</em> -
A user-specified key value is not valid for its associated algorithm. <em>5</em> -
The initiation value for the VP connection does not allow the specified action. <em>6</em> -
A system role for the VPN connection is inconsistent with information from
the connection group. <em>7</em> - Reserved. <em>8</em> - Data endpoints (local
and remote addresses and services) of this VPN connection are inconsistent
with information from the connection group. <em>9</em> - Identifier type not
valid.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages.</li>
<li>Correct the errors and try the request again.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to check
or correct the VPN policy configuration. Ensure that the dynamic-key group
associated with this connection has acceptable values configured.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8605 VPN Connection Manager could not communicate with VPN Key Manager</td>
<td valign="top" headers="d0e34 d0e39 ">The VPN Connection Manager requires the services of the VPN Key Manager
to establish security associations for dynamic VPN connections. The VPN Connection
Manager could not communicate with the VPN Key Manager.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages.</li>
<li>Verify the *LOOPBACK interface is active by using the NETSTAT OPTION(*IFC)
command.</li>
<li>End the VPN server by using the ENDTCPSVR SERVER(*VPN) command. Then restart
the VPN server by using the STRTCPSRV SERVER(*VPN) command.<div class="note"><span class="notetitle">Note:</span> This causes
all current VPN connections to end.</div>
</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">&nbsp;</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8606 The VPN Key Manager could not establish the requested security
association for connection, [ <em>connection name</em>]</td>
<td valign="top" headers="d0e34 d0e39 ">The VPN Key Manager could not establish the requested security association
due to one of these reason codes: <em>24</em> - VPN Key Manager key connection
authentication failed. <em>8300</em> - Failure occurred during VPN Key Manager
key connection negotiations. <em>8306</em> - No local preshared key found. <em>8307</em> -
No remote IKE phase 1 policy found. <em>8308</em> - No remote preshared key
found. <em>8327</em> - VPN Key Manager key connection negotiations timed out. <em>8400</em> -
Failure occurred during VPN Key Manager VPN connection negotiations. <em>8407</em> -
No remote IKE phase 2 policy found. <em>8408</em> - VPN Key Manager VPN connection
negotiations timed out. <em>8500 or 8509</em> - VPN Key Manager network error
has occurred.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages.</li>
<li>Correct the errors and try the request again.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to check
or correct the VPN policy configuration. Ensure that the dynamic-key group
associated with this connection has acceptable values configured.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8608 VPN connection, [<em>connection name</em>], could not obtain
a NAT address</td>
<td valign="top" headers="d0e34 d0e39 ">This dynamic-key group or data connection specified that network address
translation (NAT) be done on one or more addresses, and that failed due to
one of these likely reason codes: <em>1</em> - Address to apply NAT to is not
a single IP address. <em>2</em> - All available addresses have been used.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages.</li>
<li>Correct the errors and try the request again.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to check
or correct the VPN policy. Ensure that the dynamic-key group associated with
this connection has acceptable values for addresses configured.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8620 Local connection endpoint not available</td>
<td valign="top" headers="d0e34 d0e39 ">Could not enable this VPN connections because the local connection
endpoint was not available.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Make sure the local connection endpoint is defined and started by using
the NETSTAT OPTION(*IFC) command.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8621 Local data endpoint to available</td>
<td valign="top" headers="d0e34 d0e39 ">Could not enable this VPN connection because the local data endpoint
was not available.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Make sure the local connection endpoint is defined and started by using
the NETSTAT OPTION(*IFC) command.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8622 Transport encapsulation not permitted with a gateway</td>
<td valign="top" headers="d0e34 d0e39 ">Could not enable this VPN connection because the negotiated policy
specified transport encapsulation mode and this connection is defined as a
security gateway.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to change
the VPN policy associated with this VPN connection.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8623 VPN connection overlaps with an existing one</td>
<td valign="top" headers="d0e34 d0e39 ">Could not enable this VPN connection because an existing VPN connection
is already enabled. This connection has a local data endpoint of, [<em>local
data endpoint value</em>] and a remote data endpoint of, [<em>remote data endpoint
value</em>].</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to view
all enabled connections that have local data endpoints and remote data endpoints
overlapping the connection. Change the policy of the existing connection if
both connections are required.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8624 VPN connection not within scope of associated policy filter
rule</td>
<td valign="top" headers="d0e34 d0e39 ">Could not enable this VPN connection because the data endpoints are
not within the defined policy filter rule.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to display
the data endpoint restrictions for this connection or dynamic-key group. If <span class="uicontrol">Subset
of policy filter</span> or <span class="uicontrol">Customize to match policy filter</span> is
selected, then check the data endpoints of the connection. These must fit
within the active filter rule that has an IPSEC action and a VPN connection
name associated with this connection. Change the existing connection's policy
or the filter rule to enable this connection.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8625 VPN connection failed an ESP algorithm check</td>
<td valign="top" headers="d0e34 d0e39 ">Could not enable this VPN connection because the secret key associated
with the connection was insufficient.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to display
the policy associated with this connection and enter a different secret key.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8626 VPN connection endpoint is not the same as the data endpoint</td>
<td valign="top" headers="d0e34 d0e39 ">Could not enable this VPN connection because the policy specifies that
it is a host, and the VPN connection endpoint is not the same as the data
endpoint.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to display
the data endpoint restrictions for this connection or dynamic-key group. If <span class="uicontrol">Subset
of policy filter</span> or <span class="uicontrol">Customize to match policy filter</span> is
selected, then check the data endpoints of the connection. These must fit
within the active filter rule that has an IPSEC action and a VPN connection
name associated with this connection. Change the existing connection's policy
or the filter rule to enable this connection.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8628 Policy filter rule not loaded</td>
<td valign="top" headers="d0e34 d0e39 ">The policy filter rule for this connection is not active.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to display
the active policy filters. Check the policy filter rule for this connection.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP8629 IP packet dropped for VPN connection</td>
<td valign="top" headers="d0e34 d0e39 ">This VPN connection has VPN NAT configured and the required set of
NAT addresses has exceeded the available NAT addresses.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Use <span class="keyword">iSeries Navigator</span> to increase
the number of NAT addresses assigned for this VPN connection.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 "> </td>
<td valign="top" headers="d0e34 d0e39 "> </td>
<td valign="top" headers="d0e34 d0e41 "> </td>
</tr>
<tr><td valign="top" headers="d0e34 d0e37 ">TCP862A PPP connection failed to start</td>
<td valign="top" headers="d0e34 d0e39 ">This VPN connection was associated with a PPP profile. When it was
started, an attempt was made to start the PPP profile, but a failure occurred.</td>
<td valign="top" headers="d0e34 d0e41 "> <ol><li>Check the job logs for additional messages pertaining to this connection.</li>
<li>Check the job log associated with the PPP connection.</li>
<li>Correct any errors and try the request again.</li>
</ol>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajajoblogs.htm" title="Describes the various job logs that VPN uses.">Troubleshoot VPN with the VPN job logs</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzajaviewatt.htm" title="Complete this task to check the status and other attributes of your active connections.">View the attributes of active connections</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink