Diagnostic Messages 2001 - 2434

Number Diagnostic Text Meaning Action

2001

No variables defined

The Defined Variables Editor found no user-defined variables upon saving the contents of the Defined Variables page.

Make sure the user-defined variables are defined before saving.

2002

System variable <variable name> should not be defined

The Defined Variables Editor does not allow the defining of a Privilege Management specific variable as a user-defined variable.

Remove the defined variable from the defined variables list.

2003

List variable <variable name> contains a number in position #

List variables cannot contain numbers.

Remove the number from the list or convert it to a string literal.

2004

No Conditional Expression Generated!

The Privilege Management W5 Editor failed to generate a conditional expression based on the given constraints, if any.

Check all of the constraints and try again.

2005

Failed to process constraints from policy IF statement

The Privilege Management W5 Editor failed to process a policy IF statement.

Contact BeyondTrust Support.

2006.1

Error saving file: <error message>

ThePrivilege Management Policy Editor encountered an error while saving the policy file. The OS specific reason for the error follows.

Take the appropriate action indicated by the OS specific error.

2006.2

Error saving file: <error message>

ThePrivilege Management Policy Editor encountered an error while saving the policy file. The OS specific reason for the error follows.

Take the appropriate action indicated by the OS specific error.

2006.3

Error saving file: <error message>

ThePrivilege Management Policy Editor encountered an error while saving the policy file. The OS specific reason for the error follows.

Take the appropriate action indicated by the OS specific error.

2007.1

Error saving backup file: <error message>

ThePrivilege Management Policy Editor failed to make a backup of the policy file. The OS specific reason for the error follows.

Take the appropriate action indicated by the OS specific error.

2007.2

Error saving backup file: <error message>

ThePrivilege Management Policy Editor failed to make a backup of the policy file. The OS specific reason for the error follows.

Take the appropriate action indicated by the OS specific error.

2008

Timeout Reached

The Privilege Management Policy Editor has timed-out. The Policy Editor has been idle for too long.

Close the Policy Editor when not in use.

2009

Authentication Required to access requested page.

User credentials are insufficient to access the requested page.

Enter a valid username and password that has sufficient access to the requested page. Note that you may have to close the browser and open it again to clear the password cache.

2010

Security Problem - please contact your systems administrator.

The Privilege Management GUI encountered an error while trying to authenticate.

Contact BeyondTrust Support.

2011

Only Basic Authentication Supported

The Privilege Management GUI only understands basic authentication from a web browser.

Check if the browser supports basic authentication.

2012

Username and Password must be supplied.

A username and password were not entered in the User Authentication Dialog box provided by the web browser.

Enter a value username and password.

2013

Failed to Authenticate username and password.

The Privilege Management GUI was unable to authenticate the supplied username and password.

Contact BeyondTrust Support.

2014.01

Check the Policy Server and run host name service configuration (/etc/hosts, DNS, NIS, etc).

This could also be an attempt to spoof a Policy Server from an unauthorized machine.

Policy server name <name> not valid for address <ip address>

The name claimed by the policy server does not match the address of the connection on the run host.

2014.02

Check the submit and Policy Server name service configuration (/etc/hosts, DNS, NIS, etc). This could also be an attempt to spoof a submit host from an unauthorized machine.

Submit host name <name> not valid for address <ip address>

The name claimed by the submit host does not match the address of the connection on the policy server.

2015

Unable to connect to call back server

PBGUID received a request from the console, but was unable to connect to the defined callback URL

Check the call back URL, and accessibility from pbguid host/port to psmc host/port.

2016

Certificate doesn't verify

SSL certificate did not verify the host - single sign on.

Check certificate is valid and matches host

2017

Common name doesn't match host name

SSL cert common name did not match the host name.

 

2018

Can't read certificate file

 

Verify the file exists, or check the permissions.

2019

Unable to get CA file

 

Verify the file is accessible.

2020

Can't read CA list

The file cannot be read

 

2021

Incomplete Write

PBGUID was unable to send the request to the console via SSL.

 

2022

SSL write problem

PBGUID was unable to send the request to the console via SSL.

 

2023

SSL error: premature close

The console closed the connection ahead of time

Check the console.

2024

SSL read problem

A response could not be read from the SSL channel.

 

2025

Shutdown failed

Failed to shutdown the SSL channel.

 

2026

Unable to get CERT file

Unable to access the CERT file.

Check the settings file entry.

2027

SSL connect error

SSL connect error

Check the return codes.

2050

Could not allocate enough memory to process BeyondInsight response.

A realloc operation failed.

If this occurs often, increase the amount of swap space on the machine.

2051

BeyondInsight returned an error <detailed error message>

The BeyondInsight event service rejected the data that Privilege Management for Unix and Linux sent.

Refer to the accompanying BeyondInsight error message for additional information.

2052

libcurl error: Could not enable verification of the peer certificate's authenticity <detailed error message>

An error occurred while invoking a libcurl command.

Refer to the accompanying error message for additional information.

2053

BeyondInsight CA certificate is missing or not valid.

sslrcscafile does not exist in the settings file or has an empty or invalid value.

Add a valid BeyondInsight CA certificate and assign to the sslrcscafile keyword in the settings file.

2054

libcurl error: Problem with the BeyondInsight Certificate Authority (CA) certificate <detailed error message>

An error occurred while invoking a libcurl command to assign the CA certificate.

Refer to the accompanying error message for additional information.

2055

libcurl error: Could not enable verification of the server

named in the peer certificate <detailed error message>

An error occurred while invoking a libcurl command.

Refer to the accompanying error message for additional information.

2056

No valid BeyondInsight client certificate in the settings file.

sslrcscertfile does not exist in the settings file or is empty.

Add a validBeyondInsight client certificate and assign to the sslrcscertfile keyword in the settings file.

2057

libcurl error: Problem with the BeyondInsight client

certificate <detailed error message>

An error occurred while invoking a libcurl command to assign the BeyondInsight client certificate.

Refer to the accompanying error message for additional information.

2058

Event forwarding failed <detailed error message>

An error occurred while the event data was being sent to BeyondInsight.

Refer to the accompanying BeyondInsight error message for additional information.

2059

Unable to form appropriate headers for HTTP request.

An error occurred while trying to build the HTTP request.

Ensure there is enough memory on the machine for the operation.

2060

Unable to set up libcurl environment to communicate with the target web service.

An error occurred while trying to initialize libcurl.

Ensure there is enough memory on the machine for the operation.

2061

Encryption algorithm <encryption algorithm> is not valid. Please refer to the Privilege Management for Unix and Linux Admin for valid values.

An invalid encryption algorithm was specified in for eventlogencryption in the settings file.

Please refer to the Privilege Management for Unix and Linux Admin Guide for valid encryption algorithm types.

2062

Problem with store file <file> <detailed error message>

The store file specified is missing or invalid.

Refer to the accompanying error message for additional information.

2063

Problem with key file <file> <detailed error message>

The key file specified is missing or invalid.

Refer to the accompanying error message for additional information.

2064

An encryption key file must be provided for the encryption algorithm <encryption type>

When invoking pbfwdevents to forward event log data to BeyondInsight, an encryption algorithm was named but not the corresponding key file.

When invoking pbfwdevents and providing an encryption algorithm, you must also provide the key file.

2065

The encryption algorithm must be provided for the specified encryption key file <file>

When invoking pbfwdevents to forward eventlog data to BeyondInsight, a key file was named but not the corresponding encryption algorithm.

When invoking pbfwdevents and providing a key file, you must also provide the encryption algorithm.

2066

Unable to lock store file <file>

The attempt to lock the store file failed.

Check for reasons why the store file cannot be locked.

2067

Failed to lock store index file <file>

The attempt to lock the store index file failed.

Check for reasons why the store index file cannot be locked.

2068

Unable to forward record to destination due to rejected data. Skipping this record permanently.

Data being sent to BeyondInsight has a problem or is corrupted.

Check for reasons why the data is rejected.

2069

Unable to forward record to destination. Terminating store and forward processing.

A problem was encountered while communicating with BeyondInsight.

Check if theBeyondInsight server is available and resolve any network connectivity issues that may be present.

2070

Unknown error. Terminating store and forward processing.

An unknown error occurred while communicating with BeyondInsight.

Check if theBeyondInsight server is up and resolve any network connectivity issues.

2071

There is no store file to read.

The settings file does not contain the keyword that identifies the appropriate store file.

Add the correct store file keyword and value in the settings file.

2072

2072 specified program is null.

A pb.settings host specification contains backticks without specifying a program.

Correct the host specifications in pb.settings.

2073

2073 specified program:<programname> is not secure.

The program specified in the pb.settings host file (or the path leading to that program) is not secure (eg writable by non-root).

Change the permissions of the specified path and program.

2074

popen error: <errno> <error string>

popen failed to execute the program specified by backticks in a pb.settings host specification.

Examine the <error string> for potential cause of the failure.

2075

pclose error:<errno> <error string>

pclose failed when waiting on the program.

Examine the <error string> for potential cause of the failure.

2076

null hostname returned by <program>

An external program (specified for submitmasters, acceptmasters, logservers, altsubmitmasters keyword, or the pblocald --acceptmasters option) did not return data.

Ensure that the program (identified in the diagnostic text) returns a valid host specification.

2077

select failed in <program name> while checking fd <number> during timed atomic write (<error string>)

Select failed during a timed atomic write due to reason specified in the <error string>.

Examine the <error string> for potential cause of the failure.

2078

atomic loop timed out in <program name> on fd <number> during timed atomic write

Program exceeded its protocol timeout setting while looping during an atomic write.

Adjust the program's protocol timeout setting.

2079

select timed out in <program name> while checking fd <number> during atomic read

Select timed out while waiting for fd to become readable.

 

2080

select failed in <program name> while checking fd set (<error string>) during atomic read

Select failed during a timed atomic read due to reason specified in the <error string>.

Examine the <error string> for potential cause of the failure.

2081

atomic loop timed out in <program name> on fd <number> during timed atomic read

Program exceeded its protocol timeout setting while looping during an atomic read.

Adjust the program's protocol timeout setting.

2082

Timed atomic write by <program name> to fd <number> failed (<error string>)

A timed atomic write failed. This is followed by a system- specific diagnostic message.

Examine the <error string> for potential cause of the failure.

2083

Timed atomic read by <program name> from fd <number> failed (<error string>)

A timed atomic read failed. This is followed by a system- specific diagnostic message.

Examine the <error string> for potential cause of the failure.

2084

<keyword> setting contains invalid character(s)

The keyword has a value that contains invalid characters.

Refer to the user documentation for the correct usage and edit pb.settings.

2085

Could not access debug level settings file.

Unable to save the debug level setting.

 

2086

Insufficient file system space for debug trace file <filename>. Disabling debug mode.

The disk where the debug trace file will be written is running out of space. Debug tracing is disabled until the issue is resolved.

Make space on the affected file systems in order to produce debug trace files.

2087

Debug option <option> must be run as root.

The specified option is only available if the client was run by root.

Rerun as root to use the specified option.

2088

Saved debug level exceeds maximum range. Setting debug level to <number>

The debug level settings file contains an invalid value, or the file is corrupt.

Refer to user documentation to determine the location of the appropriate debug level settings file, then correct the value it contains.

2089

Select timed out in <program name> while checking fd

<number> during timed atomic write

Select timed out waiting for fd to become writeable.

 

2427

Connection failed after initial establishment

A connection to pbmasterd was initially successful but failed during later setup.

Examine the pbrun and pbmasterd log files to see why the connection aborted.

2428

Could not retrieve user information

The user was not found in the server's user database

Use a different user ID or add the user to the server's user database (e.g. /etc/passwd, NIS).

2429

Internal error, bad expression type - <policy expression>

An internal error occurred while evaluating an expression

Contact BeyondTrust Support.

2430

Can not determine dynamic include file name

The include file name could not be evaluated for an entitlement report.

Simplify the expression, or rerun the report with constraints that simplify the expression.

2431

Terminating to protect system resources

Entitlement reporting creates many child processes to evaluate the true and false branches of each decision.

Entitlement reporting for Privilege Management policies with large numbers of IF statements that do not result in an accept or reject can spawn a huge number of child processes.

If the host machine’s resources are expended to the point that the machine becomes unresponsive, try a machine with more memory and at least two processors.

Edit the policy so that most IF statements result in an accept or a reject.

A limit has been placed on that machine so that entitlement reporting will not disable a machine.

2432

Entitlement reporting loop terminating to protect system resources at line <number>,:<string>

Entitlement reporting creates many child processes to evaluate the true and false branches of each decision.

Certain loop constructs can result in an endless loop during entitlement reporting. A safety mechanism to limit the number of child processes evaluating the same loop is used to prevent disabling the system with too many child processes.

In this case, only the processes acting on the same loop statement are terminated. The rest of the entitlement reporting processes continue to create an entitlement report.

This can result in an incomplete report.

If the host system has plenty of resources, increasing the value of the --maxloopchildren option may result in additional reported data.

The line number and string reported indicate the policy position where the possibly endless loop is located. Evaluate the policy code to determine if the loop can be rewritten in a more efficient manner.

2433

sigprocmask failure

A call to the sigprocmask() function failed.

Contact BeyondTrust Support.

2434

waitpid error: <number> <string>

A call to the waitpid() function failed. The errno value and its meaning are displayed.

Evaluate the errno value and its meaning to determine the possible actions.

Contact BeyondTrust Support.