Diagnostic Messages 3001 - 3987

Number Diagnostic Text Meaning Action

3001

Unable to initialize SIA password structure/

Unable to release SIA password structure

A call to a SIA security function failed.

 

3001

Connection to <program> on <host> failed

 

Check pblocald is running and starts from inetd.

Try telnet hostname pblocald. You should get a message like pbmasterd not on a reserved port.

If you receive the message Connection timed out, there is a network problem between the machines. If you receive the message Connection refused, inetd is not accepting connections from pblocald.

3001

Expected boolean

A boolean was expected.

 

3002

Connection to <machine> timed out

The connection to a machine timed out because it is heavily loaded or does not have the same encryption key (/etc/pb.key).

A pb.key problem can cause this.

This can also occur if one of the daemons has incorrect command line options. (inetd accepts the connection but the daemon quits immediately because the options are incorrect.)

This may also occur if pblocald cannot reconnect to pbrun during the reconnect optimization.

This can occur if the policy server is running DNS, but the submithost is not. Therefore the policy server tells pblocald to connect to pbrun on machine X.Y.Z, but machine X.Y.Z thinks its name is only X.

Check the diagnostic logs on the pbmasterd or pblocald machine for port checksum mismatch. If it occurs, check pb.key for a problem.

Check the daemons for incorrect command line options.

Check to see that the remote machine can resolve machine names correctly. This typically happens to the run host when it tries to resolve the submit host name or possibly the log host name.

Check to see if the policy server is running DNS, but the client is not. Use the noreconnect variable, i.e. put noreconnect = 1; in the /etc/pb.conf file.

3003

Could not connect to a Policy Server daemon

pbrun could not connect to any policy server daemon (pbmasterd). This could be caused by the policy server machine being down or inetd on the policy server machine not starting pbmasterd. Try: telnet hostname pbmasterd. You should get a message like pbrun not on a reserved port. If you get Connection timed out, there is a network problem between the machines. If you get Connection refused, inetd is not accepting connections for pbmasterd.

Possible reasons for receiving Connection refused:

  • Entry in inetd.conf is incorrect/missing
  • Entry in services is incorrect/missing

On Suns, /etc/services is ignored when NIS is running so entries must be put in the NIS services map. ( the pblocald and pbmasterd lines need to be in the /etc/services file on the NIS Policy Server and the NIS maps need to be remade).

If DNS returns fully qualified hostnames, but the machine does not have the fully qualified hostname in /etc/hosts, or NIS, or if /etc/resolv.conf is not resolving to the short name, Privilege Management is unable to convert the fully qualified hostname to an IP address using gethostbyname().

pbbench also reports warnings.

Workaround: use shortnamesok in /etc/pb.settings.

Open a line at the bottom of the file and enter: shortnamesok yes or add the fully qualified hostname after masters, or make sure that /etc/hosts shows both the short and fully qualified name.

On AIX, the inetimp command must be run after changing either /etc/services or /etc/inetd.conf, but before restarting inetd. This is done in the new pbinstall scripts but not the old ones.

On Motorola, NIS services are ignored and local /etc/services are used. Other machines may do this too.

After changing inetd.conf or services, inetd must be told to reread its configuration files. (On AIX run inetimp first on AIX 3 and possibly some early AIX 4 versions.)

Do a ps -ef or ps -agux and then a kill -1 with the process ID.

 

3003.1

Could not connect to a Policy Server

pbguid could not connect to a policy server.

Check the Privilege Management configuration files.

3004

Lost connection with <host>

At some time during the startup communication, one of the daemons closed its connection unexpectedly. This could be the result of one of the machines going down or network problems.

 

3005

Request ended unexpectedly

pbrun finished because its connection with pbmasterd was cut off prematurely.

This could be due to network problems, the policy server machine going down, or pbmasterd terminating.

 

3006

getpeername

A problem occurred determining the source of the communication. If the diagnostic says something like Socket operation on non- socket, someone probably has tried running pbmasterd from the command line instead of from inetd.

 

3006.04

getpeername

A problem occurred determining the source of the communication.

If the diagnostic states Socket operation on non- socket, a user tried to run pbguid from the command line instead of from inetd.

3007

Protocol error backbinding pblogd to pblocald

pblogd failed to reconnect to pblocald. This only occurs when I/O logging is in use.

Make sure there is a path from the pblogd machine to the pblocald machine.

Try lognoreconnect=true in the policy.

Turn off I/O logging.

3008

Connection closed unexpectedly during check NAK

 

 

3009

pbrun to pbmasterd protocol error

An unexpected result was received during pbrun to pbmasterd setup protocol.

 

3010

pblocald to pbmasterd protocol error

An unexpected result was received during pblocald to pbmasterd set up protocol.

Check the encryption and firewall settings on the systems involved.

3011

backReadN lost connection with

<host name>

 

 

3012

backReadN port checksum mismatch from <host name>

pbrun or pbmasterd could not read connection port numbers from pbmasterd or pblocald. This is often a network or encryption problem.

Check that pb.key and encryption methods agree on all machines involved.

Check that the network is functioning as expected in both directions between the problem pair of jobs.

3013

I/O log connect failure.

Failed to make a connection to a log server during I/O logging.

 

3014

could not back read log port.
Bad file number

Could not get log port during a log reconnect. Make sure the pblocald and pblogd machines can communicate. If they cannot communicate because of network restrictions, try setting lognoreconnect in the policy.
3014.1 could not back read log port.
Bad file number
Could not get log port during a log reconnect. Make sure the pblocald and pblogd machines can communicate. If they cannot communicate because of network restrictions, try setting lognoreconnect in the policy.
3015 could not reconnect log fd A connection failure occurred during a log server reconnect.  
3015.1 could not reconnect log fd A connection failure occurred during a log server reconnect.  
3016 Unknown service <pblogd name> The service specified is unknown to /etc/services, NIS, or DNS.  
3017

mangleSendStart failure on fd <number>

An atomic write failed during a mangleSendStart. A process failed at the other end. Check the pbmasterd.log, pblocald.log, and pblogd.log.
3018

mangleRecvStart failure on fd <number>

An atomic read failed during a mangleRecvStart.

This is generally caused by the termination of the remote process during startup.

This error means that a process failed at the other end.

Check pbmasterd.log, pblocald.log, and pblogd.log.

Check the error logs and pb.key or for an incorrect service connected to the remote port.

Check the error logs and pb.key. Also, verify that the log directories exist on the policy server machine or on the log server if pblogd is used.

Verify that the log directories exist on the policy server machine or on the log server if pblogd is used.

3018.01

LIBMANGLE_mangleRecvStart failure on fd ##. ## of ## bytes received.

A smaller than expected packet was received during protocol handshaking.

This message means that a process failed at the other end. It is generally caused by the termination of the remote process during startup.

 

Check the error logs and for an incorrect service connected to the remote port.

Also, verify that the log directories exist on the policy server machine or on the log server if pblogd is used.

Verify that the log directories exist on the policy server machine or on the log server if pblogd is used.

3019

Log server protocol failure from <log host>

The log server did not acknowledge a processing request.

 

3020

Could not identify peer on fd ##

The remote peer could not be identified. This is followed by an operating system message that provides details.

 

3021

initKerberosKey host name '<host name>' is not valid

The listed host name could not be identified.

Correct the policy, settings file or name services.

3022

Could not resolve full run hostname

The run host name could not be resolved.

Correct the policy or name services.

3023

Could not determine Policy Server name

The name of the policy server could not be determined.

Check name services for the policy server.

3024

Could not determine run host name

The name of the run host could not be determined.

Check name services for the run host.

3025

Could not determine submit host name from fd %d

The name of the submit host could not be determined.

Check name services for the submit host.

3026

backBind# <host description> <host name> could not find local machine information

The listed host could not be determined.

Check name services for the listed host.

3027

Could not find local machine information

The local host name could not be determined.

Check name services for the listed host.

3028

Policy Server mangler mismatch - retrying

The mangler likely deprecated an encryption type. PB client is aware of the change and will reconnect to policy server using correct settings.

Verify the networkencryption settings entries for the client and policy server match.

3030

Problem initializing <encryptiontype> with key pair <algorithm>:<keyfile>

Incorrect encryption pair setting on pb.settings.

Check and correct encryption pair to use valid settings

 

3031

Invalid encryption time format 'yyyy/mm/dd', instead received xxxx

Indicates that one or more start or end dates has an incorrect format.

Verify the settings file for invalid dates.

3032

The start and end dates appear to be reversed.

The encryption start and end dates appear to be reversed.

Verify the dates.

3033

Key file unreachable: xxx

The first encryption pair (type and key) was invalid because the key file is unreachable or does not exist.

Check the key file name, path, and permissions. Then make any necessary corrections.

3050

initMangle failure while verifying Policy Server

pbguid could not initialize its encryption keys.

 

3051

mangleSendStart failure

pbguid could not send its protocol header block to pbmasterd.

 

3052

mangleRecvStart failure

pbguid did not receive pbmasterd's protocol header block.

 

3053

initMangle failure

pbbench could not initialize its encryption keys (receive).

 

3054

initMangle failure

pbbench could not initialize its encryption keys (transmit).

 

3055

mangleSendStart failure connecting to <host>

pbbench could not transmit its protocol header block.

 

 

3056

mangleRecvStart failure connecting to <host>

pbbench did not receive its protocol header block.

 

3057

log server initMangle error

The program could not initialize its encryption keys for a log server connection.

 

3058

manleSendStart failure to log server <log host>

The program could not send its protocol header block to the named log server.

 

3059

mangleRecvStart failure from log server <log host>

The program did not receive its protocol header block from the named log server.

 

3060

manglelex initMangle failure

The program could not reset and reinitialize its encryption keys for file encryption.

 

3061

encrypt mangler initMangle failure

The program could not initialize its encryption keys for file encryption.

 

3062

initial initMangle failure

pblocald could not initialize its encryption keys.

 

3063

mangleSendStart failure initializing Policy Server '<Policy Server>'

pblocald could not send its protocol header block to the named policy server.

 

3064

mangleRecvStart failure initializing Policy Server '<Policy Server>'

pblocald did not receive its protocol header block from the named policy server.

 

3065

Log server initMangle failure

pblocald could not initialize its encryption keys for a log server connection.

 

3066

mangleSendStart failure reconnecting '<submit host>'

pblocald could not send its protocol header block to pbrun on the named submit host.

 

3067

mangleRecvStart failure reconnecting '<submit host>'

pblocald did not receive its protocol header block from pbrun on the named submit host (branch 1).

 

3068

mangleRecvStart failure from client '<submit host>'

pblocald did not receive its protocol header block from pbrun on the named submit host (branch 2).

 

3069

initMangle failure on initial connect from <host>

pblogd could not initialize its encryption keys from a connection from the named host.

 

3070

mangleSendStart failure on initial connect from <host>

pblogd could not send its protocol header block to the named host.

 

3071

mangleRecvStart failure on initial connect from <host>

pblogd did not receive its protocol header block from the named host.

 

3072

initMangle failure during log reconnect to <run host>

pblogd could not initialize its encryption keys during a log reconnect to pblocald on the named host.

 

3073

initMangle failure from <submit host>

pbmasterd could not initialize its encryption keys during a connection from pbrun on the named host.

 

3074

mangleRecvstart failure during back connect to <submit host>

pbmasterd did not receive its protocol header block during a back connect to the named host.

 

3075

initMangle failure connecting to pblocald on <run host>

pbmasterd could not initialize its encryption keys during a connection to pblocald on the named host.

 

3076

mangleSendStart failure connecting local daemon <run host>

pbmasterd could not send its protocol header block to pblocald on the named host.

 

3077

mangleRecvStart failure connecting local daemon <run host>

pbmasterd did not receive its protocol header block from pblocald on the named host.

 

3078

mangleSendStart failure connecting local daemon <run host>

pbmasterd did not receive its protocol header block from pblocald on the named host.

 

3079

initMangle failure during multiplexed reconnect to <run host>

pbrun could not initialize its encryption keys during a multiplexed reconnect to pblocald on the named host.

 

3080

mangleSendStart failure during multiplexed reconnect to <run host>

pbrun could not send its protocol header block to pblocald on a multiplexed reconnect to the named host.

 

3081

mangleRecvStart failure during multiplexed reconnect to <run host>

pbrun did not receive its protocol header block from pblocald on a multiplexed reconnect to the named host.

 

3082

initMangle failure during non- multiplexed reconnect to <run host>

pbrun could not initialize its encryption keys during a non- multiplexed reconnect to pblocald on the named host.

 

3083

mangleSendStart failure during non-multiplexed reconnect to <run host>

pbrun could not send its protocol header block to pblocald on a non-multiplexed reconnect to the named host.

 

3084

initMangle failure during startup

pbrun could not initialize its encryption keys during startup.

 

3085

mangleSendStart failure while connecting to <Policy Server>

pbrun could not send its protocol header block to pbmasterd on the named host.

 

3086

initMangle failure on settings file

The program could not initialize its encryptions to read an encrypted settings file.

 

3087.01

Check the log files on the Policy Server to see if transmission was interrupted.

Policy server info packet does not contain policy server name.

The info packet between pblocald and the policy server is missing the name of the policy server.

3087.02

Check the log files on the submit host to see if transmission was interrupted.

Client info packet does not contain the client host name.

The info packet between client and the policy server is missing the name of the client host. Check the installed versions.

Older versions do not contain the client host. If you have older pre 4.0 clients, upgrade the client machines or turn off the validateclienthostname setting on your policy server.

3087.03

Check the log files on the submit host to see if transmission was interrupted. Older versions do not contain the client host name.

Policy server info packet does not contain the client host name.

The info packet between runhost and the policy server is missing the name of the client host. Check the installed versions.

Older versions do not contain the client host. If you have older pre 4.0 submit host, upgrade the client machines or turn off the allowremotejobs settings on your run host.

3087.04

Check the log files on the submit host to see if transmission was interrupted.

Policy server info packet does not contain the run host name.

The info packet between runhost and the policy server is missing the name of the client host.

3087.05

Check the log files on the submit host to see if transmission was interrupted. Older versions do not contain the client host name.

The client info packet does not contain the client host name.

The info packet between submithost and the policy server is missing the name of the client host. Check the installed versions.

Older versions do not contain the client host. If you have older pre 4.0 clients, upgrade theclient machines or turn off the validateclienthostname setting on your policy server.

3087.06

Check the log files on the submit host to see if transmission was interrupted.

The client info packet does not contain the run host name.

The info packet between submithost and the policy server is missing the name of the run host

3088.01

The settings for the runhost specify that remote commands are not allowed.

Remote commands from <submit host name> not allowed on <run host name>.

Remote commands from the submit host are not allowed.

3088.02

The settings for the masterhost specify that remote commands are not allowed.

Remote commands from <submit host name> not allowed on <run host name>.

Remote commands from the submit host are not allowed.

3088.03

The settings for the submithost specify that remote commands are not allowed.

Remote commands are not allowed in <settings file name>.

Remote commands are disabled in the named settings file, but -h was used on the pbrun command line.

3089

Could not send initial protocol header to Policy Server <Policy Server name> - <operating system message>

The program could not send its initial protocol packet to the policy server. The operating system diagnostic contains more details.

 

3090

Did not receive initial protocol header from Policy Server <Policy Server name> -<operating system message>

The program did not receive an initial protocol packet from the policy server. The operating system diagnostic contains more details.

 

3091

Terminated on protocol failure

The policy server did not complete the startup protocol.

Check the policy server daemon log file on the policy server.

3092

Unsupported socket family type

<network family number> for fd ##

An unsupported socket family type was found.

This is an internal error.

Contact BeyondTrust Support.

3093

Unsupported socket family type <network family number>

An unsupported socket family type was found.

This is an internal error.

Contact BeyondTrust Support.

3094

Unsupported socket family type <network family number>

An unsupported socket family type was found.

This is an internal error.

Contact BeyondTrust Support.

3095

Could not get socket information for fd #

Socket name information could not be determined for the listed file descriptor. This is followed by a system-specific diagnostic.

 

3096

Could not find Policy Server protocol and service <service name>

The named service could not be found.

Check that the service name is correct and that it can be found in the system configuration files (e.g., /etc/services, NIS).

3097

Unsupported (<network family name>) internet family type for license generation

The primary interface for the machine was something the licensing mechanism could not handle.

Contact BeyondTrust technical support for suggestions on setting the primary interface type to a family licensing can use.

3098

Missing Hostname, required when connecting via pbssh

The runhost (-h) is required when executing with option pbssh.

Define the runhost by using pbssh with -h.

3099

Missing user, required when connecting via pbssh

The user (-u) is required when executing with pbssh.

Reissue the command specifying the user.

3100

ssh port can only be used with option --ssh or --manssh

SSH port can only be used if ssh is requested.

Remove ssh port option if ssh is not used.

3101

Unknown host: <name>

The host specified is unknown to /etc/hosts, NIS, or DNS.

 

3101.03

Unknown host: <name>

The host specified is unknown to /etc/hosts, NIS, or DNS.

Try shortnamesok yes.

3101.06

Unknown host: <name>

The specified host is unknown to the system /etc/hosts, NIS, or DNS.

Verify that the host name is valid and can be resolved by the system's name services.

3101.09

gethostbyname: <message>

The host specified is unknown to /etc/hosts, NIS, or DNS.

 

3102

Unknown group: <name>

The group specified is unknown to /etc/hosts, NIS, or DNS.

 

3102.01

Unknown group: <name>

The group that the user is supposed to execute as does not know the group specified.

Make sure that the user is executing from the correct group.

3102.02

Unknown group: <name>

The group specified is one of the secondary groups.

Add the group on the local machine.

3102.03

Unknown group: <number>

Cannot find the group specified

Correct the group.

3102.04

Unknown group: <number>

Cannot find the group specified

Correct the group.

3103

Unknown group id: ###

The group ID specified is unknown to /etc/hosts, NIS, or DNS.

 

3104

Unknown service: <name>

The service specified is unknown to /etc/hosts, NIS, or DNS.

 

3105

Unknown user: <name>

The user specified is unknown to /etc/hosts, NIS, or DNS.

 

3106

Unknown user id: ###

The user ID specified is unknown to /etc/hosts, NIS, or DNS.

 

3106.01

Unknown user id: ###

The user ID specified is unknown to /etc/hosts, NIS, or DNS.

 

3106.02

Unknown user id: ###

The user ID specified is unknown to /etc/hosts, NIS, or DNS.

 

3106.03

Unknown user id: ###

The user ID specified is unknown to /etc/hosts, NIS, or DNS.

 

3107

exited abnormally

The runprogram or pbmasterd exited in an unexpected fashion.

Check pbmasterd.log and pblocald.log.

3108

backBind#InitListeners could not obtain a listening port address for %s during a backbind

A listening port for the named host could not be found during a dynamic reconnection.

Check minlistening port to see that it is valid.

Verify the name services for the named host. Check that sufficient ports are available.

3109

backConnect# <host type> <host name> could not identify local host

A host name could not be found during a dynamic reconnection.

Check name services for the named host.

3110

backConnect# <host type> <host name> hostname length invalid %d

The name length for the listed host was transmitted incorrectly.

This is an internal protocol error.

Contact BeyondTrust Support.

3111

backConnect# <host type> <host name> could not get address for outgoing port <port>

An outgoing port for the named host could not be found during a dynamic reconnection.

Check the outgoing port settings to see that they are valid. Verify the name services for the named host. Check that sufficient ports are available.

3112

backConnect# <host type> <host name> could not obtain socket # of #

An attempt to obtain a socket for an outgoing dynamic reconnection failed. This is followed by a system-specific message.

 

3113.01

backConnect# <host type> <host name> could not set socket port address <port number> on port #of #

The port number could not be set for the listed socket.

Check that the socket number is valid for the host and internet family type.

3113.02

backConnect# <host type> <host name> could not set socket port address <port address> on port

# of #

The port could not be set for the listed socket.

 

3114

Confirm failed, user: <user name>

A call to runconfirmuser failed on a client in local mode.

Check that the user name is valid on the submit host.

3115

No command specified

No command was specified on prune's command line.

 

3116

Exited with signal

The secured task received a signal, which caused it to terminate.

 

3117

Execution failure

The secured task failed to execute.

Verify that the secured task is an executable file that exists. Verify that the system has enough resources to execute tasks.

3118

Logserver error

Privilege Management possibly encountered a logging issue after the secured task was executed.

 

3119

unable to set termination status

Unable to determine the termination status of the child, for logging.

Contact BeyondTrust Support.

3120

child <pid> has not been reaped. Errno:<number>

The secured task is known to have terminated, but has not been reaped.

Contact BeyondTrust Support.

3121

forcing child termination

Privilege Management has stopped processing I/O for the secured task. The secured task is still alive, so it is forcing the termination of the secured task.

Informational

3122

Unknown Termination code:

<number>

The secured task has completed (or been killed), however the termination status returned to pbrun is unknown.

Contact BeyondTrust Support.

3123

No termination count: <number>

Signal handler was called for SIGCHLD, however waitpid did not return an exited child pid.

Informational

3124

waitpid error:<errno> <error string>

The waitpid() system call returned an error while responding to SIGCHLD.

Informational

3125

Processing select with NULL timeout

An internal variable was not set properly.

Contact BeyondTrust Support.

3126

Error: null timeout

An internal variable was not set properly.

Contact BeyondTrust Support.

3127

Cannot run relative-pathed commands when runcwd directory is inaccessible

runcwd directory does not exist or is inaccessible.

Relative-pathed commands may not be run under this circumstance.

Issue command using absolute path.

3201

Exec of <program name> failed

pblocald or pbmasterd could not execute the command specified. This is followed by a system-specific diagnostic.

If pbmasterd is printing the error message, it is the result of a system() call somewhere inside pb.conf.

If it fails due to "Exec format error", XXX is not an executable or it does not match the checksum given by runcksum.

 

3202

Exec of <program> failed

The program could not be started. This is followed by an operating system diagnostic.

Check that the command is correct and executable.

3204

lockevent log <filename> open failure: <errno> <error string>

The open system call failed to open the event log file.

Contact BeyondTrust Support.

3205

lockevent log <filename> lock failure: <errno> <error string>

Failed to obtain a lock for the event log.

Contact BeyondTrust Support.

3206

rotateevent log invalid character in unformatted eventlogrotate path:<path> ret:<error code>

The eventlogrotate keyword contains an illegal character in the path= specification.

Edit pb.settings to change the eventlogrotate keyword.

3207

rotateevent log invalid character in formatted eventlogrotate path:<path> ret:<error code>

The eventlogrotate keyword contains a %variable% substitution that results in an illegal character in the path= specification.

Edit pb.settings to change the eventlogrotate keyword.

Or, edit pb.conf to change the data held by the variable substituted into the path.

3208

rotateevent log eventlogrotate path is not absolute or not a valid path:<path> ret:<error code>

rotateevent log eventlogrotate path is not absolute or not a valid path:<path> ret:<error code>.

Edit pb.settings to change the eventlogrotate keyword so that the path is absolute and a valid path.

 

3209

rotateevent log new

/path/filename:</path/filename> already exists

Cannot rotate the event log because the destination filename already exists.

Informational only

3210

rotateevent log new filename:<filename> already exists

Cannot rotate the event log because the destination filename already exists.

Informational only

3211

rotateevent log path is not secure:<path>

The path reported is not secure (for example. writable by non root users).

Edit pb.settings to change eventlogrotate to specify a secure path.

Or, change the permissions on the path elements.

3212

rotateevent log mkdir:<path> errno:<errno> <error string>

The mkdir system call failed.

Examine errno for possible causes.

3213

rotateevent log stat error for:<path> errno:<errno> <error string>

The stat system call failed.

Examine errno for possible causes.

3214

rotateevent log mkdir full:<path> errno:<errno> <error string>

The mkdir system call failed.

Examine errno for possible causes.

3215

rotateevent log stat error for full:<path> errno:<errno> <error string>

The stat system call failed.

Examine errno for possible causes.

3216

rename file from:

</path/filename> to

</path/filename> failed. errno:

<errno> <error string>

The rename function failed to rotate the event log.

Examine errno for possible causes.

 

3217

rotateevent logSize fstat failure: <errno> <error string>

The fstat call failed.

Examine errno for possible causes.

3203

Exec of <program> failed

The program could not be started. This is followed by an operating system diagnostic.

Check that the command is correct and executable.

3301

Calloc (<number of elements>,

<element size>)

A calloc operation failed. This is followed by an operating system diagnostic message.

If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.

3302

Malloc size = <requested size>

A memory allocation operation failed. This is followed by an operating system diagnostic message.

If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.

3303

Realloc(0x<old address>, <new size>)

A realloc operation failed. This is followed by an operating system diagnostic message.

If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.

3304

Fset error fopening <file name>

- <reason>

The fset() function could not open the file specified.

 

3304

Strdup <value>

A string duplication failed while attempting to copy the listed value. This may be followed by an operating system diagnostic message.

If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.

3305

Malloc failure in writeMuxBuf

The machine is running out of memory or swap space.

If this occurs often, increase the amount of swap space on the machine.

3306

Malloc failure in recvWinch

The machine is running out of memory or swap space.

If this occurs often, increase the amount of swap space on the machine.

3307

Malloc failure in recvTtyChars

The machine is running out of memory or swap space.

If this occurs often, increase the amount of swap space on the machine.

3308

Could not reallocate I/O buffer from ## bytes to ## bytes

A memory allocation problem when readMuxBuf tried to increase an input buffer size. A system-specific diagnostic follows this message.

 

3309

Remote process terminated while waiting for an acknowledgement

Check the error log on the remote machine.

 

3310

Insufficient buffer space to fetch command buffer ##/##

The machine is running out of memory or swap space.

If this occurs often, increase the amount of swap space on the machine.

3311

Could not allocate fname, <file name>, in parseconfig

Could not allocate enough memory for filename.

 

3312

Could not allocate MasterRules

Insufficient memory to allocate policy server rules list.

 

3313

Could not allocate license string

Insufficient memory to allocate license string.

 

3314

Could not allocate ## bytes for settings table from '<settings file>'

Insufficient memory for settings table.

 

3315

Could not allocate ## bytes for temporary settings table from '<settings file>'

Insufficient memory for temporary settings table.

 

3316

Could not allocate krb5 keytab name '<file name>'

Insufficient memory for keytab name.

 

3317.1

Memory transfer truncated at byte XX

Incorrect target buffer size.

If buffer is an user entry, an argument with a smaller length may be required, otherwise it is an internal error.

3317.10

Memory transfer truncated

Incorrect target buffer size.

Internal error. Error in building URL string.

3317.11

Memory transfer truncated

Incorrect target buffer size.

Internal error. Error in building URL string.

3317.12

Memory transfer truncated

Incorrect target buffer size.

Internal error. Error in doing global substitution.

3317.13

Memory transfer truncated, affected source string xx

Incorrect target buffer size.

Internal error. Error in getting expanded setting string.

3317.2

Memory transfer truncated at xx

Incorrect target buffer size.

Check nis host info.

3317.3

Memory transfer truncated at xx

Incorrect target buffer size.

Check the pbguid settings and configuration file.

3317.4

Memory transfer truncated at xx

Incorrect target buffer size.

Error while getting the group name from the GUI.

3317.5

Memory transfer truncated at xx

Incorrect target buffer size.

Check the string length.

3317.6

Memory transfer truncated

Incorrect target buffer size.

Internal error. Error in buildmasterrule (pblocald).

3317.7

Memory transfer truncated

Incorrect target buffer size.

Internal error. Error in log join (pblog).

3318.8

Memory transfer truncated

Incorrect target buffer size.

Internal error. Error in reporting lexical error message (pbmasterd).

3318.9

Memory transfer truncated

Incorrect target buffer size.

Internal error. Error in policy server connection.

3320

fork

The machine is running out of processes.

If this occurs often, increase the maximum number of processes in your kernel.

3321

Server fork 2 failure:

A daemon could not create a child process in standalone server mode. This is followed by a system-specific diagnostic message.

 

3322

Server fork failure for

<service> port ##

A standalone server daemon could not create a child process for the listed service name and port. This is followed by a system-specific diagnostic message.

 

3323

Fork failed - <operating system message>

An attempt to start a new process failed. The operating- system specific diagnostic contains more detail.

 

3324

Fork failed - <operating system message>

An attempt to move a control socket failed. The operating- system specific diagnostic contains more information.

 

3340

Can't open /dev/tty

pbrun could not open /dev/tty to get input directly from the user. (most likely a password)

 

3341

Could not get a pty

A pseudo-tty could not be opened to run the process.

If this occurs often, add more pseudo ttys.

For more information, please consult your operating system manuals or /dev/MAKEDEV.

3342

Cannot read X's password: no tty

The pblocald confirm user password feature was selected, but the pbrun is not running on a tty (for example, batch job). Therefore, the password could not be received securely.

 

3342.02

Cannot read <user name>'s password: no tty

The client's confirm user password feature was selected, but the client is not running on a tty (for example, as a batch job). Therefore, the password could not be received securely.

 

3343

HP-UX pty problem: '<pty name>'

This indicates a failure to access the named pty. It is followed by the system-specific diagnostic message.

 

3344

Could not open /dev/tty for input - <system specific reason>

A tty could not be opened for input. This is followed by the system-specific diagnostic message.

 

3345

Could not allocate a pty -

<operating system message>

A pty could not be obtained. The operating system diagnostic contains more details.

 

3346

TTY is no longer available

The tty connection needed to execute pbrun is no longer available for redirection.

Make sure pbrun has access to the tty.

3360

open logfile: <file name>

I/O logging was requested, but the log file could not be opened. This immediately terminates the request.

The filename must be unique for each request and the file should exist before the request is made.

Verify that the filename is correct and that the disk in which it would reside is not full.

3361

open event log: <file name>

Event logging was requested, but the event log file could not be opened.

Unlike I/O log files, an event log file may exist beforehand. It is always appended to and never overwritten.

Verify that the filename is correct.

3362

open: /etc/pb.settings

An error occurred while opening the pb.settings file.

 

3362.03

open: <policy file>: <message>

An error occurred while creating or opening the specified policy file.

<message> is the text for the error code returned by the operating system.

Verify that the file and all path components exist. Correct any problem indicated by <message>.

3363

stat /etc/pb.settings

An error occurred while stating the pb.settings file.

 

 

3364

 

stat: <filename>

An error occurred while stating a configuration file.

 

3364.02

stat: <message>

A call to the C language stat() function for the Privilege Management event log failed. <message> is the text for the error code returned by the operating system.

Verify that the path exists. Correct any problem indicated by <message>.

3364.04

stat: <policy file>: <message>

A call to the C language stat() function for the specified policy file failed. <message> is the text for the error code returned by the operating system.

Verify that the file and all path components exist. Correct any problem indicated by <message>.

3364.05

stat: <message>

A call to the C language stat() function for a Privilege Management policy file failed. <message> is the text for the error code returned by the operating system.

Verify that the path exists. Correct any problem indicated by <message>.

3364.06

stat: <message>

A call to the C language stat () function for a Privilege Management policy file failed. <message> is the text for the error code returned by the operating system.

Verify that the path exists. Correct any problem indicated by <message>.

3365

failed to write record

The information failed to write to the event log file or an I/O log file. A disk running out of space can cause this.

 

3366

No valid Policy Server setting. Who is Policy Server?

pbrun could not determine which machine was a policy server because there was no policy servers line in the /etc/pb.settings file, the file contained no valid hostnames, or there was no netgroup pbmasters.

Make sure the hostnames in /etc/pb.settings are correct. If you are using the netgroup pbmasters, make sure the names are fully qualified with domain names.

3367

event log file '<file name>'

not logged to -- absolute paths only

The event log specified did not begin with a slash (/).

Pathnames for log files must be absolute.

 

3368

/etc/pb.settings: Invalid port number ###

The port number for the masterport or localport must be between 1024 and 32767.

 

3368.05

-p <port> must be a number between <min> and <max> or an absolute path

An attempt was made to launch pbguid in daemon mode (-d) with an invalid port value.

Use a port value between the specified <min> and <max> values.

3369

I/O log file '<file name>' not logged to -- absolute paths only

The I/O log specified did not begin with a slash (/).

Pathnames for log files must be absolute.

 

3370

fopen <filename>

Could not open the file specified to pbcheck

Verify the file specified to pbcheck exists and has the appropriate read permissions.

3371

Invalid <name> reserved port number <port number>

The port number is outside of the acceptable reserved port range (1-1024).

 

3371.0?

<keyword>: Invalid port number ##

The value for minreservedport or maxreservedport in the /etc/pb.settings file is invalid.

 

3371.03

<settings file name>: Minimum outgoing port (<number>) must be between <minimum number> and <maximum number>

The value for the minoutgoingport setting in the listed file should be within the shown numeric range.

Correct the minoutgoingport setting.

3371.04

<settings file name>: Maximum outgoing port (%d) must be between %d and %d

The value for the maxoutgoingport setting in the listed file should be within the shown numeric range.

Correct the maxoutgoingport setting.

3372

Facility not found

The facility specified in /etc/pb.settings is not known internally.

Check that this is a valid setting for your syslog.conf.

Contact BeyondTrust Support.

3372.03

<settings file name>: Minimum listening port (<number>) must be between <minimum number> and

<maximum number>

The value for the minlisteningport setting in the listed file should be within in the shown numeric range.

Correct the minlisteningport setting.

3372.04

<settings file name>: Maximum listening port (<number>) must be between <minimum number> and <maximum number>

The value for the maxlisteningport setting in the listed file should be within in the shown numeric range.

Correct the maxlisteningport setting.

3373

filename in getuserpassword not absolute

There is no slash (/) at the beginning of the filename in the getuserpassword() function.

Change the filename.

3374

Log server could not create temporary file

The log server could not open a unique I/O log.

Make sure the file does not already exist.

Check that the path is correct.

3375

No valid logserver setting in

<settings file>

 

 

3376

logConnect <Policy Server/local> connect failure

A logConnect failure was diagnosed when sending a policy server or local connect command.

This usually indicates that inetd responded on the pblogd machine, but that pblogd failed to run for some reason.

Check the pblogd.log on the log server.

3377

logConnect failure

A generic failure occurred when starting a log server daemon.

Check the log server error log for more information.

3378

log event ack failure

The log daemon failed to acknowledge a protocol handshake. The log server most likely terminated.

This is usually preceded by an error message from the log server.

Check pblogd.log on the log server machine.

3379

log server protocol failure after start. Please check for a mismatched key on <log host machine>

The log server failed to start. This is usually a set up or encryption issue.

Examine the checksums for the keyfile on the policy server, local, and log server machines.

3380

port <settings name> (<value>) must have a numeric value between <minimum allowed> and <maximum allowed>

The port setting shown should be a number between the minimum and maximum allowed.

Correct the setting shown.

3381

Can not set ingoing/outgoing port ranges

A configuration problem exists in the settings file port definitions. This usually follows another message that describes the specific setting.

Look for the preceding message and correct the problem shown.

3382

reserved space on <filesystem name> is below <number reserved> blocks (<number available>)

There is insufficient space on the specified file system to start a new operation.

Clear some file system space or change the logreservedblocks setting.

3383

Could not determine log server rules

The log servers could not be found in the policy, settings, command line, or NIS.

Define the log servers.

3384

Local mode log failure

Logging could not be started in local mode.

This is usually preceded by other diagnostics that detail the failure.

3385.01

Insufficient disk space for logging

The log server daemon does not have enough disk space for logging.

Make space on the affected file systems or adjust the logreservedblocks and logreservedfilesystems settings on the log host.

3385.02

Insufficient disk space for logging

The policy server daemon does not have enough disk space for logging.

Make space on the affected file systems or adjust the logreservedblocks and logreservedfilesystems settings on the policy server.

3386

Maximum log server failures (###) exceeded

The maximum number of log failures was exceeded.

Check the local diagnostic logs to see if any log connections were made. Check the diagnostic log file on the affected log hosts for more information.

3387.01

Insufficient file system space for log file <log file name>

There was insufficient disk space to write the named I/O log file.

Make space on the affected file systems on the log host or policy server or adjust the logreservedblocks and logreservedfilesystems settings on the log host.

3387.02

Insufficient file system space for log file <log file name>

There was insufficient disk space to write the named event log file.

Make space on the affected file systems on the log host or policy server or adjust the logreservedblocks and logreservedfilesystems settings on the log host.

3401

WARNING: <filename> is open for reading by non-root users

This is a warning that a file used by Privilege Management is open for reading by non-root users.

Since non-root users do not need this access to run the programs, we suggest that the files only be readable by root.

 

3402

WARNING: <filename> is open for writing by non-root users

This is a warning that a file used by Privilege Management is open for writing by non-root users.

Security may be jeopardized because a non-root user could modify files used by Privilege Management. If root (/) has permissions of 777, pbrun will fail.

To fix, chmod 755 /.

3404

<filename>is not owned by root!

A known Privilege Management file was found belonging to a user other than root. root must own all Privilege Management files to be secure.

 

3405

<path name> is not secure!

The named config file was found to be insecure for one of the previous reasons (error 3401-3404). All requests will fail if this occurs.

 

 

3406

 

/etc/pb.settings is not secure!

The settings file was found to be insecure. All requests will fail if this occurs.

 

3407

must be run as root.

pbmasterd or pblocald was run from someone other than root. Normally inetd starts these programs running as the root user. This error should not occur unless Privilege Management was installed incorrectly.

 

3408

must be setuid root.

pbrun must be a setuid root program. pbrun needs to be able to access root privileged files and ports to work correctly. setuid will often fail if executed from an NFS mount. This error should not occur unless Privilege Management was installed incorrectly.

Check that pbrun has the setuid bit turned on.

Check if pbrun is in an NFS mounted directory tree.

3410

Connection from <name> on non- reserved port disallowed

Connections to pbmasterd and pblocald must originate from reserved port numbers. This ensures that program on the other end of the communication is running as root.

In previous troubleshooting tips, we suggest that telnet be used to connect to the policy server or local daemons. telnet will cause this error to occur.

 

3411

Policy Server <Policy Server> is not listed in <run host>'s acceptmasters rules

A request was received by pblocald from a machine that is not one of its recognized policy servers. Requests must only come from hosts listed on the acceptmasters line in the settings file or the netgroup pbacceptmasters.

The IP address is used to lookup the hostname. If DNS does not have the reverse lookups set up correctly, pblocald may reject the local machine.

Try nslookup <machine name> then nslookup <ipadress> and see if you get the same thing, or add the denied policy server (YYY) to the Policy Server line in /etc/pb.settings.

3412

pbmasterd on <host> not on a reserved port!

Connections to pblocald must originate from reserved port numbers. This ensures that program on the other end of the communication is running as root.

Note: In previous troubleshooting tips, it is suggested that telnet be used to connect to the policy server or local daemons. telnet will cause this error to occur.

If a port scan is done on the port, this error will also be reported, indicating a connection was tried, but was unsuccessful.

If this occurs when pbrun is executed, ensure the inetd.conf entry for pbmasterd has its user as root.

3413

pbrun on <host> not on a reserved port!

Connections to pbmasterd must originate from reserved port numbers. This insures that program on the other end of the communication is running as root.

In previous trouble shooting tips, we suggest that telnet be used to connect to the policy server or local daemons. telnet will cause this error to occur.

If a port scan is done on the port, this error will also be reported indicating a connection was tried, but was unsuccessful.

If this occurs when pbrun is executed, ensure the inetd.conf entry for pbmasterd has its user as root.

3414

No arguments in inetd.conf for

The inetd configuration is missing the name of the command being run (pblocald or pbmasterd).

Change the inetd entry, for example::

service stream tcp nowait root filename

to

service stream tcp nowait root filename command

3415

pbrun "-testmaster" option may only be used when running as root

The testmaster option was used when running pbrun as user other than root.

Rerun as root.

3421

Could not get rungroups

Internal error.

Contact BeyondTrust Support.

3422

Available key data (### characters) is smaller than the minimum (<required length>) required by <algorithm name>

The key data from pb.key or Kerberos is smaller than the key length required by the algorithm.

Increase the size of the key in pb.key or Kerberos.

3423

No symmetric algorithm supplied.

A symmetric encryption algorithm was not provided.

Check the settings file and make sure the encryption algorithms are listed.

3424

No hash algorithm supplied

A hash (digest) algorithm name was not supplied.

Check the settings file and make sure a hash algorithm is supplied.

3425

Can not find hash algorithm <name>

The hash algorithm could not be found under the name listed.

Make sure the name is correct.

3426

Can not find symmetric algorithm <name>

The symmetric algorithm could not be found under this name.

Make sure the name is correct.

3427

Can not find cipher mode <name>

Could not find the cipher mode under this name

Make sure the name is correct.

3428

Cipher mode <name> is <block/stream> mode. Symmetric algorithm <name> is <stream/block> mode

The cipher mode and symmetric algorithm have different block/stream modes.

Make sure the symmetric algorithm and the cipher mode are both block or stream mode.

3429

Unexpected buffer length decrypting with <name>

The length of the encryption buffer was not of the expected value.

 

3430

Insecure operation - please consult your administrator

An insecure operation occurred.

Check the error logs on the machine that produced the error.

3431

Expecting a string, number or list

A string, number, or list was expected, but not found.

Correct the policy.

3431

Security error - please see your administrator

A security error occurred.

Check the error logs on the machine that caused the error.

3501

No validation string found.

A validation string must be found in the settings file for Privilege Management to operate fully.

 

3501.1

Detected temporary placeholder string in the validation setting.

The settings file contains a placeholder string in the validation setting.

The settings file contains a placeholder string in the validation setting.

3503

The validation string is incorrect.

 

 

3504

Warning: version conflict! VER1 on HOST1 differs with VER2 on HOST2

This is a warning that different Privilege Management versions are running on different machines.

BeyondTrust strongly suggests that you run the same version of Privilege Management on all machines to minimize incompatibility problems.

Upgrade when practical.

3504.01

login_tty

For HP-UX:

Unable to open /dev/ptym directory

Everything needs to be of the form ptyX in the directory There needs to be a pty of the form /dev/pty/tX.

For SGI:

Unable to open a pty For SVR4 and Solaris:

Unable to open directory

/dev/ptmx

No pty available (/dev/pts/N where N is a non-negative number)

For AIX:

Unable to open directory

/dev/ptc. Unable to open tty For SunOS, m88k_svr32, SCO, Linux, Ultrix:

Unable to find and/or open

/dev/ptyXX

 

3505

WARNING: The license will expire in X days on XX.

This is a warning that your license is about to expire. The request will still be honored, but you should get a new license if you wish to continue using Privilege Management past the expiry date.

Get a new license from BeyondTrust.

3506

The validation string indicates an expired license.

The validation string in the configuration file has expired.

Obtain a new validation string.

3506

Not licensed for this host

The license is not for the host it is run on.

Get a new license from BeyondTrust.

3507

chksum error in license

The license is invalid.

Get a new license from BeyondTrust.

3508

invalid number of hosts

The license key is corrupt.

Get a new license from BeyondTrust.

3509

Too many clients using this license

The policy server is licensed for a number of clients (pbrun and pblocald) that connect to it. More connections to and from these are used than licensed.

For versions 2.8 and later, try retiring unused licenses with pblicense -r.

Contact BeyondTrust Support.

3510

Problem reading client license file

An error occurred while processing the license file.

Contact BeyondTrust Support.

3511

Problem writing license file

An error occurred while processing the client license file.

Contact BeyondTrust Support.

3512

Can't stat license file

The license file probably does not exist. This may be due to an incomplete installation.

This error may also occur if the error is occurring on a policy server or failover policy server and they used pbmakeremotetar and the pbremoteinstall. These scripts were designed for use on submithost and runhost installations, not policy servers or failover policy servers.

Reinstall.

3513

Can't open license file.

The license file probably does not exist.

Reinstate the license file.

3514

Bad header in license file.

The license file is corrupt.

Reinstall.

3515

Corrupt license file.

The license file is corrupt.

Reinstall.

3516

Can't allocate memory.

Cannot allocate memory.

 

3517

getpeername() failed

The server cannot determine the IP address of incoming connection.

 

3518

cannot close license file

The server cannot close the license file.

 

3519

cannot remove lock file

The license file lock file (*.lock) cannot be removed.

Remove the offending lock file.

3520

connecting client is retired

A client who was retired from the license file attempted to connect to a server. The connection was refused.

Wait for the retirement period to expire.

3521

This installation of Privilege Management is only licensed for Linux

The license was a Linux-only license and the client OS was not Linux.

 

3522

Problem reading license files for IPv6 clients

An error occurred while processing the IPv6 client license file.

Contact BeyondTrust Support.

3523

Problem writing IPv6 client license file

An error occurred while processing the IPv6 client license file.

Contact BeyondTrust Support.

3524

Cannot stat IPv6 license file

The IPv6 client license file probably does not exist. This may be due to an incomplete installation.

Reinstall.

3525

Can not open IPv6 license file

The IPv6 client license file probably does not exist.

Reinstate the IPv6 client license file.

3526

Bad header in IPv6 license file

The IPv6 client license file is corrupt.

Reinstall.

3527

Corrupt IPv6 license file

The IPv6 client license file is corrupt.

Reinstall.

3528

Failed to get address info of the target host.

The server cannot determine the IP address of the target host.

Check the pbmasterd log files/syslog to see what caused the problem.

3530

Unknown Error

An unknown error occurred during the license processing.

Contact BeyondTrust Support.

3531

<file> is Not a regular file suitable for license data

The file specified to store auxiliary licensing data must be a regular file (not a directory).

Specify the full /path/to/filename of a file to store auxiliary licensing data.

3532

The <#days> argument must be a number between zero and 65535

This cannot be a letter or a number out of the range.

Specify an appropriate number.

3533

Client license limit reached on Policy Server. Contact BeyondTrust Technical Support

to prevent future client rejection.

The policy server is licensed for a number of clients (pbrun and pblocald) that connect to it. The license limit was reached but a temporary extension is allowing new clients to connect.

Contact BeyondTrust Support.

3534

Client license limit reached on Policy Server and rejection of additional client is imminent. Please contact BeyondTrust Technical Support.

The policy server is licensed for a number of clients (pbrun and pblocald) that connect to it. The client license limit has been reached and the temporary extension is close to being reached.

Contact BeyondTrust Support.

3535

Failed to position license file pointer to the start of the file due to bad file descriptor.

 

 

3536

Failed to position license file pointer to the end of the file.

 

 

3539

Unable to stat client host uuid.

Could not access Privilege Management for Unix and Linux Client's UUID file. This is followed by a system-specific diagnostic.

Correct the situation described by the system specific diagnostic.

3540

Unable to lock client host uuid file.

Could not open thePrivilege Management for Unix and Linux Client's UUID file. This is followed by a system-specific diagnostic.

Correct the situation described by the system specific diagnostic.

3541

Failed to read from client uuid file.

Could not read Privilege Management for Unix and Linux Client's UUID file. It may be invalid or corrupted. This is followed by a system-specific diagnostic.

Correct the situation described by the system specific diagnostic.

 

3542

Failed to open Privilege Management for Unix and Linux client host uuid file.

Could not open Privilege Management for Unix and Linux Client's UUID file. It may be invalid or corrupted. This is followed by a system-specific diagnostic.

Correct the situation described by the system specific diagnostic.

543

Detected invalid Privilege Management for Unix and Linux client host uuid file.

The Privilege Management for Unix and Linux Client's UUID file is invalid or corrupted.

Ensure that the file was not manually overwritten.

Contact BeyondTrust Support.

3601

Bad constraint <constraint string>

An improper constraint string was provided to pblog.

 

3602

Bad accept format <format string>

An improper accept format string was provided to pblog.

 

3603

Bad reject format <format string>

An improper reject format string was provided to pblog.

 

3604

Bad end format <format string>

An improper end format string was provided to pblog.

 

3605

Improper keystroke format

<format string>

An improper keystroke format string was provided to pblog.

 

3606

logserverdelay (##) must be -1 or greater

An improper value was provided for the logserverdelay setting.

 

3607

eventlog name <file name> :

<description>

An invalid event log file name was provided to pblocald. The description provides the details.

 

3608

-p [port] can only be specified with daemon mode (-d))

A -p <port number> argument was provided to pblocald, but - d (daemon mode) was not specified.

 

3609

Improper input to pblog - exiting

An invalid command line argument was provided to pblog. This generally follows another error message(s) that describes the problem in detail.

 

3610

eventlog name <file name> :

<description>

An invalid event log file name was provided to pblogd. The description will provide the details.

 

3611

-p [port] can only be specified with daemon mode (-d))

A -p <port number> argument was provided to pblogd, but -d (daemon mode) was not specified.

 

3612

eventlog name <file name> :

<description>

An invalid event log file name was provided to pbmasterd. The description provides the details.

 

3613

-p [port] can only be specified with daemon mode (-d))

A -p <port number> argument was provided to pbmasterd, but -d (daemon mode) was not specified.

 

 

3614

local mode not allowed in

<settings file>

pbmasterd received a request from pbrun for local mode, but the settings file disallows local mode.

 

3615

request user, '<name>', longer than ## characters

pbrun -u specified a user name that is longer than the maximum allowed.

 

3616

Local mode and -h can not be specified together

pbrun's command line specified both local mode (-l) and a remote host (-h) at the same time.

 

3617

Local mode and -h can not be specified together

pbrun's command line specified both local mode (-l) and a remote host (-h) at the same time.

 

3618

local mode not allowed in

<settings file>

pbrun's command line requested local mode (-l), but the settings file disallows it.

 

3619

eventlog name <file name> :

<description>

An invalid event log file name was provided to pbguid. The description provides the details.

 

3620

-p [port] can only be specified with daemon mode (-d))

A -p <port number> argument was provided to pbguid, but -d (daemon mode) was not specified.

 

3620.1

-d [daemon] can only be specified with daemon mode -d

 

Make sure flags -d and -p are used together.

3701

Can not post process report data

An error occurred while post-processing report data. This is followed by a system-specific diagnostic.

Correct the situation described by the system-specific diagnostic.

3702

Exec of <program name> failed

The program could not start the named program. This is followed by a system-specific diagnostic.

Correct the situation described by the system-specific diagnostic.

3703

Could not write work file

An attempt to write data to a work file failed. This is followed by a system-specific diagnostic.

Correct the situation described by the system-specific diagnostic.

3704

Can not open workfile <name>

The named workfile could not be opened. This is followed by a system-specific diagnostic.

Correct the situation described by the system-specific diagnostic.

3705

Internal error - list flag array maximum size exeeded

Internal error.

Contact BeyondTrust Support.

3706

Expected expression but found

<type> in <code>

Internal error.

Contact BeyondTrust Support.

3707

Internal error while adding relational operation assumption

Internal error

Contact BeyondTrust Support.

3708

Expression too complex to evaluate

Entitlement reporting found an expression it could not evaluate. This can result in an incomplete report.

Simplify the expression, or rerun the report with constraints that reduce the complexity of the expression.

3709

Could not create entitlement branch process

Could not create a branch during an entitlement report. This is followed by a system-specific diagnostic.

Correct the situation described by the system-specific diagnostic, or rerun the report with constraints that reduce complexity.

3710

Arithmetic overflow

An addition operation resulted in a number too big for the system.

Edit the policy to correct the error.

3711

Multiplication overflow

A multiplication operation resulted in a number too big for the system.

Edit the policy to correct the error.

3712

Can not evaluate soft conditional expression. This can result in an incomplete report.

During an entitlement report, a soft condition could not be evaluated. This can result in an incomplete report.

Simplify the expression, or rerun the report with constraints that reduce the complexity of the expression.

3901

Unrecognized keyword in

/etc/pb.settings

One of the settings keywords is spelled incorrectly or is not a valid keyword.

 

3902

No key file specified in

/etc/pb.settings

There is no parameter after keyfile in the settings file.

 

3903

No policy file specified in

/etc/pb.settings

There is no parameter after policyfile in the settings file.

 

3904

No policy directory specified in /etc/pb.settings

There is no parameter after policydir in the settings file.

 

3905

Malformed validation string in

/etc/pb.settings

There are less than four parameters after validation in the settings file.

 

3906

'yes' or 'no' must be specified after 'kerberos' in

/etc/pb.settings

 

 

3907

No pblocald log file specified in /etc/pb.settings

There is no value after the keyword pblocaldlog.

 

3908

'yes' or 'no' must be specified after 'syslog' in

/etc/pb.settings

The value after the keyword syslog is not yes or no.

 

3909

No Policy Servers specified in

/etc/pb.settings

No parameters come after Policy Servers in the settings file.

 

3910

No pbmasterd log file specified in /etc/pb.settings

There is no value after the keyword pbmasterdlog.

 

3911

No log facility specified in

/etc/pb.settings

There is no value after the keyword facility.

 

3913

No pbrun log file specified in

/etc/pb.settings

There is no value after the keyword pbrunlog.

 

3914

No Policy Server port specified in /etc/pb.settings

There is no value after the keyword masterport.

 

3915

No local port specified in

/etc/pb.settings

There is no value after the keyword localport.

 

3916.##

No Policy Server principal specified in <settings file>

There is no value after the keyword mprincipal.

 

3917.##

No local principal specified in <settings file>

There is no value after the keyword lprincipal.

 

3918.##

No keytab specified in <settings file>

There is no value after the keyword keytab.

 

3919.00

Keytab not found or not secure

Kerberos keytab was not found or open for reading or writing by non-authorized users

 

3920

No maximum port specified in

/etc/pb.settings

There is no value after the keyword maxport.

 

3921

Maximum port not large enough in /etc/pb.settings

The value for the maxport is less than the minport.

 

3922

No minimum reserved port specified in /etc/pb.settings

There is no value after the keyword minreservedport.

 

3923

No maximum reserved port specified in /etc/pb.settings

There is no value after the keyword maxreservedport.

 

3924

Maximum reserved port not large enough in /etc/pb.settings

The value for the maxreservedport is less than minreservedport.

Change one of the values.

3925

No minimum port specified in

/etc/pb.settings

There is no value after the keyword minport.

 

3926

pbcheck 2.7.6 3926 Missing or insecure keyfile: /etc/pb.key

The keyfile specified in /etc/pb.settings is not secure or is missing.

Verify that /etc/pb.settings exists and check the file permissions.

Upgrade to a Privilege Management version newer than 2.7.6.

3927.01

3927.01%s:line %d: unknown keyword %s

The indicated line in the indicated settings file has an unknown keyword.

Read the man page section for the settings file and correct the indicated line number.

3927.02

3927.02:%s: line %d:expected 'yes' or 'no' after '%s'

The indicated keyword at the indicated line in the indicated settings file may only be set to a Yes or No value.

Set the keyword to a value of Yes or No.

3927.03

3927.03:%s: line %d: ignoring everything after '%s'

Extraneous characters were found after the string in the indicated settings file and line.

Remove the extraneous characters from the indicated line.

3927.04

3927.04:%s: line %d: expected a number after %s

Found a non-numeric character as a value for the indicated keyword at the indicated line in the indicated settings file.

Set the keyword to a numeric value.

3927.05

3927.05:%s: line %d: ignoring everything after '%s'

Extraneous characters were found after the indicated string at the indicated line in the indicated settings file.

Remove the extraneous characters from the indicated line.

3927.06

3927.06: %s: line %d: expected a number after %s

Found a non-numeric character as a value for the indicated keyword at the indicated line in the indicated settings file.

Set the keyword to a numeric value.

3927.07

3927.07:%s: line %d: ignoring everything after '%s'

Extraneous characters were found after the indicated string at the indicated line in the indicated settings file.

Remove the extraneous characters from the indicated line.

3927.08

3927.08:%s:line %d: expected something after %s

A value is expected after the indicated keyword at the indicated line in the indicated settings file. None was found.

See the main page for the indicated settings file, and enter appropriate data for the keyword.

3927.09

3927.09:%s: line %d: ignoring everything after '%s'

Extraneous characters were found after the indicated string at the indicated line in the indicated settings file.

Remove the extraneous characters from the indicated line.

3927.10

3927.10:%s:line %d: expected something after %s

A value is expected after the indicated keyword at the indicated line in the indicated settings file. None was found.

See the main page for the indicated settings file, and enter the appropriate data for the keyword.

3927.11

3927.11: unknown type %d

Internal error code when an unknown data type was encountered. The supported data types are string, boolean, list, and number.

Contact BeyondTrust Support.

3940

keyword <keyword> must have a value with no more than

<number> characters

The keyword has a string value that is too long.

Edit pb.settings and shorten the string value.

3941

no logservers specified in

<settings file>

 

 

3942

You must specify 'yes' or 'no' after '<word>' in your pb.settings file

 

 

3943

keyword <name> must be one of

<list of values>

A setting contained an unrecognized word. It must be one of the listed values.

 

3944

keyword <name> list can contain only <list of values>

A setting contained an unrecognized word or words. All values must be in the list provided.

 

3946

keyword <name> must have at least one setting

A setting was blank. It must have a value.

 

3947

nonreserved port <name> (<current value>) must have a numeric value between <minimum> and <maximum>

A non-reserved port number was invalid. It must be in the listed range.

 

3948

reserved port <name> (<current value>) must have a numeric value between <minimum> and

<maximum>

A reserved port number was invalid. It must be in the listed range.

 

3949

setting <name> (<current value>) must have a numeric value between <minimum value> and <maximum value>

The named setting must have a numeric value in the listed range.

 

3950

setting <keyword>: <reason>

The named setting must contain a valid file path name. This is followed by a further description of why the name was unacceptable.

 

3950.01

setting <keyword>: <reason>

The named setting must contain a valid file path name. This is followed by a further description of why the name was not acceptable.

Correct the settings file.

3951

setting <keyword>: <reason>

The named setting must contain a valid directory name. This is followed by a further description of why the name was unacceptable.

 

3952

<word> is not a valid keyword

The listed word is not a valid settings file keyword.

 

3953

<server name> principal '<principal name>' is longer than ## characters

A Kerberos principal name exceeds the allowed length.

 

3954

No key file specified in

<settings file name>

No key file was specified in the listed settings file.

 

3955

Could not establish keyfile

No key file could be established. This is followed by a system-specific diagnostic message.

 

3956

No policy file specified in

<settings file name>

A policy file was not specified in the listed settings file.

 

3957

Could not establish policy file

A policy file could not be established. This is followed by a system-specific diagnostic message.

 

3958

Bad regular expression '<expression>'

A poorly formed regular expression was found in a setting.

Correct the regular expression.

3959

Could not verify pattern '<pattern>' in client subject '<expression>'

The specified pattern was not found in the client subject expression.

Verify the regular expression and subject line. A mismatch indicates an improper expression in the settings file or an incorrect certificate on the client.

3960

Could not find certificate subject attribute

Certificate subject verification was enabled, but no certificate subject line was found.

Verify the regular expression and the certificate.

3961

Bad regular expression '%s'

A poorly formed regular expression was found in a setting.

Verify the regular expression and subject line. A mismatch indicates an improper expression in the settings file or an incorrect certificate on the client.

3962

Could not verify pattern '%s' in server subject '%s'

The specified pattern was not found in the server subject expression.

Verify the regular expression and subject line. A mismatch indicates an improper expression in the settings file or an incorrect certificate on the client.

3963

No policy directory specified in <settings file>

The policy directory was not specified in the settings file.

Edit the settings file to provide a policy directory.

3964

file <policy file name> does not exist

The named policy file does not exist.

Create the missing settings file, correct the policy which includes the named policy file, or adjust the policydir setting in the settings file to point to the file's directory.

3965.01

Format error in entry <entry value> for setting <settings name>

The listed value in the named setting does not match the expected format.

Correct the value in the settings file.

3965.02

Format error in entry <entry value> for setting <settings name>

The listed value in the named setting does not match the expected format.

Correct the value in the settings file.

3966

Numeric port for <host name> in setting <settings name> must be between <minimum value> and <maximum value>

The numeric port for the host name in the named setting is outside of the expected range.

Correct the value in the settings file.

3967

Daemon port <setting name> (<setting value>) must have a numeric value between <minimum value> and <maximum value> or an absolute path

The value for the named setting is invalid.

Correct the value in the settings file.

3968

Error in settings file

<settings file name>

One or more settings are in error. This is usually preceded by diagnostic messages that detail the problem.

Correct the settings.

3969

Error in communications settings

One or more communications settings are in error. This will usually be preceded by diagnostic messages that detail the problem.

Correct the settings.

3970

Invalid path for <log type> log file <path>

The path for the named log file is invalid.

Correct the log file path.

3971

Policy Server info packet does not contain submit host ip.

Critical data was missing from the policy server's information packet.

Check the log files for pbmasterd.

3972

Submit host ip <ip address> not valid for local host name <host name>

The listed ip address is not valid for the local host.

This usually indicates a problem with name services on the run host.

3973

Can not find primary group for user <user name>

The primary group for the listed user does not exist on the run host.

Use a different user name or add the user to the run host.

3974

Could not resolve primary group name.

The primary group could not be found for the run user.

Correct the primary group for the runuser or use a different user name.

3975

Could not chroot to <directory>

The run host could not use the directory specified in a chroot command. This is followed by an operating-system diagnostic message.

Correct the situation described in the operating-system diagnostic message or use a different directory.

3976

Could not establish start up directory

The startup directory could not be determined. This is followed by an operating system diagnostic message.

Correct the situation described in the operating-system diagnostic message or try starting the command from a different directory.

3977.01

Duplicate setting <setting name> at line ### in settings file <settings file name>

More than one occurrence of the named settings was found. The duplicate was found at the listed line number in the named settings file.

Correct the settings file.

3977.02

Duplicate setting <setting name> at line ### in settings file <settings file name>

More than one occurrence of the named settings was found. The duplicate was found at the listed line number in the named settings file.

Correct the settings file.

3978.01

Could not store setting <setting name> from settings file <settings file name>

Internal error.

Contact BeyondTrust Support.

3978.02

Could not store setting <setting name> from settings file <settings file name>

Internal error.

Contact BeyondTrust Support.

3979

Using internal default <keyword>

The program did not find a valid setting for a required keyword. The program is using its own internal default.

Check the listed setting.

3980.01

No local socket directory specified for Unix Domain Socket backBind# on <host type> <host name>

A Unix/Linux Domain Socket reconnection was requested, but there is no temporary sock directory (localsocketdir) setting on the named host.

Enter a localsocketdir setting in the settings file on the named host.

3980.02

No local socket directory specified for Unix Domain Socket backConnect# on <host type> <host name>

A Unix/Linux Domain Socket reconnection was requested, but there is no temporary sock directory (localsocketdir) setting on the named host.

Enter a localsocketdir setting in the settings file on the named host.

3981.xx

Unexpected EOF

An unexpected EOF occurred while synchronizing IO log files.

 

3982.xx

File Error

An unexpected file error occurred, see message following the error.

 

3984

Unknown command

An unknown command was detected while reading an I/O log.

Check that the I/O log file is compatible with 6.0.

3985

Failed to open input file for synchronization process

The file that the software was attempting to read was not accessible to the program.

Check file access.

3986

synchronize process failed: input i/o log file missing header section

The file does not appear to be an I/O log.

 

3987

Unable to open user defined HTML file listed in the configuration file

Program cannot open the user defined task manager look and feel defined in the .pbguidrc file.

Make sure the file path and access is correct.