Re: FTPS rc = 406 (Error while reading or writing data)

Wed, 23 Sep 2009 08:14:08 -0700 

Finley, Frank wrote:

Hello,
I've been beating my head against the wall for a while on this one and wondering if anyone has any thoughts that may help me in troubleshooting. I am having issues with an FTPS connection to a remote host. IBM Z/OS 1.8 (our side) client connecting to a Unix FTPS server running proftpd. 
This is outside a firewall, but ports have been open between our two locations.
Windows clients aren't having any issues connecting to their server. We are using RACF for the certificates and I have verified that the certificate chain is in place for the user. Is anyone able to steer me in the right direction troubleshooting? FC0760 authServer: entered FC0767 authServer: secure_socket_open() SC3717 getFNDELAY: entered FC0834 authServer: secure_socket_init() FU0536 secureWrite: entered FU0436 secureRead: entered SC3752 setFNDELAY: entered FC0847 authServer: secure_socket_init failed with rc = 406 (Error while reading or writing data) FC1004 endSecureConn: entered EZA2897I Authentication negotiation failed FC1025 endSecureEnv: entered SC3607 inSession: entered CZ0582 SETCEC code = 17 EZA2898I Unable to successfully negotiate required authentication CX0336 main: error and exit on error SC3558 getLastReply: entered CX0350 main: RC=-0001 cmd_in_progress=10 CX0353 main: last_reply= 220 err=17 PC0905 setClientRC: entered SC3558 getLastReply: entered PC0975 setClientRC: std_rc=10220, rc_type=STD, rc=10220 EZA1735I Std Return Code = 10220, Error Code = 00017 CZ1170 ftpQuit: entered CZ1242 ftpClose: entered SC3607 inSession: entered SC3686 setLoggedIn: entered CZ1242 ftpClose: entered SC3607 inSession: entered SC3686 setLoggedIn: entered CX0484 removeAff: entered 

The RC = 406 message is pretty generic, and doesn't really provide
you with enough info to determine what the problem is.

Unfortunately in these cases, you need to run a packet and/or GSK
trace.

The last time I got one of these, it turned out to be the server
was sending an FTP error message in the middle of the SSL negotiation.
Turned out the server was configured wrong, and couldn't find it's
certificate store. This was easy to see in a packet trace.

For other SSL problems, the GSK trace is probably better.

--
Richard

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to