Set Security Policy device codes
See this topic for information about why your security policy might be in Pending state, or why you might have received an error when setting a security policy.
If you received a message or device code when setting or
changing a security policy, you can use the table below to learn more
about the code and how to correct it. See Table 1 for
codes 01 through 17, which are encountered when setting or changing
the security policy on the Chassis Management Module (CMM).
See Table 2 for
codes 90 through 9A, which pertain to setting or changing the security
policy on the IBM® Flex
System Manager.
You can take corrective action for these issues in the Chassis Management Module (CMM) user
interface.
| Device Code | Explanation |
|---|---|
| 01 | The security policy update was not successful because the current security policy level is not being enforced. The management processor on the affected device is provisioned with a security policy which does not match the current security policy level. To resolve this issue, reset the management processor on the affected device. Alternatively, you can change the security policy level on the Chassis Management Module (CMM) to match the level on the affected device. |
| 02 | The security policy update was not successful because the management processor on the affected device did not complete a secure boot successfully. The state of the management processor is not known. To resolve this issue, examine the reasons the device is in a pending state and take all required recovery actions. |
| 03 | The security policy update was not successful because the management processor on the affected device did not enforce the provisioned security policy successfully. To resolve this issue, check the event log on the Chassis Management Module (CMM) and resolve any issues related to security or the affected device. Then, reset the management processor on the affected device to cause the security policy to be provisioned again. |
| 04 | The security policy update was not successful because the management processor on the affected device was not provisioned successfully. The state of security policy enforcement on the management processor is not known. To resolve this issue, check the event log on the Chassis Management Module (CMM) and resolve any issues related to security or the affected device. Then, reset the management processor on the affected device to provision the security policy again. Alternatively, you can change the security policy level of the Chassis Management Module (CMM) to match the level last provisioned to the affected device. |
| 05 | The security policy update was not successful because provisioning was not successful due to other operation in progress. The management processor on the affected device was not provisioned successfully; the security policy level of the device is unchanged. A security policy operation (such as changing the security policy level) was in progress at the time the management processor on the affected device was reset. To resolve this issue, make sure that no other security policy operations are being performed. Then, reset the management processor on the affected device to provision the security policy again. Alternatively, you can change the security policy level of the Chassis Management Module (CMM) to match the level last provisioned to the affected device. |
| 06 | The security policy update was not successful because can not support security policy level on device. The management processor on the affected device does not support the requested security policy level. Upgrade the firmware level on the device so that it can support the requested security policy level, or select a security policy level that can be supported by all devices in the chassis. |
| 07 | The security policy update was not successful because the password policy level is set to Custom. The requested security policy level does not allow the password policy level to be set to Custom. To resolve this issue, change the password policy to a level that is allowed by the current security policy level, or select a security policy level that allows the password policy to be set to Custom level. |
| 08 | The security policy update was not successful because the password policy level is set to Legacy. The requested security policy level does not allow the password policy level to be set to Legacy. To resolve this issue, change the password policy to a level that is allowed by the current security policy level, or select a security policy level that allows the password policy to be set to Legacy level. |
| 09 | The security policy update was not successful because the password policy level is set to High. The requested security policy level does not allow the password policy level to be set to High. To resolve this issue, change the password policy to a level that is allowed by the current security policy level, or select a security policy level that allows the password policy to be set to High level. |
| 0A | The security policy update was not successful because the HTTP protocol is enabled. The HTTP protocol is not permitted at the requested security policy level. To resolve this issue, disable the HTTP protocol, or select a security policy level that allows the HTTP protocol to be enabled. |
| 0B | The security policy update was not successful because the CIM-XML protocol is enabled. The CIM-XML protocol is not permitted at the requested security policy level. To resolve this issue, disable the CIM-XML protocol, or select a security policy level that allows the CIM-XML protocol to be enabled. |
| 0C | The security policy update was not successful because the SNMPv1 protocol is enabled. The SNMPv1 protocol is not permitted at the requested security policy level. To resolve this issue, disable the SNMPv1 protocol, or select a security policy level that allows the SNMPv1 protocol to be enabled. |
| 0D | The security policy update was not successful because the Telnet protocol is enabled. The Telnet protocol is not permitted at the requested security policy level. To resolve this issue, disable the Telnet protocol, or select a security policy level that allows the Telnet protocol to be enabled. |
| 0E | The security policy update was not successful because the FTP protocol is enabled. The FTP protocol is not permitted at the requested security policy level. To resolve this issue, disable the FTP protocol, or select a security policy level that allows the FTP protocol to be enabled. |
| 0F | The security policy update was not successful because the TFTP Server protocol is enabled. The TFTP server protocol is not permitted at the requested security policy level. To resolve this issue, disable the TFTP server protocol, or select a security policy level that allows the TFTP server protocol to be enabled. |
| 10 | The security policy update was not successful because the TCP command mode protocol is enabled. The TCP command mode protocol is not permitted at the requested security policy level. To resolve this issue, disable the TCP command mode protocol, or select a security policy level that allows the TCP command mode protocol to be enabled. |
| 11 | The security policy update was not successful because an non-secure NTP server is enabled. Unsecure NTP servers are not permitted at the requested security policy level. To resolve this issue, disable any non-secure NTP servers, or select a security policy level that allows non-secure NTP servers to be enabled. |
| 12 | The security policy update was not successful because a non-secure LDAP Directory server is enabled. Non-secure LDAP servers are not permitted at the requested security policy level. To resolve this issue, disable any non-secure LDAP servers, or select a security policy level that allows non-secure LDAP servers to be enabled. |
| 13 | The security policy update was not successful because the security policy level does not allow the device in the chassis. If the device is a legacy I/O module, the legacy I/O module override can be set to allow the device. Alternatively, remove the device from the chassis, or select a security policy level that allows the device to be present in the chassis. |
| 14 | The security policy update was not successful because the active management module can not support the security policy level. Upgrade the firmware level on the management module so that it can support the requested security policy level, or select a security policy level that is supported by the management module. |
| 15 | The security policy update was not successful because complex password rules are not enabled. The current password policy does not specify that complex password rules are enabled. The requested security policy level requires the password policy to specify that complex password rules are enabled. To resolve this issue, modify the password policy to enable complex password rules, or select a security policy level that does not require the password policy to enable complex password rules. |
| 16 | The security policy update was not successful because default USERID password must be changed on next login is not enabled. The requested security policy level requires the password policy to specify that the default USERID password must be changed on next login. To resolve this issue, modify the password policy to require that the default USERID password be changed on next login, or select a security policy level that does not require the password policy that the default USERID password must be changed on next login. |
| 17 | The security policy update was not successful because user password must be changed on first login not enabled. The requested security policy level requires the password policy to specify that the user password must be changed on first login. To resolve this issue, modify the password policy to require that the user's password be changed on first login, or select a security policy level that does not require the password policy that the user's password must be changed on first login. |
| FF | An internal error occurred during retrieval of the security policy state. This could be caused by a communications problem with the CMM or by a network outage. You might have to request access again to the CMM, and you might have to accept (trust) a new CMM certificate before you can request access. |
| Device Code | Explanation |
|---|---|
| 90 | The security policy update was not successful because the password history check is set to less than 10 recent passwords. A policy of SECURE requires the system to keep track of at least the last 10 passwords so they are not reused. To resolve the issue, update the Maximum number of used passwords remembered value and try the request again. |
| 91 | The security policy update was not successful because the password minimum age set to less than 24 hours. A policy of SECURE requires the password minimum age be 24 hours or greater. To resolve the issue, update the password minimum age and try the request again. |
| 92 | The security policy update was not successful because the password maximum age set to more than 90 days. A policy of SECURE requires the password maximum age to be 90 days or less. To resolve the issue, update the password maximum and try the request again. |
| 93 | The security policy update was not successful because the password minimum length is set to less than 8 characters. A policy of SECURE requires the password minimum length to be 8 or more characters. To resolve the issue, update the password minimum length and try the request again. |
| 94 | The security policy update was not successful because the password grace limit is greater than 5 invalid attempts. A policy of SECURE requires the password grace limit to be 5 or less invalid attempts. To resolve the issue, update the password grace limit and try the request again. |
| 95 | The security policy update was not successful because checking for password quality is not enabled. A policy of SECURE requires the password quality check to be enabled. To resolve the issue, update the password quality check and try the request again. |
| 96 | The security policy update was not successful because passwords must be changed is disabled. A policy of SECURE requires passwords the passwords must be changed to be enabled. To resolve the issue, update the passwords must be changed value and try the request again. |
| 97 | The security policy update was not successful because account lockout is not enabled. A policy of SECURE requires that account lockout be enabled. When it is not enabled any number of login attempts with invalid passwords are allowed. To resolve the issue, update the account lockout and try the request again. |
| 98 | The security policy update was not successful because the account lockout threshold is greater than 5 attempts. A policy of SECURE requires the account lockout threshold to be 5 or less attempts. To resolve the issue, update the account lockout threshold and try the request again. |
| 99 | The security policy update was not successful because the account lockout duration is less than 60 minutes or different than 0 (zero means an administrator needs to unlock the account so there is no duration to wait). A policy of SECURE requires the account lockout duration to be 60 minutes or greater or 0. To resolve the issue, update the account lockout duration and try the request again. |
| 9A | The security policy update was not successful because reset account lockout interval greater than 0. A policy of SECURE requires account lockout interval to be 0 (zero means the count of consecutive login attempts with invalid passwords is reset only after a successful login). To resolve the issue, update the account lockout interval and try the request again. |