That was a big help, thank you. I was able to confirm that all the correct FMIDs were installed. So I know it "should" work. I also tried FWFRIENDLY TRUE that didn't seem to make any difference. Turned on DEBUG SOC. So now I'll have to research the output.
> GET "/GIMPAF.XML" "/u/MP81136/test.content/GIMPAF.XML" (REPLACE >>> TYPE I 200 Type set to I. Command: SC1344 initDsConnection: entered >>> EPSV 229 Entering Passive Mode (|||65321|) >>> RETR /GIMPAF.XML SC1981 connDsConnection: entered SC2075 connDsConnectionIPv4: entered GU4945 ftpSetApplData: entered 150 Opening BINARY mode SSL data connection for /GIMPAF.XML. FU0388 protDataConn: secure_socket_init() failed with rc = 406 (Error while read ing or writing data) CG1959 SETCEC code = 17 TLS security mechanism negotiation failed - data connection closed SC2637 dataClose: entered 425 ftpd: (data conn) SSL_accept unspecified error CG4118 rcvFile: rc -1 rc_write 0 rc_close 0 PC0921 setClientRC: entered PC0991 setClientRC: std_rc=16425, rc_type=STD, rc=16425 Std Return Code = 16425, Error Code = 00017 >>> QUIT : Connection reset by peer. SC3358 endSession: entered (sn=0F9EE7C8) SC2637 dataClose: entered > QUIT On Tue, Sep 13, 2016 at 12:50 PM, Cieri, Anthony <[email protected]> wrote: > > For the record, there are several FMIDs that may be installed with > the z/OS Security Lvl 3 and z/OS Communications Server Security lvl 3 may > also be required. The FMIDs for Z/OS Security Lvl 3 at z/OS Version 1.13 > are: > > JCRY741 > JCPT3D1 > JSWK3D1 > JRLS3D1 > > The FMID for z/OS Communications Server lvl 3 at z/OS Version > 1.13.is: (ask me how I know this!!!) > > JIP61DK > > You would most likely see errors in PAGENT and its associated > tasks (like IKED) if you did NOT have these installed!! > > Since you appear to be getting a successful control connection > established ad subsequently failing on the data connection, I would suspect > a possible firewall issue. The error message provided: > > EZA1735I Std Return Code = 16425 > > Indicates that the "get" command failed for one of the following > reasons: > > 425: Can't open a data connection > 425: Can't open a passive connection > 425: Command terminated due to server shutdown in progress > 425: Unable to open data connection > > HTH > Tony > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Rob Schramm > Sent: Tuesday, September 13, 2016 11:53 AM > To: [email protected] > Subject: Re: IBM FTPS connect > > The instructions for debugging connection issues indicates to run with > debug soc which should provide some additional information. > > Rob Schramm > > On Tue, Sep 13, 2016, 11:10 AM Mark Pace <[email protected]> wrote: > > > I'll have to go check on the z/OS Security lvl 3 FMID. I didn't > > install this system, so I'm not sure. > > > > On Tue, Sep 13, 2016 at 9:12 AM, Tim Deller <[email protected]> wrote: > > > > > Perhaps the list of ciphers in the ftpdata file is too restrictive > > > or maybe the z/OS Security Level 3 FMID is not installed. > > > > > > -------------------------------------------------------------------- > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO > > > IBM-MAIN > > > > > > > > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to [email protected] with the message: INFO IBM-MAIN > > > -- > > Rob Schramm > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
