This is not a new message.
Message CSQH025I says:-
CSQH025I csect-name switch-type security switch set OFF, internal error
Severity: 0
Explanation: This message is issued during queue manager initialization and in response to a REFRESH SECURITY command for each security switch that is set OFF because an error occurred.
System action: The message might be issued with message CSQH004I when an unexpected setting is encountered for a switch.
System programmer response: See message CSQH004I for more information.
Messages CSQH021I through CSQH026I are issued so that you can check the security configuration of your queue manager.
and referred to message CSQH004I says:-
CSQH004I csect-name STAT call failed for class class-name, SAF return code= saf-rc, ESM return code=esm-rc
Severity: 8
Explanation:
This message is issued as a result of a SAF RACROUTE REQUEST=STAT call to your external security manager (ESM) returning a non-zero return code at one of the following times:
- During initialization, or in response to a REFRESH SECURITY command
If the return codes from SAF and your ESM are not zero, and are unexpected, this will cause abnormal termination with one of the following reason codes:
- X'00C8000D'
- X'00C80032'
- X'00C80038'
- In response to a REFRESH SECURITY command.
If the return codes from SAF and your ESM are not zero (for example, because a class is not active because you are not going to use it) this message is returned to the issuer of the command to advise that the STAT call failed.
Possible causes of this problem are:
- The class is not installed
- The class is not active
- The external security manager (ESM) is not active
- The RACF® z/OS® router table is incorrect
System programmer response: To determine if you need to take any action, see the Security Server External Security Interface (RACROUTE) Macro Reference for more information about the return codes.
Looking up the return codes for REQUEST=STAT, as the System programmer response suggests, shows that what your message reported:
STAT call failed for class MQCONN, SAF return code=00000004, ESM return code=00000004
appears to mean:
RACF is active; the class is inactive.
So this tells me that your MQCONN class is inactive. If you intend to use MQCONN security, then this suggests you might need to issue the following RACF command. If you don't intend to use MQCONN security, then you could ignore the message.
SETROPTS CLASSACT(MQCONN)
You might want to check that all the classes are correctly set up. Read this chapter in Knowledge Center.
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website:
https://www.mqgem.com------------------------------
Original Message:
Sent: Tue February 09, 2021 10:45 AM
From: Craig Schroeder
Subject: Security error messages
Has anyone seen these messages before? We are running z/OS MQ 9.0 and 9.2VUE noticed it first on the newly installed 9.2 but saw it also on the 9.0 queue managers. Queue managers appear to be we working fine. Just noticed it happening in all our environments. Not exactly sure when it started
CSQH024I <MQP1 CSQHINIT SUBSYSTEM security switch set 093
ON, profile 'MQP1.NO.SUBSYS.SECURITY' not found
CSQH025I <MQP1 CSQHINIT CONNECTION security switch set 094
OFF, internal error
CSQH004I <MQP1 CSQHINIT STAT call failed for class 095
MQCONN, SAF return code=00000004, ESM return code=00000004