Skip to main content

ETAF: Security Authentication Failed

Contributors

This message is generated when a connection attempt using Transport Layer Security (TLS) has failed.

Code Field Description

CNID

Connection Identifier

The unique system identifier for the TCP/IP connection over which the authentication failed.

RUID

User Identity

A service dependent identifier representing the identity of the remote user.

RSLT

Reason Code

The reason for the failure:

SCNI: Secure connection establishment failed.

CERM: Certificate was missing.

CERT: Certificate was invalid.

CERE: Certificate was expired.

CERR: Certificate was revoked.

CSGN: Certificate signature was invalid.

CSGU: Certificate signer was unknown.

UCRM: User credentials were missing.

UCRI: User credentials were invalid.

UCRU: User credentials were disallowed.

TOUT: Authentication timed out.

When a connection is established to a secure service that uses TLS, the credentials of the remote entity are verified using the TLS profile and additional logic built into the service. If this authentication fails due to invalid, unexpected, or disallowed certificates or credentials, an audit message is logged. This enables queries for unauthorized access attempts and other security-related connection problems.

The message could result from a remote entity having an incorrect configuration, or from attempts to present invalid or disallowed credentials to the system. This audit message should be monitored to detect attempts to gain unauthorized access to the system.