Diagnostic Messages 3001

Number	Diagnostic Text	Meaning	Action
3001	Unable to initialize SIA password structure/ Unable to release SIA password structure	A call to a SIA security function failed.
3001	Connection to <program> on <host> failed		Check pblocald is running and starts from inetd. Try telnet hostname pblocald. You should get a message like pbmasterd not on a reserved port. If you receive the message Connection timed out, there is a network problem between the machines. If you receive the message Connection refused, inetd is not accepting connections from pblocald.
3001	Expected boolean	A boolean was expected.
3002	Connection to <machine> timed out	The connection to a machine timed out because it is heavily loaded or does not have the same encryption key (/etc/pb.key). A pb.key problem can cause this. This can also occur if one of the daemons has incorrect command line options. (inetd accepts the connection but the daemon quits immediately because the options are incorrect.) This may also occur if pblocald cannot reconnect to pbrun during the reconnect optimization. This can occur if the policy server is running DNS, but the submithost is not. Therefore the policy server tells pblocald to connect to pbrun on machine X.Y.Z, but machine X.Y.Z thinks its name is only X.	Check the diagnostic logs on the pbmasterd or pblocald machine for port checksum mismatch. If it occurs, check pb.key for a problem. Check the daemons for incorrect command line options. Check to see that the remote machine can resolve machine names correctly. This typically happens to the run host when it tries to resolve the submit host name or possibly the log host name. Check to see if the policy server is running DNS, but the client is not. Use the noreconnect variable, i.e. put noreconnect = 1; in the /etc/pb.conf file.
3003	Could not connect to a Policy Server daemon	pbrun could not connect to any policy server daemon (pbmasterd). This could be caused by the policy server machine being down or inetd on the policy server machine not starting pbmasterd. Try: telnet hostname pbmasterd. You should get a message like pbrun not on a reserved port. If you get Connection timed out, there is a network problem between the machines. If you get Connection refused, inetd is not accepting connections for pbmasterd. Possible reasons for receiving Connection refused: Entry in inetd.conf is incorrect/missing Entry in services is incorrect/missing On Suns, /etc/services is ignored when NIS is running so entries must be put in the NIS services map. ( the pblocald and pbmasterd lines need to be in the /etc/services file on the NIS Policy Server and the NIS maps need to be remade). If DNS returns fully qualified hostnames, but the machine does not have the fully qualified hostname in /etc/hosts, or NIS, or if /etc/resolv.conf is not resolving to the short name, Endpoint Privilege Management is unable to convert the fully qualified hostname to an IP address using gethostbyname(). pbbench also reports warnings. Workaround: use shortnamesok in /etc/pb.settings. Open a line at the bottom of the file and enter: shortnamesok yes or add the fully qualified hostname after masters, or make sure that /etc/hosts shows both the short and fully qualified name. On AIX, the inetimp command must be run after changing either /etc/services or /etc/inetd.conf, but before restarting inetd. This is done in the new pbinstall scripts but not the old ones. On Motorola, NIS services are ignored and local /etc/services are used. Other machines may do this too. ℹ️ Note After changing inetd.conf or services, inetd must be told to reread its configuration files. (On AIX run inetimp first on AIX 3 and possibly some early AIX 4 versions.)Do a ps -ef or ps -agux and then a kill -1 with the process ID.
3004	Lost connection with <host>	At some time during the startup communication, one of the daemons closed its connection unexpectedly. This could be the result of one of the machines going down or network problems.
3005	Request ended unexpectedly	pbrun finished because its connection with pbmasterd was cut off prematurely. This could be due to network problems, the policy server machine going down, or pbmasterd terminating.
3006	getpeername	A problem occurred determining the source of the communication. If the diagnostic says something like Socket operation on non- socket, someone probably has tried running pbmasterd from the command line instead of from inetd.
3007	Protocol error backbinding pblogd to pblocald	pblogd failed to reconnect to pblocald. This only occurs when I/O logging is in use.	Make sure there is a path from the pblogd machine to the pblocald machine. Try lognoreconnect=true in the policy. Turn off I/O logging.
3008	Connection closed unexpectedly during check NAK
3009	pbrun to pbmasterd protocol error	An unexpected result was received during pbrun to pbmasterd setup protocol.
3010	pblocald to pbmasterd protocol error	An unexpected result was received during pblocald to pbmasterd set up protocol.	Check the encryption and firewall settings on the systems involved.
3011	backReadN lost connection with <host name>
3012	backReadN port checksum mismatch from <host name>	pbrun or pbmasterd could not read connection port numbers from pbmasterd or pblocald. This is often a network or encryption problem.	Check that pb.key and encryption methods agree on all machines involved. Check that the network is functioning as expected in both directions between the problem pair of jobs.
3013	I/O log connect failure.	Failed to make a connection to a log server during I/O logging.
3014	could not back read log port. Bad file number	Could not get log port during a log reconnect.	Make sure the pblocald and pblogd machines can communicate. If they cannot communicate because of network restrictions, try setting lognoreconnect in the policy.
3014.1	could not back read log port. Bad file number	Could not get log port during a log reconnect.	Make sure the pblocald and pblogd machines can communicate. If they cannot communicate because of network restrictions, try setting lognoreconnect in the policy.
3015	could not reconnect log fd	A connection failure occurred during a log server reconnect.
3015.1	could not reconnect log fd	A connection failure occurred during a log server reconnect.
3016	Unknown service <pblogd name>	The service specified is unknown to /etc/services, NIS, or DNS.
3017	mangleSendStart failure on fd <number>	An atomic write failed during a mangleSendStart. A process failed at the other end.	Check the pbmasterd.log, pblocald.log, and pblogd.log.
3018	mangleRecvStart failure on fd <number>	An atomic read failed during a mangleRecvStart. This is generally caused by the termination of the remote process during startup. This error means that a process failed at the other end.	Check pbmasterd.log, pblocald.log, and pblogd.log. Check the error logs and pb.key or for an incorrect service connected to the remote port. Check the error logs and pb.key. Also, verify that the log directories exist on the policy server machine or on the log server if pblogd is used. Verify that the log directories exist on the policy server machine or on the log server if pblogd is used.
3018.01	LIBMANGLE_mangleRecvStart failure on fd ##. ## of ## bytes received.	A smaller than expected packet was received during protocol handshaking. This message means that a process failed at the other end. It is generally caused by the termination of the remote process during startup.	Check the error logs and for an incorrect service connected to the remote port. Also, verify that the log directories exist on the policy server machine or on the log server if pblogd is used. Verify that the log directories exist on the policy server machine or on the log server if pblogd is used.
3019	Log server protocol failure from <log host>	The log server did not acknowledge a processing request.
3020	Could not identify peer on fd ##	The remote peer could not be identified. This is followed by an operating system message that provides details.
3021	initKerberosKey host name '<host name>' is not valid	The listed host name could not be identified.	Correct the policy, settings file or name services.
3022	Could not resolve full run hostname	The run host name could not be resolved.	Correct the policy or name services.
3023	Could not determine Policy Server name	The name of the policy server could not be determined.	Check name services for the policy server.
3024	Could not determine run host name	The name of the run host could not be determined.	Check name services for the run host.
3025	Could not determine submit host name from fd %d	The name of the submit host could not be determined.	Check name services for the submit host.
3026	backBind# <host description> <host name> could not find local machine information	The listed host could not be determined.	Check name services for the listed host.
3027	Could not find local machine information	The local host name could not be determined.	Check name services for the listed host.
3028	Policy Server mangler mismatch - retrying	The mangler likely deprecated an encryption type. PB client is aware of the change and will reconnect to policy server using correct settings.	Verify the networkencryption settings entries for the client and policy server match.
3030	Problem initializing <encryptiontype> with key pair <algorithm>:<keyfile>	Incorrect encryption pair setting on pb.settings.	Check and correct encryption pair to use valid settings
3031	Invalid encryption time format 'yyyy/mm/dd', instead received xxxx	Indicates that one or more start or end dates has an incorrect format.	Verify the settings file for invalid dates.
3032	The start and end dates appear to be reversed.	The encryption start and end dates appear to be reversed.	Verify the dates.
3033	Key file unreachable: xxx	The first encryption pair (type and key) was invalid because the key file is unreachable or does not exist.	Check the key file name, path, and permissions. Then make any necessary corrections.
3053	initMangle failure	pbbench could not initialize its encryption keys (receive).
3054	initMangle failure	pbbench could not initialize its encryption keys (transmit).
3055	mangleSendStart failure connecting to <host>	pbbench could not transmit its protocol header block.
3056	mangleRecvStart failure connecting to <host>	pbbench did not receive its protocol header block.
3057	log server initMangle error	The program could not initialize its encryption keys for a log server connection.
3058	manleSendStart failure to log server <log host>	The program could not send its protocol header block to the named log server.
3059	mangleRecvStart failure from log server <log host>	The program did not receive its protocol header block from the named log server.
3060	manglelex initMangle failure	The program could not reset and reinitialize its encryption keys for file encryption.
3061	encrypt mangler initMangle failure	The program could not initialize its encryption keys for file encryption.
3062	initial initMangle failure	pblocald could not initialize its encryption keys.
3063	mangleSendStart failure initializing Policy Server '<Policy Server>'	pblocald could not send its protocol header block to the named policy server.
3064	mangleRecvStart failure initializing Policy Server '<Policy Server>'	pblocald did not receive its protocol header block from the named policy server.
3065	Log server initMangle failure	pblocald could not initialize its encryption keys for a log server connection.
3066	mangleSendStart failure reconnecting '<submit host>'	pblocald could not send its protocol header block to pbrun on the named submit host.
3067	mangleRecvStart failure reconnecting '<submit host>'	pblocald did not receive its protocol header block from pbrun on the named submit host (branch 1).
3068	mangleRecvStart failure from client '<submit host>'	pblocald did not receive its protocol header block from pbrun on the named submit host (branch 2).
3069	initMangle failure on initial connect from <host>	pblogd could not initialize its encryption keys from a connection from the named host.
3070	mangleSendStart failure on initial connect from <host>	pblogd could not send its protocol header block to the named host.
3071	mangleRecvStart failure on initial connect from <host>	pblogd did not receive its protocol header block from the named host.
3072	initMangle failure during log reconnect to <run host>	pblogd could not initialize its encryption keys during a log reconnect to pblocald on the named host.
3073	initMangle failure from <submit host>	pbmasterd could not initialize its encryption keys during a connection from pbrun on the named host.
3074	mangleRecvstart failure during back connect to <submit host>	pbmasterd did not receive its protocol header block during a back connect to the named host.
3075	initMangle failure connecting to pblocald on <run host>	pbmasterd could not initialize its encryption keys during a connection to pblocald on the named host.
3076	mangleSendStart failure connecting local daemon <run host>	pbmasterd could not send its protocol header block to pblocald on the named host.
3077	mangleRecvStart failure connecting local daemon <run host>	pbmasterd did not receive its protocol header block from pblocald on the named host.
3078	mangleSendStart failure connecting local daemon <run host>	pbmasterd did not receive its protocol header block from pblocald on the named host.
3079	initMangle failure during multiplexed reconnect to <run host>	pbrun could not initialize its encryption keys during a multiplexed reconnect to pblocald on the named host.
3080	mangleSendStart failure during multiplexed reconnect to <run host>	pbrun could not send its protocol header block to pblocald on a multiplexed reconnect to the named host.
3081	mangleRecvStart failure during multiplexed reconnect to <run host>	pbrun did not receive its protocol header block from pblocald on a multiplexed reconnect to the named host.
3082	initMangle failure during non- multiplexed reconnect to <run host>	pbrun could not initialize its encryption keys during a non- multiplexed reconnect to pblocald on the named host.
3083	mangleSendStart failure during non-multiplexed reconnect to <run host>	pbrun could not send its protocol header block to pblocald on a non-multiplexed reconnect to the named host.
3084	initMangle failure during startup	pbrun could not initialize its encryption keys during startup.
3085	mangleSendStart failure while connecting to <Policy Server>	pbrun could not send its protocol header block to pbmasterd on the named host.
3086	initMangle failure on settings file	The program could not initialize its encryptions to read an encrypted settings file.
3087.01	Check the log files on the Policy Server to see if transmission was interrupted.	Policy server info packet does not contain policy server name.	The info packet between pblocald and the policy server is missing the name of the policy server.
3087.02	Check the log files on the submit host to see if transmission was interrupted.	Client info packet does not contain the client host name.	The info packet between client and the policy server is missing the name of the client host. Check the installed versions. Older versions do not contain the client host. If you have older pre 4.0 clients, upgrade the client machines or turn off the validateclienthostname setting on your policy server.
3087.03	Check the log files on the submit host to see if transmission was interrupted. Older versions do not contain the client host name.	Policy server info packet does not contain the client host name.	The info packet between runhost and the policy server is missing the name of the client host. Check the installed versions. Older versions do not contain the client host. If you have older pre 4.0 submit host, upgrade the client machines or turn off the allowremotejobs settings on your run host.
3087.04	Check the log files on the submit host to see if transmission was interrupted.	Policy server info packet does not contain the run host name.	The info packet between runhost and the policy server is missing the name of the client host.
3087.05	Check the log files on the submit host to see if transmission was interrupted. Older versions do not contain the client host name.	The client info packet does not contain the client host name.	The info packet between submithost and the policy server is missing the name of the client host. Check the installed versions. Older versions do not contain the client host. If you have older pre 4.0 clients, upgrade theclient machines or turn off the validateclienthostname setting on your policy server.
3087.06	Check the log files on the submit host to see if transmission was interrupted.	The client info packet does not contain the run host name.	The info packet between submithost and the policy server is missing the name of the run host
3088.01	The settings for the runhost specify that remote commands are not allowed.	Remote commands from <submit host name> not allowed on <run host name>.	Remote commands from the submit host are not allowed.
3088.02	The settings for the masterhost specify that remote commands are not allowed.	Remote commands from <submit host name> not allowed on <run host name>.	Remote commands from the submit host are not allowed.
3088.03	The settings for the submithost specify that remote commands are not allowed.	Remote commands are not allowed in <settings file name>.	Remote commands are disabled in the named settings file, but -h was used on the pbrun command line.
3089	Could not send initial protocol header to Policy Server <Policy Server name> - <operating system message>	The program could not send its initial protocol packet to the policy server. The operating system diagnostic contains more details.
3090	Did not receive initial protocol header from Policy Server <Policy Server name> -<operating system message>	The program did not receive an initial protocol packet from the policy server. The operating system diagnostic contains more details.
3091	Terminated on protocol failure	The policy server did not complete the startup protocol.	Check the policy server daemon log file on the policy server.
3092	Unsupported socket family type <network family number> for fd ##	An unsupported socket family type was found.	This is an internal error. Contact BeyondTrust Support.
3093	Unsupported socket family type <network family number>	An unsupported socket family type was found.	This is an internal error. Contact BeyondTrust Support.
3094	Unsupported socket family type <network family number>	An unsupported socket family type was found.	This is an internal error. Contact BeyondTrust Support.
3095	Could not get socket information for fd #	Socket name information could not be determined for the listed file descriptor. This is followed by a system-specific diagnostic.
3096	Could not find Policy Server protocol and service <service name>	The named service could not be found.	Check that the service name is correct and that it can be found in the system configuration files (e.g., /etc/services, NIS).
3097	Unsupported (<network family name>) internet family type for license generation	The primary interface for the machine was something the licensing mechanism could not handle.	Contact BeyondTrust technical support for suggestions on setting the primary interface type to a family licensing can use.
3098	Missing Hostname, required when connecting via pbssh	The runhost (-h) is required when executing with option pbssh.	Define the runhost by using pbssh with -h.
3099	Missing user, required when connecting via pbssh	The user (-u) is required when executing with pbssh.	Reissue the command specifying the user.
3100	ssh port can only be used with option --ssh or --manssh	SSH port can only be used if ssh is requested.	Remove ssh port option if ssh is not used.
3101	Unknown host: <name>	The host specified is unknown to /etc/hosts, NIS, or DNS.
3101.03	Unknown host: <name>	The host specified is unknown to /etc/hosts, NIS, or DNS.	Try shortnamesok yes.
3101.06	Unknown host: <name>	The specified host is unknown to the system /etc/hosts, NIS, or DNS.	Verify that the host name is valid and can be resolved by the system's name services.
3101.09	gethostbyname: <message>	The host specified is unknown to /etc/hosts, NIS, or DNS.
3102	Unknown group: <name>	The group specified is unknown to /etc/hosts, NIS, or DNS.
3102.01	Unknown group: <name>	The group that the user is supposed to execute as does not know the group specified.	Make sure that the user is executing from the correct group.
3102.02	Unknown group: <name>	The group specified is one of the secondary groups.	Add the group on the local machine.
3102.03	Unknown group: <number>	Cannot find the group specified	Correct the group.
3102.04	Unknown group: <number>	Cannot find the group specified	Correct the group.
3103	Unknown group id: ###	The group ID specified is unknown to /etc/hosts, NIS, or DNS.
3104	Unknown service: <name>	The service specified is unknown to /etc/hosts, NIS, or DNS.
3105	Unknown user: <name>	The user specified is unknown to /etc/hosts, NIS, or DNS.
3106	Unknown user id: ###	The user ID specified is unknown to /etc/hosts, NIS, or DNS.
3106.01	Unknown user id: ###	The user ID specified is unknown to /etc/hosts, NIS, or DNS.
3106.02	Unknown user id: ###	The user ID specified is unknown to /etc/hosts, NIS, or DNS.
3106.03	Unknown user id: ###	The user ID specified is unknown to /etc/hosts, NIS, or DNS.
3107	exited abnormally	The runprogram or pbmasterd exited in an unexpected fashion.	Check pbmasterd.log and pblocald.log.
3108	backBind#InitListeners could not obtain a listening port address for %s during a backbind	A listening port for the named host could not be found during a dynamic reconnection.	Check minlistening port to see that it is valid. Verify the name services for the named host. Check that sufficient ports are available.
3109	backConnect# <host type> <host name> could not identify local host	A host name could not be found during a dynamic reconnection.	Check name services for the named host.
3110	backConnect# <host type> <host name> hostname length invalid %d	The name length for the listed host was transmitted incorrectly.	This is an internal protocol error. Contact BeyondTrust Support.
3111	backConnect# <host type> <host name> could not get address for outgoing port <port>	An outgoing port for the named host could not be found during a dynamic reconnection.	Check the outgoing port settings to see that they are valid. Verify the name services for the named host. Check that sufficient ports are available.
3112	backConnect# <host type> <host name> could not obtain socket # of #	An attempt to obtain a socket for an outgoing dynamic reconnection failed. This is followed by a system-specific message.
3113.01	backConnect# <host type> <host name> could not set socket port address <port number> on port #of #	The port number could not be set for the listed socket.	Check that the socket number is valid for the host and internet family type.
3113.02	backConnect# <host type> <host name> could not set socket port address <port address> on port # of #	The port could not be set for the listed socket.
3114	Confirm failed, user: <user name>	A call to runconfirmuser failed on a client in local mode.	Check that the user name is valid on the submit host.
3115	No command specified	No command was specified on prune's command line.
3116	Exited with signal	The secured task received a signal, which caused it to terminate.
3117	Execution failure	The secured task failed to execute.	Verify that the secured task is an executable file that exists. Verify that the system has enough resources to execute tasks.
3118	Logserver error	Endpoint Privilege Management possibly encountered a logging issue after the secured task was executed.
3119	unable to set termination status	Unable to determine the termination status of the child, for logging.	Contact BeyondTrust Support.
3120	child <pid> has not been reaped. Errno:<number>	The secured task is known to have terminated, but has not been reaped.	Contact BeyondTrust Support.
3121	forcing child termination	Endpoint Privilege Management has stopped processing I/O for the secured task. The secured task is still alive, so it is forcing the termination of the secured task.	Informational
3122	Unknown Termination code: <number>	The secured task has completed (or been killed), however the termination status returned to pbrun is unknown.	Contact BeyondTrust Support.
3123	No termination count: <number>	Signal handler was called for SIGCHLD, however waitpid did not return an exited child pid.	Informational
3124	waitpid error:<errno> <error string>	The waitpid() system call returned an error while responding to SIGCHLD.	Informational
3125	Processing select with NULL timeout	An internal variable was not set properly.	Contact BeyondTrust Support.
3126	Error: null timeout	An internal variable was not set properly.	Contact BeyondTrust Support.
3127	Cannot run relative-pathed commands when runcwd directory is inaccessible	runcwd directory does not exist or is inaccessible. Relative-pathed commands may not be run under this circumstance.	Issue command using absolute path.
3201	Exec of <program name> failed	pblocald or pbmasterd could not execute the command specified. This is followed by a system-specific diagnostic. ℹ️ Note If pbmasterd is printing the error message, it is the result of a system() call somewhere inside pb.conf.If it fails due to "Exec format error", XXX is not an executable or it does not match the checksum given by runcksum.
3202	Exec of <program> failed	The program could not be started. This is followed by an operating system diagnostic.	Check that the command is correct and executable.
3204	lockevent log <filename> open failure: <errno> <error string>	The open system call failed to open the event log file.	Contact BeyondTrust Support.
3205	lockevent log <filename> lock failure: <errno> <error string>	Failed to obtain a lock for the event log.	Contact BeyondTrust Support.
3206	rotateevent log invalid character in unformatted eventlogrotate path:<path> ret:<error code>	The eventlogrotate keyword contains an illegal character in the path= specification.	Edit pb.settings to change the eventlogrotate keyword.
3207	rotateevent log invalid character in formatted eventlogrotate path:<path> ret:<error code>	The eventlogrotate keyword contains a %variable% substitution that results in an illegal character in the path= specification.	Edit pb.settings to change the eventlogrotate keyword. Or, edit pb.conf to change the data held by the variable substituted into the path.
3208	rotateevent log eventlogrotate path is not absolute or not a valid path:<path> ret:<error code>	rotateevent log eventlogrotate path is not absolute or not a valid path:<path> ret:<error code>.	Edit pb.settings to change the eventlogrotate keyword so that the path is absolute and a valid path.
3209	rotateevent log new /path/filename:</path/filename> already exists	Cannot rotate the event log because the destination filename already exists.	Informational only
3210	rotateevent log new filename:<filename> already exists	Cannot rotate the event log because the destination filename already exists.	Informational only
3211	rotateevent log path is not secure:<path>	The path reported is not secure (for example. writable by non root users).	Edit pb.settings to change eventlogrotate to specify a secure path. Or, change the permissions on the path elements.
3212	rotateevent log mkdir:<path> errno:<errno> <error string>	The mkdir system call failed.	Examine errno for possible causes.
3213	rotateevent log stat error for:<path> errno:<errno> <error string>	The stat system call failed.	Examine errno for possible causes.
3214	rotateevent log mkdir full:<path> errno:<errno> <error string>	The mkdir system call failed.	Examine errno for possible causes.
3215	rotateevent log stat error for full:<path> errno:<errno> <error string>	The stat system call failed.	Examine errno for possible causes.
3216	rename file from: </path/filename> to </path/filename> failed. errno: <errno> <error string>	The rename function failed to rotate the event log.	Examine errno for possible causes.
3217	rotateevent logSize fstat failure: <errno> <error string>	The fstat call failed.	Examine errno for possible causes.
3203	Exec of <program> failed	The program could not be started. This is followed by an operating system diagnostic.	Check that the command is correct and executable.
3301	Calloc (<number of elements>, <element size>)	A calloc operation failed. This is followed by an operating system diagnostic message.	If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.
3302	Malloc size = <requested size>	A memory allocation operation failed. This is followed by an operating system diagnostic message.	If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.
3303	Realloc(0x<old address>, <new size>)	A realloc operation failed. This is followed by an operating system diagnostic message.	If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.
3304	Fset error fopening <file name> - <reason>	The fset() function could not open the file specified.
3304	Strdup <value>	A string duplication failed while attempting to copy the listed value. This may be followed by an operating system diagnostic message.	If the operating system diagnostic message indicates a lack of memory, you may need to increase the swap space on the affected machine.
3305	Malloc failure in writeMuxBuf	The machine is running out of memory or swap space.	If this occurs often, increase the amount of swap space on the machine.
3306	Malloc failure in recvWinch	The machine is running out of memory or swap space.	If this occurs often, increase the amount of swap space on the machine.
3307	Malloc failure in recvTtyChars	The machine is running out of memory or swap space.	If this occurs often, increase the amount of swap space on the machine.
3308	Could not reallocate I/O buffer from ## bytes to ## bytes	A memory allocation problem when readMuxBuf tried to increase an input buffer size. A system-specific diagnostic follows this message.
3309	Remote process terminated while waiting for an acknowledgement	Check the error log on the remote machine.
3310	Insufficient buffer space to fetch command buffer ##/##	The machine is running out of memory or swap space.	If this occurs often, increase the amount of swap space on the machine.
3311	Could not allocate fname, <file name>, in parseconfig	Could not allocate enough memory for filename.
3312	Could not allocate MasterRules	Insufficient memory to allocate policy server rules list.
3313	Could not allocate license string	Insufficient memory to allocate license string.
3314	Could not allocate ## bytes for settings table from '<settings file>'	Insufficient memory for settings table.
3315	Could not allocate ## bytes for temporary settings table from '<settings file>'	Insufficient memory for temporary settings table.
3316	Could not allocate krb5 keytab name '<file name>'	Insufficient memory for keytab name.
3317.1	Memory transfer truncated at byte XX	Incorrect target buffer size.	If buffer is an user entry, an argument with a smaller length may be required, otherwise it is an internal error.
3317.10	Memory transfer truncated	Incorrect target buffer size.	Internal error. Error in building URL string.
3317.11	Memory transfer truncated	Incorrect target buffer size.	Internal error. Error in building URL string.
3317.12	Memory transfer truncated	Incorrect target buffer size.	Internal error. Error in doing global substitution.
3317.13	Memory transfer truncated, affected source string xx	Incorrect target buffer size.	Internal error. Error in getting expanded setting string.
3317.2	Memory transfer truncated at xx	Incorrect target buffer size.	Check nis host info.
3317.4	Memory transfer truncated at xx	Incorrect target buffer size.	Error while getting the group name from the GUI.
3317.5	Memory transfer truncated at xx	Incorrect target buffer size.	Check the string length.
3317.6	Memory transfer truncated	Incorrect target buffer size.	Internal error. Error in buildmasterrule (pblocald).
3317.7	Memory transfer truncated	Incorrect target buffer size.	Internal error. Error in log join (pblog).
3318.8	Memory transfer truncated	Incorrect target buffer size.	Internal error. Error in reporting lexical error message (pbmasterd).
3318.9	Memory transfer truncated	Incorrect target buffer size.	Internal error. Error in policy server connection.
3320	fork	The machine is running out of processes.	If this occurs often, increase the maximum number of processes in your kernel.
3321	Server fork 2 failure:	A daemon could not create a child process in standalone server mode. This is followed by a system-specific diagnostic message.
3322	Server fork failure for <service> port ##	A standalone server daemon could not create a child process for the listed service name and port. This is followed by a system-specific diagnostic message.
3323	Fork failed - <operating system message>	An attempt to start a new process failed. The operating- system specific diagnostic contains more detail.
3324	Fork failed - <operating system message>	An attempt to move a control socket failed. The operating- system specific diagnostic contains more information.
3340	Can't open /dev/tty	pbrun could not open /dev/tty to get input directly from the user. (most likely a password)
3341	Could not get a pty	A pseudo-tty could not be opened to run the process.	If this occurs often, add more pseudo ttys. For more information, please consult your operating system manuals or /dev/MAKEDEV.
3342	Cannot read X's password: no tty	The pblocald confirm user password feature was selected, but the pbrun is not running on a tty (for example, batch job). Therefore, the password could not be received securely.
3342.02	Cannot read <user name>'s password: no tty	The client's confirm user password feature was selected, but the client is not running on a tty (for example, as a batch job). Therefore, the password could not be received securely.
3343	HP-UX pty problem: '<pty name>'	This indicates a failure to access the named pty. It is followed by the system-specific diagnostic message.
3344	Could not open /dev/tty for input - <system specific reason>	A tty could not be opened for input. This is followed by the system-specific diagnostic message.
3345	Could not allocate a pty - <operating system message>	A pty could not be obtained. The operating system diagnostic contains more details.
3346	TTY is no longer available	The tty connection needed to execute pbrun is no longer available for redirection.	Make sure pbrun has access to the tty.
3360	open logfile: <file name>	I/O logging was requested, but the log file could not be opened. This immediately terminates the request. The filename must be unique for each request and the file should exist before the request is made.	Verify that the filename is correct and that the disk in which it would reside is not full.
3361	open event log: <file name>	Event logging was requested, but the event log file could not be opened. Unlike I/O log files, an event log file may exist beforehand. It is always appended to and never overwritten.	Verify that the filename is correct.
3362	open: /etc/pb.settings	An error occurred while opening the pb.settings file.
3362.03	open: <policy file>: <message>	An error occurred while creating or opening the specified policy file. <message> is the text for the error code returned by the operating system.	Verify that the file and all path components exist. Correct any problem indicated by <message>.
3363	stat /etc/pb.settings	An error occurred while stating the pb.settings file.
3364	stat: <filename>	An error occurred while stating a configuration file.
3364.02	stat: <message>	A call to the C language stat() function for the Endpoint Privilege Management event log failed. <message> is the text for the error code returned by the operating system.	Verify that the path exists. Correct any problem indicated by <message>.
3364.04	stat: <policy file>: <message>	A call to the C language stat() function for the specified policy file failed. <message> is the text for the error code returned by the operating system.	Verify that the file and all path components exist. Correct any problem indicated by <message>.
3364.05	stat: <message>	A call to the C language stat() function for an Endpoint Privilege Management policy file failed. <message> is the text for the error code returned by the operating system.	Verify that the path exists. Correct any problem indicated by <message>.
3364.06	stat: <message>	A call to the C language stat () function for an Endpoint Privilege Management policy file failed. <message> is the text for the error code returned by the operating system.	Verify that the path exists. Correct any problem indicated by <message>.
3365	failed to write record	The information failed to write to the event log file or an I/O log file. A disk running out of space can cause this.
3366	No valid Policy Server setting. Who is Policy Server?	pbrun could not determine which machine was a policy server because there was no policy servers line in the /etc/pb.settings file, the file contained no valid hostnames, or there was no netgroup pbmasters.	Make sure the hostnames in /etc/pb.settings are correct. If you are using the netgroup pbmasters, make sure the names are fully qualified with domain names.
3367	event log file '<file name>' not logged to -- absolute paths only	The event log specified did not begin with a slash (/). Pathnames for log files must be absolute.
3368	/etc/pb.settings: Invalid port number ###	The port number for the masterport or localport must be between 1024 and 32767.
3369	I/O log file '<file name>' not logged to -- absolute paths only	The I/O log specified did not begin with a slash (/). Pathnames for log files must be absolute.
3370	fopen <filename>	Could not open the file specified to pbcheck	Verify the file specified to pbcheck exists and has the appropriate read permissions.
3371	Invalid <name> reserved port number <port number>	The port number is outside of the acceptable reserved port range (1-1024).
3371.0?	<keyword>: Invalid port number ##	The value for minreservedport or maxreservedport in the /etc/pb.settings file is invalid.
3371.03	<settings file name>: Minimum outgoing port (<number>) must be between <minimum number> and <maximum number>	The value for the minoutgoingport setting in the listed file should be within the shown numeric range.	Correct the minoutgoingport setting.
3371.04	<settings file name>: Maximum outgoing port (%d) must be between %d and %d	The value for the maxoutgoingport setting in the listed file should be within the shown numeric range.	Correct the maxoutgoingport setting.
3372	Facility not found	The facility specified in /etc/pb.settings is not known internally.	Check that this is a valid setting for your syslog.conf. Contact BeyondTrust Support.
3372.03	<settings file name>: Minimum listening port (<number>) must be between <minimum number> and <maximum number>	The value for the minlisteningport setting in the listed file should be within in the shown numeric range.	Correct the minlisteningport setting.
3372.04	<settings file name>: Maximum listening port (<number>) must be between <minimum number> and <maximum number>	The value for the maxlisteningport setting in the listed file should be within in the shown numeric range.	Correct the maxlisteningport setting.
3373	filename in getuserpassword not absolute	There is no slash (/) at the beginning of the filename in the getuserpassword() function.	Change the filename.
3374	Log server could not create temporary file	The log server could not open a unique I/O log.	Make sure the file does not already exist. Check that the path is correct.
3375	No valid logserver setting in <settings file>
3376	logConnect <Policy Server/local> connect failure	A logConnect failure was diagnosed when sending a policy server or local connect command. This usually indicates that inetd responded on the pblogd machine, but that pblogd failed to run for some reason.	Check the pblogd.log on the log server.
3377	logConnect failure	A generic failure occurred when starting a log server daemon.	Check the log server error log for more information.
3378	log event ack failure	The log daemon failed to acknowledge a protocol handshake. The log server most likely terminated. This is usually preceded by an error message from the log server.	Check pblogd.log on the log server machine.
3379	log server protocol failure after start. Please check for a mismatched key on <log host machine>	The log server failed to start. This is usually a set up or encryption issue.	Examine the checksums for the keyfile on the policy server, local, and log server machines.
3380	port <settings name> (<value>) must have a numeric value between <minimum allowed> and <maximum allowed>	The port setting shown should be a number between the minimum and maximum allowed.	Correct the setting shown.
3381	Can not set ingoing/outgoing port ranges	A configuration problem exists in the settings file port definitions. This usually follows another message that describes the specific setting.	Look for the preceding message and correct the problem shown.
3382	reserved space on <filesystem name> is below <number reserved> blocks (<number available>)	There is insufficient space on the specified file system to start a new operation.	Clear some file system space or change the logreservedblocks setting.
3383	Could not determine log server rules	The log servers could not be found in the policy, settings, command line, or NIS.	Define the log servers.
3384	Local mode log failure	Logging could not be started in local mode.	This is usually preceded by other diagnostics that detail the failure.
3385.01	Insufficient disk space for logging	The log server daemon does not have enough disk space for logging.	Make space on the affected file systems or adjust the logreservedblocks and logreservedfilesystems settings on the log host.
3385.02	Insufficient disk space for logging	The policy server daemon does not have enough disk space for logging.	Make space on the affected file systems or adjust the logreservedblocks and logreservedfilesystems settings on the policy server.
3386	Maximum log server failures (###) exceeded	The maximum number of log failures was exceeded.	Check the local diagnostic logs to see if any log connections were made. Check the diagnostic log file on the affected log hosts for more information.
3387.01	Insufficient file system space for log file <log file name>	There was insufficient disk space to write the named I/O log file.	Make space on the affected file systems on the log host or policy server or adjust the logreservedblocks and logreservedfilesystems settings on the log host.
3387.02	Insufficient file system space for log file <log file name>	There was insufficient disk space to write the named event log file.	Make space on the affected file systems on the log host or policy server or adjust the logreservedblocks and logreservedfilesystems settings on the log host.
3401	WARNING: <filename> is open for reading by non-root users	This is a warning that a file used by Endpoint Privilege Management is open for reading by non-root users. Since non-root users do not need this access to run the programs, we suggest that the files only be readable by root.
3402	WARNING: <filename> is open for writing by non-root users	This is a warning that a file used by Endpoint Privilege Management is open for writing by non-root users. Security may be jeopardized because a non-root user could modify files used by Endpoint Privilege Management. If root (/) has permissions of 777, pbrun will fail.	To fix, chmod 755 /.
3404	<filename>is not owned by root!	A known Endpoint Privilege Management file was found belonging to a user other than root. root must own all Endpoint Privilege Management files to be secure.
3405	<path name> is not secure!	The named config file was found to be insecure for one of the previous reasons (error 3401-3404). All requests will fail if this occurs.
3406	/etc/pb.settings is not secure!	The settings file was found to be insecure. All requests will fail if this occurs.
3407	must be run as root.	pbmasterd or pblocald was run from someone other than root. Normally inetd starts these programs running as the root user. This error should not occur unless Endpoint Privilege Management was installed incorrectly.
3408	must be setuid root.	pbrun must be a setuid root program. pbrun needs to be able to access root privileged files and ports to work correctly. setuid will often fail if executed from an NFS mount. This error should not occur unless Endpoint Privilege Management was installed incorrectly.	Check that pbrun has the setuid bit turned on. Check if pbrun is in an NFS mounted directory tree.
3410	Connection from <name> on non- reserved port disallowed	Connections to pbmasterd and pblocald must originate from reserved port numbers. This ensures that program on the other end of the communication is running as root. In previous troubleshooting tips, we suggest that telnet be used to connect to the policy server or local daemons. telnet will cause this error to occur.
3411	Policy Server <Policy Server> is not listed in <run host>'s acceptmasters rules	A request was received by pblocald from a machine that is not one of its recognized policy servers. Requests must only come from hosts listed on the acceptmasters line in the settings file or the netgroup pbacceptmasters. The IP address is used to lookup the hostname. If DNS does not have the reverse lookups set up correctly, pblocald may reject the local machine.	Try nslookup <machine name> then nslookup <ipadress> and see if you get the same thing, or add the denied policy server (YYY) to the Policy Server line in /etc/pb.settings.
3412	pbmasterd on <host> not on a reserved port!	Connections to pblocald must originate from reserved port numbers. This ensures that program on the other end of the communication is running as root. ℹ️ Note In previous troubleshooting tips, it is suggested that telnet be used to connect to the policy server or local daemons. Telnet will cause this error to occur.If a port scan is done on the port, this error will also be reported, indicating a connection was tried, but was unsuccessful.	If this occurs when pbrun is executed, ensure the inetd.conf entry for pbmasterd has its user as root.
3413	pbrun on <host> not on a reserved port!	Connections to pbmasterd must originate from reserved port numbers. This insures that program on the other end of the communication is running as root. ℹ️ Note In previous trouble shooting tips, we suggest that telnet be used to connect to the policy server or local daemons. telnet will cause this error to occur.If a port scan is done on the port, this error will also be reported indicating a connection was tried, but was unsuccessful.	If this occurs when pbrun is executed, ensure the inetd.conf entry for pbmasterd has its user as root.
3414	No arguments in inetd.conf for …	The inetd configuration is missing the name of the command being run (pblocald or pbmasterd).	Change the inetd entry, for example:: service stream tcp nowait root filename to service stream tcp nowait root filename command
3415	pbrun "-testmaster" option may only be used when running as root	The testmaster option was used when running pbrun as user other than root.	Rerun as root.
3421	Could not get rungroups	Internal error.	Contact BeyondTrust Support.
3422	Available key data (### characters) is smaller than the minimum (<required length>) required by <algorithm name>	The key data from pb.key or Kerberos is smaller than the key length required by the algorithm.	Increase the size of the key in pb.key or Kerberos.
3423	No symmetric algorithm supplied.	A symmetric encryption algorithm was not provided.	Check the settings file and make sure the encryption algorithms are listed.
3424	No hash algorithm supplied	A hash (digest) algorithm name was not supplied.	Check the settings file and make sure a hash algorithm is supplied.
3425	Can not find hash algorithm <name>	The hash algorithm could not be found under the name listed.	Make sure the name is correct.
3426	Can not find symmetric algorithm <name>	The symmetric algorithm could not be found under this name.	Make sure the name is correct.
3427	Can not find cipher mode <name>	Could not find the cipher mode under this name	Make sure the name is correct.
3428	Cipher mode <name> is <block/stream> mode. Symmetric algorithm <name> is <stream/block> mode	The cipher mode and symmetric algorithm have different block/stream modes.	Make sure the symmetric algorithm and the cipher mode are both block or stream mode.
3429	Unexpected buffer length decrypting with <name>	The length of the encryption buffer was not of the expected value.
3430	Insecure operation - please consult your administrator	An insecure operation occurred.	Check the error logs on the machine that produced the error.
3431	Expecting a string, number or list	A string, number, or list was expected, but not found.	Correct the policy.
3431	Security error - see your administrator	A security error occurred.	Check the error logs on the machine that caused the error.
3501	No validation string found.	A validation string must be found in the settings file for Endpoint Privilege Management to operate fully.
3501.1	Detected temporary placeholder string in the validation setting.	The settings file contains a placeholder string in the validation setting.	The settings file contains a placeholder string in the validation setting.
3503	The validation string is incorrect.
3504	Warning: version conflict! VER1 on HOST1 differs with VER2 on HOST2	This is a warning that different Endpoint Privilege Management versions are running on different machines.	BeyondTrust strongly suggests that you run the same version of Endpoint Privilege Management on all machines to minimize incompatibility problems. Upgrade when practical.
3504.01	login_tty	For HP-UX: Unable to open /dev/ptym directory Everything needs to be of the form ptyX in the directory There needs to be a pty of the form /dev/pty/tX. For SGI: Unable to open a pty For SVR4 and Solaris: Unable to open directory /dev/ptmx No pty available (/dev/pts/N where N is a non-negative number) For AIX: Unable to open directory /dev/ptc. Unable to open tty For SunOS, m88k_svr32, SCO, Linux, Ultrix: Unable to find and/or open /dev/ptyXX
3505	WARNING: The license will expire in X days on XX.	This is a warning that your license is about to expire. The request will still be honored, but you should get a new license if you wish to continue using Endpoint Privilege Management past the expiry date.	Get a new license from BeyondTrust.
3506	The validation string indicates an expired license.	The validation string in the configuration file has expired.	Obtain a new validation string.
3506	Not licensed for this host	The license is not for the host it is run on.	Get a new license from BeyondTrust.
3507	chksum error in license	The license is invalid.	Get a new license from BeyondTrust.
3508	invalid number of hosts	The license key is corrupt.	Get a new license from BeyondTrust.
3509	Too many clients using this license	The policy server is licensed for a number of clients (pbrun and pblocald) that connect to it. More connections to and from these are used than licensed.	For versions 2.8 and later, try retiring unused licenses with pblicense -r. Contact BeyondTrust Support.
3510	Problem reading client license file	An error occurred while processing the license file.	Contact BeyondTrust Support.
3511	Problem writing license file	An error occurred while processing the client license file.	Contact BeyondTrust Support.
3512	Can't stat license file	The license file probably does not exist. This may be due to an incomplete installation. This error may also occur if the error is occurring on a policy server or failover policy server and they used pbmakeremotetar and the pbremoteinstall. These scripts were designed for use on submithost and runhost installations, not policy servers or failover policy servers.	Reinstall.
3513	Can't open license file.	The license file probably does not exist.	Reinstate the license file.
3514	Bad header in license file.	The license file is corrupt.	Reinstall.
3515	Corrupt license file.	The license file is corrupt.	Reinstall.
3516	Can't allocate memory.	Cannot allocate memory.
3517	getpeername() failed	The server cannot determine the IP address of incoming connection.
3518	cannot close license file	The server cannot close the license file.
3519	cannot remove lock file	The license file lock file (*.lock) cannot be removed.	Remove the offending lock file.
3520	connecting client is retired	A client who was retired from the license file attempted to connect to a server. The connection was refused.	Wait for the retirement period to expire.
3521	This installation of Endpoint Privilege Management is only licensed for Linux	The license was a Linux-only license and the client OS was not Linux.
3522	Problem reading license files for IPv6 clients	An error occurred while processing the IPv6 client license file.	Contact BeyondTrust Support.
3523	Problem writing IPv6 client license file	An error occurred while processing the IPv6 client license file.	Contact BeyondTrust Support.
3524	Cannot stat IPv6 license file	The IPv6 client license file probably does not exist. This may be due to an incomplete installation.	Reinstall.
3525	Can not open IPv6 license file	The IPv6 client license file probably does not exist.	Reinstate the IPv6 client license file.
3526	Bad header in IPv6 license file	The IPv6 client license file is corrupt.	Reinstall.
3527	Corrupt IPv6 license file	The IPv6 client license file is corrupt.	Reinstall.
3528	Failed to get address info of the target host.	The server cannot determine the IP address of the target host.	Check the pbmasterd log files/syslog to see what caused the problem.
3530	Unknown Error	An unknown error occurred during the license processing.	Contact BeyondTrust Support.
3531	<file> is Not a regular file suitable for license data	The file specified to store auxiliary licensing data must be a regular file (not a directory).	Specify the full /path/to/filename of a file to store auxiliary licensing data.
3532	The <#days> argument must be a number between zero and 65535	This cannot be a letter or a number out of the range.	Specify an appropriate number.
3533	Client license limit reached on Policy Server. Contact BeyondTrust Technical Support to prevent future client rejection.	The policy server is licensed for a number of clients (pbrun and pblocald) that connect to it. The license limit was reached but a temporary extension is allowing new clients to connect.	Contact BeyondTrust Support.
3534	Client license limit reached on Policy Server and rejection of additional client is imminent. Please contact BeyondTrust Technical Support.	The policy server is licensed for a number of clients (pbrun and pblocald) that connect to it. The client license limit has been reached and the temporary extension is close to being reached.	Contact BeyondTrust Support.
3535	Failed to position license file pointer to the start of the file due to bad file descriptor.
3536	Failed to position license file pointer to the end of the file.
3539	Unable to stat client host uuid.	Could not access Endpoint Privilege Management for Unix and Linux Client's UUID file. This is followed by a system-specific diagnostic.	Correct the situation described by the system specific diagnostic.
3540	Unable to lock client host uuid file.	Could not open theEndpoint Privilege Management for Unix and Linux Client's UUID file. This is followed by a system-specific diagnostic.	Correct the situation described by the system specific diagnostic.
3541	Failed to read from client uuid file.	Could not read Endpoint Privilege Management for Unix and Linux Client's UUID file. It may be invalid or corrupted. This is followed by a system-specific diagnostic.	Correct the situation described by the system specific diagnostic.
3542	Failed to open Endpoint Privilege Management for Unix and Linux client host uuid file.	Could not open Endpoint Privilege Management for Unix and Linux Client's UUID file. It may be invalid or corrupted. This is followed by a system-specific diagnostic.	Correct the situation described by the system specific diagnostic.
543	Detected invalid Endpoint Privilege Management for Unix and Linux client host uuid file.	The Endpoint Privilege Management for Unix and Linux Client's UUID file is invalid or corrupted.	Ensure that the file was not manually overwritten. Contact BeyondTrust Support.
3601	Bad constraint <constraint string>	An improper constraint string was provided to pblog.
3602	Bad accept format <format string>	An improper accept format string was provided to pblog.
3603	Bad reject format <format string>	An improper reject format string was provided to pblog.
3604	Bad end format <format string>	An improper end format string was provided to pblog.
3605	Improper keystroke format <format string>	An improper keystroke format string was provided to pblog.
3606	logserverdelay (##) must be -1 or greater	An improper value was provided for the logserverdelay setting.
3607	eventlog name <file name> : <description>	An invalid event log file name was provided to pblocald. The description provides the details.
3608	-p [port] can only be specified with daemon mode (-d))	A -p <port number> argument was provided to pblocald, but - d (daemon mode) was not specified.
3609	Improper input to pblog - exiting	An invalid command line argument was provided to pblog. This generally follows another error message(s) that describes the problem in detail.
3610	eventlog name <file name> : <description>	An invalid event log file name was provided to pblogd. The description will provide the details.
3611	-p [port] can only be specified with daemon mode (-d))	A -p <port number> argument was provided to pblogd, but -d (daemon mode) was not specified.
3612	eventlog name <file name> : <description>	An invalid event log file name was provided to pbmasterd. The description provides the details.
3613	-p [port] can only be specified with daemon mode (-d))	A -p <port number> argument was provided to pbmasterd, but -d (daemon mode) was not specified.
3614	local mode not allowed in <settings file>	pbmasterd received a request from pbrun for local mode, but the settings file disallows local mode.
3615	request user, '<name>', longer than ## characters	pbrun -u specified a user name that is longer than the maximum allowed.
3616	Local mode and -h can not be specified together	pbrun's command line specified both local mode (-l) and a remote host (-h) at the same time.
3617	Local mode and -h can not be specified together	pbrun's command line specified both local mode (-l) and a remote host (-h) at the same time.
3618	local mode not allowed in <settings file>	pbrun's command line requested local mode (-l), but the settings file disallows it.
3620.1	-d [daemon] can only be specified with daemon mode -d		Make sure flags -d and -p are used together.
3701	Can not post process report data	An error occurred while post-processing report data. This is followed by a system-specific diagnostic.	Correct the situation described by the system-specific diagnostic.
3702	Exec of <program name> failed	The program could not start the named program. This is followed by a system-specific diagnostic.	Correct the situation described by the system-specific diagnostic.
3703	Could not write work file	An attempt to write data to a work file failed. This is followed by a system-specific diagnostic.	Correct the situation described by the system-specific diagnostic.
3704	Can not open workfile <name>	The named workfile could not be opened. This is followed by a system-specific diagnostic.	Correct the situation described by the system-specific diagnostic.
3705	Internal error - list flag array maximum size exeeded	Internal error.	Contact BeyondTrust Support.
3706	Expected expression but found <type> in <code>	Internal error.	Contact BeyondTrust Support.
3707	Internal error while adding relational operation assumption	Internal error	Contact BeyondTrust Support.
3708	Expression too complex to evaluate	Entitlement reporting found an expression it could not evaluate. This can result in an incomplete report.	Simplify the expression, or rerun the report with constraints that reduce the complexity of the expression.
3709	Could not create entitlement branch process	Could not create a branch during an entitlement report. This is followed by a system-specific diagnostic.	Correct the situation described by the system-specific diagnostic, or rerun the report with constraints that reduce complexity.
3710	Arithmetic overflow	An addition operation resulted in a number too big for the system.	Edit the policy to correct the error.
3711	Multiplication overflow	A multiplication operation resulted in a number too big for the system.	Edit the policy to correct the error.
3712	Can not evaluate soft conditional expression. This can result in an incomplete report.	During an entitlement report, a soft condition could not be evaluated. This can result in an incomplete report.	Simplify the expression, or rerun the report with constraints that reduce the complexity of the expression.
3901	Unrecognized keyword in /etc/pb.settings	One of the settings keywords is spelled incorrectly or is not a valid keyword.
3902	No key file specified in /etc/pb.settings	There is no parameter after keyfile in the settings file.
3903	No policy file specified in /etc/pb.settings	There is no parameter after policyfile in the settings file.
3904	No policy directory specified in /etc/pb.settings	There is no parameter after policydir in the settings file.
3905	Malformed validation string in /etc/pb.settings	There are less than four parameters after validation in the settings file.
3906	'yes' or 'no' must be specified after 'kerberos' in /etc/pb.settings
3907	No pblocald log file specified in /etc/pb.settings	There is no value after the keyword pblocaldlog.
3908	'yes' or 'no' must be specified after 'syslog' in /etc/pb.settings	The value after the keyword syslog is not yes or no.
3909	No Policy Servers specified in /etc/pb.settings	No parameters come after Policy Servers in the settings file.
3910	No pbmasterd log file specified in /etc/pb.settings	There is no value after the keyword pbmasterdlog.
3911	No log facility specified in /etc/pb.settings	There is no value after the keyword facility.
3913	No pbrun log file specified in /etc/pb.settings	There is no value after the keyword pbrunlog.
3914	No Policy Server port specified in /etc/pb.settings	There is no value after the keyword masterport.
3915	No local port specified in /etc/pb.settings	There is no value after the keyword localport.
3916.##	No Policy Server principal specified in <settings file>	There is no value after the keyword mprincipal.
3917.##	No local principal specified in <settings file>	There is no value after the keyword lprincipal.
3918.##	No keytab specified in <settings file>	There is no value after the keyword keytab.
3919.00	Keytab not found or not secure	Kerberos keytab was not found or open for reading or writing by non-authorized users
3920	No maximum port specified in /etc/pb.settings	There is no value after the keyword maxport.
3921	Maximum port not large enough in /etc/pb.settings	The value for the maxport is less than the minport.
3922	No minimum reserved port specified in /etc/pb.settings	There is no value after the keyword minreservedport.
3923	No maximum reserved port specified in /etc/pb.settings	There is no value after the keyword maxreservedport.
3924	Maximum reserved port not large enough in /etc/pb.settings	The value for the maxreservedport is less than minreservedport.	Change one of the values.
3925	No minimum port specified in /etc/pb.settings	There is no value after the keyword minport.
3926	pbcheck 2.7.6 3926 Missing or insecure keyfile: /etc/pb.key	The keyfile specified in /etc/pb.settings is not secure or is missing.	Verify that /etc/pb.settings exists and check the file permissions. Upgrade to an Endpoint Privilege Management version newer than 2.7.6.
3927.01	3927.01%s:line %d: unknown keyword %s	The indicated line in the indicated settings file has an unknown keyword.	Read the man page section for the settings file and correct the indicated line number.
3927.02	3927.02:%s: line %d:expected 'yes' or 'no' after '%s'	The indicated keyword at the indicated line in the indicated settings file may only be set to a Yes or No value.	Set the keyword to a value of Yes or No.
3927.03	3927.03:%s: line %d: ignoring everything after '%s'	Extraneous characters were found after the string in the indicated settings file and line.	Remove the extraneous characters from the indicated line.
3927.04	3927.04:%s: line %d: expected a number after %s	Found a non-numeric character as a value for the indicated keyword at the indicated line in the indicated settings file.	Set the keyword to a numeric value.
3927.05	3927.05:%s: line %d: ignoring everything after '%s'	Extraneous characters were found after the indicated string at the indicated line in the indicated settings file.	Remove the extraneous characters from the indicated line.
3927.06	3927.06: %s: line %d: expected a number after %s	Found a non-numeric character as a value for the indicated keyword at the indicated line in the indicated settings file.	Set the keyword to a numeric value.
3927.07	3927.07:%s: line %d: ignoring everything after '%s'	Extraneous characters were found after the indicated string at the indicated line in the indicated settings file.	Remove the extraneous characters from the indicated line.
3927.08	3927.08:%s:line %d: expected something after %s	A value is expected after the indicated keyword at the indicated line in the indicated settings file. None was found.	See the main page for the indicated settings file, and enter appropriate data for the keyword.
3927.09	3927.09:%s: line %d: ignoring everything after '%s'	Extraneous characters were found after the indicated string at the indicated line in the indicated settings file.	Remove the extraneous characters from the indicated line.
3927.10	3927.10:%s:line %d: expected something after %s	A value is expected after the indicated keyword at the indicated line in the indicated settings file. None was found.	See the main page for the indicated settings file, and enter the appropriate data for the keyword.
3927.11	3927.11: unknown type %d	Internal error code when an unknown data type was encountered. The supported data types are string, boolean, list, and number.	Contact BeyondTrust Support.
3940	keyword <keyword> must have a value with no more than <number> characters	The keyword has a string value that is too long.	Edit pb.settings and shorten the string value.
3941	no logservers specified in <settings file>
3942	You must specify 'yes' or 'no' after '<word>' in your pb.settings file
3943	keyword <name> must be one of <list of values>	A setting contained an unrecognized word. It must be one of the listed values.
3944	keyword <name> list can contain only <list of values>	A setting contained an unrecognized word or words. All values must be in the list provided.
3946	keyword <name> must have at least one setting	A setting was blank. It must have a value.
3947	nonreserved port <name> (<current value>) must have a numeric value between <minimum> and <maximum>	A non-reserved port number was invalid. It must be in the listed range.
3948	reserved port <name> (<current value>) must have a numeric value between <minimum> and <maximum>	A reserved port number was invalid. It must be in the listed range.
3949	setting <name> (<current value>) must have a numeric value between <minimum value> and <maximum value>	The named setting must have a numeric value in the listed range.
3950	setting <keyword>: <reason>	The named setting must contain a valid file path name. This is followed by a further description of why the name was unacceptable.
3950.01	setting <keyword>: <reason>	The named setting must contain a valid file path name. This is followed by a further description of why the name was not acceptable.	Correct the settings file.
3951	setting <keyword>: <reason>	The named setting must contain a valid directory name. This is followed by a further description of why the name was unacceptable.
3952	<word> is not a valid keyword	The listed word is not a valid settings file keyword.
3953	<server name> principal '<principal name>' is longer than ## characters	A Kerberos principal name exceeds the allowed length.
3954	No key file specified in <settings file name>	No key file was specified in the listed settings file.
3955	Could not establish keyfile	No key file could be established. This is followed by a system-specific diagnostic message.
3956	No policy file specified in <settings file name>	A policy file was not specified in the listed settings file.
3957	Could not establish policy file	A policy file could not be established. This is followed by a system-specific diagnostic message.
3958	Bad regular expression '<expression>'	A poorly formed regular expression was found in a setting.	Correct the regular expression.
3959	Could not verify pattern '<pattern>' in client subject '<expression>'	The specified pattern was not found in the client subject expression.	Verify the regular expression and subject line. A mismatch indicates an improper expression in the settings file or an incorrect certificate on the client.
3960	Could not find certificate subject attribute	Certificate subject verification was enabled, but no certificate subject line was found.	Verify the regular expression and the certificate.
3961	Bad regular expression '%s'	A poorly formed regular expression was found in a setting.	Verify the regular expression and subject line. A mismatch indicates an improper expression in the settings file or an incorrect certificate on the client.
3962	Could not verify pattern '%s' in server subject '%s'	The specified pattern was not found in the server subject expression.	Verify the regular expression and subject line. A mismatch indicates an improper expression in the settings file or an incorrect certificate on the client.
3963	No policy directory specified in <settings file>	The policy directory was not specified in the settings file.	Edit the settings file to provide a policy directory.
3964	file <policy file name> does not exist	The named policy file does not exist.	Create the missing settings file, correct the policy which includes the named policy file, or adjust the policydir setting in the settings file to point to the file's directory.
3965.01	Format error in entry <entry value> for setting <settings name>	The listed value in the named setting does not match the expected format.	Correct the value in the settings file.
3965.02	Format error in entry <entry value> for setting <settings name>	The listed value in the named setting does not match the expected format.	Correct the value in the settings file.
3966	Numeric port for <host name> in setting <settings name> must be between <minimum value> and <maximum value>	The numeric port for the host name in the named setting is outside of the expected range.	Correct the value in the settings file.
3967	Daemon port <setting name> (<setting value>) must have a numeric value between <minimum value> and <maximum value> or an absolute path	The value for the named setting is invalid.	Correct the value in the settings file.
3968	Error in settings file <settings file name>	One or more settings are in error. This is usually preceded by diagnostic messages that detail the problem.	Correct the settings.
3969	Error in communications settings	One or more communications settings are in error. This will usually be preceded by diagnostic messages that detail the problem.	Correct the settings.
3970	Invalid path for <log type> log file <path>	The path for the named log file is invalid.	Correct the log file path.
3971	Policy Server info packet does not contain submit host ip.	Critical data was missing from the policy server's information packet.	Check the log files for pbmasterd.
3972	Submit host ip <ip address> not valid for local host name <host name>	The listed ip address is not valid for the local host.	This usually indicates a problem with name services on the run host.
3973	Can not find primary group for user <user name>	The primary group for the listed user does not exist on the run host.	Use a different user name or add the user to the run host.
3974	Could not resolve primary group name.	The primary group could not be found for the run user.	Correct the primary group for the runuser or use a different user name.
3975	Could not chroot to <directory>	The run host could not use the directory specified in a chroot command. This is followed by an operating-system diagnostic message.	Correct the situation described in the operating-system diagnostic message or use a different directory.
3976	Could not establish start up directory	The startup directory could not be determined. This is followed by an operating system diagnostic message.	Correct the situation described in the operating-system diagnostic message or try starting the command from a different directory.
3977.01	Duplicate setting <setting name> at line ### in settings file <settings file name>	More than one occurrence of the named settings was found. The duplicate was found at the listed line number in the named settings file.	Correct the settings file.
3977.02	Duplicate setting <setting name> at line ### in settings file <settings file name>	More than one occurrence of the named settings was found. The duplicate was found at the listed line number in the named settings file.	Correct the settings file.
3978.01	Could not store setting <setting name> from settings file <settings file name>	Internal error.	Contact BeyondTrust Support.
3978.02	Could not store setting <setting name> from settings file <settings file name>	Internal error.	Contact BeyondTrust Support.
3979	Using internal default <keyword>	The program did not find a valid setting for a required keyword. The program is using its own internal default.	Check the listed setting.
3980.01	No local socket directory specified for Unix Domain Socket backBind# on <host type> <host name>	A Unix/Linux Domain Socket reconnection was requested, but there is no temporary sock directory (localsocketdir) setting on the named host.	Enter a localsocketdir setting in the settings file on the named host.
3980.02	No local socket directory specified for Unix Domain Socket backConnect# on <host type> <host name>	A Unix/Linux Domain Socket reconnection was requested, but there is no temporary sock directory (localsocketdir) setting on the named host.	Enter a localsocketdir setting in the settings file on the named host.
3981.xx	Unexpected EOF	An unexpected EOF occurred while synchronizing IO log files.
3982.xx	File Error	An unexpected file error occurred, see message following the error.
3984	Unknown command	An unknown command was detected while reading an I/O log.	Check that the I/O log file is compatible with 6.0.
3985	Failed to open input file for synchronization process	The file that the software was attempting to read was not accessible to the program.	Check file access.
3986	synchronize process failed: input i/o log file missing header section	The file does not appear to be an I/O log.
3987	Unable to open user defined HTML file listed in the configuration file	Program cannot open the user defined task manager look and feel defined in the .pbguidrc file.	Make sure the file path and access is correct.