1 – Did it fail on ALL of the 400′s or just some?
If it failed on ‘ALL’ then the change was at your end – authentication (you did say right after login).
If it only failed on some systems, then they changed. Patch or Antivirus or malware blocker, or updated ACL.
You might manage the AS/400s, but you apparently don’t manage the network. The message isn’t coming from one of your as/400s; it’s coming from a firewall. See the <a href=”https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=10022.0.2917673.2504701″>Forcing the File Transfer Protocol (FTP) Security Server to allow unsafe commands from the client</a> document from Check Point for instructions on how to handle the situation.
Note that “handling” it might not be possible. It makes good sense not to allow your technique to work over FTP. Use a better method of applying updates.