DB2 - Problem description
Problem IT36085 | Status: Closed |
DB2 11.5.5 MAY ENCOUNTER SQL30082N RC 15 WHEN USING GSS_SERVER_ENCRYPT OR KRB_SERVER_ENCRYPT AUTHENTICATION | |
product: | |
DB2 FOR LUW / DB2FORLUW / B50 - DB2 | |
Problem description: | |
When the `AUTHENTICATION` dbm parameter is set to `GSS_SERVER_ENCRYPT` or `KRB_SERVER_ENCRYPT`, userid and password authentication may fail with SQL30082N RC 15. You may also see the following message in the db2 diagnostic log: FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20 DATA #1 : String with size, 65 bytes Password validation for user db2inst1 failed with rc = -2029060043 This error occurs because the Db2 check password daemon processes (db2ckpwd) do not spawn under circumstances where they are needed to check passwords. It is possible to verify that the db2ckpwd process have not spawned with the db2_ps command: ---- $ db2_ps Node 0 UID PID PPID C STIME TTY TIME CMD db2inst1 53674164 1 0 11:36:50 - 0:00 db2wdog db2inst1 19595424 53674164 0 11:36:50 - 0:00 db2sysc db2inst1 48038006 53674164 0 11:36:50 - 0:00 db2vend (PD Vendor Process - 258) db2inst1 6291846 53674164 0 11:36:52 - 0:00 db2acd ---- This APAR only affects Db2 v11.5.5.0. Earlier versions of Db2 are not affected. | |
Problem Summary: | |
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service level 11.5.5.0. Earlier releases of Db2 are not * * affected * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to Db2 11.5.5.1 * **************************************************************** | |
Local Fix: | |
Set `DB2_NUM_CKPW_DAEMONS` registry variable with `FORCESPAWN` and recycle db2. db2set DB2_NUM_CKPW_DAEMONS=FORCESPAWN | |
Solution | |
Workaround | |
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service level 11.5.5.0. Earlier releases of Db2 are not * * affected * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to Db2 11.5.5.1 * **************************************************************** | |
Comment | |
The complete fix for this problem first appears in DB2 Version 11.5.5.1 and all the subsequent Fix Packs. The fix will ensure the Db2 check password daemon processes spawn under all needed circumstances. After applying the fix for this APAR, verify that the db2ckpwd processes spawn with the db2_ps command: ---- $ db2_ps Node 0 UID PID PPID C STIME TTY TIME CMD db2inst1 19595426 1 0 11:40:26 - 0:00 db2wdog db2inst1 21823702 19595426 0 11:40:26 - 0:00 db2vend (PD Vendor Process - 258) db2inst1 36634774 19595426 0 11:40:27 - 0:00 db2acd db2inst1 41680926 19595426 0 11:40:26 - 0:00 db2ckpwd db2inst1 48038010 19595426 0 11:40:26 - 0:00 db2ckpwd db2inst1 53674168 19595426 0 11:40:26 - 0:00 db2sysc db2inst1 917788 19595426 0 11:40:26 - 0:00 db2ckpwd ---- | |
Timestamps | |
Date - problem reported : Date - problem closed : Date - last modified : | 02.03.2021 01.04.2021 01.04.2021 |
Problem solved at the following versions (IBM BugInfos) | |
Problem solved according to the fixlist(s) of the following version(s) |