Hi TJ,
Here is the information to capture DRDA trace output from IDS server:
1) Open an IDS Command windows
2) Cleanup DUMPDIR output
cd $DUMPDIR
delete all files at $DUMPDIR
FYI: By default the DUMPDIR may be set to $INFORMIXDIR\tmp
You can find this by scanning the onconfig file for the IDS server inst=
ance
located at ($INFORMIXDIR\etc)
3) To start the DRDA trace at the computer where IDS server is running.=
onmode -p +1 drda_dbg
4) From client computer try establishing connection to IDS by using
DB2 .NET provider.
Since it is a DRDA connection, it must have generated a trace file at
$DUMPDIR
5) Please send the generated trace output file to me.
Regards,
Satyan
Software Engineer
R&D - IBM Information Management Division
11200 Lakeview, Lenexa, KS 66219
Tel: 913 599 8792 (T/L: 337-8792)
|------------>
| From: |
|------------>
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|Sathyanesh Krishnan/Lenexa/IBM@IBMUS =
=
|
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|"Throstur Jonsson" <tj@rational-network.com> =
=
|
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|Ardeshir Jamshidi/Oakland/IBM@IBMUS, ids@iiug.org, classics-bounces@=
iiug.org, informix-list@iiug.org, dotNet Runtime Team =
|
|<dotNet_Runtime_Team%IBMUS@us.ibm.com> =
=
|
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|01/26/2011 11:35 PM =
=
|
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|Re: likely database privilege problem =
=
|
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|------------>
| Sent by: |
|------------>
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
|informix-list-bounces@iiug.org =
=
|
>--------------------------------------------------------------------=
-----------------------------------------------------------------------=
-------|
Hi TJ,
The instruction you followed to setup the DRDA listening port on IDS se=
rver
is the right one.
I would like to take a look on trace output captured from client and ID=
S
server.
I will soon send you the information to capture the DRDA trace output f=
rom
IDS server.
Meanwhile can you please capture the trace output from the client and s=
end
it to me.
Information to take trace output from client:
1) Open a DB2 Command window at client computer
Then issue the following command to start capturing the trace.
db2trc on -i 16m -m "*.*.84.*.*" -t
2) Then run the client application connecting to IDS.
3) Dump the trace output to a file.
db2trc dmp db2trcout.dmp
4) Please send the output to me.
FYI:You can get more information about DB2TRC by going through the URL.=
http://www.ibm.com/developerworks/db2/library/techarticle/dm-0409melnyk=
/
The step3 of the testconn is trying to establish a connection.
To simplify the trace output we can use an application that try to
establish connection and close.
Please use the fooling source to build an application that try to estab=
lish
to server and close the connection.
static void Main(string[] args)
{
String ConnStr =3D "User
ID=3Dinformix;Password=3Dxxxxxx;Database=3Deloxnet;Server=3D192.168.57.=
72:9091";
DB2Connection Conn =3D new DB2Connection(ConnStr);
try
{
Conn.Open();
Console.WriteLine("Open Sucess");
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
Conn.Close();
Console.WriteLine("Closed!");
}
Regards,
Satyan
Software Engineer
R&D - IBM Information Management Division
11200 Lakeview, Lenexa, KS 66219
Tel: 913 599 8792 (T/L: 337-8792)
Inactive hide details for "Throstur Jonsson" ---01/26/2011 03:47:13 AM-=
--Hi
Satyan, First of all those where the grant commands"Throstur Jonsson"
---01/26/2011 03:47:13 AM---Hi Satyan, First of all those where the gra=
nt
commands I ran against the database:
=
=
From: "Throstur Jonsson" <tj@rational-network.com> =
=
=
To: Sathyanesh Krishnan/Lenexa/IBM@IBMUS =
=
=
Cc: Ardeshir Jamshidi/Oakland/IBM@IBMUS, <classics-bounces@iiug.org=
>,
"dotNet Runtime Team" <dotNet_Runtime_Team%IBMUS@us.ibm.com>, =
<ids@iiug.org>, <informix-list@iiug.org> =
=
=
Date: 01/26/2011 03:47 AM =
=
=
Subjec Re: likely database privilege problem =
t: =
=
Hi Satyan,
First of all those where the grant commands I ran against the database:=
grant connect to public;
grant resource to public;
Where there any more to run?
Yes the DRDA port is 9091, otherwise the same testconn40.exe command wo=
uld
not work when run from the local IDS server. But it does work there. It=
is
only when run from another machine on the Local Area Network that it fa=
ils,
as described in my previous post. Please note that the IBM .Net provide=
r is
correctly configured on that client machine. This is an IDS security
problem when trying to access the IDS over LAN via the DRDA. I can with=
out
problems access the same IDS from the same client computer using Server=
Studio or ODBC. It is only the DRDA connection that is giving me this
security issue.
There is no firewall running at the IDS server, so that is not the prob=
lem
either.
Actualy I configured the DRDA following my own guidance that I created =
last
summer as it was pritty difficult finding out from the IBM documentatio=
n.
Find the guidance attached.
To assure the DRDA is correctly setup, is there any standard method oth=
er
than using the testconn40.exe?
At least here is a result run from the IDS server to gurantee that the =
port
is there open and working (connected with Visual Studio installed on th=
e
local IDS server)
C:\Program Files\Informix\Client-SDK>netstat -an | findstr 9091
TCP 0.0.0.0:9091 0.0.0.0:0 LISTENING
TCP 192.168.57.72:1143 192.168.57.72:9091 ESTABLISHED
TCP 192.168.57.72:9091 192.168.57.72:1143 ESTABLISHED
If I disconnect Visual Studio on the Iocal IDS server I get:
C:\Program Files\Informix\Client-SDK>netstat -an | findstr 9091
TCP 0.0.0.0:9091 0.0.0.0:0 LISTENING
TCP 192.168.57.72:1143 192.168.57.72:9091 TIME_WAIT
So it seems to be the correct DRDA port and working properly.
Hope this helps you helping me :-)
Regards
TJ
----- Original Message -----
From: Sathyanesh Krishnan
To: Throstur Jonsson
Cc: Ardeshir Jamshidi ; classics-bounces@iiug.org ; dotNet Runtime Team=
;
ids@iiug.org ; informix-list@iiug.org
Sent: Tuesday, January 25, 2011 7:59 PM
Subject: Re: likely database privilege problem
Hi TJ,
Unfortunately the reason code 25 of the error doesn't give much clue,
IDS server support multiple protocols (SQLI and DRDA).
This .NET provider uses DRDA protocol to connect to IDS database.
Can you please verify the port number you are using (9091) is configure=
d at
IDS to use DRDA protocol.
Regards,
Satyan
Software Engineer
R&D - IBM Information Management Division
11200 Lakeview, Lenexa, KS 66219
Tel: 913 599 8792 (T/L: 337-8792)
Inactive hide details for "Throstur Jonsson" ---01/25/2011 01:02:04 PM-=
--Hi
Sathyanesh, This helped me on the local server, the"Throstur Jonsson"
---01/25/2011 01:02:04 PM---Hi Sathyanesh, This helped me on the local
server, the testconn40.exe now finish with success. Howev
=
=
From: "Throstur Jonsson" <tj@rational-network.com> =
=
=
To: Sathyanesh Krishnan/Lenexa/IBM@IBMUS =
=
=
Cc: Ardeshir Jamshidi/Oakland/IBM@IBMUS, <classics-bounces@iiug.org=
>,
"dotNet Runtime Team" <dotNet_Runtime_Team%IBMUS@us.ibm.com>, =
<ids-bounces@iiug.org> =
=
=
Date: 01/25/2011 01:02 PM =
=
=
Subjec Re: likely database privilege problem =
t: =
=
Hi Sathyanesh,
This helped me on the local server, the testconn40.exe now finish with
success. However when run from another computer on the LAN against the =
same
server I get this:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
Step 3: Connecting using "User
ID=3Dinformix;Password=3Dxxxxxx;Database=3Deloxnet;Serv
er=3D192.168.57.72:9091"
Server located, but security error:
ERROR [08001] [IBM] SQL30082N Security processing failed with reason
"25" ("CON
NECTION DISALLOWED"). SQLSTATE=3D08001
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
No matter if I try to run testconn40.exe against the sysuser database I=
get
that error too there.
The IBM .Net provider is correctly setup at this computer as I'm using =
it
against another IDS 11.5 server without problems. It only fails when I =
try
to run it against the IDS 11.7 server.
Regards
TJ
----- Original Message -----
From: Sathyanesh Krishnan
To: Throstur Jonsson
Cc: Ardeshir Jamshidi ; classics-bounces@iiug.org ; dotNet Runtime Team=
;
ids-bounces@iiug.org
Sent: Tuesday, January 25, 2011 3:53 PM
Subject: Re: likely database privilege problem
Hi TJ,
Forgot you include you in the mail :)
Regards,
Satyan
Software Engineer
R&D - IBM Information Management Division
11200 Lakeview, Lenexa, KS 66219
Tel: 913 599 8792 (T/L: 337-8792)
Inactive hide details for Sathyanesh Krishnan---01/25/2011 09:48:54 AM-=
--Hi
TJ, I am redirecting the question to the IDS; ThisSathyanesh
Krishnan---01/25/2011 09:48:54 AM---Hi TJ, I am redirecting the questio=
n to
the IDS; This problem is likely something to do with datab
=
=
From: Sathyanesh Krishnan/Lenexa/IBM =
=
=
To: ids-bounces@iiug.org, classics-bounces@iiug.org =
=
=
Cc: Ardeshir Jamshidi/Oakland/IBM@IBMUS, dotNet Runtime Team =
=
=
Date: 01/25/2011 09:48 AM =
=
=
Subject: likely database privilege problem =
=
Hi TJ,
I am redirecting the question to the IDS;
This problem is likely something to do with database privilege at IDS
server.
Most probably the problem will resolve once you GRANT appropriate right=
to
the database.
Just for verifying you may issue the following command to the database =
you
are trying to connect.
grant connect to public;
grant resource to public;
If this doesn't solve the problem then IDS folks can help you better he=
re.
Regards,
Satyan
Software Engineer
R&D - IBM Information Management Division
11200 Lakeview, Lenexa, KS 66219
Tel: 913 599 8792 (T/L: 337-8792)
----- Forwarded by Sathyanesh Krishnan/Lenexa/IBM on 01/25/2011 09:40 A=
M
-----
=
=
From: Ardeshir Jamshidi/Oakland/IBM =
=
=
To: dotNet Runtime Team =
=
=
Date: 01/25/2011 06:23 AM =
=
=
Subject: Team, really need to give this customer some response, Pleas=
e
advise/re: beta question. =
=
----- Forwarded by Ardeshir Jamshidi/Oakland/IBM on 01/25/2011 04:21 AM=
-----
=
"Throstur =
Jonsson" =
<tj@rational =
-network.com =
> =
To
=
Ardesh=
ir
01/25/2011 Jamshi=
di/
03:45 AM Oaklan=
d/I
BM@IBM=
US
=
=
cc
=
=
Subj=
ect
=
Re: be=
ta
questi=
on.
=
=
=
=
=
=
Hi Ardeshir,
I'm geting totaly frusturated with this. Now I have spent a day on this=
and
little progress. So your help would realy be appreciated.
Just to add to this. If I change the Database=3Deloxnet to Database=3Ds=
ysuser
or Database=3Dsysutils or Database=3Dsysmaster the testconn40.exe passe=
s
throuhg gracefully.
It is only with Database=3Dsysadmin and Database=3Deloxnet (my database=
) where
it fails as described below. So this has definately something to do wit=
h
different security among those databases in my Informix Online Server
Instance.
Where is that controlled?
Regars
TJ
----- Original Message -----
From: Throstur Jonsson
To: Ardeshir Jamshidi
Sent: Monday, January 24, 2011 6:35 PM
Subject: beta question.
Hi,
I have for few months been using the beta version of the IBM .Net Data
Provider version 9.7fp3a. All has been working very well in my
testenvironment with IDS Developer 11.5 on Windows XP. Now I installed =
IDS
Developer 11.7 on a W2003 machine and the same IBM data provider.
Unfortunately I get some security problems when I test a connection wit=
h
Dbconnect40.exe from the W2003 machine:
C:\Program Files\IBM\IBM DATA SERVER DRIVER\bin>testconn40.exe "User
ID=3Dinformix
;Password=3Dxxxxxx;Database=3Deloxnet;Server=3D192.168.57.72:9091"
Step 1: Printing version info
.NET Framework version: 4.0.30319.1
DB2 .NET provider version: 9.0.0.4
DB2 .NET file version: 9.7.3.4
Capability bits: ALLDEFINED
Build: 20100929
Factory for invariant name IBM.Data.DB2 verified
Factory for invariant name IBM.Data.Informix verified
IDS.NET from DbFactory is Common IDS.NET
Warning, failed load of DbFactory for:IBM.Data.DB2.9.7.3
Warning, failed load of DbFactory for:IBM.Data.Informix.9.7.3
VSAI assembly version: 9.1.0.0
VSAI file version: 9.7.3.0
Elapsed: 2,359375
Step 2: Validating db2dsdriver.cfg against db2dsdriver.xsd schema file
File C:\Documents and Settings\All Users\Application Data\IBM\DB2\IBMDB=
C
L1\cfg\db2dsdriver.cfg missing. Nothing to validate
Elapsed: 0,09375
Step 3: Connecting using "User
ID=3Dinformix;Password=3Dxxxxxx;Database=3Deloxnet;Serv
er=3D192.168.57.72:9091"
ERROR [08004] [IBM] SQL30060N "INFORMIX" does not have the privilege to=
perform operation "0x2203". SQLSTATE=3D08004
Test failed.
As I Google this on the net I only get some basic informatoin regarding=
some security plugin, etc. The DRDA setup is exactly the same in regist=
ry
(SQLHSTS, etc.). I have this aliasis in my onconfig file.
DBSERVERALIASES svc_drda_1 # List of alternate dbserver names
Ant the port number in the services file is set to 9091 by this line:
svc_drda_1 9091/tcp
The DRDA listener seems to be active and listening. However this seems =
to
be a kind of security problem that I have no clue what can be the reaso=
n.
Regards
TJ
[attachment "drda_setup.pdf" deleted by Sathyanesh Krishnan/Lenexa/IBM]=
_______________________________________________
Informix-list mailing list
Informix-list@iiug.org
http://www.iiug.org/mailman/listinfo/informix-list
=
