Manually synchronizing the encryption key

If you cannot refresh the encryption keys in the system administration client, you might have to refresh them manually. A manual refresh of the encryption key is also sometimes known as a key flush.

Symptoms

Refreshing the encryption keys by using the Refresh Encryption Key button in the system administration client Library Server Configuration window does not work.

The library server encryption key is no longer synchronized with the resource manager key, so the library server cannot communicate with the resource manager.

Possible causes

There are two possible causes for this problem:
  • There might be a configuration problem with the resource manager.
  • The resource manager is running, but it has lost connection with the library server. If this problem happens, the key can be refreshed when the resource manager is restarted.

Actions

Tip: Use the WebSphere® Application Server serverStatus command to check if the resource manager is running. See the information about starting and stopping a resource manager for instructions about checking the status of, starting, and stopping a resource manager.

If you need to update the encryption key manually, complete the following steps:

  1. Make sure that the resource manager is running.
  2. On the library server, go to the Db2 command prompt, and then enter the following commands:
    connect to database
    database is the name of the library server database.
    select hex(substr(encryptionkey,9,24)) as key from icmstsyscontrol
  3. Make a note of the 24-character string returned by the select statement, and then close the connection:
    terminate
  4. On the resource manager, go to the Db2 command prompt, and then enter the following commands:
    connect to database
    database is the name of the resource manager database.
    select Hex(substr(acc_public_key,1,24)) as key from rmaccess where acc_userid=1
    terminate
  5. Compare the 24-character string from the library server to the one from the resource manager. If they do not match, enter the following commands, each on its own line, on the resource manager:
    connect to database
    database is the name of the library server database.
    update rmaccess set acc_public_key=x'string' where acc_userid=1
    string is the exact string from the library server.
    terminate