Application connection problems and recovery
Here are some of the common errors in Kerberos-enabled IBM® i interfaces and their recovery methods.
Problem | Recovery |
---|---|
You receive this error: Unable to obtain name of default credentials cache. | Determine if the user who signed on to the IBM i platform has a directory in the /home directory. If the directory for the user does not exist, create a home directory for the credentials cache. |
CPD3E3F: Network Authentication Service error &2 occurred. | See the specific recovery information that corresponds with this message. |
DRDA/DDM connection fails on a IBM i platform that was previously connected. | Check to see if the default realm specified
during network authentication service configuration exists. If a default
realm and Kerberos server have not been configured, the network authentication
service configuration is incorrect and DRDA/DDM connections will fail.
To recover from this error, you can do one of the following tasks:
|
QFileSvr.400 connection fails on a IBM i platform that was previously connected. | Check to see if the default realm specified during
network authentication service configuration exists. If a default
realm and Kerberos server have not been configured, the network authentication
service configuration is incorrect and QFileSvr.400 connections will
fail. To recover from this error, you can do one of the following
tasks:
|
CWBSY1011: Kerberos client credentials not found. | The user does not have a ticket-granting ticket (TGT). This connection error occurs on the client PC when a user does not log into a Windows domain. To recover from this error, log into the Windows domain. |
Error occurred while
verifying connection settings. URL does not have host. Note: This
error occurs when you are using Enterprise Identity Mapping (EIM).
|
To recover from this error, follow
these steps:
|
Error occurred while
changing local directory server configuration. GLD0232: Configuration
cannot contain overlapping suffixes. Note: This error occurs when
you are using Enterprise Identity Mapping (EIM).
|
To recover from this error, follow
these steps:
|
Error occurred while verifying
connection settings. An exception occurred while calling an IBM i program. The called
program is eimConnect. Details are: com.ibm.as400.data.PcmlException. Note: This
error occurs when you are using Enterprise Identity Mapping (EIM).
|
To recover from this error, follow
these steps:
|
A Kerberos
ticket from remote system cannot be authenticated. Note: This error
occurs when you are configuring Management Central systems to use
Kerberos authentication.
|
Verify that Kerberos is configured properly on all your systems. This error might indicate a security violation. Try the request again. If the problem persists contact IBM Customer Support. |
Cannot
retrieve Kerberos service ticket. Note: This error occurs when you
are configuring Management Central systems to use Kerberos authentication.
|
Verify that the Kerberos principal krbsvr400/IBM i fully qualified host name@REALM is in the Kerberos server as well as the keytab file for each of your systems. To verify whether the Kerberos principal is entered in the Kerberos server, see Adding IBM i principals to the Kerberos server. To verify whether the Kerberos service principal names are entered in the keytab file, see Managing keytab files for details. |
Kerberos
principal is not in a trusted group. Note: This error occurs when
you are configuring Management Central systems to use Kerberos authentication.
|
Add the Kerberos principal for
the system that is trying to connect to this system to your trusted
group file. To recover from this error, follow these steps:
|