Application connection problems and recovery

Here are some of the common errors in Kerberos-enabled IBM® i interfaces and their recovery methods.

Table 1. Common errors in Kerberos-enabled IBM i interfaces
Problem Recovery
You receive this error: Unable to obtain name of default credentials cache. Determine if the user who signed on to the IBM i platform has a directory in the /home directory. If the directory for the user does not exist, create a home directory for the credentials cache.
CPD3E3F: Network Authentication Service error &2 occurred. See the specific recovery information that corresponds with this message.
DRDA/DDM connection fails on a IBM i platform that was previously connected. Check to see if the default realm specified during network authentication service configuration exists. If a default realm and Kerberos server have not been configured, the network authentication service configuration is incorrect and DRDA/DDM connections will fail. To recover from this error, you can do one of the following tasks:
  1. If you are not using Kerberos authentication, follow these steps:

    Delete the default realm specified in the network authentication service configuration.

  2. If you are using Kerberos authentication, follow these steps:
    1. Reconfigure network authentication service specifying the default realm and Kerberos server that you created in Step 1.
    2. Configure IBM i Access Client Solutions applications to use Kerberos authentication. This sets Kerberos authentication on all IBM i Access Client Solutions applications, including DRDA/DDM. (See Scenario: Enabling single sign-on for IBM i.)
QFileSvr.400 connection fails on a IBM i platform that was previously connected. Check to see if the default realm specified during network authentication service configuration exists. If a default realm and Kerberos server have not been configured, the network authentication service configuration is incorrect and QFileSvr.400 connections will fail. To recover from this error, you can do one of the following tasks:
  1. If you are not using Kerberos authentication, follow these steps:

    Delete the default realm specified in the network authentication service configuration.

  2. If you are using Kerberos authentication, follow these steps:
    1. Configure a default realm and Kerberos server on a secure system on the network. See the documentation that corresponds with that system.
    2. Reconfigure network authentication service specifying the default realm and Kerberos server that you create in Step 1.
    3. Configure IBM i Access Client Solutions applications to use Kerberos authentication. This will set Kerberos authentication on all IBM i Access Client Solutions applications, including DRDA/DDM. (See Scenario: Enabling single sign-on for IBM i.)
CWBSY1011: Kerberos client credentials not found. The user does not have a ticket-granting ticket (TGT). This connection error occurs on the client PC when a user does not log into a Windows domain. To recover from this error, log into the Windows domain.
Error occurred while verifying connection settings. URL does not have host.
Note: This error occurs when you are using Enterprise Identity Mapping (EIM).
 To recover from this error, follow these steps:
  1. In IBM Navigator for i, expand IBM i Management > Network > Servers > TCP/IP Servers.
  2. Right-click Directory and select Properties.
  3. On the General page, validate that the administrator's distinguished name and password match those you entered during EIM configuration.
Error occurred while changing local directory server configuration. GLD0232: Configuration cannot contain overlapping suffixes.
Note: This error occurs when you are using Enterprise Identity Mapping (EIM).
 To recover from this error, follow these steps:
  1. In IBM Navigator for i, expand IBM i Management > Network > Servers > TCP/IP Servers.
  2. Right-click Directory and select Properties.
  3. On the Database/Suffixes page, remove any ibm-eimDomainName entries and reconfigure EIM.
Error occurred while verifying connection settings. An exception occurred while calling an IBM i program. The called program is eimConnect. Details are: com.ibm.as400.data.PcmlException.
Note: This error occurs when you are using Enterprise Identity Mapping (EIM).
 To recover from this error, follow these steps:
  1. In IBM Navigator for i, expand IBM i Management > Network > Servers > TCP/IP Servers.
  2. Right-click Directory and select Properties.
  3. On the Database/Suffixes page, remove any ibm-eimDomainName entries and reconfigure EIM.