Recovering database access threads after security failure

During database access thread allocation, the remote site might not have the proper security to access Db2 through distributed data facility (DDF). When this happens, you can recover from the situation.

Symptoms

Message DSNL500I is issued at the requester for VTAM® conversations (if it is a Db2 subsystem) with return codes RTNCD=0, FDBK2=B, RCPRI=4, and RCSEC=5. These return codes indicate that a security violation has occurred. The server has deallocated the conversation because the user is not allowed to access the server. For conversations that use DRDA access, LU 6.2 communications protocols present specific reasons for why the user access failed, and these reasons are communicated to the application. If the server is a Db2 database access thread, message DSNL030I is issued to describe what caused the user to be denied access into Db2 through DDF. No message is issued for TCP/IP connections.

If the server is a Db2 subsystem, message DSNL030I is issued. Otherwise, the system programmer needs to refer to the documentation of the server. If the application uses DRDA access, SQLCODE –30082 is returned.

Causes

This problem is caused by a remote user who attempts to access Db2 through DDF without the necessary security authority.

Resolving the problem

Operator response:
  1. Read about the Db2 code 00D3103D.
  2. Take the appropriate action:
    • If the security failure involves a Db2 database access thread, provide the DSNL030I message to the system programmer.
    • If the security failure does not involve a Db2 server, work with the operator or programmer at the server to get diagnostic information that is needed by the system programmer.