Symptom

Obtaining the idscfgremotedb script

To create a DB2 instance on a remote machine, you must download the idscfgremotedb script by following these steps:

1. Log on to the IBM Security Directory Suite virtual appliance console. See Logging on to the virtual appliance console.
2. From the top-level menu of the virtual appliance console, select Configure > Advanced Configuration > Custom File Management.
3. In the All Files tab, expand the idstools folder.
4. Select the idscfgremotedb.zip file that is displayed in the right pane of the table.
5. Click Download to save the file.
6. Extract the contents of the idscfgremotedb.zip file.
7. Use the idscfgremotedb UNIX-specific script to create a remote DB2 instance on all UNIX-based systems, such as Linux, AIX, and Solaris.

Installing and configuring a new remote DB2 database with Directory Server in virtual appliance

1. Use the part numbers in the IBM Security Directory Suite Download Document to download DB2 installation image for your platform from Passport Advantage.
2. Follow the steps in the IBM Knowledge Center for DB2 to install DB2 on a remote system.
3. Download the CIPH4ML part number from Passport Advantage.for license activation.
4. Extract the contents of the package.
5. Apply the DB2 license. Run the following command:
   Windows system:
   <db2install_path>\bin\db2licm -a <extracted_dir>
   Linux or UNIX systems:
   INSTHOME/sqllib/adm/db2licm -a <extracted_dir>/ese_o/db2/license/db2ese_o.lic
6. To configure the remote DB2 with Directory Server in virtual appliance, follow the steps in the topic, Configuring the remote DB2 in the IBM Knowledge Center for IBM Security Directory Suite.

For more information, see the topic, Applying DB2 licensesin the IBM Knowledge Center for DB2.

Configuring virtual appliance to use an existing remote DB2 that is used by a Directory Server instance on software stack

1. Ensure that the Directory Server instance on software stack is stopped before proceeding.
2. Follow the same process as that of configuring a new remote DB2 instance as described in the topic, Configuring the remote DB2 in the IBM Knowledge Center for IBM Security Directory Suite.
3. Upload the ibmslapddir.ksf file of the existing Directory Server instance to the virtual appliance Directory Server instance. To do this, complete the following steps:
1. Log on to the IBM Security Directory Suite virtual appliance console. See Logging on to the virtual appliance console.
2. From the top-level menu of the virtual appliance console, select Configure > Advanced Configuration > Custom File Management.
3. In the All Files tab, click the etc folder.
4. Click Upload.
5. Browse to the location of the ibmslapddir.ksf file and select it.
6. Click Save Configuration.
4. Run the idscfgsuf command to add the existing suffixes to the virtual appliance. See the topic, idscfgsuf in the IBM Knowledge Center for IBM Security Directory Suite.
5. On the Appliance Dashboard, use the Server Control widget to start Directory Server in the normal mode.
6. After completing these steps, you must use only the Directory Server instance in virtual appliance to run database operations.

Configuring SSL between remote database and IBM Security Directory Suite 

To configure SSL between remote database and IBM Security Directory Suite, you must follow steps 5 and 6 that are provided in the topic, Configuring the remote DB2.

Troubleshooting remote DB2

Some issues that you might encounter with a remote DB2 configured with virtual appliance are described here with steps to resolve or work around the issues.

Running database utilities on remote DB2

The following utilities are not supported when IBM Security Directory Suite virtual appliance is configured to a remote DB2 instance:

• bulkload
• dbrestore
• dbback
• perftune

However, these utilities are available for use with the embedded DB2 that comes with the IBM Security Directory Suite virtual appliance.

The idscfgdb command fails for a remote DB2

When configuring remote DB2, even though correct parameters are specified, the idscfgdb command might fail and gives the following error:

GLPCTL020I Updating the database manager: 'sdsinst1'.
Failed to attach to database instance or node: 'idsrnode'
GLPCTL022E Failed to update the database manager: 'sdsinst1'.
GLPCTL014I Uncataloging database instance node: 'sdsinst1'. 
The traces or db2cli.log shows the following error message:
2015-10-30T19:45:06.420059-5:00native retcode = -30081; state = "08001"; 
message = "SQL30081N  A communication error has been detected. 
Communication protocol being used: "TCP/IP".  Communication API being 
used: "SOCKETS".  Location where the error was detected: 
"192.168.184.128".  Communication function detecting the error: "connect".  
Protocol specific error code(s): "113", "*", "*".  SQLSTATE=08001" 

To resolve this problem, check the following causes and take the corresponding actions:

• A firewall might be enabled on the remote DB2 instance machine, which does not allow the IBM Security Directory Suite virtual appliance machine to communicate to the DB2 instance.
• The DB2 instance might not be running. Run the db2start command on the remote DB2 instance machine to start the instance.

Search operations with remote DB2 may result in discrepancies

This issue occurs if you have IBM Security Directory Server 6.4 or earlier configured with DB2, and then configure IBM Security Directory Suite virtual appliance to use the existing DB2 as a remote DB. When you perform operations such as, add, modify, and delete, on both the IBM Security Directory Server instance and the virtual appliance, the subsequent search operations may yield different results. To avoid this discrepancy, you must not run operations on the software stack instance after you configure virtual appliance to use remote DB.

Suffixes are not accessible with remote DB2

If you have IBM Security Directory Server 6.4 or earlier configured with DB2, and then configure IBM Security Directory Suite virtual appliance to use the existing DB2 as a remote DB without doing migration, the existing suffixes are not accessible. To resolve this problem, you must perform the migration or use theidscfgsuf command to add the existing suffixes to the virtual appliance.

Configuring remote DB2 by using idscfgdb command fails

Configuring remote DB2 with idscfgdb command fails with the error message "Failed to update the KDB or STASH file in the DB2 configuration manager." 

To resolve this issue, ensure that the hostname of the virtual appliance is not the default. To set the host name, log in to the virtual appliance command-line interface. Use the management > hostname command:
hostname set hostname

Reconfiguring a different remote DB2 over SSL fails

You might encounter this issue in the following scenario: IBM Security Directory Suite virtual appliance is already configured with a remote DB2 over SSL. When you attempt to run the idscfgdb command to reconfigure virtual appliance to a different remote DB2 over SSL, an error occurs stating that the remote DB2 is already configured. Subsequently, the Directory Server instance fails to start.

To resolve this issue, you must unconfigure the remote DB2 by using the idsucfgdb command. Then, reconfigure it to a new remote DB2.

Directory Server startup fails after attempting to create a change log database with idscfgremotedb script

This issue might occur in the following scenario: You have IBM Security Directory Server 6.4 or earlier configured with the shipped DB2. When you attempt to create a change log database by using the idscfgremotedb script, server startup fails.

To resolve this issue, you must create the change log DB for an existing Directory Server instance by using the idscfgchglg that was shipped with that version of IBM Security Directory Server. The idscfgremotedb script must be used to create a change log DB only for the Directory Server database that was created by using the idscfgremotedb script.

Older database and change log entries are still seen after reconfiguration of remote DB2 and change log

This issue might occur in the following scenario: IBM Security Directory Suite virtual appliance is already configured with a remote DB2 along with change log. When you unconfigure the remote DB2 and remote change log and then reconfigure to the same remote DB2 and change log, you might see older entries for Directory Server and change log.

The reason is because unconfiguring the remote DB2 or the remote change log does not remove the database. To resolve this problem, you must remove the Directory Server database or change log database or their entries when required.