New connections to a database may hang when using Vintella Authentication Services plug-in with DB2 V9.5 or higher.
New connections will hang when attempting to authenticate the user. If the stacktrace of the db2agent connection is captured using "db2pd -stack <eduid>" you may see the most recent function calls as:
The VAS plugin for DB2 V9.5 and higher is no longer supported by VAS and should not be used. From the Quest website it's stated:
For DB2 9.5 and up Quest now recommends using the DB2 built-in functionality to connect to Active directory instead of the Quest DB2 plugin.
The functionality in DB2 is called Transparent LDAP authentication. Transparent LDAP authentication allows users to authenticate through the OS ( LAM on AIX, otherwise PAM, like the Quest DB2 Security Plugin ), which can then use QAS. This does not require setting up LDAP, QAS fulfills that role.
For more information, please read SOLUTION 64305. NOTE: The Quest DB2 plugin is no longer being activly developed. It will remain supported for the forseeable future since not all versions of DB2 have the new functionality, and the new functionality doesn't work for all users ( AIX local group problem explained in the given link ).
Diagnosing The Problem
1. Connect to the database and locate the db2agent via "GET SNAPSHOT FOR APPLICATIONS" and/or "DB2PD -EDUS".
2. Locate the edu ID of the db2agent and dump the stacktrace using "DB2PD -STACK <EDUID>".
3. This will generate a trap file in your DIAGPATH. The file name will contain the PID of the db2sysc process and the EDU ID.
4. The stacktrace should show the most recent function calls as VAS calls. These typically start as "vas_db2_plugin_...".
Resolving The Problem
As Quest has recommended, for DB2 V9.5 and higher you should use Transparent LDAP authentication. More information can be found on the Quest site under SOLUTION 64305.
Internal Use Only
This technote was generated by Technote Kickstart 0.8.0.68 based on Information Management PMR 62840,379,000.
16 June 2018