IBM Support

Connection to a DB2 V9.5 or higher database may hang when using VAS

Troubleshooting


Problem

New connections to a database may hang when using Vintella Authentication Services plug-in with DB2 V9.5 or higher.

Symptom

New connections will hang when attempting to authenticate the user. If the stacktrace of the db2agent connection is captured using "db2pd -stack <eduid>" you may see the most recent function calls as:
vas_db2_plugin_outcall_getgroups
vas_db2_plugin_lookup_groups

Cause

The VAS plugin for DB2 V9.5 and higher is no longer supported by VAS and should not be used. From the Quest website it's stated:
For DB2 9.5 and up Quest now recommends using the DB2 built-in functionality to connect to Active directory instead of the Quest DB2 plugin.

The functionality in DB2 is called Transparent LDAP authentication. Transparent LDAP authentication allows users to authenticate through the OS ( LAM on AIX, otherwise PAM, like the Quest DB2 Security Plugin ), which can then use QAS. This does not require setting up LDAP, QAS fulfills that role.

For more information, please read SOLUTION 64305. NOTE: The Quest DB2 plugin is no longer being activly developed. It will remain supported for the forseeable future since not all versions of DB2 have the new functionality, and the new functionality doesn't work for all users ( AIX local group problem explained in the given link ).

Diagnosing The Problem

  • 1. Connect to the database and locate the db2agent via "GET SNAPSHOT FOR APPLICATIONS" and/or "DB2PD -EDUS".

    2. Locate the edu ID of the db2agent and dump the stacktrace using "DB2PD -STACK <EDUID>".

    3. This will generate a trap file in your DIAGPATH. The file name will contain the PID of the db2sysc process and the EDU ID.

    4. The stacktrace should show the most recent function calls as VAS calls. These typically start as "vas_db2_plugin_...".

Resolving The Problem

As Quest has recommended, for DB2 V9.5 and higher you should use Transparent LDAP authentication. More information can be found on the Quest site under SOLUTION 64305.

Internal Use Only

This technote was generated by Technote Kickstart 0.8.0.68 based on Information Management PMR 62840,379,000.

[{"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Business Unit":{"code":"BU001","label":"Analytics Private Cloud"},"Component":"Security \/ Plug-Ins - IBM Suplied\/Default","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"9.7;9.5;10.1;10.5","Edition":""}]

Document Information

Modified date:
16 June 2018

UID

swg21571620