DB2 Connection Fails with SQL30082N

Resolving The Problem

A connection from DB2 running on a System p is failing to make a connection to DB2 on the IBM System i system. The detailed error reported by the application requestor is, "SQL30082N Attempt to establish connection failed with security reason '17' ("UNSUPPORTED FUNCTION"). SQLSTATE=08001". When the TCP DDM attributes are changed on the client to allow unencrypted passwords, the connection works; however, if higher security levels are used, it fails.

The TRCCNN command was used to capture the failure, and this trace showed that the System i system was sending an ACCSECRD (14AC) with only security mechanism 0006 (User ID with substitute password) specified. Because the DDMTCP attributes on the system specified *ENCRYPTED, we were expecting to also see 0007 (User ID with encrypted password). This problem is usually due to some damage to the 5722AC3 product (128-bit crypto access provider). However, on this system, we got no errors from running the CHKPRDOPT command for this product. The user discovered that this system actually had a hardware cryptography card. We went into SST and analyzed the PAL entries for cryptography and found an SRC B0136602 with a 3300002C in the hex data. This indicates that the card is damaged and failing. The additional data showed it was a problem with the random number generator. The card was replaced; however, the device description for the card still would not vary on without failure. The program QCAP3/QYAC3INAT was called, and that corrected the problem. After that, the card varied on and encryption was once again possible.