Technical Blog Post
Abstract
SCR service not starting
Check the log file for SCR which is located on a default location of the /opt/ibm/ccm/SCR/XMLtoolkit/log directory.
The log to review is the most recent msgGTM_XT.log.n (where n is 0-2)
In this case the error was a password expired that shows up as errors such as :
GTMCL5205E: Exception caught.
Connection authorization failure occurred. Reason: Password expired. ERRORCODE=-4214, SQLSTATE=28000
Body
The errors that are seen are in the format of:
com.ibm.tbsm.cltools.jdbc.ASIJDBCConnection getJDBCConnection [1] GTMCL5205E: Exception caught. -4214 - [jcc][t4][2012][11248][3.53.70] Connection authorization failure occurred. Reason: Password expired. ERRORCODE=-4214, SQLSTATE=28000.
com.ibm.tbsm.cltools.service.ASIXMLToolkitSvc main [1] GTMCL5205E: Exception caught. [jcc][t4][2012][11248][3.53.70] Connection authorization failure occurred. Reason: Password expired. ERRORCODE=-4214, SQLSTATE=28000.
com.ibm.tbsm.cltools.service.ASIXMLToolkitSvc main [1] GTMCL5257I: Shutdown complete
This indicates that some or all of the DB2 user passwords have expired.
If the DB2 database is local then the script below can be used to change the password:
/opt/ibm/ccm/db2_users_passwd.sh user_name
The user_name is each of: ITMUSER, db2apm, db2fenc1, dasusr1
If you change the ITMUSER password the APM server is restarted, however it is not restarted if the other DB2 users have the password changed.
The script will prompt for a new password and then prompt for it to be confirmed.
Note that if you have to change one password due to it expiring, then the chances are all 4 user ids need new passwords.
All 4 need to be done to allow SCR to restart correctly.
If the DB2 server is remote to the APM server then the procedure to change the passwords is slightly different.
1) In this case all APM servers should be stopped.
apm stop_all
2) Then on the machine where db2 is installed change the password via the command line:
passwd external_db2_instance
where external_db2_instance is the remote Db2 server instance user name that you created when you set up the remote Db2 server
and for itmuser enter : passwd itmuser
3) Now on the APM server machine use the db2_users_passwd.sh script to change the itmuser password to match the password you configured for that user on the remote Db2 server in step 2.
/opt/ibm/ccm/db2_users_passwd.sh itmuser
This changes the password of itmuser on the system where the Cloud APM server is installed, updates the Cloud APM server configuration with the modified password, and restarts the Cloud APM server.
4) On the APM server there is also a db2apm user which is used by the DB2 client. The password of this user is independent of the server DB2 password on the remote machine.
However if the password needs to be changed again use the db2_users_passwd.sh script as this will update the APM server with the change.
This change will not result in APM being restarted.
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.1.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
UID
ibm10884170