IBM Support

QMGTOOLS: Blue Diamond FTP

Troubleshooting


Problem

Is there an easy way to FTP data to the Blue Diamond FTP server?

Resolving The Problem

QMGTOOLS has a function that allows a user to FTP data to the Blue Diamond FTP server.

Note: The following URL is for BD support. If you believe the IBM i's configuration is correct (SSL configurations, etc.), BD support can help with user ID or other types of errors. Also, refer to Step 4 for what the FTP process does.


https://www-01.ibm.com/software/support/BlueDiamondRegistration.html

Also, the tool checks to see whether port 22 is accessible to the Blue Diamond server. If that port is accessible, it sends data by using SFTP. SFTP is different than FTPS (or SSL FTP) as SFTP uses port 22 (normally for SSH) whereas SSL FTP uses port 990.

Step 1
Obtain QMGTOOLS following instructions from this URL:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1011297

Note : Make sure you are at the latest build of QMGTOOLS. Refer to this URL:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020468


 
Step 2

On the main menu of QMGTOOLS (GO QMGTOOLS/MG), choose the option to FTP data to IBM and choose *BDFTP.
Note: You need a user ID and password to access the server. Refer to the following URL:
http://www-01.ibm.com/software/support/BlueDiamondRegistration.html




 
Step 3

Required parameters:
- FTPTYPE set to *BDFTP
- IBM/BD ID user must be set
- IBM/BD password must be set
- FILETYPE is either a save file or a file in the IFS (example shown is using file type of *SAVF)
- PMR information (includes PMR number, Branch number, and Country number)
Optional parameters
- FTP port - the port to connect to the FTP server (default is 990)
- Secure connection - security mechanism
- Upload directory - the directory to upload data
- Try SFTP - Y or N to try SFTP (port 22) to the BD FTP server
FTP2IBMCMD screen shot
FTP2IBMCMD screen shot

 
Step 4

The FTP process flow:
- If port 22 (SSH) is accessible, it uses SFTP (secure FTP) to connect to IBM for the transfer

OR

- If port 22 is not accessible, the tool uses FTPS (SSL FTP)
- Attempt to contact the Blue Diamond server over port 990
- If port 990 is accessible, the tool checks for a welcome screen, else there is an SSL error
- If there is an SSL error, the tool asks if you would like to import the digital certificate and try again
- If everything passes, the tool will FTP the data to the Blue Diamond server
- During the transfer, ports 28000-28500 are used, the client's firewall needs to allow these ports opened to the Blue Diamond FTP server

Note: If an SSL error occurs, the tool runs the command SETUPBDENV to import the digital certificate. The default password is 'default'. If you do not know the password, refer to the Troubleshooting section under the Invalid Store Password section.


 
Step 5

You can check the FTP status from the main QMGTOOLS menu (GO QMGTOOLS/MG).




  • - Details of sending data to IBM via *BDFTP



    An example of sending a save file to IBM via *BDFTP option

    - *BDFTP user and password assigned to the user
    - PMR is 11111
    - Branch is 222
    - Country is 333
    - File type is *SAVF
    - Save file is DAGGITY in library QTILIB




    During the FTP process, the tool renames the file to this format:

    11111.222.333.DAGGxxxxxx.savf where:

    11111 is the PMR number
    222 is the branch number
    333 is the country number
    xxxxxx is the microseconds taken from QDATETIME when the process is started

    Note: Since IBM i file names have a limit of 10 characters, the tool overrides the last 6 characters of the save file with the microseconds. This renaming process also applies to *STDFTP. The file gets renamed to avoid duplicate files on IBM.

    For a Blue Diamond customer, an email update is something like this:

    File Uploaded to: /IBM/Testcust01 - From: 129.42.161.35
    Event: File Uploaded
    Server Local Time: 30 Mar 16 15:51:57
    File Name: 11111.111.111.DAGG998488.savf
    Folder Path: /IBM/Testcust01
    File Size: 29568 bytes
    Remote IP: 129.42.161.35
    Logon Name: MSCI\mrdagbo
    Full Name: Mr. Dagbo
    Protocol: TLS



    Example of sending an IFS file *BDFTP option

    - *BDFTP user and password assigned
    - PMR is 11111
    - Branch is 222
    - Country is 333
    - File type is *IFS
    - IFS file is /tmp/IBMDATA017.zip




    File Uploaded to: /IBM/Testcust01 - From: 129.42.161.36
    Event: File Uploaded
    Server Local Time: 31 Mar 16 06:20:19
    File Name: 11111.222.333.IBMDATA017.zip
    Folder Path: /IBM/Testcust01
    File Size: 1082821 bytes
    Remote IP: 129.42.161.36
    Logon Name: MSCI\mrdagbo
    Full Name: Mr Dagbo
    Protocol: TLS


    During the FTP process, the tool renames the file to send as:

    11111.222.333.IBMDATA017.zip

    11111 is the PMR number
    222 is the branch number
    333 is the country number

    The tool does not modify the file. If there are multiple sends of the same file name, the Blue Diamond FTP server appends "Copy of" to the file or "Copy (x) of" where x is the copy number.
     

 





Troubleshooting Section For SSL FTP (FTPS) NOT SFTP

 
Invalid Store Password

The tool needs the *SYSTEM store password to import the digital certificate. Password default is the default password.



If you do not the know the *SYSTEM store password, you can change it.

1) Make sure the HTTP admin job is running. The job is ADMIN (WRKJOB ADMIN). If this job is inactive, start it with this command:
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

2) Open up a web browser and navigate to URL where xxxxxxxxxx is the IP or hostname of the IBM i:
http://xxxxxxxxxx:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

3) Click "Select A Certificate Store" button. On the left pane, choose *SYSTEM and click Continue.




4) Click the "Reset Password" button to reset the password




 
SSL Error Still Exists After The Tool Imports The Digital Certificate

1) Make sure the HTTP admin job is running. The job is ADMIN (WRKJOB ADMIN). If this job is inactive, start it with this command :
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

2) Open up a web browser and navigate to URL where xxxxxxxxxx is the IP or hostname of the IBM i:
http://xxxxxxxxxx:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

3) Click "Select A Certificate Store" button. On the right pane, choose *SYSTEM and click Continue. The next screen will ask for a password for the *SYSTEM store.




4) After you enter the *SYSTEM store, navigate on the left pane to "Fast Path" and click "Work With CA Certificate"




5) Verify whether these certificates are there. If not, then the tool failed to import the digital certificate.




R710 and later

a) If at OS release V7R1M0 and later, click "Fast Path" and click "Work With Client Applications". On the right pane, select "i5/OS TCP/IP FTP Client" and click "Work With Application" button. On the right pane, check for Blue Diamond FTP Client. If it is not there, then the tool failed to import the digital certificate correctly. Try the import again.




R610 Only

a) If at OS release V6R1M0, click "Fast Path" and click "Work With Client Applications". On the right pane, select "i5/OS TCP/IP FTP Client" and click "Work With Application" button.




b) Check the parameter "Define the CA trust list". If set to yes, then you have 2 options. Select no and hit apply like in the following sample:



Or follow step 3 in this URL to add certificates GEOTRUINT and GEOTRUROOT to the trust list in the FTP client:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1014798

 

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"General Information","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"Standard","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
18 December 2019

UID

nas8N1021199