Troubleshooting
Problem
After upgrading from IBM i Access for Windows v710 to IBM Access Client Solutions, IBM i applications that utilized RUNRMTCMD to run commands on Windows PCs no longer work.
Symptom
Error message CPE3447 - "A remote host did not respond within the timeout period."
Cause
This is the expected message because RUNRMTCMD uses the deprecated (and insecure) rexec protocol (standard port 512).
IBM does not have any currently-supported software that supports the rexec protocol on a Windows system.
Also, most network firewalls will filter out traffic on port 512 and if a security audit is performed, any traffic on that port will be flagged.
IBM does not have any currently-supported software that supports the rexec protocol on a Windows system.
Also, most network firewalls will filter out traffic on port 512 and if a security audit is performed, any traffic on that port will be flagged.
Environment
IBM i ; Windows
Diagnosing The Problem
The deprecated IBM i software product - "IBM i Access for Windows", had an Incoming remote command daemon (cwbrxd.exe) which caused an rexec listener to be present on port 512 on Windows PCs which the IBM i RUNRMTCMD command could communicate with.
That product, and the rexec daemon it supplied are no longer supported. This change was needed because rexec is a very old TCP/IP protocol and lacks robust security (credentials were passed in plain text). In modern environments, usage of an rexec daemon such as cwbrxd would not pass a security audit.
That product, and the rexec daemon it supplied are no longer supported. This change was needed because rexec is a very old TCP/IP protocol and lacks robust security (credentials were passed in plain text). In modern environments, usage of an rexec daemon such as cwbrxd would not pass a security audit.
Resolving The Problem
Alternative options to accomplish similar functionality are:
1) Remote Command Execution from IBM i to Microsoft Windows Open SSHD
Note that it relies on Open Source software and, as such, lacks official IBM support.
Note that it relies on Open Source software and, as such, lacks official IBM support.
2) IBM i commands STRPCO and STRPCCMD. This pair of commands can execute things on a Windows client with the requirement that there be a pre-existing ACS PC5250/Telnet session since that is what is used for the communications.
So, if a user were in a PC5250 session running an RPG program or menu, they could take an option that would cause the IBM i program to send a command to their local Windows client.
For example:
Using the STRPCCMD Command to View or Edit HTML Files
For example:
Using the STRPCCMD Command to View or Edit HTML Files
3) Many IBM i programs that were utilizing RUNRMTCMD were doing so in order to accomplish the transfer of data - usually using the IBM i Access for Windows "Data Transfer" function in conjunction with a mapped network drive.
Thanks to the new IBM Access Client Solutions product being pure java, and the IBM i possessing a JVM, those transfers can now be run natively on the IBM i. Please see :
Automating ACS Data Transfer
...specifically the section "ACS Data Transfer directly on the IBM i:"
...specifically the section "ACS Data Transfer directly on the IBM i:"
Document Location
Worldwide
[{"Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z000000cwMLAAY","label":"Data Access->Data Transfer"}],"ARM Case Number":"TS004663303","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
14 December 2020
UID
ibm16381858