两个db2 Password validation for user failed

上夜班，客户的应用无法连接报障

AIX7.1 db2 v9.5

1. 2016-08-30-18.53.51.135560+000 I266760A445 LEVEL: Warning
   
2. PID : 61014180 TID : 83891 PROC : db2sysc 0
   
3. INSTANCE: db2inst2 NODE : 000 DB : ICCDB21
   
4. APPHDL : 0-62801
   
5. EDUID : 83891 EDUNAME: db2agent (ICCDB21) 0
   
6. FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
   
7. DATA #1 : String with size, 67 bytes
   
8. Password validation for user iccuser2 failed with rc = -2146500316

2016-08-30-17.58.24.021455+000 I249818A445        LEVEL: Warning
PID     : 61014180             TID  : 61366       PROC : db2sysc 0
INSTANCE: db2inst2             NODE : 000         DB   : ICCDB21
APPHDL  : 0-61915
EDUID   : 61366                EDUNAME: db2agent (ICCDB21) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 67 bytes
Password validation for user iccuser2 failed with rc = -2146500316


iccuser2就是被锁了


db2inst2@bhprddb2001:/db2home/db2inst2# db2diag -rc -2146500316


Input ZRC string '-2146500316' parsed as 0x800F0124 (-2146500316).


ZRC value to map: 0x800F0124 (-2146500316)
        V7 Equivalent ZRC value: 0xFFFF8601 (-31231)


ZRC class :
        SQL Error, User Error,... (Class Index: 0)
Component:
        SQLO ; oper system services (Component Index: 15)
Reason Code:
        292 (0x0124)


Identifer:
        SQLO_USR_REVOKED
Identifer (without component):
        SQLZ_RC_REVUSR


Description:
        Userid is revoked


Associated information:
        Sqlcode -30082
SQL30082N  Security processing failed with reason "" ("").


        Number of sqlca tokens : 2
        Diaglog message number: 1



2016-08-30-18.03.45.447338+000 I250264A444        LEVEL: Warning
PID     : 61014180             TID  : 57267       PROC : db2sysc 0
INSTANCE: db2inst2             NODE : 000         DB   : ICCDB21
APPHDL  : 0-61989
EDUID   : 57267                EDUNAME: db2agent (ICCDB21) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 66 bytes
Password validation for user iccuser failed with rc = -2146500507




db2inst2@bhprddb2001:/db2home/db2inst2# db2diag -rc -2146500507


Input ZRC string '-2146500507' parsed as 0x800F0065 (-2146500507).


ZRC value to map: 0x800F0065 (-2146500507)
        V7 Equivalent ZRC value: 0xFFFF8665 (-31131)


ZRC class :
        SQL Error, User Error,... (Class Index: 0)
Component:
        SQLO ; oper system services (Component Index: 15)
Reason Code:
        101 (0x0065)


Identifer:
        SQLO_BAD_PSW
Identifer (without component):
        SQLZ_RC_BADPSW


Description:
        The password is not valid for the specified userid


Associated information:
        Sqlcode -30082
SQL30082N  Security processing failed with reason "" ("").


        Number of sqlca tokens : 2
        Diaglog message number: 8111

账号重置密码就好了


参考文档
http://www-01.ibm.com/support/docview.wss?uid=swg21623221

The following table outlines other such return codes, corresponding SQL30082N return codes, explanation as to what they mean, and action plans to potentially resolve the problem. If the table doesn't help in resolving the problem, please follow the instructions at the bottom of this page to collect the necessary diagnostics prior to engaging IBM Support for faster resolution.

rc	Corresponding SQL30082N rc	Explanation	Notes
-2146500508	1	Password has expired	1. Check that DB2 user ID  naming conventions are  followed.  2. Check that password rules are followed. 3. Check that user ID is not revoked/suspended 4. Check that password has not expired. Reset if it has expired.
-2146500507	2	The password is not valid for the specified user id
-2146500290	3	Password missing
-2146500504	15, 24, 26, 36	Password length is greater than the supported password length
-2146500289	5	User ID missing
-2146500502	6	Bad User
-2146500316	7	User ID is revoked
-2146500483	19	User ID suspended
-2146500315	24	Invalid User ID or password
-2146500271	4	Security protocol violation	Collect diagnostics mentioned below.
-2146499492	15, 24	Encryption types do not match	For DB2 v9.5 FP4 and above, only the following encryption algorithms are supported:  Crypt MD5 SHA1 SHA256 SHA512 Blowfish Note that these are the encryption algorithms used by the OS to encrypt user passwords. See following link for details.
-2146500270	17	Authentication types do not match	Ensure that both client and server authentication types are same.
-2146500288	17	Unsupported function	The security mechanism specified by the client is invalid for this server. Some typical examples: 1. The client sent a new password value to a server that does not support the change password function. 2. The client sent SERVER_ENCRYPT authentication information to a server that does not support password encryption. 3. Authentication type catalog information must be the same at the server and the client. 4. The client sent a user ID (but no password) to a server that does not support authentication by user ID only. 5. The client has not specified an authentication type, and the server has not responded with a supported type. This might include the server returning multiple types from which the client is unable to choose.
-2146500301	20	Mutual authentication failed	Kerberos Authentication: The server being contacted failed to pass a mutual authentication check. The server is either an imposter, or the ticket sent back was damaged.
-2146499529	41	A trusted connection was not established, so switch user request is invalid	The client is configured to request a trusted connection and switch user in the trusted connection. A trusted connection must be established prior to switching user.
-2146499506	42	Root capability required	1. db2stop 2. Login as ROOT 3. From the instance home directory, run:  db2iupdt -k <instance name> 4. Retry connection *For non-root installation, need to run db2rfe See following link for details.
-2146500252	N/A	The specified node or server is not available	The server where authentication takes place is unavailable. For example, domain controller could not be reached, or a communication failure may have occurred in an LDAP or Kerberos environment.
-2146500307	N/A	Unable to authenticate because of system error	Collect diagnostics mentioned below.
-2146500234	25	The security plugin has disallowed the connection	If the problem takes place with the IBM provided LDAP or Kerberos plugins, set diaglevel to 4 by running the following command in your DB2 command prompt: db2 update dbm cfg using DIAGLEVEL 4 Thereafter, also collect the requested diagnostics as per instructions below. If you are using a non-IBM security plug-in and the root cause is determined to be within this plug-in code, you must contact your plug-in vendor for support. Please see the DB2 v9.7 Information Center for general information on security plug-ins.
-2146500233	26	The server security plugin encountered an unexpected error
-2146500232	27	The server security plugin encountered an invalid server credential
-2146500231	28	The server security plugin encountered an expired server credential
-2146500230	29	The server security plugin encountered an invalid security token sent by the client
-2146500229	30	The client security plugin is missing a required API
-2146500228	31	The client security plugin is of the wrong plugin type
-2146500227	32	The client security plugin does not have a matching GSS-API security plugin available for connection to the database
-2146500226	33	The client security plugin cannot be loaded
-2146500225	34	The client security plugin name is invalid
-2146500224	35	The client security plugin reports an API version that is incompatible with DB2
-2146500223	36	The client security plugin encountered an unexpected error
-2146500222	37	The server security plugin encountered an invalid principal name
-2146500221	38	The client security plugin encountered an invalid client credential
-2146500220	39	The client security plugin encountered an expired client credential
-2146500219	40	The client security plugin encountered an invalid security token sent by the server

Prior to contacting IBM Support, please ensure that you've collected the following diagnostics: 


1. DB2 Support 

In your DB2 command prompt, execute the following command: 

db2support . -s  

A db2support.zip file will be dumped. 


2. DB2 Trace 

In your DB2 command prompt, execute the following commands at the database server to capture the problem: 

db2trc on -t -f trace.dmp  
<reproduce the problem from command line to hit SQL30082N>  
db2trc off  
db2trc fmt trace.dmp trace.fmt  
db2trc flw -t trace.dmp trace.flw  
db2trc fmt -c trace.dmp trace.fmtc  

Please place the .flw, .fmt, and .fmtc files into a folder and zip it. 

3. File Upload Instructions 

http://www-01.ibm.com/support/docview.wss?rs=71&&uid=swg21243808

Related information

SQL30082N

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/29023300/viewspace-2124240/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/29023300/viewspace-2124240/