IBM Support

SQL8000N executing db2start when AUTHENTICATION is set to data encryption, kerberos or gssplugin.

Question & Answer


Question

On UNIX®, Linux® and Windows platforms, data encryption, kerberos or gssplugin are not allowed without the Advanced Security Option license.

Cause

Under DB2® Version 8.1 FixPak 7 (DB2 Version 8.2 FixPak 1) for Linux®, UNIX® and Windows platforms, a new feature called Advanced Security Option (ASO) was added to allow users to utilize data encryption, kerberos or gssplugin security mechanisms. The Advanced Security Option feature is enabled when setting the Database Manager Configuration parameter AUTHENTICATION to either of the following values:


    DATA_ENCRYPT

    DATA_ENCRYPT_CMP

    KERBEROS

    KRB_SERVER_ENCRYPT

    GSSPLUGIN

    GSS_SERVER_ENCRYPT


This feature must be activated with a special DB2 license file called db2secur.lic. As a result of this feature not being activated, db2start will fail to start the instance generating SQL8000N error code.

SQL8000N DB2START processing failed; a valid product license was not found.

The following message will be generated in the db2diag.log file:



2007-08-08-13.40.29.481334-240 I291019C342   LEVEL: Severe
PID     : 4972778              TID  : 1      PROC : db2sysc
INSTANCE: rodeh                NODE : 000
FUNCTION: DB2 UDB, oper system services, sqloRunInstance, probe:353
MESSAGE : Advanced Security Option specified in dbm cfg parameter with insufficient license

This feature checking effects DB2 Version 8 Enterprise Server Edition, DB2 Version 8 Workgroup Server Edition, and DB2 Version 8 Workgroup Server Unlimited Edition.

The check is removed under DB2 Version 8.1 FixPak 16 on Windows platform,
DB2 fixpaks prior to FP16 still check for the ASO license when the check should have been obsolete.
DB2 Connect, is also effected, where adding the license file does not resolve the issue.This issue has been resolved in DB2 Version 8.1 FixPak 17.
The check does not affect DB2 Version 9 product family.

Answer

The recommended resolution to the SQL8000N error message is to install fixpak 17 or higher.


DB2 UDB Version 8.1 users who are unable to install FP17 or higher and are planning to use an authentication type of data encryption, kerberos or gssplugin need to contact IBM DB2 Technical Support in order to get a copy of the Advanced Security Option license file; db2secur.lic. Once the file is obtained, the user can activate the license using the following command :


     db2licm -a db2secur.lic

Once the license is activated, view the license entry using the following command :

     db2licm -l

The output should have an entry similar to the following:

Product Name                  = "DB2 Advanced Security Option"
Product Identifier            = "DB2ASO"
Version Information           = "8.2"
Expiry Date                   = "Permanent"
Annotation                    = ""
Other information             = ""

db2secur.lic

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Database Objects\/Config - Instance","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8","Edition":"Enterprise Server;Workgroup Server","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 June 2018

UID

swg21268666