Question & Answer
Question
On UNIX®, Linux® and Windows platforms, data encryption, kerberos or gssplugin are not allowed without the Advanced Security Option license.
Cause
Under DB2® Version 8.1 FixPak 7 (DB2 Version 8.2 FixPak 1) for Linux®, UNIX® and Windows platforms, a new feature called Advanced Security Option (ASO) was added to allow users to utilize data encryption, kerberos or gssplugin security mechanisms. The Advanced Security Option feature is enabled when setting the Database Manager Configuration parameter AUTHENTICATION to either of the following values:
DATA_ENCRYPT
DATA_ENCRYPT_CMP
KERBEROS
KRB_SERVER_ENCRYPT
GSSPLUGIN
GSS_SERVER_ENCRYPT
This feature must be activated with a special DB2 license file called db2secur.lic. As a result of this feature not being activated, db2start will fail to start the instance generating SQL8000N error code.
SQL8000N DB2START processing failed; a valid product license was not found.
The following message will be generated in the db2diag.log file:
2007-08-08-13.40.29.481334-240 I291019C342 LEVEL: Severe
PID : 4972778 TID : 1 PROC : db2sysc
INSTANCE: rodeh NODE : 000
FUNCTION: DB2 UDB, oper system services, sqloRunInstance, probe:353
MESSAGE : Advanced Security Option specified in dbm cfg parameter with insufficient license
This feature checking effects DB2 Version 8 Enterprise Server Edition, DB2 Version 8 Workgroup Server Edition, and DB2 Version 8 Workgroup Server Unlimited Edition.
The check is removed under DB2 Version 8.1 FixPak 16 on Windows platform,
DB2 fixpaks prior to FP16 still check for the ASO license when the check should have been obsolete.
DB2 Connect, is also effected, where adding the license file does not resolve the issue.This issue has been resolved in DB2 Version 8.1 FixPak 17.
The check does not affect DB2 Version 9 product family.
Answer
The recommended resolution to the SQL8000N error message is to install fixpak 17 or higher.
DB2 UDB Version 8.1 users who are unable to install FP17 or higher and are planning to use an authentication type of data encryption, kerberos or gssplugin need to contact IBM DB2 Technical Support in order to get a copy of the Advanced Security Option license file; db2secur.lic. Once the file is obtained, the user can activate the license using the following command :
db2licm -a db2secur.lic
Once the license is activated, view the license entry using the following command :
db2licm -l
The output should have an entry similar to the following:
Product Name = "DB2 Advanced Security Option"
Product Identifier = "DB2ASO"
Version Information = "8.2"
Expiry Date = "Permanent"
Annotation = ""
Other information = ""
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21268666