Getting SQL1092N error when running any DB2 commands as a domain id

Technote (troubleshooting)


Problem(Abstract)

Attempting to perform any DB2 commands may result in error SQL1092N when running it as a domain id and using IBM DB2 for Windows.

Cause

If your running any DB2 commands that need SYSADM, SYSCTRL, SYSMAINT or SYMON authorities, (for example:BACKUP DATABASE command) as a domain id in a local group and DB2_GRP_LOOKUP is set to LOCAL, you may end up seeing the following error in your db2diag.log:

2011-01-24-13.15.31.727000-300 E125202182F551 LEVEL: Error (OS)
PID : 5756 TID : 6996 PROC : db2syscs.exe
INSTANCE: DB2 NODE : 000 DB : BLDEV
APPHDL : 0-16 APPID: *LOCAL.DB2.110124181531
AUTHID : DB2SERVICE
EDUID : 6996 EDUNAME: db2agent (BLDEV) 0
FUNCTION: DB2 UDB, oper system services, sqloAuthzGetInformationFromSid, probe:10 MESSAGE : ZRC=0x83000005=-2097151995
CALLED : OS, -, AuthzInitializeContextFromSid
OSERR : 5 "Access is denied."

This indicates that the DB2 service account does not have the privilege to query the Domain Controller.


Diagnosing the problem

In order to verify what user is running the DB2 service please perform the following steps:

1.) Look in the Services area selecting; Start->Control Panel->Administration Tools->Services.

2.) Or if you know what the DB2 service name is using , use the Windows command sc qc

<db2_service_name> > scqc.txt

Example:

sc qc DB2-0 > scqc.txt

C:\>sc qc db2inst1

[SC] GetServiceConfig SUCCESS
SERVICE_NAME: db2inst1
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : DB2 - DB2INST1
DEPENDENCIES : LanmanServer
: +NetBIOSGroup
SERVICE_START_NAME : .\user1


Resolving the problem

To resolve this issue you need to have the DB2 services started as Domain account, not a local account. In order to change the DB2 services to a Domain account do the following:

1.) Go to Start->Control Panel->Administration Tools->Services.

2.) Find the DB2-0 process right click on it and pick "Properties".

3.) Pick the "Log On" tab.

4.) Then choose "This account" radial button, then "Browse".

5.) A window will pop up called Select User click the Advanced button, then click "Find Now".

6.) A list of all users on the machine will be shown, choose the domain user and select "OK".

7.) To save the change click "Apply" then "OK".

8.) Restart the service/instance.

Related information

SQL1092N
BACKUP DATABASE command
System administration authority (SYSADM)
System control authority (SYSCTRL)
System maintenance authority (SYSMAINT)
System monitor authority (SYSMON)
DB2_GRP_LOOKUP
Authentication with groups and domain security (Windows

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

DB2 for Linux, UNIX and Windows
DB2 Tools - CLP

Software version:

9.1, 9.5, 9.7, 10.1, 10.5

Operating system(s):

Windows

Software edition:

Enterprise Server, Express, Personal, Personal Developer's, Workgroup Server

Reference #:

1461051

Modified date:

2014-02-14

Translate my page

Machine Translation

Content navigation