IBM Support

Connection to DB2 using SSL may fail loading GSKIT library on windows

Troubleshooting


Problem

When multiple GSKit libraires installed on windows, application using SSL to connect to DB2 may fail with unexpected errors.

Symptom

Application connection to db2 may fail with sql1042c error.

Cause

The reason is that when different versions of GSkit installed on one system, all users of GSkit within a single process must use the same version.

This presents problems in a scenario where one IBM product uses another product and both of them also use GSKit. For example, some Tivoli products use GSKit and also load the DB2 client library (which uses GSkit). Another example is that DB2 itself sometimes the IBM LDAP client (as part of the DB2 LDAP plugins), can load GSkit if SSL is configured.

To make it easier to configure multiple IBM products to use the same GSKit, GSKit will first attempt to load the libraries using an "unqualified" name. This causes the OS to search the PATH (on Windows) and take the first version that it finds.

If the version of GSkit in that directory is either old enough to be incompatible with DB2 v9.7 or comes from a version of GSkit that does not support FIPS mode which is the default mode of DB2, the SSL connection may fail.

Environment

DB2 LUW on windows

Diagnosing The Problem

In db2diag.log, the following message may be observed:

2013-08-14-14.59.58.861000+480 I36149H571 LEVEL: Error
PID : 7888 TID : 6028 PROC : odbcad32.exe
INSTANCE: DB2 NODE : 000
EDUID : 6028
FUNCTION: DB2 Common, Cryptography, cryptContextRealInit, probe:40
MESSAGE : ECF=0x90000403=-1879047165=ECF_CRYPT_UNEXPECTED_ERROR
Unexpected cryptographic error
DATA #1 : Hex integer, 4 bytes
0x00000004
DATA #2 : Hex integer, 4 bytes
0x00000000
DATA #3 : Hex integer, 4 bytes
0x00000000
DATA #4 : String, 42 bytes
The specified module could not be found.

2013-08-16-10.38.59.135000+480 I109401H588 LEVEL: Error
PID : 1456 TID : 9124 PROC : odbcad32.exe
INSTANCE: DB2 NODE : 000
EDUID : 9124
FUNCTION: DB2 Common, Cryptography, cryptDynamicLoadGSKitCrypto, probe:999
MESSAGE : ECF=0x90000075=-1879048075=ECF_LIB_ALREADY_LOADED
Library is already loaded
DATA #1 : unsigned integer, 4 bytes
100
DATA #2 : String, 12 bytes
gsk8iccs.dll
DATA #3 : String, 7 bytes
not set
DATA #4 : Hexdump, 0 bytes
Object not dumped: Address: 0x00000000 Size: 0 Reason: Address is NULL

Resolving The Problem

Put C:\Program Files\IBM\SQLLIB\BIN\ICC64;C:\Program Files\IBM\SQLLIB\BIN\ICC at the front of the PATH environment variable

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"DB2 Tools - Troubleshooting","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.7;9.5;10.1;10.5;11.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 June 2018

UID

swg21649303

Page Feedback