Troubleshooting
Problem
When multiple GSKit libraires installed on windows, application using SSL to connect to DB2 may fail with unexpected errors.
Symptom
Application connection to db2 may fail with sql1042c error.
Cause
The reason is that when different versions of GSkit installed on one system, all users of GSkit within a single process must use the same version.
This presents problems in a scenario where one IBM product uses another product and both of them also use GSKit. For example, some Tivoli products use GSKit and also load the DB2 client library (which uses GSkit). Another example is that DB2 itself sometimes the IBM LDAP client (as part of the DB2 LDAP plugins), can load GSkit if SSL is configured.
To make it easier to configure multiple IBM products to use the same GSKit, GSKit will first attempt to load the libraries using an "unqualified" name. This causes the OS to search the PATH (on Windows) and take the first version that it finds.
If the version of GSkit in that directory is either old enough to be incompatible with DB2 v9.7 or comes from a version of GSkit that does not support FIPS mode which is the default mode of DB2, the SSL connection may fail.
Environment
DB2 LUW on windows
Diagnosing The Problem
In db2diag.log, the following message may be observed:
2013-08-14-14.59.58.861000+480 I36149H571 LEVEL: Error
PID : 7888 TID : 6028 PROC : odbcad32.exe
INSTANCE: DB2 NODE : 000
EDUID : 6028
FUNCTION: DB2 Common, Cryptography, cryptContextRealInit, probe:40
MESSAGE : ECF=0x90000403=-1879047165=ECF_CRYPT_UNEXPECTED_ERROR
Unexpected cryptographic error
DATA #1 : Hex integer, 4 bytes
0x00000004
DATA #2 : Hex integer, 4 bytes
0x00000000
DATA #3 : Hex integer, 4 bytes
0x00000000
DATA #4 : String, 42 bytes
The specified module could not be found.
2013-08-16-10.38.59.135000+480 I109401H588 LEVEL: Error
PID : 1456 TID : 9124 PROC : odbcad32.exe
INSTANCE: DB2 NODE : 000
EDUID : 9124
FUNCTION: DB2 Common, Cryptography, cryptDynamicLoadGSKitCrypto, probe:999
MESSAGE : ECF=0x90000075=-1879048075=ECF_LIB_ALREADY_LOADED
Library is already loaded
DATA #1 : unsigned integer, 4 bytes
100
DATA #2 : String, 12 bytes
gsk8iccs.dll
DATA #3 : String, 7 bytes
not set
DATA #4 : Hexdump, 0 bytes
Object not dumped: Address: 0x00000000 Size: 0 Reason: Address is NULL
Resolving The Problem
Put C:\Program Files\IBM\SQLLIB\BIN\ICC64;C:\Program Files\IBM\SQLLIB\BIN\ICC at the front of the PATH environment variable
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21649303