Troubleshooting
Problem
Running command "db2 create database test encrypt" returns error SQL1782N RC=8. Customer setting up DB2 Native Encryption and is using V11 m2fp2 and has configured the following parameters in the KMIP Configuration file: VERSION=1 KEYSTORETYPE=KEYSECURE *** note the above parameter is deprecated and replaced with the following: *** PRODUCT_NAME=KEYSECURE ALLOW_KEY_INSERT_WITHOUT_KEYSTORE_BACKUP=TRUE SSL_KEYDB=/opt/test/KMIP/clientkeydb.p12 SSL_KEYDB_STASH=/opt/test/KMIP/clientkeydb.sth SSL_KMIP_CLIENT_CERTIFICATE_LABEL=testdb2inst1_client DEVICE_GROUP=DB2 MASTER_SERVER_HOST=testdb2inst1.prod.test.com MASTER_SERVER_KMIP_PORT=5696 ALLOW_NONCRITICAL_BASIC_CONSTRAINT=TRUE NOTE: ALLOW_NONCRITICAL_BASIC_CONSTRAINT=TRUE is only available from v11 m2fp2 and is used to allow you to bypass the 'critical' constraint in basicConstraints. Not all keystores support critical.
Symptom
The db2diag.log file will have following message after you run "db2 create database test encrypt"
SQL1782N The command or operation failed because an error was encountered
accessing the centralized key manager. Reason code "8".
Dialog:
PID : 38273194 TID : 4371 PROC : db2sysc 0
INSTANCE: db2inst1 NODE : 000 DB :
APPHDL : 0-7 APPID: *LOCALdb2inst1.180206222453
AUTHID : db2inst1 HOSTNAME: myhost1
EDUID : 4371 EDUNAME: db2agent (instance) 0
FUNCTION: DB2 UDB, bsu security, sqlexInsertNewMasterKeyLabelKMIP, probe:1596
MESSAGE : ZRC=0x805C0918=-2141452008=SQLEX_KMIP_ERROR
"The KMIP request returned an error."
DATA 1 : String, 59 bytes
Call failed at master/clone; will try the same master/clone
DATA 2 : String, 49 bytes
clone, total clones, retry count, max retry count
DATA 3 : signed integer, 4 bytes
-1
DATA 4 : signed integer, 4 bytes
0
DATA 5 : unsigned integer, 4 bytes
4
DATA 6 : unsigned integer, 4 bytes
50
SQL1782N The command or operation failed because an error was encountered
accessing the centralized key manager. Reason code "8".
Dialog:
PID : 38273194 TID : 4371 PROC : db2sysc 0
INSTANCE: db2inst1 NODE : 000 DB :
APPHDL : 0-7 APPID: *LOCALdb2inst1.180206222453
AUTHID : db2inst1 HOSTNAME: myhost1
EDUID : 4371 EDUNAME: db2agent (instance) 0
FUNCTION: DB2 UDB, bsu security, sqlexInsertNewMasterKeyLabelKMIP, probe:1596
MESSAGE : ZRC=0x805C0918=-2141452008=SQLEX_KMIP_ERROR
"The KMIP request returned an error."
DATA 1 : String, 59 bytes
Call failed at master/clone; will try the same master/clone
DATA 2 : String, 49 bytes
clone, total clones, retry count, max retry count
DATA 3 : signed integer, 4 bytes
-1
DATA 4 : signed integer, 4 bytes
0
DATA 5 : unsigned integer, 4 bytes
4
DATA 6 : unsigned integer, 4 bytes
50
Cause
DB2 does not support the use of the DEVICE_GROUP=DB2 with KEYSECURE
Environment
AIX
Diagnosing The Problem
Check the KMIP config file for the DEVICE_GROUP=DB2 or collect a db2trc and search for it.
Resolving The Problem
Remove DEVICE_GROUP=DB2 from the KMIP configuration file and restart DB2.
Related Information
[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Security \/ Plugins - Encryption","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"11.1","Edition":"Advanced Enterprise Server;Advanced Workgroup Server;Enterprise Server;Workgroup Server","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
07 December 2022
UID
swg22013589