IBM Support

Connection to a DB2 V9.5 or higher database may hang when using VAS

Technote (troubleshooting)


Problem(Abstract)

New connections to a database may hang when using Vintella Authentication Services plug-in with DB2 V9.5 or higher.

Symptom

New connections will hang when attempting to authenticate the user. If the stacktrace of the db2agent connection is captured using "db2pd -stack <eduid>" you may see the most recent function calls as:

vas_db2_plugin_outcall_getgroups
vas_db2_plugin_lookup_groups


Cause

The VAS plugin for DB2 V9.5 and higher is no longer supported by VAS and should not be used. From the Quest website it's stated:
For DB2 9.5 and up Quest now recommends using the DB2 built-in functionality to connect to Active directory instead of the Quest DB2 plugin.

The functionality in DB2 is called Transparent LDAP authentication. Transparent LDAP authentication allows users to authenticate through the OS ( LAM on AIX, otherwise PAM, like the Quest DB2 Security Plugin ), which can then use QAS. This does not require setting up LDAP, QAS fulfills that role.

For more information, please read SOLUTION 64305. NOTE: The Quest DB2 plugin is no longer being activly developed. It will remain supported for the forseeable future since not all versions of DB2 have the new functionality, and the new functionality doesn't work for all users ( AIX local group problem explained in the given link ).


Diagnosing the problem

  1. Connect to the database and locate the db2agent via "GET SNAPSHOT FOR APPLICATIONS" and/or "DB2PD -EDUS".
  2. Locate the edu ID of the db2agent and dump the stacktrace using "DB2PD -STACK <EDUID>".
  3. This will generate a trap file in your DIAGPATH. The file name will contain the PID of the db2sysc process and the EDU ID.
  4. The stacktrace should show the most recent function calls as VAS calls. These typically start as "vas_db2_plugin_...".

Resolving the problem

As Quest has recommended, for DB2 V9.5 and higher you should use Transparent LDAP authentication. More information can be found on the Quest site under SOLUTION 64305.

Related information

DB2 V9.5+ with VAS Plug-In
DB2 and Transparent LDAP Authentication
DIAGPATH

Document information

More support for: DB2 for Linux, UNIX and Windows
Security / Plug-Ins - IBM Suplied/Default

Software version: 9.5, 9.7, 10.1, 10.5

Operating system(s): AIX, HP-UX, Linux, Solaris

Reference #: 1571620

Modified date: 19 January 2015