Results 1 to 3 of 3
  1. #1
    Join Date
    Sep 2006
    Location
    Columbus, OH
    Posts
    69

    Unanswered: Finding the failed login app

    DB2 8.2
    AIX 5L

    I'm seeing a failed login every 1 minute in the dbdiag.log. I am trying to find out what script/app has the wrong password set which is causing this error. Looking for some tips to hunt this down.




    Code:
    2008-01-17-09.36.28.237620-300 I119118C273        LEVEL: Warning
    PID     : 83102                TID : 1
    FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage, probe:20
    DATA #1 : String, 67 bytes
    Password validation for user tivinp01 failed with rc = -2146500507
    
    
    2008-01-17-09.36.28.237795-300 I119392C487        LEVEL: Warning
    PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
    INSTANCE: tivinp01             NODE : 000         DB   : TEC38
    APPHDL  : 0-1035
    FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:900
    MESSAGE : application id:
    DATA #1 : Hexdump, 26 bytes
    0x2FF13750 : 3942 4234 3341 3537 2E41 3532 342E 3038    9BB43A57.A524.08
    0x2FF13760 : 3031 3137 3134 3336 3238                   0117143628
    
    2008-01-17-09.36.28.238114-300 I119880C403        LEVEL: Warning
    PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
    INSTANCE: tivinp01             NODE : 000         DB   : TEC38
    APPHDL  : 0-1035
    FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:901
    MESSAGE : client pid:
    DATA #1 : Hexdump, 4 bytes
    0x3018DA74 : 0000 0000                                  ....
    
    2008-01-17-09.36.28.238381-300 I120284C403        LEVEL: Warning
    PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
    INSTANCE: tivinp01             NODE : 000         DB   : TEC38
    APPHDL  : 0-1035
    FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:902
    MESSAGE : client tid:
    DATA #1 : Hexdump, 4 bytes
    Thanks,
    Charlie

  2. #2
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1
    The highlighted part below:
    Code:
    2008-01-17-09.36.28.237795-300 I119392C487        LEVEL: Warning
    PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
    INSTANCE: tivinp01             NODE : 000         DB   : TEC38
    APPHDL  : 0-1035
    FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:900
    MESSAGE : application id:
    DATA #1 : Hexdump, 26 bytes
    0x2FF13750 : 3942 4234 3341 3537 2E41 3532 342E 3038    9BB43A57.A524.08
    0x2FF13760 : 3031 3137 3134 3336 3238                   0117143628
    
    looks like an application ID, which contains the source IP address (9BB43A57 in this case).
    ---
    "It does not work" is not a valid problem statement.

  3. #3
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    You are going to have to do it the hard way. You have the username (tivinp01) that is being used. You might be able to use the db2diag utility to get more information. After that you will have to figure it out outside DB2.

    Andy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •