Troubleshooting
Problem
The installation of the Rational Directory Server (RDS) - Tivoli version on Microsoft Windows requires a pre-install of Tivoli and DB2. But these in turn require a number of Windows Users and Groups and a specific set of User Rights Assignments. However at some client sites, the local Group Policy settings may be such that it proves impossible to successfully install the requiredTivoli/DB2 variant. This is particularly prevalent in Microsoft Windows 2003 where additional security settings are possible. This document explains how to check the user rights assignments and, if necessary, to turn off the default DB2 extended security so that the installation can proceed successfully.
Symptom
Installation of RDS fails with errors in the ibmslapd.log file shows an error GLPRDB001E Error code -1 from function: "SQLExecDirect " CREATE TABLE TDSADMIM.LDAP_ENTRY ( EID INTEGER NOT NULL, PEID INTEGER, DN_TRUNC VARCHAR(240), DN VARCHAR(1000), CREATOR VARCHAR(1000), MODIFIER VARCHAR(1000), MODIFY_TIMESTAMP TIMESTAMP, CREATE_TIMESTAMP TIMESTAMP, ENTRYDATA VARCHAR(24004), ENTRYBLOB BLOB(1G) LOGGED, ENTRYSIZE INTEGER, PRIMARY KEY (EID))
Diagnosing The Problem
As with all RDS install issues, once the installation is completed Check the following log files:
- <RDS_Installhome>\logs\createinstance.log
- <RDS_Installhome>\logs\createdb.log
If there are no errors in these logs, look at the following log file:
<InstallRoot>\idsslapd-tdsadmin\logs\ibmslapd.log
Also you should check the Tivoli/DB2 installation logs.
The IBM Tivoli Directory Server and RDS log files can be found in the following location:
- <RDS_InstallHome>\logs
- <RDS_InstallHome>\RDS_5.1_InstallLog.log
- <TivoliInstallHome>\LDAP\V6.2\var
- <InstallRootDrive>\idsslapd-tdsadmin\logs
- <InstallRootDrive>\TDSADMIN\db2diag.log
- <InstallRootDrive>\TDSADMIN\stmmlog
Identifying the Microsoft Windows User Rights Assignment Security Issue
On the main InstallAnywhere window you may have messages about creating the instance , then creating the database. Then a message saying "Installing....". Finally it may fail, and in the main window displays "Installing ... Message Dialog: Error"
In the error window, it says: "Server installation" and "the RDS Server Startup has failed" One button is marked OK. Clicking this button causes InstallAnywhere to close.
Check the following log files:
- <RDS_Installhome>\logs\createinstance.log
- <RDS_Installhome>\logs\createdb.log
If there are no errors in these logs, look at the following log file:
<InstallRoot>\idsslapd-tdsadmin\logs\ibmslapd.log
createinstance.log does not show any errors. Last line reads "GLPICR032I Added database instance 'tdsadmin' to directory server instance: 'tdsadmin'.
createdb.log does not show any errors. Last line reads: GLPCDB003I Added database 'rdsdb' to directory server instance: 'tdsadmin'
ibmslapd.log shows an error.... eg.
Dec 16 16:55:55 2009 GLPSRC200I Initializing primary database and its connections.
DEC 16 17:02:10 GLPRDB001E Error code -1 from function: "SQLExecDirect " CREATE TABLE TDSADMIM.LDAP_ENTRY ( EID INTEGER NOT NULL, PEID INTEGER, DN_TRUNC VARCHAR(240), DN VARCHAR(1000), CREATOR VARCHAR(1000), MODIFIER VARCHAR(1000), MODIFY_TIMESTAMP TIMESTAMP, CREATE_TIMESTAMP TIMESTAMP, ENTRYDATA VARCHAR(24004), ENTRYBLOB BLOB(1G) LOGGED, ENTRYSIZE INTEGER, PRIMARY KEY (EID)) .
DEC 16 17:02:10 GLPSRV064E Failed to initialize be_config.
...and...
DEC 16 17:03:45 GLPRDB001E Error code -1 from function:" SQLConnect " rdsdb .
DEC 16 17:03:45 GLPSRV004I Terminating Server.
Resolving The Problem
The installer by default, creates the local Windows user tdsinst and groups DB2USERS
and DB2ADMNS. The installer should create these automatically. You should verify that the following Security Policies are specifically set for these users and groups (use 'secpol.msc /s').
Policy User/Group Security Setting
Access this computer from the network DB2ADMNS, DB2USERS
Act as part of the operating system db2admin
Adjust memory quotas for a process DB2ADMNS, db2admin
Back up files and directories DB2ADMNS
Create a token object DB2ADMNS, db2admin
Create global objects DB2ADMNS, DB2USERS
Debug programs DB2ADMNS
Generate security audits DB2ADMNS
Impersonate a client after authentication DB2ADMNS
Increase scheduling priority DB2ADMNS
Lock pages in memory DB2ADMNS, db2admin
Log on as a service DB2ADMNS, db2admin
Manage auditing and security log DB2ADMNS
Modify firmware environment values DB2ADMNS (In Windows 2003 only)
Replace a process level token DB2ADMNS, db2admin
Restore files and directories DB2ADMNS
Take ownership of files or other objects DB2ADMNS
SeAuditPrivilege must be enabled for the database and table create functions to succeed. SeAudit Priv is a User Rights Assignment (Generate Security Audits) but sometimes, although it seems that the users have all the required rights, the installer fails as in the above example.
In this instance we need to turn off DB2 extended Security before trying to run the RDS install.
Procedure:
run db2cmd.exe to open a DB2 command line session
Run this on the db2 cli :
set DB2INSTANCE=<db2instancename>
...where rdsdb is the dbname
db2set DB2_EXTSECURITY=NO
after setting this parameter, cycle the DB2 instance..
db2stop
db2start
Check with db2set -all
After this clear down RDS and the tdsadmin instance and try the RDS install anew
Related Information
Was this topic helpful?
Document Information
Modified date:
22 December 2020
UID
swg21416448