IBM Support

Getting SQL1092N error when running any DB2 commands as a domain id

Troubleshooting


Problem

Attempting to perform any DB2 commands may result in error SQL1092N when running it as a domain id and using IBM DB2 for Windows.

Cause

If your running any DB2 commands that need SYSADM, SYSCTRL, SYSMAINT or SYMON authorities, (for example:BACKUP DATABASE command) as a domain id in a local group and DB2_GRP_LOOKUP is set to LOCAL, you may end up seeing the following error in your db2diag.log:

2011-01-24-13.15.31.727000-300 E125202182F551 LEVEL: Error (OS)
PID : 5756 TID : 6996 PROC : db2syscs.exe
INSTANCE: DB2 NODE : 000 DB : SAMPLE
APPHDL : 0-16 APPID: *LOCAL.DB2.110124181531
AUTHID : DB2INST1
EDUID : 6996 EDUNAME: db2agent (SAMPLE) 0
FUNCTION: DB2 UDB, oper system services, sqloAuthzGetInformationFromSid, probe:10 MESSAGE : ZRC=0x83000005=-2097151995
CALLED : OS, -, AuthzInitializeContextFromSid
OSERR : 5 "Access is denied."

This indicates that the DB2 service account does not have the privilege to query the Domain Controller.

Diagnosing The Problem

In order to verify what user is running the DB2 service please perform the following steps:

1.) Look in the Services area selecting; Start->Control Panel->Administration Tools->Services.

2.) Or if you know what the DB2 service name is using , use the Windows command sc qc

<db2_service_name> > scqc.txt

Example:

sc qc DB2-0 > scqc.txt

C:\>sc qc db2inst1

[SC] GetServiceConfig SUCCESS
SERVICE_NAME: db2inst1
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : DB2 - DB2INST1
DEPENDENCIES : LanmanServer
: +NetBIOSGroup
SERVICE_START_NAME : .\user1

Resolving The Problem

To resolve this issue you need to have the DB2 services started as Domain account, not a local account. In order to change the DB2 services to a Domain account do the following:

1.) Go to Start->Control Panel->Administration Tools->Services.

2.) Find the DB2-0 process right click on it and pick "Properties".

3.) Pick the "Log On" tab.

4.) Then choose "This account" radial button, then "Browse".

5.) A window will pop up called Select User click the Advanced button, then click "Find Now".

6.) A list of all users on the machine will be shown, choose the domain user and select "OK".

7.) To save the change click "Apply" then "OK".

8.) Restart the service/instance.

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Programming Interface - CLP","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.7;10.1;10.5;11.1","Edition":"Enterprise Server;Express;Personal;Personal Developer\u0027s;Workgroup Server","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
07 December 2022

UID

swg21461051

Page Feedback