SKLM DB2 Password Change, Reset using the GUI

Resolving The Problem

This document discusses changing the DB2 account password settings used on Windows,but the JDBC-Datasource steps are applicable to any environment.

NOTE:
This document provides a Graphical User Interface to changing the DB2 password as a alternative method to using the documented commands:
eg print AdminConfig.modify('JAASAuthData_list_entry', '[[password newpassword]]'
which is found in the SKLM administration guides typically under "Database connection fails" Sections..

Either operation will accomplish this goal . This document is an alternate method for admins who prefer the graphical way.


The document is divided into Sections

1) Verifying if DB2 is running.

2) Changing the password for the DB2 account under the following areas.
a) Changing the Windows Local User Account information.

b) Windows Service Instance Account used to start the DB2 Service.

c) Using the GUI to change the WebSphere JAAS – J2C authentication data password for the SKLM DataSource and SKLM scheduler XA DataSource (Platform Independent)

_________________________________________________________________________________________________________________________

1) Verifying the DB2 Server is running.
There are multiple ways to check if DB2 is running.


Method 1 (Windows Services Control Panel)
1) Viewing the service status in the Windows Service Control panel and using this to start the Server.



If DB2 is not running, you can right-click and issue a Start and note if the service loads or fails with an error.







Method 2 Command Line db2start / sklmInstance command
1. Open a Windows Command Prompt as Administrator.
2. Type set DB2INSTANCE=slkminstance where sklminstance is a value such as sklmdb27.
3. Type db2start
The database returns an informational message such as:
SQL1026N The database manager is already active.







Method 3 Using netstat -an | findstr "500" to view if the expected port is listening
1) Open a command prompt as administrator.
2) Enter Netstat -anb findstr "500"
3) Review the output as sampled below to determine if an application is listening on the configured port.

Defaults for versions are below, but can vary.
50010 = db2 for SKLM 2.5
50020 = db2 for SKLM 2.6
50030 = db2 for SKLM 2.7
50040 = db2 for SKLM 3.0

NOTE: If none of the above are returned, then DB2 may not be running.



____________________________________________________________________________________________________

2) Changing the password for the DB2 account under the following areas.

a) Changing the Windows Local User Account information.
Change the password for the IBM Security Key Lifecycle Manager instance owner.
1. On Windows systems, access the Local Users and Group Management Control Panel by using one the alternate methods, or consult Microsoft Administration documentation for OS specific instructions.
a) Start – Run type “lusrmgr.msc” and press Enter

Or via the Control Panel,

b) Start > Control Panel > Administrative Tools > Computer Management > System Tools > Local Users and Groups > Users.

2. Locate the user account for the DB2admin (eg sklmdb27) and right-click.
3. Use the Set Password option to change the IBM Security Key Lifecycle Manager instance owner password to the new desired value and click OK.







b) Changing Windows Services Log On information.
1. Navigate to the Windows Services Control Panel.
Start > Control Panel > Administrative Tools > Computer Management.- Services And Applications – Services.

2. Stop the following services DBSKLMV** where ** represents the version running.

Eg DB2 – DBSKLMV27 - SKLMDB2

DB2 – DBSKLMV** - SKLMDB**
DB2 Governor (DBSKLMV**)
DB2 Remote Command Server (DBSKLMV**)

3. Change the Service Log On Information for DB2 – DBSKLMV** - SKLMDB2 service by editing DB2 – DBSKLMV** - SKLMDB2 entry.

4. Select the ‘Log On’ tab and update the password fields with the new value.




5. Restart the instances that you stopped.
6. Additionally, stop and restart these services, which run as a local system account. NOTE: You must NOT change their password.

DB2 License Server (DBSKLMV**)
DB2 Management Service (DBSKLMV**)

c) Using the GUI to change the WebSphere JAAS – J2C authentication data password for the SKLM DataSource and SKLM scheduler XA DataSource

The below operations are used to update Websphere’s JAAS authentication values which allow Websphere applications to login to the required SKLM DataSource and SKLM scheduler XNOTEA DataSource and is applicable to any OS type. (Platform Independent)

Using the ISC (Integrated Solutions Console GUI)
1. Open a browser session and login to the Websphere Integrated Solutions Console with your WASadmin name and password. https:/YourServerOrIP:9083/ibm/console/logon.jsp

NOTE: Typically Port 9083, but you can review the Administrative console secure port: value found in the file AboutThisProfile.txt under ....\IBM\WebSphere\AppServer\profiles\KLMProfile\logs to confirm the port for your server. \
eg Administrative console secure port: 9083

1. Select from the left column – Resources – JDBC – Data Sources.
2. Select the SKLM DataSource by clicking its blue hyper-link.

NOTE: This page may display other DataSources listed. (See the below sample)
Though not required, you may elect to change all listed sources that use the sklm_db alias.





3.Under Related Items select JAAS - J2C authentication data.




4. Click on the blue sklm_db alias name.




5. Enter the new db2 admin password in the Password value
6. Click Apply
7. Click OK






8. Click Apply
9. Click Save direct to the master configuration.

11. Use the Test Connection button to validate the change was successful.

The test connection operation for data source SKLM DataSource on server server1 at node SKLMNode was successful.

NOTE: When testing connections, only the above required sources must connect to ensure full functionality of the application. " Unrequired datasource' errors can be ignored.

12. When all tests pass, to avoid browser caching issues, logout and exit all browsers before attempting to validate SKLM in the administration interface.
If the issue persists, stop and start the Websphere Application Server using either the Windows Services Control Panel or using stopsServer.bat / startServer.bat commands