The authentication type DATA_ENCRYPT_CMP is designed to allow clients 8from a previous release that do not support data encryption to connect to 8a server using SERVER_ENCRYPT authentication instead of DATA_ENCRYPT. 8This authentication does not work when the following three statements are 8true:
8In this case, the client cannot connect to the server. To allow the connection, 8you must either upgrade your client to Version 8, or have your gateway level 8at Version 8 FixPak 6 or earlier.
8 8 8Direct I/O (DIO) improves memory performance because it bypasses caching 8at the file system level. This process reduces CPU overhead and makes more 8memory available to the database instance.
8Concurrent I/O (CIO) includes the advantages of DIO and also relieves the 8serialization of write accesses.
8DB2 Universal Database (UDB) supports DIO and CIO on AIX; 8and DIO on HP-UX, Solaris Operating Environment, Linux, and Windows.
8The keywords NO FILE SYSTEM CACHING and FILE SYSTEM CACHING are part of 8the CREATE and ALTER TABLESPACE SQL statements to allow you to specify whether 8DIO or CIO is to be used with each table space. When NO FILE SYSTEM CACHING 8is in effect, DB2 UDB attempts to use CIO wherever possible. In cases, where CIO is 8not supported (for example, if JFS is used), DIO is used instead.
8For more information, refer to the article "Improve database performance 8on file system containers in IBM DB2 UDB Stinger using Concurrent I/O on AIX" located 8at the following URL:
8http://www.ibm.com/developerworks/db2/library/techarticle/dm-0408lee/
8 8 8The following information is part of the Administration 8Guide: Implementation Appendix B "Using automatic client rerouting":
8The DB2 Universal Database for Linux, UNIX, and Windows automatic 8client reroute feature allows client applications to recover from a loss of 8communication with the server by automatically reestablishing the database 8connection from the client to the server, so that the application can continue 8to work with minimal interruption.
8When a client to server connection fails, the client's requests for reconnection 8are distributed to a defined set of systems by a distributor or dispatcher, 8such as WebSphere EdgeServer
8You may be using Distributor Technology in an environment similar to the 8following:
8Client --> Distributor Technology --> (DB2 Connect Server 81 or DB2 Connect Server 2) --> DB2 z/OS
8where:
8The client is catalogued using DThostname in order to utilize the distributor 8technology to access either of the DB2 Connect Servers. The intervening distributor 8technology makes the decision to use GWYhostname1 or GWYhostname2. Once the 8decision is made, the client has a direct socket connection to one of these 8two DB2 Connect gateways. Once the socket connectivity is established to 8the chosen DB2 Connect server, you have a typical client to DB2 Connect server 8to DB2 z/OS connectivity.
8For example, assume the distributor chooses GWYhostname2. This produces 8the following environment:
8Client --> DB2 Connect Server 2 --> DB2 z/OS
8The distributor does not retry any of the connections if there is any communication 8failure. If you want to enable the Automatic Client Reroute feature for a 8database in such an environment, the alternate server for the associated database 8or databases in the DB2 Connect Server (DB2 Connect Server 81 or DB2 Connect Server 2) should be set up to be the distributor (DThostname). 8Then, if DB2 Connect Server 1 locks up for any reason, Automatic 8Client Reroute is triggered and client connection is retried with the distributor 8as both primary and alternate server. This option allows you to combine and 8maintain the distributor capabilities with the DB2 Automatic Client Reroute feature. Setting 8the alternate server to a host other than the distributor host name will still 8provide the clients with the Automatic Client Reroute feature. However, the 8clients will establish direct connections to the defined alternate server 8and bypass the distributor technology, which eliminates the distributor and 8the value that it brings.
8Automatic Client Reroute will intercept the following sqlcodes:
8Consider the following two items involving alternate server connectivity 7with DB2 Connect server:
7Applications running under the context of the local system account (LSA) 7are supported on all Windows platforms, except Windows ME.
7 7 7The CONNECT statement and ATTACH command support two-part user IDs. The 7qualifier of the SAM-compatible user ID is the NetBIOS style name which has 7a maximum length of 15 characters. This feature is not supported on Windows ME.
7 7 7The prerequisites for Linux Kerberos support are inaccurately reported in 7the documentation. The provided DB2 Kerberos security plug-in is supported 7with Red Hat Enterprise Linux Advanced Server 3 with the IBM Network Authentication 7Service (NAS) 1.4 client.
For connections to zSeries and iSeries, the database must be cataloged with 7the AUTHENTICATION KERBEROS parameter and the TARGET PRINCIPAL parameter name 7must be explicitly specified.
7Neither zSeries nor iSeries support mutual authentication.
Furthermore, in all cases, the DB2 administration log or db2diag.log will 7indicate "Logon failed" or "Logon denied."
The Local Security Authority cannot be contactedThe error is a result 7of Windows locating the local user first. The solution is to fully qualify 7the user in the connection string. For example: 7
name@DOMAIN.IBM.COM
To determine if Windows accounts 7are configured to use DES encryption, look under Account properties in the Active Directory. A restart might be required if the account properties are changed.
host/<server hostname>@<server domain name>For example: 7
host/myhost.domain.ibm.com@DOMAIN.IBM.COMOtherwise, 7you must start the DB2 service under a valid domain account.