我已经在我的Windows机器(Windows Server 2016,64位操作系统(中创建了一个DB2(用于Z/OS的DB2(DSN,我正试图通过在连接字符串中提供SSL证书作为SSLServerCertificate=pathname.arm和Security=SSL参数来使用SSL机制连接到它。
我得到以下错误:
SQL1109N由于数据库管理器未能加载gsk8ssl_64.dll SQLSTATE = 42724,因此未处理该命令。
db2diag.log:
2020-07-10-16.59.47.758000+000 I1F1065 LEVEL: Event
PID : 6636 TID : 7736 PROC : db2cli.exe
INSTANCE: NODE : 000
HOSTNAME: t-b252c140c5170
EDUID : 7736
FUNCTION: DB2 UDB, RAS/PD component, pdLogInternal, probe:120
START : New Diagnostic Log file
DATA #1 : Build Level, 240 bytes
Instance "" uses "64" bits and DB2 code release "SQL11054"
with level identifier "0605010F".
Informational tokens are "DB2 v11.5.4000.1449", "s2006161200", "DYN2006161200WIN64", Fix Pack "0".
DATA #2 : System Info, 1760 bytes
System: WIN32_NT t-b252c140c5170 10.0 AMD64 Family 6, model 79, stepping 1
CPU: total:4 online:4 Cores per socket:4 Threading degree per core:1 SIMD:Y CPU Features:SSE2,SSE3,SSSE3,SSE4,AVX2
CPU binding: not in use
Physical Memory(MB): total:14336 free:10165 available:10165
Virtual Memory(MB): total:16512 free:12341
Swap Memory(MB): total:2176 free:2176
Information in this record is only valid at the time when this file was
created (see this record's time stamp)
2020-07-10-16.59.48.289000+000 I1069F625 LEVEL: Error
PID : 6636 TID : 7736 PROC : db2cli.exe
INSTANCE: NODE : 000
HOSTNAME: t-b252c140c5170
EDUID : 7736
FUNCTION: DB2 UDB, common communication, sqlccCreateDefaultKeyDB, probe:275
MESSAGE : ZRC=0x00000002=2
SQL0002N The bind file name is not valid.
DIA8002C A deadlock has occurred, rolling back transaction.
DATA #1 : <preformatted>
GSKKM_StoreCACert: GSKit Error = 2,
KeyDB = ,
EncPassLen = 32, PwdLen = 1024, DefaultKeyDBUsed = 1,
ServerCert = C:PPATrustStoredb2cert.arm.
2020-07-10-16.59.48.289000+000 I1696F434 LEVEL: Error
PID : 6636 TID : 7736 PROC : db2cli.exe
INSTANCE: NODE : 000
HOSTNAME: t-b252c140c5170
EDUID : 7736
FUNCTION: DB2 UDB, common communication, sqlccMapSSLErrorToDB2Error, probe:275
MESSAGE : DIA3604E The SSL function "GSKKM_StoreCACert" failed with the return
code "2" in "sqlccCreateDefaultKeyDB".
2020-07-10-16.59.48.289000+000 I2132F553 LEVEL: Error
PID : 6636 TID : 7736 PROC : db2cli.exe
INSTANCE: NODE : 000
HOSTNAME: t-b252c140c5170
EDUID : 7736
FUNCTION: DB2 UDB, common communication, sqlccLoadSSLLibrary, probe:310
RETCODE : ZRC=0x0000005B=91
SQL0091W Precompilation or binding was ended with "" errors and ""
warnings.
DIA8102C Conversion table not loaded. Source code page "", Target
code page "", method "", handle "".
2020-07-10-16.59.48.289000+000 I2687F553 LEVEL: Error
PID : 6636 TID : 7736 PROC : db2cli.exe
INSTANCE: NODE : 000
HOSTNAME: t-b252c140c5170
EDUID : 7736
FUNCTION: DB2 UDB, common communication, sqlccLoadSSLLibrary, probe:310
RETCODE : ZRC=0x0000005B=91
SQL0091W Precompilation or binding was ended with "" errors and ""
warnings.
DIA8102C Conversion table not loaded. Source code page "", Target
code page "", method "", handle "".
2020-07-10-16.59.48.289000+000 I3242F355 LEVEL: Error
PID : 6636 TID : 7736 PROC : db2cli.exe
INSTANCE: NODE : 000
HOSTNAME: t-b252c140c5170
EDUID : 7736
FUNCTION: DB2 UDB, common communication, sqlccLoadSSLLibrary, probe:998
MESSAGE : DIA3603E SSL was not setup. Return code = "91".
2020-07-10-16.59.48.305000+000 I3599F527 LEVEL: Severe
PID : 6636 TID : 7736 PROC : db2cli.exe
INSTANCE: NODE : 000
HOSTNAME: t-b252c140c5170
EDUID : 7736
FUNCTION: DB2 UDB, DRDA Communication Manager, sqljcCommConnect, probe:10
MESSAGE : ZRC=0x8636000A=-2043281398=SQLZ_RC_FNEX, SQLT_SQLJC
"File Does Not Exist"
DIA8411C A file "" could not be found.
DATA #1 : String, 11 bytes
CCI Error:
DATA #2 : unsigned integer, 8 bytes
91
默认情况下,库存Windows服务器标准2016映像将不包括Microsoft Visual C++ redistributable程序包。
odbcad32.exe用于测试Connect的IBM clidriver部分依赖于这些可再发行包,如果没有安装这些包,则来自odbcad32的错误消息(未能加载模块gsk8ssl_64.dll或类似内容(可能不会显示错误的真正原因。
目前,似乎存在对Microsoft Visual C++2012 DLL的依赖关系。
尽管相关DLL(msvc*.dll(默认存在于clidriver树中(具体取决于clidrive版本(,但Windows不会在这些目录中进行搜索(例如,64位版本的clidriver v11.5.4.0在clidrivermsgen_USamd64.VC12.CRT下。其他版本可能有不同的路径或不同的内容(,但仍会发生这种情况。MS Windows可能需要这些DLL出现在其自己的system32和Syswow64目录中。
看来clidriver可以有更好的依赖性检查和更好的错误消息。
您可以从microsoft.com下载相关软件包(例如vcredist_x64.exe和vcredist.x64.exe(,或者确保clidrivermsgen_USamd64.VC12.CRT中的DLL(取决于clidriver版本(位于系统PATH上。
其中一个要求是Db2 must be installed on a drive with short names enabled or a directory with no spaces such as E:DB2SQLLIB,此处对此进行了说明。
除此之外,您可能还有其他依赖项,特别是因为您的目标是将clidriver用于certificate authentication到Db2-for-Z/OS。
使用IBM提供的驱动程序,从CLI访问Db2-for-Z/OS是不免费的,因此可能需要客户端上的相关许可证,除非您的数据库是由db2connectactivate配置的。
如果单个连接需要多个证书文件,则需要安装GSK8,然后创建并填充密钥库和存储库。GSK8可从IBM fix central获得,供具有正确权限的用户使用。
GSK8对于单个证书用例来说是不必要的,例如在SSLServerCertificate中使用TLS时。
当您连接到Db2-for-Z/OS时,该公司将有一份IBM支持合同,使您能够获得相关软件和准确的配置详细信息,而文档可能还没有足够详细地涵盖这些信息。