• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

TSM 8.1.8 client: GSKit::CreateEnvHandle(): Could not create in mem key db, rc = -1

#1
Hello guys,

I am new to this forum and TSM, and seek your help here.

My env includes: TSM server (8.1.8, windows) , one TSM client (8.1.8, AIX)

Now the dsmc command on AIX client running well and can perform commands like "dsmc query session" or "dsmc query mgmtclass". And I have some java code which running in Websphere application server. This code didn't work well. After enable the trace in the client option file, I found this from the client trace file:

session.cpp (1808): sessOpen(): calling the communication specific open routine
commtcp.cpp (1695): TcpOpen: Internet socket defined.
pscomtcp.cpp (1619): psTcpGetsockopt(): Get options on socket 204 (IPv4) -> rc=0, errno=0
pscomtcp.cpp (1619): psTcpGetsockopt(): Get options on socket 204 (IPv4) -> rc=0, errno=0
pscomtcp.cpp (1619): psTcpGetsockopt(): Get options on socket 204 (IPv4) -> rc=0, errno=0
pscomtcp.cpp (1619): psTcpGetsockopt(): Get options on socket 204 (IPv4) -> rc=0, errno=0
commtcp.cpp (3977): SetSocketOptions(): tcp_sendbuffsize(64512), tcp_recvbuffsize(64512)
commtcp.cpp (1727): TcpOpen: Trying to connect to server at:
commtcp.cpp (1728): Domain Name: 192.168.1.100
commtcp.cpp (1730): Port #: 1500
commtcp.cpp (1756): TcpOpen: using blocking sockets
pscomtcp.cpp (1250): psTcpConnect(): Attempt socket 204 (IPv4) connection -> rc=0, errno=0
commtcp.cpp (1907): TcpOpen(): Looks like an SSL session. Initializing SSL socket...
gskit.cpp (2653): GSKit::GSKit(): Entering with server address = 192.168.1.100.
gskit.cpp (2664): GSKit::GSKit(): Using passed in options pointer.
gskit.cpp (2735): GSKit::GSKit() This is a client to server outbound connnection.
gskit.cpp (1655): GSKit::CreateEnvHandle(): Using passed in options pointer.
gskit.cpp (1727): GSKit::CreateEnvHandle(): FIPS mode is OFF
gskit.cpp (1760): GSKit::CreateEnvHandle(): GSKit version: 8.0.55.4
gskit.cpp (2324): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_enum GSK_CLIENT_SESSION rc: 0 GSK_OK
gskit.cpp (2349): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_enum GSK_SERVER_AUTH_FULL rc: 0 GSK_OK
gskit.cpp (2361): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_enum GSK_SSL_EXTN_EXTENDEDMASTERSECRET_CLIENT_ENABLE true rc: 0 GSK_OK
gskit.cpp (2373): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_buffer GSK_TLSV12_TLSV11_TLSV10_CIPHER_SPECS rc: 0 GSK_OK
gskit.cpp (2401): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_buffer GSK_SSL_EXTN_SIGALG rc: 0 GSK_OK
gskit.cpp (2412): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_buffer GSK_SSL_EXTN_SIGALG_ALLOWED rc: 0 GSK_OK
gskit.cpp (2422): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_enum GSK_SSLV2HELLO_ENABLE rc: 0 GSK_OK
gskit.cpp (2124): GSKit::setGSKTopSecureProtocol(): gsk_attribute_set_enum, GSK_PROTOCOL_TLSV12 on, rc: 0 GSK_OK
gskit.cpp (2135): GSKit::setGSKTopSecureProtocol(): gsk_attribute_set_enum, GSK_PROTOCOL_TLSV11 off, rc: 0 GSK_OK
gskit.cpp (2144): GSKit::setGSKTopSecureProtocol(): gsk_attribute_set_enum, GSK_PROTOCOL_TLSV10 off, rc: 0 GSK_OK
gskit.cpp (2153): GSKit::setGSKTopSecureProtocol(): gsk_attribute_set_enum, GSK_PROTOCOL_SSLV3 off, rc: 0 GSK_OK
gskit.cpp (2162): GSKit::setGSKTopSecureProtocol(): gsk_attribute_set_enum, GSK_PROTOCOL_SSLV2 off, rc: 0 GSK_OK
gskit.cpp (2459): GSKit::setGSKEnvOutboundAttributes(): gsk_attribute_set_enum, GSK_PROTOCOL_TLSV11 on, rc: 0 GSK_OK
gskit.cpp (1781): GSKit::CreateEnvHandle(): setGSKEnvOutboundAttributes rc: 0.
psutil.cpp ( 477): psGetGlobalKeyDBDir: Entered.
psutil.cpp ( 683): psGetGlobalKeyDBDir: Exiting with dirBuf =
gskit.cpp (3388): GSKit::getKeyDbNames(): Key database not found in any of the global search paths
psutil.cpp ( 477): psGetGlobalKeyDBDir: Entered.
psutil.cpp ( 559): BA install directory exists, using it to get the path.
psutil.cpp ( 683): psGetGlobalKeyDBDir: Exiting with dirBuf = /usr/tivoli/tsm/client/ba/bin64/
gskit.cpp (3412): GSKit::getKeyDbNames(): Global key database name is '/usr/tivoli/tsm/client/ba/bin64/dsmcert.kdb'
gskit.cpp (3432): GSKit::getKeyDbNames(): Global key db '/usr/tivoli/tsm/client/ba/bin64/dsmcert.kdb' not exist
psutil.cpp ( 730): psGetLocalKeyDBDir: Entered.
psutil.cpp ( 768): psGetLocalKeyDBDir: Exiting with dirBuf = '/IBM/SpectrumProtect/certs/'
gskit.cpp (3470): GSKit::getKeyDbNames(): Local key database name is '/IBM/SpectrumProtect/certs/dsmcert.kdb'
GSKitPasswordFile.cpp(2023): getClientKeyDbFilePath(): Exiting with clientKeyDbFilePath = '/etc/security/adsm/spclicert.kdb'
gskit.cpp (1894): GSKit::CreateEnvHandle(): Could not create in mem key db, rc = -1
session.cpp (5493): sessClose: Transitioning: sInit state ===> sInit state
session.cpp (2501): sessClose: Session closed.
sesscntl.cpp (6397): OpenSess: sessOpen failed rc=-1

is there anyone who seen this before?

really appreciate your help.
 

moon-buddy

ADSM.ORG Moderator
#2
Question:

Is the AIX node a new install, or the BA updated to 8.1.8?

If this is a new install or had been updated, update the node on the TSM server (Windows based TSM srever here) as "update node XXXXX sessionsec=transitional" and run dsmc on the TSM node.

Assuming all of the node configurations are correct, this should reset the Security parameters and allow SSL communications between the TSM server and the AIX node.
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 17 19.5%
  • Keep using TSM for Spectrum Protect.

    Votes: 53 60.9%
  • Let's be formal and just say Spectrum Protect

    Votes: 10 11.5%
  • Other (please comement)

    Votes: 7 8.0%

Forum statistics

Threads
31,467
Messages
134,114
Members
21,565
Latest member
Chrescht
Top