DDM connection authorization failure

The message text is:

Authorization failure on DDM TCP/IP connection attempt.

The cause section of the message gives a reason code and a list of meanings for the possible reason codes. Reason code 17 means that there was an unsupported security mechanism (SECMEC).

Prior to V4R5, there were two SECMECs implemented by DB2^® UDB for iSeries™ that an iSeries application requester could use: user ID only and user ID with password. In V4R5, support was added for the encrypted password security mechanism. However, the encrypted password will be sent only if a password is available at the time the connection is initiated.

The default required SECMEC for an iSeries server is user ID with password. If the source server sends only a user ID to a server with the default SECMEC, the above error message with reason code 17 is given.

Solutions for the unsupported SECMEC failure are:

1. To allow the user ID only SECMEC at the server by running the CHGDDMTCPA PWDRQD (*NO) command
2. To send at least a clear-text password on the connect request if PWDRQD (*YES) is in effect at the server
3. To send an encrypted password if PWDRQD (*ENCRYPTED) is in effect at the server

A password can be sent by using the ADDSVRAUTE command to add the remote user ID and password in a server authorization entry for the user profile under which the connection attempt is to be made.

An attempt will automatically be made to send the password encrypted in V4R5 and later systems. Note that pre-V4R5 iSeries servers cannot send encrypted passwords, nor can they decrypt encrypted passwords of the type sent by V4R5 iSeries servers.

Note that you have to have system value QRETSVRSEC (Retain Server Security Data) set to '1' to be able to store the remote password in the server authorization entry.