Start of change

Troubleshoot the CIM server

Use this information to troubleshoot the CIM server.

Use this information if the CIM server does not start or if the CIM server starts, but does not run as expected.
Parent topic: Common Information Model
Related information
OpenSSL documentation

The CIM server does not start

Do the following steps if the CIM server does not start.
Note: Start of changeIf this is the first time the CIMOM server is being started after install of Pegasus V2.5, it takes a while for the server to start. During that time, the repository is being upgraded and the user data from the previous repository is being migrated.End of change
Ensure that the CIM server is configured correctly.
See Set the required configuration parameters to configure your CIM server.
Verify whether you need to change your Kerberos configuration or change the CIM server to use basic authentication.
If you receive the following message, there is an error with your authentication. You need to fix your authentication or use another form of authentication, such as basic authentication.
CPDDF82: (Message appears in CIM server, QYCMCIMOM, joblog)
PGS02000: The CIM server authentication handler for Kerberos
failed to initialize properly.  The CIM server is not started.
Note: Start of changeYou should not use basic authentication unless you are using HTTPS or unless you have a highly secure environment, where passing clear text passwords is not an issue. To use the cimconfig command to change your CIM configuration settings, QSHELL (Option 30) must be installed.End of change
To change the authorization to basic, type the following command at a command line.
qsh
cd / QIBM/UserData/OS400/CIM
cimconfig -shttpAuthType=Basic -p
Start of changeEnsure that the correct options are installed on your system.End of change
If you receive the CPDDF80 with reason code 07 indicating the required option 39 is not installed, install Option 39 (ICU).
You might need to install LPO 5733-SC1 (OpenSSL) if the server starts with SSL disabled and the server job log contains a message saying that OpenSSL is required. In this case the server is configured to use SSL, but OpenSSL is not installed. You can install OpenSSL or configure the server to not use SSL. The default configuration of the server is to enable SSL on both the wbem-https and wbem-exp-https ports.

In addition, if LPO 5733-SC1 had an installation error, you will also receive the message in the server job log, and the server will start with SSL disabled. You can use the CHKPRDOPT command to check the error status of the LPO in this case.

OpenSSL requires that PASE (option 33 of the Base OS) is installed. After the server starts, if PASE is not installed, and the server has SSL enabled, then OpenSSL sends a CPFB9C1 escape message to the server job log, and the server ends.

The CIM server does not behave as expected

If you are having trouble with the CIM server, see the following instructions:
Check to see if the CIM server is running by typing WRKJOB QYCMCIMOM at a command line.
If there is not an active job, start the CIM server by typing STRTCPSVR *CIMOM at a command line.
Check to see if the CIMOM repository is corrupted.
Verify whether the repository directory and configuration files exist in the QIBM/UserData/OS400/CIM directory of the integrated file system. If any of these files are missing, restore all the repository directories and files from your backup. You must use a backup of those files from the Pegasus V2.5 backup, not from a V5R3 system that did not have the Pegasus V2.5 PTFs installed.
If a backup to restore from does not exist, follow the instructions in Restore corrupted files.
Verify if you are attempting to process a request when the provider is not registered or enabled.
To verify if you are attempting to process a request when the provider is not registered or enabled, do the following steps:
  1. Type cimprovider -l -s to list the name and status of the registered provider modules.
  2. Type cimprovider -l-m module name to see the individual providers in that module.
Check the job log file.
To check the job log file, do the following steps:
  1. Type WRKACTJOB at a command line.
  2. Look in the QSYSWRK subsystem to find the QYCMCIMOM job.
  3. Select 5 (work with), then 10 (Display job log, if active, on job queue, or pending).
  4. If the QYCMCIMOM job is not running, type WRKJOB QYCMCIMOM.
  5. Select the most recent job by typing 1 (Select) next to it.
  6. If status is OUTQ, type 4 (Work with spooled files), and then type 5 (Display) next to the QPJOBLOG file.
Check whether CIM client request failures result in SSL certificate-related messages.
Make sure the remote CIM server certificate is added to the trust store file on the client system. Make sure that the client’s certificate and private key are being used by the client application and that the client certificate is trusted by the server.
End of change