View Full Version : V4R5 CA/Express connection problems w/ TCP/IP
01-01-1995, 02:00 AM
I have had to setup a totally new As/400 running V4R5. I have TCP/IP, CA/400 and the other necessary files installed on the AS/400. The TCP/IP services are all started, and all the Host servers are started. I can ping all of my workstations, etc.. on my network from the AS/400 and I can ping the AS/400 from my workstations. I have setup CA/Express and have added my AS/400 as a new connection, it completes the "Verify Connection" part with no errors. When I try to start an emulation session, the window opens, displays "Connecting" at the bottom of the window. It then displays "Connected to MTC400 port 23", then it immediately displays "Disconnected". What in the world is going on?? I have looked at all my TCP/IP settings until I'm blue in the face. Any ideas?? I am desperate for help!!! Bill Clark firstname.lastname@example.org
12-21-2000, 08:58 AM
Bill, What is the result of this: DspSysVal QAutoVrt ? Bill
12-21-2000, 09:05 AM
It was set to 0...I changed it to *NOMAX and tried it. It now gives me the sign-on screen but I get an error of "CPF1110 Not Authorized to Work Station". What do I need to check now?? Thanks.
12-21-2000, 10:01 AM
That's interesting! At this point all I can do is show you IBM's suggestions in case you didn't see them: <pre> Recovery . . . : Either contact your security officer to obtain *CHANGE authority or sign on using a different user name. Technical description . . . . . . . . : If a user name was not entered, you can do the following to determine the user name: -- Display the subsystem name (WRKSBS) that appears on the Sign on display and use the option to display the subsystem description. Then use the option to display the work station entries for that subsystem description to find the name of the job description. Display the job description (DSPJOBD command) to show the user profile name. </pre>
12-21-2000, 10:49 AM
Bill, You might check the object QPACTL01, the virtual controll for all the QPADEVxxxx. You might want to change ownership, and verify *PUBLIC has *CHANGE. I ran into something similiar a couple of years ago with a new machine that came in with 4.3. I actually started to change the authority on the virtual devices that were created. Then got smart and changed the controller to see what would happen. No problems since. HTH. Happy holidays.
12-21-2000, 03:20 PM
Just off the cuff.. Wow about 3 yrs ago I had something like this and it was due to QUSER either being disabled or having a pwd that is expired. Hope this helps
12-21-2000, 04:22 PM
Bill, Check system value QLMTSECOFR.
12-22-2000, 05:25 AM
Thanks a HUGE HUGE bunch to all those that responded. Got it to work..was a combination of the QLMTSECOFR and the QUSER password being expired. Thanks again!!!
12-22-2000, 05:26 AM
Have you added STRHOSTSBR *ALL to your start-up program (QSTRUP in QSYS).
12-22-2000, 07:41 AM
KCM2, This is an area where the AS/400 is vulnerable to hacking. Suppose I stumbled upon your IP address or was able to dial in to your system. Although I don't know your passwords, I can attempt to guess. If you have not changed the system supplied defaults for the 'Q' profiles, I can use those and gain access to the system. Disable this things when possible. The next level is when the passwords have been changed, but the QSRV and QUSER are there. I can then attempt to sign on many times, until the system disables the profiles automagically. Guess what? I've killed the dial up and internet access until someone figures out what happened, but maybe not when or how. -bret
12-22-2000, 12:50 PM
Bret, Why do you think I need a lesson in security? Plus you read WAY TOO much into the response. I never advocated to use the default pwd or any other parameter that would compromise this person's system. I was helping out and what do you know it turned out to be the answer. So if you feel the need to give someone a lesson please administer it to yourself before you try to give me or anyone else one. I figured once you read on down the thread and that would be enough, but a response like yours may discourage others from helping others in this forum which is why I had to respond.
12-22-2000, 01:11 PM
KCM2, If I offended you I apologise. I do hate being accidently offensive. Prefer it to be intentional and personal :) In your case it was not, I assure you. Why bring it up? Because it is one of the threats out there, and just like PC hackers, someone smart enough to get into your system is smart enough (most likely) to do some real damage. Delete this, rename that, etc. My intent is not to educate you. I know from your previous postings that you know more about many areas than I do. My intent is to keep some novice to intermediate from making the same mistakes I did early on. I don't understand the concept of my post discouraging others from helping. If I supplied falsehoods or insinuate that nothing should be done in a given situation, then people would take it as such after a while and ignore my postings. I strive to provide accurate and truthful scenarios to help people avoid situations that can cause mischief or cost them their job. I don't always get the answer right and welcome people to jump in and assist. Chris Ringer has put me through the wringer once or twice, however it's always (so far) congenial. I personally find your response to be quite negative and inflammatory. Ordinarily I would just ignore it, but I prefer to give the benefit of the doubt and hear your side of of the issue. If you like, you can contact me via my hotmail account at email@example.com and we can carry on the discussion there. -bret
12-23-2000, 11:24 AM
It was directed to me this is the reason I took offense. It felt like a public lesson. If it would have been phrased otherwise like, Hey watch out for these expousures... things would be different. I do wish to say this is a very good group of professionals and we all need to be respectful. Your last reply was as such. With that being said I wish you and everyone else a Merry Christmas.
02-21-2009, 02:31 AM
Am I the only one having trouble posting on this site? Thanks, Kim California Vacations (http://www.123world.com/states/california.php)
Powered by vBulletin® Version 4.1.5 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.