Updated 6/21/2012 to provide complete syntax for db2iupdt.
So sometimes in Commerce 7 instance creation, we get this error:
SQL30082N Security processing failed with reason “42” (“ROOT CAPABILITY REQUIRED”). SQLSTATE=08001
It doesn’t happen every time, but significantly often. On our most recent build it occured on 1 out of 3 instances created.
The solution is not to run Commerce instance creation as root (please, don’t!). Instead, a db2iupdt is what you need. This does require a DB2 instance outage so be careful if you have other databases on the same DB2 instance.
After instance creation has failed:
- Stop the DB2 instance on the database server:
- (as DB2 instance owner) db2stop
- (as DB2 instance owner) ipclean
- IF AIX (as root) /usr/lib/slibclean
- Run db2iupdt on the database server:
- (as root) cd /opt/IBM/db2/V9.5/instance (may differ if you installed db2 on a different path)
- (as root) ./db2iupdt -k -e (syntax may vary for multiple instances on a server – see http://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.cmd.doc/doc/r0002060.html)
- Start the DB2 instance on the database server:
- (as DB2 instance owner) db2start
Then re-do Commerce Instance creation, and you won’t get the SQL30082N RC 42 error message.
db2iupdt is usually only required for fixpacks. I’ve also seen it resove various issues including persistent SQL1042C errors. It basically goes out to sqllib and refreshes both copies and links between there and the base db2 code. I’m not entirely sure as to why it is required in this case. We do the DB2 installation and instance creation manually ourselves – perhaps the Commerce instance creation is attempting to do some of that work?
Also, it’s good to try to ssh to DB server with WAS admin user to make sure it’s password is set correctly. Not to mention, the actuall ID exists on the DB server!
Says the guy who actually encountered this error the last time it happened! Yep, I should write up my list of “check first” stuff too at some point.
In 9.7, it appears that ./db2iupdt requires a -e (for every instance)
Correct – you either have to specify -e or a DB2 instance name.