Environment: DB2 Version 10 on z/OS 1.13 with DB2 Connect gateway on Windows server
On a daily basis we get several DSNL030I messages with REASON=00F30085. These are also accompanied by RACF message ICH408I which tells us that the connect to DB2 is using an invalid password. For example:
ICH408I USER(??????? ) GROUP(????????)
NAME(?????????? ) 986
LOGON/JOB INITIATION - INVALID PASSWORD
IRR013I VERIFICATION FAILED. INVALID PASSWORD GIVEN.
DSNL030I -DB1P DSNLTSEC.30 DDF PROCESSING FAILURE 988
Because there is a DB2 Connect gateway server inbetween the DBMS instance on z/OS and the originating client request, the ip address in the DSNLI030I message simply tells me that it is coming from one of our many DB2 connect servers.
Now, as long as it is an individual user account, its easy to track down the owner.
But, in the case where it is a application work account... and security forces us to change the password on these accounts on a periodic basis... and the application developer forgot where the userid/password was stored (or the developer is no longer with our organization) it becomes problematic in tracking down where this request is originating from.
I've search this forum and there have been similar queries over the years. But, there does not seem to be a good way to identify where the request was originated from. In our environment that could be anything from WebSphere, to .Net, to BusinessObjects, to RAD to RapidSQL, and the list goes on.
Does anybody have a good solution to determine where the originating request is coming from when routed thru a DB2 Connect gateway server?