how to connect a bluemix app to on-premise db/as400?

Question

trying to connect a bluemix app (java liberty profile) to our on-premise db/as400 using a secure gateway. Denying or allowing all connection, doesn't change the error message. It seems that the request from the app doesn't reach the secure gateway client (and I don't see messages on sgw client that mentions the connection refused).

How can i resolve that? This the code:

    DB_SERVERNAME=jdbc:as400://xxx-xx-xxx-x.integration.ibmcloud.com:15XXX/dbname

    try {
                Driver driver = new com.ibm.as400.access.AS400JDBCDriver();
                DriverManager.registerDriver(driver);
                System.out.println("Driver Loaded Successfully ...");
                dbConn = DriverManager.getConnection(DB_SERVERNAME, DB_USERNAME, DB_PASSWORD);
                System.out.println("Connected...");
            }   catch (SQLException e) {                
                e.printStackTrace();

            }

And the error msg is :

Driver Loaded Successfully ...
ERR App [err] java.sql.SQLException: The application requester cannot establish the connection. (Connection refused)
ERR App [err]   at com.ibm.as400.access.JDError.throwSQLException(JDError.java:565)
ERR App [err]   at com.ibm.as400.access.AS400JDBCConnection.setProperties(AS400JDBCConnection.java:3308)
ERR App [err]   at com.ibm.as400.access.AS400JDBCDriver.prepareConnection(AS400JDBCDriver.java:1393)
ERR App [err]   at com.ibm.as400.access.AS400JDBCDriver.initializeConnection(AS400JDBCDriver.java:1230)
ERR App [err]   at com.ibm.as400.access.AS400JDBCDriver.connect(AS400JDBCDriver.java:371)
ERR App [err]   at java.sql.DriverManager.getConnection(Unknown Source)
ERR App [err]   at java.sql.DriverManager.getConnection(Unknown Source)
ERR App [err]   at wasdev.sample.servlet.DBServlet.getDBConnection(DBServlet.java:106)
ERR App [err]   at wasdev.sample.servlet.DBServlet.doGet(DBServlet.java:64)
ERR App [err]   at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
ERR App [err]   at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
ERR App [err]   at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1290)
ERR App [err]   at [internal classes]
ERR App [err]   at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
ERR App [err]   at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
ERR App [err]   at java.lang.Thread.run(Unknown Source)
ERR App [err] Caused by:
ERR App [err] java.net.ConnectException: Connection refused
ERR App [err]   at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
ERR App [err]   at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
ERR App [err]   at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
ERR App [err]   at java.net.SocksSocketImpl.connect(Unknown Source)
ERR App [err]   at java.net.Socket.connect(Unknown Source)
ERR App [err]   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
ERR App [err]   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
ERR App [err]   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
ERR App [err]   at java.lang.reflect.Method.invoke(Unknown Source)
App [err]   at com.ibm.as400.access.PortMapper.getSocketConnection(PortMapper.java:273)
ERR App [err]   at com.ibm.as400.access.PortMapper.getServerSocket(PortMapper.java:161)
ERR App [err]   at com.ibm.as400.access.AS400ImplRemote.signonConnect(AS400ImplRemote.java:2334)
ERR App [err]   at com.ibm.as400.access.AS400ImplRemote.signon(AS400ImplRemote.java:2250)
ERR App [err]   at com.ibm.as400.access.AS400.sendSignonRequest(AS400.java:3035)
ERR App [err]   at com.ibm.as400.access.AS400.signon(AS400.java:3910)
ERR App [err]   at com.ibm.as400.access.AS400.connectService(AS400.java:1168)
ERR App [err]   at com.ibm.as400.access.AS400JDBCConnection.setProperties(AS400JDBCConnection.java:3300)
ERR App [err]   ... 32 more

`connection refused`. can be anything from there being nothing on that ip:port listening, or a firewall actively rejecting connections. — Marc B, Jun 06 '16 at 14:34
i have a normal db2 and i can access to it using my secure gateway client. The problem it's only with db/as400. if there was a ban on the firewall, it will be for all requests. In addition, i have a program that i run locally (from another machine in the some network) to extract some data from DB/AS400, it works fine, i don't specify a port number in the url. But in bluemix, i have to specify the port number in the destination info. — Abderrazak L, Jun 06 '16 at 15:02
Looks like the destination host or port is configured incorrectly. You may want to review [this](https://developer.ibm.com/bluemix/2015/04/01/reaching-enterprise-backend-bluemix-secure-gateway/). — mustaccio, Jun 06 '16 at 20:14
It looks like you are trying to use the JTOpen driver. The JTOpen driver does not allow to specify which port to connect to (i.e the URL jdbc:as400://xxx-xx-xxx-x.integration.ibmcloud.com:15XXX where 15XXX is the port number is not value). The page, http://www-03.ibm.com/systems/power/software/i/toolbox/faq/ports.html, lists the ports that the JDBC driver connects to. You will need to expose those ports through your secure gateway and map the ports to the same port number on the IBM i system. — jweberhard, Jun 07 '16 at 02:00
If you need to use port 15xxx, you will need to ensure that your server's services table is updated to return 15xxx through the port mapper. The JTOpen driver should use the port mapper's returned value. Of course, any other client that wants to connect to DB2 on the server will also need to be adapted to match. This assumes that somehow your server is actually running DB2 on 15xxx and the services table isn't already updated. — user2338816, Jun 08 '16 at 03:54

Galen Keene · Answer 1 · 2016-06-08T19:07:00.783

0

Updating based on further discussion in comments.

Getting empty reply from server on your cURL command to the cloud host:port should be generating logs on your SG Client. It should be the equivalent of a successful connection due to how a database would respond to this sort of connection.

This seems to narrow down the issue to how the request is being created in your Bluemix app. Another comment on the initial question suggests that your driver only accepts select ports as input, so the issue might originate there.

edited Jun 08 '16 at 19:07

answered Jun 06 '16 at 19:44

Galen Keene

303
1
10

The protocol is tcp/ip and it match. And there is not an authentication on the destination. – Abderrazak L Jun 06 '16 at 20:51
Do you get any response from the cloud host:port if you try to connect to it with something else (like curl)? – Galen Keene Jun 06 '16 at 20:57
i tryed this curl command : curl -u xxx:xxx xxx-xx-xxx-x.integration.ibmcloud.com:15xxx/dbname and i have this response : Empty reply from server. – Abderrazak L Jun 06 '16 at 21:38
Generally, getting `empty reply from server` would mean that the client isn't connected so the server hasn't set up a listener for you to connect to. If you can tell me which node you're on (the number right before .integration) , I can take a look at server logs tomorrow and see if I can get any more details on what is happening. – Galen Keene Jun 06 '16 at 21:51
Voila : cap-sg-prd-5. – Abderrazak L Jun 07 '16 at 14:05
@AbderrazakL If you're connecting to DB2 on AS/400 or later system, **there is authentication**. The authentication is seen in your posted log messages. But that's not your problem for this issue. – user2338816 Jun 08 '16 at 03:45
I was mistaken on the meaning of `empty reply from server`. It should mean that the connection was successful, but the endpoint didn't have a method to respond to that particular interaction, which would be fairly typical when trying to curl a database. I've updated my answer to reflect this. You could attempt to telnet to the cloud host:port as well and should see logs in the client. – Galen Keene Jun 08 '16 at 19:08

score 0 · Answer 2 · answered Jun 09 '16 at 10:15

Reading your logs, the error message

Connection refused

is meaning that the Driver is working fine, but there is a connection issue and in your case, using the Secure Gateway, you should investigate both the AS400 server and the Secure gateway instance

#1 is the TCP port 15XXX (the one tried to connect to by the driver following the JDBC url) mapped correctly on the Secure Gateway instance
#2a if the #1 is true, is the AS400 server listening on the same TCP port for incoming connections?
#2b if #2a is false, is the AS400 server listening on a different TCP port?
#3 according to the TCP port listened on by the AS400 server (#2a or #2b) is this port mapped correctly on the Secure Gateway instance, allowing the requests sent to the TCP 15XXX through the Secure Gateway routed correctly to the right port on the AS400 server?
#4 if #3 is true, has the AS400 server an internal firewall preventing incoming connections?

score 0 · Answer 3 · answered Aug 02 '16 at 20:45

The JT400 JDBC driver communicates with the IBM i system using the IBM i Host Servers, which each run on different ports. You will need to forward all of these ports through your secure gateway in order for it to work. See this doc for more info (you'll need as-database, as-central, and as-signon at a minimum).

If you need to change the ports used by the app to connect, you can do so by creating an AS400 object and using setServicePort to change the default ports. Then pass the AS400 object to connect instead of using the system, user name, and password.

how to connect a bluemix app to on-premise db/as400?

3 Answers3

Linked