inet/400 General FAQ

This is a list of some of the experiences our customers have reported during product support sessions with our Business Partners or with our support staff. It is the result of the duplication of an internal support database and is designed to provide you with additional information that may assist you with problems you may experience with our products. It is by no means to be construed as an exhaustive list of all problems and solutions that have ever or may ever exist — moreover it allows you to "help yourself" with possible solutions.

Note: There is information about each of the I/NET products included in this list.

Issue

Received message WWW080E when trying to execute the STRWWW command.

Solution

Customer had security level 40 or 50 and the QALWUSRDMN system value was not set to allow user-domain objects in the WWWSERVER library.

Issue

Receiving garbage on browser from Webulator session, as well as on messages from server (401, etc). Seems to be that conversions are not being done properly from EBCDIC to ASCII.

Solution

User had problems installing OS/400 extended base support during migration from CISC to RISC. Once they got it installed correctly and ran the QTQRECOV system program to fix internal conversion tables, everything ran fine.

Issue

TCP/IP applications hang. ENDWWW and ENDTCP have no effect. Customer must vary NWS/IPCS off and on to get things to become active again. All TCP/IP stops, including Client Access.

Solution

Customer is on V4R2 and did not have 5769SA2 PTFs applied for the IPCS. This became a critical situation with IBM and, after installing many more SA2, SS1, and 999 PTFs, things seem to be running much better.

Issue

Webulator/400 keyboard plugin won't work with IE4 installed on NT Workstation.

Solution

User re-downloaded and re-installed IE4 on the PC and it works just fine. It would seem that they had added and modified aspects of IE4 that made it not recognize the keyboard plugin. By re-installing, these blocks were removed.

Issue

CGI output written to sysout is concatenated to output from previous CGI executions. When looking at the RP job, the sysout file is never closed.

Solution

Installing PTF WWW130021 corrected this problem.

Issue

Received the error "File ini.file/db2www.mbr not found" when attempting to execute a Net.Data macro via CGI.

Solution

This seems to have been an authority problem. When we set the WWWUSER profile with QTMHTTP group profile, the macro worked fine.

Issue

Received message "Error receiving data from AS/400. Error code is 9226." In the Webulator error log accompanied by an "Invalid IP Address" error presented to the user at the browser.

Solution

This can happen when accessing the Webulator session via a proxy (like America Online (AOL)).

Webulator/400 PTF #WBL110005 or #WBL200001 correct this problem. Another possibility, if the user has these PTFs installed, is that their Host Name configuration value does not match the URL typed in at the browser - thus the cookie logic in the browser ignores the cookie because it didn't come from the server requesting the page. Make sure that the Host Name value is set properly and that the browser user is typing in the correct URL - including differences as simple as using IP address instead of domain name or even the case (upper vs. lower) of the domain name.

Issue

Received message "Error receiving data from AS/400. Error code is 9230."

Solution

This can happen when the Webulator user double clicks on the virtual keyboard key, sending two requests to the AS/400 for the same session.

Webulator/400 PTF #WBL110005 and #WBL200006 correct this problem.

Issue

Received message "Internal Server Error, Unable to start another session. Error code = 34771" when attempting to start a Webulator session. Public authority changes to QPADEVS in QSYS (changing from *EXCLUDE to *USE) have no effect.

Solution

The customer also noticed the error "CPD0043 - Keyword IGCFEAT not valid for this command" in the WWWVTxxx joblog. It turned out that the Terminal Size and Type parameters for the Webulator session were set for a DBCS terminal and they have a US English AS/400. Changing this to "Small" and "Color" fixed the problem.

Issue

Parsed button seems to be behaving in error. When the display file contains "F5=Expand" and a "ParsedButton Description F5 F5=" entry is in the configuration, the "F5=" is placed in the button and "Expand" is in plain text to the right.

Solution

It turns out that the customer also had the text "Page up" and "Page down" defined as parsed buttons with "Description" and there was no descriptive text next to those entries on the display file. Webulator wound up using the "F5=" text for the "Page down" button and left the "Expand" text alone. Changing the Page up and Page down entries to "Keyword" corrected this.

Issue

Received error 266 when running the ADDWWWCERT command.

Solution

You have probably requested an X509 version 3 certificate from Verisign. Commerce Server/400 does not yet support version 3 certificates. Request a version 1 certificate and the ADDWWWCERT should work just fine.

Issue

Commerce Server/400 request processors seem to be requiring a considerable amount of CPU when processing an SSL transaction. With a number of RP's running, AS/400 CPU utilization rapidly approaches 99+% and stays there.

Solution

After looking at the RP job's call stacks, it would seem that it is performing SSL handshaking with the browser client. This is a normal function and is very CPU intensive. It was recommended that the customer could increase their session cache timeout and session cache size to help ease the handshake activity - balancing their desired CPU utility and the needed security for their transmissions. It was also recommended that a minimal amount of information should be SSL encrypted - don't send .gif images or your entire site via SSL. Special note: session cache size should be increased exponentially as session cache timeout is increased.

Issue

Webulator/400 version 2.0 request processor job seems to go to an execute state and stays in a hard loop until the job is cancelled.

Solution

This turned out to be a problem in the internal ParseSendJavaScript code that parses the screen to determine which field should have focus. Installing Webulator PTF WBL200013 or WBL110008 corrects this problem.

Issue

Customer has set up directories for their home page, an authenticated area, and for Webulator/400. The Webulator area has a signon method of *USER and is also authenticated. The user is asked for a username and password when the browser links from the home page to the authenticated areas. The problem is that they are again asked when passing from the authenticated area to the Webulator area.

Solution

The authentication realm name must be the same for both the authenticated and Webulator areas for the browser to realize that it is to use the same user and password for the new area. Also, this is completely browser dependent, so it may not work then, either.

Issue

Experiencing slow performance on server startup.

Solution

The trace user space TRCUSERSPC contained erroneous data. Once the user space was deleted, the server was started, it recreated the user space, and executed normally.

Issue

After migrating Commerce Server/400 to a new AS/400 (RISC to RISC migration), the customer receives the message WWW07D4 (Could not initialize security values) when attempting the STRWWW command with SSL enabled.

Solution

It turns out that the customer had the original Commerce Server/400 installed (with no PTFs) on their old AS/400 and installed PTF COM100007 on their new machine before starting operations. The keylist file was encrypted the old way (without PTFs) and the new AS/400 was trying to access it via the new way (with PTFs). Once they removed COM100007, everything worked fine. They need to have the PTF installed when they next request a new certificate - this will allow them to use the functionality of the PTF with the new certificate.

Issue

Serving of pages to Internet Explorer 3.0 seem to be very slow - as a matter of fact, they never fully display. The page seems to come up fine in Netscape and in IE4.

Solution

It turns out that the customer's HTML documents were badly formatted, with special character bytes (possibly end- of-form characters) embedded in the document.

Issue

Customer would accept a user-id and password in a form and use this information, with the IP address of the browser to maintain session information about the user's requests within the CGI environment. When accessing the CGI environment via AOL, the CGI programs continually requested re-verification of the user's id and password.

Solution

The customer's CGI would store the user information in a database keyed by IP address. When the second request came in, the multi-proxy setup at AOL caused the IP address to be different than that for the first request and the key lookup failed. Recommended that the customer could use true user authentication or cookies to pass data between the server and the browser.

Issue

When attempting to add a directory entry to the directory based configuration, the user receives the message WWW0B14 with message data (file name to be opened) of '' (empty).

Solution

The directory based configuration file entry in the CHGWWWCFG command has '*NONE' specified. Changed the entry to a valid file name and everything worked just fine.

Issue

When a user causes an error in Webulator, the parsed buttons at the bottom of the screen go away.

When the user presses the Reset button provided, the message stays and the buttons do not reappear - it appears as though nothing happens as a result of the Reset button.

Solution

The 5250 application screen was designed with allowable function keys described on line 24 of the display. When an error occurs, the message overwrites the function key line, eliminating the strings that the parsed buttons are based upon and, thus, removing the parsed buttons from the Webulator screen. In addition, the Reset button does not equate to a 5250 Error/Reset key - it is designed to reset the field contents in the HTML form. Recommend that the administrator include a bottom virtual keyboard row with the function keys allowed for the application in question so they will not be removed by the error message.

Issue

While switching from page to page of CGI form data with hidden values on the form, the user is noticing that if the text "1234 Main St" is entered in a field on the first form and subsequently included as a hidden variable on the second form. When reading data from the second form the value only includes "1234".

Solution

When the user inserted value= information with their program, they basically included the value that was read from the previous form. As a result, the HTML data that is actually inserted in the form looked something like the following:

<input type=hidden name="mailadd" value=1234 Main St>

The HTML specification says that, like the name= clause, the value= clause should be surrounded by quotes for the value. When you put multiple words into the mailaddr field, HTML rules indicate that only the first word (1234) will be recognized. When they surrounded it by quotes (value="1234 Some Rd"), it worked just fine.

Issue

Data in the configuration files is corrupted when changing the configuration via the Commerce Server/400 commands. This is a Denmark system and it seems to be that conversions are not being done properly from EBCDIC (278) to ASCII (850) for the letters STUVWXYZ. These letters end up as 0x00, 0x0d, or 0x25 in the resulting file.

Solution

We tried running the QTQRECOV system program to fix internal conversion tables, but this didn't seem to affect the problem. IBM was consulted, and once OS/400 was completely re-installed, everything worked fine.

Issue

Using Webulator version 2.0, the user does not receive the benefits of the Session Management functionality.

Solution

Session Management support works by issuing a cookie to the browser that contains the session information. The user was requesting the Webulator session via a different URL than what the AS/400 understood as its default domain name (eg: the user requested by IP address and the CHGWBLSVR HOSTNAME parameter reflects a domain name). Once the user requested the session by the appropriate domain name, everything worked fine. The customer was also using IE 4.01 with the URL http://www.domain.com:5061/ and the HOSTNAME parameter contained WWW.DOMAIN.COM. Internet Explorer is case sensitive and forces incoming entries to lower case. When they changed the AS/400 name to www.domain.com, everything worked just fine.

Issue

When viewing Commerce Server/400 jobs via the WRKACTJOB command, the user noticed that many jobs were in a MTXW state. In addition, many browser users were noticing very slow response.

Solution

It seems that users were continually replacing documents in the document root while the server is running. There is a high chance that the MTXW is based on a file locking situation within the OS/400 IFS support.

Issue

User receives message WWW0907 when attempting to start the server for the first time. The message indicates that there may be other messages in a joblog, error log, or spooled files for WWWUSER, but there are none.

Solution

When the product was installed, the user was not signed on as QSECOFR. As a result, proper authority (*USE) was not given to WWWUSER for the QSYSNOMAX job queue. Once given use authority, everything started and ran just fine.

Issue

User receives WWW0912 when attempting to start the server. No spooled files are generated for WWWUSER and no entries are added to the error log. The job log does not contain any messages that would help lead us to a solution.

Solution

After running a DAEMON trace, we discovered that the daemon job internally received a CPF9820 when attempting to create the logging queue. It turns out that the user had previously changed the authority to the WWWSERVER library. We changed it back to WWWUSER-*ALL and *PUBLIC-*CHANGE and the server started perfectly.

Issue

User receives WWW082A when attempting to start the server. Information in the message indicates that a CPD0032 error was received for the submit of program WWWDLOG.

Solution

CPD0032 indicates an authority problem with a command. It turns out that the user had modified the public authority to many commands on their AS/400 - including the SBMJOB command. We added *USE authority to CHGJOB for WWWUSER and the server started perfectly.

Issue

During step 4 of the installation process of the Lansa for the Web product, the user is questioning what to put into the "AS/400 AUTHENTICATION LIBRARY" field on the "LANSA FOR THE WEB LOAD DETAILS" screen.

Solution

According to Lansa Technical Support, Lansa users will not typically need to fill this in unless they are doing user authentication for the Lansa site stuff. If they do need to insert data into this field, they should consult with Lansa Technical Support at (800)457-4083.

Issue

Microsoft IE 4 receives an ActiveX error when running the keyboard plugin with Webulator.

Solution

The user adjusted the browser security values to do more checking (moved from low to high) and the ActiveX error went away.

Issue

After installing and starting Netscape Enterprise Server, the user receives the message "Internal Error - The administration server was unable to fulfill your request. Reason: Unauthorized host" when attempting to access the administrative server.

Solution

Looking in the ns-admin.conf file, we found that the "Hosts" and "Addresses" entries did not match the location information configured in the PC (Hosts indicates one domain and the user was attempting to access the server from a different domain). Changing these two lines caused it to work much better.

Issue

User receives MCH1001 in the joblog for the DAEMON job during STRWWW indicating a lack of authority to the object WWWUSER.

Solution

It turned out that the user profile WWWUSER did not have authority to itself. We changed it to *ALL and everything worked fine.

Issue

Using Webulator version 2.0 via a VPN, the user receives an internal error message indicating the error code 9230 when moving from the first to the second 5250 screen. The user has PTF WBL200001 installed.

Solution

Beginning with the installation of PTF WBL200001, session information is tracked by issuing a cookie to the browser that contains the session information. The user was requesting the Webulator session via a different URL than what the AS/400 understood as its default domain name (the user requested by IP address and the CHGWBLSVR HOSTNAME parameter reflects a domain name). The administrator removed the host entry from the TCP/IP configuration, allowing the IP address to flow through the HOSTNAME parameter, and the IP based request was successful.

Issue

When using Webulator with specific text color specifications, the text seems to only respond to screen attribute changes, e.g. - changing the text color to white keeps it green, but changing the display attribute to high intensity changes it to white.

Solution

It turns out that the virtual devices that were created and available were actually 5251-11 (monochrome) and OS/400 work management could not create new 3477-FC devices for use. As a result, everything in the DDS was responding as monochrome.

Issue

When writing data out from a CGI program, adding '*****' to a form comment caused the program to end with an errno of 3021 indicating an invalid DBCS (5035-932) conversion.

Solution

It turns out that the iconv() system API was bombing out when trying to convert this data. PTF #SF56472 has corrected this in V4R1.

Issue

The daemon WWD80 job just seemed to end. Looking at the system, everything else looks just fine. The resulting daemon joblog indicates that it ended with an end code of 20. Exploring SST, there were also some LIC error codes generated for this situation.

Solution

They are on V4R3 and had IBM assistance in diagnosing the problem. OS/400 PTFs MF22300 and SF56156 take care of this.

Issue

When setting up authentication, the directory based configuration reads:

 <DIRECTORY />
    <LIMIT GET PUT POST DELETE>
        REQUIRE valid-user
    </LIMIT>
    AUTHUSERFILE cfg/user.cfg STREAM
    AUTHNAME Limited access area
    AUTHTYPE BASIC
 </DIRECTORY>
 <DIRECTORY /QSYS.LIB/HTML.LIB>
    <LIMIT GET PUT POST DELETE>
        REQUIRE none
    </LIMIT>
 </DIRECTORY>

When accessing the URL for files in the HTML.LIB area of the system, the user is still prompted for user authentication.

Solution

The URL entered was for the HTML library and did not traverse to an individual file member to be served. The HTML library is still covered under the '/' directory. Once a full file path was requested, the authentication request should no longer appear. Still an issue - this works fine for us, but won't work for him. Resolved - It turns out he had an IMG tag within the index member of the library and the image that was requested was at '/hrweb/image.gif'. This image request (obviously back to the regular document root) is what caused the authentication request.

Issue

When printing a report (compiled listing) that was expected to be generated in landscape, the resulting printed report ended up as portrait.

Solution

This report was printed in a CGI mode via the IBM V4R2 HTTP server. Testing with other servers (Commerce Server/400, Netscape Enterprise) resulted in normal report generation. There appears to be something in the code of the HTTP server or the Host Print Transform code that gets stuck and begins causing the generation of faulty report results. By ending the server instance and starting it again, everything worked just fine.

Issue

When attempting to interface Merchant/400 with Net.Commerce version 3.2 (on V4R4) the customer continually received an API error for the "DO_PAYMENT" task indicating an error code of 2001, a reason of -305 and SQL query of SELECT SHADDR. When checked, the billto_rn value was 0 coming into WWWMNCM2.

Solution

A change to Net.Data has occurred since Merchant/400 version 1.1 was distributed causing @DTW_Assign clauses to be treated differently. Moving the assignment line @DTW_assign(DftBillTo,V_sarfnbr) within the default_billto() function (in orderdspp.ncimrc.d2w) from outside the row to inside the row corrected the problem. Note: In V4R2, Net.Data PTF 5769TC1-SF51304 corrected this problem. The macro code, after the modifications are made, looks something like:

 %REPORT{
  %ROW{
   <input type=hidden name="billto_rn" value="$(V_sarfnbr)">
   @DTW_assign(DftBillTo,V_sarfnbr)
  %}
 %}

Issue

While running under high activity load, many browser users received the message "Connection reset by peer" when they attempted to access the server, particularly via SSL.

Solution

Based on communication trace information from IBM, it turns out that the TCP/IP listener queue was filling up. Checking the CHGWWWCFG CONNQUESIZ parameter, it was set to 64. Once we changed Connection Queue Size to 512, everything worked just fine. We also turned Statistics Logging off and made sure they had PTF WWW130001 to speed their request processing up even further.

Issue

It takes a very long time to get things running when starting the server using STRWWW. It appears that the jobs are in a LCKW state for a long time.

Solution

In some cases, the trace user space actually causes this type of performance problem when starting the server or running server commands. We had them end all server instances and delete the WWWSERVER/TRCUSERSPC trace user space (*USRSPC) object. Once this was gone, the server started normally. This situation can also occur as a result of DNS access problems.

Issue

After installing COM100009 and a new Verisign certificate, browser users receive a message indicating that the browser does not recognize the signer/authority of the server certificate. Another indication is a message that the certificate issuer is untrusted or unknown.

Solution

Verisign has begun issuing chained certificates that require additional root certificate information at the server. To accomplish this, you must take the following steps:

1. link that is typically found at the following URL: http://www.verisign.com/server/cus/install/g/.
2. Using a text utility like Notepad, save the CA certificate to a file in the IFS (preferably in the same directory as your keylist file). Do this in a similar manner to installing your original certificate - by copying and pasting the certificate text (don't forget to include the BEGIN CERTIFICATE and END CERTIFICATE lines).
3. Clean up the certificate data by removing spaces at the beginning of any of the lines.
4. Run the ADDWWWROOT command, specifying the file from step 2, to add the intermediate CA to your keylist.

Issue

When attempting to print a report via Net Print/400, one of the following occurs:

1. Windows displays the error message 'Netprint Error Reading Input File Error The data area passed to a system call is too small'.
2. A few lines of HTML code are printed. Proxy server error log displays an error message relating to the server's host name.
3. A full page of HTML code is printed, including error message (Novell firewall).

Solution

The user was requesting the Webulator session via a different URL than what the AS/400 understood as its domain name (eg: the user requested by IP address and the CHGWBLSVR HOSTNAME parameter reflects a domain name). Once the user requested the session by the appropriate domain name, everything worked fine.

Issue

Received message "Internal Server Error, Unable to start another session. Error code = 34771" when attempting to start a Webulator session on a system running OS/400 V4R5.

Solution

The customer also noticed the error "CPF87D3 - Internal system error occurred in program QTVSINIT." in the WBVxxx joblog. IBM APAR #SA90162 addresses this problem. PTF #SF63471 (for 5769SS1) has been released by IBM to correct this. In addition, PTF #SF63472 has also been released to correct a similar problem in V4R4. IBM has included special instructions for WSG that apply (somewhat) to Webulator/400 users - Please make sure that you end all Webulator activity (with ENDWBL or ENDWWW command) before applying these PTFs. Note: IBM also lists SF63756 (V4R5) and SF63764 (V4R4) as PTFs that correct this problem.

Issue

Browser users note that links do not function and images do not display. No matter what URL is requested, it seems that only the home page is returned.

Solution

The administrator also noticed that the access log contains entries that look like "192.168.0.1 - - [27/Jul/2000:09:36:40 +0000] "" 500 0". Further investigation found that there was an internal OS/400 ASCII-EBCDIC conversion problem that resulted in the URL from the browser being converted to nulls. With IBM's assistance, the customer ran the program QTQRECOV to recover the internal conversion tables and this corrected the serving problems.

Issue

Net Print/400 users noticed that message CPF1022 was showing up in their joblogs when running the SNDSPLFNP command. The message indicated a lack of authority to the NETPRTINET library and a data area named after the user profile.

Solution

This message can be expected and is somewhat normal. It is indicating that the user does not have authority to create the data area (which stores the user's printer selection criteria) in the library. As a result, future executions of SNDSPLFNP with MFRTYPMDL(*USRPRF) will end with message NPW0B13. If desired, you should give the user sufficient authority to NETPRTINET so the data area can be created.

Issue

Received the error message MCH0601 when attempting to run the STRWWW command. Detailed message data includes a reference to the TRCUSERSPC object.

Solution

The trace user space TRCUSERSPC had become either damaged or contained erroneous data/state information. The user was asked to search for, and remove, any TRCUSERSPC user space (*USRSPC) objects found on the system. Once the user space(s) were deleted, the server was started, it recreated a new user space, and executed normally.

Issue

While visiting the Verisign site to obtain an SSL certificate, customers have found that they (Verisign) generate certificates for I/NET products - but they are found within the "Secure Certificate" area which advertises 40-bit security. In addition, I/NET does not appear in the list of providers that support the 128-bit "Global Certificate". As a result, many are confused about how to obtain a certificate that will support the domestic (128-bit) level of SSL security that is provided by I/NET products.

Solution

While Verisign's "Global Certificate" indicates 128-bit security, this simply refers to how exported browsers behave. The "Secure Certificate" still offers 128-bit security, but not for browsers that have 40-bit encryption capabilities. The Global Certificate offers a "step up" method (also known in IE as Server Gated Cryptography - or SGC), which allows export browsers the ability to run at 128-bit mode. Our servers (including Commerce Server/400 and Webulator/400) do not work in this mode, so the Secure Certificate is the appropriate choice. In addition, with recent export leniency by the US Government, obtaining a domestic browser is now much easier.

Issue

Whenever I start a Webulator/400 session, the browser Forward and Back buttons remain on the screen and are confusing to the user. How can I remove them from the browser window?

Solution

The solution includes an image pushbutton to activate the Webulator/400 session, as well as javascript to control the opening of a new window that will house the Webulator session. It all looks something like this:

Here is the javascript to do it (found toward the beginning of the HTML file):

 <SCRIPT>
   function webulate(){
     wbl=window.open("WindowName",
     "http://userid:password@www.mycompany.com:5061/",
     "toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=1,resizable=1")
   }
 </SCRIPT>

And here is the HTML line where the script is called (found wherever you want the image pushbutton displayed on the page):

 <A HREF="javascript:webulate()"
    ONMOUSEOVER="window.status='Start Webulator';return true"
    ONMOUSEOUT="window.status='';return true">
  <IMG SRC="../graphics/buttons/wblrun.gif"
       ALT="Start Webulator" WIDTH="120" HEIGHT="70" BORDER="0" VSPACE="10">
 </A>

Simply include these in your standard HTML page that points to Webulator/400, modify the appropriate site-specific information (like the host name and image location/name/attributes), and your users should be all set. When they press the wblrun.gif image, a new browser window will open with the Webulator/400 session (and there won't be any Forward/Back buttons).

Issue

How do I tell what version and PTFs I am running for each of the I/NET products?

Solution

Determining version is fairly straight-forward, but determining PTF level may be somewhat challenging. Let's take each product one at a time:

Webulator/400 version 2.0+:

• You can view the version by displaying a data area (issue the command "DSPDTAARA DTAARA(WEBULATOR/VERSION)").
• You can view the PTF level by displaying a physical file (issue the command "DSPPFM FILE(WEBULATOR/INSTLOG)").
• You can determine the SSL level (domestic vs. export) by displaying a service program (issue the command "DSPSRVPGM SRVPGM(WEBULATOR/WBLESRV)", proceed to Screen 3 of 10 (module list) and view the bottom of the list of modules - if the last two modules are named SSLCON_US and SSL3CON_US, you have the domestic version).

Webulator/400 version 1.x:

• You can view the version by displaying a data area (issue the command "DSPDTAARA DTAARA(WWWSERVER/VERSIONWBL)").
• Determination of PTF level is not completely clear. During the process of installing a PTF, you create a save file in library WWWSERVER and fill it with the PTF data (using FTP). When the PTF is installed (with the PTFINST command), this save file is cleared. As a result, an empty save file typically is an indication that the PTF has been installed. There are a number of things that can happen independant of the process that would short circuit this identification - e.g. you could create the save file and never download the data; you could manually delete the save file after installing the PTF. The best method for keeping track of installed PTFs is a log that you maintain.

Commerce Server/400:

• You can view the version by displaying a data area (issue the command "DSPDTAARA DTAARA(WWWSERVER/VERSION)").
• Determination of PTF level is not completely clear. During the process of installing a PTF, you create a save file in library WWWSERVER and fill it with the PTF data (using FTP). When the PTF is installed (with the PTFINST command), this save file is cleared. As a result, an empty save file typically is an indication that the PTF has been installed. There are a number of things that can happen independant of the process that would short circuit this identification - e.g. you could create the save file and never download the data; you could manually delete the save file after installing the PTF. The best method for keeping track of installed PTFs is a log that you maintain.
• You can determine the SSL level (domestic vs. export) by displaying a service program (issue the command "DSPSRVPGM SRVPGM(WWWSERVER/WWWESRV)", proceed to Screen 3 of 10 (module list) and view the bottom of the list of modules - if the last two modules are named SSLCON_US and SSL3CON_US, you have the domestic version).

Merchant/400:

• You can view the version by displaying a data area (issue the command "DSPDTAARA DTAARA(WWWSERVER/VERSIONMRC)").
• Determination of PTF level is not completely clear. During the process of installing a PTF, you create a save file in library WWWSERVER and fill it with the PTF data (using FTP). When the PTF is installed (with the PTFINST command), this save file is cleared. As a result, an empty save file typically is an indication that the PTF has been installed. There are a number of things that can happen independant of the process that would short circuit this identification - e.g. you could create the save file and never download the data; you could manually delete the save file after installing the PTF. The best method for keeping track of installed PTFs is a log that you maintain.

Net Print/400:

• You can view the version by displaying the list of software resources on your AS/400 (issue the command "DSPSFWRSC" and look for the product 7NETPRT).
• You can view the PTF level via standard AS/400 PTF determination (issue the command "DSPPTF LICPGM(7NETPRT)").

Issue

Received the message CPF3743 (File cannot be restored, displayed, or listed.) while attempting the "LODRUN DEV(*OPT)" command with the latest product installation CD (issued in May, 2001).

Solution

It has been determined that the product installation menu was erroneously saved to some CDs with a target release (TGTRLS) of V4R2M0. As a result, attempts to use the generic installation methods on an AS/400 with an earlier version (V3R7 or V4R1) of OS/400 will result in this situation. As a workaround (until a new CD is issued), it is possible to install the products independent of the installation menu by issuing their respective install commands. The individual commands to install each of the products on the CD are:

1. Webulator/400 version 2.0C:
   LODRUN DEV(OPT01) DIR('/EWBL400')
2. Commerce Server/400 version 1.0E:
   LODRUN DEV(OPT01) DIR('/CS400')
3. Net Print/400 V1R0M0:
   RSTLICPGM LICPGM(7NETPRT) DEV(OPT01) RLS(V1R0M0) REPLACERLS(*ONLY)
4. Merchant/400 version 1.2:
   LODRUN DEV(OPT01) DIR('/MRCH400')
5. Webulator/400 version 1.1B:
   LODRUN DEV(OPT01) DIR('/WBL400')
6. Web Server/400 version 1.3C:
   LODRUN DEV(OPT01) DIR('/WS400')

Issue

The browser user receives the error "NET.DATA Error: File /qdls/npw/macros/netprtsp.d2w not found." when attempting to execute the Net Print/400 Net.Data macros via the IBM HTTP Server.

Solution

This is usually accompanied by a CPF9006 message in the joblog of the HTTP server job. During the initial setup and configuration process, the netprtsp.d2w macro is typically copied to a directory where other Net.Data macros typically reside for execution. In this situation, the server has been configured to find the macro in it's shipped location in QDLS. The IBM HTTP Server user profile (normally QTMHHTP1) is not usually associated with an entry in the system distribution directory, which is necessary to access objects in the QDLS file system. Once the directory entry is added (via the ADDDIRE command), the macro becomes available to the server and can be viewed normally.

Issue

Would you help me with the steps to set up group authentication in Commerce Server/400? I have read the documentation, but am still unsure what I should do first. There is also no 'group.cfg' in my master configuration directory. Should I create this file, and if so, what command should I use?

Solution

Group authentication is fairly straight-forward. The difficulty comes from the lack of commands to work with the group/member relationships. This must be done manually, including the creation of the group.cfg file itself. Many users find it easiest to use Client Access (or a similar utility) to work with IFS directories from their PC so they can create and edit these types of files with tools like Notepad. Basically, here are the steps that you could take to set up group authentication:

• Set up the user authentication file and create all appropriate users as you would normally do (using the CHGWWWDIR and WRKWWWUSR commands).
• Create and fill the group.cfg file to associate individual users with groups, making sure that all users to be associated already exist in the user file. An example of what the group.cfg contents might look like follow:
  Group1: User1 User2 User3 User4
  IBM: Gerstner Palmisano Thompson
  INET: Markee Fitzgerald Bertoldi Firby Knapp
  
• Use the CHGWWWDIR command to include the new group.cfg file in the directory configuration.
• Add LIMIT and REQUIRE configuration elements to permit access to the directory by the named group desired. This actually is very similar to providing access for an individual user, you simply include GROUP and the group name in the REQUIRE entry instead of USER and user name. In the example above, you might specify "REQUIRE GROUP IBM".

Issue

Commerce Server/400 jobs seem to disappear on a system running OS/400 V5R1.

Solution

This situation is relevant to Web Server/400, Webulator/400 and Commerce Server/400 users. The customer noticed the error "WWW080A - TCP/IP givedescriptor call failed" with errno 3440 in the WWDxxx joblog. A single WWRxxx job was also still running (this WWRxxx job is sitting on a "takedescriptor" request). IBM APARs #MA24135, MA24238 & MA23386 seem to address this problem. PTF #MF27192 (for 5722999) has been released by IBM to correct this (PTFs MF27337 and MF27338 also seem to be related to this and other similar problems). IBM has included special instructions for TCP/IP that apply (somewhat) to Web Server/400, Webulator/400 and Commerce Server/400 users - Please make sure that you end all Webulator as well as all WS/400 & CS/400 server activity (with the ENDWBL and/or ENDWWW command) before applying this PTF.

Issue

Received the message WWW07D6 while attempting to start Commerce Server/400 using STRWWW on an AS/400 running V5R1.

Solution

The customer had previously experienced trouble ending TCP/IP and had to force the AS/400 power off. When power was restored and they attempted to run the STRWWW command, the WWW07D6 error occurred. It was also noted that the WWLxxx logging job ended with the message MCH3601 (this was simply a result of the WWDxxx daemon job terminating and deleting the internal server userspace). If the PROTOCOL parameters were changed to specify HTTP only (so the server was not SSL enabled), STRWWW completed normally. Further testing and diagnosis revealed that there may be an internal EBCDIC-ASCII conversion problem. With IBM's assistance, the customer ran the QTQRECOV system program to fix internal conversion tables. This corrected the problem and everything ran fine. Another customer, who happened to be in France, experienced problems when viewing the WBL0904 completion message from the STRWBL command (the actual message displayed on the terminal was garbled). Their situation was also corrected by running the QTQRECOV utility program.