I have an update. I can now get a valid connection when starting System
Debugger from a 'Run SQL Scripts' session.
Progress... on the server, must issue both the following commands:
However, I have some authority issues. In System Debugger, I can now enter
a program name to debug, but when I do, I get the following error in System
"Not authorized to command STRSRVJOB in QSYS."
From the 'Established' entry below, I do an '8=Display Jobs':
Remote Remote Local
Opt Address Port Port Idle Time State
* * as-debug 002:14:14 Listen
10.51.96.212 62818 as-debug 001:59:44 Established
I get 1 job which appears to be assigned my user (JRUTH99):
Connection type . . . . . . : *TCP
Local address . . . . . . . : <IP address>
Local port . . . . . . . . . : 4026
Remote address . . . . . . . : <IP address>
Remote port . . . . . . . . : 62818
Type options, press Enter.
5=Work with job
Opt Name User Number Type User
QTESDBGSVR JRUTH99 106777 *BCH JRUTH99
When I look at the joblog of that job, I can see the "Not authorized to
So, my assumption is that this job is what is failing with the authorization
check. My user (JRUTH99) has *ALL authority to STRSRVJOB. I, using my
userID, started the debug server by issuing the STRSRVJOB command.
Should STRSRVJOB be initiated by user with QSECOFR authority perhaps?
What other user, group, jobd, etc. might cause the "Not authorized..."
Does the user of the job that started the "Run SQL Scripts" job have any
What user does the "System Debugger" session use when started from "Run SQL
On 10/16/22, 7:41 AM, "MIDRANGE-L on behalf of Marc Rauzier" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx on behalf of marc.rauzier@xxxxxxxxx> wrote:
Le 15/10/2022 à 19:32, Birgitta Hauser a écrit :
> Yep! You cannot do it on PUB400 ... I recently spoke with Holger about this problem (I have the same problem on my own partition).
> He thinks it is because the IBM i is accessed directly ... without any VPN (and this might be the problem).
Well, that's strange because I just tried to debug an ILE and and OPM CL
program with this System Debugger (initiated from iACS "Run SQL
scripts"), and I was successful to do it on PUB400. It was using 4026
On my laptop, I ran, at the same time, a Wireskark network capture and
all IP packets were initiated from my workstation (behind a NAT router,
so using a non-routed IP) to PUB400's IP using the 4026 port as the
target. So, from a network point of view, if there is no firewall, or if
there is one which allows traffic over this port, I cannot see any issue.
> I never have a problem with the customers where I access the IBM I via VPN.
> Mit freundlichen Grüßen / Best regards
> Birgitta Hauser
> Modernization – Education – Consulting on IBM i
> "Shoot for the moon, even if you miss, you'll land among the stars." (Les Brown)
> "If you think education is expensive, try ignorance." (Derek Bok)
> "What is worse than training your staff and losing them? Not training them and keeping them!"
> „Train people well enough so they can leave, treat them well enough so they don't want to.“ (Richard Branson)
> -----Original Message-----
> From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Marc Rauzier
> Sent: Samstag, 15. Oktober 2022 15:37
> To: midrange-l@xxxxxxxxxxxxxxxxxx
> Subject: Re: ACS System Debugger doesn't want to work
> Le 14/10/2022 à 19:57, jeremy.ruth@xxxxxxxxxxx a écrit :
>> Thank you Marc for your help.
> Yw, I often used this technique to check firewall issues.
>> I tried the SSH command from my workstation and it made a connection because I am seeing what you're seeing from netstat. An established entry from my workstation.
>> So the port is not blocked. Any other ideas?
> I am not really used to use the debugger nor I have an access with enough authority to an IBM i system to be able to help you more.
> However, here is what happens on PUB400 when I start the debugger from iACS SQL scripts like you do.
> Job listening on 3825 port is QB5ROUTER in QUSRWRK subsystem.
> Unfortunately I cannot see job log of this job.
> Job handling the tcp session on port 3825 with my workstation is QTESDBGSVR in QUSRWRK subsystem. It is submitted by QPGMR/QTESDBGHUB which runs in QSYSWRK subsystem at the time I request to start debugger.
> Unfornately I cannot see job log of this job.
> Have you got those two QB5ROUTER and QTESDBGHUB jobs active? Maybe you could check their job log? I can't do it on PUB400.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.