RE: ACS System Debugger doesn't want to work -- MIDRANGE-L

Thank you, Marc. That authority article was what I needed (https://www.ibm.com/support/pages/authorities-requried-debugging-using-graphical-gui-debugger).

I can now start a debug session
I can add a program to the session

Next Issue: Breakpoints don't seem to work

Setup:
I have a debug session set to a stored procedure program (I have DBGVIEW = *SOURCE)
I am debugging my "Run SQL Scripts" job
I have a breakpoint set

From my "Run SQL Scripts" window, I call the stored proc.

Issue:
Debugger looks like it wants to work (a yellow highlighted line briefly appears on my breakpoint then disappears quickly)
Get a window stating: Program 'ProgramName' has run to completion

With 2 breakpoints, the yellow highlighted line quickly shows on both lines then disappears.

It's like it wants to stop executing at the breakpoints, but automatically continues executing past all breakpoints to the end. What could cause this?

Jeremy

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Marc Rauzier
Sent: Monday, October 17, 2022 3:55 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: ACS System Debugger doesn't want to work

Le 17/10/2022 à 22:24, Jeremy Ruth a écrit :

I have an update. I can now get a valid connection when starting
System Debugger from a 'Run SQL Scripts' session.

Progress... on the server, must issue both the following commands:
STRDBGSRV
STRTCPSRV *DBG

However, I have some authority issues. In System Debugger, I can now
enter a program name to debug, but when I do, I get the following
error in System
Debugger:

"Not authorized to command STRSRVJOB in QSYS."

From the 'Established' entry below, I do an '8=Display Jobs':

Remote Remote Local
Opt Address Port Port Idle Time State
* * as-debug 002:14:14 Listen
10.51.96.212 62818 as-debug 001:59:44 Established

I get 1 job which appears to be assigned my user (JRUTH99):

Connection type . . . . . . : *TCP
Local address . . . . . . . : <IP address>
Local port . . . . . . . . . : 4026
Remote address . . . . . . . : <IP address>
Remote port . . . . . . . . : 62818

Type options, press Enter.
5=Work with job

Current
Opt Name User Number Type User
QTESDBGSVR JRUTH99 106777 *BCH JRUTH99

When I look at the joblog of that job, I can see the "Not authorized
to STRSRVJOB..." messages

So, my assumption is that this job is what is failing with the
authorization check. My user (JRUTH99) has *ALL authority to
STRSRVJOB. I, using my userID, started the debug server by issuing the STRSRVJOB command.

I have found some documents which talk about needed authority:

https://www.itjungle.com/2020/06/08/guru-graphical-debugging-through-acs/
https://community.ibm.com/community/user/power/discussion/system-debugger-getting-communications-error-when-starting-debug-server
https://www.ibm.com/support/pages/authorities-requried-debugging-using-graphical-gui-debugger
https://www.youtube.com/watch?v=z4nVNFKYNeI

But, I am not sure to understand you: do you mean that JRUTH99 has *ALL (this is too high, *USE is enough) authority on QSYS/STRSRVJOB command, but you still have an authority issue on that command?

Ideas:
Should STRSRVJOB be initiated by user with QSECOFR authority perhaps?

STRDBG, STRSRVJOB, ADDBKP commands will be initiated by your user profile. And all the commands must run within the same job. So you cannot ask someone to login with QSECOFR, use STRSRVJOB, then use other debugging commands with your user id. It will not work.

As far as I understand, all those commands will be initiated from the GUI within your QTESDBGSVR job.

What other user, group, jobd, etc. might cause the "Not authorized..."
message?
Does the user of the job that started the "Run SQL Scripts" job have
any bearing (<job#>/QUSER/QZDASOINIT)?

The current user of this job, yes. I mean not QUSER but it should be your user profile.

What user does the "System Debugger" session use when started from
"Run SQL Scripts"?

Your user profile, I mean the one you used to login within "Run SQL scripts".

Thanks,
Jeremy

On 10/16/22, 7:41 AM, "MIDRANGE-L on behalf of Marc Rauzier" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx on behalf of marc.rauzier@xxxxxxxxx> wrote:

Le 15/10/2022 à 19:32, Birgitta Hauser a écrit :
> Yep! You cannot do it on PUB400 ... I recently spoke with Holger about this problem (I have the same problem on my own partition).
> He thinks it is because the IBM i is accessed directly ... without any VPN (and this might be the problem).

Well, that's strange because I just tried to debug an ILE and and OPM CL
program with this System Debugger (initiated from iACS "Run SQL
scripts"), and I was successful to do it on PUB400. It was using 4026
tcp port.

On my laptop, I ran, at the same time, a Wireskark network capture and
all IP packets were initiated from my workstation (behind a NAT router,
so using a non-routed IP) to PUB400's IP using the 4026 port as the
target. So, from a network point of view, if there is no firewall, or if
there is one which allows traffic over this port, I cannot see any issue.

> I never have a problem with the customers where I access the IBM I via VPN.
>
> Mit freundlichen Grüßen / Best regards
>
> Birgitta Hauser
> Modernization – Education – Consulting on IBM i
>
>
> "Shoot for the moon, even if you miss, you'll land among the stars." (Les Brown)
> "If you think education is expensive, try ignorance." (Derek Bok)
> "What is worse than training your staff and losing them? Not training them and keeping them!"
> „Train people well enough so they can leave, treat them well enough so they don't want to.“ (Richard Branson)
>
>
> -----Original Message-----
> From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Marc Rauzier
> Sent: Samstag, 15. Oktober 2022 15:37
> To: midrange-l@xxxxxxxxxxxxxxxxxx
> Subject: Re: ACS System Debugger doesn't want to work
>
> Le 14/10/2022 à 19:57, jeremy.ruth@xxxxxxxxxxx a écrit :
>> Thank you Marc for your help.
> Yw, I often used this technique to check firewall issues.
>> I tried the SSH command from my workstation and it made a connection because I am seeing what you're seeing from netstat. An established entry from my workstation.
>>
>> So the port is not blocked. Any other ideas?
> I am not really used to use the debugger nor I have an access with enough authority to an IBM i system to be able to help you more.
>
> However, here is what happens on PUB400 when I start the debugger from iACS SQL scripts like you do.
>
> Job listening on 3825 port is QB5ROUTER in QUSRWRK subsystem.
> Unfortunately I cannot see job log of this job.
> Job handling the tcp session on port 3825 with my workstation is QTESDBGSVR in QUSRWRK subsystem. It is submitted by QPGMR/QTESDBGHUB which runs in QSYSWRK subsystem at the time I request to start debugger.
> Unfornately I cannot see job log of this job.
>
> Have you got those two QB5ROUTER and QTESDBGHUB jobs active? Maybe you could check their job log? I can't do it on PUB400.
>
>
>> Jeremy
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com