AS/400 Loses Communication with the Server Manager After PTF Apply

If you added any JAVA related PTF’s to your AS/400 recently, have you noticed that right after applying the PTFs that the AS/400 Server Manager Agent is no longer communicating with the Server Manager?

With the newer versions of AS/400 JAVA, IBM disabled the use of the security protocol that the Server Manager uses: 3DES_EDE_CBC.  In order to fix this you need to update the java.security file found in the IFS under: /qopensys/QIBM/ProdData/JavaVM/jdk60/32bit/jre/lib/security. Be aware that you have to do this for the version of JAVA that your SM Agent uses.

In order to find out what JAVA the agent uses, from WRKJVMJOB find one of the QP0ZSPWP jobs running along with the agent, specifically the one that shows function: JVM-com.jdedwa. Use option 5 to view the Job and option 2 to see the JAVA environment variables. Expand the JAVA_HOME directory structure by placing the cursor on the field and pressing F22. It will show the full directory to the version.

After you find the JAVA_HOME,  add on the ‘/jre/lib/security/java.security’ and use WRKLNK ‘/qopensys/QIBM/ProdData/JavaVM/jdk60/32bit/jre/lib/security/java.security’. Use option 2 in order to update the file, searching for ‘jdk.tls’ on the Control line with F16.

In order to get them communicating once more, you will need to update this file, re-enabling the prototype by deleting the ‘3DES_EDE_CBC,’ from this line. Then F3 to save.

This will immediately fix the SM agent communication issue. However, Oracle has you IPL the system in order to for this to take effect for the rest of the programs on your system that may be using this same JAVA version.

For more information reference:
E1: SVM: Enable Support for 3DES_EDE_CBC Algorithm in IBM Java And Related Issues ( Doc ID 2256869.1 )