?
Solved

Connect remotely to AS400 via Client Access

Posted on 2004-09-24
11
Medium Priority
?
7,910 Views
Last Modified: 2012-08-14
I am running Client Access in V4R3 iseries shop.  Have no trouble accessing inside.  I am trying to connect via Client Access outside the office.  I am putting in the public IP address with port 23.  The router has the public IP mapped to the internal AS400 ip address.  When CA tries to connect I get message:

CWBCO1049

Cause
The AS/400 system was contacted, but refused the connection request.

Recovery

Make sure the host servers have been started on the AS/400 system; see How to Start AS/400 Host Socket Servers.

If a TCP/IP router, firewall or gateway of some kind exists on the network between the PC and the AS/400 system, make sure the router is configured to allow connections to the Client Access Express host servers and to the Server Mapper on the AS/400 system. If message CWBCO1022 was logged as well, this message indicates the port number that must be allowed through the router to perform the Client Access Express function being attempted.

I have verified that everything appears to be started, but I can not get connected.  If I try to telnet into the AS400 I get "Could not open connection tio the host , on port 23: Connect failed"

Any idea on what is happening?
0
Comment
Question by:kevinecaldwell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 27

Expert Comment

by:tliotta
ID: 12148840
kevinecaldwell:

Vast majority of these are firewall/router issues. Very first step is to try simple Windows telnet rather than a more complex client such as Client Access which can require multiple ports for various parts of connection such as authentication.

Running tracert from a PC outside the network might be informative. Ping might also.

Tom
0
 
LVL 27

Expert Comment

by:tliotta
ID: 12185868
...also, try CWBPING hostname.or.ipaddress from the PC. This can be run from a command line easy enough. It should give some results to chew on.

Tom
0
 
LVL 6

Assisted Solution

by:dedy_djajapermana
dedy_djajapermana earned 1000 total points
ID: 12188125
hi,

if you're using client access, you have to "map" port 449 and 8476 in addition to port 23 (in the router).


0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:kevinecaldwell
ID: 12190146
OK, Last night I tried to communicate through the router to an XP pro laptop to see if my problem was before the AS400.  It turns out the router needed a firmware upgrade.  I could get into the lapout and I can now get into the AS400 via telnet.  Client access will still not work.  I have added the 2 ports mentioned by dedy, but I get the following message windows that pops up in client access:  In blue is PC5250 license error.  The body of the msg is CWBCO1049 - The AS/400 server application (Central Client) is not started.  I have done a endhostsvr and strhostsvr.   When I do the CWBPING to the public IP with the /port option, I get 3 successful messages.  If CWBPING is keyed on a local pc connected to the AS400, all of the lines come up successful.  
 
Any ideas?
0
 
LVL 27

Accepted Solution

by:
tliotta earned 1000 total points
ID: 12193349
kevinecaldwell:

Client Access (or iSeries Access) requires licensing for the PC5250 component. In order to verify licensing, it is trying to talk with the *CENTRAL server. By default, *CENTRAL talks on port 8470.

For V5R2, see:

http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzaii/rzaiiservicesandports.htm

Tom
0
 

Author Comment

by:kevinecaldwell
ID: 12193528
I am still on V4R3.  Would that make a huge amount of difference?  I checked on the publication.   When running the wrksrvtble command, 8470 is listed as server as-central.  Is there piece somewhere else that I am missing?
Kevin
0
 

Author Comment

by:kevinecaldwell
ID: 12193584
Correction on the version.  The box is on V4R5.
Kevin
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 12196551
hi

yes, tom's right, you need to map 8470 too

0
 
LVL 27

Expert Comment

by:tliotta
ID: 12203747
Kevin:

The port assignments probably won't change much from release to release. IBM wouldn't want to cause trouble for net admins just because the AS/400 sys admin upgraded. (Which doesn't rule it out of course.) I'd be comfortable using the port number documentation for any recent release regardless what release I was running. Of course, you can always just view the assignments directly in the system's service table -- WRKSRVTBLE.

In general, you can change the port assignments and restart the servers if you really need different ports. As long as the server mapper remains on its default port and the client side is configured to request ports from the server mapper, Client Access _shouldn't_ have much problem adapting automatically. Note that the server mapper runs on a port in the well-known range while other host servers run in the next range up. (Hmmm... "registered ports"? Can't recall what that range is called.)

Tom
0
 

Author Comment

by:kevinecaldwell
ID: 12258073
Thanks for the help guys
After I routed ports 23 449 8470 & 8476, it worked.  I didn't realize that you needed all of the these ports for it to work.
Kevin
0
 
LVL 27

Expert Comment

by:tliotta
ID: 12264619
Kevin:

iSeries Access (or Client Access and even PC Support) is a product that provides a whole bunch of services. Often, people need only terminal emulation or file transfer or ODBC or some other single facility.

But because some services require licensing, a port for license verification must be opened if those services are used. If ports will be determined through the server mapper, the server mapper port must be opened. (It's not required. The clients can be configured otherwise.) And any ports used for any individual facility must be opened of course.

It can seem like a lot of ports for "just one product", but they do have reasons.

Tom
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question