[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8205
  • Last Modified:

Connect remotely to AS400 via Client Access

I am running Client Access in V4R3 iseries shop.  Have no trouble accessing inside.  I am trying to connect via Client Access outside the office.  I am putting in the public IP address with port 23.  The router has the public IP mapped to the internal AS400 ip address.  When CA tries to connect I get message:

CWBCO1049

Cause
The AS/400 system was contacted, but refused the connection request.

Recovery

Make sure the host servers have been started on the AS/400 system; see How to Start AS/400 Host Socket Servers.

If a TCP/IP router, firewall or gateway of some kind exists on the network between the PC and the AS/400 system, make sure the router is configured to allow connections to the Client Access Express host servers and to the Server Mapper on the AS/400 system. If message CWBCO1022 was logged as well, this message indicates the port number that must be allowed through the router to perform the Client Access Express function being attempted.

I have verified that everything appears to be started, but I can not get connected.  If I try to telnet into the AS400 I get "Could not open connection tio the host , on port 23: Connect failed"

Any idea on what is happening?
0
Kevin Caldwell
Asked:
Kevin Caldwell
  • 5
  • 4
  • 2
2 Solutions
 
tliottaCommented:
kevinecaldwell:

Vast majority of these are firewall/router issues. Very first step is to try simple Windows telnet rather than a more complex client such as Client Access which can require multiple ports for various parts of connection such as authentication.

Running tracert from a PC outside the network might be informative. Ping might also.

Tom
0
 
tliottaCommented:
...also, try CWBPING hostname.or.ipaddress from the PC. This can be run from a command line easy enough. It should give some results to chew on.

Tom
0
 
dedy_djajapermanaCommented:
hi,

if you're using client access, you have to "map" port 449 and 8476 in addition to port 23 (in the router).


0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
Kevin CaldwellOwner of RUseeingRed Tech SolutionsAuthor Commented:
OK, Last night I tried to communicate through the router to an XP pro laptop to see if my problem was before the AS400.  It turns out the router needed a firmware upgrade.  I could get into the lapout and I can now get into the AS400 via telnet.  Client access will still not work.  I have added the 2 ports mentioned by dedy, but I get the following message windows that pops up in client access:  In blue is PC5250 license error.  The body of the msg is CWBCO1049 - The AS/400 server application (Central Client) is not started.  I have done a endhostsvr and strhostsvr.   When I do the CWBPING to the public IP with the /port option, I get 3 successful messages.  If CWBPING is keyed on a local pc connected to the AS400, all of the lines come up successful.  
 
Any ideas?
0
 
tliottaCommented:
kevinecaldwell:

Client Access (or iSeries Access) requires licensing for the PC5250 component. In order to verify licensing, it is trying to talk with the *CENTRAL server. By default, *CENTRAL talks on port 8470.

For V5R2, see:

http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzaii/rzaiiservicesandports.htm

Tom
0
 
Kevin CaldwellOwner of RUseeingRed Tech SolutionsAuthor Commented:
I am still on V4R3.  Would that make a huge amount of difference?  I checked on the publication.   When running the wrksrvtble command, 8470 is listed as server as-central.  Is there piece somewhere else that I am missing?
Kevin
0
 
Kevin CaldwellOwner of RUseeingRed Tech SolutionsAuthor Commented:
Correction on the version.  The box is on V4R5.
Kevin
0
 
dedy_djajapermanaCommented:
hi

yes, tom's right, you need to map 8470 too

0
 
tliottaCommented:
Kevin:

The port assignments probably won't change much from release to release. IBM wouldn't want to cause trouble for net admins just because the AS/400 sys admin upgraded. (Which doesn't rule it out of course.) I'd be comfortable using the port number documentation for any recent release regardless what release I was running. Of course, you can always just view the assignments directly in the system's service table -- WRKSRVTBLE.

In general, you can change the port assignments and restart the servers if you really need different ports. As long as the server mapper remains on its default port and the client side is configured to request ports from the server mapper, Client Access _shouldn't_ have much problem adapting automatically. Note that the server mapper runs on a port in the well-known range while other host servers run in the next range up. (Hmmm... "registered ports"? Can't recall what that range is called.)

Tom
0
 
Kevin CaldwellOwner of RUseeingRed Tech SolutionsAuthor Commented:
Thanks for the help guys
After I routed ports 23 449 8470 & 8476, it worked.  I didn't realize that you needed all of the these ports for it to work.
Kevin
0
 
tliottaCommented:
Kevin:

iSeries Access (or Client Access and even PC Support) is a product that provides a whole bunch of services. Often, people need only terminal emulation or file transfer or ODBC or some other single facility.

But because some services require licensing, a port for license verification must be opened if those services are used. If ports will be determined through the server mapper, the server mapper port must be opened. (It's not required. The clients can be configured otherwise.) And any ports used for any individual facility must be opened of course.

It can seem like a lot of ports for "just one product", but they do have reasons.

Tom
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now