Solved

Connect remotely to AS400 via Client Access

Posted on 2004-09-24
11
7,184 Views
Last Modified: 2012-08-14
I am running Client Access in V4R3 iseries shop.  Have no trouble accessing inside.  I am trying to connect via Client Access outside the office.  I am putting in the public IP address with port 23.  The router has the public IP mapped to the internal AS400 ip address.  When CA tries to connect I get message:

CWBCO1049

Cause
The AS/400 system was contacted, but refused the connection request.

Recovery

Make sure the host servers have been started on the AS/400 system; see How to Start AS/400 Host Socket Servers.

If a TCP/IP router, firewall or gateway of some kind exists on the network between the PC and the AS/400 system, make sure the router is configured to allow connections to the Client Access Express host servers and to the Server Mapper on the AS/400 system. If message CWBCO1022 was logged as well, this message indicates the port number that must be allowed through the router to perform the Client Access Express function being attempted.

I have verified that everything appears to be started, but I can not get connected.  If I try to telnet into the AS400 I get "Could not open connection tio the host , on port 23: Connect failed"

Any idea on what is happening?
0
Comment
Question by:kevinecaldwell
  • 5
  • 4
  • 2
11 Comments
 
LVL 27

Expert Comment

by:tliotta
ID: 12148840
kevinecaldwell:

Vast majority of these are firewall/router issues. Very first step is to try simple Windows telnet rather than a more complex client such as Client Access which can require multiple ports for various parts of connection such as authentication.

Running tracert from a PC outside the network might be informative. Ping might also.

Tom
0
 
LVL 27

Expert Comment

by:tliotta
ID: 12185868
...also, try CWBPING hostname.or.ipaddress from the PC. This can be run from a command line easy enough. It should give some results to chew on.

Tom
0
 
LVL 6

Assisted Solution

by:dedy_djajapermana
dedy_djajapermana earned 250 total points
ID: 12188125
hi,

if you're using client access, you have to "map" port 449 and 8476 in addition to port 23 (in the router).


0
 

Author Comment

by:kevinecaldwell
ID: 12190146
OK, Last night I tried to communicate through the router to an XP pro laptop to see if my problem was before the AS400.  It turns out the router needed a firmware upgrade.  I could get into the lapout and I can now get into the AS400 via telnet.  Client access will still not work.  I have added the 2 ports mentioned by dedy, but I get the following message windows that pops up in client access:  In blue is PC5250 license error.  The body of the msg is CWBCO1049 - The AS/400 server application (Central Client) is not started.  I have done a endhostsvr and strhostsvr.   When I do the CWBPING to the public IP with the /port option, I get 3 successful messages.  If CWBPING is keyed on a local pc connected to the AS400, all of the lines come up successful.  
 
Any ideas?
0
 
LVL 27

Accepted Solution

by:
tliotta earned 250 total points
ID: 12193349
kevinecaldwell:

Client Access (or iSeries Access) requires licensing for the PC5250 component. In order to verify licensing, it is trying to talk with the *CENTRAL server. By default, *CENTRAL talks on port 8470.

For V5R2, see:

http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzaii/rzaiiservicesandports.htm

Tom
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:kevinecaldwell
ID: 12193528
I am still on V4R3.  Would that make a huge amount of difference?  I checked on the publication.   When running the wrksrvtble command, 8470 is listed as server as-central.  Is there piece somewhere else that I am missing?
Kevin
0
 

Author Comment

by:kevinecaldwell
ID: 12193584
Correction on the version.  The box is on V4R5.
Kevin
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 12196551
hi

yes, tom's right, you need to map 8470 too

0
 
LVL 27

Expert Comment

by:tliotta
ID: 12203747
Kevin:

The port assignments probably won't change much from release to release. IBM wouldn't want to cause trouble for net admins just because the AS/400 sys admin upgraded. (Which doesn't rule it out of course.) I'd be comfortable using the port number documentation for any recent release regardless what release I was running. Of course, you can always just view the assignments directly in the system's service table -- WRKSRVTBLE.

In general, you can change the port assignments and restart the servers if you really need different ports. As long as the server mapper remains on its default port and the client side is configured to request ports from the server mapper, Client Access _shouldn't_ have much problem adapting automatically. Note that the server mapper runs on a port in the well-known range while other host servers run in the next range up. (Hmmm... "registered ports"? Can't recall what that range is called.)

Tom
0
 

Author Comment

by:kevinecaldwell
ID: 12258073
Thanks for the help guys
After I routed ports 23 449 8470 & 8476, it worked.  I didn't realize that you needed all of the these ports for it to work.
Kevin
0
 
LVL 27

Expert Comment

by:tliotta
ID: 12264619
Kevin:

iSeries Access (or Client Access and even PC Support) is a product that provides a whole bunch of services. Often, people need only terminal emulation or file transfer or ODBC or some other single facility.

But because some services require licensing, a port for license verification must be opened if those services are used. If ports will be determined through the server mapper, the server mapper port must be opened. (It's not required. The clients can be configured otherwise.) And any ports used for any individual facility must be opened of course.

It can seem like a lot of ports for "just one product", but they do have reasons.

Tom
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

A procedure for exporting installed hotfix details of remote computers using powershell
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now