Solved

Connect remotely to AS400 via Client Access

Posted on 2004-09-24
11
7,471 Views
Last Modified: 2012-08-14
I am running Client Access in V4R3 iseries shop.  Have no trouble accessing inside.  I am trying to connect via Client Access outside the office.  I am putting in the public IP address with port 23.  The router has the public IP mapped to the internal AS400 ip address.  When CA tries to connect I get message:

CWBCO1049

Cause
The AS/400 system was contacted, but refused the connection request.

Recovery

Make sure the host servers have been started on the AS/400 system; see How to Start AS/400 Host Socket Servers.

If a TCP/IP router, firewall or gateway of some kind exists on the network between the PC and the AS/400 system, make sure the router is configured to allow connections to the Client Access Express host servers and to the Server Mapper on the AS/400 system. If message CWBCO1022 was logged as well, this message indicates the port number that must be allowed through the router to perform the Client Access Express function being attempted.

I have verified that everything appears to be started, but I can not get connected.  If I try to telnet into the AS400 I get "Could not open connection tio the host , on port 23: Connect failed"

Any idea on what is happening?
0
Comment
Question by:kevinecaldwell
  • 5
  • 4
  • 2
11 Comments
 
LVL 27

Expert Comment

by:tliotta
ID: 12148840
kevinecaldwell:

Vast majority of these are firewall/router issues. Very first step is to try simple Windows telnet rather than a more complex client such as Client Access which can require multiple ports for various parts of connection such as authentication.

Running tracert from a PC outside the network might be informative. Ping might also.

Tom
0
 
LVL 27

Expert Comment

by:tliotta
ID: 12185868
...also, try CWBPING hostname.or.ipaddress from the PC. This can be run from a command line easy enough. It should give some results to chew on.

Tom
0
 
LVL 6

Assisted Solution

by:dedy_djajapermana
dedy_djajapermana earned 250 total points
ID: 12188125
hi,

if you're using client access, you have to "map" port 449 and 8476 in addition to port 23 (in the router).


0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:kevinecaldwell
ID: 12190146
OK, Last night I tried to communicate through the router to an XP pro laptop to see if my problem was before the AS400.  It turns out the router needed a firmware upgrade.  I could get into the lapout and I can now get into the AS400 via telnet.  Client access will still not work.  I have added the 2 ports mentioned by dedy, but I get the following message windows that pops up in client access:  In blue is PC5250 license error.  The body of the msg is CWBCO1049 - The AS/400 server application (Central Client) is not started.  I have done a endhostsvr and strhostsvr.   When I do the CWBPING to the public IP with the /port option, I get 3 successful messages.  If CWBPING is keyed on a local pc connected to the AS400, all of the lines come up successful.  
 
Any ideas?
0
 
LVL 27

Accepted Solution

by:
tliotta earned 250 total points
ID: 12193349
kevinecaldwell:

Client Access (or iSeries Access) requires licensing for the PC5250 component. In order to verify licensing, it is trying to talk with the *CENTRAL server. By default, *CENTRAL talks on port 8470.

For V5R2, see:

http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzaii/rzaiiservicesandports.htm

Tom
0
 

Author Comment

by:kevinecaldwell
ID: 12193528
I am still on V4R3.  Would that make a huge amount of difference?  I checked on the publication.   When running the wrksrvtble command, 8470 is listed as server as-central.  Is there piece somewhere else that I am missing?
Kevin
0
 

Author Comment

by:kevinecaldwell
ID: 12193584
Correction on the version.  The box is on V4R5.
Kevin
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 12196551
hi

yes, tom's right, you need to map 8470 too

0
 
LVL 27

Expert Comment

by:tliotta
ID: 12203747
Kevin:

The port assignments probably won't change much from release to release. IBM wouldn't want to cause trouble for net admins just because the AS/400 sys admin upgraded. (Which doesn't rule it out of course.) I'd be comfortable using the port number documentation for any recent release regardless what release I was running. Of course, you can always just view the assignments directly in the system's service table -- WRKSRVTBLE.

In general, you can change the port assignments and restart the servers if you really need different ports. As long as the server mapper remains on its default port and the client side is configured to request ports from the server mapper, Client Access _shouldn't_ have much problem adapting automatically. Note that the server mapper runs on a port in the well-known range while other host servers run in the next range up. (Hmmm... "registered ports"? Can't recall what that range is called.)

Tom
0
 

Author Comment

by:kevinecaldwell
ID: 12258073
Thanks for the help guys
After I routed ports 23 449 8470 & 8476, it worked.  I didn't realize that you needed all of the these ports for it to work.
Kevin
0
 
LVL 27

Expert Comment

by:tliotta
ID: 12264619
Kevin:

iSeries Access (or Client Access and even PC Support) is a product that provides a whole bunch of services. Often, people need only terminal emulation or file transfer or ODBC or some other single facility.

But because some services require licensing, a port for license verification must be opened if those services are used. If ports will be determined through the server mapper, the server mapper port must be opened. (It's not required. The clients can be configured otherwise.) And any ports used for any individual facility must be opened of course.

It can seem like a lot of ports for "just one product", but they do have reasons.

Tom
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing remote iSeries IP printing through a VPN tunnel 4 465
iSeries change printer IP in Navigator 6 119
AS/400 Backup to Disk 7 470
IBM MQ moving messages from error queue 4 148
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question