iSeries OS upgrade breaks QNTC

We had a client upgrade their AS400 OS from 5.4 to 7.1.  Their QNTC was writing to a 2003 server.  We have an AS400 routine that converts files to PDF, writes them  to a QNTC path and then the website reads them. It was working fine before the upgrade. Now it give a "file not found" error. When I open up iNavigator and use the same login as the website I cant see any QNTC paths and I was able to see them before the upgrade.  Any thoughts what might be wrong?
akobes05Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott SilvaNetwork AdministratorCommented:
Did they follow all upgrade instructions? Apply all relevant PTF's on 5.4 before the upgrade?
Can you have someone check permissions via a QSECOFR login to make sure the website login has permission to access QNTC?

There shouldn't be anything that could break that unless there was an error during the upgrade that no one addressed...
0
Gary PattersonVP Technology / Senior Consultant Commented:
After an IPL, QNTC paths may need to be recreated for servers that aren't on the local subnet:

https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/ifs/rzaaxntmkdir.htm

- Gary
0
akobes05Author Commented:
Doesnt 7.1 use different protocols? Can a 7.1 AS400 OS even write to Server 2003?
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Scott SilvaNetwork AdministratorCommented:
I believe 7.1 still uses SMB V1 if I remember correctly.
0
MurpheyApplication ConsultantCommented:
First try to use mono-case passwords, so WELKOM1 or welkom1  Instead of Welkom1
for some environments (especially Microsoft) mixed-case will give unpredictable results.

BTW, why upgrading to 7.1 while the life-cycle ends on 30-Apr-2018.
0
Gary PattersonVP Technology / Senior Consultant Commented:
QNTC and NetServer only support SMB 1.0 in V7R1 and lower releases.  Support for SMB V2.0 is available in V7R2 and above.  As of V7R3 (current version), there is no support for SMB V3.0.

http://www-01.ibm.com/support/docview.wss?uid=nas8N1011878

For those of you on V7R2 and later, here is an important Technote related to SMB V2.0:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1022198
0
Gary PattersonVP Technology / Senior Consultant Commented:
I don't know of any reason V7R1 QNTC won't work with Windows 2003.  Lots of variable though, and troubleshooting QNTC can be difficult.  Post back if you are still having problems.  Did you try manually creating QNTC sub-directories as I outlined above?
0
akobes05Author Commented:
I called IBM and ran through some troubleshooting with them.  Based on the errors messages we were getting on the AS400 its an issue exchanging security information between the AS400 and the windows server.  ALso they said the password should be all lowercase on the windows server since the password level on the AS400 is 1.

I dont know what the issue is.  I setup a test user on the AS400 and a local user on the windows server. Both have the same lowercase password.  In QNTC I can see the server but not the shares. I have verified that the share has the appropriate permissions.

Does windows log failed security requests somewhere.  Hopefully I can see what user/password its trying to connect with.
0
MurpheyApplication ConsultantCommented:
"Also they said the password should be all lowercase...."

Correct All lower OR!!! all upper I prefer all Upper, because that is the Case that SecLevel 1 is working with.
0
Gary PattersonVP Technology / Senior Consultant Commented:
This expert suggested creating a Gigs project.
Yes, you'll need to check the Security Event Log on the target server (the one with the share you are accessing), and also possibly on each domain controller.  Make sure these servers are configured to log authority failures.  

Post back the following info:

Specific error messages you observed while troubleshooting with IBM.
Windows OS on each domain controller: ???
Full event log message for any authority failure messages logged.

IBM probably walked you though all of these, but at V7R1 with QPWDLVL=1, here are some items you should check.  Helpful if you posted back specifics on each item:

Have all recommended NetServer PTFs been applied after upgrade?  
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021541

Verify NetServer domain is configured the same as Windows:
Navigator - NEtwork - Servers - TCP/IP - IBM i NetServer (r click) - Configuration  (post config, please)

Verify Windows server and domain names are 15 characters or less in length, and verify Windows share names are 12 characters or less in length.

Verify that user IDs on IBM i and Windows have matching passwords (all lower case on Windows), are enabled, and that the Windows ID has adequate share permissions and NTFS permissions.  (Can't tell you how often someone has told me "nothing changed on Windows", and it had.)

Are the IBM i and Windows file server on the same subnet?  If not, you won't be able to browse from QNTC unless WINS is configured, and will have to manually configure your shares in QNTC.  What happens if you:
MKDIR '/QNTC/<NT server name>'
or
MKDIR '/QNTC/<IP address>'

From the Windows 2003 box, can you browse to NetServer using the IBM i DNS name or IP address in File Explorer?

================================================================================

If all else fails, run a QNTC Trace, and post the results.  Note that this could disclose information you prefer to keep private, so review the log before you post.  

CALL QZLCTRC (t x'FFFFFFFF') /* Starts Trace */
Attempt to access share via QNTC, wait for failure
CALL QZLCTRC (t x'00000000') /* Ends Trace */
CALL QZLCTRC (p)     /* Print trace - spooled file is QSYSPRT */
CALL QZLCTRC (c)     /* Clear trace data */

If you know how, or have someone who does, I'd also like to see a WireShark trace.  Same security considerations apply.  Look carefully before you share.

Consider setting up a new user profile and password for temporary use if you plan to post traces, and delete them after capture.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MurpheyApplication ConsultantCommented:
no comment
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.