Attempt to establish connection failed with security reason "24" 
("USERNAME AND/OR PASSWORD INVALID").  SQLSTATE= 08001 

Explanation: 

The attempt to connect to the remote database server was rejected 
due to invalid or incorrect security information.  The cause of 
the security error is described by the <reason-code> and 
corresponding <reason-string> value.  

 The following is a list of reason codes and corresponding reason 
strings: 
 

  0  (NOT SPECIFIED) The specific security error is not         
specified.  

  1  (PASSWORD EXPIRED) The password specified in the request has   
expired.  

  2  (PASSWORD INVALID) The password specified in the request is    
not valid.  

  3  (PASSWORD MISSING) The request did not include a password.  

  4  (PROTOCOL VIOLATION) The request violated security         
protocols.  

  5  (USERID MISSING) The request did not include a userid.  

  6  (USERID INVALID) The userid specified in the request is not    
valid.  

  7  (USERID REVOKED) The userid specified in the request has been  
revoked.  

  8  (GROUP INVALID) The group specified in the request is not      
valid.  

  9  (USERID REVOKED IN GROUP) The userid specified in the request  
has been revoked in the group.  

  10  (USERID NOT IN GROUP) The userid specified in the request is  
not in the group.  

  11  (USERID NOT AUTHORIZED AT REMOTE LU) The userid specified in  
the request is not authorized at the remote Logical Unit.  

  12  (USERID NOT AUTHORIZED FROM LOCAL LU) The userid specified in 
the request is not authorized at the remote Logical Unit when     
coming from the local Logical Unit.  

  13  (USERID NOT AUTHORIZED TO TP) The userid specified in the     
request is not authorized to access the Transaction Program.  

  14  (INSTALLATION EXIT FAILED) The installation exit failed.  

  15  (PROCESSING FAILURE) Security processing at the server        
failed.  

  16  (NEW PASSWORD INVALID) the password specified on a change     
password request did not meet the server's requirements.  

 17 (UNSUPPORTED FUNCTION) the security mechanism specified by    
the client is invalid for this server.  Some typical examples: 

o   The client sent a new password value to a server that does    
    not support the change password function.  

o   The client sent SERVER_ENCRYPT authentication information to  
    a server that does not support password encryption.  

o   The client sent a userid (but no password) to a server that   
    does not support authentication by userid only.  

o   The client has not specified an authentication type, and the  
    server has not responded with a supported type.  This may     
    include the server returning multiple types from which the    
    client is unable to choose.  

 

 18 (NAMED PIPE ACCESS DENIED) The named pipe is inaccessible due 
to a security violation.  

 19 (USERID DISABLED or RESTRICTED) The userid has been disabled, 
or the userid has been restricted from accessing the operating    
environment at this time.  

 20 (MUTUAL AUTHENTICATION FAILED) The server being contacted     
failed to pass a mutual authentication check. The server is       
either an imposter, or the ticket sent back was damaged.  

 21 (RESOURCE TEMPORARILY UNAVAILABLE) Security processing at the 
server was terminated because a resource was temporarily          
unavailable. For example, on AIX, no user licenses may have been  
available.  

 24 (USERNAME AND/OR PASSWORD INVALID) The username specified,    
password specified, or both, are invalid.  

 25 (Connection disallowed) The connection is disallowed by the   
security plugin.  

 26 (Server security plugin error) Security plugin encountered an 
unexpected error on the database server.  

 27 (Server security plugin error) Invalid server credential.  

 28 (Server security plugin error) Server credential expired on   
the database server.  

 29 (Server security plugin error) Security plugin received an    
invalid security token on the database server.  

 30 (Client security plugin error) Required API is missing in the 
client security plugin.  

 31 (Client security plugin error) Wrong client security plugin   
type.  

 32 (Client security plugin error) No matching GSS-API security   
plugin is available on the client for connection to the           
database.  

 33 (Client security plugin error) Unable to load the client      
security plugin.  

 34 (Client security plugin error) Invalid client plugin name.  

 35 (Client security plugin error) The version of the APIs        
reported by the client security plugin is not compatible with     
DB2 

 36 (Client security plugin error) Client security plugin         
encountered an unexpected error.  

 37 (Client security plugin error) Client security plugin         
encountered an invalid principal name.  

 38 (Client security plugin error) Invalid client credential.  

 39 (Client security plugin error) Client security plugin         
received an expired credential.  

 40 (Client security plugin error) Client security plugin       
received an invalid security token.  

User Response: 

 Ensure that the proper userid and/or password is supplied.  

 The userid may be disabled, the userid may be restricted to 
accessing specific workstations, or the userid may be restricted 
to certain hours of operation.  

 For reason code 17, retry the command with a supported 
authentication type.  

 For reason code 20, make sure the authentication mechanism for 
the server is started, and retry.  

For reason code 26, 33, and 36, check the administration 
notification log file on the client and on the server for more 
information. Fix the problem identified by the error message text 
in the administration notification log.  

For reason code 27, verify that the server credential is provided 
during security plugin initialization and that it is in a format 
recognized by the security plugin.  As the credential will be 
used to accept contexts, it must be an ACCEPT or BOTH 
credential.  

For reason code 28, renew the server's credential and then 
resubmit the statement.  If renewing alters the credential handle,
then a db2stop and db2start will be necessary.  

For reason code  29  and  40 , resubmit the statement. If the problem 
still exists, then verify that the partner security plugin is 
generating a valid security token.  

For reason code  30 , check the administration notification log 
file for the name of the required missing API. Add the missing 
API to the security plugin.  

For reason code  31 , specify the right type of security plugin in 
the appropriate database manager configuration parameter. For 
example, do not specify a userid-password based security plugin 
for the SRVCON_GSSPLUGIN_LIST database manager configuration 
parameter.  

For reason code  32 , install the matching security plugin that the 
database server used on the client. Ensure that the indicated 
security plugin is located in the client-plugin directory.  

For reason code  34 , specify a valid security plugin name. The 
name should not contain any directory path information.  

For reason code  35 , ensure that the security plugin is using a 
supported version of the APIs and that it is reporting a correct 
version number.  

For reason code  37 , check the administration notification log 
file for the principal name. Make sure the prinicpal name is in a 
format that is recognized by the security plugin.  

For reason code  38 , verify that the client credential (generated 
by db2secGenerateInitialCred or provided as an inbound delegated 
credential) is in a format recognized by the security plugin.  As 
the credential will be used to initate contexts, it must be an 
INITIATE or BOTH credential.  

For reason code  39 , the user issuing the statement must obtain 
the appropriate credentials (or re-obtain their initial 
credentials) and then resubmit the statement.  

 sqlcode :  - 30082  

 sqlstate :   08001