Thank you. Thank You. THANK YOU. It is great to find out I am not alone in this. Maybe we can arrange an uprising. I will bring some Pitchforks and Torches when we storm the Castle.
Here is where I stand today with this. There are IBM announcements out there about a server change and new server names. To have been enacted at the beginning of this month. Further research lets me ignore the new "Intermediate" Certs for now, because the meat of the announcement is that "Digicert CA" is expiring and we should be using "Digicert G2". We have been doing this for years so I do not care at this point in time. Turns out that the new server names in the announcement cannot be found via my usual DNS resolution servers in our network (or possibly ANY network ANYWHERE) The names in my "used to be working" jobs turn out to be DNS "Aliases" to somewhere else. My current theory is one of two things. 1) The IP address of the support server has changed. 2) My Firewall people just cannot leave things alone. They were recently challenging our rights to even access their network on the IPs and Ports we have been using for over 20 years. IF it is 1) --- The difficulties are caused by competing network admin attitudes. I cannot detect any address changes because network admins love to block ICMP and Traceroute from end to end becomes useless. They also like to hide the actual endpoint of the connection behind "Use the DNS, Luke" obscurity. The drawback to a poor end node victim is that I can not ask for an hole in the firewall without the actual endpoint IP. And noone wants me to have that information at the IPV4 level. In this particular case, the new DNS name is not findable from here (if it even actually exists) IF it is 2) --- The firewall staff need to be a little less OCD and go for therapy to allow "good enough" to be "enough". They complain of being overworked while at the same time insisting on intruding on thousands of connection from address to address... The combinations are ENDLESS. By DENY everything except the ones I 'allow' builds into quite a workload to select the 1000 ip/port connections from a pool of billions. My current detective work is trying to discover the IPV4 used today by IBM. So I can take my Hat in hand and go explain all of this to the Firewall staff so they can slice a microbe of time to search their logs and/or change their rules. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
