"Failed to establish connection to the host" Error adding new DB2 agents for instances on a Windows host (4310956)

When adding DB2 monitoring for Windows hosts in Foglight, users may encounter connection errors such as:

• "Failed to establish connection to the host"

• "A command shell connection could not be established"

These errors prevent successful DB2 agent deployment on Windows servers.

Cause 1:
Insufficient DCOM (WMI) permissions (most common issue)

Cause 2:
Incorrect DB2 hostname used during agent setup

Cause 3:
DB2 host is unavailable or offline

Cause 4:
Incorrect DB2 or OS credentials

Cause 5:
Remote Registry service is not running on the Windows host

Cause 6:
Required DCOM (WMI) ports are blocked by firewall or network policies

Resolution 1: (Most common)

When using DCOM/WMI:
The Foglight Agent Manager (FglAM) connecting to Windows hosts via WindowsShellService requires specific registry permissions.

Two main registry keys must be accessible:

• {72C24DD5-D70A-438B-8A42-98424B88AFB8} (Windows Script Host Shell Object)

• {0D43FE01-F093-11CF-8940-00A0C9054228} (FileSystem Object)

Refer to KB 4229811 for detailed instructions to enable WindowsShellService access on these registry keys.

When using WinRM:
Using WinRM avoids registry changes. Key notes:

• • The DB2 agent does not support short domain user IDs (e.g., corp\db2admin). Consider creating a compatible local user in DB2 due to authentication protocol limitations and how identity resolution works in Windows environments, especially with Kerberos and WinRM. 

  • For Basic authentication, use a local user ID (no domain).

  • For Negotiate authentication, use a fully qualified domain user and configure Kerberos (krb).

Resolution 2:
Verify the DB2 hostname is correct and resolvable from the FglAM server. Confirm required ports are open between FglAM and the DB2 host.

Resolution 3:
Confirm the DB2 host is online and reachable on the network.

Resolution 4:
Verify that OS credentials provided have sufficient permissions and are trusted. Confirm credentials work outside Foglight for both OS and DB2 access.

Resolution 5:
Ensure the Remote Registry Windows service is running on the DB2 host to allow remote registry access.

Resolution 6:
Confirm the following ports are open bidirectionally between FglAM and the DB2 host when using WMI:

DB2 listener port (default 50000)

135 (DCE/RPC Locator service, WindowsShellService, WMI)

139 (NetBIOS Session Service)

445 (Windows file shares)

Note: Two Enhancement Requests have been logged to skip the OS check when adding an DB2 agent. 

ER FGDB2-I-19 Skip OS check when adding a DB2 agent

ER FGDB2-I-26 Creating a DB2 agent wizard without OS information