I am getting below error when I am executing setmqaut on IBM-MQ queue manager
bash-4.4$ setmqaut -m QM1 -t qmgr -p mqadmin +connect
AMQ7026E: A principal or group name was invalid.
The error basically returns that MQ was not able to find user 'mqadmin'. Please check the queue manager CONNAUTH value for the configured authentication method. If the default 'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' is used then check within the machine to see if the user 'mqadmin' is available. If you are using LDAP for authentication then check if that 'mqadmin' is available on ldap server and MQ is able to contact ldap server.
Related
I'm setting an Mq server for learning purposes, which I call it QM1. So, I try aiming at the queue by typing in cmd:
amqsputc DEV.QUEUE.1 QM1
After asking for my password, it returns: MQCONNX ended with reason code 2035
I have set my local user and Win 10 group and after shuffling trhough MQ 9 documentation, here is my workaround attempts:
setmqaut -m QM1 -t qmgr -p app +connect (app is my user)
Included app tn my mqm group.
It still returns code 2035
I have two linux servers, one with the MQ Server version 8.0.0.6 and the other one with the MQ Client 8.0.0.4 installed. The application deployed in the Client(WebSphere Application) is not able to connect to the MQ server, it gives me an error that says:
JMSWMQ0018: Failed to connect to queue manager 'AEDMQ03A' with connection mode 'Client' and host name 'hostname(1414)'
I verified in the MQ Server that the queue manager AEDMQ03A is running, the AEDMQ03A listener is running on port 1414. I also could establish a connection from the client to the server with telnet MQhost 1414.
I checked the channels for qmgr AEDMQ03A(in the MQServer) with:
DISPLAY CHANNEL(AEDMQ03A,*) ALL
but i didn't find any channel from AEDMQ03A to the MQ Client host. I know that the command to create channels is:
DEFINE CHANNEL(JAVA.CHANNEL) CHLTYPE(SVRCONN) TRPTYPE(TCP)
In this particular case it would be something like DEFINE CHANNEL(AEDMQ03A.X) CHLTYPE(Y) TRPTYPE(TCP), but I am not quite sure what to type on the X variable, because in the MQ Client there are no qmgrs created. And i don't know what channel type should be if I want the connection from the MQ Client to the MQServer.
I created a local queue (QUEUE_TEST) to test the connection from the MQ Client to the qmanager AEDMQ03A in the MQ Server. I did the following:
1) start the AEDMQ03A queue manager, also made sure the listener is started too
2) create the svrconn channel with the command:
DEFINE CHANNEL(A03ZCIWAS) CHLTYPE(SVRCONN) TRPTYPE(TCP)
On the Client:
set the MQSERVER=A03ZCIWAS/TCP/'ip_adress_MQServer(1414)'
and then when i try with ./amqsputc QUEUE_TEST AEDMQ03A it gives me the error:
MQCONNX ended with reason code 2035
I know this error is a permission issue and I tried to solve it with setmqaut -m AEDMQ03A -t qmgr -g mqm +alladm +set, but it still giving me the same error.
You need to create a channel with type SVRCONN
runmqsc > DEFINE CHANNEL(AEDMQ03A.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP)
And for testing purpose [ONLY] try disabling the Security - If you have NOT done the 'setmqaut' for client users already
runmqsc > SET CHLAUTH('AEDMQ03A.SVRCONN') TYPE(BLOCKUSER) USERLIST('nobody')
runmqsc > alter authinfo(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(NONE)
runmqsc > REFRESH SECURITY (*)
runmqsc > end
Try connecting and share the details.
I am accessing an MQ8 server using HermesJms.
The latter has the following configuration:
However, when I am trying to "Discover" via the relevant option provided by Hermes, I get an 2035 with the following message appearing on the queue manager error logs:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
EXPLANATION:
The call to initialize the User ID 'pkaramol' failed with CompCode 2 and Reason
2035.
Note that pkaramol is my local OS user I am logged in as, in the linux machine running Hermes.
Questions:
1) Why I get the following error despite the fact that I have disabled both CHLAUTH and CONNAUTH:
ALTER QMGR CHLAUTH(DISABLED) CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
2) Why is the server perceiving pkaramol as the user trying to access the queue manager, although I am explicitly providing mquser in both ClientID and user fields of HermesJMS?
I cannot find much documentation on HermesJMS, but through some trial and error I found out that it does not honor the User and Password settings if you click Discover, it will always send the user you are logged in as to the queue manager, this is why you do not see the user mquser. Because you are running it as the user pkaramol which does not exist on the server where your queue manager is running you receive the following error:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
I also found that to perform the discover it opens a temporary dynamic queue using the model queue SYSTEM.DEFAULT.MODEL.QUEUE and puts PCF messages to the SYSTEM.ADMIN.COMMAND.QUEUE. In addition for it to discover any queue details you must have at minimum +inq and +dsp on the queues.
In your comment you stated you added the user pkaramol to the server and put it in the mqm group. While this is a quick way to get this to work, it does provide that user full MQ Admin access. You could provide your actual user with the following permissions and still be able to Discover all of the objects on the queue manager. Please replace the word group below with a group your user is a member of on the server:
setmqaut -m DMSQM -t qmgr -g group +connect +inq +dsp
setmqaut -m DMSQM -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -g group +inq +put +dsp
setmqaut -m DMSQM -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -g group +get +dsp
setmqaut -m DMSQM -n '**' -t queue -g group +inq +dsp
I also noted that once you have queues populated either through Discover or manually adding them, it will use the User that you specified.
Note that with CHLAUTH and CONNAUTH disabled the queue manager is taking whatever user is presented and using it. You could leave CONNAUTH enabled and specify a valid user and password and MQ would authenticate it.
Another option since Discover does not honor the User setting would be to set a MCAUSER on the SVRCONN channel of mquser.
You need to give the UserId 'pkaramol' permission to access the queue manager and the queues via the setmqaut command.
I have installed WebSphere MQ in my laptop and able to create MQ objects through MQ explorer.
When go to command prompt and run the crtmqm from MQ home/bin . I encountered " you are not authorised to perform this operation "
- I did installed MQ with my login and same login used to create MQ also.
- tried changing run--> services.msc and modify MQ installation permissions but no luck.
MQ CLI commands can be run by the members of the mqm group, and by the members of Administrators.
If your user account isn't a member of mqm, then you will need to start cmd with the option Run as Administrator.
somebody can help me in configuring Websphere MQ Server in WAS 8.5?I got the below error while creating the WAS MQ Server.
Error: WebSphere MQ server MQSERVER connection test failed for WebSphere MQ queue manager MQSERVER. CWSJP0050E: An attempt to connect to WebSphere MQ queue manager or queue sharing group MQSERVER failed. The WebSphere MQ reason code is Unknown (2538)..
MQRC 2538 means "host not available". Check the host name and port name that you have specified and is pointing to the machine where MQ queue manager "MQSERVER" is running.
Check on which port your queue manager is listening. You can do that by using MQExplorer or runmqsc command shell on the machine where you queue manager is running. In a command prompt, run the following command
runmqsc MQSERVER
Once the runmqsc shell opens run the following command to list TCP listener.
dis listener(SYSTEM.DEFAULT.LISTENER.TCP)
Check the PORT number displayed. By default it will be 0. You need to change this to some port number. To change the port number run the following command.
alter listner(SYSTEM.DEFAULT.LISTENER.TCP) port(1414)
Once this is done you need to start the listener by running the following command
start listener(SYSTEM.DEFAULT.LISTENER.TCP)
After this you can attempt your tests.