I want to access queue manager via mq explorer but getting an error:
Could not establish a connection to the queue manager - reason 2538. (AMQ4059)
Could not establish a connection to the queue manager - reason 2538. (AMQ4059)
Severity: 10 (Warning)
Explanation: The attempt to connect to the queue manager failed. This could be because the queue manager is incorrectly configured to allow a connection from this system, or the connection has been broken.
Response: Try the operation again. If the error persists, examine the problem determination information to see if any information has been recorded.
I followed all the instructions in https://www-01.ibm.com/support/docview.wss?uid=swg21623113 in order to allow mq explorer to be able to access mq server but still no luck.
IBM MQ Server details:
Version: 8
OS: Centos
Running in a docker container
Using port 1417 since my 1414 port is not available for another MQ server
Listener is up an running and pointing port 1417
Channel is defined as it is described in the link that I shared (I disabled all security features as it is described)
I have a sample Java App that I can put/get messages and it is working fine
MQ Explorer details:
Also running in another docker container thanks to
https://github.com/ibm-messaging/mq-container/tree/master/incubating/mq-explorer
I can telnet MQ Server from xterm so there is no issue about the connectivity
Although I disabled all security features, I also tried to create the same username on server as well as my xterm but it did not work either.
I was expecting to get an error message in my MQ Server to understand the issue but surprisingly there is no error message at all ...
Screenshot
You've stated that your queue manager(s) are running in a container and your MQ Explorer is running in another container. I've noticed you've supplied 0.0.0.0 as your hostname but the container where MQ Explorer is running has no queue managers running on it!
If you run the following command (replacing with the ID of the container running your queue managers) you should get the IP address of the container on the docker subnet. Try using that IP address in MQ Explorer instead of 0.0.0.0:
docker inspect --format "{{ .NetworkSettings.IPAddress }}" <QM container>
If your container is on a different docker network then you will need to run the following replacing with the name you gave the docker network:
docker inspect --format "{{ .NetworkSettings.Networks.<Network Name>.IPAddress }}" <QM container>
Additionally, when you created your queue manager container did you remember to expose the 1417 port you are trying to use? By default the mq-container sample only exposes the following ports: 1414, 9157 & 9443. When you ran the container you would of needed to expose the ports but supplying --publish-all --publish 1417 when you ran the container. For example:
docker run -d -e LICENSE=accept --publish-all --publish 1417 ibmcom/mq
You have attempted to connect your MQ Explorer to your queue manager using the following connection details:-
Host name or IP address: 0.0.0.0
Port number: 1417
Server-connection channel: SYSTEM.ADMIN.SVRCONN
and you have received return code MQRC_HOST_NOT_AVAILABLE(2358) which says that the network address is not reachable.
Common reasons for this error include not having a TCP.IP listener running using that port, but you have told us you have got a listener running.
The IP address you have used is the problem. Change the IP address in your MQ Explorer configuration to the actual IP address where the queue manager is running. If the MQ Explorer and Queue Manager are on the same machine (in the same container), you can use the localhost hostname or the IP address 127.0.0.1, otherwise, please use the assigned IP address for the machine. From your screenshot it appears that this might be a 192.168.* address.
You don't say what version of IBM MQ your queue manager is running under. i.e. v7.5, v8.0, v9.0 or v9.1.
Did you give yourself CHLAUTH permission to use the SYSTEM.ADMIN.SVRCONN channel? Most likely you are being blocked by the backstop rule.
Also, if you are on IBM MQ v8.0 or higher then then CONNAUTH could be blocking you.
Here are 2 good links to walk you through your issue.
https://www.ibm.com/developerworks/community/blogs/aimsupport/entry/blocked_by_chlauth_why?lang=en
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.mig.doc/q001110_.htm
Related
I am trying to set up OpenVPN so that I can access machines inside an Azure subnet from my pc which is outside Azure.
I have successfully installed OpenVPN on both server (Windows Server 2019) and pc (Windows 10) using the instructions here: https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide?__cf_chl_jschl_tk__=pmd_889e3e419b8b865ffd4da6e493bef6df0782273e-1629275604-0-gqNtZGzNAfijcnBszQgi, and I can successfully connect from client to server, however, I cannot connect to any other machine on the Azure subnet upon which the server is sitting.
The server and the other machines I want to connect to are on a 10.0.0.0 subnet, and the VPN is coming up on the 10.8.0.0 network as I would expect from the examples.
I have enabled IP routing on the server as recommended in the OpenVPN FAQ but this has not fixed the issue.
I have also added a 'push "route 10.0.0.0 255.255.255.0"' line to the server config, and I can see from the client log (and the client routing table) that this has been executed, but I am still unable to connect to other machines in the subnet.
I was looking into using Tap instead of Tun, but when I dug into at what was actually being used, it looks as if as if both ends are using the Tap adaptor anyway, even though I have specified 'dev tun' in both the client and the server configs.
I have had bit of a trawl but can't find anything about the Tap adaptor when the Tun adaptor has been configured, so that is a bit of a mystery.
The only other thing that I have read is that it might be necessary to set up a route back to the OpenVPN subnet on the gateway server for 10.0.0.0, but that's not a server I control as it's part of the Azure infrastructure.
What do I have to do to get access to other machines on the 10.0.0.0 subnet? And why is the Tap adaptor being selected despite the config specifying the Tun adaptor ?
I made a number of other changes before I finally got it sorted out - I do not know if they were all necessary but in addition to the above:
I changed 'dev tun' to 'dev tap' in the server and client configs.
I followed the instructions here NAT-hack to add NAT to the server.
And finally, I added 'route 10.0.0.0 255.255.255.0 10.8.0.1' to the
server config file.
I created two sample application(tcp-server and tcp-client) for checking TCP connection in istio environment. Used the below link to create server and client in g0
https://www.linode.com/docs/guides/developing-udp-and-tcp-clients-and-servers-in-go/
Deployed the application in kubernetes cluster and tested without istio, it is working fine.
But after installing istio(demo configuration, followed this url to install istio: https://istio.io/latest/docs/setup/getting-started/),
and redeploying the apps to fill with envoy-proxy, the client is not connecting to server
Also using below command makes the server connect success
sh -c "echo world | nc 10.244.1.29 1234" is
What am I doing wrong?
Posting the solution I found.
Issue: I was trying to connect to server using ip address and nodePort, which some how not working in istio environment
Solution: From Client instead of providing ip address and nodePort of server node, give service name and container port of server app.
Extra Info: For using client from outside cluster, create gateway and virtual service for server. In your external client provide nodePort and ip address of istio-ingress pod as server destination
I have a kubernetes cluster running on GKE and a Jenkins server running on a GCP instance.
I am using the Kubernetes plugin to dynamically create pods on the kubernetes cluster. I created a pipeline(Declarative syntax) for the same.
So I am aware that the Jenkins slave agents communicates with the Jenkins master on port 50000.
A snip of the configuration
But for some reason when I viewed the logs for the JNLP container creates by Jenkins, I received an exception - tcpSlaveAgentListener not found.
A snip of the container log
According to the above image, I assume the tunneling is unsuccessful as it is trying to connect to http://34.90.46.204:8080/tcpSlaveAgentListener/ whereas it should connect to http://34.90.46.204:50000/tcpSlaveAgentListener/.
It was a lazy question for me to ask, but I solved the issue.
In the Manage Jenkins-> Configure Global Security settings:
For the option on setting a port for TCP inbound agents: unselect the disable option which is selected by default and then provide a port for the inbound agents to interact on (50000).
A snip of the configuration
Jenkins uses a TCP port to communicate with agents connected inbound. If you're going to use inbound agents, you can allow the system to randomly select a port at launch (this avoids interfering with other programs, including other Jenkins instances). As it's hard for firewalls to secure a random port, you can instead specify a fixed port number and configure your firewall accordingly.
Hope this helps someone.
This isa configuration of Remote Services for serving remote apps in windows 2016 server via rdp:
host1 - Session Host - Collection1 - notepad
host2 - Session Host - Collection1 - notepad
broker1 - Broker + Web Server
If I connect from an external client via rdp I can execute notepad remotely on the less loaded host, thats correct as I have the load balancer equally for both hosts. The flow is to go to the broker, and the broker will redirect you to the hostN. I can retrieve the rdp file from remote web server.
What I cant do is to, inside host1 and for new sessions, connect via rdp locally to run an app on that host. It always goes to the broker to decide where to go. Even if I specify full address as localhost it can go to host1 or host2, it is not deterministic.
Is there any option to specify remote app host and skip broker Load Balancing?
Many thanks.
Answering my own question:
you can disable the GPO setting Use RD Connection Broker load balancing which is under Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker. Make sure that the GPO is linked to the OU of your RD Session Host servers.
I have installed RabbitMQ in my Windows 7 machine but it's not getting started and throws following error:
Unable to connect to epmd on : address (cannot connect to host/port)
I have installed RabbitMQ 3.5.4 and Erlang 18.0.
I used netstat -an and I was able to see port 4369 is in listening mode, but I don't see 5672, 5671 ports in listening mode, is that the problem? if so how to resolve it?
I tried to reinstall both Erlang and RabbitMQ, but no luck.
I thought latest version of RabbitMQ is not supported in Windows 7, so downgraded to RabbitMQ 3.1.3. but no luck.
I have even added hostname in Windows hosts file, no luck.
My Windows firewall is already turned off, so wont be blocking any port.
From "Services" Window, I see RabbitMQ service is not started. even if I manually start it, it again goes back to stopped state.
Have you checked Windows Firewall to make sure it's allowing all the proper ports through?
According to the RabbitMQ docs:
Port Access
Firewalls and other security tools may prevent RabbitMQ from binding to a port. When that happens, RabbitMQ will fail to start. Make sure the following ports can be opened:
4369 (epmd), 25672 (Erlang distribution)
5672, 5671 (AMQP 0-9-1 without and with TLS)
15672 (if management plugin is enabled)
61613, 61614 (if STOMP is enabled)
1883, 8883 (if MQTT is enabled)
It is possible to configure RabbitMQ to use different ports.
I would turn of Windows Firewall and see if it runs. If it runs with Firewall off, then you will need to open these ports in the Firewall
Have you already follow this guide to troubleshoot your problem?
https://www.rabbitmq.com/troubleshooting.html
Taking from above link:
If the (windows) service fails to start, make sure the service has been installed.
On starting the service, if the service output reads "The process terminated unexpectedly" instead, then the service did not start
correctly. Check that the environment variables are set correctly. The
logfiles in RABBITMQ_BASE may also contain useful diagnostic
information.
If RABBITMQ_BASE path contains non-ASCII characters, RabbitMQ service may fail to start with the error "RabbitMQ: Erlang machine
stopped instantly (distribution name conflict?)". If this is the case,
override RABBITMQ_BASE to point to a directory that only has ASCII
characters and re-install the service (restarting will not be
sufficient).