I am using IBM Websphere MQ 7.5 in Unix system. I have installed the client on my machine and server is running on other machine. I am observing a scenario where I am able to communicate with server when running my JMS application via 'mqm' user but facing below mentioned error when using other user.
But I am able to run 'amqsputc' and 'amqsgetc' command and communicate with the server with mqm as well as other user also. I have followed all steps mentioned http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.ins.doc/q009300_.htm?lang=en
Exception:
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'TestManager' with connection mode 'Client' and host name 'x.x.x.x(9923)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:521)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:221)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:426)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:6902)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6277)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:285)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6233)
at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQueueConnectionFactory.java:120)
at com.ibm.mq.jms.MQQueueConnectionFactory.createConnection(MQQueueConnectionFactory.java:203)
at performance.IBMMQTestProducer.start(IBMMQTestProducer.java:142)
at performance.IBMMQTestProducer.main(IBMMQTestProducer.java:177)
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').**
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:209)
... 9 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2035;AMQ9509: Program cannot open queue manager object. [1=2035,5=???]**
at com.ibm.mq.jmqi.internal.JmqiTools.getQueueManagerInfo(JmqiTools.java:783)
at com.ibm.mq.jmqi.remote.impl.RemoteSession.loadInfo(RemoteSession.java:1993)
at com.ibm.mq.jmqi.remote.impl.RemoteSession.getName(RemoteSession.java:2026)
at com.ibm.mq.jmqi.remote.api.RemoteHconn.getName(RemoteHconn.java:728)
at com.ibm.mq.ese.intercept.JmqiConnInterceptorImpl.validate(JmqiConnInterceptorImpl.java:321)
at com.ibm.mq.ese.intercept.JmqiConnInterceptorImpl.afterConnect(JmqiConnInterceptorImpl.java:226)
at com.ibm.mq.ese.intercept.JmqiConnInterceptorImpl.afterJmqiConnect(JmqiConnInterceptorImpl.java:133)
at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:315)
at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:337)
I am able to run it when I am running as myself and passing 'mqm' when starting the connection.
connection = cf.createConnection("mqm", "pswd");
I am not getting anything in manager's log. Below is the log.
------------------------------------------------------------------------------
10/30/2015 06:50:54 AM - Process(31064.1) User(mqm) Program(strmqm)
Host(x.x.x.x) Installation(Installation1)
VRMF(7.5.0.2)
AMQ7125: There are 83 days left in the trial period for this copy of WebSphere
MQ.
EXPLANATION:
This copy of WebSphere MQ is licensed for a limited period only.
ACTION:
None.
Given that you have told us that you have successfully connected and run the amqsgetc and amqsputc client samples using the same server-connection channel as you are attempting to use for your JMS program that suggests that this is not a connection time problem, in other words the MQCONN to the queue manager has been successful and something following that is failing. We know that you can MQPUT and MQGET (since that is what the aforementioned samples do).
Something that JMS does that those simple samples do not do, is an MQINQ of the queue manager. The following part of your exception makes me wonder if that is what you are tripping over:-
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2035;
AMQ9509: Program cannot open queue manager object. [1=2035,5=???] at
com.ibm.mq.jmqi.internal.JmqiTools.getQueueManagerInfo(JmqiTools.java:783) at
To be completely certain you must check the queue manager AMQERR01.LOG to see what is reported there. If it is missing authorization then it will tell you there.
Related
could not establish a connection to the queue manager - reason 2538. (amq4059) severity: 10 (warning)
explanation: the attempt to connect to the queue manager failed. this could be because the queue manager is incorrectly configured to allow a connection from this system, or the connection has been broken. response: try the operation again. if the error persists, examine the problem determination information to see if any information has been recorded.
Please tell how do I resolve this.
We've tryed to test connection to the remote queue manager after installing MQ client v7.5 on Windows Server 2019. We've used Rfhutilc for this and got 'Host not available' inspite of the fact that telnet connection to the corresponding address was succecfully established. Also we tryed to connect using MQ client v9.0 with the same result.
AMQERR01.LOG (client v.7.5) reported following details:
29.09.2020 15:36:10 - Process(10828.2) User(Администратор) Program(rfhutilc.exe)
Host(-) Installation(Installation1)
VRMF(7.5.0.6)
AMQ9208: Error on receive from host 'X.X.X.X'.
EXPLANATION: An error occurred receiving data from 'X.X.X.X' over TCP/IP. This may be due to a communications failure.
ACTION: The return code from the TCP/IP recv() call was 10054 (X'2746'). Record these values and tell the systems administrator.
----- amqccita.c : 4065 -------------------------------------------------------
29.09.2020 15:37:56 - Process(10828.1) User(Администратор) Program(rfhutilc.exe)
Host(-) Installation(Installation1)
VRMF(7.5.0.6)
AMQ9202: Remote host 'X.X.X.X' not available, retry later.
EXPLANATION: The attempt to allocate a conversation using TCP/IP to host 'X.X.X.X' was not successful. However the error may be a transitory one and it may be possible to successfully allocate a TCP/IP conversation later.
ACTION: Try the connection again later. If the failure persists, record the error values and contact your systems administrator. The return code from TCP/IP is 10060 (X'274C'). The reason for the failure may be that this host cannot reach the destination host. It may also be possible that the listening program at host 'X.X.X.X' was not running. If this is the case, perform the relevant operations to start the TCP/IP listening program, and try again.
Here is an example of how traffic data looks like when Rfhutilc refuses to connect to the queue.
As soon as according to the picture there was some code page issue we've tryed to set MQCCSID environment variable with the value 1208 and it helpled.
Also connection attempt via Rfhutilc was succeful while running under another user with login "admin" even though without setting MQCCSID variable.
But I failed to find explanation for this. Did the CCSID of the MQ client differ from system code page of what? And how could I find out default CCSID of MQ client then?
MQ client v7.5 worked just fine on the Windows Server 2012 R2 right after installing. Rfhutilc v7.5 was used both on Server 2012 and Server 2019 for testing.
I am trying to put a message into Websphere MQ queue from an Orchestration which is deployed on Cast Iron Live. I have used secure connector since the orchestation is deployed on Cast Iron. When I am trying to execute the flow, it fails and the message is not placed in MQ queue. The below are the errors:
Error while trying to call remote operation execute on Secure Connector for activity
com.approuter.module.mq.activity.MqPut and Secure Connector LocalSecureConnector,
error is Unable to put message on queue null. MQ returned error code 2538.
Unable to put message on queue null. MQ returned error code 2538.
Fault Name : Mq.Put.OperationActivityId : 163
Message: Unable to put message on queue null. MQ returned error code 2538.
Activity Name:Put MessageFault Time: 2015-07-15T05:40:29.711Z
Can someone please help me resolve this. Please let me know if any further details are required.
Here are the details:
Cast Iron flow is deployed on Cast Iron Cloud i.e Cast Iron Live
MQ is running on-premise
The port I am trying to connect is 1414.
Have a secure connector running on the machine where MQ is installed.
MQ version is 8.
In Cast Iron flow, I am using an MQ connector, by giving the hostname where MQ is running, port: 1414, Channel Name : SYSTEM.DEF.SVRCONN and username as mqm. Tired using my log on username, by adding it to mqm group. But this also dosent seem to work.
The return code is instructive:
2538 0x000009ea MQRC_HOST_NOT_AVAILABLE
This indicates that Cast Iron is attempting to contact MQ using a client connection and not finding a listener at the host/port that it is using.
There are a couple of possibilities here but not enough info to say which it might be. I'll explain and provide some diagnostics you can try.
The 2538 indicates an attempt to contact the QMgr has failed. This might be that, for example, the QMgr isn't listening on the configured port (1414) or that the MQ listener is not running.
The error code says the queue name is "null". The question doesn't specify which queue name the connector is configured with but presumably it's been configured with some queue name. This error code suggests the Secure Connector on the MQ server side doesn't have its configuration installed.
The Cast Iron docs advise connecting with an ID in the mqm group but do not mention that on any MQ version 7.1 or higher this is guaranteed to fail unless special provisions are made to allow the admin connection. It may be that it's actually failing for an authorization error and the connector not reporting the correct error.
If it is as simple as the listener not running, that's easy enough to fix. Just start it and make sure it's on 1414 as expected.
Next, ensure that the Secure Connector has the configuration that was created using the Cast Iron admin panel. You need to understand why the error code says the queue name is null.
Now enable Authorization Events and Channel Events in the QMgr and try to connect again. The connector on the MQ server should connect when started and if successful you can see this by looking at the MQ channel status. However, if unsuccessful, you can tell by looking at the event messages or the MQ error logs. Both of these will show authorization failures and connection attempts, if the connection has made it that far.
The reason I'm expecting 2035 Authorization Error failures is that any QMgr from v7.1 and up will by default allow an administrative connection on any channel. This is configured in the default set of CHLAUTH rules. The intent is that the MQ admin would have to explicitly provision admin access by adding one or more new CHLAUTH rules.
For reasons of security SYSTEM.DEF.* and SYSTEM.AUTO.* channels should never be used for legitimate connections. The Best Practice is to define a new SVRCONN, for example one named CAST.IRON.SVRCONN and then define a CHLAUTH rule to allow the administrative connection.
For example:
DEFINE CHL(CAST.IRON.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP) REPLACE
SET CHLAUTH('CAST.IRON.SVRCONN') TYPE(ADDRESSMAP) +
ADDRESS('127.0.0.1') +
USERSRC(MAP) MCAUSER('mqm') +
ACTION(REPLACE)
SET CHLAUTH('CAST.IRON.SVRCONN') TYPE(BLOCKUSER) +
USERLIST('*NOBODY') +
WARN(NO) ACTION(REPLACE)
The first statement defines the new channel.
The next one allows the connections from 127.0.0.1 which is where the Secure Connector lives. (Presumably you installed the internal Secure Connection on the same server as MQ, yes?) Ideally the connector would use TLS on the channel and instead of IP filtering the CHLAUTH rule would filter based on the certificate Distinguished Name. This rule is not nearly so slective and allows anyone on the local host to be an MQ administrator by using this channel.
The last statement overrides the default CHLAUTH rule which blocks *MQADMIN with a new rule that blocks *NOBODY but just for that channel.
We are have a IBM websphere MQ[v5.2] on AIX platform and my machine is windows 7 pro which has MQ client v7.5.
I tried to connect to server remotely but i received a Authorization error message. This is because my local user account does have rights to connect to queue manager remotely.
So,i created a new user account in my system with some name as on server which has rights to put/get message and now i am able to connect in client mode[Websphere MQ v7.5].
I don't know whether it is actually connecting to server but it is not giving me authorization error message so i took it as success. But the issue is, when I tried to put message into queue from cmd using amqsputc Queue_name mqm the queue is opening and taking a message. But when i tried to get the message using command amqsgetc queue_name mqm it says "NO MORE MESSAGE".
What could be the issue?
Screen shot:
The fact the amqsputc doesnt give an error, and the fact the amqsgetc runs through to success implies the functionality is working. However, it finds nothing on the queue which makes me very suspicious that you have an application listening on that queue, which will consume the message as it arrives and hence before your amqsgetc. Check DISPLAY QSTATUS in runmqsc for IPPROCS on the queue - is it 0 when amqsgetc isnt running?
When standalone client and jboss server runs on the same machine, everything works fine, but when i try to run the JBoss on a VM, i can get a JNDIContext from the Server,i can do a successful lookup, but i cannot establish a connection.
The Client throwing an exception as:
Exception in thread "main" javax.jms.JMSException: Failed to create session factory
at org.hornetq.jms.client.HornetQConnectionFactory.createConnectionInternal(HornetQConnectionFactory.java:605)
at #org.hornetq.jms.client.HornetQConnectionFactory.createConnection(HornetQConnectionFactory.java:119)
...
Caused by: HornetQException[errorCode=2 message=Cannot connect to server(s). Tried with all available servers.]
at org.hornetq.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:769)
at org.hornetq.jms.client.HornetQConnectionFactory.createConnectionInternal(HornetQConnectionFactory.java:601)
... 2 more
And the server End showing msg as,
JBAS011806: Channel end notification received, closing channel Channel ID 459d0f32 (inbound) of Remoting connection 00e9212a to /192.168.35.29:42179
I have seen other posts also related to this issue , but I didnt clear with the solution . So Plz help me out and forgive me If I am asking silly question since I am new in this domain.
Thanks.
You have to configure the port on the server. You probably have the server starting as localhost and you are connecting externally, in such way the JNDI can connect but not the HornetQ connector.
You certainly have a configuration error, but without knowing version, what actual message you got and configuration options I have little information to help you more beyond that.