I’m new to MQ. I have successfully installed WebSphere MQ, setup the queue managers, queues and channels between the queue managers. I have set up agents and I can start, stop and successfully ping the agents but the agents are not listed as shown on the attached screen shot. I have been trying to make the agents work so that I can test file transfer and set it up in our environment.
I even tried to create new coordination and command queue managers and no luck. I even tried the fteListAgents -p (coordination queue manager) and -v
I will really appreciate all the help I can get.
What is the user id you are logged into machine as? Is it Administrator (on Windows)? If so you may be hitting the 12 character user id issue. Administrator is 13 character long and the 'r' at the end may be getting chopped off. I recommend you to look at this troubleshooting link.
If your windows user id is longer than 12 character, check this out:
1) Agents are started, but MQ Explorer agent list is empty?
2) Check under Queuemanager->YOURQM->Subscriptions -> User. Do you see your windows user name truncated to 12 characters?
3) Create a new windows user, with the user name as the 12 characters trancated user.
4) Add this 12 characters username to the Admin group.
MQ FTE used the queued PubSub mechanism. Usually this problem happens because the ID being used doesn't have access to publish. The procedure to diagnose this is as follows:
Download the MS0P SupportPac and install it into WMQ Explorer.
Enable authorization events on the Coordination Qmgr.
Stop and restart an agent or two.
Open MQ Explorer to the queues panel and find the SYSTEM.ADMIN.QMGR.EVENT queue.
Right click on the queue and select "Format Event Messages."
You should find some auths errors.
If the problem is authorization failures MS0P will tell you exactly which ID MQ thinks was used, the API call that failed and the object it failed on.
Related
I'm running a Queue Manager on docker using the latest ibmcom/mq image, but I have an access denied when I try to connect to it from my windows using MQ Explorer.
I've disabled CHLAUTH in MQSC (runmqsc) using the command:
ALTER QMGR CHLAUTH(DISABLED)
I've disabled CONNAUTH using the commands:
ALTER QMGR CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
I've removed the default CHLAUTH rules of the image
SET CHLAUTH(SYSTEM.ADMIN.SVRCONN) TYPE(ADDRESSMAP) ADDRESS(*) ACTION(REMOVE)
SET CHLAUTH(SYSTEM.*) TYPE(ADDRESSMAP) ADDRESS(*) ACTION(REMOVE)
SET CHLAUTH(*) TYPE(BLOCKUSER) USERLIST(*MQADMIN) ACTION(REMOVE)
I've set a Listener and a channel, and added a queue to them
DEFINE LISTENER(LISTENER.TCP) TRPTYPE(TCP) PORT(30002) CONTROL(QMGR) REPLACE
START LISTENER(LISTENER.TCP)
DEFINE CHANNEL(SYSTEM.DEF.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP) REPLACE
DEFINE QLOCAL('MyQueue') REPLACE
When I try to connect to the Channel SYSTEM.DEF.SVRCONN from windows using MQ Explorer, I'm getting the error (AMQ4036). The error in /var/mqm/qmgrs/MyQueueManager/errors/AMQERR01.LOG into the docker container is:
----- cmqxrsrv.c : 2552 -------------------------------------------------------
02/06/20 10:18:13 - Process(1658.19) User(mqm) Program(amqrmppa)
Host(5652aa2322eb) Installation(Installation1)
VRMF(9.1.4.0) QMgr(MyQueueManager)
Time(2020-02-06T10:18:13.718Z)
ArithInsert1(2) ArithInsert2(2035)
CommentInsert1(myWindowsId)
AMQ9557E: Queue Manager User ID initialization failed for 'myWindowsId'.
EXPLANATION:
The call to initialize the User ID 'myWindowsId' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. If a
userID flow was used, the User ID in the UID header was '' and any CHLAUTH
rules applied prior to user adoption were evaluated case-sensitively against
this value.
ACTION:
Correct the error and try again.
I want to used the queue manager for local development. Do you have any idea on how to disable the security for my windows user id to be able to connect with MQ Explorer and Application Server Weblogic ?
I am wondering why you need to disable security. If you have explorer running then the next step will be to add your queue manager in explorer. From the tutorial -
https://developer.ibm.com/tutorials/mq-macos-dev/
(I know it's for Mac, but the principal is the same for windows).
This will be:
Right click on ‘Queue managers’ in the MQ Explorer Navigator box, then ‘Add remote queue manager’. A pop up appears.
Add your queue manager name – if Docker – QM1, then click Next.
Add Host name or IP Address – if Docker – localhost.
Add Server connection channel – if Docker – DEV.ADMIN.SVRCONN, then click ‘Next’ twice
Tick ‘Enable user identification’, if Docker – default is admin. Leave ‘Prompt for password’ selected.
Click Finish, then add password for user – if Docker – passw0rd. Your queue manager should appear.
If you truly want to disable security and don't care anything about access to this queue manager, just do the following (in addition to all the turning off of security settings you have already done).
ALTER CHANNEL(SYSTEM.DEF.SVRCONN) CHLTYPE(SVRCONN) MCAUSER('user-id-in-mqm-group-on-docker')
The problem is that your 'myWindowsId' is not defined to the OS in your docker container. The above command asserts the user id specified in the MCAUSER field, and will ignore the user id flowed by the channel from your Windows box.
I would however, encourage you to try the earlier answer, and learn how to do enough in security to let yourself in rather than turning it all off.
I encountered a really wired problem. I have successfully install Websphere MQ on my windows machine and want to create QManager and Queue to connect to a remote Qmanager server. I have already created a QManager as you can see in the picture below. However, when I tried to create a queue for this QManager, I could not find any expand button as the IBM tutorial mentioned.
I have already tried to create a queue with MQSC but when I run runmqsc in the command prompt with administrator user, it shows AMQ8135: Not Authorized error!
Check your error logs (AMQERR01.LOG) for an explanation of why AMQ8135 was returned to the client - for security reasons clients aren't given more information and so you have to go to the logs to get the detail.
I suspect the user you're running MQ Explorer and runmqsc as isn't in the 'mqm' group, or is otherwise not authorised to connect to the queue manager.
Run your IBM MQ Explorer as administrator and it will solve most of the issues.
Is there some add'l setup I need to do in order to access this queue or any other Queue under the System Queues folder?
This is on Windows 7 Pro, as Admin, with MSMQ installed.
It says the "The list of messages can't be retrieved. Error: Computer specified cannot be found"
I'm logged in as a local Admin and I can get to other private queues just fine.
I'd plan to use it to see the failure messages from other queues.
I think the core of that error is that it is looking up the computer name in active directory (I would assume that you are not hooked up to a domain with MSMQ AD Integration configured).... I get that error even on a Windows Server Dev box connected to an AD domain because the integration is not set up (I don't need it).
It is one reason I ended up developing this tool...
http://viridissoftware.com.au/Products/MSMQInspector/
Email me and I will drop you a license if you want...
PK :-)
I have some stopped QMGRs. When I try to start them or delete them from MQ Explorer, I encounter this error:
AMQ7077: You are not authorized to perform the requested operation.
exitvalue=119
How can I change or remove the restrictions on this object?
You can start or delete a queue manager via the MQ Explorer too, so long as the queue manager and MQ Explorer are running on the same machine/installation. You must ensure that the MQ Explorer is running under an mqm user ID, just as you needed to do run the strmqm or dltmqm commands.
I figured it out that I can do this by command STRMQM 'qmName' or DLTMQM 'qmName' as an alternative to using MQ Explorer.
I am using the WebSphere 7.1. I am following the below steps :
Creating the queue manager using WebSphere MQ Explorer
Procedure:
Start WebSphere MQ Explorer.
In the Navigator view, right-click the Queue Managers folder, then
click New > Queue Manager.The Create Queue Manager wizard opens.
In the Queue Manager name field, type QM_APPLE.
Click Next twice.
Ensure that Automatic is selected from the Select type of queue
manager startup option.
Click Next.
Ensure that the Create listener configured for TCP/IP check box is
selected.
If the Finish button is not available, type another port number in
the Listen on port number field. If the current value is 1414, try
using a different port number, for example: 1415 or 1416. If the
default port number of 1414 is not used at this stage, make a note of
the port number used because you will need it in later stages of this
tutorial when QM_APPLE serves as a receiving queue manager.
Click Finish.
The Problem is, I am stuck in the Step 2. When i right Click I cannot find "NEW" option to create the Queue. Can anyone tell me Why I am not getting it?
Do you have a Websphere MQ Server properly installed locally?
I saw such behavior when only Websphere MQ Explorer is installed.
In this case the only point on step 2 is to add a remote Queue Manager.
START The MQ Explorer in Administrator mode.
Got the Bin folder of MQ Installation and right click on the mqexpolrer image and select as "Run as administrator"
Right click > My computer
Select and open > manage
Expand > local users and groups
Select USerS
Right side you user MUSR_MQADMIN and Properties.
Uncheck the TickBox > Account is Disabled.
Click apply and ok.
Now restart your MQ .
Try to open MQ explorer with the user which we installed MQ. For example it should be mqm and group mqm. Else add your user into mqm group. Then reopen MQ and check.
You should have local admin rights to find New option at Queue managers.
To do this get local admin rights and follow the steps below:
Right click my computer
Select and open manage
Expand local users and groups
Select groups at left side
Right side you can see all the groups.
Double click on mqm group and add your user id.
Click apply and ok.
Now restart your MQ. You can see the new option after restarting the
MQ.