I'm a beginner on WebSphere MQ, I was working on MQ 6 and it was working fine, but now I've installed MQ 7.1 and when I try to create a new Queue Manager I can do it But it can't connect and it gives me the following error :
Do you have any idea about that? Thank you :)
You can look up any WebSphere MQ error code if either the WebSphere MQ Client or Server are installed using the mqrc command. In this case:
C:\Users\MUSR_MQADMIN>mqrc 2059
2059 0x0000080b MQRC_Q_MGR_NOT_AVAILABLE
The 2059 usually indicates that the listener is not running or the queue manager is down. There's a different error code if the listener is running and the QMgr name is wrong and another one if the connection is made to the right QMgr but the channel name is wrong. Sometimes you can get a 2059 if the channel was closed at the server side by an exit but since you didn't mention any exits, I'm assuming in this case that its listener problem.
Hopefully by now you are defining a listener object rather than using inetd or the runmqlsr command. Defining an object and setting it to start and stop under QMgr control is the most reliable way to configure it.
Once you get past the 2059, you should be aware that as of WMQ V7.1, the queue managers are secure by default and won't accept any remote client connections unless you explicitly authorize them. This is the opposite of the behavior of V6 where on a newly defined queue manager running a listener, anyone with a TCP route to it could administer it and remotely execute OS code as the mqm user. So I expect that the next problem you run into will be 2035 errors.
I've been told this means more work for the WMQ administrator. The only case in which that's true is if the V6 or earlier queue manager had been configured without security. If the tasks to secure a V7.0 QMgr are compared to the tasks to provision access on a v7.1 and higher QMgr are compared, provisioning access turnds out to be easier. However if you liked the V7.0 behavior, you can always alter the QMgr to disable CHLAUTH rules. Needless to say, leaving security enabled is highly encouraged.
To debug security errors, alter the QMgr to enable authorization events using the runmqsc command ALTER QMGR AUTHOREV(ENABLED). Next, download and install SupportPac MS0P into WebSphere MQ Explorer. Then when you do get a security error, use WebSphere MQ Explorer to look at the queue. Right-click on the queue and select the option to parse the event messages. This will tell you in excruciating detail all the information you need to debug the authorization error.
Finally, if you wish to read up on the new security features, go to t-rob.net/links and look at the conference presentations there. There are also some articles indexed if you scroll down.
In the screen-shot, I see hostname "127.0.0.1" and port # 1414. If it is a local queue manager then connect directly to it.
Also, each queue manager MUST use a unique port number. If you had it working with WMQ v6 queue manager, is this the same queue manager? If not, then make sure each queue manager uses a different port number (i.e. 1415, 1416, etc...)
I got same problem. but i resolved this by :
1. created a listener manually (define lstr(lstr1) port(xxxx) control(qmgr)
2. setmqaut mcauser('mqm').
Related
I have a local MQ which my IIB connects to in client mode (i.e. not as a trusted application). I've set check client connection security on in the QM and now the IIB can't connect because it doesn't send a password and it's sending the wrong username (by default it uses the user that the process starts with). I've seen lots of documentation around setting dbparms mq::*. I could be wrong that but that only seems to affect the MQ Input and Output nodes ? Not the actual broker and it's config manager connections to MQ?
However, I've tried setting those values so that all client connection to my QMGR get a user/passwd but it still comes across as failing and I can see in the MQ logs that it's trying to connect using the userid that the IIB process was started with (and presumably without a password).
So, how do I get IIB to ALWAYS send a user/passwd to MQ when connecting the node/config mgr to the QM using client connections??
Clarification:
I have set mq::MQ -u -p and still the node attempts to connect to the QMGR using the ID that the MQSI process is started with and not the -u param. I have no execution groups and (of course) no flows in my broker so this can only be a core IIB component that's attempting the connection.
According to the IBM Integration Bus v10.0.0.10 Knowledge Center page "Connecting to a secured WebSphere MQ queue manager" you can set this in three ways:
On each MQ Node by specifying a Security identity property.
For all MQ connections to a named queue manager
For all MQ connections.
The order of which ID will be used is the same as above, so if you have a ID setup for all queue managers, you can override it for a specific queue manager or a specific MQ Node.
If you have a queue manager you are already connecting to called for example IIBQM, you could specify the following command so that all connections to that queue manager would use the specified username and password.
mqsisetdbparms integrationNodeName -n mq::QMGR::IIBQM -u username -p password
The KC page tells how to set it all three ways. If you have any specific questions please update your question by clicking edit and add more details and I can update my answer.
Hurrah - I've worked this out !
Although, I had not enabled chcklocal or chckclnt MQ, the fact that I had a idpwldap authinfo set meant that MQ was going to LDAP to find out who the user was that I was logging in with (presumably so that it could check what group permissions it had). So, I had to put my local user into LDAP and set its group.
This got my broker working (with no execution groups or flows). Once I deployed my simple mqinput and MQ output node flow it failed due to authorisations using the same ID. I could then see that it was binding locally and not as a client (which i had first considered). Phew - all done. So, to review: the answer was to put the user id that the mqsi bip/bipbroker process runs under into LDAP. Then give various MQ permissions so that the broker NODE and it's MQ flow NODES could connect to MQ correctly and put/get etc.
thanks for your help - and maybe this will help someone else in the future when someone puts on MQ security and they have a local QM with IIB.
When I go to my WebSphere MQ explorer, and connect to a remote queue manager and go to --> Advanced --> Listeners, I do not see any listeners defined. But I am able to create a remote JMS client, connect to this queue manager by using a channel connection and publish a message to a topic.
So what is the purpose of listeners? In my case, things are working fine without listeners.
WebSphere MQ listeners are what accepts remote connections and start inbound channels. Modern queue managers will almost always have listeners defined but it is also possible to specify a default port for the QMgr to listen on without actually defining a listener. This is unusual, though. For older versions of MQ it was common to use inetd to start channels. This method doesn't use a listener.
So rest assured that something on your QMgr is listening for connections. Since you are not seeing it there are three likely possibilities:
The listener name starts with SYSTEM. and your Explorer view is set to filter SYSTEM objects.
The default port has been specified in the qm.ini file
You have a really old QMgr using inetd
By the way, go get a new version of WMQ Explorer. Since you have an Advanced --> Listeners you must have an old version. Download from SupportPac MS0T.
How do I ping an IBM WebSphere MQ queue manager? Is there a way through cmd.exe? Is there a way to use WebSphere to do it?
I have tried
runmqsc QMGR "qManager"
Thanks!
Depends on what exactly you mean by 'ping'. Do you want to check for running WMQ processes? For local connectivity to the QMgr? Remote connectivity? Whether a specific channel or queue is available?
Locally you can use dspmq and it will show you all the locally defined QMgrs and their status. Remotely, you can ping the listener but if you do not complete the connection, it causes WMQ to log an error and cut a trace. Remotely, it is better to use the WMQ client to make a connection. If the connection succeeds then the QMgr is up. If you get an error, then the error code (or linked exception in JMS) will tell you how far into the WMQ stack the connection request got - i.e. whether the listener was down, or if it was up and there was a problem at the QMgr, or if you don't have authority, etc.
There are sample programs that come with MQ such as amqsget and amsqput, and their client-based equivalents amqsgetc or amqsputc, which connect and get or put a message. These can be used in scripts to check MQ status. Also, there is a tutorial here that provides a stand-alone JMS program that can connect which you could customize as a ping application.
The format for the command you tried is:
echo dis qmgr qmname | runmqsc QMGRNAME
This echoes a command to display the QMgr's attributes into runmqsc and executes it. The manual containing all the runmqsc commands for v7.0 is here. The v7.1 manual is here.
Finally, although I don't think this is what you are looking for, WMQ has a ping command. It is used on one queue manager to test the channel connectivity to another queue manager. The WMQ ping exercises the channel path and validates things such as the remote listener is up, the remote queue manager has a compatible channel instance defined, etc. However, this is more useful to an MQ administrator than to a developer wanting to know if the queue manager is up. For that you'd want some version of one of the suggestions above.
I am new to Websphere, and at this client site, we are running an older version of Websphere in an older version of RAD. I used a python script to define a queue factory and some queues, using a script provided by another individual at the site. However, there was not mention of a queue manager in the script. It appears that the queues are created, I can see that they are defined in the Admin Console. Same is true for the queue factory. The admin console does not seem to expose the name of a queue manager, however.
I have been googling for a few days trying several different angles, but always come back to no answer. There seems to be tool called MQ Explorer, but that comes with Websphere MQ, which is not installed. No one here seems to have tried anything like this before, of if they have, may not have attempted what it is I am trying to achieve.
Ideally, what I would like to do would be to connect to the queue with a third party tool called MQ Visual Edit, for example.
There are about 3 or 4 questions here. Let's see if I can address all of them.
First, creating administered objects is completely separate from defining queues in the queue manager. Typically, the WebSphere MQ admin defines the queues and topics, then provides the host, port, channel, QMgr and queue/topic names to the WAS admin who then generates the matching connection factory and queue or topic objects. Defining the WAS objects does not create the corresponding WMQ objects, nor does it even imply that they exist. From your description, it sounds as though they may not have been defined on the QMgr.
In fact, it is not even obvious from your description that you are using MQ as your transport. If WAS is configured to use it's own JMS implementation (System Integration Bus or SIBus for short) then the connection factories and other objects may point to SIBus instead of WMQ. If you created a QCF for WMQ then someone should have already provided the details you are requesting - QMgr name, host, port and channel name.
WMQ Explorer is available as a free, stand-alone download called SupportPac MS0T. In order to use it, or any of the other 3rd party desktop tools such as MQ Visual Edit or SupportPac MO72 you will need to know the QMgr name as well as host, port and channel name. In addition, if the WMQ admin has enabled any security, you will need to be authorized to connect and, at a minimum, inquire on WMQ objects. The WMQ admin will provide these details to you. Assuming you have the QMgr details and are sufficiently authorized, just download and install SupportPac MS0T and point it at WMQ. Instructions on all things WMQ (including WMQ Explorer) are at the Infocenter pages. Since the stand-alone WMQ Explorer is V7 you will want the V7 Infocenter for any Explorer help. If the QMgr is at V6 then you may need to refer to the V6 Infocenter as well.
That answers the questions in the body of your post. The answer to the question in the title - how do I find out the QMgr name - is "ask the WMQ administrator." You should be given the name when you get the host, port and channel. That said, you often do not need it. A WMQ client will connect to any QMgr if provided the host, port and channel. This is what allows your client app to fail over to a different QMgr. Things like WMQ Explorer are the exception because they should not fail over. If you have a primary and backup QMgr, you typically want WMQ Explorer to see them both at the same time (so for example that you can configure them identically) and if one QMgr is down you want Explorer to report it as such. Therefore Explorer requires a QMgr name but most apps do not.
I am a novice with Websphere MQ and require some novice help.
I am using Websphere MQ Explorer to connect to a queue but do not know how to write the connection string. I have all the details (host, port, channel, queue manager name) but do not know how to put them together correctly as a connection string.
Can any help this novice?
Thanks
Here is one way to get you started (assuming your queue manager under default configuration):
Queue Managers->Context Menu->Add Remote Queue Manager
Fill in Queue manager name:
Select Connect directly
Next
Fill in:
Host name or IP Address:
Port number:
Server-connection channel:
Next
Next
If you have a user configured usually mqm user, you will need to tick the "Enable user identification" here and fill in the user/pass here.
Next, Next, Finish.
As you see, you might need to fill in other information such as SSL if you configured it at the target queue manager.
Then you should be able to see the queue manager in the tree. Click on the Queues icon to find the queue you care about.
Hopefully you are using the latest WebSphere MQ Explorer which is now a stand-alone download. You can find it at SupportPac MS0T which is available from the main SupportPac page. There are significant advantages to using that version, including Explorer Plug-Ins for WMQ FTE, WebSphere Message Broker, the MS0P plug-in which parses event messages, and more.
The screen shot below shows the connection dialog in the latest WMQ Explorer. It has separate fields for hostname (or IP address). port and channel. Just plug in the appropriate values and you are good to go!