Can't connect to JMS using restricted user via GEMS - jms

I have user (not administrator) access to some external JMS.
I'm failing to view queue while trying to use GEMS.
My guess this is because GEMS is admin console for JMS but user I have don't have any administrator permissions.
I've made a try to create user without admin permissions on my local Tibco and I fail to connect to JMS using very user in GEMS.
How could I view any JMS with resricted user? Is GEMS able to do that? If not what tools could be used?
Thanks.

There is Hermes tool suitable for this.
It was relly hard to get Hermes working with Tibco EMS. Here is good tutorial how to configure Hermes.
HermesJMS provides a GUI to access JMS queues and topics for common tasks such as sending messages, removing messages and copying messages between queues and topics. It’s one of some “must have” tools for EMS admins and application support team.
Get the latest installer from SourceForge: http://sourceforge.net/projects/hermesjms/files/ then run it:
java -jar hermes-installer.jar
Installation is very simple, just few screens: release notes, license agreement, installation path, components (here is only one actually), summary, files copying, shortcuts creation and installation finish.
To start HermesJMS run hermes.bat in your \HermesJMS\bin. If you got error message “cannot find \bin\javaw”, make sure that you have JAVA_HOME system variable defined to your jre folder.
When Hermes started successfully, click on “Create new JMS session” button, preferences window will appear, select providers tab and right-clik on free space. Then press “Add Group” and enter group name. Right-click on “Library” and press “Add JAR(s)”. Look in \ems\5.1\lib folder and select all .jar files there. Click “Open”, then let Hermes to scan jars for factories: press “Scan” button. Then press “Apply”. All libraries will be in the list like on my screenshot.
Go to “Sessions” tab and enter name for session: “My EMS” for example, then select “EMS” loader. Next step is select “com.tibco.tibjms. TibjmsConnectionFactory” class and “Tibco EMS” plugin. Order is very important: select loader, then class, then plugin. Right-click on free space in plugin section and press “Add property”. You have to enter all three properties: username, password and serverURL, do the same for Connection Factory, then press “OK” to save and close properties window.
Now we can connect Hermes to our EMS. Let it discover queues and topics, press “Discover queues and topics from the provider” button. Then confirm replacement of the current set of destinations and list will be updated. That’s all.

Related

how to generate websphere thread dump without wsadmin on windows server

I have websphere application server v 7 over windows server and I want to generate thread dumps because i have thread hungs, but when I try to get the java cores with wsadmin appears an error, so I want to generate java core files like linux using kill -3 .
Is there something like this in Windows server ?.
Like ObiWanKenobi mentioned, your best bet would probably be through the deployment manager administrative console. From IBM's support site:
Set the com.ibm.websphere.threadmonitor.dump.java property to true:
Application Servers:
From the administrative console, click Servers > Application Servers > server_name.
Under Server Infrastructure, click Administration > Custom Properties.
Click New and add the following property:
Name: com.ibm.websphere.threadmonitor.dump.java
Value: true
Click Apply.
Click OK and save the configuration changes.
Restart the Application Server for the changes to take effect.
Node Agent:
From the administrative console, click System Administration > Node Agents > nodeagent.
Under Additional Properties, click Administration Services
Under Additional Properties, click Custom Properties
Click New and add the following property:
Name: com.ibm.websphere.threadmonitor.dump.java
Value: true
Click Apply.
Click OK and save the configuration changes.
Restart the Node Agent for the changes to take effect.
In short, there is no good answer.
The closest would be to use something like SendSignal. See the Can I send a ctrl-C (SIGINT) to an application on Windows? question for more information. Unfortunately, SendSignal doesn't work reliably on all versions of Windows (see my Send ctrl-break to java process on 64-bit Windows ala sendsignal on 32-bit question).
If you're willing to write some custom code, you could write a Java program that uses the attach API to load a Java agent that calls the Dump API. (I suspect that IBM Support Assistant has this capability built-in, but it's been too long since I tried to be authoritative on this point.)
You can make the JVM to do a thread dump when there are 'hung' threads messages in the SystemOut.log:
Add com.ibm.websphere.threadmonitor.dump.java=true under JVM's Administration > Custom Properties.

Can not connect to IBM content navigator web administration

When I tried to connect to the navigator web administration, I receive a message "The desktop can not be opened" and It require defining a desktop ID.
http://imgur.com/JNKelPy
How to fix this problem or define a desktop ID?
I can't remember if after an installation default desktop is admin or if you have to set it manually. Is your URL with ?desktop=admin at the end working (https://ecm.filenet.com:9443/navigator/?desktop=admin)? If it does, create a desktop and set it as default. If it doesn't, you should take a look at the WAS log (SystemOut.log) to see what the error is.
After successful deployment of IBM Content Navigator, the admin desktop is automatically created. It is considered the default desktop until another is created with a valid repository. If you have issues, you should put in the full admin console address:
http://www.ICNADDRESS.com:9080/navigator/?desktop=admin
The desktop selection code at the end (?desktop=) can be used to specifically go to any desktop in the configuration, but the code treats the admin console address shown above as "special" for authentication and processes it slightly differently. I've had normal desktop configurations (especially after upgrades from 2.0.1 & 2.0.2) have issues for administrative users.
IBM Content Navigator uses DB tables for it's configuration data. You can find the desktop related info in a table named CONFIGMGMT including admin desktop.
There are server possibilities for the error that you are getting
CONFIGMGMT table has corrupted data regarding admin desktop.
CONFIGMGMT table has been deleted.
The DB table is accessed by Content Navigator via data source created in your application server and the connection to the underlying database is not made due to authentication issues(very common due to password change policies).

Adding Additional Coordination Queue Managers in IBM MQ Explorer

Once one has a coordination queue manager in the "Managed File Transfer" folder of the IBM MQ Explorer (with the FTE add-on of course), how is it that one adds additional Coordination Queue managers? I don't see an "Add Coordiation Qmgr" option from the Managed File Transfer folder ... ?
You have to create a coordination queue manager using fteSetupCoordination command from command line.
fteSetupCoordination.cmd -coordinationQMgr QM_COORD2 -coordinationQMgrHost localhost -coordinationQMgrPort 3099 -coordinationQMgrChannel MQSVRCHN
This command will create a .mqsc file under config directory. That mqsc file must be run against the new coordination queue manager. For example:
runmqsc QM_COORD2 < C:\MQFTE\IBM\WMQFTE\config\QM_COORD2\QM_COORD2.mqsc
Start MQ Explorer, you will see QM_COORD2 as another coordination queue manager under Managed File Transfer node. Note that there can be only one coordination queue manager active at any point. Hence QM_COORD2 queue manager will be shown as inactive. You will need to disconnect the active coordination queue manager and then make the QM_COORD2 active. To make it active, just right click on the QM_COORD2 and click on Connect short menu.
And so following the resolution of a PMR, we find that my implementation of the FTE plugin for MQ explorer at v 7.0.1.2, was such that it precluded the detection of additional coordination queue managers. I deployed the v7.5 version, and EVERYTHING works fine now. Case closed.

WebSphere MQ FTE Agent Directory does not exist?

When I tried to start an FTE agent in the command prompt , it displays the error message as "An internal error has occurred. Unable to complete the command because the agent directory does not exist".
What would be the reason for this? It was working fine until yesterday. And is there any way to start an agent in MQ FTE itself? I use fteStartAgent in command prompt each time to start an agent.
Kindly advise me on this....
There are a few possible reasons for this. It is possible that the default properties were changed and now point to an invalid location. This usually happens when the different components are installed and you select to provide the connection details again rather than to reuse the existing configuration.
Another possibility is that the default properties have been changed to point to a different Coordination QMgr. Sometimes people want to run Prod and Dev agents on the same host and set up connectivity to more than one Coordination QMgr. The result is that the default properties can point to only one at a time and so some agent directories are found while others are not. The trick to making this work is to use the -P option to select the proper Coordination QMgr.

No permission to access a private MSMQ

On an XP machine there is a private messagequeue that was created by a .net service.
When I want to access this private queue in a VB6 application I keep getting an "Access is denied" error.
So it seems this is a security issue, only I don't understand why even when I am logged on as an administrator I still
can't have access to queue that was created on the same machine.
Is there something else I have to take into account.
Sample on how I use the queue in VB6
Public msgQueue As MSMQQueue
Private Sub OpenQueue()
Dim MQ As New MSMQQueueInfo
MQ .PathName = ".\Private$\incommingQueue"
Set msgQueue = MQ.Open(MQ_RECEIVE_ACCESS, MQ_DENY_NONE)
End Sub
This can happen if the .NET Service removed the "Everyone" group from the permissions the private queue. Here are some steps you can take to resolve this:
Stop the MSMQ Service
Open the folder C:\WINDOWS\system32\msmq\storage\lqs
Find the file in this folder that describes your queue -- (incommingQueue)
Using notepad, open the lqs file for some other private queue that has good security permissions. (If you don't have any other private queues create one)
Locate the line in the file that begins Security=....
Copy the whole line to your clipboard (watch out for Word Wrap, this line will be quite long)
Open the lqs file for your problem queue in your text editor
Overwrite the Security=... line in this file with the contents of your clipboard
Save the modified lqs file
Start the MSMQ service
You should find that the problem queue now has the same permissions as the queue whose security settings you copied at step 6 above.
The solution posted here seems a bit of a hack. Perhaps this is necessary for Windows XP. I've encountered something similar using Windows 7 and used a different approach to solve this.
Situation:
Program consists of C# code that creates a private transactional queue
Program is run as a windows service, running on the Local System account.
When the service is run, the private queue is created with the Local System account as the owner.
Even though I am administrator, I can't inspect the messages from the queue.
Solution (this is for Windows 7):
Run compmgmt.msc
Open 'Services and Applications'
Open 'Message Queues'
Open 'Private Queues'
Right-click the newly created queue
Click 'Properties'
Select the 'Security' tab
Click 'Advanced'
Select the 'Owner' tab
Select 'Administrator'
Select 'Permissions' tab
Click 'Add'
Type in the name of you account (e.g. 'Administrator')
Click 'Check names'
Click 'OK'
Click 'OK'
Click 'OK'
Now you can access the messages in the queue and also purge the queue if you would like to.

Resources