Author |
Message
|
Stalin |
Posted: Thu Oct 22, 2009 12:39 am Post subject: AMQ9496: Channel ended by a remote exit |
|
|
Novice
Joined: 21 Oct 2009 Posts: 19
|
Hi Friends,
We are using windows .NET mq client to access the MQ server installed in the sun micro system (Supplier)
I am gettting the 2059 error.
Error Log in My system,
----- amqrfpta.c : 340 --------------------------------------------------------
10/22/2009 13:01:34 - Process(2936.1) User(SYSTEM) Program(aspnet_wp.exe)
AMQ9496: Channel ended by a remote exit.
EXPLANATION:
Channel program 'SYSTEM.DEF.SVRCONN' was ended because the channel exit at the
remote end requested it.
ACTION:
Examine the error logs at the remote end of the channel to see the reason why
the remote exit ended the channel.
----- amqrfpta.c : 340 --------------------------------------------------------
I can able to Ping and telnet the MQ server system.
My .NET client code,
Dim MQQueue As MQQueue
Dim queueManagerName As String = "QM_devap1"
Dim properties As Hashtable = New Hashtable
properties.Add(MQC.HOST_NAME_PROPERTY, "IPAddress of the supplier system")
properties.Add(MQC.CHANNEL_PROPERTY, "SYSTEM.DEF.SVRCONN")
properties.Add(MQC.USER_ID_PROPERTY, "user name given by supplier")
properties.Add(MQC.PASSWORD_PROPERTY, "password given by supplier")
properties.Add(MQC.PORT_PROPERTY, 1424)
'properties.Add(MQC.TRANSPORT_PROPERTY, "TCP")
Dim queueManager As MQQueueManager
' Attempt the connection
queueManager = New MQQueueManager(queueManagerName, properties)
FYI,
I am specifying Queue Manager name, IP addr, Port number as got from the supplier.
Please help to figure out where i am mistaking..
Advance Thanks.
Stalin |
|
Back to top |
|
 |
Mr Butcher |
Posted: Thu Oct 22, 2009 2:44 am Post subject: |
|
|
 Padawan
Joined: 23 May 2005 Posts: 1716
|
contact your "supplier", as his SYSTEM.DEF.SVRCONN has a security exit defined that blocks your access. depending on how this exit works, your userid, ip address or whatever must be granted for access in the exit configuration. _________________ Regards, Butcher |
|
Back to top |
|
 |
Stalin |
Posted: Thu Oct 22, 2009 4:56 am Post subject: |
|
|
Novice
Joined: 21 Oct 2009 Posts: 19
|
Dear Mr.Butcher,
Thanks for your quick suggestion.
I am supplying the user id and password given by the supplier at runtime in .NET.
Do you mean my system's IP address and user id should exist in supplier system?
Is this anything wrong with that.
In supplier system's error Log,
Connection Refused!
When we contact them, they are telling you are not supplying correct user id and password.
How to pass the user id and password at runtime? Is my code snippet is correct?
Thanks for all your time.
Advance Thanks & Regards,
Stalin |
|
Back to top |
|
 |
Mr Butcher |
Posted: Thu Oct 22, 2009 5:02 am Post subject: |
|
|
 Padawan
Joined: 23 May 2005 Posts: 1716
|
well, i am not familiar with .net, so i can not verify your code.
are you sure, SYSTEM.DEF.SVRCONN is the correct channel name? did your "supplier" told you to exactly use that channel name? i am wondering, because this is the IBM supplied default that is used as a model to create other SVRCONN channels. It should not be used for application stuff, and in some shops that handle their security well access via this channel is disabled. _________________ Regards, Butcher |
|
Back to top |
|
 |
Stalin |
Posted: Thu Oct 22, 2009 5:24 am Post subject: |
|
|
Novice
Joined: 21 Oct 2009 Posts: 19
|
Dear Mr.Butcher,
Yes. Our supplier has given the SYSTEM.DEF.SVRCONN as channel name.
In my test scenario, I could put message to Microsoft 2003 MQ server from Microsoft windows client without supplying any user credentials.
But i need to put message from Windows client to MQ server is in Sun Microsystem.
As per your suggestion, it seems to be some security exit in our system.
How can i implement the security exit in my Microsoft 2003 MQ server? so that i can implement the same in my test scenario and confirm.
Thanks & Regards,
Stalin |
|
Back to top |
|
 |
mqjeff |
Posted: Thu Oct 22, 2009 5:50 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
You need to ask the supplier running the solaris qmgr why the connection failed.
You may or may not need to pass the user and password. You may or may not need an exit. You may or may not need to use SSL. |
|
Back to top |
|
 |
Mr Butcher |
Posted: Thu Oct 22, 2009 5:54 am Post subject: |
|
|
 Padawan
Joined: 23 May 2005 Posts: 1716
|
to join mqjeff's refrain: you may or may not check if userid and password are case sensitive and you typed them well. _________________ Regards, Butcher |
|
Back to top |
|
 |
Stalin |
Posted: Thu Oct 22, 2009 6:02 am Post subject: |
|
|
Novice
Joined: 21 Oct 2009 Posts: 19
|
We have already discussed with the supplier, they are telling other peoples are able to put message on this queue.
They are asking to review the methodoly of accessing the MQ server by means of supplying the user id and password.
If they have the security exit, how do i pass the user id, password in .NET at runtime.
Thanks & Regards,
Stalin |
|
Back to top |
|
 |
Stalin |
Posted: Thu Oct 22, 2009 6:09 am Post subject: |
|
|
Novice
Joined: 21 Oct 2009 Posts: 19
|
Yes Mr.Butcher, I have checked the user id and password case sensitive. It seems to be correct.
From Supplier point of view, their side seems to be ok.
Is there anything i am missing from my side to overcome the security exit issue.
Would you all please let me know about,
MQEnvironment.SecurityExit, MQEnvironment.SendExit, MQEnvironment.ReceiveExit.
Is there anything i need to set with the above properties in .NET
Thanks for all your time.
Thanks & Regards,
Stalin |
|
Back to top |
|
 |
Vitor |
Posted: Thu Oct 22, 2009 6:18 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
Stalin wrote: |
If they have the security exit, how do i pass the user id, password in .NET at runtime. |
It's not the security exit, it's a security exit. There are a number of generally possibilities, assuming they have not written their own. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
Stalin |
Posted: Thu Oct 22, 2009 6:36 am Post subject: |
|
|
Novice
Joined: 21 Oct 2009 Posts: 19
|
Below is the information i got from our supplier,
• connectionFactoryLocation:
o com.ibm.mq.jms.MQQueueConnectionFactory
o factoryProperties:
QueueManager=QueueManagerName;TransportType=1;HostName=IPAddress;Port=1424;Channel=SYSTEM.DEF.SVRCONN
username: UserName
password: Password
But i am not sure, they implemented the security exit concept.
Thanks for pushing me on this. I will ask them about the security exit.
However they given me the user name and password all the things. So where i am wrong?
Please let me know the samples link like passing the user id and password in .NET.
I have read the Using .NET Manual, but there is no samples like passing the user id, password, security exit from .NET client
Do i need to use any client channel definition table eventhough i am specifying the all the properties at runtime in my .NET coding.
Thanks & Regards,
Stalin |
|
Back to top |
|
 |
Mr Butcher |
Posted: Thu Oct 22, 2009 6:41 am Post subject: |
|
|
 Padawan
Joined: 23 May 2005 Posts: 1716
|
from what i found in google (samples and other stuff that use MQC.PASSWORD_PROPERTY) your code seems to look good.
IMHO it is the exit that blocks you, because user or password or both is wrong, either specified wrong in your code, or wrong configured in the exit. or you do not pass them the expected way. _________________ Regards, Butcher |
|
Back to top |
|
 |
Stalin |
Posted: Thu Oct 22, 2009 7:03 am Post subject: |
|
|
Novice
Joined: 21 Oct 2009 Posts: 19
|
Since supplier system is in different domain, would i need to pass like domain name along with the user id and password.
Would you all please let me know where exactly the user id and password gets validated in supplier side? in security exit or the operating system level.
Thanks & Regards,
Stalin |
|
Back to top |
|
 |
gbaddeley |
Posted: Thu Oct 22, 2009 2:34 pm Post subject: |
|
|
 Jedi Knight
Joined: 25 Mar 2003 Posts: 2538 Location: Melbourne, Australia
|
Stalin wrote: |
Since supplier system is in different domain, would i need to pass like domain name along with the user id and password.
Would you all please let me know where exactly the user id and password gets validated in supplier side? in security exit or the operating system level.
Thanks & Regards,
Stalin |
I would say the onus is on the supplier to tell you exactly why their security exit denied your connection to the channel. Hopefully they have some form of logging on the exit operation so they can diagnose the failure. You could be wasting your time pussy footing around with various userids, passwords and client settings, when the real reason could be something different. _________________ Glenn |
|
Back to top |
|
 |
PeterPotkay |
Posted: Thu Oct 22, 2009 2:42 pm Post subject: |
|
|
 Poobah
Joined: 15 May 2001 Posts: 7722
|
They could have their Security Exit configured to require you to supply a User ID of ABC and a password of 123, or something else random, or to use your real ID/password (and then they need to do something to make it work) or etc, etc, etc. _________________ Peter Potkay
Keep Calm and MQ On |
|
Back to top |
|
 |
|