| Author |
Message
|
| SAFraser |
 Posted: Wed Mar 16, 2011 10:35 am Post subject: SOLVED: SVRCONN Channel, TCP Port-- Not Released |
 |
|
Shaman
Joined: 22 Oct 2003
Posts: 742
Location: Austin, Texas, USA
|
This doesn't make sense to me. What am I missing? We encountered this while helping a developer test his exception handling.
We purposely cause the conn call to be rejected by the channel security exit (BlockIP2). We have tried this test by "unauthorizing" the user and "unauthorizing" the IP address. We have tried it from a client on Windows (MQ Client v7.0.1.1) and a client on Solaris 10 (MQ Client v7.0.1.1). Our MQ Server is v7.0.1.3 on Solaris 10. In each iteration, the result is the same.
Application attempts to connect to MQ.
Connection is rejected per channel exit configuration.
The applications hangs.
Channel exit log shows, as expected:
| Quote: |
| 2011-03-16 11:00:28 Connection refused, XXX.SVRCONN.CHL , Unauthorized USER:yo-ho from 10.xxx.xxx.xxx. |
Queue manager log shows, as expected:
| Quote: |
03/16/11 11:00:28 - Process(21151.6871) User(mqm) Program(amqrmppa) Host(xxx)
AMQ9536: Channel ended by an exit.
EXPLANATION:
Channel program 'XXX.SVRCONN.CHL' was ended by exit '/var/mqm/exits64/BlockIP2(BlockExit)'.
ACTION:
None |
Channel status inquiry shows, NOT as expected:
| Quote: |
AMQ8417: Display Channel Status details.
CHANNEL(XXX.SVRCONN.CHL) CHLTYPE(SVRCONN)
CONNAME(10.xxx.xxx.xxx) CURRENT
STATUS(RUNNING) SUBSTATE(RECEIVE) |
Netstat shows, NOT as expected:
| Quote: |
| 10.xxx.xxx.xxx.1414 10.xxx.xxx.xxx.53821 33580 0 49640 0 ESTABLISHED |
So long as the application remains "hung", the channel remains running and the TCP port remains open. When the app is killed, the channel and port are released.
"Oh," you say, "the developer is not handling the exception he gets from MQ." Let's say that's true.... His application would be hung; but the MQ server has reported 'channel ended by an exit'. Shouldn't the channel be gone?
But wait, there's more. The code does have a catch for MQ return codes. We have tested, for example, a full queue; the application catches the RC2053 and executes its exception handling code. For this, though, the developer can't see that his app ever got a return code from the MQ server; I expect we are sending an RC2009 but he can't see any evidence of it.
The developer is putting some additional tracing in his code (which he is quite willing to fix once he figures out what's going wrong).
In the meantime, my question is: Once the exit ends the channel, shouldn't the channel and the TCP port be released?
Last edited by SAFraser on Mon Apr 04, 2011 9:59 am; edited 1 time in total |
|
| Back to top |
|
 |
| mvic |
| Posted: Wed Mar 16, 2011 3:29 pm Post subject: Re: SVRCONN Channel, TCP Port-- Not Released |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| SAFraser wrote: |
| In the meantime, my question is: Once the exit ends the channel, shouldn't the channel and the TCP port be released? |
That seems a very reasonable expectation, to me.
Are you considering opening a PMR for this? |
|
| Back to top |
|
|
| SAFraser |
| Posted: Thu Mar 17, 2011 6:52 am Post subject: |
|
|
Shaman
Joined: 22 Oct 2003
Posts: 742
Location: Austin, Texas, USA
|
| Indeed we are. We are now testing with some other MQ client versions. Then we will open a PMR. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Mar 17, 2011 4:10 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
| SAFraser wrote: |
Connection is rejected per channel exit configuration.
The applications hangs. |
This is one of the problems with using an unsupported product; you do not have anyone working on your half to get the issue resolved.
I discovered this issue several months ago and got IBM to deliver a fix. I would have to look it up, but I think the fix was to be included in either v7.0.1.3 or v7.0.1.4.
WMQ v7 is very buggy when it comes to security. I think I have 5 or 6 fixes for WMQ v7. 
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| mvic |
| Posted: Thu Mar 17, 2011 4:18 pm Post subject: Re: SVRCONN Channel, TCP Port-- Not Released |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| SAFraser wrote: |
| (MQ Client v7.0.1.1) |
I missed these mentions of 7.0.1.1 earlier - don't know how - but you could well save yourself time by going to 7.0.1.4. I am not saying I know your issue is solved, but it is still worth getting away from code as "old" as 7.0.1.1.
This is the page to review for the details of what has been fixed: http://www.ibm.com/support/docview.wss?rs=171&uid=swg27014224 |
|
| Back to top |
|
|
| SAFraser |
| Posted: Thu Mar 17, 2011 5:21 pm Post subject: |
|
|
Shaman
Joined: 22 Oct 2003
Posts: 742
Location: Austin, Texas, USA
|
After another day of testing, we too feel it is an issue related to 7.0.1.1.
When the developer allows the default of "set provider to version 7" as he creates the Connection Factory, we experience the problem as detailed in my original post.
When he changes the provider to "set provider to version 6", no more problem.
We've opened a PMR.
It sounds so simple, "apply 7.0.1.4". But it took 14 months for us to get an client upgrade from MA88 to 7.0.1.1 approved and installed. Frankly, I think both server and client .1 and .2 were dreadfully buggy. We upgraded server to 7.0.1.3 as soon as the fixpack went GA.
One thing I could do.... we could let this project include the .4 jars in their application, and reference those instead of the jars at /opt/mqm/java/lib. I know it's the wrong thing to do. Or, if IBM confirms that 7.0.1.4 is the fix, maybe an upgrade can be accelerated.
I'll update the forum when I get more information. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Thu Mar 17, 2011 7:22 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| SAFraser wrote: |
| Frankly, I think both server and client .1 and .2 were dreadfully buggy. We upgraded server to 7.0.1.3 as soon as the fixpack went GA. |
You can't get any MQ 7 version earlier than 7.0.1.3 from Passport Advantage. Use that in your argument to them on what you think of 7.0.1.1 and 7.0.1.2.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Mar 17, 2011 8:30 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Also read up on all the fixes included in 7.0.1.4 and 7.0.1.5 especially for the JMS and SHARECNV areas and you'll know why you'd want to be at least at 7.0.1.4 if you are using JMS... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Mar 17, 2011 9:41 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
What is the APAR number for this problem?
I suppose SHARECNV could be disabled to avoid some of these bugs. |
|
| Back to top |
|
|
| SAFraser |
| Posted: Mon Apr 04, 2011 10:04 am Post subject: |
|
|
Shaman
Joined: 22 Oct 2003
Posts: 742
Location: Austin, Texas, USA
|
zpat was on the right path. APAR IZ75511. fjb_saper, your comment has been very helpful in our discussions with management.
This is a bug that is fixed in MQ Client 7.0.1.4. Earlier versions did not understand the close request that resulted from a connection refused by a security exit.
zpat is also correct that disabling shared conversations is a workaround.
And, joyous news, we have got an upgrade campaign to v7.0.1.4 approved by management! |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Mon Apr 04, 2011 1:06 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| SAFraser wrote: |
| This is a bug that is fixed in MQ Client 7.0.1.4. Earlier versions did not understand the close request that resulted from a connection refused by a security exit. |
That's not entirely correct. I opened the PMR for APAR IZ75511 last April because a customer and I discovered the issue on v7.0.1.0. It did not occur on earlier v7 releases. i.e. v7.0.0.*
The issue (and APAR IZ75511) are for v7.0.1.0, v7.0.1.1, v7.0.1.2 and v7.0.1.3.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
