|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
 |
|
Message Channel Exit Configuration on Receiver Channel |
« View previous topic :: View next topic » |
Author |
Message
|
TKiranKumar |
Posted: Fri May 14, 2004 7:03 am Post subject: Message Channel Exit Configuration on Receiver Channel |
|
|
Novice
Joined: 14 May 2004 Posts: 15
|
This issue is with Channel Message Exits.
The Basic understanding I have is, if I have a Channel exit program on a Sender Channel that performs encryption, I SHOULD HAVE a Corresponding Channel exit program that performs decryption configured on the receiver channel.
I have written a Channel exit program (Works fine) that performs an ENCRYPTION task,
1)when a message is put on the Remote queue of the local m/c
2)it flows via the Sender channel since the Exit has been configured properly in MQ channel properties. (the exit dll is properly invoked)
The message is visible in the Local queue of the intended host.(WHEN no decryption is being done on the remote m/c)
Now,I need to configure a Corresponding exit on the receiver channel of the HOST m/c that performs the DECRYPTION.
Question one.: The same exit program that handles encryption, has code to handle decryption. Can I configure this program(the same channel exit c dll) in MQ properties in the Receiver Channel of the Host
Question Two (Issue): when I configue the Message Channel exit (same dll as used in the exit program that perform Encryption) in the Channel Properties of the Receiver Channel Host machine, the Sender channel ALWAYS goes in RETRY Mode.
if I remove the Channel Message exit configuration from the Channel Properties of the Receiver Channel Host machine, the Sender channel goes into RUNNING state.(WHEN the ENCRYPTION Exit dll is CONFIGURED on the local m/c Sender channel)
In effect, My encryption is working fine(with exit dll configured) but I am unable to configure the exit dll on the receiving side for the appropriate decryption to take place.
The Issue is how do I get the channel in running state after configuring the channel message exit DLL on Both sides.( I have tried restarting queuemanagers on both sides)
All I did on the HOST Receiver channel m/c was to
1)copy the same exit dll ONLY (no DEF file ..etc) to the ExitsDefaultPath AND
2)to configure the channel's properties : Exits- Message Exit Name - appropriately. ( This was in the same way I had configured it on the SENDER channel where it works fine)
If I PING using All tasks of the Sender channel (after configuring both side exit dlls) the error I get is:
"Bind failed.The bind to a remote system during session negotiation failed(AMQ4051)."
If i See the event viewer on the m/c where the sender channel is in Retry mode (after configuring both side exit dlls), the error displayed is:
"Channel negotiation failed.
Channel 'MYTESTCHAN' between this machine and the remote machine could not be established due to a negotiation failure.
Tell the systems administrator, who should attempt to identify the cause of the channel failure using problem determination techniques. For example, look for FFST files, and examine the error logs on the local and remote systems where there may be messages explaining the cause of failure. More information may be obtained by repeating the operation with tracing enabled. "
Please offer suggestions. |
|
Back to top |
|
 |
mqonnet |
Posted: Fri May 14, 2004 9:56 am Post subject: |
|
|
 Grand Master
Joined: 18 Feb 2002 Posts: 1114 Location: Boston, Ma, Usa.
|
If you are on MQ 5.3 or later then you could very well use SSL feature of the channels to do the encryption/decryption you are trying to establish. Since thats the only thing you seem to be doing with the channel exits here. As you might already know, its not easy to get this whole set up running.
Otherwise, PM/email me the channel exit(source & dll) and i shall try it out when i get a chance.
Are both qms on the same CCSID or are they different.
Cheers
Kumar _________________ IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
Back to top |
|
 |
TKiranKumar |
Posted: Sun May 16, 2004 2:57 am Post subject: Theoretically it should work |
|
|
Novice
Joined: 14 May 2004 Posts: 15
|
Hi Kumar,
Thanks again for taking a really keen interest.
I am not sure how to check whether both the QM's have the same Coded Character Set, But I guess to a large extent they are the same.
You are right I could use SSL, but out of a keen interest I am trying to implement the same. (Nearly there...just waiting to get over this hurdle)
Now, a Theoretical question. if I have a Message Exit dll by the name MBExit which :
writes log files when the
1)channel initialises/starts,
2)and also when messages flow over the channel
but as of now does not manipulate MQ Channel Exit parameters
and if this exit dll is configured correctly on the sender channel.
the Channel MUST then go into Running mode
[It does, therfore I could enhence this dll to perform Encryption]
Now logically , on the Receiver Channel, the same MBExit dll should be configured to perform the Decryption (which as of now writes log files when invoked since it is the same dll)
When the Sender channel has the exit dll configured and the receiver channel does NOT have the exit dll configured , the Channels are in RUNNING State. (The Sender Channel m/c generates appropriate logs when the Exit is invoked)
When the Sender Channel AND the Receiver Channel have the SAME dll configured, The CHANNEL is ALWAYS in RETRY state (and gives the error as mentioned earlier)
My question is
if the exit is Just writing log files when invoked and if configured properly on both sides, the Setup must work (Channel MUST go into RUNNING State).
(After all it is the same dll)
Why does it work when: the Sender Channel has the dll configured and the receiver side does not. (Channel go into Running state)
Have I missed out something ?
[I know it is difficult to analyse...but offer me some suggestions whereby I could get the CHANNEL Running when both the sides have the dll configured]
Regards,
Kiran |
|
Back to top |
|
 |
mqonnet |
Posted: Mon May 17, 2004 4:57 am Post subject: |
|
|
 Grand Master
Joined: 18 Feb 2002 Posts: 1114 Location: Boston, Ma, Usa.
|
Kiran, its nice to know that you still want to pursue this. But i am afraid i may not be of much help, as i myself havent tried this for at least a couple of reasons. And if you do get it going, i wouldnt be surprised to know that you were one of the very few who did it. :)
1) Never came accross a situation that demanded me to ONLY go for this option.
2) Its not easy to implement it.
Coming to the problem.
Just because you have set everything right doesnt necessarily mean that the channels should come up. If the logs say that channel negotiation failed, then there must be something in the receiver end(most likely, from your description) thats causing this to happen. Verify the same.
Again, if you want me to give it a try, i shall do it when i get a chance. :)
Cheers
Kumar _________________ IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
Back to top |
|
 |
TKiranKumar |
Posted: Wed May 19, 2004 9:39 pm Post subject: Issue resolved |
|
|
Novice
Joined: 14 May 2004 Posts: 15
|
Hi Kumar,
Thanks a lot for keeping me going. I have resolved the issue and eventually implemented Encryption/Decryption Message Channel Exit using Microsoft Crypt API Symmetric Key Algol.
The resolution for the issue is that:
On the m/c that had the Receiver Channel Exit, the ExitDefaultPath(configured in MQServices snap in) MUST Necessarily be the IBM defaulted path. It does not work when the user changes/sets the path configuration.
Regards,
Kiran |
|
Back to top |
|
 |
|
|
 |
|
Page 1 of 1 |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
|
|