| Author |
Message
|
| zpat |
 Posted: Mon Jun 26, 2017 5:44 am Post subject: MQ on Linux - possible cause of MQRC 2538? |
 |
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
I've installed MQ 7.1.0.7 on Linux, created a queue manager with listener but when I try to connect to the QM from my desktop using MO71 or Explorer - I get a MQRC 2538 MQRC_HOST_NOT_AVAILABLE error.
However using amqsgetc (MQ client sample) when running on the same host works fine.
There are no firewalls in the way (or so I am told). Using the IP address also fails so it's not a DNS issue.
Ping works fine, but telnet to the MQ port fails to connect. It has the symptoms of a classic firewall issue, but it's an internal server with no firewall.
Nothing is showing up in the MQ error logs. It there anything (Linux-wise) I should look for?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Mon Jun 26, 2017 5:51 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
"the same box" as in "the qmgr box" ?
Or "the same box" as in "the machine that all the other clients fail from" ?
A 2358 like this is usually caused by chlauth records.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jun 26, 2017 6:12 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Remember 7.1 is what started with chlauth...
If you have a generic ip backstop rule in place, make sure that you created holes in it so as to be able to access the channels you need to use...
If you don't know the address make the backstop rule a warn only rule and you should be able to connect and see stuff in the logs.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Jun 26, 2017 6:13 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
MQRC 2538, not 2358.
Same box as in connection from the same host as the QM runs on - works fine in client mode.
CHLAUTH rules in place, but still fails even if I disable CHLAUTH.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Jun 26, 2017 6:31 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
I'm sure that 2358 was a typo on my part.
From the qmgr box, you probably aren't hitting the same network interface as the other clients - likely you are being shortcut-ed to localhost.
I'm sure you did, but I think it's necessary to restart the qmgr if you set CHLAUTH on the qmgr to disabled.
... There's some way to enable chlauth messages in the mq logs - setting the rules to warn or something.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Jun 26, 2017 6:34 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Which flavour of Linux? If Red Hat the firewall is on by default (but you probably know that) and needs an exception if not disabled.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Jun 26, 2017 12:42 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
RHEL.
How to check/disable the firewall?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Jun 26, 2017 4:34 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Is the IPADDR attribute of the MQ Listener set to only accept connections over a particular IP address?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Mon Jun 26, 2017 4:57 pm Post subject: Re: MQ on Linux - possible cause of MQRC 2538? |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| zpat wrote: |
| I've installed MQ 7.1.0.7 on Linux, created a queue manager with listener but when I try to connect to the QM from my desktop using MO71 or Explorer - I get a MQRC 2538 MQRC_HOST_NOT_AVAILABLE error. |
Look in errors/AMQERR01.LOG on your desktop for diagnostics. Did you try amqsputc from your desktop?
_________________
Glenn |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Jun 26, 2017 9:48 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| PeterPotkay wrote: |
| Is the IPADDR attribute of the MQ Listener set to only accept connections over a particular IP address? |
Definitely not the case.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Jun 26, 2017 9:50 pm Post subject: Re: MQ on Linux - possible cause of MQRC 2538? |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| gbaddeley wrote: |
| zpat wrote: |
| I've installed MQ 7.1.0.7 on Linux, created a queue manager with listener but when I try to connect to the QM from my desktop using MO71 or Explorer - I get a MQRC 2538 MQRC_HOST_NOT_AVAILABLE error. |
Look in errors/AMQERR01.LOG on your desktop for diagnostics. Did you try amqsputc from your desktop? |
Yes, showing connection type errors from desktop MQ error log TCP error code 10060. Timeout sort of issue as if there was a firewall.
Ping can reach the MQ host fine.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Jun 27, 2017 12:50 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| zpat wrote: |
RHEL.
How to check/disable the firewall? |
According to Google:
systemctl status firewalld.service [to check status]
systemctl disable firewalld.service [to completely disable, including on reboot]
However, I use (example):
firewall-cmd --zone=public --add-port=1414/tcp --permanent
Followed by:
firewall-cmd --reload
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Jun 27, 2017 4:27 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
if it's not a firewall issue, maybe it's just an SSL config issue?
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jun 27, 2017 5:18 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqjeff wrote: |
| if it's not a firewall issue, maybe it's just an SSL config issue? |
If the telnet mqhost mqport is successful look into SSL. If it fails look into firewall / routing issues. Make sure the default gateway host is correct for both the sender and receiver hosts.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| nageshr99 |
| Posted: Tue Jul 04, 2017 10:14 pm Post subject: |
|
|
Novice
Joined: 30 May 2017
Posts: 24
|
| fjb_saper wrote: |
| mqjeff wrote: |
| if it's not a firewall issue, maybe it's just an SSL config issue? |
If the telnet mqhost mqport is successful look into SSL. If it fails look into firewall / routing issues. Make sure the default gateway host is correct for both the sender and receiver hosts. |
he says telnet does not work as per below lines:
"Ping works fine, but telnet to the MQ port fails to connect. It has the symptoms of a classic firewall issue, but it's an internal server with no firewall." |
|
| Back to top |
|
|
|
|
