ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » MQRC_SECURITY_ERROR in ASP Application

Post new topic  Reply to topic
 MQRC_SECURITY_ERROR in ASP Application « View previous topic :: View next topic » 
Author Message
MQChela
PostPosted: Fri Mar 07, 2008 10:27 am    Post subject: MQRC_SECURITY_ERROR in ASP Application Reply with quote

Novice

Joined: 07 Feb 2006
Posts: 20
I understand this is discussed earlier.

But I just want to double check (especially what I did on development servver)

We recently upgraded MQ to 6

The ASP application is throwing MQRC_SECURITY_ERROR

IBM provides cause and couple of work arounds here:

http://www-1.ibm.com/support/docview.wss?uid=swg21195102


The cause states thus:

Cause
The resolved domain for the incoming userid (network serv which gets resolved to NETWORK SERVICE) is NT AUTHORITY. This is, a 'special domain', which signifies an O/S userid. We attempt to look up 'NETWORK SERVICE' from a domain 'NT AUTHORITY', and fail on the NetUserGetLocalGroups call with 2453 (NERR_DCNotFound). This results in an MQRC_SECURITY_ERROR from the MQ API call that generated the authority request.

The work arounds are these:

Option One:


1. Create a domain user account for WebSphere® MQ
2. In Microsoft® Internet Information Server ( IIS) v6.0 create a secondary application pool
3. Configure your website/virtual directory to use this new application pool
4. Change the new application pool "identity" property to use the configurable user that was setup in step 1.

Option Two:

You could add the following line to have the asp.net process run as someone other than "nt authority\network service":

<identity impersonate="true" userName="domain\userName" password= "yourpassword" />


I tried Option 1 and it fixed the problem when I checked on the server itself. But from outside it started for asking credentials.
(The ASP application has Windows integrated authentication)

Option 2 did not work at all.

So I just added "NETWORK SERVICE" in local mqm group and the ASP application is working fine from every where.

So my question is what's the risk in adding "NETWORK SERVICE" to local mqm group.

Thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » MQRC_SECURITY_ERROR in ASP Application
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.