| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| ConfigMgr security error when not connected to domain |
« View previous topic :: View next topic » |
| Author |
Message
|
| x061294 |
 Posted: Fri Aug 12, 2005 4:38 pm Post subject: ConfigMgr security error when not connected to domain |
 |
|
Acolyte
Joined: 05 Apr 2005
Posts: 62
|
I'm running MQ 5.3 csd 9, WBIMB 5.0 csd 5, on WindowsXP, SP2.
The Broker and configMgr both run under a local NT ID that is in all the proper groups.
The issue is that I'm running this on a laptop. When I'm at work in the building, on the domain, life is good, all works as it should. And, if I am at home, dialed in through the VPN, again, everything works as it should. The issue is when I'm at home, and not connected to the VPN. The ConfigMgr and Broker both start up fine, but, when I go to connect to the ConfigMgr from the toolkit, the ConfigMgr does a call to the security domain, fails, and won't connect.
In the eventviewer is:
| Code: |
( ConfigMgr ) Error in call NetUserGetLocalGroups() to the NT security domain with return code 1355.
A component of WebSphere Business Integration Message Brokers is attempting to call the NT security domain. The security subsystem returned an error code.
Check NT security subsystem documentation for the reported error. Restart the relevant service component (UserNameServer, or Configuration Manager). Ensure that a Domain Controller, either Primary or Backup, is available. |
As I recall, in 2.1, you could set the config manager up and tell it what security domain to use, local, or the domain name. In 5.0 while the -d option is still on the commands, basically you're not to use it. So that isn't going to help me.
I believe the issue is related to the fact that when I boot up the laptop at home, I authenticate to the domain cached id. So the broker and config manager expect that the domain should be there, however, it really isn't. Then again, I might be off base here.
Anyone else have issues with this and solved them? I would think sales/support folks would be running WBIMB on a laptop a lot, and not connected to their domain, so this has to be solvable, I just can't figure out how. |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Sat Aug 13, 2005 6:31 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I don't know why you think the -d option is not to be used anymore.
I do not know of a capability in the configmgr at any time for it to work when it could not connect to the security domain it was pointed at.
In your case, you might be better off setting the configmgr to authenticate against the local domain, and adding your domain user to the local groups.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| x061294 |
| Posted: Mon Aug 15, 2005 6:51 am Post subject: |
|
|
Acolyte
Joined: 05 Apr 2005
Posts: 62
|
I had hoped to set it to authenticate against the local domain, but, reading the manual's
| Quote: |
mqsicreateconfigmgr
-d SecurityDomainName (Optional) This parameter must be set to null. When you create the configuration manager, omit this parameter.
mqsichangeconfigmgr
-d SecurityDomainName (Optional) This parameter must be set to null. If you specified a value for the SecurityDomainName when you created the configuration manager, you must specify -d "". |
So I took that to state that while the option has not been removed, it has been deprecated.
I am able to start the config mgr, receiving the following two event log messages.
| Code: |
( ConfigMgr ) Successfully initialized interface to the NT security domain, TEMPMACH149.
A component of WebSphere Business Integration Message Brokers has successfully initialized the NT security domain.
No user action required.
( ConfigMgr ) The Configuration Manager is available for use.
The Configuration Manager has started successfully.
No user action required. |
It isn't until 5 minutes later when I try and connect the toolkit that I get the event error.
By the way, from the event log message the config manager is stating that it is authenticating against the local machine, TESTMACH149, and not the actual domain.
| Code: |
| ( ConfigMgr ) Error in call NetUserGetLocalGroups() to the NT security domain with return code 1355. |
My domain ID is in the local groups but it is almost as if it needs to validate that domain id?? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Aug 15, 2005 7:04 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
That section in the docs for mqsicreateconfigmgr is very contradictory.
I'd say that the configmgr is not able to access your cached user authentication.
Is your domain user in the local Administrators group?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| x061294 |
| Posted: Mon Aug 15, 2005 12:23 pm Post subject: |
|
|
Acolyte
Joined: 05 Apr 2005
Posts: 62
|
I agree on the contradiction....
The ID is in the local admin. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Aug 15, 2005 12:40 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Then it doesn't look like you'll be able to get this to work as your domain user at all, when you are disconnected.
I guess you need to make a local user, and use that unless you are going to connect to the domain.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
