| Author |
Message
|
| Ward |
 Posted: Wed Oct 26, 2005 4:31 am Post subject: AMQ9520 for unknown channel |
 |
|
Voyager
Joined: 27 Jun 2001
Posts: 98
Location: Europe
|
Hi,
On a Windows system with WMQ5.3 I get the following error message every 20 minutes in the log files $MQ_Base\errors\Amqerr01.log
AMQ9520: Channel not defined remotely.
EXPLANATION:
There is no definition of channel 'MQSERVER=SYSTEM.DEF.' at the remote
location.
ACTION:
Add an appropriate definition to the remote hosts list of defined channels and
retry the operation.
----- amqrfpta.c : 334 --------------------------------------------------------
needless to say non of our queue managers has a channel with name 'MQSERVER=SYSTEM.DEF.'
Anyone has an idea what's wrong ?
Cheers,
Ward |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Wed Oct 26, 2005 4:43 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You've got a client application somewhere that has a bad MQServer environment variable setting.
This client application is being started every 20 minutes.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Ward |
| Posted: Wed Oct 26, 2005 5:06 am Post subject: |
|
|
Voyager
Joined: 27 Jun 2001
Posts: 98
Location: Europe
|
yes, I thought of that as well but I can't seem to find that client application. Is there a way to find this ?
thanks,
Ward. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Oct 26, 2005 5:15 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Enable SSL on all your svrconn channels and see who complains... 
The channel status in v6 and in later FPs of 5.3 will tell you some stuff about where a client is coming from.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Oct 26, 2005 11:12 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Create a channel called SYSTEM.DEF., wait 20 minutes, then do a display channel status for SYSTEM.DEF.. Hopefully they will be connected, and you can get their IP address.
I wish MQ / IBM provided a way to log these types of bogus channel attempts. About once a quarter, some new developer fires up there new app with reconnect logic that loops as fast as possible, and they misspell the SVRCONN channel name, and my QM is brought to its knees trying to log hundreds of channel not found errors per second. Luckily, it has never happened in production.
Sure is an easy way to attack a QM with a Denial of Service style attack!!!
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| wschutz |
| Posted: Wed Oct 26, 2005 11:20 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
But wouldn't they need to create a channel named:
'MQSERVER=SYSTEM.DEF.'
ie: def chl('MQSERVER=SYSTEM.DEF.') (edit: which can't be done, of course)
_________________
-wayne
Last edited by wschutz on Wed Oct 26, 2005 11:33 am; edited 1 time in total |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Oct 26, 2005 11:31 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| wschutz wrote: |
But wouldn't they need to create a channel named:
'MQSERVER=SYSTEM.DEF.'
ie: def chl('MQSERVER=SYSTEM.DEF.') (edit: which can't be done, of course) |
 Didn't catch that! The channel they are trying for is MQSERVER=SYSTEM.DEF. !
Well, my trick won't work then.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| wschutz |
| Posted: Wed Oct 26, 2005 11:38 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
What about this:
enable Channel autodef (CHAD(enabled)) and supply a autodef exit to
look for that channel name and then log the partnername and the connection name. That works....
Edit: and reject any other autodef attempts (if you don't really want autodef to work)
Edit Edit: or, you could be a nice guy and change the channel name to 'SYSTEM.DEF.SVRCONN'
_________________
-wayne |
|
| Back to top |
|
|
| Ward |
| Posted: Fri Oct 28, 2005 2:00 am Post subject: |
|
|
Voyager
Joined: 27 Jun 2001
Posts: 98
Location: Europe
|
Thanks for all the response...
my problem remains though and securing everything with ssl or creating an exit won't help me as it's a channel that does not exist (so how can I configure it to use ssl or an exit ?)
there are 2 queue managers on this machine but the errors arrive in the general $MQBase\errors directory...
anyone else got idea's ?
this is a production environment so I cannot stop one by one all the machines connecting (netstat) to figure out which one is the bad one...
cheers,
Ward. |
|
| Back to top |
|
|
| wschutz |
| Posted: Fri Oct 28, 2005 2:03 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
You define the channel auto definition exit at the qmgr. It gets called when a connection comes in for a channel that doesn't exist. I gave it a quick test the other day and it would do exactly what you need (ie, you can log the IP address and userid of the offending system).
_________________
-wayne |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Oct 28, 2005 8:45 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
This is easily solved in 30 seconds with either of my security solutions:
- MQ Authenticate User Security Exit
- MQ Standard Security Exit
Now borrowing on Wayne's answer, here's what you do if you were using MQAUSX on Windows:
| Code: |
*
ALTER QMGR CHAD(ENABLED)
*
ALTER CHANNEL ('SYSTEM.AUTO.SVRCONN') CHLTYPE(SVRCONN) +
TRPTYPE(TCP) +
SCYEXIT('C:\Capitalware\MQAUSX\mqausx(SecExit)') +
SCYDATA('C:\Capitalware\MQAUSX\mqausx.ini')
* |
Now the next time any user attempts to connect to the queue manager with any unknown channel 'MQSERVER=SYSTEM.DEF.' or 'ABC.XYZ.CH01', a log entry will be written to the mqausx.log file. Included in the log entry is the source IP address.
Now you will know who is the bad boy. Of course, since the rogue client is not configured with MQAUSX client DLL or JAR file, the connection will be rejected.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Nov 02, 2005 7:45 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Slick! We have MQAUSX (very happy with it) and will use this trick next time I have this problem.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
|
|
