| Author |
Message
|
| pezi |
 Posted: Fri Feb 15, 2008 3:38 am Post subject: SupportPac MS0R WebSphere MQ - problems with z/OS MQ 6.0 |
 |
|
Novice
Joined: 08 Feb 2008
Posts: 15
Location: Vienna/Austria
|
Hi,
After having tested the seurity exit successfully on a windows MQ Server (v6.0.2.3) I was about to install the required UK15258 patch on our v6.0 z/OS MQServer but it seems that there is still something missing as the connection without using the client security exit (windows popup) fails as the transferred username is still the user I started MO71 and not the user I entered when connecting.
The error messages in the log of the queuemanager are:
| Code: |
2008-02-15!12:31:02!Z/OS User=Ýpeterr¨ Credentials invalid.
2008-02-15!12:31:02!Connection refused, Channel ÝSEC.CLIENT.TO.MQM2¨ ConName Ý10.1.7.31¨ User ÝPETERR¨ Invalid credentials was supplied.
2008-02-15!12:31:02!PWSERV1-42E Connection refused, CHL=SEC.CLIENT.TO.MQM2 CON=10.1.7.31 USER=peterr Invalid credentials was supplied.
2008-02-15!12:31:02!Channel closed ÝSEC.CLIENT.TO.MQM2¨ Connection Name Ý10.1.7.31¨
|
Is there another patch which has to be applied, or do we have to apply all v60 related patches?
Regards
Peter |
|
| Back to top |
|
 |
| oz1ccg |
| Posted: Fri Feb 15, 2008 4:54 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Peter,
besides the menthioned PTF should there be no other PREreqs.
The problem might be becasue of special characters in password. You know ASCII/EBCDIC conversions.
-- Lock it or Lose it -- 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| pezi |
| Posted: Fri Feb 15, 2008 5:14 am Post subject: |
|
|
Novice
Joined: 08 Feb 2008
Posts: 15
Location: Vienna/Austria
|
Hi,
My password does only contain characters of the 7Bit ASCII character set.
What I do not understand is, that the wrong user name is passed. If I use the client security exit the output is as follows:
| Code: |
2008-02-15!14:05:59!PWServer Rem Uid=ÝRAIT¨ Full user name ÝRAIT¨ received from partner Security exit
2008-02-15!14:05:59!Users: ݨ len Ý0¨
2008-02-15!14:05:59!MCAUserIdentifier set to (1) RAIT
2008-02-15!14:05:59!Connection accepted, Channel ÝSEC.CLIENT.TO.MQM2¨ ConName Ý10.1.7.31¨ Pattern Ý*;¨ Flags ÝASC=Y ¨ User ÝRAIT¨
2008-02-15!14:05:59!ExitResponse=MQXCC_OK (0)
2008-02-15!14:05:59!MCAUserIdentifier set to (1) RAIT
2008-02-15!14:05:59!Connection accepted, Channel ÝSEC.CLIENT.TO.MQM2¨ ConName Ý10.1.7.31¨ MCAUser ÝRAIT¨.
2008-02-15!14:05:59!ExitResponse=MQXCC_OK (0)
|
So you see that there is a difference using the ClientExit or not.
As I remember I had a similar problem also on Windows until you told me to update from v6.0.0 to v6.0.2.1 on servers side which helped.
Is there anyting on client side which has also to be updated (using Client v6)?
Regards
Peter |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Feb 15, 2008 5:23 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
MQ FixPacks apply equally to client as well as server.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| zpat |
| Posted: Fri Feb 15, 2008 6:22 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| There is a bug in MQ client v6.0 about not folding userids (and presumably passwords) to upper case before passing them to z/OS queue managers. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Feb 15, 2008 6:47 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
You are running without UK15258, right ?
MS0R acts as the queue manager is a 5.x if this PTF is not applied, and therefore will not accept userids entered in MO71.
There are some reasons why MS0R have pre req. CSDs/PTFs.
I hope this helps.
-- Lock it or Lose it --
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| pezi |
| Posted: Fri Feb 15, 2008 8:01 am Post subject: |
|
|
Novice
Joined: 08 Feb 2008
Posts: 15
Location: Vienna/Austria
|
After applying the upgrade on the client machine the output on z/OS was slightly different:
| Code: |
2008-02-15!16:51:01!SecurityUserData=Ý*;-d;¨ nDebugFlag Ý1¨ UseridUpperLowerCase Ý0¨
2008-02-15!16:51:02!ver=1.40 env=MVS ExitId=MQXT_CHANNEL_SEC_EXIT ExitReason=MQXR_INIT ChannelType=MQCHT_SVRCONN
2008-02-15!16:51:02!PWServer QMgr=ÝMQM2¨ ChannelName=ÝSEC.CLIENT.TO.MQM2¨ ConnName=Ý10.1.7.31¨ Uid=ݨ
2008-02-15!16:51:02!PWServer SCYDATA=Ý*;-d;¨
2008-02-15!16:51:02!Patterns to process Ý*;¨
2008-02-15!16:51:02!Connection accepted for pattern Ý*¨, ConName Ý10.1.7.31¨
2008-02-15!16:51:02!ExitResponse=MQXCC_OK (0)
2008-02-15!16:51:02!ver=1.40 env=MVS ExitId=MQXT_CHANNEL_SEC_EXIT ExitReason=MQXR_INIT_SEC ChannelType=MQCHT_SVRCONN
2008-02-15!16:51:02!Users: ݨ len Ý0¨
2008-02-15!16:51:02!Using credentials supplied in MQCD
2008-02-15!16:51:02!Z/OS User=Ýpeterr¨ Credentials invalid.
2008-02-15!16:51:02!Connection refused, Channel ÝSEC.CLIENT.TO.MQM2¨ ConName Ý10.1.7.31¨ User ÝPETERR¨ Invalid credentials was supplied.
2008-02-15!16:51:02!PWSERV1-42E Connection refused, CHL=SEC.CLIENT.TO.MQM2 CON=10.1.7.31 USER=peterr Invalid credentials was supplied.
2008-02-15!16:51:02!ExitResponse=MQXCC_SUPPRESS_FUNCTION (-1)
2008-02-15!16:51:02!Channel closed ÝSEC.CLIENT.TO.MQM2¨ Connection Name Ý10.1.7.31¨
2008-02-15!16:51:02!ExitResponse=MQXCC_OK (0)
|
Our Host guy claims that he has installed UK15258. Is there a way to verify if this is really the case?
Regards
Peter |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Feb 15, 2008 9:38 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
You can verify it in SMP/E, just check that the sysmod is applied. 
Or you should be able to locate the string UK15258 in: 'SYS1.SCSQMVR1(CSQXSUPR)'
And I don't have to ask if you have installed version 6.0 of MS0R for z/OS.
It seems to me like MS0R think it's a version 5.x queue manager.
By the way, I thik it would be a good idea to add the SCYDATA option: '-z;' to get the Ý0¨ converted to '<0>' something more readable.
Let's see how it goes.
-- Lock it or Lose it --
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| pezi |
| Posted: Mon Feb 18, 2008 3:04 am Post subject: |
|
|
Novice
Joined: 08 Feb 2008
Posts: 15
Location: Vienna/Austria
|
Hi,
I didn't even find the data set SYS1.SCSQMVR1.
Our HOST guy has now requested MQServer 6.0 with the latest PTFs from IBM. Maybe there was something missing. I hope after that all my problems belong to the past 
Thank you for the hint concerning the better readable display of the MQ log.
Peter |
|
| Back to top |
|
|
| pezi |
| Posted: Mon Feb 18, 2008 5:01 am Post subject: |
|
|
Novice
Joined: 08 Feb 2008
Posts: 15
Location: Vienna/Austria
|
Hi,
Now it works  . The PTFs necessary were:
UK05386, UK05223, UK11957, UK15258
thank you very much
Peter |
|
| Back to top |
|
|
|
|
