| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MUSR_MQADMIN account duplication with each install |
« View previous topic :: View next topic » |
| Author |
Message
|
| mnance |
 Posted: Thu Sep 12, 2002 5:40 am Post subject: MUSR_MQADMIN account duplication with each install |
 |
|
Apprentice
Joined: 15 Aug 2002
Posts: 44
|
We are currently upgrading our ISP servers to MQSeries v5.2 With each install the MUSR_MQADMIN account is created and a number is associated with it in User Manager, for instance, MUSR_MQADMIN1. We currently have up 17 different accounts and have 700+ servers to upgrade still. Is there a way to create a single account for MQSeries to use and assign during the install to alleviate the account duplication?
_________________
Salvation can only be achieved through Jesus Christ, our Lord and Saviour. |
|
| Back to top |
|
 |
| Nimrod |
| Posted: Wed Sep 18, 2002 6:22 am Post subject: LDAP with MQ |
|
|
Newbie
Joined: 08 Jul 2002
Posts: 6
Location: Israel
|
I assume that you are working with Active Directory through which all the computers are accessing these MUSR_MQADMIN user.
If not, and you are using NT domains, I warn you that I did not try this solution on NT domains, only only LDAP domains, but I think it should do the trick.
For your information, it could cause future trouble if you keep each queue manager running against its own use, instead of one for all. It has been my experience these causes strange and unsolvable security-related probs which seem to pop up without a real pattern I could recognize.
So, now for the solution, this has a few steps:
1. if this is the first MQSeries installed on this domain, there shouldnt be a prob, so all the next sections are irrelevant.
2. install MQSeries
3. Click Start->Run and type dcomcnfg and press enter
4. In the "Application" tab, double-click "IBM MQSeries"
5. In the "Identity" tab change the user and password from MUSR_MQADMIN1 (or other) to MUSR_MQADMIN
6. (for LDAP, maybe theres something parallel that should be done in NT, I dont believe so) "Start"->"Administrative Tools" -> "Domain Controller Security Policy"
7. under "Local Policies" -> "User Rights Assignments" check that in the parameter "log on as service" MUSR_MQADMIN is a part of the list, if not, add it.
8. delete the user MUSR_MQADMIN1 (or other)
9. Restart the computer (important, DCOM changes wont update until you do)
That's it, this has been checked and found working many a time on Active Directory servers, whether just connected to domain or PDC themselves.
Good Luck,
_________________
Nimrod Oren
Integration Solutions Expert,
Multiconn, Israel. |
|
| Back to top |
|
|
| mnance |
| Posted: Thu Oct 10, 2002 8:31 am Post subject: |
|
|
Apprentice
Joined: 15 Aug 2002
Posts: 44
|
Thanks Nimrod....it worked on the NT 4.0 domain.
_________________
Salvation can only be achieved through Jesus Christ, our Lord and Saviour. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
