| Author |
Message
|
| SomeBloke |
 Posted: Tue Feb 17, 2009 10:42 am Post subject: |
 |
|
Newbie
Joined: 05 Feb 2009
Posts: 6
|
| robertr wrote: |
The user is a member of the mqm and mqbrkrs groups on the windows deployment machine.
The user is not a member of any group on the solaris broker machine, not even a user on that machine. I believe this is ok once the acl entry has been made and the svrconn channel has an mca user id specified that is a member of the mqm group on the Solaris box - which it is.
The funny thing is that I can connect locally (XP) with this configuration but cannot from the windows server? |
Fishing a bit here, but i've had problems with some programs relying on domain credentials before.
Are you able to test from a different Windows Server install? Windows Server and XP handle passing domain credentials a little differently (especially if the Server is configured to be a domain controller). |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Feb 17, 2009 2:32 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Check your configuration box ACL. If you did not specify the -a flag your id is only valid from your machine... Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| robertr |
| Posted: Wed Feb 18, 2009 1:14 am Post subject: |
|
|
Novice
Joined: 05 Jan 2005
Posts: 19
|
....-a flag specified in the acl entry and will not work from two different servers. I have also tested logging on to a few different desktops and it works without issue.
Ready to tear out my hair at this stage!  |
|
| Back to top |
|
|
| SomeBloke |
| Posted: Wed Feb 18, 2009 4:56 am Post subject: |
|
|
Newbie
Joined: 05 Feb 2009
Posts: 6
|
| robertr wrote: |
....-a flag specified in the acl entry and will not work from two different servers. I have also tested logging on to a few different desktops and it works without issue.
Ready to tear out my hair at this stage! |
It definatley sounds like an issue with the difference between how Windows Server and XP pass domain credentials of the logged on user. Talk to your local windows domain administrator, they will be better able to explain this, and perhaps suggest a solution. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Feb 18, 2009 5:12 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
When you look at the Authority Events in the SYSTEM.ADMIN.QMGR.EVENT queue, what ID is showing as failing on the connect? Is it the expected ID?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| robertr |
| Posted: Wed Feb 18, 2009 6:01 am Post subject: |
|
|
Novice
Joined: 05 Jan 2005
Posts: 19
|
Hi Peter,
User ID on the queue is windows domain user.
This is not what I would expect as the svrconn channel is being specified in the .configmgr file referenced in the mqsideploy command which has a mca user id specified that is a member of mqm group on Solaris server.
It would appear that the svrconn channel is not being used as when i set the mca user id of SYSTEM.BKR.CONFIG channel, the deploy works.
Any ideas why this may occur?
Regards,
Rob |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Feb 18, 2009 9:53 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Apologies if I don't get your scenario 100%, but...
I'm guessing that SYSTEM.BKR.CONFIG is the only channel that will be used for deploys, regardless of what you try.
If the MCAUSER is blank on this channel, you will use the UserID of the Toolkit user for authorization. Apperently this ID does not have the necessary rights to connect to your Config Manager.
If you have an MCAUSER set on that channel, you will use that ID. When you do set an ID for the SYSTEM.BKR.CONFIG, you are using an ID with enough rights, so you connect successfully to the Config Manager QM.
Is this your scenario?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| robertr |
| Posted: Thu Feb 19, 2009 1:46 am Post subject: |
|
|
Novice
Joined: 05 Jan 2005
Posts: 19
|
Hi Peter,
I do not have an issue using the toolkit when deploying.
I have an ant script that automates the deployment and this is where the issue arises.
When the mqsideploy command is run, the .configmgr file passed as a parameter specifies a svrconn channel which for some reason is not being passed correctly or the mca user id is not being picked up. This same .configmgr file works fine from the toolkit or from different machines. When i populate the mca user id of the system broker svrconn channel, the mqsideploy command works fine. I would prefer not to use this channel or specify the mca user id on it though.
Regards,
Rob |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Feb 19, 2009 3:38 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| robertr wrote: |
Hi Peter,
I do not have an issue using the toolkit when deploying.
I have an ant script that automates the deployment and this is where the issue arises.
When the mqsideploy command is run, the .configmgr file passed as a parameter specifies a svrconn channel which for some reason is not being passed correctly or the mca user id is not being picked up. This same .configmgr file works fine from the toolkit or from different machines. When i populate the mca user id of the system broker svrconn channel, the mqsideploy command works fine. I would prefer not to use this channel or specify the mca user id on it though.
Regards,
Rob |
If you want to secure this channel you need to specify an mcauser on it AND use SSL. A blank mcauser is not the solution.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
