| Author |
Message
|
| anilit99 |
 Posted: Thu Apr 15, 2010 8:22 am Post subject: Enquiring authorities from a different domain. |
 |
|
Voyager
Joined: 28 May 2009
Posts: 75
Location: London, UK
|
Hi gurus,
Setup :
MQ 7 installed on windows under the domain SSS
From the same laptop:
Case 1 :
User under the domain SSS able to connect post messages and all is well with the world.
Case 2 :
When User from another domain NNN is trying to connect to the MQ, I found this error in the MQ logs
| Code: |
WebSphere MQ encountered the following network error: The RPC server is unavailable.
MQ failed to successfully complete a network operation due to the specified error. If the error is encountered on systems that are part of a Windows 2000 domain it can indicate incorrect DNS or WINS configuration.
Ensure that your network is functioning correctly. On the Windows platform check DNS and/or WINS settings to ensure that domain controllers, used for authentication or authorisation functions, are accessible.
|
And in the client java program it is coming as MQRC_SECURITY_ERROR with reason code 2063.
I ran a google search on this site and the only relevant post was this, but unfortunately it wasnt resolved.
Now I am not sure why I am getting this error ! Any inputs will be highly appreciated. 
_________________
"I almost care !" |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Apr 15, 2010 8:36 am Post subject: Re: Enquiring authorities from a different domain. |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| anilit99 wrote: |
| MQ 7 installed on windows under the domain SSS |
Do you mean that WMQ is running under a domain id?
| anilit99 wrote: |
From the same laptop:
Case 1 :
User under the domain SSS able to connect post messages and all is well with the world.
Case 2 :
When User from another domain NNN is trying to connect to the MQ, I found this error in the MQ logs |
How are domains SSS & NNN related / connected in both network & Windows domain terms? I mean here are the domains parent / child, trusting or what? It sounds rather like domain SSS is not passing authentication to NNN properly.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| anilit99 |
| Posted: Fri Apr 16, 2010 12:35 am Post subject: |
|
|
Voyager
Joined: 28 May 2009
Posts: 75
Location: London, UK
|
| Quote: |
| Do you mean that WMQ is running under a domain id? |
WMQ is running under the user who is part of domain mqm (as explained exactly in the manual under - Configuring windows accounts)
| Quote: |
How are domains SSS & NNN related / connected in both network &
Windows domain terms? I mean here are the domains parent / child,
trusting or what? It sounds rather like domain SSS is not passing
authentication to NNN properly. |
I am not sure of this. I can check with the network guys but if possible can you please point me to some place in the manual how it should be to work in this situation, then I can kick an admin in the rear end (always wanted to do that !!)
_________________
"I almost care !" |
|
| Back to top |
|
|
| anilit99 |
| Posted: Fri Apr 16, 2010 12:47 am Post subject: |
|
|
Voyager
Joined: 28 May 2009
Posts: 75
Location: London, UK
|
| Quote: |
| How are domains SSS & NNN related / connected in both network & Windows domain terms? I mean here are the domains parent / child, trusting or what? |
I've just found out that the domains SSS and NNN are entirely in two regions and carry some trust certificates on both sides.
Thats so far I could get out from the network admin, if that helps on any matter.
_________________
"I almost care !" |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Apr 16, 2010 4:13 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| anilit99 wrote: |
I've just found out that the domains SSS and NNN are entirely in two regions and carry some trust certificates on both sides.
|
Umph. Windoze.
The WMQ documentation speaks of configuring the product to work with domain ids. This works how it works, and has been the subject of much debate here.
You're in the sticky marsh of Windows here. There is a difference between 2 Windows domains in a parent/child relationship and 2 domains that just trust each other. The key difference (as you've discovered) is in the way user credentials are validated. A Windows person could give a much better explaination than me, but someone logged onto a parent has credentials in all child domains whereas with trust the credentials are separate and they just trust each other's users with resources.
So a guy using domain NNN can't get his credentials validiated by SSS's domain controller, hence your error. Ask your Windows admin to explain it better, and then ask what he's going to do about it. You need some means of getting Windows credentials from one domain to the other.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| anilit99 |
| Posted: Fri Apr 16, 2010 7:41 am Post subject: |
|
|
Voyager
Joined: 28 May 2009
Posts: 75
Location: London, UK
|
_________________
"I almost care !" |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Apr 16, 2010 8:05 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| anilit99 wrote: |
| Havent tried it yet, as some of the network admins are golfing on a 60 foot yacht some where in the pacific. |
That's got to be a really, really small golf course.... 
| anilit99 wrote: |
| Suddenly Iam having a very powerful urge to kill someone. |
That happens to me a lot. Usually I fight it. Sometimes I don't.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Apr 16, 2010 9:03 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Vitor wrote: |
| anilit99 wrote: |
| Suddenly Iam having a very powerful urge to kill someone. |
That happens to me a lot. Usually I fight it. Sometimes I don't.
|
I know where the bodieth are buried becauth I buried them for you...I like it when you keep me thupplied with thpare partth 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
