| Author |
Message
|
| Gideon |
 Posted: Wed May 12, 2010 11:32 am Post subject: MCAUSER question |
 |
|
Chevalier
Joined: 18 Aug 2009
Posts: 403
|
I am using WMQ 701 on Windows
I previously placed the same user name and pw on my clients to get authorization. I can no longer do that
I placed my client user name into the MCA of the svrconn channel of my server qmgr. That allowed me access from the MQExplorer
However, I can not access from my java client. I get the following error:
| Code: |
Caught Exception while Creating QueueConnection from QueueConnectionFactory
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security au
thentication was not valid that was supplied for QueueManager 'AA' with connecti
on mode 'Client' and host name '9.9.9.9'. Please check if the supplied usern
ame and password are correct on the QueueManager you are connecting to
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security au
thentication was not valid that was supplied for QueueManager 'AA' with connecti
on mode 'Client' and host name '9.9.9.9'. Please check if the supplied usern
ame and password are correct on the QueueManager you are connecting to
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reaso
n.java:531)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.
java:219)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.ja
va:420)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7Provide
rConnection(WMQConnectionFactory.java:7926)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderC
onnection(WMQConnectionFactory.java:7396)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnectio
n(JmsConnectionFactoryImpl.java:276)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectio
nFactory.java:6076)
at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQueue
ConnectionFactory.java:115)
at connection.JMSConnection.makeQueueConnectionMQSeries(JMSConnection.ja
va:120)
at connection.JMSConnection.makeQueueConnection(JMSConnection.java:551)
at testType.JMS_PTP.setupMsgTransportProtocol(JMS_PTP.java:338)
at testType.JMS_PTP.run(JMS_PTP.java:818)
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with com
pcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.
java:206)
... 10 more
Linked Exception:
com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' (
'MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED'). |
I put the user ID into the MCA of the channel, is that all I need to accomplish or is there something else
Do I need to define the pw ?
Thanks |
|
| Back to top |
|
 |
| jeevan |
| Posted: Wed May 12, 2010 12:33 pm Post subject: Re: MCAUSER question |
|
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
| Gideon wrote: |
I am using WMQ 701 on Windows
I previously placed the same user name and pw on my clients to get authorization. I can no longer do that
I placed my client user name into the MCA of the svrconn channel of my server qmgr. That allowed me access from the MQExplorer
However, I can not access from my java client. I get the following error:
| Code: |
Caught Exception while Creating QueueConnection from QueueConnectionFactory
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security au
thentication was not valid that was supplied for QueueManager 'AA' with connecti
on mode 'Client' and host name '9.9.9.9'. Please check if the supplied usern
ame and password are correct on the QueueManager you are connecting to
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security au
thentication was not valid that was supplied for QueueManager 'AA' with connecti
on mode 'Client' and host name '9.9.9.9'. Please check if the supplied usern
ame and password are correct on the QueueManager you are connecting to
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reaso
n.java:531)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.
java:219)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.ja
va:420)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7Provide
rConnection(WMQConnectionFactory.java:7926)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderC
onnection(WMQConnectionFactory.java:7396)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnectio
n(JmsConnectionFactoryImpl.java:276)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectio
nFactory.java:6076)
at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQueue
ConnectionFactory.java:115)
at connection.JMSConnection.makeQueueConnectionMQSeries(JMSConnection.ja
va:120)
at connection.JMSConnection.makeQueueConnection(JMSConnection.java:551)
at testType.JMS_PTP.setupMsgTransportProtocol(JMS_PTP.java:338)
at testType.JMS_PTP.run(JMS_PTP.java:818)
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with com
pcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.
java:206)
... 10 more
Linked Exception:
com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' (
'MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED'). |
I put the user ID into the MCA of the channel, is that all I need to accomplish or is there something else
Do I need to define the pw ?
Thanks |
Did you create the MCAUSER you supplied in the system the queue manager is running? The user you supplied at MCAUSER should exist in the system in order a client to be able to make a conneciton and the user should have limited ( desired) permission.
As far as I know, MQ does not authenticate and so it does not use password.
hope helps
Last edited by jeevan on Fri May 14, 2010 7:20 pm; edited 1 time in total |
|
| Back to top |
|
|
| Gideon |
| Posted: Wed May 12, 2010 1:16 pm Post subject: |
|
|
Chevalier
Joined: 18 Aug 2009
Posts: 403
|
Thanks, I read that , but forgot about it once I started testing.
Does that rule (creating the user on the server as well as the client) also apply to the z/OS system as well ? |
|
| Back to top |
|
|
| exerk |
| Posted: Wed May 12, 2010 1:29 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Gideon wrote: |
| Does that rule (creating the user on the server as well as the client) also apply to the z/OS system as well ? |
It applies on every system. How else will the system be able to check the user? (LDAP etc. notwithstanding).
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Gideon |
| Posted: Thu May 13, 2010 10:20 am Post subject: |
|
|
Chevalier
Joined: 18 Aug 2009
Posts: 403
|
I just got this configuration to work with the MCAUSER:
| Code: |
Server Machine:
User: broker1
Member of: Administrators
mqbrkrs
mqm
Note: (This is the ID under which MQ and WMB were installed)
User: test01
Member of: Administrators
mqbrkrs
mqm
SVRCONNN Channel has MCA of test01
Client Machine:
User: test01
Member of: Administrators
Remote Desktop Users
Users
Note: (No MQ installation is on this machine, only client DLL's) |
But it did not work until I made test01 a member of "Administrators" on BOTH the server and client machines.
Why would this work only with Administratotr access ? |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu May 13, 2010 10:46 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Gideon wrote: |
| Why would this work only with Administratotr access ? |
Because Administrator usually has mqm authority & this bypasses security.
Did you do a dspmqaut to determine that the MCAUser has the correct authorizations on the target queue manager? Including connect, which many people overlook?
You could also remove the MCAUser from the Administrator group then enable security events to see what it's failing against.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu May 13, 2010 2:47 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Could it be that you need administrator access on the client machine to go TCP over the MQ port/protocol to the server? Firewall access etc...?
And by the way install the full MQ client on the client machine. It is much cleaner when doing upgrades... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
