| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| run mq with domain user |
« View previous topic :: View next topic » |
| Author |
Message
|
| sangminli |
 Posted: Wed Jul 07, 2010 7:24 pm Post subject: run mq with domain user |
 |
|
Voyager
Joined: 26 Aug 2008
Posts: 75
Location: Hangzhou, China
|
we are having some issue with running mq with domain user on one Windows server which we don't have for other Windows servers.
1. We want to run mq with one domain user
2. the domain user is added into one domain group, and that domain group is added into local mqm group
3. in both dcom config and services, IBM MQSeries is configured to run with that domain user
But when IBM MQSeries starts, only amqsvc.exe is running with that domina user, all the mq proceses are running with MUSR_MQADMIN, which is really weird.
Anybody can advise? |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed Jul 07, 2010 8:16 pm Post subject: Re: run mq with domain user |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| sangminli wrote: |
we are having some issue with running mq with domain user on one Windows server which we don't have for other Windows servers.
1. We want to run mq with one domain user
2. the domain user is added into one domain group, and that domain group is added into local mqm group
3. in both dcom config and services, IBM MQSeries is configured to run with that domain user
But when IBM MQSeries starts, only amqsvc.exe is running with that domina user, all the mq proceses are running with MUSR_MQADMIN, which is really weird.
Anybody can advise? |
2. This is so wrong. Check for V7 but AFAIK MQ does not support group inclusion (at least on windows). You would need to add all domain users of the domain mqm group into the local mqm group if the qmgr is running as local.
MUSR_MQADMIN is the windows equivalent of the local mqm user. Windows does not support group name = user name.
If you want to run MQ under a different user (domain user) use the first steps configuration wizzard. It will fix the dcom config and service users.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| sangminli |
| Posted: Wed Jul 07, 2010 8:54 pm Post subject: Re: run mq with domain user |
|
|
Voyager
Joined: 26 Aug 2008
Posts: 75
Location: Hangzhou, China
|
| fjb_saper wrote: |
2. This is so wrong. Check for V7 but AFAIK MQ does not support group inclusion (at least on windows). You would need to add all domain users of the domain mqm group into the local mqm group if the qmgr is running as local.
MUSR_MQADMIN is the windows equivalent of the local mqm user. Windows does not support group name = user name.
If you want to run MQ under a different user (domain user) use the first steps configuration wizzard. It will fix the dcom config and service users.
Have fun |
I am not quite sure about if group inclusion is supported or not. But in the infor center, they just say:
"Type domain mqm, or the name of a group that is a member of the local "mqm" group. (If you are using domain mqm, this exact string should be used because it is understood and used by WebSphere MQ)."
refer to http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=/com.ibm.mq.amqtac.doc/wq10830_.htm
so as I understand, if i want to run mq as a domain user, I only need to add that id into domain mqm group or other domain group that is in the local mqm group.
And as i said, this setting works ok for other Windows servers.
I may give it a try to let the server admin to run the prepare mq wizard to add the domain mqadmin id.
thanks for you reply!  |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jul 08, 2010 1:34 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
Thanks for the link. Must be new for V7... go for it.!
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Jul 08, 2010 2:42 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fjb_saper wrote: |
| Thanks for the link. Must be new for V7... go for it.! |
I'm sure that was there in V5.3 and V6.0, but it was a long time ago, in a galaxy far away 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jul 08, 2010 6:29 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| exerk wrote: |
| fjb_saper wrote: |
| Thanks for the link. Must be new for V7... go for it.! |
I'm sure that was there in V5.3 and V6.0, but it was a long time ago, in a galaxy far away |
Well I NEVER ran MQ on Windows as a domain user... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jul 09, 2010 1:00 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fjb_saper wrote: |
| exerk wrote: |
| fjb_saper wrote: |
| Thanks for the link. Must be new for V7... go for it.! |
I'm sure that was there in V5.3 and V6.0, but it was a long time ago, in a galaxy far away |
Well I NEVER ran MQ on Windows as a domain user... |
Nor me, but the site I'm at now does not allow local users for applications, and they view WMQ as just 'another' application. It's a learning curve for me too I can assure you!
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
