| Author |
Message
|
| run |
 Posted: Mon Sep 13, 2010 1:29 pm Post subject: MQ7 Setup Authorization error |
 |
|
Apprentice
Joined: 14 May 2007
Posts: 45
Location: Newyork, USA
|
Hi All,
Here the setup made so far for an MQ7(7.0.1.2) Multi Instance Queue manager to work.
1) Domain group created "domain mqm".
2) User account created in Domain(using as MQ Service account) "xyz" which is member of the "domain mqm" group, local group "mqm" and is applied as a service account to IBM MQ series.
3) "mqm" local group created when MQ installed and "domain mqm"group is made a member of the "mqm" local group.
4)"domain mqm", "mqm", "xyz" are member of the administration group on the servers.
5) Shared drive location given full permissions for both groups(domain mqm, mqm) and service account user(xyz).
Owner of this shared drive location is "xyz" currently but also tried changing to using group "domain mqm" which did not work.
5)Both the servers have windows 2008 R2 OS and are in same domain.
Should this work OR am I missing something.
I tried to create a Multi instance Queue manager I am seeing a authorization error(Permission denied attempting to access filesystem location '\\SHareddrive\MQHA\data').
When tried to read the FD'S I see that its using local "mqm" group to create this QM.
Any suggestions please. |
|
| Back to top |
|
 |
| exerk |
| Posted: Mon Sep 13, 2010 1:42 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Might be an obvious question, but I'll ask it anyway - they are domain controllers you're trying to do this on? Take a look HERE for further information as to why they must be DC's.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| run |
| Posted: Mon Sep 13, 2010 1:54 pm Post subject: |
|
|
Apprentice
Joined: 14 May 2007
Posts: 45
Location: Newyork, USA
|
We are using windows Active directory. Looks like the fact that MQ7 Multi instance Queuemanager requires to use domain local groups for access the shared drive locations and you must run multi-instance queue managers on a domain controller sucks.  Any other way of doing this? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Sep 13, 2010 6:58 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| run wrote: |
| Any other way of doing this? |
Only if the documentation says so. |
|
| Back to top |
|
|
| run |
| Posted: Wed Sep 15, 2010 6:34 am Post subject: |
|
|
Apprentice
Joined: 14 May 2007
Posts: 45
Location: Newyork, USA
|
Anybody heard about setting up a "mini domain". Any inside on this topic for setting up Multi instance Queuemanager.
Please let me know |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Sep 15, 2010 11:01 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| run wrote: |
Anybody heard about setting up a "mini domain". Any inside on this topic for setting up Multi instance Queuemanager.
Please let me know |
Your Windows admins should know all about setting up sub-domains...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| run |
| Posted: Thu Sep 23, 2010 11:39 am Post subject: |
|
|
Apprentice
Joined: 14 May 2007
Posts: 45
Location: Newyork, USA
|
Thank you,
They are working on it |
|
| Back to top |
|
|
| balaji83it |
| Posted: Tue Oct 05, 2010 3:06 am Post subject: |
|
|
Acolyte
Joined: 20 Jul 2007
Posts: 72
|
Hello Run,
First you need to make sure that the group id for mqm on both boxes is same.
Second, you must make the shared path owner and group also to mqm:mqm so that it can access. Also make sure that the shared path is accessible from both servers.
Use /home_dir/user1 (which exists in both servers) or you can even use nfs server.
Once you create a QM on one machine add its info using addmqinf on another machine. And start the Qmanager on one and its standby instance on another.
Let me know if you face any problems.
Regards,
Balaji. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Oct 05, 2010 3:34 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| balaji83it wrote: |
Hello Run,
First you need to make sure that the group id for mqm on both boxes is same.
Second, you must make the shared path owner and group also to mqm:mqm so that it can access. Also make sure that the shared path is accessible from both servers.
Use /home_dir/user1 (which exists in both servers) or you can even use nfs server.
Once you create a QM on one machine add its info using addmqinf on another machine. And start the Qmanager on one and its standby instance on another.
Let me know if you face any problems.
Regards,
Balaji. |
Nice try, but he's on Windows...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| SAFraser |
| Posted: Tue Oct 05, 2010 4:44 am Post subject: |
|
|
Shaman
Joined: 22 Oct 2003
Posts: 742
Location: Austin, Texas, USA
|
balaji83it,
You cannot create an ID on windows "mqm". Windows does not permit a user ID that is the same as as group name. Also, Windows' domains introduce issues that are not present in Unix. |
|
| Back to top |
|
|
| rahuldhanpal |
| Posted: Tue Oct 05, 2010 7:02 am Post subject: |
|
|
Voyager
Joined: 24 Jan 2009
Posts: 84
Location: Kenosha WI
|
hi Guys,
This is rahul co-worker of run.
Thanks for the thoughts. we got it working, the issue was the CIFS share(top level in the UNC path) above MQHA directory did not have the full control access to the group mqm, thats the reason we had issues.
thanks
Rahul. |
|
| Back to top |
|
|
|
|
