| Author |
Message
|
| shashivarungupta |
 Posted: Wed Oct 20, 2010 7:28 am Post subject: mqrc 2393 |
 |
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
Hi All,
I have got an issue, that the client is facing !
He's getting mqrc 2393 whenever they are trying to connect the qmgr say 'TEST' using amqscnxc
command is correct with the flags.
SSL cert is fine, because the same cert is being used by other applications to connect to the same qmgr.
SSL Values on channel, SVRCONN and Client Conn are fine.
Could you please suggest where could be the problem.
| Code: |
display channel(A)
1 : display channel(A)
AMQ8414: Display Channel details.
CHANNEL(A) CHLTYPE(SVRCONN)
ALTDATE(2010-07-28) ALTTIME(18.05.49)
COMPHDR(NONE) COMPMSG(NONE)
DESCR( ) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SSLCAUTH(OPTIONAL) SSLCIPH(TRIPLE_DES_SHA_US)
SSLPEER( ) TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(A) CHLTYPE(CLNTCONN)
ALTDATE(2010-10-20) ALTTIME(09.55.35)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME(a.b.c.d(1414)) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MODENAME( ) PASSWORD( )
QMNAME(TEST) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SSLCIPH(TRIPLE_DES_SHA_US)
SSLPEER( ) TPNAME( )
TRPTYPE(TCP) USERID( )
|
----- amqrmrsa.c : 487 --------------------------------------------------------
10/20/10 10:51:49 - Process(434388.1969) User(mqm) Program(amqrmppa)
AMQ9639: Remote channel 'A' did not specify a CipherSpec.
EXPLANATION:
Remote channel 'A' did not specify a CipherSpec when the local
channel expected one to be specified. The channel did not start.
ACTION:
Change the remote channel 'A' to specify a CipherSpec so that both
ends of the channel have matching CipherSpecs.
----- amqcccxa.c : 2498 -------------------------------------------------------
10/20/10 10:51:49 - Process(434388.1969) User(mqm) Program(amqrmppa)
AMQ9999: Channel program ended abnormally.
EXPLANATION:
Channel program 'A' ended abnormally.
ACTION:
Look at previous error messages for channel program 'A' in the
error files to determine the cause of the failure.
Server having mq version as
Name: WebSphere MQ
Version: 6.0.2.8
CMVC level: p600-208-090930
BuildType: IKAP - (Production)
_________________
*Life will beat you down, you need to decide to fight back or leave it.
Last edited by shashivarungupta on Wed Oct 20, 2010 12:00 pm; edited 1 time in total |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Oct 20, 2010 10:47 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Try actually reading what the log is telling you, because it's crystal clear to me why it's not working...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Wed Oct 20, 2010 11:45 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| exerk wrote: |
| Try actually reading what the log is telling you, because it's crystal clear to me why it's not working... |
2393 0x00000959 MQRC_SSL_INITIALIZATION_ERROR
from the error log "..Remote channel 'A' did not specify a CipherSpec when the local channel expected one to be specified..."
and you can see on 'A' channels, cipher is mentioned !
Remote Channel 'A', I think its talking abt the server conn channel i.e. remote to client application.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Oct 20, 2010 12:20 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Review your SSL manual. Obviously you do have the cipherspec on both ends of the channel... but still something is wrong and missing. If you make no headway open a PMR.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 20, 2010 12:21 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Switch on and think!
Your log states:
| Quote: |
| AMQ9639: Remote channel 'A' did not specify a CipherSpec. |
The parameters for amqscnxc are:
| Quote: |
| amqscnxc [-x ConnName [-c SvrconnChannelName]] [QMgrName] |
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Oct 20, 2010 12:24 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| exerk wrote: |
Switch on and think!
Your log states:
| Quote: |
| AMQ9639: Remote channel 'A' did not specify a CipherSpec. |
The parameters for amqscnxc are:
| Quote: |
| amqscnxc [-x ConnName [-c SvrconnChannelName]] [QMgrName] |
|
I sure hope they use a channel table to test amqscnxc. Otherwise the result is as expected!
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 20, 2010 12:48 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fjb_saper wrote: |
| ...I sure hope they use a channel table to test amqscnxc. Otherwise the result is as expected! |
Why do I get the feeling that is not the case?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 21, 2010 2:13 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| exerk wrote: |
The parameters for amqscnxc are:
| Quote: |
| amqscnxc [-x ConnName [-c SvrconnChannelName]] [QMgrName] |
|
Yes.. I did consult the link given (but thanks exerk):
http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=/com.ibm.mq.csqzal.doc/fg17940_.htm
and they tried connecting over the server conn channel that I gave them for just testing purpose, without ssl. and they successfully got the connection.
| fjb_saper wrote: |
| ..I sure hope they use a channel table to test |
Yes, for their application I have provided them the CDT and that looks good to me. ( because the channel definitions that I've given above are looking good )
I have also provided them the self signed cert so that they can place it in their db. ( that cert is also being used by other apps. and its working fine for them that means cert is good too ).
But just for the testing they were using 'amqscnxc' from command prompt as their attempt of connection over qmgr TEST was not successful.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 21, 2010 2:19 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| exerk wrote: |
Your log states:
| Quote: |
| AMQ9639: Remote channel 'A' did not specify a CipherSpec. |
|
Yes , when I did see this note in error logs then I checked multiple times and even recreated the server conn and client conn channels with ssl on them and provided the new CDT to them.
(Before doing this I deleted the server conn. channel and client conn definition from table successfully).
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Oct 21, 2010 4:33 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
So your application people just specified amqscnxc * (where * is the queue manager name) ?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 21, 2010 7:20 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| exerk wrote: |
| So your application people just specified amqscnxc * (where * is the queue manager name) ? |
Nope.. for testing on the simple channel which does not have ssl on it.. for that they specified as :
amqscnxc -x a.b.c.d -c TEST.SVRCONN TEST
where TEST is the name of the qmgr
TEST.SVRCONN is the server connection channel.
And using this command, they got the connection over TEST., without error.
BUT what they are doing on Application program, they know better !
What I know is/are, they have specified the env. variables on windows, for the location of cert, mq env. variables , they have also created the key.jks/.kdb where they are put in that cert and specified the location in env. variables, set the env. variables for .tab file and its path.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Oct 21, 2010 8:25 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| shashivarungupta wrote: |
| exerk wrote: |
| So your application people just specified amqscnxc * (where * is the queue manager name) ? |
Nope.. for testing on the simple channel which does not have ssl on it.. for that they specified as :
amqscnxc -x a.b.c.d -c TEST.SVRCONN TEST
where TEST is the name of the qmgr
TEST.SVRCONN is the server connection channel.
And using this command, they got the connection over TEST., without error.
BUT what they are doing on Application program, they know better !
What I know is/are, they have specified the env. variables on windows, for the location of cert, mq env. variables , they have also created the key.jks/.kdb where they are put in that cert and specified the location in env. variables, set the env. variables for .tab file and its path. |
So the chances are they just repeated the command, or maybe put amqscnxc -x a.b.c.d -c A TEST, and got the result you have. If no one with knowledge told them not to do it, do you think they were aware of the difference 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 21, 2010 9:45 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| exerk wrote: |
| shashivarungupta wrote: |
| exerk wrote: |
| So your application people just specified amqscnxc * (where * is the queue manager name) ? |
Nope.. for testing on the simple channel which does not have ssl on it.. for that they specified as :
amqscnxc -x a.b.c.d -c TEST.SVRCONN TEST
where TEST is the name of the qmgr
TEST.SVRCONN is the server connection channel.
And using this command, they got the connection over TEST., without error.
BUT what they are doing on Application program, they know better !
What I know is/are, they have specified the env. variables on windows, for the location of cert, mq env. variables , they have also created the key.jks/.kdb where they are put in that cert and specified the location in env. variables, set the env. variables for .tab file and its path. |
So the chances are they just repeated the command, or maybe put amqscnxc -x a.b.c.d -c A TEST, and got the result you have. If no one with knowledge told them not to do it, do you think they were aware of the difference |
hmm...yes chances are there but one of'em said that they used that command for TEST.SVRCONN .
And I'm sure that they are not much aware about the amqscnxc and that's why I have also provided them above link for that command. And I believe they would get the diff. that it is directly calling connection request over qmgr using server conn. instead of client conn channel/tab file and diff. of ssl between 'A' and 'TEST.SVRCONN' is there too.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Oct 21, 2010 9:50 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
So get them to try amqscnxc TEST and see what happens...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 21, 2010 10:49 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| exerk wrote: |
| So get them to try amqscnxc TEST and see what happens... |
Yes...I've asked them but let see what they give now...
Thanks exerk.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
|
|
