| Author |
Message
|
| zbych |
 Posted: Sun Feb 05, 2012 11:50 pm Post subject: Can't install MQ 7.1 on W2008R2 |
 |
|
Newbie
Joined: 05 Feb 2012
Posts: 4
|
Hi there
I'd like to learn about Websphere ESB and so I've devided to try it out and install on my Windows 2008R2 virtual machine. The machine is on vmware and connected to a domain so I've had followed the instructions and created a domain group callem "domain mqm" and set the appropriate rights for it. But when I try to install Websphere MQ with a domain admin account, the application says:
"An unexpected error has occured while validating the security credentials of user 'my-domain\admin'.
Ensure that the network is operational, and that all required domain controllers are available".
Here the amqmjpse.txt:
08:41:21 Starting the Prepare MQSeries Wizard log
08:41:21 MQSeries binary directory is 'C:\Program Files (x86)\IBM\WebSphere MQ\bin\'
08:41:21 MQSeries data directory is 'C:\Program Files (x86)\IBM\WebSphere MQ'
08:41:21 Getting parameters passed to program:
08:41:21 - Domain security type specified from the Launchpad
08:41:21 - Unknown domain security type specified
08:41:21 Finished getting parameters passed to program
08:41:21 This computer name is 'WEBSPHERE'
08:41:21 Logged on user is 'admin' on domain 'my-domain'
08:41:21 National language identifier is 'P'
08:41:21 No other instance of the Prepare MQ Wizard, creating new instance
08:41:21 Displaying the Prepare MQ Wizard
08:41:21 Active page is 'IDD_PROPPAGE_WELCOME' (Class = 'CPageWelcome')
08:41:22 Checking logged on user is authorized
08:41:22 IsAdminAuthority: checking logged on user has administrator authority on local machine
08:41:22 Retrieved token information
08:41:22 IsAdminAuthority: rc=True
08:41:22 Logged on user is authorized
08:41:22 Active page is 'IDD_PROPPAGE_SERV_SETUP' (Class = 'CPageServSetup')
08:41:22 Checking whether first time setup of Services has been done
08:41:22 Windows 2000, trying to force window to foreground
08:41:22 This thread id 3288, foreground thread id 3288
08:41:22 Already foreground window
08:41:22 Doing first time setup of Services
08:41:22 Configuring MQ Service with local user account
08:41:22 Creating MQ Service local userid (bCreate=True)
08:41:22 Trying to create userid 'MUSR_MQADMIN'
08:41:22 Userid created
08:41:22 Adding userid to 'MQM' group, rc=0 (0x0)
08:41:22 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
08:41:22 Stopping the MQ Service 'MQ_Installation1'
08:41:22 MQ Service is already stopped
08:41:22 Registering MQ Service 'MQ_Installation1' under user name '.\MUSR_MQADMIN'
08:41:22 Opening MQ Service
08:41:22 Starting the MQ Service 'MQ_Installation1'
08:41:23 MQ Service has started
08:41:24 CheckGroups returned code 545284680 (0x20806248)
08:41:24 Stopping the MQ Service 'MQ_Installation1'
08:41:24 Waiting for the MQ Service to stop
08:41:25 Waiting for the MQ Service to stop
08:41:25 MQ Service has stopped
08:41:25 CheckSecurity: rc=545284680 (0x20806248)
08:41:25 Checking Services status: SECURITY_STATE_UNKNOWN
08:41:27 Active page is 'IDD_PROPPAGE_SERV_CHECK' (Class = 'CPageServCheck')
08:41:27 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
08:41:27 Starting the MQ Service 'MQ_Installation1'
08:41:27 MQ Service has started
08:41:28 CheckGroups returned code 545284680 (0x20806248)
08:41:28 Stopping the MQ Service 'MQ_Installation1'
08:41:28 Waiting for the MQ Service to stop
08:41:29 Waiting for the MQ Service to stop
08:41:29 MQ Service has stopped
08:41:29 CheckSecurity: rc=545284680 (0x20806248)
08:41:29 Checking Services status: SECURITY_STATE_UNKNOWN
08:41:32 No shortcut to the Prepare MQ Wizard already exists
08:41:32 Active page is 'IDD_PROPPAGE_SEC_BAD' (Class = 'CPageSecBad')
What is this error code with CheckGroups, as this is clearly the reason I can't install this thing.
Any help would be appreciated |
|
| Back to top |
|
 |
| JasonE |
| Posted: Mon Feb 06, 2012 1:52 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
| Does the domain user you are talking about have 'log on as a service' user rights on this machine? |
|
| Back to top |
|
|
| zbych |
| Posted: Mon Feb 06, 2012 2:39 am Post subject: |
|
|
Newbie
Joined: 05 Feb 2012
Posts: 4
|
| Well it's in a "Domain Admins" group as well as "Enterprise Admins" group so I can't imagine that it doesn't have the right to run as a service. But just in case I've added it in the "Local Security Policy" mmc. Unfortunately it still doesn't work (tried reinstalling Websphere MQ also). |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Feb 06, 2012 2:45 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| zbych wrote: |
| Well it's in a "Domain Admins" group as well as "Enterprise Admins" group so I can't imagine that it doesn't have the right to run as a service. But just in case I've added it in the "Local Security Policy" mmc. Unfortunately it still doesn't work (tried reinstalling Websphere MQ also). |
Have you followed the instructions HERE?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| zbych |
| Posted: Mon Feb 06, 2012 3:26 am Post subject: |
|
|
Newbie
Joined: 05 Feb 2012
Posts: 4
|
Ok, let me write down all the steps I've made to get where I am now:
1. I've created a new server on vmware, installed W2008R2, renamed it to "Websphere" and joined it to my domain.
2. I've created a new group in my AD called "domain mqm". I've enabled this group to be able to read two attributes of user accounts in my domain.
3. I've added my user account to "domain mqm" group
4. I've logged on "Websphere" using my user account and I've run the setup from ibm webpage.
5. It showed me an error: "Prepare WebSphere MQ Wizard", so I've made a new user account and added it to "domain mqm" group. I've uninstalled websphere software.
6. I've logged on "Websphere" as my new user account and installed the software using my admin credentials. I've run "Prepare WebSphere MQ Wizard" and it shows me the same problem. |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Feb 06, 2012 4:27 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Did you follow the instructions provided in the link? If necessary, start from scratch, with everything.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Feb 06, 2012 4:35 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
And don't forget to reboot.
This really is important, even in modern versions of windows, to ensure that you're not dealing with cached authorizations. |
|
| Back to top |
|
|
| zbych |
| Posted: Tue Feb 07, 2012 6:31 am Post subject: |
|
|
Newbie
Joined: 05 Feb 2012
Posts: 4
|
I've installed MQ Server (x86) 7.0.1 on the same server and using the same credentials without any problems, so that pretty much solves the case.
Thanks |
|
| Back to top |
|
|
| JasonE |
| Posted: Tue Feb 07, 2012 6:48 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
If the same id with the same setup works for 7.0.1 then I am pretty certain the issue is that you dont have log on as a service (locally, not at a domain level) for the id you have configured under.
Whilst it was documented as a requirement for 7.0, we never actually needed it (it was left over from 5.1ish times!) however 7.1 now DOES need that user right.
What you could do as a minor test is to find the MQ Service in the services control panel, and try to manually configure it to run under that domain userid. The control panel 'grants' that user right to that user (the GUI does this), and you might find it just works after that (rerun the prepwiz to complete the MQ installation though). |
|
| Back to top |
|
|
| srdoug |
| Posted: Tue Feb 07, 2012 8:49 am Post subject: |
|
|
Newbie
Joined: 07 Feb 2012
Posts: 5
|
I'm having the same problem as zbych, also on Windows 2008R2, but not on VM.
The 'domain mqm' group exists on the domain controller and my user is in that group. I also have 'log on as a service' on this machine for my user. After the initial failure, I manually added my user to the local 'mqm' group but that hasn't helped either.
At this point, I'd just like to install 7.0.1 and move on, but I can't seem to find that download.
I would appreciate any help you can provide.
10:35:43 Tuesday February 07, 2012
10:35:43 Starting the Prepare MQSeries Wizard log
10:35:43 MQSeries binary directory is 'C:\Program Files (x86)\IBM\WebSphere MQ\bin\'
10:35:43 MQSeries data directory is 'C:\Program Files (x86)\IBM\WebSphere MQ'
10:35:43 Getting parameters passed to program:
10:35:43 - Domain security type specified from the Launchpad
10:35:43 - Weak domain security type specified
10:35:43 Finished getting parameters passed to program
10:35:43 This computer name is 'DG-SRWINUTIL01'
10:35:43 Logged on user is 'degbers' on domain 'SKYROADINTERNAL'
10:35:43 National language identifier is 'A'
10:35:43 No other instance of the Prepare MQ Wizard, creating new instance
10:35:43 Displaying the Prepare MQ Wizard
10:35:43 Active page is 'IDD_PROPPAGE_WELCOME' (Class = 'CPageWelcome')
10:35:44 Windows 2000, trying to force window to foreground
10:35:44 This thread id 46740, foreground thread id 46844
10:35:44 Forced this window to be foreground
10:35:46 Checking logged on user is authorized
10:35:46 IsAdminAuthority: checking logged on user has administrator authority on local machine
10:35:46 Retrieved token information
10:35:46 IsAdminAuthority: rc=True
10:35:46 Logged on user is authorized
10:35:46 Active page is 'IDD_PROPPAGE_SERV_SETUP' (Class = 'CPageServSetup')
10:35:46 Checking whether first time setup of Services has been done
10:35:46 Doing first time setup of Services
10:35:46 Configuring MQ Service with local user account
10:35:46 Creating MQ Service local userid (bCreate=True)
10:35:46 Trying to create userid 'MUSR_MQADMIN'
10:35:46 Userid created
10:35:47 Adding userid to 'MQM' group, rc=0 (0x0)
10:35:47 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
10:35:47 Stopping the MQ Service 'MQ_Installation1'
10:35:47 MQ Service is already stopped
10:35:47 Registering MQ Service 'MQ_Installation1' under user name '.\MUSR_MQADMIN'
10:35:47 Opening MQ Service
10:35:47 Starting the MQ Service 'MQ_Installation1'
10:35:49 MQ Service has started
10:35:50 CheckGroups returned code 545284680 (0x20806248)
10:35:50 Stopping the MQ Service 'MQ_Installation1'
10:35:50 Waiting for the MQ Service to stop
10:35:51 Waiting for the MQ Service to stop
10:35:51 MQ Service has stopped
10:35:51 CheckSecurity: rc=545284680 (0x20806248)
10:35:51 Checking Services status: SECURITY_STATE_UNKNOWN
10:35:52 Active page is 'IDD_PROPPAGE_SERV_CHECK' (Class = 'CPageServCheck')
10:35:52 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
10:35:52 Starting the MQ Service 'MQ_Installation1'
10:35:52 MQ Service has started
10:35:53 CheckGroups returned code 545284680 (0x20806248)
10:35:53 Stopping the MQ Service 'MQ_Installation1'
10:35:53 Waiting for the MQ Service to stop
10:35:54 Waiting for the MQ Service to stop
10:35:54 MQ Service has stopped
10:35:54 CheckSecurity: rc=545284680 (0x20806248)
10:35:54 Checking Services status: SECURITY_STATE_UNKNOWN
10:35:57 No shortcut to the Prepare MQ Wizard already exists
10:35:57 Active page is 'IDD_PROPPAGE_SEC_BAD' (Class = 'CPageSecBad')
10:36:14 Cancel pressed
10:36:14 Cancel pressed
10:36:14 Checking logged on user is authorized
10:36:14 IsAdminAuthority: checking logged on user has administrator authority on local machine
10:36:14 Retrieved token information
10:36:14 IsAdminAuthority: rc=True
10:36:14 Logged on user is authorized
10:36:14 Checking whether first time setup of Services has been done
10:36:14 First time setup of Services has already been done
10:36:15 Started the taskbar application 'C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmtbrn.exe'
10:36:15 Ending the Prepare MQSeries Wizard log |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Feb 07, 2012 9:31 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
One other thing that might be worth trying is a 'local' install, then from a command line run amqsrvn -regserver -user <DOMAIN\USER> -password <PASSWORD>, followed by a reboot of the server.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| JasonE |
| Posted: Wed Feb 08, 2012 4:00 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
| Quote: |
| amqsrvn -regserver -user <DOMAIN\USER> -password <PASSWORD> |
No (and you mean amqmsrvn) - that's for pre-7.1 only. amqmsrvn doesnt exist in 7.1 (You wouldnt appreciate how much joy removing it gave...)
Ideally this should be a PMR, but I can take a quick look to see if anything obvious is going on i f either of the 2 people hitting this could take a trace of this (Ensure all amq* processes stopped / killed, strmqtrc -all -det -d -1, run prepwiz, endmqtrc -a) plus export the system and application events, and put the zip somewhere I can access. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Feb 08, 2012 4:10 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| JasonE wrote: |
| Quote: |
| amqsrvn -regserver -user <DOMAIN\USER> -password <PASSWORD> |
No (and you mean amqmsrvn) |
I do - finger trouble on my part. As the OP did not mention he was using V7.1 I felt it was a valid input to the discussion as it 'cured' and issue I was having with an install in domain mode.
| JasonE wrote: |
| ...(You wouldnt appreciate how much joy removing it gave...) |
Oh yes I do! Now, if only you guys at the labs could give us a transmission queue per cluster... 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| JasonE |
| Posted: Wed Feb 08, 2012 4:29 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
| Quote: |
| As the OP did not mention he was using V7.1 |
Er... aside from the subject of the post? 
(I'll let you off though as you are right that the command you mentioned solves a large proportion of the pre-7.1 issues around incorrectly configured dcom config / amqmsrvn...) |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Feb 08, 2012 4:49 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
My coat is on and I am exiting with my tail between my legs 
Too little caffeine, too much age...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
