| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| Can't install MQ 7.1 on W2008R2 |
« View previous topic :: View next topic » |
| Author |
Message
|
| srdoug |
 Posted: Wed Feb 08, 2012 7:02 am Post subject: |
 |
|
Newbie
Joined: 07 Feb 2012
Posts: 5
|
| JasonE wrote: |
| Ideally this should be a PMR, but I can take a quick look to see if anything obvious is going on i f either of the 2 people hitting this could take a trace of this (Ensure all amq* processes stopped / killed, strmqtrc -all -det -d -1, run prepwiz, endmqtrc -a) plus export the system and application events, and put the zip somewhere I can access. |
Jason, thanks for taking a look. I ran strmqtrc -e -t all (the -all option was not available, so this seemed like the best bet). There was nothing in the application events. The output is on this SFTP server in the /sftptest folder:
address: 8.18.84.12
user: sftptest
password: IBMp4ssw0rd |
|
| Back to top |
|
 |
| srdoug |
| Posted: Thu Feb 09, 2012 10:08 am Post subject: |
|
|
Newbie
Joined: 07 Feb 2012
Posts: 5
|
For whoever may be interested in this topic, here's where I'm at:
1. I wound up installing 7.0 on a Server2003 machine (7.0 told me it wasn't compatible with Server2008R2). After providing the setup with the "special account" credentials (same as I was attempting to use with 7.1 on Server2008R2) everything installed just fine. FWIW, I had the same issues with 7.1 on this machine.
2. I never did get 7.1 to install correctly on Server2008R2. The problem as I see it is that despite my specifying during setup that I am running a post-2000 domain controller and need a "special account", the install never prompts me for the credentials of that account. Instead, it charges forward trying to access the domain controller while logged in as MUSR_MQADMIN. That's how I read this portion of the log from the other day:
10:35:47 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
10:35:47 Stopping the MQ Service 'MQ_Installation1'
10:35:47 MQ Service is already stopped
10:35:47 Registering MQ Service 'MQ_Installation1' under user name '.\MUSR_MQADMIN'
10:35:47 Opening MQ Service
10:35:47 Starting the MQ Service 'MQ_Installation1'
10:35:49 MQ Service has started
10:35:50 CheckGroups returned code 545284680 (0x20806248)
10:35:50 Stopping the MQ Service 'MQ_Installation1'
10:35:50 Waiting for the MQ Service to stop
10:35:51 Waiting for the MQ Service to stop
10:35:51 MQ Service has stopped
10:35:51 CheckSecurity: rc=545284680 (0x20806248)
10:35:51 Checking Services status: SECURITY_STATE_UNKNOWN
10:35:52 Active page is 'IDD_PROPPAGE_SERV_CHECK' (Class = 'CPageServCheck')
3. I had a slightly more success when I attempted to install 7.1 on 2008R2 under an account that was local to the machine. Under this scenario, the install does actually prompt me for the "special account" credentials and it gets further before eventually failing:
11:18:38 This computer name is 'DG-SRWINUTIL01'
11:18:38 Logged on user is 'MQADMIN' on domain 'DG-SRWINUTIL01'
11:18:38 National language identifier is 'A'
11:18:38 No other instance of the Prepare MQ Wizard, creating new instance
11:18:38 Displaying the Prepare MQ Wizard
11:18:38 Active page is 'IDD_PROPPAGE_WELCOME' (Class = 'CPageWelcome')
11:18:39 Windows 2000, trying to force window to foreground
11:18:39 This thread id 16984, foreground thread id 16984
11:18:39 Already foreground window
11:18:39 Checking logged on user is authorized
11:18:39 IsAdminAuthority: checking logged on user has administrator authority on local machine
11:18:39 Retrieved token information
11:18:39 IsAdminAuthority: rc=True
11:18:39 Logged on user is authorized
11:18:39 Active page is 'IDD_PROPPAGE_SERV_SETUP' (Class = 'CPageServSetup')
11:18:39 Checking whether first time setup of Services has been done
11:18:39 Doing first time setup of Services
11:18:39 Configuring MQ Service with local user account
11:18:39 Creating MQ Service local userid (bCreate=True)
11:18:39 Trying to create userid 'MUSR_MQADMIN'
11:18:39 This userid already exists
11:18:39 Setting password for userid
11:18:40 Userid is already a member of 'MQM' group
11:18:40 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
11:18:40 Stopping the MQ Service 'MQ_Installation1'
11:18:40 MQ Service is already stopped
11:18:40 Registering MQ Service 'MQ_Installation1' under user name '.\MUSR_MQADMIN'
11:18:40 Opening MQ Service
11:18:40 Starting the MQ Service 'MQ_Installation1'
11:18:40 MQ Service has started
11:18:41 CheckGroups returned code 0 (0x0)
11:18:41 Stopping the MQ Service 'MQ_Installation1'
11:18:41 Waiting for the MQ Service to stop
11:18:42 Waiting for the MQ Service to stop
11:18:42 MQ Service has stopped
11:18:42 CheckSecurity: rc=0 (0x0)
11:18:42 Checking Services status: SECURITY_STATE_OK
11:18:45 Active page is 'IDD_PROPPAGE_SERV_CHECK' (Class = 'CPageServCheck')
11:18:45 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
11:18:45 Starting the MQ Service 'MQ_Installation1'
11:18:45 MQ Service has started
11:18:46 CheckGroups returned code 0 (0x0)
11:18:46 Stopping the MQ Service 'MQ_Installation1'
11:18:46 Waiting for the MQ Service to stop
11:18:47 Waiting for the MQ Service to stop
11:18:47 MQ Service has stopped
11:18:47 CheckSecurity: rc=0 (0x0)
11:18:47 Checking Services status: SECURITY_STATE_OK
11:18:50 Active page is 'IDD_PROPPAGE_SEC_DOMTYPE' (Class = 'CPageSecDomType')
11:19:07 The Yes radio button is selected
11:19:07 Active page is 'IDD_PROPPAGE_SEC_WIN2000' (Class = 'CPageSecWin2000')
11:19:27 The Yes radio button is selected
11:19:27 Active page is 'IDD_PROPPAGE_SEC_USERID' (Class = 'CPageSecUserid')
11:19:55 The user account entered is Domain:'skyroadinternal', User name:'mqm'
11:19:55 IsLoggedOnUser: checking if userid entered is the same as the logged on user
11:19:55 Getting user name of logged on user
11:19:55 Retrieved token information
11:19:55 Logged on user is 'DG-SRWINUTIL01\MQADMIN' on domain '?'
11:19:55 GetLoggedOnUser: rc=0 (0x0)
11:19:55 IsLoggedOnUser: rc=15 (0xf)
11:19:55 Active page is 'IDD_PROPPAGE_SERV_STOP' (Class = 'CPageServStop')
11:19:55 Stopping the MQ Service 'MQ_Installation1'
11:19:55 MQ Service is already stopped
11:19:57 Active page is 'IDD_PROPPAGE_SERV_CONFIG' (Class = 'CPageServConfig')
11:19:57 Checking that user account 'skyroadinternal\mqm' is valid
11:19:57 Configuring MQ Service with user account 'skyroadinternal\mqm'
11:19:57 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
11:19:57 Stopping the MQ Service 'MQ_Installation1'
11:19:57 MQ Service is already stopped
11:19:57 Registering MQ Service 'MQ_Installation1' under user name 'skyroadinternal\mqm'
11:19:57 Opening MQ Service
11:19:58 Starting the MQ Service 'MQ_Installation1'
11:20:27 CheckGroups returned code 276849192 (0x10806228)
11:20:27 CheckSecurity: rc=276849192 (0x10806228)
11:20:27 Checking Services status: SECURITY_STATE_UNKNOWN
11:20:35 No shortcut to the Prepare MQ Wizard already exists
11:20:35 Active page is 'IDD_PROPPAGE_SEC_BAD' (Class = 'CPageSecBad') |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Feb 09, 2012 9:12 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
So you are trying to run the service with the userId: skyroadinternal\mqm?
I'd say working as designed. Choose a userId with the right privileges from GROUP skyroadinternal\mqm
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| srdoug |
| Posted: Fri Feb 10, 2012 6:24 am Post subject: |
|
|
Newbie
Joined: 07 Feb 2012
Posts: 5
|
| fjb_saper wrote: |
| Choose a userId with the right privileges from GROUP skyroadinternal\mqm |
I think you mean group skyroadinternal\domain mqm. dg-srwinutil01 is the local machine with the mqm group. There's also a domain account named mqm, which is in the local mqm and administrators groups and the domain mqm group in AD. It works just fine in 7.0. Doesn't work in 7.1.
FWIW, I only tried the shorter account name of mqm because I read something about a 20 character limit for domain and account names and wanted to ensure it wasn't the combination of domain and account that needed to be less than 20. It seemed like a longshot and, as expected, didn't make any difference.
I'm done having fun because I have 7.0 working. I don't think the 7.1 install works on Windows, but if someone says they've been successful with it I'd be interested in understanding how they are set up. Neither the OP nor I were able to get this working under 7.1, while the same account setup worked just fine with previous versions for both of us. |
|
| Back to top |
|
|
| JasonE |
| Posted: Mon Feb 13, 2012 4:25 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
So, prepwizard launches the service under musr_mqadmin, and then see's if that user can get the local groups of the signed on userid. This means if it works we dont need the domain id... So I see amqpsrvn running under musr_mqadmin, and attempts to get the groups for S**************L\d*****s'. This gets return code 5, access denied, and fails.
The problem here seems to be the same as apar IC80650 (not published yet as still open) and seems to be the access denied error isnt handled correctly. Its still being investigated so I cant say what will happen with it, but the workaround of manually changing the userid the MQ service runs under to be configured to be the domain id you are trying to get working has resolved the issue in all reported cases. (Note you do not need to run the prepare wizard if you have done this manually as a workaround)
Incidentally as described above, running under a non-domain user gets further as the r/c 5 isnt returned.
but...
>Registering MQ Service 'MQ_Installation1' under user name 'skyroadinternal\mqm'
This will NEVER work. MQ has a restriction that the id it runs under CANNOT be called
mqm, because the local group is called mqm. There are API's which get confused between
the group and local userid. This is true at 7.0 and 7.1 - it may be you are lucky and dont hit any of the problems but its a timebomb. See
http://www-01.ibm.com/support/docview.wss?uid=swg1IC77487
So apologies you have hit these troubles. The APAR is being looked at, and we will need
to ensure we describe the workaround clearly. I would really appreciate it if either of
the two hitting this could try the above. |
|
| Back to top |
|
|
| srdoug |
| Posted: Mon Feb 13, 2012 9:23 am Post subject: |
|
|
Newbie
Joined: 07 Feb 2012
Posts: 5
|
| JasonE wrote: |
>Registering MQ Service 'MQ_Installation1' under user name 'skyroadinternal\mqm'
This will NEVER work. MQ has a restriction that the id it runs under CANNOT be called
mqm, because the local group is called mqm. |
Thanks for this tip. I wasn't thrilled with the account name of mqm anyway, so I now have a new account from my admin and have reconfigured my 7.0 install.
| JasonE wrote: |
The problem here seems to be the same as apar IC80650 (not published yet as still open) and seems to be the access denied error isnt handled correctly. Its still being investigated so I cant say what will happen with it, but the workaround of manually changing the userid the MQ service runs under to be configured to be the domain id you are trying to get working has resolved the issue in all reported cases. (Note you do not need to run the prepare wizard if you have done this manually as a workaround)
So apologies you have hit these troubles. The APAR is being looked at, and we will need
to ensure we describe the workaround clearly. I would really appreciate it if either of
the two hitting this could try the above. |
OK, this is all much clearer now. I did re-install 7.1 on my 2008R2 box. I selected the "needs special account" option during the install and the prep wizard failed as expected. I then changed the IBM WebSphere MQ install service to run under the domain account and ran the prep wizard again. The prep wizard then asked me the questions about whether I need a special domain account, and when I answered 'yes' it prompted me for the credentials and completed the setup without any trouble.
So it looks like I finally have a good 7.1 install on 2008R2. Thanks for your help. I assume I could have gotten here by following your advice to just change the MQ Series service account and skip the prep wizard, but I wanted to see if the wizard would work and it turns out that it did.
Here's the full log of the initial failure and subsequent success:
11:09:45 *********************************************************************
11:09:45 Monday February 13, 2012
11:09:45 Starting the Prepare MQSeries Wizard log
11:09:45 MQSeries binary directory is 'C:\Program Files (x86)\IBM\WebSphere MQ\bin\'
11:09:45 MQSeries data directory is 'C:\Program Files (x86)\IBM\WebSphere MQ'
11:09:45 Getting parameters passed to program:
11:09:45 - Domain security type specified from the Launchpad
11:09:45 - Strong domain security type specified
11:09:45 Finished getting parameters passed to program
11:09:45 This computer name is 'DG-SRWINUTIL01'
11:09:45 Logged on user is 'degbers' on domain 'SKYROADINTERNAL'
11:09:45 National language identifier is 'A'
11:09:45 No other instance of the Prepare MQ Wizard, creating new instance
11:09:45 Displaying the Prepare MQ Wizard
11:09:45 Active page is 'IDD_PROPPAGE_WELCOME' (Class = 'CPageWelcome')
11:09:46 Windows 2000, trying to force window to foreground
11:09:46 This thread id 14516, foreground thread id 38204
11:09:46 Forced this window to be foreground
11:09:47 Checking logged on user is authorized
11:09:47 IsAdminAuthority: checking logged on user has administrator authority on local machine
11:09:47 Retrieved token information
11:09:47 IsAdminAuthority: rc=True
11:09:47 Logged on user is authorized
11:09:47 Active page is 'IDD_PROPPAGE_SERV_SETUP' (Class = 'CPageServSetup')
11:09:47 Checking whether first time setup of Services has been done
11:09:47 Doing first time setup of Services
11:09:47 Configuring MQ Service with local user account
11:09:47 Creating MQ Service local userid (bCreate=True)
11:09:47 Trying to create userid 'MUSR_MQADMIN'
11:09:47 This userid already exists
11:09:47 Setting password for userid
11:09:47 Userid is already a member of 'MQM' group
11:09:47 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
11:09:47 Stopping the MQ Service 'MQ_Installation1'
11:09:47 MQ Service is already stopped
11:09:47 Registering MQ Service 'MQ_Installation1' under user name '.\MUSR_MQADMIN'
11:09:47 Opening MQ Service
11:09:47 Starting the MQ Service 'MQ_Installation1'
11:09:47 MQ Service has started
11:09:48 CheckGroups returned code 545284680 (0x20806248)
11:09:48 Stopping the MQ Service 'MQ_Installation1'
11:09:48 Waiting for the MQ Service to stop
11:09:49 Waiting for the MQ Service to stop
11:09:49 MQ Service has stopped
11:09:49 CheckSecurity: rc=545284680 (0x20806248)
11:09:49 Checking Services status: SECURITY_STATE_UNKNOWN
11:09:52 Active page is 'IDD_PROPPAGE_SERV_CHECK' (Class = 'CPageServCheck')
11:09:52 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
11:09:52 Starting the MQ Service 'MQ_Installation1'
11:09:52 MQ Service has started
11:09:53 CheckGroups returned code 545284680 (0x20806248)
11:09:53 Stopping the MQ Service 'MQ_Installation1'
11:09:53 Waiting for the MQ Service to stop
11:09:54 Waiting for the MQ Service to stop
11:09:54 MQ Service has stopped
11:09:54 CheckSecurity: rc=545284680 (0x20806248)
11:09:54 Checking Services status: SECURITY_STATE_UNKNOWN
11:09:58 No shortcut to the Prepare MQ Wizard already exists
11:09:58 Active page is 'IDD_PROPPAGE_SEC_BAD' (Class = 'CPageSecBad')
11:10:01 Cancel pressed
11:10:01 Cancel pressed
11:10:01 Checking logged on user is authorized
11:10:01 IsAdminAuthority: checking logged on user has administrator authority on local machine
11:10:01 Retrieved token information
11:10:01 IsAdminAuthority: rc=True
11:10:01 Logged on user is authorized
11:10:01 Checking whether first time setup of Services has been done
11:10:01 First time setup of Services has already been done
11:10:02 Started the taskbar application 'C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmtbrn.exe'
11:10:02 Ending the Prepare MQSeries Wizard log
11:11:07 *********************************************************************
11:11:07 Monday February 13, 2012
11:11:07 Starting the Prepare MQSeries Wizard log
11:11:07 MQSeries binary directory is 'C:\Program Files (x86)\IBM\WebSphere MQ\bin\'
11:11:07 MQSeries data directory is 'C:\Program Files (x86)\IBM\WebSphere MQ'
11:11:07 Getting parameters passed to program:
11:11:07 Finished getting parameters passed to program
11:11:07 This computer name is 'DG-SRWINUTIL01'
11:11:07 Logged on user is 'degbers' on domain 'SKYROADINTERNAL'
11:11:07 National language identifier is 'A'
11:11:07 No other instance of the Prepare MQ Wizard, creating new instance
11:11:07 Displaying the Prepare MQ Wizard
11:11:08 Active page is 'IDD_PROPPAGE_WELCOME' (Class = 'CPageWelcome')
11:11:09 Windows 2000, trying to force window to foreground
11:11:09 This thread id 36576, foreground thread id 36576
11:11:09 Already foreground window
11:11:09 Checking logged on user is authorized
11:11:09 IsAdminAuthority: checking logged on user has administrator authority on local machine
11:11:09 Retrieved token information
11:11:09 IsAdminAuthority: rc=True
11:11:09 Logged on user is authorized
11:11:09 Active page is 'IDD_PROPPAGE_SERV_CHECK' (Class = 'CPageServCheck')
11:11:09 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
11:11:09 Starting the MQ Service 'MQ_Installation1'
11:11:09 MQ Service has started
11:11:10 CheckGroups returned code 0 (0x0)
11:11:10 Stopping the MQ Service 'MQ_Installation1'
11:11:10 Waiting for the MQ Service to stop
11:11:11 Waiting for the MQ Service to stop
11:11:11 MQ Service has stopped
11:11:11 CheckSecurity: rc=0 (0x0)
11:11:11 Checking Services status: SECURITY_STATE_OK
11:11:14 Active page is 'IDD_PROPPAGE_SEC_DOMTYPE' (Class = 'CPageSecDomType')
11:11:20 The Yes radio button is selected
11:11:20 Active page is 'IDD_PROPPAGE_SEC_WIN2000' (Class = 'CPageSecWin2000')
11:11:24 The Yes radio button is selected
11:11:24 Active page is 'IDD_PROPPAGE_SEC_USERID' (Class = 'CPageSecUserid')
11:11:37 The user account entered is Domain:'SKYROADINTERNAL', User name:'mqmadmin'
11:11:37 IsLoggedOnUser: checking if userid entered is the same as the logged on user
11:11:37 Getting user name of logged on user
11:11:37 Retrieved token information
11:11:37 Logged on user is 'SKYROADINTERNAL\degbers' on domain '?'
11:11:37 GetLoggedOnUser: rc=0 (0x0)
11:11:37 IsLoggedOnUser: rc=9 (0x9)
11:11:37 Active page is 'IDD_PROPPAGE_SERV_STOP' (Class = 'CPageServStop')
11:11:37 Stopping the MQ Service 'MQ_Installation1'
11:11:37 MQ Service is already stopped
11:11:39 Active page is 'IDD_PROPPAGE_SERV_CONFIG' (Class = 'CPageServConfig')
11:11:39 Checking that user account 'SKYROADINTERNAL\mqmadmin' is valid
11:11:39 Configuring MQ Service with user account 'SKYROADINTERNAL\mqmadmin'
11:11:39 CheckSecurity: Checking that the MQ Service can read the group membership of the logged on user
11:11:39 Stopping the MQ Service 'MQ_Installation1'
11:11:39 MQ Service is already stopped
11:11:39 Registering MQ Service 'MQ_Installation1' under user name 'SKYROADINTERNAL\mqmadmin'
11:11:39 Opening MQ Service
11:11:40 Starting the MQ Service 'MQ_Installation1'
11:11:40 MQ Service has started
11:11:41 CheckGroups returned code 0 (0x0)
11:11:41 Stopping the MQ Service 'MQ_Installation1'
11:11:41 Waiting for the MQ Service to stop
11:11:42 Waiting for the MQ Service to stop
11:11:42 MQ Service has stopped
11:11:42 CheckSecurity: rc=0 (0x0)
11:11:42 Checking Services status: SECURITY_STATE_OK
11:11:50 Active page is 'IDD_PROPPAGE_SERV_START' (Class = 'CPageServStart')
11:11:50 Starting the MQ Service 'MQ_Installation1'
11:11:51 MQ Service has started
11:11:56 Active page is 'IDD_PROPPAGE_COMPLETE' (Class = 'CPageComplete')
11:12:00 Finish pressed
11:12:00 Starting MQ Explorer
11:12:00 Checking logged on user is authorized
11:12:00 IsAdminAuthority: checking logged on user has administrator authority on local machine
11:12:00 Retrieved token information
11:12:00 IsAdminAuthority: rc=True
11:12:00 Logged on user is authorized
11:12:00 Checking whether first time setup of Services has been done
11:12:00 First time setup of Services has already been done
11:12:00 Started the taskbar application 'C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmtbrn.exe'
11:12:00 Local user account for Services no longer in use, deleting it
11:12:00 Deleting MQ Service local userid
11:12:00 Ending the Prepare MQSeries Wizard log |
|
| Back to top |
|
|
| JasonE |
| Posted: Mon Feb 13, 2012 9:44 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
Great news  - thanks for retrying for me! |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
