| Author |
Message
|
| Vin |
 Posted: Fri May 02, 2003 2:54 pm Post subject: MQClient Connection Issues |
 |
|
Master
Joined: 25 Mar 2002
Posts: 212
Location: India
|
I'm trying to communicate with an MQServer on a remote machine. I have the client installed on my Windows 2000 machine and I defined all the necessary variables like MQSERVER and also a server connection channel named CHAN2 on the server. When I try to put a message thru amqsputc I get the following error code back 2059. When I look at the logs the message says Channel Program CHAN2 ended abnormally. really having a hard time getting this to work
My TCP channel is okay which I tested with Pinging, I know people have already asked this questions but after reading through all of them I'm still not able to figure it out? Thanks for all the help |
|
| Back to top |
|
 |
| Vin |
| Posted: Fri May 02, 2003 3:10 pm Post subject: |
|
|
Master
Joined: 25 Mar 2002
Posts: 212
Location: India
|
I'm getting a 2035 when I change the MQSERVER variable like this
MQSERVER='CHAN2/TCP/ipaddress(port)'
without the quote it gives me a 2059 error
Thanks |
|
| Back to top |
|
|
| Vin |
| Posted: Fri May 02, 2003 9:36 pm Post subject: |
|
|
Master
Joined: 25 Mar 2002
Posts: 212
Location: India
|
| I just can't get this. When I look into the log it says my userid does not have permission to access the QueueManager but when I do a dspmqaut to check the access priviledges for my userid it shows that I have all access to the Queue Manager. I'm not able to understand what is wrong? is is some network issue but the point is I'm able to do a ping from my machine successfully? any thoughts? |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Sat May 03, 2003 1:17 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
did you REFRESH SECURITY on the Queuemanager?
also I found using JMS you also need +inq (don't ask me why...).
I always use amqoamd -m QMgr -s to display authority |
|
| Back to top |
|
|
| Vin |
| Posted: Sat May 03, 2003 8:22 am Post subject: |
|
|
Master
Joined: 25 Mar 2002
Posts: 212
Location: India
|
| Thanks for the reply. I did refresh the security and also did this amqoamd. I had a question about the domain. Does a userId@domain1 not equal to userId@domain2 I mean how does MQ know which domain the user is logged in? thanks for the info. |
|
| Back to top |
|
|
| vnreddy |
| Posted: Mon May 05, 2003 4:41 am Post subject: |
|
|
Novice
Joined: 01 May 2003
Posts: 23
Location: UK
|
I think MQ it won't check the domain name of the client user,just it will see the user name is a member mqm group or not.
Can you check whether the channel Listener is running or not on the MQ Server? |
|
| Back to top |
|
|
| mqonnet |
| Posted: Mon May 05, 2003 5:25 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Do you have anything set in your MCAUSER attribute of the svrconn channel???
When you say you checked using dspmqaut to see if you have authority to access the object and found that you have. What user were you talking about and what authorities on what queue.
You have to have all auths(i think as far as i can recollect), on the qm and the respective auths on the object(queue) that you wish to access.
Cheers
Kumar
_________________
IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
| Back to top |
|
|
| RENAUDIN |
| Posted: Mon May 05, 2003 6:08 am Post subject: MQClient Connection Issues |
|
|
Newbie
Joined: 05 May 2003
Posts: 1
Location: Niort - France
|
I 'm trying to reproduce your problem :
1. I create a channel CHAN2 on serveur AIX.
2. In DOS command in W2000 Pro, :
set MQSERVER=CHAN2/TCP/IPADDRESS(port)
==> amqsputc QUEUE_NAME
MQCONN ended with reason code 2035
But with modification :
1. On server MSeries ( AIX ) :
runmqsc MQMGR_NAME
alter CHANNEL(CHAN2) CHLTYPE(SVRCONN) MCAUSER('mqm')
2. retries amqsputc QUEUE_NAME on client.
==> for me it 's OK.
I hope that resolve your problem. |
|
| Back to top |
|
|
| Vin |
| Posted: Mon May 05, 2003 8:46 am Post subject: |
|
|
Master
Joined: 25 Mar 2002
Posts: 212
Location: India
|
| I tried setting the MCAUSER and still getting the same error 2035 when I look at the logs. One thing I wanted to ask is that where do we define this group id called mqm in windows? I din't see any group being defined? do I have to add my userId to the group? Thanks for the info. |
|
| Back to top |
|
|
| mqonnet |
| Posted: Mon May 05, 2003 9:32 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Any userid that you use within the MCAUSER attribute is a Principal or user in other words. It is NOT a group. Hence you can define this userid as a regular windows user and grant authorities using dspmqaut if you are not adding this user to the mqm group. If adding to the mqm group, by default all the authorizations are granted to this userid.
Try this, assuming that your other system is win2k too.
1) Define a user calld FRED, on remote system.
2) Setmqaut the auths that you want anybody to have who use this userid.
3) Modify your svrconn def to have MCAUSER('FRED').
4) Start your qm and listener.
5) Try amqsputc again.
Hopefully this should be it.
Cheers
Kumar
_________________
IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
| Back to top |
|
|
| Vin |
| Posted: Tue May 06, 2003 4:26 pm Post subject: |
|
|
Master
Joined: 25 Mar 2002
Posts: 212
Location: India
|
that worke thanks, but my question now is, is hardconding the userId the preferred way? I understand that we need to define an mqm usergroup and add users to that but without this is this the only way one can give access to the specified user?
I did try the setmqaut and does not seem to work?
thanks again |
|
| Back to top |
|
|
| mqonnet |
| Posted: Wed May 07, 2003 5:03 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
You never need to hardcode any userid in the MCAUSER attribute. You can always keep it blank. The only difference between Hardcoding and not hardcoding is that, if you dont specify any user in MCAUSER attrib, then anybody can connect to your qm if they have a principal defined on the remote system. But if you define a particular userid, then Only and Only that userid can have access to the QM. Of course subsequent authority checks are to be considered. Setmqaut on the respective objects that this user wants to access...
Hope this helps.
Cheers
Kumar
_________________
IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
| Back to top |
|
|
| jackie |
| Posted: Mon Jun 09, 2003 7:17 pm Post subject: |
|
|
Novice
Joined: 01 Jun 2003
Posts: 20
Location: NYC
|
Kumar,
what do you mean by "anybody can connect to your qm if they have a principal defined on the remote system"? u mean anybody as long as they are in the same NT domain. If not, they have to be defined by setmqaut, I assume. |
|
| Back to top |
|
|
| mqonnet |
| Posted: Tue Jun 10, 2003 5:15 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
What i meant was this.
If you are on DOMAIN1 and your userid is FRED. And you are trying to connect to a remote system using a svrconn channel with MCAUSER blank. Then FRED can connect and make mqapi calls only if you have a principal defined with name FRED on the remote system with appropriate authorizations.
The same would be the case even when FRED tries to connect from DOMAIN2. This is my belief and which i am positive to be true, but have not tested it myself. So, try it out before accepting this fact. Theoretically domain names have no bearing and i dont think there is.
Cheers
Kumar |
|
| Back to top |
|
|
| jackie |
| Posted: Tue Jun 10, 2003 6:23 am Post subject: |
|
|
Novice
Joined: 01 Jun 2003
Posts: 20
Location: NYC
|
Kumar,
I have exact situation now. I have a developer in my client company domain trying to connect to my personal laptop with MQ running(XP) using a client-connection.
But, when I try to set up his user id@clientdomain, it gives me a principal name was invalid message.
???, very puzzled. it looks that I have to use MCA USR id. Any good document explaining about how to setup?
Further, according to MQSeries client.pdf file, it says, "To prevent unauthorized access, update the MCAUSER attribute of the default definition with a user ID that has no access to MQSeries objects.". What is that?
cheers, |
|
| Back to top |
|
|
|
|
