| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| Configuring mq websphere 7 with .net |
« View previous topic :: View next topic » |
| Author |
Message
|
| firelior |
 Posted: Thu Jun 21, 2012 4:56 am Post subject: |
 |
|
Apprentice
Joined: 31 May 2012
Posts: 28
|
| exerk wrote: |
1. Create a new group and user local on your server, and give that group the required authorities to the resources it needs, e.g. connect to the queue manager and open etc. on queues;
2. Create a new SVRCONN channel, with the appropriate channel authorities and the user above as the MCAUSER;
3. Try your connection without MQC.USER_ID_PROPERTY set, then with MQC.USER_ID_PROPERTY set.
|
I did this:
I Created a new user: QMUser on the server.
I added him to the mqm group and also gave it all the object authorities posiible using
| Code: |
setmqaut -m QM -n "QM.CONN" -t chl -p QMUser +chg +dlt +dsp +ctrl +ctrlx
setmqaut -m QM -n "LISTENER.TCP" -t listener -p QMUser +chg +dlt +dsp +ctrl
|
I added MCA User to the QM:
| Code: |
DISPLAY CHANNEL(QM.CONN)
8 : DISPLAY CHANNEL(QM.CONN)
AMQ8414: Display Channel details.
CHANNEL(QM.CONN) CHLTYPE(SVRCONN)
ALTDATE(2012-06-21) ALTTIME(15.36.39)
COMPHDR(NONE) COMPMSG(NONE)
DESCR( ) DISCINT(0)
HBINT(300) KAINT(AUTO)
MAXINST(999999999) MAXINSTC(999999999)
MAXMSGL(4194304) MCAUSER(QMUser)
MONCHL(QMGR) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SHARECNV(10)
SSLCAUTH(OPTIONAL) SSLCIPH( )
SSLPEER( ) TRPTYPE(TCP)
|
And added those CHLAUTHs:
| Code: |
SET CHLAUTH('QM.CONN') TYPE(ADDRESSMAP) ADDRESS('192.168.50.*') USERSRC(CHANNEL) ACTION(ADD)
SET CHLAUTH('QM.CONN') TYPE(USERMAP) CLNTUSER('QMUser') USERSRC(CHANNEL) ACTION(ADD)
|
Still..same error |
|
| Back to top |
|
 |
| exerk |
| Posted: Thu Jun 21, 2012 5:21 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| firelior wrote: |
I did this:
I Created a new user: QMUser on the server.
I added him to the mqm group... |
No, no, NO! Do not add application users to the mqm group - ever! Users in the mqm group have administrative privileges to all WMQ resources, so you will mask any potential security issues.
| firelior wrote: |
...and also gave it all the object authorities possible using
| Code: |
setmqaut -m QM -n "QM.CONN" -t chl -p QMUser +chg +dlt +dsp +ctrl +ctrlx
setmqaut -m QM -n "LISTENER.TCP" -t listener -p QMUser +chg +dlt +dsp +ctrl
|
|
Firstly, the user is in the mqm group so the above is redundant. Having said that, if the user was not within the mqm group the above are useless anyway - where is the connect for the user? Where are the queues for the user? Why have you given the user rights to objects it doesn't need to touch, other than the obvious explanation that you don't know what you're doing?
Read the manuals, set it up as per the manuals, then see if the error re-occurs.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Jun 21, 2012 5:28 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Thirdly, at 7.1 and later, users that are in mqm group are blocked on svrconns by the default CHLAUTH record. |
|
| Back to top |
|
|
| firelior |
| Posted: Thu Jun 21, 2012 5:43 am Post subject: |
|
|
Apprentice
Joined: 31 May 2012
Posts: 28
|
I just want this to work first and then I will take care of the security issue.
I used wireshark to monitor the traffic and what I saw is that Websphere MQ asks for a Name Query NBStat to find out my computer name.
and the response that it got is ICMP Destination unreachable (Port unreachable).
Why does MQ use Netbios for a TCP connection? why does it need to know my computer name?
Will configuring the mca user pass that?.. |
|
| Back to top |
|
|
| firelior |
| Posted: Tue Jul 03, 2012 1:09 am Post subject: |
|
|
Apprentice
Joined: 31 May 2012
Posts: 28
|
I found the solution!!
The problem was simple..
There was a difference with CCSID.
And a bug in .net adapter.
When I put this:
| Code: |
ConnectionProperties.Add(MQC.CCSID_PROPERTY, MQC.CODESET_UTF);
|
It still didn't work.
But when I put this:
| Code: |
Environment.SetEnvironmentVariable("MQCCSID", "1208");
|
It worked!
Its funny that the error that I got had nothing to do with the solution.. |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
