MQSeries.net :: View topic - Using MQS_REPORT_NOAUTH & MQSAUTHERRORS for 2035 in Wind

MQSeries.net

Tech Exchange

Education

Certifications

Library

Info Center

SupportPacs

FAQÂ Â

Usergroups

RSS Feed - WebSphere MQ Support

RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » Using MQS_REPORT_NOAUTH & MQSAUTHERRORS for 2035 in Wind

Goto page Previous 1, 2

Using MQS_REPORT_NOAUTH & MQSAUTHERRORS for 2035 in Wind

« View previous topic :: View next topic »

Author

Message

mvic

Posted: Wed Sep 12, 2012 7:32 am Post subject:

Jedi

Joined: 09 Mar 2004
Posts: 2080

Is it this:

"When an MQ client connects to a queue manager on the server, the username under which the client runs must not be same as the domain or machine name. If the user has the same name as the domain or machine, the connection fails with return code 2035(MQRC_NOT_AUTHORIZED)"

from http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/topic/com.ibm.mq.amqtac.doc/wq10400_.htm

?

LouML

Posted: Thu Sep 13, 2012 5:56 am Post subject:

Partisan

Joined: 10 Nov 2005
Posts: 305
Location: Jersey City, NJ / Bethpage, NY

mvic wrote:

Interesting reading. I've reached out to the app owner to see what username the client runs as. I believe he said it was the Local System account last time I asked. Also, I've asked him to try to run from another userid, but have yet to hear back.

Looking at the Services, I see that 'IBM MQSeries' has 'Local System' as the startup type (however, it's not started) but 'IBM WebSphere MQ' has .\MUSR_MQADMIN (and is started):

Code:

Name                Startup Type Log On As
IBM MQSeries             Manual       Local System
IBM WebSphere MQ (Installation 1) Automatic    .\MUSR_MQADMIN

The Computer Name is WIAPP05DEV and the Domain name is ad.xxxxx.com and those are not userid's on this server.
_________________
Yeah, well, you know, that's just, like, your opinion, man. - The Dude

iceage

Posted: Fri Sep 14, 2012 10:41 am Post subject:

Acolyte

Joined: 12 Apr 2006
Posts: 68

Quote:

Starting from scratch - I've re-enabled channel authorization on the queue manager and stopped/restarted it. I've removed all other channel authorizations so I'm left with the following:

With the new setup you were able to connect , is application still failing with AMQ9557 messages in error log ?

Until MQ 7.1 , i have seen AMQ9557 appear if one of the MQ internal process is unable to initialize the id in question. Since its a SVRCONN and given your "open channel" comment , i would think its MCAUSER is referred as userid in AMQ9557.

Authority event command comes into play when MQ object authorization is lacking but to me failure occurs even before that .

May be PMR helps , keep us poste with what you find ..

fjb_saper

Posted: Fri Sep 14, 2012 8:27 pm Post subject:

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY

Depending on how the qmgr was built, I have found that behavior if the qmgr is started in ss mode on windows.

You may have to rerun the config wiz or run the qmgr in si mode...

_________________
MQ & Broker admin

Display posts from previous:

Goto page Previous 1, 2

Page 2 of 2

MQSeries.net Forum Index » IBM MQ Security » Using MQS_REPORT_NOAUTH & MQSAUTHERRORS for 2035 in Wind

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Protected by Anti-Spam ACP