Author |
Message
|
ankurlodhi |
Posted: Wed Sep 19, 2012 2:57 pm Post subject: AMQ9209 with reason code 2059 |
|
|
Master
Joined: 19 Oct 2010 Posts: 266
|
hi
we had a ssl certificate renwal on our MQ server.
i succesfull updated the certificate and restarted the MQ.
after that when client try to conncet to server it gives
AMQ9209 with reason code 2059
can it be problem because of the ssl or is it a problem with the port it self.
it's right now very critical. |
|
Back to top |
|
 |
fjb_saper |
Posted: Wed Sep 19, 2012 5:44 pm Post subject: |
|
|
 Grand High Poobah
Joined: 18 Nov 2003 Posts: 20756 Location: LI,NY
|
Did you verify the qmgr's error logs? What do they say?  _________________ MQ & Broker admin |
|
Back to top |
|
 |
ankurlodhi |
Posted: Wed Sep 19, 2012 6:07 pm Post subject: |
|
|
Master
Joined: 19 Oct 2010 Posts: 266
|
it gives the error
AMQ6183
and two differnt fdc files.
AMQ26733.0.FDC
AMQ26760.0.FDC
with probe id CO052000 |
|
Back to top |
|
 |
bruce2359 |
Posted: Wed Sep 19, 2012 6:57 pm Post subject: |
|
|
 Poobah
Joined: 05 Jan 2008 Posts: 9472 Location: US: west coast, almost. Otherwise, enroute.
|
ankurlodhi wrote: |
it gives the error
AMQ6183
and two differnt fdc files.
AMQ26733.0.FDC
AMQ26760.0.FDC
with probe id CO052000 |
The names of the FDC files are of no use to us in problem-determination.
What would help would be:
1) the first 20 or so lines of one of the FDCs, and
2) the set of error messages from the error file - the messages surrounding the AQMQ6183 error message. _________________ I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
Back to top |
|
 |
Vitor |
Posted: Thu Sep 20, 2012 4:53 am Post subject: Re: AMQ9209 with reason code 2059 |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
ankurlodhi wrote: |
can it be problem because of the ssl or is it a problem with the port it self. |
If it was an SSL problem I'd expect a different reason code, but I'd not be surprised to get a 2059.
You can try disabling SSL on the channel & try reconnecting - if that works it's the certificate.
If it still doesn't work, search this forum for advice on troubleshooting 2059, which is problably the most common error code & has a multitude of possible causes. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
exerk |
Posted: Thu Sep 20, 2012 5:03 am Post subject: Re: AMQ9209 with reason code 2059 |
|
|
 Jedi Council
Joined: 02 Nov 2006 Posts: 6339
|
ankurlodhi wrote: |
we had a ssl certificate renwal on our MQ server.
i succesfull updated the certificate and restarted the MQ. |
Why? What was wrong with issuing the refresh security command? _________________ It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
Back to top |
|
 |
ankurlodhi |
Posted: Fri Sep 21, 2012 6:15 am Post subject: |
|
|
Master
Joined: 19 Oct 2010 Posts: 266
|
well the issue got resolved those guys provided the ssl certificates with a wrong label name and the bit size was 2048.
and those certificats didn't had the proper local CA for the network security added.
after getting the correct certificate and adding the local CA to them the problem got solved. |
|
Back to top |
|
 |
exerk |
Posted: Fri Sep 21, 2012 6:21 am Post subject: |
|
|
 Jedi Council
Joined: 02 Nov 2006 Posts: 6339
|
ankurlodhi wrote: |
well the issue got resolved those guys provided the ssl certificates with a wrong label name and the bit size was 2048... |
The label name could have been changed by you, and the bit size should have had no bearing on the problem.
ankurlodhi wrote: |
...and those certificats didn't had the proper local CA for the network security added... |
If the issuing CA had changed you should have known about it. Do you manage the key stores, or does somebody else?
And you haven't answered my previous question, so I'll restate it - why did you restart the queue manager instead of using the refresh security command? _________________ It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
Back to top |
|
 |
ankurlodhi |
Posted: Fri Sep 21, 2012 6:35 am Post subject: |
|
|
Master
Joined: 19 Oct 2010 Posts: 266
|
i restared the MQ queue manager as that it is has been set as the standerd procedure. i couldn't help it even if i wanted to refresh security.
first time when i implementd the certificate which had the wrong label name i changed it using the ikeyman and put the proper name in place.
I wasn't told about the network CA and there was no securtiy error on the MQ side it was application guys who got suspicious about that because they were getting securtiy error. |
|
Back to top |
|
 |
exerk |
Posted: Fri Sep 21, 2012 7:16 am Post subject: |
|
|
 Jedi Council
Joined: 02 Nov 2006 Posts: 6339
|
ankurlodhi wrote: |
i restared the MQ queue manager as that it is has been set as the standerd procedure. i couldn't help it even if i wanted to refresh security. |
Fair enough, but I suggest your Standard Procedures require re-evaluation as the necessity to restart queue managers to pick up SSL certificate changes was removed by the refresh security command from V6.0 onwards - unless you're on HP-NSS
Twice you'd have had to stop and start the queue manager, increasing its down-time. Standard Procedures should be revisited whenever there are changes to whatever they address, to ensure that any potentially inappropriate procedures are removed. _________________ It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
Back to top |
|
 |
|