| Author |
Message
|
| tkurti |
 Posted: Wed Apr 16, 2014 5:04 am Post subject: Getting only AMQ9557 |
 |
|
Newbie
Joined: 16 Apr 2014
Posts: 6
|
Hello Together,
hope someone can help us.
We are getting only this error:
04/16/14 12:09:13 - Process(16908426.14) User(mqm)
AMQ9557: Queue Manager User ID initialization failed.
I set also the variables and follow the instructions describe on IBM support sites:
export MQSAUTHERRORS=TRUE
export MQS_REPORT_NOAUTH=TRUE
Here the following setup:
-Application with MQClient on Windows using .NET libraries
-Application is providing a user-defined user-id using MQC.USER_ID_PROPERTY
-MQ-Server running on AIX WMQ 7.5.0.3
-User is created on AIX
-User is member of an unix group, which got required OAM settings
-no MCA is set on SVRCONN channel
Behavior:
Client is trying to connect the QMGR without no success.
1. I used the variables describe above. No FDC file is written and no further information is written to AMQ-error log.
2. I disabled CHLAUTH. ->No success.
Therfore, i assume, the user is checking before chlauth-checks will be processed.
So far i know, MQ-Server is asking OS, if user exist and user is existing.
3. To check with an other tool, I take the java-example and made following changes and it is working fine:
MQEnvironment.userID="user1";
MQEnvironment.hostname="host1";
MQEnvironment.channel="USER.CHAN";
MQEnvironment.port=1415;
I put also a user, which does not exists and FDC-file and AMQ-errorlog is written, as expected.
What i am doing wrong to to get more information from the .NET tool.
Any ideas?
Thanks i advance for your help |
|
| Back to top |
|
 |
| JosephGramig |
| Posted: Wed Apr 16, 2014 5:24 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1231
Location: Gold Coast of Florida, USA
|
I'm not a .Net coder but, you can turn on Authority Events at the Qmgr. Then you need to use a tool (after you test) like MS0P to read those events. This may give you more information than what the error logs provide.
Last edited by JosephGramig on Wed Apr 16, 2014 5:49 am; edited 1 time in total |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Apr 16, 2014 5:35 am Post subject: Re: Getting only AMQ9557 |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| tkurti wrote: |
-User is created on AIX
-User is member of an unix group, which got required OAM settings
-no MCA is set on SVRCONN channel |
I'm going to ask the obvious question - as no MCAUSER is set, does the Windows userid under which the DotNet app runs match that of the AIX userid, including case?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| tkurti |
| Posted: Wed Apr 16, 2014 6:50 am Post subject: Re: Getting only AMQ9557 |
|
|
Newbie
Joined: 16 Apr 2014
Posts: 6
|
| exerk wrote: |
| tkurti wrote: |
-User is created on AIX
-User is member of an unix group, which got required OAM settings
-no MCA is set on SVRCONN channel |
I'm going to ask the obvious question - as no MCAUSER is set, does the Windows userid under which the DotNet app runs match that of the AIX userid, including case? |
We don't use the windows user.
We set a specific user using the .NET mq-libraries:
MQC.USER_ID_PROPERTY
Additional news: When we use the IBM MQExplorer and set an userID, it is working fine as well as when provide a user-id which is not created on AIX, it will thrown FDC and information in AMQ-error log.
Thanks. |
|
| Back to top |
|
|
| tkurti |
| Posted: Wed Apr 16, 2014 6:52 am Post subject: |
|
|
Newbie
Joined: 16 Apr 2014
Posts: 6
|
| JosephGramig wrote: |
| I'm not a .Net coder but, you can turn on Authority Events at the Qmgr. Then you need to use a tool (after you test) like MS0P to read those events. This may give you more information than what the error logs provide. |
I will try this and inform you.
So far i know IBM MQ Explorer Version 7.5 is included the MS0P to show Events.
Correct? |
|
| Back to top |
|
|
| tkurti |
| Posted: Wed Apr 16, 2014 7:01 am Post subject: |
|
|
Newbie
Joined: 16 Apr 2014
Posts: 6
|
| tkurti wrote: |
| JosephGramig wrote: |
| I'm not a .Net coder but, you can turn on Authority Events at the Qmgr. Then you need to use a tool (after you test) like MS0P to read those events. This may give you more information than what the error logs provide. |
I will try this and inform you.
So far i know IBM MQ Explorer Version 7.5 is included the MS0P to show Events.
Correct? |
Getting only this:
[2014/04/16 13:46:55 CEST] Not Authorized [2035]
Event Type : Queue Manager
Queue Manager Name : QM2
Reason Qualifier : Conn Not Authorized [1]
User Identifier : user1
Appl Type : Windows Nt
Appl Name : in\SC.EXE |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Apr 16, 2014 7:14 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
So I'll ask the question again - is user1 defined on the AIX system? And what userid are you specifying when you use MQ Explorer?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| tkurti |
| Posted: Wed Apr 16, 2014 7:20 am Post subject: |
|
|
Newbie
Joined: 16 Apr 2014
Posts: 6
|
| exerk wrote: |
| So I'll ask the question again - is user1 defined on the AIX system? And what userid are you specifying when you use MQ Explorer? |
User "user1" is created on AIX, as described in my first post.
User "user1" is set as userid in IBM MQExplorer and it is working fine.
Thanks. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Apr 16, 2014 9:20 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
|
| Back to top |
|
|
| tkurti |
| Posted: Wed Apr 16, 2014 9:31 pm Post subject: |
|
|
Newbie
Joined: 16 Apr 2014
Posts: 6
|
Hello,
as i described in my first post:
...
2. I disabled CHLAUTH. ->No success.
...
So, i think there is no issue to CHLAUTH.
As i also described, i set OAM.
The questions are:
1. Why can we not connect using .NET, and connect using Java for example IBM MQExplorer is working fine?
2. Why can we not see more detail information, when we set the environment variables MQSAUTHERRORS and MQS_REPORT_NOAUTH?
Any ideas?
Thanks. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Apr 17, 2014 6:12 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
probably because you know which user you are passing in java.
You think you know which user you are passing using .NET, but I would suggest you keep authority events turned on and verify for which user you see the violations... AFAIK .NET forces the user to the one running the .NET process...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
