| Author |
Message
|
| Inforz |
 Posted: Thu Sep 11, 2014 5:48 am Post subject: Unable to start SSL enabled channels successfully |
 |
|
Centurion
Joined: 15 Apr 2011
Posts: 139
Location: Chennai, India
|
Hi,
I am working on AIX 6.0 platform with MQv7.5 installed on it. I have sender/receiver channel pair on LAB5_QM1 and LAB5_QM2 qmgrs. When the channels are started, the SDR channel goes into retrying state and when looked in to error log found the following.
-------------------------------------------------------------------------------
09/11/14 18:53:23 - Process(6094936.1) User(mqm) Program(runmqchl)
Host(mwcP12A006) Installation(Installation2)
VRMF(7.5.0.2) QMgr(LAB5_QM2)
AMQ9209: Connection to host 'loopback (127.0.0.1)(1501)' for channel
'L5QM2.TO.L5QM1' closed.
EXPLANATION:
An error occurred receiving data from 'loopback (127.0.0.1)(1501)' over TCP/IP.
The connection to the remote host has unexpectedly terminated.
The channel name is 'L5QM2.TO.L5QM1'; in some cases it cannot be determined and
so is shown as '????'.
ACTION:
Tell the systems administrator.
----- amqccita.c : 3843 -------------------------------------------------------
09/11/14 18:53:23 - Process(6094936.1) User(mqm) Program(runmqchl)
Host(mwcP12A006) Installation(Installation2)
VRMF(7.5.0.2) QMgr(LAB5_QM2)
AMQ9999: Channel 'L5QM2.TO.L5QM1' to host 'localhost(1501)' ended abnormally.
EXPLANATION:
The channel program running under process ID 6094936 for channel
'L5QM2.TO.L5QM1' ended abnormally. The host name is 'localhost(1501)'; in some
cases the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
I googled for this error but couldnt find a proper solution. Please assist. |
|
| Back to top |
|
 |
| PaulClarke |
| Posted: Thu Sep 11, 2014 6:12 am Post subject: |
|
|
Grand Master
Joined: 17 Nov 2005
Posts: 1002
Location: New Zealand
|
Are there any error messages in the other, ' LAB5_QM1', error log ?
_________________
Paul Clarke
MQGem Software
www.mqgem.com |
|
| Back to top |
|
|
| MQsysprog |
| Posted: Thu Sep 11, 2014 6:17 am Post subject: |
|
|
Centurion
Joined: 24 Feb 2014
Posts: 116
|
|
| Back to top |
|
|
| Inforz |
| Posted: Thu Sep 11, 2014 6:25 am Post subject: |
|
|
Centurion
Joined: 15 Apr 2011
Posts: 139
Location: Chennai, India
|
Yes
----- amqrmrsa.c : 889 --------------------------------------------------------
09/11/14 19:33:23 - Process(7340130.60) User(mqm) Program(amqrmppa)
Host(mwcP12A006) Installation(Installation2)
VRMF(7.5.0.2) QMgr(LAB5_QM1)
AMQ9637: Channel is lacking a certificate.
EXPLANATION:
The channel is lacking a certificate to use for the SSL handshake. The channel
name is '????' (if '????' it is unknown at this stage in the SSL processing).
The remote host is '????'.
The channel did not start.
ACTION:
Make sure the appropriate certificates are correctly configured in the key
repositories for both ends of the channel.
----- amqccisa.c : 5658 -------------------------------------------------------
09/11/14 19:33:23 - Process(7340130.60) User(mqm) Program(amqrmppa)
Host(mwcP12A006) Installation(Installation2)
VRMF(7.5.0.2) QMgr(LAB5_QM1)
AMQ9492: The TCP/IP responder program encountered an error.
EXPLANATION:
The responder program was started but detected an error.
The host name was 'loopback (127.0.0.1)'; in some cases the host name cannot be
determined and so is shown as '????'.
ACTION:
Look at previous error messages in the error files to determine the error
encountered by the responder program.
----- amqrmrsa.c : 889 --------------------------------------------------------
I have created, signed the certificates in each qmgr's ssl folder and updated they in each qmgr's key repository. Still I get the above error.
bash-3.2$ runmqckm -cert -list -db /var/mqm/qmgrs/LAB5_QM2/ssl/lab5_qm2.kdb -pw <pwd>
Certificates in database /var/mqm/qmgrs/LAB5_QM2/ssl/lab5_qm2.kdb:
CAcert
ibmwebspheremqlab5qm2
bash-3.2$ runmqckm -cert -list -db /var/mqm/qmgrs/LAB5_QM1/ssl/lab5_qm1.kdb -pw <pwd>
Certificates in database /var/mqm/qmgrs/LAB5_QM1/ssl/lab5_qm1.kdb:
CAcert
ibmwebspheremqlab5qm1 |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Sep 11, 2014 6:34 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
I'm going to ask the obvious question, as you seem to be using self-signed certs - did you refresh SSL security after putting the certs into each key store file?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Inforz |
| Posted: Thu Sep 11, 2014 6:41 am Post subject: |
|
|
Centurion
Joined: 15 Apr 2011
Posts: 139
Location: Chennai, India
|
| Yes Still no change after a refresh [did a refresh security(*) type(ssl) in each qmgr] |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Thu Sep 11, 2014 7:46 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
Your labels are incorrect.
ibmwebspheremqlab5qm2 should be ibmwebspheremqlab5_qm2
Same for the other label.
Moderator, this is a security topic... |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Sep 11, 2014 7:54 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| JosephGramig wrote: |
Your labels are incorrect.
ibmwebspheremqlab5qm2 should be ibmwebspheremqlab5_qm2
Same for the other label.
Moderator, this is a security topic... |
Good spot, in both cases...
...moving the topic
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
