ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportWindows NT SERVICE account and authentication

Post new topicReply to topic
Windows NT SERVICE account and authentication View previous topic :: View next topic
Author Message
Jockern
PostPosted: Fri Jun 29, 2018 1:48 am Post subject: Windows NT SERVICE account and authentication Reply with quote

Newbie

Joined: 28 Jun 2018
Posts: 1

I have a lab environment where I try to mirror a customer environment. As it is a lab environment I do not need to care about security why I try to understand and avoid a 2035 error code in my environment. I have a Java server app running under Windows as a service that connects to IBM MQ 9.004 in a non-JMS way. This Windows server application/service runs under a NT SERVICE-account where the user name is significantly longer than 12 characters. The server application and IBM MQ run on the same server. I have put the NT SERVICE account in the local MQM user group and added Everyone as well to that group. The MQ service runs under .\administrator

I have tried to disable security by completing the actions described here:
https://www.ibm.com/support/knowledgecenter/en/prodconn_1.0.0/com.ibm.scenarios.wmqwaslibertyV9.doc/topics/disable_security.htm?cp=SSFKSJ_9.0.0

Regarding the user name length. The NT service account user name is longer than 12 characters which historically seems to have been an issue. The log below also indicates that the user name becomes truncated. However, when testing with a local user (ordinary user, not a service account) having 16 characters, all works fine.

My question is therefore, is there any way to allow anonymous access to the QM, i.e. no user validation at all (existence, password etc). Also, is there anything than needs to be configured in order for an NT SERVICE accounts to be able to connect and post/get messages? For various reason I do not want to change the user account as I mirror another environment and would like the two to be as equal as possible.

Code:

----- cmqxrsrv.c : 2208 -------------------------------------------------------
6/29/2018 09:05:32 - Process(12420.2058) User(Administrator) Program(amqzlaa0.exe)
                      Host(M3134MISC01) Installation(WMAD01)
                      VRMF(9.0.0.4) QMgr(QM1)
                     
AMQ8075: Authorization failed because the SID for entity 'Company serv' cannot
be obtained.

EXPLANATION:
The Object Authority Manager was unable to obtain a SID for the specified
entity. This could be because the local machine is not in the domain to locate
the entity, or because the entity does not exist.
ACTION:
Ensure that the entity is valid, and that all necessary domain controllers are
available. This might mean creating the entity on the local machine.
----- amqzfubn.c : 2319 -------------------------------------------------------
6/29/2018 09:05:32 - Process(2440.2049) User(Administrator) Program(amqrmppa.exe)
                      Host(M3134MISC01) Installation(WMAD01)
                      VRMF(9.0.0.4) QMgr(QM1)
                     
AMQ9557: Queue Manager User ID initialization failed for 'Company service
Bootstrap - TST-APP - M3134MISC01'.

EXPLANATION:
The call to initialize the User ID 'Company service
Bootstrap - TST-APP - M3134MISC01' failed with CompCode 2 and Reason 2035. If an MQCSP block was
used, the User ID in the MQCSP block was ''.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 2407 -------------------------------------------------------
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportWindows NT SERVICE account and authentication
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.