| Author |
Message
|
| MatthewDCampbell |
 Posted: Fri Oct 16, 2020 12:05 am Post subject: Net Core managed authorization settings |
 |
|
Novice
Joined: 29 Sep 2020
Posts: 21
|
morning,
Using 9.1.2 of Net Core MQ Series. MQ server is version 08000004. Documentation states that the only transport is manager (see https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.ibm.mq.dev.doc/q132490_.htm#q132490_). Otherwise MQRC_FUNCTION_NOT_SUPPORTED is thrown with any other transport type (e.g. client, xaclient, binding). After reading:
https://blogs.perficient.com/2019/08/05/how-to-configure-ibm-mq-authentication-os-and-ldap/
which indicates that user | password over MQCSP is the default (from 9.1.1).
MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED,
USE_MQCSP_AUTHENTICATION_PROPERTY, true,
USER_ID_PROPERTY, "some user",
PASSWORD_PROPERTY, "some password"
Can't get around MQRC_NOT_AUTHORIZED despite valid user + password.
Log entries in AMQERR01.LOG that the user (has passed in USER_ID_PROPERTY) failed with CompCode 2 and Reason 2035. Not sure if the information in:
https://www.ibm.com/support/pages/2035-mqrcnotauthorized-connecting-websphere-mq-websphere-application-server-client-bindings
is applicable. Have tested other channels using the spec: https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.ref.con.doc/q081590_.htm |
|
| Back to top |
|
 |
| gbaddeley |
| Posted: Sun Oct 18, 2020 2:24 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| Quote: |
| Log entries in AMQERR01.LOG that the user (has passed in USER_ID_PROPERTY) failed with CompCode 2 and Reason 2035. |
You missed a vital piece of information from the log. Why did the authorization fail? Please post the message.
_________________
Glenn |
|
| Back to top |
|
|
| hughson |
| Posted: Sun Oct 18, 2020 6:29 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
We need to see the full message from your AMQERR01.LOG. 2035 has many different causes. As a general rule, if you find something in the error log, you should provide the whole message, or at the very least, the message number and inserts.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| MatthewDCampbell |
| Posted: Mon Oct 19, 2020 6:25 am Post subject: |
|
|
Novice
Joined: 29 Sep 2020
Posts: 21
|
-------------------------------------------------------------------------------
10/19/20 12:40:42 - Process(11731138.3030) User(mqm) Program(amqrmppa)
Host(sdcutv20) Installation(Installation1)
VRMF(8.0.0.4) QMgr(WBK10TQM)
AMQ9557: Queue Manager User ID initialization failed for 'test1'.
EXPLANATION:
The call to initialize the User ID 'test1' failed with CompCode 2 and Reason
2035.
ACTION:
Correct the error and try again. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Mon Oct 19, 2020 1:58 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
Does user 'test1' exist on host 'sdcutv20' ?
_________________
Glenn |
|
| Back to top |
|
|
| hughson |
| Posted: Mon Oct 19, 2020 3:03 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| MatthewDCampbell wrote: |
-------------------------------------------------------------------------------
10/19/20 12:40:42 - Process(11731138.3030) User(mqm) Program(amqrmppa)
Host(sdcutv20) Installation(Installation1)
VRMF(8.0.0.4) QMgr(WBK10TQM)
AMQ9557: Queue Manager User ID initialization failed for 'test1'.
EXPLANATION:
The call to initialize the User ID 'test1' failed with CompCode 2 and Reason
2035.
ACTION:
Correct the error and try again. |
If there are no prior error messages in the log saying anything to suggest another failure (like you got the password wrong for example), then this would suggest that the user ID 'test1' doesn't exist on this machine. Can you confirm whether it exists?
If you are unsure of your application's correctness, you could use a supplied IBM sample to test that your user ID and password configuration is correct, thus:-
set MQSAMP_USER_ID=test1
set MQSERVER=channel-name/TCP/conname
then run the sample program:
amqsputc queue-name WBK10TQM
Try both a valid and invalid password to ensure you are happy that your user ID and password setup on the queue manager is correct. Then you can turn your attention back to why your application behaves differently, or fix the config on the queue manager machine if the IBM supplied sample shows the same error.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Oct 19, 2020 11:06 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
If you are using windows, it could be that you trying to access MQ with a domain id when the user running the MQ service is a local user.
This means that you can only access the box with local users... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| MatthewDCampbell |
| Posted: Tue Oct 20, 2020 12:09 am Post subject: |
|
|
Novice
Joined: 29 Sep 2020
Posts: 21
|
test1 exists. A similar program written in Python works fine:
| Code: |
import pymqi
queue_manager = '....'
channel = 'SYSTEM.DEF.SVRCONN'
host = '....'
port = '1421'
queue_name = 'SLASK.SDCANNY'
message = 'Hello from Python!'
conn_info = '%s(%s)' % (host, port)
user = 'test1'
password = '....'
bytes_encoding = 'iso-8859-1'
default_ccsid = 819
qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password, bytes_encoding=bytes_encoding, default_ccsid=default_ccsid)
queue = pymqi.Queue(qmgr, queue_name)
queue.put(message)
queue.close()
qmgr.disconnect()
|
|
|
| Back to top |
|
|
| hughson |
| Posted: Tue Oct 20, 2020 3:09 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| MatthewDCampbell wrote: |
| test1 exists. A similar program written in Python works fine |
Everything else the same? Channel name, user id and password?
And can you just confirm, were there any messages in the error log prior to the one you showed us?
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Oct 20, 2020 6:54 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Moved from General Forums Information...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| MatthewDCampbell |
| Posted: Tue Oct 20, 2020 7:37 am Post subject: |
|
|
Novice
Joined: 29 Sep 2020
Posts: 21
|
Nope. Nothing else in the log prior to the C# call.
Not limited to C#. Assuming the most stabil client is Java. So we can shift over to Java (docker-like environment). Wondering if Python is also stabil? Or maybe another twist could be to use the MQ REST API från C#? |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue Oct 20, 2020 1:50 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Why don't you turn on queue manager 'Authority Events', then run your program. Next use a tool like SupportPac MS0P or MO71 or even MQ Visual Edit to look at the event messages in the 'SYSTEM.ADMIN.QMGR.EVENT' queue.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Tue Oct 20, 2020 3:54 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| Code: |
| channel = 'SYSTEM.DEF.SVRCONN' |
Do not use this channel. You should disable it in your qmgr by setting MCAUSER('nobody').
_________________
Glenn |
|
| Back to top |
|
|
|
|
