| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Trace SSL CipherSpec negotiation errors on Windows AMQ9202 |
« View previous topic :: View next topic » |
| Author |
Message
|
| r4v3n |
 Posted: Tue Mar 18, 2025 3:10 pm Post subject: Trace SSL CipherSpec negotiation errors on Windows AMQ9202 |
 |
|
Newbie
Joined: 07 Jul 2010
Posts: 7
|
I am trying to find out why my SSL configuration is failing. Sometimes before I used to see on the IBM MQ server side an error stating something like client is trying to connect with Cipher xxxxx, but channel is not using that. Now I see nothing in even log. There is no error on MQ server side. On the client I see no details in the error as well.
I have enabled this trace on both client and server:
strmqtrc -t ssl
(repro)
endmqtrc
But it is very cryptic and hard to read. Is there some tool to read this on Windows? Any ideas what to look for?
I have tried dspmqtrc, but it is not finding amqtrc.fmt file.
dspmqtrc AMQ.SSL.TRC
dspmqtrc: failed to open template file <C:\Program Files\IBM\WebSphere MQ\bin\amqtrc.fmt>
Is there any option to enable more in application event log to see the Cipher attempt?
Right now on client I only see 9202 error with "Remote host not available, retry later.", instead of seeing more details why. |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Mar 18, 2025 3:34 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Do you mean AMQ9202: Remote host '' not available, retry later. Seems pretty self-explanatory. If the other end is not reachable, there can not be an SSL handshake.
From the client can you tcpip ping the server? From the server can you tcpip ping the client?
Read https://www.ibm.com/docs/en/ibm-mq/9.3?topic=explorer-using-mq-trace on how to run an mq trace and view the results. Trae results are to be found in a trace directory.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| hughson |
| Posted: Wed Mar 19, 2025 12:13 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
If there is nothing in the queue manager error log, this is most likely because the queue manager has seen nothing from this client. This would match with the AMQ9202 error message you have seen.
If you are not even making a network connection to the queue manager, then it is unlikely that the TLS handshake has even begun.
Diagnose the network connection failure. There will be a TCP/IP return code in the ACTION section of the message. That is a good starting point.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
