| Author |
Message
|
| offshore |
 Posted: Tue Jun 15, 2004 7:53 am Post subject: REMOTE ADMINISTRATION |
 |
|
Master
Joined: 20 Jun 2002
Posts: 222
|
All,
I've been working on setting up remote administration, but I'm finding myself stuck.
Currently, I'm able to successfully issue MQSC commands to like/same platforms and issue commands from Windows MQ to z/OS MQ and get good responses.
However, my ultimate goal is to issue commands from z/OS MQ to the Windows MQ and receive good responses which I can't do yet. I can issue the MQSC command from z/OS using CSQUTIL in batch mode and also from ISPF panel (MA10 Support Pac). THe message does make the full trip, but I'm thinking it doesn't get converted correctly? The ISPF panel hangs with "X SYSTEM" and the CSQUTIL batch job ends with CC=0 but no ledgible info is displayed.
Below is message header info and message data that I captured on the Windows side. I was hoping someone could make more sense of it than I have??? 
| Quote: |
1.] z/OS MQ to Windows MQ using the CSQUTIL in batch
Reciever Channel(ZQM1.TO.QMWIN) You can see that DIS QL(*) ALL is issued.
StrucId : 'MD ' Version : 2
Report : 0 MsgType : 1
Expiry : -1 Feedback : 0
Encoding : 546 CodedCharSetId : 437
Format : 'MQSTR '
Priority : 0 Persistence : 1
MsgId : X'C3E2D840D4D8E9E94040404040404040BB5F714E9D63FA60'
CorrelId : X'000000000000000000000000000000000000000000000000'
BackoutCount : 0
ReplyToQ : ' '
ReplyToQMgr : 'QMWIN '
** Identity Context
UserIdentifier : 'tester '
AccountingToken :
X'16010515000000066FA106D80E860EB548C929993E000000000000000000000B'
ApplIdentityData : ' '
** Origin Context
PutApplType : '11'
PutApplName : 'ebSphere MQ\MA06\putmsgq.exe'
PutDate : '20040615' PutTime : '14145321'
ApplOriginData : ' '
GroupId : X'000000000000000000000000000000000000000000000000'
MsgSeqNumber : '1'
Offset : '0'
MsgFlags : '0'
OriginalLength : '-1'
**** Message ****
length - 17 bytes
00000000: 4449 5350 4C41 5920 514C 282A 2920 414C 'DISPLAY QL(*) AL'
00000010: 4C 'L '
Sender Channel (QMWIN.TO.ZQM1) This is the reply going back to z/OS MQ, which isn't legible at least to Windows, but I'm guessing isn't to z/OS either??
StrucId : 'MD ' Version : 2
Report : 0 MsgType : 2
Expiry : -1 Feedback : 0
Encoding : 546 CodedCharSetId : 437
Format : 'MQSTR '
Priority : 0 Persistence : 1
MsgId : X'414D5120514D5350414345202020202029F1CE4020000B34'
CorrelId : X'C3E2D840D4D8E9E94040404040404040BB5F714E9D63FA60'
BackoutCount : 0
ReplyToQ : 'SYTSEM.CSQUTIL.BB5F714E9ADAD600 '
ReplyToQMgr : 'ZQM1 '
** Identity Context
UserIdentifier : 'tester '
AccountingToken :
X'16010515000000066FA106D80E860EB548C929993E000000000000000000000B'
ApplIdentityData : ' '
** Origin Context
PutApplType : '11'
PutApplName : 'ebSphere MQ\MA06\putmsgq.exe'
PutDate : '20040615' PutTime : '14144532'
ApplOriginData : ' '
GroupId : X'000000000000000000000000000000000000000000000000'
MsgSeqNumber : '1'
Offset : '0'
MsgFlags : '0'
OriginalLength : '-1'
**** Message ****
length - 36 bytes
00000000: 0200 0000 2400 0000 0100 0000 0000 0000 '....$...........'
00000010: 0100 0000 0100 0000 0200 0000 CF0B 0000 '............Ï...'
00000020: 0000 0000 '.... ' |
| Quote: |
2.] z/OS MQ to Windows MQ using the ISPF panels from MA10.
Reciever Channel(ZQM1.TO.QMWIN) A DIS QL(*) ALL is issued, but you that isn't what looks like QMWIN recieved
StrucId : 'MD ' Version : 2
Report : 50331776 MsgType : 1
Expiry : -1 Feedback : 0
Encoding : 785 CodedCharSetId : 500
Format : ' '
Priority : 0 Persistence : 0
MsgId : X'C3E2D840D4D8E9E94040404040404040BB5F5FC902DD3A61'
CorrelId : X'000000000000000000000000000000000000000000000000'
BackoutCount : 0
ReplyToQ : ' '
ReplyToQMgr : 'QMWIN '
** Identity Context
UserIdentifier : 'tester '
AccountingToken :
X'16010515000000066FA106D80E860EB548C929993E000000000000000000000B'
ApplIdentityData : ' '
** Origin Context
PutApplType : '11'
PutApplName : 'ebSphere MQ\MA06\putmsgq.exe'
PutDate : '20040615' PutTime : '13532952'
ApplOriginData : ' '
GroupId : X'000000000000000000000000000000000000000000000000'
MsgSeqNumber : '1'
Offset : '0'
MsgFlags : '0'
OriginalLength : '-1'
**** Message ****
length - 215 bytes
00000000: C4C9 E240 D8D3 4D5C 5D40 4040 4040 4040 'ÄÉâ@ØÓM\]@@@@@@@'
00000010: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000020: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000030: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000040: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000050: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000060: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000070: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000080: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
00000090: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
000000A0: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
000000B0: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
000000C0: 4040 4040 4040 4040 4040 4040 4040 4040 '@@@@@@@@@@@@@@@@'
000000D0: 4040 4040 4040 40 '@@@@@@@ '
Sender Channel (QMWIN.TO.ZQM1) This is the reply going back to z/OS MQ.
StrucId : 'MD ' Version : 2
Report : 0 MsgType : 2
Expiry : -1 Feedback : 0
Encoding : 546 CodedCharSetId : 437
Format : 'MQADMIN '
Priority : 0 Persistence : 0
MsgId : X'C3E2D840D4D8E9E94040404040404040BB5F5FC902DD3A61'
CorrelId : X'C3E2D840D4D8E9E94040404040404040BB5F5FC902DD3A61'
BackoutCount : 0
ReplyToQ : 'MQADMIN.MQCMD.BB581E385CDBBF61 '
ReplyToQMgr : 'ZQM1 '
** Identity Context
UserIdentifier : 'tester '
AccountingToken :
X'16010515000000066FA106D80E860EB548C929993E000000000000000000000B'
ApplIdentityData : ' '
** Origin Context
PutApplType : '11'
PutApplName : 'ebSphere MQ\MA06\putmsgq.exe'
PutDate : '20040615' PutTime : '13531164'
ApplOriginData : ' '
GroupId : X'000000000000000000000000000000000000000000000000'
MsgSeqNumber : '1'
Offset : '0'
MsgFlags : '0'
OriginalLength : '-1'
**** Message ****
length - 36 bytes
00000000: 0200 0000 2400 0000 0100 0000 0000 0000 '....$...........'
00000010: 0100 0000 0100 0000 0200 0000 3E08 0000 '............>...'
00000020: 0000 0000 |
Any help would be appreciated. Again this is messages captured on Windows side and I'm not sure what the message looks like after it is put on the z/OS. |
|
| Back to top |
|
 |
| Michael Dag |
| Posted: Tue Jun 15, 2004 8:40 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
Win / UNIX machines are ASCII, z/OS is EBCDIC...
you have to set MQSTR properly and use convert on get on both sides correctly...
see manuals for more info
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| EddieA |
| Posted: Tue Jun 15, 2004 8:46 am Post subject: |
|
|
Jedi
Joined: 28 Jun 2001
Posts: 2453
Location: Los Angeles
|
Also, I think that you have to use PCF messages on non-z/OS. I don't think you can just send "clear text" messages. But, there is a way to wrap the text in PCF. Take a look at "escape".
Use "MQPCF" for the Format, and MQ should be able to do the conversions if you do a Get with Convert on the response.
BTW The replies you show coming back are in PCF format.
Cheers,
_________________
Eddie Atherton
IBM Certified Solution Developer - WebSphere Message Broker V6.1
IBM Certified Solution Developer - WebSphere Message Broker V7.0 |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Tue Jun 15, 2004 8:50 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| EddieA wrote: |
| Also, I think that you have to use PCF messages on non-z/OS. I don't think you can just send "clear text" messages. But, there is a way to wrap the text in PCF. Take a look at "escape" |
that's probably the reason to use -x on runmqsc for z/OS Qmgrs... 
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| offshore |
| Posted: Tue Jun 15, 2004 9:00 am Post subject: |
|
|
Master
Joined: 20 Jun 2002
Posts: 222
|
| This is getting a little away from the orginal topice but, how could you tell it was PCF? Is that what the MsgType :[1,2] is in the MQMD? |
|
| Back to top |
|
|
| tallison |
| Posted: Tue Jun 15, 2004 9:20 am Post subject: |
|
|
Apprentice
Joined: 18 Jun 2002
Posts: 39
Location: Round Rock, Texas
|
It really is not getting off the topic. Remote admin commands are sent via PCF messages. This is the case if it is RUNMQSC or a third party tool. The PCF messages are sent to the SYSTEM.ADMIN.COMMAND.QUEUE and processed by the command server.
If you are just sending plain text messages or strings the command server can't process the messages.
_________________
Cheers!!
Tony Allison
_________________
MQSeries Certified Specialist
MQSeries Certified Developer
MQSeries Certified Solutions Provider |
|
| Back to top |
|
|
| EddieA |
| Posted: Tue Jun 15, 2004 9:24 am Post subject: |
|
|
Jedi
Joined: 28 Jun 2001
Posts: 2453
Location: Los Angeles
|
| Quote: |
| how could you tell it was PCF? |
I've seen, and had to read, a lot of them in a previous life.
BTW. The first one returned: 3023 0x00000bcf MQRCCF_MD_FORMAT_ERROR
And the 2nd: 2110 0x0000083e MQRC_FORMAT_ERROR
| Quote: |
| C4C9 E240 D8D3 4D5C 5D |
That's DIS QL(*) in EBCDIC
Cheers,
_________________
Eddie Atherton
IBM Certified Solution Developer - WebSphere Message Broker V6.1
IBM Certified Solution Developer - WebSphere Message Broker V7.0 |
|
| Back to top |
|
|
| rammer |
| Posted: Wed Jul 14, 2004 6:11 am Post subject: |
|
|
Partisan
Joined: 02 May 2002
Posts: 359
Location: England
|
On the point of Remote Administration can anybody please explain how the security works, and how to tighten it.
I have tried out remote administration today by connecting to a 3rd Parties queue manager using runmqsc -w 30 <ThereQM>, this has given me full control of there Queue Manager which is not good as I guess it also means that they can do the same to mine!!.
Both Queue Managers are 5.3 on unix and being connected to as mqm.
I have read through the manuals but am still a little confused, the only way I can see is to stop the Command Server, which I really don't want to do. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Jul 14, 2004 7:20 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Set the MCAUSER on the RCVR channel from the third party QM to "RESTRICTED_ID". Then use setmqaut commands to restrict what RESTRICTED_ID can do to the bare minimum that application needs. Obviously, you do not give that ID access to the command queue.
Leave PUT_AUTHORITY on that channel to Default, otherwise you open up a hole that allows the remote side to override "RESTRICTED_ID" with mqm.
Secure every other RCVR TYPE channel they can possibly use the same way.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
|
|
