| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Problem with Security Exit 1.1.3A between 2 queue managers |
« View previous topic :: View next topic » |
| Author |
Message
|
| rahul24 |
 Posted: Wed Jul 09, 2008 7:00 am Post subject: Problem with Security Exit 1.1.3A between 2 queue managers |
 |
|
Newbie
Joined: 09 Jul 2008
Posts: 3
|
hi
i am using captialware security exit MQSSX 1.1.3A
Presently we are facing connection issues between two Queue Managers,
Let me explain in detail about my configurations
We have implemented channel exit between two Queue Managers QM1 (Queue Manager) and RM1 (Queue Manager) which is located in different HP-UX Box
We have implemented security exit to one Queue Manager (i.e.; QM1)
IN Queue Manager
Following are the settings for QM1 queue manager
1) Given the MCA userid as RM1 in the receiver channel (RM.TO.QM1)
2) In the Exists
Security exit name: /var/mqm/exits64/SSX/mqssx(SecExit)
Security exit user data: /var/mqm/exits64/SSX/mqssx.ini
IN MQSSX
1)we implemented IP & UserID filtering in security exit
Problem
--------------
I have tested 2 scenarios between two Queue Managers
1) With security exit:
RCT channel is sending the response but security exit is causing the problem and it is not reaching QM1 queue manger. I have checked in security exit logs there I saw userid as empty from RM1 (Queue Manager)
Error msg in log file
2008/07/09 09:10:07 ERROR MQSSX #01123: Connection rejected for QMgr='QM1' ChlName='RM.TO.QM1' ConName='xxxxx' RemoteUserID=''
2) Without security exit:
RM1 Queue Manager is able to send the response with proper userid (RM1) which I have checked in Queue
thx in adavance
cheers
rahul |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Jul 09, 2008 7:02 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Have you contacted Capitalware to have them help resolve your problem?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Wed Jul 09, 2008 10:46 am Post subject: Re: Problem with Security Exit 1.1.3A between 2 queue manage |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi Rahul,
| rahul24 wrote: |
RCT channel is sending the response but security exit is causing the problem and it is not reaching QM1 queue manger. I have checked in security exit logs there I saw userid as empty from RM1 (Queue Manager)
Error msg in log file
2008/07/09 09:10:07 ERROR MQSSX #01123: Connection rejected for QMgr='QM1' ChlName='RM.TO.QM1' ConName='xxxxx' RemoteUserID='' |
You can allows email Capitalware at support "at" capitalware "dot" biz for a faster response.
This appears to be the same question that Santhosh emailed me and here was my reply:
| RogerLacroix wrote: |
From the logfile that you sent me, I see the following message:
2008/06/21 07:13:58 ERROR MQSSX #00860: Connection cannot have a blank UserID value.
You need to set AllowBlankUserID to 'Y' as indicated in section 3.6 of the MQSSX Installation and Operation manual.
In case you do not have a copy of MQSSX manuals, you can find them at the following link:
http://www.capitalware.biz/mqssx_manuals.html |
The reason is that the sender channel does not send a UserId to the receiver channel on startup of the channel. Hence, by default, MQSSX will block the connection request. Since, you will be allowing a blank UserId, I would also add IP Filtering to the mix. (See AllowIP in the manual.)
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| rahul24 |
| Posted: Wed Jul 09, 2008 11:19 pm Post subject: But we are restricting Userid also |
|
|
Newbie
Joined: 09 Jul 2008
Posts: 3
|
we are using the combination of userid and IP
thx
rahul |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
