ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral DiscussionSecurity on Windows

Post new topicReply to topic
Security on Windows View previous topic :: View next topic
Author Message
sbuster
PostPosted: Tue Oct 07, 2008 3:49 am Post subject: Security on Windows Reply with quote

Apprentice

Joined: 07 Oct 2008
Posts: 25

I have MQ client/server installed on a local windows PC and I didn't setup any security information during the install. I can connect to other linux & z/OS queue managers but I am unable to connect to any queue managers on another windows system. In order to do this is it required to enable the windows security stuff? The error I get from teh MQ Client is "An unexpected error (2063) has occured. (AMQ4999)"

Thanks.
Back to top
View user's profile Send private message
rgprasanna
PostPosted: Tue Oct 07, 2008 4:15 am Post subject: Reply with quote

Voyager

Joined: 02 May 2007
Posts: 91
Location: Chennai - India

Hi,
How you are connecting to queue managers on other machines?
by using explorer or as a mq client?

if it is mq client ensure you set the MQCHLLIB variable and created the client and server connection channels...
_________________
Prasanna
Back to top
View user's profile Send private message
sbuster
PostPosted: Tue Oct 07, 2008 5:27 am Post subject: Reply with quote

Apprentice

Joined: 07 Oct 2008
Posts: 25

I'm using client Explorer.
Back to top
View user's profile Send private message
exerk
PostPosted: Tue Oct 07, 2008 5:37 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 5934

Active Directory environment?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
rgprasanna
PostPosted: Tue Oct 07, 2008 5:47 am Post subject: Reply with quote

Voyager

Joined: 02 May 2007
Posts: 91
Location: Chennai - India

if you are using mq explorer..ensure the user id used by your mq explorer have all the privileges to connect to the queue manager on the other windows machine..also check whether you have any firewall blocking the connectivity...
_________________
Prasanna
Back to top
View user's profile Send private message
sbuster
PostPosted: Tue Oct 07, 2008 5:57 am Post subject: Reply with quote

Apprentice

Joined: 07 Oct 2008
Posts: 25

When we installed MQ on the remote windows machine, we did not enable the security options. So I guess my question is: Do the security features have to be enabled on a Windows installation when connecting to remove queue managers from windows?
Back to top
View user's profile Send private message
rgprasanna
PostPosted: Tue Oct 07, 2008 6:03 am Post subject: Reply with quote

Voyager

Joined: 02 May 2007
Posts: 91
Location: Chennai - India

by default in windows the OAM is active (Object Authority Manager).......the OAM will check for the incoming connection requests and validate the same, if you set delegation to any object...so, no need to enable any security feature when you want to connect to remote machines.

i've provided the check list for remote administration below for your ref..............
Check list - Connecting to remote queue manager using MQ Explorer V 6.0?
 The user id used by you to open MQ explorer should be a part of mqm group
 Check the command server is running or not, if not start it
 Check the server connection channel SYSTEM.ADMIN.SVRCONN exist or not, if not create it and start it
 Ensure the MCAUSER attribute is blank for the SYSTEM.ADMIN.SVRCONN channel (it can be the user id used by you used to connect to MQ EXPLORER)
_________________
Prasanna
Back to top
View user's profile Send private message
exerk
PostPosted: Tue Oct 07, 2008 6:05 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 5934

sbuster wrote:
...So I guess my question is: Do the security features have to be enabled on a Windows installation when connecting to remove queue managers from windows?


My question remains: Is it an AD environment? Also, have you tried putting a valid MCAUSER in the SVRCONN channel? Just to check that you can connect?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
sbuster
PostPosted: Tue Oct 07, 2008 7:09 am Post subject: Reply with quote

Apprentice

Joined: 07 Oct 2008
Posts: 25

I am running MQ 7, MQ 7 is what is installed on the server. Security is not enabled to use AD, it is using the default. Also, the MCAUSER attribute is blank.

The funny thing is another person with MQ 6 Explorer connects just fine, no security settings or anything on his client.
Back to top
View user's profile Send private message
sbuster
PostPosted: Thu Oct 09, 2008 4:11 am Post subject: Reply with quote

Apprentice

Joined: 07 Oct 2008
Posts: 25

The MCAUSER solved it.
Back to top
View user's profile Send private message
PeterPotkay
PostPosted: Thu Oct 09, 2008 5:27 am Post subject: Reply with quote

Jedi Council

Joined: 15 May 2001
Posts: 7463

Just be aware that anyone and everyone can now connect to your QM over that channel with the same authority. You may or may not want that. Adding SSL or a security exit will allow you to control who can connect, now that you have restricted what they can do with MCAUSER.
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral DiscussionSecurity on Windows
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.