| Author |
Message
|
| Eve0402 |
 Posted: Mon Dec 08, 2008 9:24 am Post subject: Issue with trigger on windows server 2003 |
 |
|
Newbie
Joined: 02 Jan 2008
Posts: 6
|
Hello,
Hope you already faced this issue and could give me a hand on this...
Mqseries server V6 is installed on a windows server 2003, i defined a local queue A, a process P and a service TRGM to run the trigger monitor.
TRGM is running on SYSTEM.DEFAULT.INITIATION.QUEUE.
Process is launching a bat file with just a notepad command.
I connect on the server with a domain user (member of administrators and mqm groups).
When i launched directly the bat file, notepad opens correctly.
If i put a test message in the local queue A, notepad is not launched but i have a notepad.exe process running in the task manager with MUSR_MQADMIN user.
If i stop the TRGM service and run directly the runmqtrm command on cmd window, everything is working correctly (notepad is launched when i put a test message in queue A)
Do you know what is missing in my configuration? do i need to define my domain user in another group, or is there any possibility to run the mq service with another user than MUSR_MQADMIN ?
Please, please, please, if you can help 
Thanks |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Dec 08, 2008 11:41 am Post subject: Re: Issue with trigger on windows server 2003 |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Eve0402 wrote: |
| Do you know what is missing in my configuration? |
Nothing. You say that there's a notepad process triggered when the service goes off; what else were you expecting? It's just not interacting with the screen.
Try it with a bat file that reads the message off the triggered queue (one of the sample apps perhaps). Or rework the service so it has a screen context.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Dec 08, 2008 11:57 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
You have stumbled onto a well-documented issue, namely: under whose authority does an application run?
When you start the application manually, it takes on your identity.
Who (what) started the trigger monitor app? Triggered apps take on that identity.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| kevinf2349 |
| Posted: Mon Dec 08, 2008 12:54 pm Post subject: |
|
|
Grand Master
Joined: 28 Feb 2003
Posts: 1311
Location: USA
|
| bruce2359 wrote: |
You have stumbled onto a well-documented issue, namely: under whose authority does an application run?
When you start the application manually, it takes on your identity.
Who (what) started the trigger monitor app? Triggered apps take on that identity. |
If I recall correctly isn't there a recommendation that a Windows Service can't (or shouldn't) issue starts for any 'user interface' type programs too?
I may be talking out of a lower body extremity here as I am not really a Windows expert but that was my understanding. |
|
| Back to top |
|
|
| Eve0402 |
| Posted: Mon Dec 08, 2008 2:15 pm Post subject: |
|
|
Newbie
Joined: 02 Jan 2008
Posts: 6
|
Thanks for your answers.
"Try it with a bat file that reads the message off the triggered queue"
>> I did. I just did a test with notepad cause it was easier to check what it was doing. Queue is triggered normally with a vb script that extracts the message in a directory.
But message stays in queue, and trigger does not work until i launch manually the runmqtrm with my user. |
|
| Back to top |
|
|
| Eve0402 |
| Posted: Wed Dec 10, 2008 7:03 am Post subject: Solution |
|
|
Newbie
Joined: 02 Jan 2008
Posts: 6
|
Hello again,
just an update on this subject...notepad process was not a good example, but problem was coming from the fact i used a domain user instead of a local user on the server, so solution is to create also on the domain controller a group "mqm" and add in it every user who need to connect to mq,
Thanks everyone |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 10, 2008 7:08 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Putting any users in Domain mqm, or mqm locally, grants them far more access than they deserve.
The only users that should be in Domain mqm are the MQ service users.
You should use setmqaut for everyone else. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Dec 10, 2008 8:48 am Post subject: Re: Solution |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Eve0402 wrote: |
solution is to create also on the domain controller a group "mqm" and add in it every user who need to connect to mq,
|
This solution also grants every user administrative rights.
Investigate other solutions, like defining a limited-rights user and using it as MCAUser.
The issue of connection also has very little to do with the user id a triggered app is running under. Or should have.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
