ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » problem connecting to the config manager using the toolkit

Post new topic  Reply to topic
 problem connecting to the config manager using the toolkit « View previous topic :: View next topic » 
Author Message
NancyTexas75555
PostPosted: Sun Jan 25, 2009 1:36 am    Post subject: problem connecting to the config manager using the toolkit Reply with quote

Newbie

Joined: 11 Jan 2009
Posts: 5
Hi folks , please help me figure this issue , it is driving me crazy.

I have granted my windows user ACL permissions in the ConfigMgr to administer things

I done the following on the AIX server :


mqsicreateaclentry CMGR01 -u NancyA -m Nancy-PC -x F -p
BIP8071I: Successful command completion.

BIP1778I: mqbrk - USER - F - ConfigManagerProxy - ConfigManagerProxy
BIP1778I: nancy-pc\nancya - USER - F - ConfigManagerProxy - ConfigManagerProxy

I have also creaed the user ID "NancyA" on the AIX server and made it part of the mgbrk and mqm group.

However from my windows machine , when I try to create a new domain connection using the message broker toolkit , I get the following :


BIP0915E The Message Broker Toolkit cannot connect to the queue manager GUP02

The message brokers received a webspher mq error when attemption to connect to the configuration manager's queue manager. Ensure that the queue manager is running, that a network connection is enabled and that a configuration manager has been defined. If necessary, start the queue manager GUP02, ensure that a listerner is running on port 1414 and that a valid server connection channel is running.

and when I click on detail : I get

User NancyA is not authorized to connect to queue manager 'GUP02' (MQ reason code 2035 while trying to connect)



I have made sure all the mentions above are working fine , Can someone advice or guide me ? Do I need to run something on the windows machine itself ?

thanks
Nancy
Back to top
View user's profile Send private message
mqjeff
PostPosted: Sun Jan 25, 2009 5:14 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
after putting the user NancyA (which is not the same as "nancya" on unix, btw) in the mqm group, did you REFRESH SECURITY on the qmgr or restart it, to get it to pick up the change in the OS level security?
Back to top
View user's profile Send private message
NancyTexas75555
PostPosted: Sun Jan 25, 2009 10:09 am    Post subject: Reply with quote

Newbie

Joined: 11 Jan 2009
Posts: 5
Jeff,
I did refresh and run the dspmqaut to see if my ID is set up fine. could it be with the machine name ? I can't ping NANCY-PC from the aix server ,, will that be the cause ? I am not sure where else to look at this moment . Please advice
Back to top
View user's profile Send private message
mqjeff
PostPosted: Sun Jan 25, 2009 10:17 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
Again, unix ids are case sensitive.

The machine name is irrelevant at this point - MQ doesn't use it, only Broker, and you're getting a failure from the queue manager and not from the configmgr. Once you connect to the qmgr successfully, then you'll get to find out if the machinename is correct.

Try to connect to the queue manager from MQ Explorer rather than from the Toolkit - you should get the same 2035.

I suspect that either you are not presenting the NancyA user to the queue manager, or that you're having issues with case sensitivity in user names.

Also, remember that on Unix MQ uses the primary group of the user for authentication and not the actual user name. So even if you're not hitting case sensitivity issues, the nancya user could have "users" as it's primary group, and not "mqm" - and you didn't grant any mq priviledges for the "users" group (rightly so).

If this is the case, you probably want to create a new group on AIX that is for toolkit users or toolkit admins, and then put that group into mqm.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sun Jan 25, 2009 10:36 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
I seem to faintly remember from somewhere that on Unix the Windows Ids are translated to lower case .... or is it Ids from elsewhere...

Anyways it would be good to verify....

If you want to fully secure this you will need SSL and an MCAUser on the SYSTEM.BROKER.SVRCONN channel for the config mgr.

This way only the people with the right certificate could connect to the configmgr. Now if you pass the certstore and truststore args to your toolkit on start up you should be fine.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » problem connecting to the config manager using the toolkit
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.