| Author |
Message
|
| dutchman |
 Posted: Thu Jan 14, 2010 5:59 am Post subject: Runmqsc rmt config AIX 7.0.1 to Tandem 5.1 - auth error |
 |
|
Acolyte
Joined: 15 May 2001
Posts: 71
Location: Netherlands
|
Hi guys. Yep, we're still running MQ V5.1 (unsupported) on Tandem.
I'm trying to get the Omegamon/XE MQ agent via the classic sender-receiver channels pair to work. First, I decided to check the basic setup was ok and used 'runmqsc -w 10 -m localQM TandemQM' from the AIX box.
This gets a timeout and looking at the Tandem side I see a msg on the DLQ suggesting it got a security violation with the object being named being AMQ.4B39D2E120655E08.
The thing is that I'm running under Tandem's MQM group so it should work regardless.
The qmgr error logs shows:
-------------------------------------------------------------------------------
2010/01/14 12.28.50
AMQ8507: Command server MQPUT1 request for an undelivered message failed with reason code 2085.
EXPLANATION:
An attempt by the command server to put a message to the dead-letter queue, using MQPUT1, failed with reason code 2085. The MQDLH reason code was 2035.
ACTION:
None.
-------------------------------------------------------------------------------
So what i think is happening is that it gets a violation against the temporary dynamic queue but still continues and then gets an object-not-found condition.
Tracing was tried but it's close to useless.
Ideas? ... Regards ... Ruud |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Thu Jan 14, 2010 2:16 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
The 2035 points to the original put. The 2085 object does not exist points to the qmgr's DLQ. Define a DLQ to the qmgr and restart the qmgr. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| dutchman |
| Posted: Thu Jan 14, 2010 9:52 pm Post subject: |
|
|
Acolyte
Joined: 15 May 2001
Posts: 71
Location: Netherlands
|
Hi ... thx for the suggestion but I did write '...and looking at the Tandem side I see a msg on the DLQ ...'
Regards ... Ruud |
|
| Back to top |
|
|
| zonko |
| Posted: Thu Jan 14, 2010 10:59 pm Post subject: |
|
|
Voyager
Joined: 04 Nov 2009
Posts: 78
|
| Enable the auth error event msgs on the qmgr. The msgs will show what object is being accessed, what the userID is, and the permissions required. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 15, 2010 2:17 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| zonko wrote: |
| Enable the auth error event msgs on the qmgr... |
Was that facility there in V5.1 on any platform? 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| zonko |
| Posted: Fri Jan 15, 2010 4:32 am Post subject: |
|
|
Voyager
Joined: 04 Nov 2009
Posts: 78
|
| It is certainly in 5.1 on other distributed platforms, and I am pretty sure it predates clustering, which was introduced in 5.1. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 15, 2010 6:18 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zonko wrote: |
| it predates clustering, which was introduced in 5.1. |
Really? Didn't clustering come in later than that? 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Fri Jan 15, 2010 6:22 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
is there are route back via xmit.queue name resolution or qmgr alias from the tandem qmgr to the aix qmgr?
I bet the AMQ.4B39D2E120655E08 is a queue on the AIX machine and not the tandem one, hence the 2085...
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jan 15, 2010 7:06 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jan 15, 2010 7:35 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| I bet the AMQ.4B39D2E120655E08 is a queue on the AIX machine and not the tandem one, hence the 2085.. |
And I'd bet it's a dynamic queue.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 15, 2010 7:55 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Must be what I was thinking of.... 
So many years, so many brain cells lost. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| dutchman |
| Posted: Mon Jan 18, 2010 12:31 am Post subject: |
|
|
Acolyte
Joined: 15 May 2001
Posts: 71
Location: Netherlands
|
Hi guys. Goodness - lots of activity.
Yep, AUTHOREV was already set to enabled - but the system queue was empty most probably due to being read by the old Candle product.
Yes, the return route is all properly defined.
Yep, I reckon the temp dynamic queue AMQ.xxxx is the queue created on the AIX side and will have been passed on along with the request as the reply-to-queue, so when the answer had to be placed on this reply-to-queue it got a security violation - but - this thing is running under the MQM group so it should have all the access it needs.
Regards ... Ruud |
|
| Back to top |
|
|
| LuisFer |
| Posted: Mon Jan 18, 2010 2:06 am Post subject: |
|
|
Partisan
Joined: 17 Aug 2002
Posts: 302
|
1.- List the autorithies on NSK
dspmqusr -m <QMgrName>
If the principal (not the usernamel) user from AIX is not into the list add it with altmqusr -m <QMgrName> -p <Principal> -u <UserName>
| Code: |
\HAWK.$SPOOL1.MQMMGR 1> dspmqusr -m HAWK
Principal Userid Username Alias GroupName GroupType
0.1
PEPE 255.1 SUPER.PEPE n SUPER a
MQM s
JUAN 255.27 SUPER.JUAN n SUPER a
MANOLO 251.255 DESA.MANOLO n DESA a
MQM 254.255 MQM.MANAGER n MQM a
|
|
|
| Back to top |
|
|
| dutchman |
| Posted: Mon Jan 18, 2010 2:40 am Post subject: |
|
|
Acolyte
Joined: 15 May 2001
Posts: 71
Location: Netherlands
|
Hi.
We have already done that but let me paste the result for completeness sake:
$SYSTEM ZMQSCMD 2> dspmqusr -m QMNDT010
Principal Userid Username Alias GroupName GroupType
0.1
ITMUSER 251.1 MQM.CANDLE n MQM a
NOBODY 0.0
mqm 251.255 MQM.MANAGER n MQM a
somgr 14.255 SO.MGR n SO a
systest 15.1 SYSTEST.APPL n SYSTEST a
xu99002d 14.3 SO.BEMMELEN n SO a
The request from AIX comes in as 'mqm'. The userid mentioned on the DLQ says MQM.
Regards ... Ruud |
|
| Back to top |
|
|
| LuisFer |
| Posted: Mon Jan 18, 2010 4:20 am Post subject: |
|
|
Partisan
Joined: 17 Aug 2002
Posts: 302
|
| dutchman wrote: |
Hi.
We have already done that but let me paste the result for completeness sake:
$SYSTEM ZMQSCMD 2> dspmqusr -m QMNDT010
Principal Userid Username Alias GroupName GroupType
0.1
ITMUSER 251.1 MQM.CANDLE n MQM a
NOBODY 0.0
mqm 251.255 MQM.MANAGER n MQM a
somgr 14.255 SO.MGR n SO a
systest 15.1 SYSTEST.APPL n SYSTEST a
xu99002d 14.3 SO.BEMMELEN n SO a
The request from AIX comes in as 'mqm'. The userid mentioned on the DLQ says MQM.
Regards ... Ruud |
Change(delete/define) the mqm Principal toMQM
altmqusr -m QMNDT010 -p mqm -r
altmqusr -m QMNDT010 -p MQM -u mqm.manager |
|
| Back to top |
|
|
|
|
