| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| 2035 Authorization Error on expiry report |
« View previous topic :: View next topic » |
| Author |
Message
|
| matthewmatcham |
 Posted: Tue Apr 27, 2010 1:11 am Post subject: 2035 Authorization Error on expiry report |
 |
|
Novice
Joined: 06 Sep 2006
Posts: 12
Location: UK
|
I have MQ Version 6 running on my local XP machine, and a single QM servicing one Broker and one Config Manager. My Broker services are running under a local administrator account that is in the MQM group, and my own local administrator account is also in the MQM group.
I have a message flow that is posting a message to a queue with an expiry report requested. When I browse the expired message in either RFHUTIL or MQ Explorer the QM deletes the message but then encounters a 2035 Authorization 'warning' (error) in the Event Log attempting to send the expiry report message to the specified reply-to-queue.
I'm really struggling to get my head around this one, I've searched through the docs and the posts here but I can't work out what the problem is. Everything else seems fine - Broker writing to and reading from queues, RFHUTIL, MQ Explorer - it's just these expiry reports that aren't working.
This is the output from the MO01 support pack. My reply-to-queue is SYS1_TERM.IN and I can write to this from flows and RFHUTIL. I also turned on full MQ tracing and couldn't find the problem logged anywhere in the trace files.
...>
Tue Apr 27 09:52:56 2010
Queue Manager event: CompCode(WARNING)
Reason = MQRC_NOT_AUTHORIZED
parameter count is 7
MQCA_Q_MGR_NAME BROKERQM
MQIACF_REASON_QUALIFIER 2 (X'2')
MQCA_Q_NAME SYS1_TERM.IN
MQIACF_OPEN_OPTIONS 272 (X'110')
MQCACF_USER_IDENTIFIER
MQIA_APPL_TYPE = MQAT_WINDOWS_NT
MQCACF_APPL_NAME ents\IBM\rfhutil\rfhutil.exe
...>
****EDIT****
I should also point out the following attached entry in the Event Log (event 8074):
Authorization failed as the SID 'S-1-5-21-4215661524-657231489-1494353238-69988' does not match the entity ''.
The Object Authority Manager received inconsistent data - the supplied SID does not match that of the supplied entity information.
Ensure that the application is supplying valid entity and SID information. |
|
| Back to top |
|
 |
| PeterPotkay |
| Posted: Tue Apr 27, 2010 4:49 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
When the QM produces the Expiry Report, it will be put with the Authority of the ID in th eoriginal message's MQMD User ID field. Does that ID have access to this reply to q?
Turn on Authority Events and try again to see what ID is failing with which missing authorities. The MO71 Support Pack displays the Authority Events nicely.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Apr 27, 2010 8:13 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| PeterPotkay wrote: |
When the QM produces the Expiry Report, it will be put with the Authority of the ID in th eoriginal message's MQMD User ID field. Does that ID have access to this reply to q?
Turn on Authority Events and try again to see what ID is failing with which missing authorities. The MO71 Support Pack displays the Authority Events nicely. |
matthewmatcham *did* turn on authority events, and did produce a nice report of the event message as output by MO01, which is at least a bit more focused on the problem than MO71.
The event message shows that the original message has a blank MQMD.User, and that this user does not have any permissions to the queue SYS1_TERM.IN. |
|
| Back to top |
|
|
| matthewmatcham |
| Posted: Wed Apr 28, 2010 2:11 am Post subject: |
|
|
Novice
Joined: 06 Sep 2006
Posts: 12
Location: UK
|
| Thanks, I somehow failed to spot the blank userid in the MO01 output. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
