| Author |
Message
|
| chetu777 |
 Posted: Sun May 08, 2011 11:06 pm Post subject: Not able to connect to remote Broker QM |
 |
|
Acolyte
Joined: 07 Sep 2009
Posts: 59
|
Hi All,
I am using the broker toolkit version 7.0.0.1 and broker runtime version 7.0.0.1 and the Queue Manager Version 7.0.1.0
My Runtime and QM's are in an AIX box. I am not able to connect to the QM using my toolkit. It is giving an error as such.
The user 'XXXX' is not authorized to connect to queue manager 'BRKQM' (MQ reason code 2035 while trying to connect)
Check that,
1. The broker is running.
2. The TCP/IP port of the queue manager is active if it is remote.
My Broker and toolkit is up and running. Can anyone guide me if I am missing anything. Or is that I need to create some user in AIX with the same name as that of in windows. |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Sun May 08, 2011 11:13 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| Code: |
C:\wbi_Data\tmp>mqrc 2035
2035 0x000007f3 MQRC_NOT_AUTHORIZED
C:\wbi_Data\tmp>
|
The way users are authorised to connect to Broker is very different in V7 than for V6.x.
It is now done at the QMGR level. (the 'setmqaut' command will become your friend.
Have you looked in the documentation for the information on how to do this?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| chetu777 |
| Posted: Sun May 08, 2011 11:31 pm Post subject: |
|
|
Acolyte
Joined: 07 Sep 2009
Posts: 59
|
Hi smdavies,
Yes I already have tried out this option
$ setmqaut -m BRKQM -t qmgr -p XXXX +all
AMQ7026: A principal or group name was invalid.
Do I need to create this user even in AIX machine... I meant now the XXXX user is a user in windows machine where toolkit is running. so getting confused.
And also I tried using that mqsicreateaclentry .. but I guess its removed from the v7.
Any idea? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon May 09, 2011 1:14 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
you need to review MQ security and access with a SVRCONN channel.
This will guide you to success.
And on Unix please only use -group. Using the principal on Unix will not do what you think! 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| chetu777 |
| Posted: Mon May 09, 2011 1:20 am Post subject: |
|
|
Acolyte
Joined: 07 Sep 2009
Posts: 59
|
Hi All,
Thanks for the support. I could able to resolve the problem.
Since ACL entry was not possible as in previous versions, what I did was I logged in as root user in AIX box and created the same user as that in windows, with the same password and made him the member of mqm and mqbrkrs.
Then used the below command
$ setmqaut -m BRKQM -t qmgr -p XXXX +connect
The setmqaut command completed successfully.
Once this was done, I was able to connect from Toolkit to the remote broker on the AIX box and also deploy flows successfully. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon May 09, 2011 1:27 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| chetu777 wrote: |
Hi All,
Thanks for the support. I could able to resolve the problem.
Since ACL entry was not possible as in previous versions, what I did was I logged in as root user in AIX box and created the same user as that in windows, with the same password and made him the member of mqm and mqbrkrs.
Then used the below command
$ setmqaut -m BRKQM -t qmgr -p XXXX +connect
The setmqaut command completed successfully.
Once this was done, I was able to connect from Toolkit to the remote broker on the AIX box and also deploy flows successfully. |
Remove that authorization. The user is a member of mqm and does not need it.
You just gave the primary group of XXXX authorizations to the qmgr.
In Unix no authorization gets stored at the -p level.
My advice: NEVER use -p, even in Windows. ALWAYS use -g.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| chetu777 |
| Posted: Mon May 09, 2011 1:34 am Post subject: |
|
|
Acolyte
Joined: 07 Sep 2009
Posts: 59
|
Thanks Fjb_saper I surely will implement it now.  |
|
| Back to top |
|
|
|
|
