| Author | Message | 
		
		  | pintrader | 
			  
				|  Posted: Thu Apr 17, 2014 4:58 am    Post subject: Integration Bus v9 Windows service could not start in MSCS |   |  | 
		
		  | Disciple
 
 
 Joined: 22 Jan 2014Posts: 164
 
 
 | 
			  
				| hi have a question hope to get some help
 
 Setup:
 1) 2 VMs running Windows 2012 R2. WMQ 7.5.0.3 + IIBv9
 2) Using MSCS for clustering. Node A is active. Node B is passive
 3) 2 domain accounts,
 a) wmqadmin (domain admin)
 b) wmqservice (domain user to start MQ/broker services )
 4)I have already set up clustering for MQ(Q mgr) and it works fine on both Nodes using the steps here  (which is updated for 2008 and not 2012 R2 )
 5) F drive stores my WMQ installation files
 6) G drive is my shared network drive  (for the MQ data files and logs)
 
 Now when i begin to add an integration bus v9 broker using the steps here  (also for 2008, not 2012 R2), only Node B's broker service could not be started when failover from Node A.
 
 What I got for error is:
 
 " Event 2005: Unsuccessful IBM integration bus service initialisation. The IBM Integation bus service could not be registered. Check that the machine has adequate memory and that userid and password to start the broker are correct and that the userid is member of mqbrkrs."
 
 I have checked that both nodes A and B has the local mqbrkrs group and that wmqadmin and wmqservice are both in the group. I have also made sure the password is correct.
 
 Here's the steps i did
 1) at Node A, login to VM using wmqadmin
 2) Run a command shell (normal shell), go to F:\......\MQSI\bin and run mqsiprofile
 3) Then execute mqsicommandconsole
 4) create a broker using :
 mqsicreatebroker "mybroker" -q "Qmgr" -e "G:\WMQ" -i wmqservice@mydomain.com -a "pass" -w "G:\WMQ\log\mybroker"
 5) I failover to Node B, login as wmqadmin
 6) run mqsiprofile, then use mqsicommandconsole to execute:
 mqsiaddbrokerinstance "mybroker" -e "G:\WMQ" -i wmqservice@mydomain.com -a "pass" -w "G:\WMQ\log\mybroker"
 7) Then I added resource at MSCS manager for the broker, dependency is the QMgr resource.
 8) I then tried failover over and back and over and back, but everytime only Node B's Integration bus service could not be started, and the error is as stated above
 9) Node A's Integration bus service doesn't have a problem starting.
 
 When i go to Server Manager->Tools->Services to start the Integation Bus Service manually, i get
 
 "Windows cannot start the IBM integration sub component "mybroker" service on local computer"
 "Error 1067: Process terminated unexpectedly. "
 
 Would there be any kind of "lock" files (linked to  broker) that could have caused this ? any other permissions that I need to set somewhere ? I am suspecting its the mqsiaddbrokerinstance command that i am missing something. hope someone can shed a light.
 
 
 As a side note, the mqsicreatebroker command has a "-d defined" option which binds the broker service to QMgr. So starting/stopping Qmgr would also start/stop the broker. Is using the -d switch advisable in  a clustering environment? i presume if I only wanted to start/stop the broker, i will have to either use the command line or MQ explorer and not the failover manager. is that correct?
 
 
 thanks
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | fjb_saper | 
			  
				|  Posted: Thu Apr 17, 2014 5:36 am    Post subject: |   |  | 
		
		  |  Grand High Poobah
 
 
 Joined: 18 Nov 2003Posts: 20767
 Location: LI,NY
 
 | 
			  
				| Have you looked at which part of the registry needs to move between the nodes. MSCS may need extra pointers for that... 
 Also you may try without putting the broker's workpath on the shared drive.
 i.e. only use -e for mqsiaddbrokerinstance...
  _________________
 MQ & Broker admin
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | pintrader | 
			  
				|  Posted: Thu Apr 17, 2014 5:39 am    Post subject: |   |  | 
		
		  | Disciple
 
 
 Joined: 22 Jan 2014Posts: 164
 
 
 | 
			  
				| 
   
	| fjb_saper wrote: |  
	| Have you looked at which part of the registry needs to move between the nodes. MSCS may need extra pointers for that... 
 |  hi, i have not looked at that. I never thought it would be that complicated as to need to meddle with the registry. Any links or docs you can reference me to? thanks
 
 
 
   
	| fjb_saper wrote: |  
	| Also you may try without putting the broker's workpath on the shared drive.
 i.e. only use -e for mqsiaddbrokerinstance... :innocent:
 |  yes, i have tried this as well. no luck
 
 Once i get back to work, i would try to compare the User right assignment in Local security policy for both nodes and see if there are any differences.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | fjb_saper | 
			  
				|  Posted: Thu Apr 17, 2014 6:00 am    Post subject: |   |  | 
		
		  |  Grand High Poobah
 
 
 Joined: 18 Nov 2003Posts: 20767
 Location: LI,NY
 
 | 
			  
				| Comparing user rights in local policy is a good start. However you should also look into the local registry (wow64) etc to see if the special broker instance is referenced there.
 
 Check specifically for logon as service etc...
 Make also sure the domain mqbrkrs group is member of the local mqbrkrs group. Rights on the shared drive should have been given to the domain grp.
 Note: If you limited the rights on the share to the mqm domain group, make sure the broker service user is also part of that domain group.
 
 Then look at the MSCS definition of the broker and check if you need to carry the path to the instance in the registry to the MSCS definition...
 
 Have fun
  _________________
 MQ & Broker admin
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | smdavies99 | 
			  
				|  Posted: Thu Apr 17, 2014 6:26 am    Post subject: |   |  | 
		
		  |  Jedi Council
 
 
 Joined: 10 Feb 2003Posts: 6076
 Location: Somewhere over the Rainbow this side of Never-never land.
 
 | 
			  
				| You are missing one vital option when you created the Broker and possibly one for the queue manager 
 For the queue manager you may need to specify the -a switch.
 
 For the broker YOU WILL need to use the -A switch.
 
 A tip is also to NOT add the service to MSCS until you have verified that the broker runs on both nodes.
 Start the broker on the node it was created on and verify that it is working correctly. Then stop the broker.
 Fail the WMQ QMGr over to the other node, run thr addbrokerinstance command and start the broker. If it runs then stop it, fail over the cluster and then add it to the MSCS resources. Bring the resource online and fail it over again.
 If everything is running then you are good to go.
 
 The -A switch is needed because of Server 2012. It is not needed for Server 2008R2.
 _________________
 WMQ User since 1999
 MQSI/WBI/WMB/'Thingy' User since 2002
 Linux user since 1995
 
 Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | pintrader | 
			  
				|  Posted: Thu Apr 17, 2014 7:52 am    Post subject: |   |  | 
		
		  | Disciple
 
 
 Joined: 22 Jan 2014Posts: 164
 
 
 | 
			  
				| 
   
	| smdavies99 wrote: |  
	| 
 For the broker YOU WILL need to use the -A switch.
 The -A switch is needed because of Server 2012. It is not needed for Server 2008R2
 
 |  hi, it was verified a while back by an IBM engineer that its not necessary. I have put my accounts into local mqm and mqbrkrs group. (if all else fails, i will try to create with -A. but what should i give for the access group?
 
 is it
 crtmqm -a "domain mqm"  ?
 
 
 
 
   
	| smdavies99 wrote: |  
	| A tip is also to NOT add the service to MSCS until you have verified that the broker runs on both nodes.
 Start the broker on the node it was created on and verify that it is working correctly. Then stop the broker.
 Fail the WMQ QMGr over to the other node, run thr addbrokerinstance command and start the broker. If it runs then stop it, fail over the cluster and then add it to the MSCS resources. Bring the resource online and fail it over again.
 If everything is running then you are good to go.
 
 |  thanks will try when i get back to work. What if without the MSCS, the Node B broker still doesn't work? any ideas?
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | pintrader | 
			  
				|  Posted: Thu Apr 17, 2014 7:58 am    Post subject: |   |  | 
		
		  | Disciple
 
 
 Joined: 22 Jan 2014Posts: 164
 
 
 | 
			  
				| 
   
	| fjb_saper wrote: |  
	| Comparing user rights in local policy is a good start. However you should also look into the local registry (wow64) etc to see if the special broker instance is referenced there.
 
 |  thanks. will try.
 
 
   
	| fjb_saper wrote: |  
	| Check specifically for logon as service etc...
 Make also sure the domain mqbrkrs group is member of the local mqbrkrs group. Rights on the shared drive should have been given to the domain grp.
 Note: If you limited the rights on the share to the mqm domain group, make sure the broker service user is also part of that domain group.
 
 |  i didn't know there's a domain mqbrkrs group. will check. i only know i did create a domain mqm group according to doc. ( but then, my Node A works)
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | smdavies99 | 
			  
				|  Posted: Thu Apr 17, 2014 9:51 am    Post subject: |   |  | 
		
		  |  Jedi Council
 
 
 Joined: 10 Feb 2003Posts: 6076
 Location: Somewhere over the Rainbow this side of Never-never land.
 
 | 
			  
				| 
   
	| pintrader wrote: |  
	| hi, it was verified a while back by an IBM engineer that its not necessary. I have put my accounts into local mqm and mqbrkrs group. (if all else fails, i will try to create with -A. but what should i give for the access group?
 
 is it
 crtmqm -a "domain mqm"  ?
 
 
 |  If you are referring to the -A option then, I beg to differ with the IBM Engineer who said that it is not required. For IIB 9.0.0.0 and higher it is required when Server 2012 is involved. I have verified this myself on a test rig. Even running on Server 2008R2 when Server 2012 is the DC the second broker won't start UNLESS the -A option is used when creating the broker.
 
 the crtmqm command should ideally have a few other options (IMHO) such as -ls , -lp etc. I recommend that you get into the habit of scripting everything. Then you will make sure that your dev/test environment is configured the same way as your production setup.
 _________________
 WMQ User since 1999
 MQSI/WBI/WMB/'Thingy' User since 2002
 Linux user since 1995
 
 Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | fjb_saper | 
			  
				|  Posted: Thu Apr 17, 2014 10:23 am    Post subject: |   |  | 
		
		  |  Grand High Poobah
 
 
 Joined: 18 Nov 2003Posts: 20767
 Location: LI,NY
 
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | pintrader | 
			  
				|  Posted: Thu Apr 17, 2014 4:45 pm    Post subject: |   |  | 
		
		  | Disciple
 
 
 Joined: 22 Jan 2014Posts: 164
 
 
 | 
			  
				| 
 hi if I use the -B option what would be the brokerdomain group be? and if i use -Q option, the domain group should be "domain mqm" right?
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | fjb_saper | 
			  
				|  Posted: Thu Apr 17, 2014 8:26 pm    Post subject: |   |  | 
		
		  |  Grand High Poobah
 
 
 Joined: 18 Nov 2003Posts: 20767
 Location: LI,NY
 
 | 
			  
				| Obvously the service id should be a member of that group. Ideally the domain group is member of local group mqbrkrs and local group mqm respectively...
 _________________
 MQ & Broker admin
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | smdavies99 | 
			  
				|  Posted: Thu Apr 17, 2014 10:19 pm    Post subject: |   |  | 
		
		  |  Jedi Council
 
 
 Joined: 10 Feb 2003Posts: 6076
 Location: Somewhere over the Rainbow this side of Never-never land.
 
 | 
			  
				| 
 Sorry for that. This pesky cold I picked up is my (feeble) excuse. I should have looked at my scripts before replying.
 
  _________________
 WMQ User since 1999
 MQSI/WBI/WMB/'Thingy' User since 2002
 Linux user since 1995
 
 Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | pintrader | 
			  
				|  Posted: Thu Apr 17, 2014 10:48 pm    Post subject: |   |  | 
		
		  | Disciple
 
 
 Joined: 22 Jan 2014Posts: 164
 
 
 | 
			  
				| 
   
	| fjb_saper wrote: |  
	| Obvously the service id should be a member of that group. Ideally the domain group is member of local group mqbrkrs and local group mqm respectively...
 |  hi
 yes i have that. on both Nodes, under Computer Management->Local User and Group->Groups. In my mqm and mqbrkrs group , i have both the wmqadmin and wmqservice account. Even if i don't create a domain group as stated in Security in a Windows enviroment, if I put these 2 domain accounts into the local mqm and local mqmbrkrs group, it should also work. right?
 
 and according to Security requirement, i did use the mqsicommandconsole to add broker instance and create broker.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | fjb_saper | 
			  
				|  Posted: Fri Apr 18, 2014 4:43 am    Post subject: |   |  | 
		
		  |  Grand High Poobah
 
 
 Joined: 18 Nov 2003Posts: 20767
 Location: LI,NY
 
 | 
			  
				| No you need a DOMAIN group to allow access to your shared drives...  _________________
 MQ & Broker admin
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | pintrader | 
			  
				|  Posted: Mon Apr 21, 2014 2:56 am    Post subject: |   |  | 
		
		  | Disciple
 
 
 Joined: 22 Jan 2014Posts: 164
 
 
 | 
			  
				| hi 
 An update:
 I created in a test environment
 a) an Active directory
 b) a mock storage to act as a shared drive and
 c) 2 identifical VMs windows 2012 R2 with MQ7.5.03 + Integration bus v9
 
 I have got it to work with the clustering without using -a option of crtmqm and also the broker service runs when failover and failback. All is fine, and i followed the steps as documented.
 
 Today, at my production i am still facing the same issue. I have verified all permissions, service account password etc .
 In fact, my issue is similar to this topic "Clustered broker startup problem" where the service failed to initialize. (but its for 2008 and a lower version of broker.)
 
 Another thing is, its always the Node that I used msqiaddbrokerinstance that was unable to bring the service up. I have checked this doc "Security requirement for Windows" and made sure my wmqadmin (Domain admin) is in my local administrator group. The doc also says to be a member of local mqbrkrs in order to start/stop broker , which I have already done that.
 
 Any other ideas ?
 
 thanks
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  |  |