| Author |
Message
|
| yasaboy |
 Posted: Mon Dec 01, 2014 9:19 pm Post subject: MQOPEN ended with reason code 2035 after setmqspl |
 |
|
Voyager
Joined: 23 Jun 2014
Posts: 90
|
Hi,
After I set a setmqspl on a perticular queue, our MQ Application it gives the error 2035 saying
| Code: |
| MQOPEN ended with reason code 2035,TEST.INQUEUE1 |
How ever it works perfectly on amqsputc and amquput commands. It's only our application that fails.
And strangely there are no error logs printed as well.
| Code: |
dspmqspl -m QMSSLT -p TEST.INQUEUE1
Policy Details:
Policy name: TEST.INQUEUE1
Quality of protection: PRIVACY
Signature algorithm: MD5
Encryption algorithm: DES
Signer DNs:
CN=newcdev50,OU=MT,C=SL
Recipient DNs:
CN=newcdev8,OU=MT,C=SL
Toleration: 0 |
any suggestions ? |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Dec 02, 2014 2:27 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
which version of MQ are we talking about?
Does the receiver getting the 2035 have the right certificate? Is the certificate referenced in the receivers ams config file?
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| yasaboy |
| Posted: Tue Dec 02, 2014 3:15 am Post subject: |
|
|
Voyager
Joined: 23 Jun 2014
Posts: 90
|
| fjb_saper wrote: |
which version of MQ are we talking about?
Does the receiver getting the 2035 have the right certificate? Is the certificate referenced in the receivers ams config file?
Have fun |
Hi,
It is not in the receiver that gives the error. It's the sender that gives the error 2035 saying that it cannot put messages to the queue. But amqsputc is working.
Yes we have setup correct keystore.conf file in the senders .mqs folder as below
| Code: |
cms.keystore = /x01/dev/AMSTest/dev50
cms.certificate = ibmwebspheremqdev50 |
why isn't this not giving any error log and why is amqsputc working an our wrapper library app not working ? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Dec 02, 2014 6:52 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
So you're trying to use AMS.
You're running amqsput as the same user you're trying to run your app as?
You're running amqsputC against the same svrconn channel as your app?
What I'm saying is, check what the resolved user is on the qmgr side after you connect. |
|
| Back to top |
|
|
| yasaboy |
| Posted: Wed Dec 03, 2014 2:44 am Post subject: |
|
|
Voyager
Joined: 23 Jun 2014
Posts: 90
|
| mqjeff wrote: |
So you're trying to use AMS.
You're running amqsput as the same user you're trying to run your app as?
You're running amqsputC against the same svrconn channel as your app?
What I'm saying is, check what the resolved user is on the qmgr side after you connect. |
Hi,
Everything you stated are correct. That's exactly the problem I have
How can I check a Resolved user for a particular queue? could not find any reference center and also tried using MQExplorer ..
Please help .....  |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 03, 2014 6:04 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
So the only difference between what user is in force for AMSQPUT compared to AMQSPUTC is that AMQSPUTC is using a client connection channel.
So if you are running AMQSPUT as user 'xyz', and also running AMQSPUTC as user 'xyz'...
The channel that is being used by AMQSPUTC could very easily have an MCAUSER or CHLAUTH rule or etc. etc. etc to convert the user 'xyz' into some other user 'abc'.
Likewise, you should be able to enable authority event logging of some kind, and perhaps some additional AMS tracing (I don't know AMS, so I don't know how to do this, or if you can) to tell you what user is being denied. |
|
| Back to top |
|
|
|
|
