MQSeries.net :: View topic

Snw · Posted: Wed Feb 22, 2017 6:06 am Post subject:

Hi.
MQ 8.0.0.5
Windows Server 2012 R2

I installed the MQ server and configured according to the instruction: "Creating and setting up domain accounts for IBM MQ" - https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.ins.doc/q008840_.htm

Created group, created users, added users to groups, added the right for reading membership in group.
DC:

MQ Server:

At connection through RDP everything works as it is required, but at connection through PowerShell:

PS C:\Users\Build-agt>
[***]: PS C:\Users\build-agt\Documents> crtmqm TEST
crtmqm : AMQ8101: WebSphere MQ error (80F) has occurred.
+ CategoryInfo : NotSpecified: (AMQ8101: WebSph...) has occurred.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

2/22/2017 11:10:21 - Process(3556.1) User(build-agt) Program(crtmqm.exe) Host(***) Installation(Installation1) VRMF(8.0.0.5)

An internal WebSphere MQ error has occurred on queue manager TEST.

An error has been detected, and the WebSphere MQ error recording routine has been called. The failing process is process 3556.

Use the standard facilities supplied with your system to record the problem identifier and to save any generated output files. Use either the MQ Support site: ***, or IBM Support Assistant (ISA): ***, to see whether a solution is already available. If you are unable to find a match, contact your IBM support center. Do not discard these files until the problem has been resolved.

Event log:
2/22/2017 11:10:21 - Process(3556.1) User(build-agt) Program(crtmqm.exe) Host(***) Installation(Installation1) VRMF(8.0.0.5)

An internal WebSphere MQ error has occurred.

An internal error has occurred with identifier 2080080F. This message is issued in association with other messages.

Use the standard facilities supplied with your system to record the problem identifier and to save any generated output files. Use either the MQ Support site: ***, or IBM Support Assistant (ISA): ***, to see whether a solution is already available. If you are unable to find a match, contact your IBM support center. Do not discard these files until the problem has been resolved.

2/22/2017 11:10:21 - Process(3556.1) User(build-agt) Program(crtmqm.exe) Host(***) Installation(Installation1) VRMF(8.0.0.5) QMgr(TEST)

Access was denied when attempting to retrieve group membership information for user 'build-agt@***'.

WebSphere MQ, running with the authority of user 'build-agt@***', was unable to retrieve group membership information for the specified user.

Ensure Active Directory access permissions allow user 'build-agt@***' to read group memberships for user 'build-agt@***'. To retrieve group membership information for a domain user, MQ must run with the authority of a domain user and a domain controller must be available.

FDC:

Major Errorcode :- lrcE_SECURITY_ERROR |
| Minor Errorcode :- OK |
| Probe Type :- INCORROUT |
| Probe Severity :- 2 |
| Probe Description :- AMQ6125: An internal WebSphere MQ error has occurred. |
| FDCSequenceNumber :- 0 |
| Comment1 :- The local or domain user this WebSphere MQ command is |
| running under is not authorized, if running as domain user then please |
| ensure this user has all appropriate privileges on domain controller such |
| as query group membership

In what there can be a problem? What additional actions can help to reveal a problem on AD/MQ?