ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexIBM MQ API SupportMQ Client is not getting messages from the MQ queue manager

Post new topicReply to topic
MQ Client is not getting messages from the MQ queue manager View previous topic :: View next topic
Author Message
ammx
PostPosted: Fri Sep 08, 2017 7:49 pm Post subject: MQ Client is not getting messages from the MQ queue manager Reply with quote

Newbie

Joined: 08 Sep 2017
Posts: 9

Hi

I am working with two Linux RedHat servers, one with MQ Client 8.0.0.6 and the other with MQ Server 8.0.0.6. I am trying to test a queue manager "AEDMQ03A" that is not receiving messages from the Client machine. These are the following steps i have done:

1) I verified in the MQ Server that the queue manager AEDMQ03A is running, and its listener is also running on port 1414.

2) I checked there is a server-connection channel "SYSTEM.DEF.SVRCONN" (runmqsc AEDMQ03A and then DISPLAY CHANNEL(*) )and it gave me the next information:

Code:
 CHANNEL(SYSTEM.DEF.SVRCONN)             
 CHLTYPE(SVRCONN)
   ALTDATE(2016-02-15)                   
 ALTTIME(02.20.25)
   CERTLABL( )                             
COMPHDR(NONE)
   COMPMSG(NONE)                         
 DESCR( )
   DISCINT(0)                             
 HBINT(300)
   KAINT(AUTO)                             
MAXINST(100)
   MAXINSTC(90)                         
  MAXMSGL(4194304)
   MCAUSER(nobody)                         
MONCHL(QMGR)
   RCVDATA( )                             
RCVEXIT( )
   SCYDATA( )                             
 SCYEXIT( )
   SENDDATA( )                           
 SENDEXIT( )
   SHARECNV(10)                           
 SSLCAUTH(REQUIRED)
   SSLCIPH( )                             
SSLPEER( )
   TRPTYPE(TCP) 


On the client side

3) I defined the environment variables MQSERVER like this:

MQSERVER=SYSTEM.DEF.SVRCONN/TCP/ 'IP_ADRESS_MQServer(port)'

4) I checked that a local queue named "SYSTEM.DEFAULT.LOCAL.QUEUE" exists
5) Then I try to "amqsputc SYSTEM.DEFAULT.LOCAL.QUEUE AEDMQ03A", but it gives me the error:

"Sample AMQSPUT0 start
MQCONNX ended with reason code 2035"

I investigated this and I know it has something to do with permissions. I went to the AEDMQ03A error logs and found these three messages that caught my attention:

AMQ9999: Channel 'SYSTEM.DEF.SVRCONN' to host 'ip_adress_client' ended abnormally
AMQ8077: Entity nobody has insufficient authority to access object 'SYSTEM.DEFAULT.LOCAL.QUEUE'(NOBODY IS THE MCAUSER OF THE CHANNEL)
AMQ9777: Channel was blocked. The inbound channel 'SYSTEM.DEF.SVRCONN' was blocked from adress 'ip_MQclient' because the active values of the channel matched a record configured with USERSRC(NOACCESS). The active values of the channel were 'CLNTUSER(mqm)

I thought that the only issue was the permissions on the local queue and the queue manager but apparently there other 2 issues there.

Regarding the permissions setting with the command setmqaut, which user or group do I have to give the permissions to, the user mqm or the MCAUSER that appeared on the SVRCONN channel? And what kind of permissions, +all, +put,+get??

Thanks in advance
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sat Sep 09, 2017 2:48 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19382
Location: LI,NY

Well this is not going to work the way you want. As you guessed the channel you chose is not working. You need to define a server connection channel that does not start with SYSTEM...
Security is now enforcing best practice and will prevent you from using any channel starting with SYSTEM....

For the second part don't use user mqm or any other user in the mqm group. Those are considered privileged users and are "banned" by default.

You will still have to authorize the group/user to access the qmgr and its relevant objects (queues) using setmqaut.

After that you should be good.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
ammx
PostPosted: Sat Sep 09, 2017 9:07 pm Post subject: Reply with quote

Newbie

Joined: 08 Sep 2017
Posts: 9

Hi

I already created another server-communication channel like this:

DEFINE CHANNEL(A03ZCIWAS) CHLTYPE(SVRCONN) TRPTYPE(TCP)

I also created the client-communication channel (I am not sure if this step is necessary, but I did it anyways).

DEFINE CHANNEL(A03ZCIWAS) CHLTYPE(CLNTCONN) CONNAME(xx.xx,xx.xx) QMNAME(AEDMQ03A) TRPTYPE(TCP) <-- here the xx.xx.xx.xx is the IP adress of the MQ Server

Then I set the MQSERVER environment variable with MQSERVER=A03ZCIWAS/TCP/'xx.xx.xx.xx(1414)'

After this i set the necessary permissions for the queue manager and the queue. I did it for user nobody which is the user in the MCAUSER of the SVRCONN CHANNEL(named A03ZCIWAS).

setmqaut -m AEDMQ03A -t qmgr -p nobody +alladm

setmqaut -m AEDMQ03A -n QUEUE_TEST -t queue -p nobody +alladm

I also setmqaut for the group where nobody belongs to(it only belongs to one group). The QUEUE_TEST is the local queue I created for testing

and the when I tried ./amqsputc QUEUE_TEST AEDMQ03A, it gives me the error message:

Sample AMQSPUT0 start
target queue is QUEUE_TEST
MQOPEN ended with reason code 2035
unable to open queue for output
Sample AMQSPUT0 end

I don't understand why it is giving me this cause I already gave permissions for the queue and the queue manager
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sun Sep 10, 2017 12:39 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19382
Location: LI,NY

Look in the queue manager error log to further understand why you are getting the 2035 reason code.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
gbaddeley
PostPosted: Sun Sep 10, 2017 3:57 pm Post subject: Reply with quote

Padawan

Joined: 25 Mar 2003
Posts: 1732
Location: Melbourne, Australia

You can delete the CLNTCONN type channel. Its not required if you are using the MQSERVER environment variable to configure a MQ Client connection.

Also, don't use the userid 'nobody'. It has that name for a reason. It defines a principal that should not exist and/or is not usable and/or does not have authority to anything.

For MQ authorities, its best to use a dedicated app group, with the userid of interest being a member of that group. Don't use any groups that most userid are in (eg. staff) as this over authorises in MQ.
_________________
Glenn
Back to top
View user's profile Send private message
gbaddeley
PostPosted: Mon Sep 11, 2017 4:50 pm Post subject: Reply with quote

Padawan

Joined: 25 Mar 2003
Posts: 1732
Location: Melbourne, Australia

The thread title gives me pain "MQ queue manager is not getting messages from the MQ Client". It should be the other way around "MQ Client is not getting messages from the MQ queue manager".
_________________
Glenn
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Tue Sep 12, 2017 4:43 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19382
Location: LI,NY

gbaddeley wrote:
The thread title gives me pain "MQ queue manager is not getting messages from the MQ Client". It should be the other way around "MQ Client is not getting messages from the MQ queue manager".

So updated the title.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexIBM MQ API SupportMQ Client is not getting messages from the MQ queue manager
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.