ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportConnection failure to WebServers

Post new topicReply to topic
Connection failure to WebServers View previous topic :: View next topic
Author Message
KIDINMQ
PostPosted: Tue Apr 30, 2019 4:18 am Post subject: Connection failure to WebServers Reply with quote

Novice

Joined: 12 Nov 2013
Posts: 14

Help required finding out the possible solution on this. TCP/IP errors are keep on generating in MQ error logs whenever receiving data from the WebServers. Doesn't seems to be a regular Network issue. OS is Solaris 5 and MQ 5.3.

----- amqccita.c : 2781 ---------------------------------------------------------------------------
29/04/19 10:32:42 AM
AMQ9209: Connection to host 'XXXXXXXX (X.X.X.X)' closed.

EXPLANATION:
An error occurred receiving data from 'XXXXXXXX (X.X.X.X)' over TCP/IP. The
connection to the remote host has unexpectedly terminated.
ACTION:
Tell the systems administrator.
---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------
29/04/19 05:01:50 PM
AMQ9207: The data received from host 'XXXXXXXX (X.X.X.X)' is not valid.

EXPLANATION:
Incorrect data format received from host 'XXXXXXXX (X.X.X.X)' over TCP/IP.
It may be that an unknown host is attempting to send data. An FFST file has
been generated containing the invalid data received.
ACTION:
Tell the systems administrator.
----- amqccita.c : 2888 -------------------------------------------------------
29/04/19 05:01:50 PM
AMQ9228: The TCP/IP responder program could not be started.

EXPLANATION:
An attempt was made to start an instance of the responder program, but the
program was rejected.
ACTION:
The failure could be because either the subsystem has not been started (in this
case you should start the subsystem), or there are too many programs waiting
(in this case you should try to start the responder program later). The reason
code was 0.
----- amqrmrsa.c : 461 --------------------------------------------------------
Back to top
View user's profile Send private message Send e-mail
LJM
PostPosted: Tue Apr 30, 2019 4:40 am Post subject: Reply with quote

Novice

Joined: 05 Jul 2018
Posts: 20

just looks like NON MQ traffic hitting your listener to me,

I get the same when my Black Box Pen test devices spin up and trawl the LAN>
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Apr 30, 2019 5:02 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25858
Location: Texas, USA

LJM wrote:
just looks like NON MQ traffic hitting your listener to me




Something like a port scanner doing a vulnerability check
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
KIDINMQ
PostPosted: Tue Apr 30, 2019 5:25 am Post subject: Reply with quote

Novice

Joined: 12 Nov 2013
Posts: 14

Thanks for your quick replies and welcome your inputs.
Back to top
View user's profile Send private message Send e-mail
KIDINMQ
PostPosted: Tue Apr 30, 2019 5:53 am Post subject: Reply with quote

Novice

Joined: 12 Nov 2013
Posts: 14

Will MQ Listener restart helps ?
Back to top
View user's profile Send private message Send e-mail
Vitor
PostPosted: Tue Apr 30, 2019 6:19 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25858
Location: Texas, USA

KIDINMQ wrote:
Will MQ Listener restart helps ?


No. This will happen every time something which isn't an MQ MCA pings the port the listener is attached to. The error:

Quote:

Incorrect data format received from host 'XXXXXXXX (X.X.X.X)' over TCP/IP.
It may be that an unknown host is attempting to send data. An FFST file has
been generated containing the invalid data received.
ACTION:
Tell the systems administrator.


is exactly right. An unknown host is attempting to send data, in a non-MQ format, and nothing you do within MQ will prevent that (obviously). MQ will legitimately generate this error every time it happens.

If you want to prevent this error (and the associated FFST), your only recourse is to use the data in the FFST to identify what's doing this or ask the network people if they know of something that would scan this port. Having identified the application sending the invalid data, tell them to stop doing it.

For example, we run vulnerability checks on our network like most organizations. We have a "white list" of IP address/port combinations we don't scan because they're MQ Servers / Oracle servers / etc. that react like this to probes.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Apr 30, 2019 6:22 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25858
Location: Texas, USA

Try:

Code:
telnet <that server's IP> <the MQ listener's port number>


and type something.

You'll see the same error turn up. Now think about what you could do with the MQ listener (including restarting it as you propose) that would prevent that error the next time you telnet to that port.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
exerk
PostPosted: Tue Apr 30, 2019 7:07 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6110

A pity that the MQ version is so back-level, or CHLAUTH could be used as a temporary block...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
KIDINMQ
PostPosted: Fri May 10, 2019 4:24 am Post subject: Reply with quote

Novice

Joined: 12 Nov 2013
Posts: 14

Thanks all for your valuable inputs and time
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportConnection failure to WebServers
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.