ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Datadog-MQ conn :- User ID initialization failed for 'mqmon'

Post new topic  Reply to topic
 Datadog-MQ conn :- User ID initialization failed for 'mqmon' « View previous topic :: View next topic » 
Author Message
deesub
PostPosted: Mon Nov 29, 2021 6:52 am    Post subject: Datadog-MQ conn :- User ID initialization failed for 'mqmon' Reply with quote

Novice

Joined: 08 Jun 2018
Posts: 12

I am using datadog on my monitoring server that connects to MQ Server for alerts monitoring.
THe connection to my qmanager throws the below error in the qmgr logs:

AMQ9557E: Queue Manager User ID initialization failed for 'mqmon'.

EXPLANATION:
The call to initialize the User ID 'mqmon' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. If a
userID flow was used, the User ID in the UID header was 'dd-agent' and any
CHLAUTH rules applied prior to user adoption were evaluated case-sensitively
against this value.
ACTION:
Correct the error and try again.

AMQ5531E: Error locating user or group in LDAP

EXPLANATION:
The LDAP authentication and authorization service has failed in the ldap_search
call while trying to find user or group 'mqmon'. Returned count is 0.
Additional context is '(&(objectClass=inetOrgPerson)(uid=mqmon))'.
ACTION:
Specify the correct name, or fix the directory configuration. There may be
additional information in the LDAP server error logs.


I have given the necessary CHLAUTH rules and access for the mqmon userid to the qmanager. QManager Object authorities and also for all objects are enabled for mqmon id.

Other qmanagers running on the same host are working fine and datadog is able to access them.

What else do I need to check.
I dont know what to check for the dd_agent id here.
any thoughts?
Back to top
View user's profile Send private message
exerk
PostPosted: Mon Nov 29, 2021 10:20 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

Deleted the duplicate post.

Obvious questions:

1. Is the CONNAUTH and AUTHINFO object setup exactly the same for this queue manager as it is for the others?

2. Is the userid and authorities setup exactly the same for this queue manager as it is for the others?

I would normally script this sort of thing so that it is uniform across all queue managers, i.e. have a script that has an input file for the settings for that user, and takes a queue manager name as an argument.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Nov 29, 2021 2:43 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Especially when the error shows an LDAP error. It is so easy to make those...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
deesub
PostPosted: Tue Nov 30, 2021 1:29 am    Post subject: Reply with quote

Novice

Joined: 08 Jun 2018
Posts: 12

Obvious questions:

1. Is the CONNAUTH and AUTHINFO object setup exactly the same for this queue manager as it is for the others?

YES

2. Is the userid and authorities setup exactly the same for this queue manager as it is for the others?

YES
Back to top
View user's profile Send private message
hughson
PostPosted: Tue Nov 30, 2021 1:46 am    Post subject: Re: Datadog-MQ conn :- User ID initialization failed for 'mq Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

deesub wrote:
EXPLANATION:
The LDAP authentication and authorization service has failed in the ldap_search
call while trying to find user or group 'mqmon'. Returned count is 0.
Additional context is '(&(objectClass=inetOrgPerson)(uid=mqmon))'.
ACTION:
Specify the correct name, or fix the directory configuration. There may be
additional information in the LDAP server error logs.


This suggests that the queue manager is trying to find the mqmon user id in the LDAP server and has not found it. Is the mqmon user id in the LDAP user repository?
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
exerk
PostPosted: Tue Nov 30, 2021 11:14 pm    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

deesub wrote:
Obvious questions:

1. Is the CONNAUTH and AUTHINFO object setup exactly the same for this queue manager as it is for the others?

YES

2. Is the userid and authorities setup exactly the same for this queue manager as it is for the others?

YES

If changes were made to the above, was a refresh of security or restart of the queue manager carried out?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
deesub
PostPosted: Tue Nov 30, 2021 11:47 pm    Post subject: Reply with quote

Novice

Joined: 08 Jun 2018
Posts: 12

YES REFRESH SECURITY AND QMGR RESTART WAS Also done
Back to top
View user's profile Send private message
hughson
PostPosted: Wed Dec 01, 2021 12:23 am    Post subject: Re: Datadog-MQ conn :- User ID initialization failed for 'mq Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

hughson wrote:
deesub wrote:
EXPLANATION:
The LDAP authentication and authorization service has failed in the ldap_search
call while trying to find user or group 'mqmon'. Returned count is 0.
Additional context is '(&(objectClass=inetOrgPerson)(uid=mqmon))'.
ACTION:
Specify the correct name, or fix the directory configuration. There may be
additional information in the LDAP server error logs.


This suggests that the queue manager is trying to find the mqmon user id in the LDAP server and has not found it. Is the mqmon user id in the LDAP user repository?

Just checking you saw this question too?
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
exerk
PostPosted: Wed Dec 01, 2021 12:23 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

deesub wrote:
YES REFRESH SECURITY AND QMGR RESTART WAS Also done

What does the following command return?

Code:
ldapsearch -x -b "dc=mqmon,dc=com" -H ldap://<your ldap ip> -W "(objectclass=account)"


The above assumes your LDAP allows anonymous bind.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
deesub
PostPosted: Thu Feb 24, 2022 2:23 am    Post subject: Reply with quote

Novice

Joined: 08 Jun 2018
Posts: 12

ldapsearch -x -b "dc=mqmon,dc=com" -H ldap:deesub -W "(objectclass=account)"
-bash: ldapsearch: command not found

ldapsearch
-bash: ldapsearch: command not found
Back to top
View user's profile Send private message
deesub
PostPosted: Thu Feb 24, 2022 2:26 am    Post subject: Reply with quote

Novice

Joined: 08 Jun 2018
Posts: 12

THe datadog monitoring agent is using the userid 'dd-agent' not wsure where
the MQ monitoring server is using the monitoring clien tchannel to poll the mQ server detaisl which is using the userid mqmon (chlauth rules in place for this userid)

THis works for all other qmanagers in the same server setup the same way.no differences.
but doee not work only for one qmanager that throws this error:

AMQ9557E: Queue Manager User ID initialization failed for 'mqmon'.

EXPLANATION:
The call to initialize the User ID 'mqmon' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. If a
userID flow was used, the User ID in the UID header was 'dd-agent' and any
CHLAUTH rules applied prior to user adoption were evaluated case-sensitively
against this value.
ACTION:
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » Datadog-MQ conn :- User ID initialization failed for 'mqmon'
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.