| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SID Problem with MQExplorer |
« View previous topic :: View next topic » |
| Author |
Message
|
| TonyD |
 Posted: Tue May 27, 2003 5:35 pm Post subject: SID Problem with MQExplorer |
 |
|
Knight
Joined: 15 May 2001
Posts: 540
Location: New Zealand
|
We have a problem connecting to a remote Win2k queue manager (hrough MQExplorer from a Win2K workstation. The remote QM belongs to a WMQI Configuration Manager. The workstation User Id (e.g 'MyUser') has been added to the the CM machine and is a member of mqm and the WMQI groups. When it tries to connect remotely to the queue manager we get an authorisation exception and the message 'Authorisation failed as sid xxx-xxx does not match that of entity 'MyUser'. The same problem happens with other User Ids
I have checked the SID of 'MyUser' in the CM machine (using psgetsid) and to my eyes it is identical, apart from the last four digits, to that shown in the error message. 'MyUser' has no problem when running the Control Centre from the workstation, a similar type of connection. 'MyUser' also has no problem connecting through MQExplorer to a different CM on a different server.
There is clearly a problem on this CM Server but I am at a loss to know what it might be or where to look. I have traced the connection attempt which confirms that MQ is comparing the incoming SID against the correct EntityName (i.e. 'MyUser').
Any ideas? |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Wed May 28, 2003 6:35 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Okay, you say that you see the sids are different? Well, then, that's why it's giving you the error message that the sids are different. 
What it sounds like you are doing is one of the following:
1) Using a user that is defined as a local user on both machines, that has the same name -> Computer1/myuser AND computer2/myuser.
2) Using a user that is defined both at the domain level and the ConfigMgr level -> DOMAIN/myUser and Computer2/myuser.
In either case, you have added the wrong user to the groups on the ConfigMgr machine. For example, if you're doing #1, then you've added the Computer2/myuser to all the right groups on the ConfigMgr machine, and are authenticated to the ConfigMgr machine as Computer1/myuser.
In other words, without more detail, my best guess is that you are mixing users from multiple ownerships. That's why the sid is different on the ConfigMgr machine than what the error message is reporting. |
|
| Back to top |
|
|
| TonyD |
| Posted: Wed May 28, 2003 5:16 pm Post subject: |
|
|
Knight
Joined: 15 May 2001
Posts: 540
Location: New Zealand
|
| Quote: |
| Okay, you say that you see the sids are different? |
I think I said...
| Quote: |
| I have checked the SID of 'MyUser' in the CM machine (using psgetsid) and to my eyes it is identical, apart from the last four digits, to that shown in the error message |
Yes, 'myuser' is defined as a local user on both machines, and is a member of the required groups on the Config Manager machine. As far as I can tell the SID that is sent as part of the request to connect via SYSTEM.ADMIN.SVRCONN, and is shown in the error message and also in the trace, is identical to that of 'myuser' on the CM machine. Hence my confusion.... |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
