IBM Support

IT26007: CHLAUTH rule not working when address uses DNS hostname, user receives MQRC_NOT_AUTHORIZED (2035)

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When CHLAUTH rule uses ADDRESS(host name) it appears
the reverse DNS check is not working, the CHLAUTH rule is not
used.

DISPLAY CHLAUTH MATCH(RUNCHECK) CLNTUSER('user') ADDRESS(host
name)
shows that the CHLAUTH rule should be used.

Actual incoming connections receiving 2035 NOT AUTHORIZED error
message.

AMQ9557E: Queue Manager User ID initialization failed for
'userid'.

EXPLANATION:
The call to initialize the User ID 'userid' failed with CompCode
2 and Reason 2035.

Local fix

  • Set SHARECNV(1) on the SVRCONN channel that the client is using,
example:
  ALTER CHANNEL (CHANNELNAME) CHLTYPE(SVRCONN) SHARECNV(1)

Problem summary

  • ****************************************************************
USERS AFFECTED:
This problem affects users of MQ V9.1 on all platforms who
define a CHLAUTH USERMAP rule with a hostname specified in the
ADDRESS() parameter


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
A SVRCONN channel was defined with SHARECNV greater than 1 and a
CHLAUTH rule was created for the channel to map incoming client
connections from a specific hostname (specified in the CHLAUTH
ADDRESSMAP parameter) to an userid specified in the CHLAUTH
MCAUSER parameter.

In this scenario, a logic error failed to match the IP address
of the incoming connection to the hostname in the CHLAUTH rule,
so the user mapping rules were not applied correctly for all
conversations.  As a consequence when an MQ client attempted to
connect multiple conversations the first conversation connected
successfully, but subsequent conversations failed with reason
code 2035 (MQRC_NOT_AUTHORIZED).

Problem conclusion

  • The logic error in the application of the CHLAUTH mapping rules
has been addressed. CHLAUTH rules are now applied consistently
regardless of the value of SHARECNV.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.1 CD    9.1.1
v9.1 LTS   9.1.0.2

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT26007
    • 

  • Reported component name
    IBM MQ APPL M20
    • 

  • Reported component ID
    5725Z0900
    • 

  • Reported release
    901
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-08-17
    • 

  • Closed date
    2018-09-28
    • 

  • Last modified date
    2018-09-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM MQ APPL M20
    • 

  • Fixed component ID
    5725Z0900
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS5K6E","label":"IBM MQ Appliance"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"901","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            28 September 2018
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback