Topic
9 replies Latest Post - ‏2012-09-27T02:56:05Z by LI.YG
LI.YG
LI.YG
14 Posts
ACCEPTED ANSWER

Pinned topic MQ client connection testing

‏2012-08-22T06:28:19Z |
Hi everyone,

I am trying to test an MQ connection, from a client to a server. Two methods are tried out. Method 1 does not work, while method 2 works. Method 2 is provided by my SA, but I believe Method 1 should be frequently used too. The default port 1414 is used. The server is MQ version 7.01; and the client is version 6. I searched quite some posts online, but cannot find the answer. Any hint is appreciated.
Method 1

C:\Program Files\IBM\WebSphere MQ\bin>amqscnxc -x 10.92.33.224 -c MINIQ.JANUS1.T1 JANUS1
Sample AMQSCNXC start
Connecting to queue manager JANUS1
using the server connection channel MINIQ.JANUS1.T1
on connection name 10.92.33.224.
MQCONNX ended with reason code 2035

Method 2 (in *Java*)

int openOptions = MQC.MQOO_OUTPUT | MQC.MQOO_FAIL_IF_QUIESCING;
Hashtable table = new Hashtable();
table.put(MQC.HOST_NAME_PROPERTY, "10.92.33.224");
table.put(MQC.CHANNEL_PROPERTY, "MINIQ.JANUS1.T1");
mqMgr = new MQQueueManager("JANUS1", table);
mqMsgOpt = new MQPutMessageOptions();
mqPutQ = mqMgr.accessQueue("MINI.MX.SIT.REQ", openOptions, null, null, null);
System.out.println("Connected to Q:" + "MINI.MX.SIT.REQ");
Updated on 2012-09-27T02:56:05Z at 2012-09-27T02:56:05Z by LI.YG
  • SystemAdmin
    SystemAdmin
    8523 Posts
    ACCEPTED ANSWER

    Re: MQ client connection testing

    ‏2012-08-23T05:12:48Z  in response to LI.YG
    Method 1: 2035 = not authorized. Most likely the MCAUSER set on the SVRCONN channel "MINIQ.JANUS1.T1" does not have authority to connect to the qmgr.

    Method 2: Java may be asserting some other userid on the SVRCONN channel, which does have authority to connect.
    • LI.YG
      LI.YG
      14 Posts
      ACCEPTED ANSWER

      Re: MQ client connection testing

      ‏2012-08-23T07:08:22Z  in response to SystemAdmin
      The MCAUSER is set to null as show in the attached screenshot.

      May I know how to check the mcauser assigned to a channel? And how can I specify mcauser for amqscnxc? Or I can do nothing at the client side?

      Thanks

      -YG
      • SystemAdmin
        SystemAdmin
        8523 Posts
        ACCEPTED ANSWER

        Re: MQ client connection testing

        ‏2012-08-24T00:37:37Z  in response to LI.YG
        k, I can see that MCAUSER is blank. This means that connecting clients should run as the userid of the MCA pool process (amqrmppa). This userid is normally mqm (on UNIX) and should not result in a 2035 reason code! (unless something is screwed up in OAM profiles)

        If you use amqsputc instead of amqscnxc, the channel will stay running until you hit Enter. You will need to set the MQSERVER environment variable to specify the client connection channel details. DIS CHS(chlname) ALL on the running channel will then show the effective MCAUSER that is used for authorization checks.
        • LI.YG
          LI.YG
          14 Posts
          ACCEPTED ANSWER

          Re: MQ client connection testing

          ‏2012-08-27T03:11:21Z  in response to SystemAdmin
          I modified the java code to test the MCAUSER (I am using WinXP).

          The below code works. So I assume "" is one of the effective user id.
          table.put(MQC.USER_ID_PROPERTY, "");

          It does not work when using MUSR_MQADMIN or some random strings (I got 2035).
          table.put(MQC.USER_ID_PROPERTY, "MUSR_MQADMIN");

          I did try out amqsputc before. MQSERVER was set properly, and the same error code was returned. Is there anyway I can set MCAUSER? I tried "set MCAUSER=", but it did not work.

          Regards
          -YG
          • SystemAdmin
            SystemAdmin
            8523 Posts
            ACCEPTED ANSWER

            Re: MQ client connection testing

            ‏2012-08-27T05:16:59Z  in response to LI.YG
            >Is there anyway I can set MCAUSER?

            Yes, on the SVRCONN channel definition. Think about it. It would be an extreme security hole if the client could set the channel's effective userid to anything they like.
            • LI.YG
              LI.YG
              14 Posts
              ACCEPTED ANSWER

              Re: MQ client connection testing

              ‏2012-08-27T05:35:10Z  in response to SystemAdmin
              Sorry, I did not make it clear. What I mean is at client side, is there a way to specify MCAUSER for amqsputc, like what we can do for MQSERVER. Thanks.

              Regards
              -YG
              • LI.YG
                LI.YG
                14 Posts
                ACCEPTED ANSWER

                Re: MQ client connection testing

                ‏2012-08-31T09:05:33Z  in response to LI.YG
                I got more testing results:

                the java program works with either "" or "MQM" as the user id.

                public static void main(String[] args) {
                try {
                java.util.Hashtable table = new java.util.Hashtable();
                //table.put(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_CLIENT);
                table.put(MQC.HOST_NAME_PROPERTY, "10.92.33.224");
                table.put(MQC.CHANNEL_PROPERTY, "MINIQ.JANUS1.T1");
                table.put(MQC.USER_ID_PROPERTY, "");
                MQQueueManager mqMgr = new MQQueueManager("JANUS1", table);
                System.out.println("Connected Successfully");
                } catch (Exception e)
                {
                System.out.println(e.toString());
                }
                }
                the C# program does not work with either of them.

                static void Main(string[] args)
                {
                try
                {
                Hashtable qmProperties = new Hashtable();
                //qmPropertieshttp://MQC.TRANSPORT_PROPERTY = MQC.TRANSPORT_MQSERIES_CLIENT;
                qmPropertieshttp://MQC.HOST_NAME_PROPERTY = "10.92.33.224";
                qmPropertieshttp://MQC.PORT_PROPERTY = 1414;
                qmPropertieshttp://MQC.CHANNEL_PROPERTY = "MINIQ.JANUS1.T1";
                qmPropertieshttp://MQC.USER_ID_PROPERTY = "";
                MQQueueManager queueManager = new MQQueueManager("JANUS1", qmProperties);
                Console.WriteLine("Connected Successfully");
                }
                catch (MQException mexc)
                {
                // TODO: Setup other exception handling
                throw new Exception(mexc.Message + " ReasonCode: " + mexc.ReasonCode, mexc);
                }
                }

                Seems java can interpret the user id correctly.
                • LI.YG
                  LI.YG
                  14 Posts
                  ACCEPTED ANSWER

                  Re: MQ client connection testing

                  ‏2012-09-27T02:51:17Z  in response to LI.YG
                  I got the answer with the help of IBM MQ support team. Just share with everyone the findings.

                  if server mca = '' and client mca = '', python/c# will fail while java can succeed.
                  java works because windows uid is not used, while other PLs set client mca = windows id
                  if server mca = 'abcd' and client mca = 'abcd', all can work.

                  Enjoy MQ!
                  • LI.YG
                    LI.YG
                    14 Posts
                    ACCEPTED ANSWER

                    Re: MQ client connection testing

                    ‏2012-09-27T02:56:05Z  in response to LI.YG
                    And thanks a lot to GlennBaddeley:)