IC5Notice: We have upgraded developerWorks Community to the latest version of IBM Connections. For more information, read our upgrade FAQ.
Topic
  • 3 replies
  • Latest Post - ‏2013-02-19T12:23:53Z by SystemAdmin
SystemAdmin
SystemAdmin
8523 Posts

Pinned topic environment variable MQSAUTHERRORS question

‏2013-02-19T11:45:50Z |
I am running WMQ 7.5 on AIX. I set the environment variable MQSAUTHERRORS as indicated in this posting:

http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg21377578

I generated a 2035 ( caused by a chlauth rule ).
I restarted the queue manager and generated the same 2035.
For both 2035s, I got the same 2 messages in /var/mqm/qmgrs/<qmname>/errors/AMQERR01.LOG.
However I was expecting an FDC in /var/mqm/errors from the second one, but I didn't get one.
Can anyone explain why ?

The environment variable MQSAUTHERRORS seems to be set OK.
aktv1infa47:/home/mqm # su - mqm
MQ_JAVA_INSTALL_PATH is /usr/mqm/java
MQ_JAVA_DATA_PATH is /var/mqm
MQ_JAVA_LIB_PATH is /usr/mqm/java/lib64
CLASSPATH is :/usr/mqm/java/lib/com.ibm.mq.jar:/usr/mqm/java/lib/com.ibm.mqjms.jar:/usr/mqm/samp/jms/samples:/usr/mqm/samp/wmqjava/samples
mqm@aktv1infa47:/home/mqm $ echo $MQSAUTHERRORS
TRUE
mqm@aktv1infa47:/home/mqm $

I also have this set in the .profile:
export MQS_REPORT_NOAUTH=TRUE
These are the messages in /var/mqm/qmgrs/<qmname>/errors/AMQERR01.LOG


02/19/13 05:31:09 - Process(25821186.7) User(mqm) Program(amqrmppa)
Host(aktv1infa47) Installation(Installation1)
VRMF(7.5.0.0) QMgr(WMBUXBX3)

AMQ9777: Channel was blocked

EXPLANATION:
The inbound channel 'SYSTEM.DEF.SVRCONN' was blocked from address
'10.164.34.78' because the active values of the channel matched a record
configured with USERSRC(NOACCESS). The active values of the channel were
'CLNTUSER(mq027721)'.
ACTION:
Contact the systems administrator, who should examine the channel
authentication records to ensure that the correct settings have been
configured. The ALTER QMGR CHLAUTH switch is used to control whether channel
authentication records are used. The command DISPLAY CHLAUTH can be used to
query the channel authentication records.

cmqxrmsa.c : 910
02/19/13 05:31:09 - Process(25821186.7) User(mqm) Program(amqrmppa)
Host(aktv1infa47) Installation(Installation1)
VRMF(7.5.0.0) QMgr(WMBUXBX3)

AMQ9999: Channel 'SYSTEM.DEF.SVRCONN' to host 'INFO_KW-2K2WJ81 (10.164.34.78)'
ended abnormally.

EXPLANATION:
The channel program running under process ID 25821186 for channel
'SYSTEM.DEF.SVRCONN' ended abnormally. The host name is 'INFO_KW-2K2WJ81
(10.164.34.78)'; in some cases the host name cannot be determined and so is
shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.

amqrmrsa.c : 898
Updated on 2014-03-06T12:18:41Z at 2014-03-06T12:18:41Z by Morag Hughson
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: environment variable MQSAUTHERRORS question

    ‏2013-02-19T11:51:34Z  
    MQSAUTHERRORS is for generating FDCs from the OAM (the component that does authorization checks in the queue manager). In your case, the 2035 you generated was not from the OAM it was from the CHLAUTH component. This is unaffected by MQSAUTHERRORS.

    What is the issue you are having that means you need FDCs to solve your 2035 from CHLAUTH. Perhaps there is another way to discover what the problem is? If you described what your issue is, perhaps we can make some suggestions.

    Cheers
    Morag
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: environment variable MQSAUTHERRORS question

    ‏2013-02-19T11:58:23Z  
    Thanks for your response.
    I don't actually have a problem at this point. I was testing this feature in case I needed to use it in the future. The web page I provided seems to suggest that an FDC will be generated on any 2035, and not just certain types of 2035.
    I am anticipating that when I start to code chlauth rules I will end up with problems ( due to my lack of understanding of how to code the rules ), and I was trying to get a head start on how to fix them.
    Thanks again.
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: environment variable MQSAUTHERRORS question

    ‏2013-02-19T12:23:53Z  
    Thanks for your response.
    I don't actually have a problem at this point. I was testing this feature in case I needed to use it in the future. The web page I provided seems to suggest that an FDC will be generated on any 2035, and not just certain types of 2035.
    I am anticipating that when I start to code chlauth rules I will end up with problems ( due to my lack of understanding of how to code the rules ), and I was trying to get a head start on how to fix them.
    Thanks again.
    I expect when that web page was written, there were only 2035 errors from the OAM. I will make a request for it to be updated to clarify that.

    I suggest you take a read of this, to help you with CHLAUTH:-

    I am being blocked by CHLAUTH - how can I work out why?

    Cheers
    Morag