2594 (0A22)(RC2594): MQRC_PASSWORD_PROTECTION_ERROR
Explanation
An MQCONN or MQCONNX call was issued by a client application, but it failed to agree a password protection algorithm with the queue manager. For unencrypted channels, clients try to agree a password protection mechanism to avoid sending application credentials in plain text across a network.
The usual cause of this error is that the PasswordProtection attribute in the Channels stanza of the mqclient.ini or qm.ini file is set to ALWAYS, but the version of IBM® MQ that is installed on the remote system does not support password protection.
![[MQ 9.4.0 Jun 2024]](ng940.gif)
If the connection passes through IBM MQ Internet Pass-Thru (MQIPT),
and the MQIPT route is configured to add or remove TLS
encryption, the client and the queue manager might fail to agree a password protection algorithm
because one end of the channel is using TLS encryption, and the other is not.
Java and JMS clients must enable MQCSP authentication mode in order to use the PasswordProtection feature. See Connection authentication with the Java client.
Completion code
MQCC_FAILED
Programmer response
Consider changing the PasswordProtection attribute, or use TLS to protect application credentials instead. If you are using TLS, you must not use a null cipher. A null cipher provides no protection as it causes credentials to be sent in plain text.
More information can be found in the error log in message AMQ9296E.
If the connection passes through MQIPT, and the MQIPT route is configured to add or remove
TLS encryption, consider setting the value of the PasswordProtection property
in the MQIPT route configuration to
compatible.