[Windows]

Configuring IBM MQ with the Prepare IBM MQ Wizard

The Prepare IBM® MQ Wizard helps you to configure IBM MQ with a user account for your network. You must run the wizard to configure the IBM MQ Service before you can start any queue managers.

Before you begin

When IBM MQ is running, it must check that only authorized users can access queue managers or queues. Whenever any user attempts such access, IBM MQ uses its own local account to query information about the user.

Most networked Windows systems are members of a Windows domain where user accounts, other security principals, and security groups are maintained and managed by a directory service, Active Directory, running on a number of domain controllers. IBM MQ checks that only authorized users can access queue managers or queues.

In such networks, IBM MQ queue manager processes access the Active Directory information to find the security group membership of any users attempting to use IBM MQ resources. The accounts under which IBM MQ services run must be authorized to look up such information from the directory. In most Windows domains, local accounts defined at individual Windows servers cannot access directory information, so the IBM MQ services must run under a domain account that has the appropriate permission.

If the Windows server is not a member of a Windows domain or the domain has a reduced security or functional level, then the IBM MQ services can run under a local account that was created during installation.

If a special domain account is needed for your installation of IBM MQ, the Prepare IBM MQ Wizard asks you to enter details of this account (domain, user name, and password), so make sure that you have this information available before you start this task. Ask your domain administrator to set up an account, if one does not already exist, and provide you with the necessary details. For more information about configuring a domain account, see Creating and setting up Windows domain accounts for IBM MQ.

Important: If a domain account is needed and you install IBM MQ without a special account (or without entering its details), many or all parts of IBM MQ will not work, depending on the particular user accounts involved. Also, IBM MQ connections to queue managers that run under domain accounts on other systems might fail. The account can be changed by running the Prepare IBM MQ Wizard and specifying the details of the account to be used.

For information about the user rights required to take advantage of the Active Directory support, see Local and domain user accounts for the IBM MQ Windows service.

For information about the user rights required to take advantage of the Kerberos authentication support, see Securing.

About this task

The Prepare IBM MQ Wizard window is displayed when the IBM MQ installation completes. You can also run the wizard at any time from the Start menu.

You can use the Prepare IBM MQ Wizard (AMQMJPSE.EXE) with the following parameters:
Table 1. Startup parameters that can be used for the Prepare IBM MQ Wizard
Parameter Name Parameter description How parameter is used Default action if parameter not supplied
-l file Create log file The Prepare IBM MQ Wizard appends to a log file with the program actions and results.

This parameter specifies the file name to use for this log. If the path is not provided, the IBM MQ Data directory is assumed. If the file name is not provided, amqmjpse.txt is assumed.

 Append to log file amqmjpse.txt in IBM MQ Data directory.
-r Reset MQSeriesService user account When the Prepare IBM MQ Wizard is first run it creates a local user account MUSR_MQADMIN, with specific settings and permissions. The MQSeriesService component is configured to run under this account. Depending on the LAN configuration, the wizard might reconfigure the MQSeriesService component to run under a domain user account instead.

When this parameter is specified, the local user account MUSR_MQADMIN is re-created with all the default settings and permissions. The MQSeriesService component is configured to run under this account.

 User account not reset.
-s silent installation mode Process silently. Nothing is displayed and there is no user input. Not silent mode.
-p file User parameters from file Load and use parameters from the parameter file. If the path is not provided, the IBM MQ Data directory is assumed. If the file name is not provided, AMQMJPSE.INI is assumed.

The following stanzas are loaded:

[Services]
[SSLMigration]

 When in silent mode, the parameter file AMQMJPSE.INI is loaded from IBM MQ Data directory.

When not in silent mode, a parameter file is not used.
-m file Generate a Microsoft System Management Server (SMS) status .MIF file. When the Prepare IBM MQ Wizard closes, generate a status .MIF file with the specified name. If the path is not provided, the Data directory is assumed. If the file name is not provided, AMQMJPSE.MIF is assumed.

The file ISMIF32.DLL (installed as part of SMS) must be in the path.

The InstallStatus field in the file will contain either Success or Failed.

 .MIF file not created.

On Windows systems, you must carry out this task under a Windows administrator account, or domain administrator account in case your workstation is a member of a Windows domain.

On Windows systems with User Account Control (UAC) enabled, if you do not complete the Prepare IBM MQ Wizard directly after IBM MQ is installed, or if for any reason your machine is rebooted between completing IBM MQ installation and completing the Prepare IBM MQ Wizard, you must accept the Windows prompt when it appears to allow the wizard to run as elevated.

Procedure

  1. When the IBM MQ installation completes, the Prepare IBM MQ Wizard window is displayed with a welcome message.
    To continue, click Next.
  2. If you have run the Prepare IBM MQ Wizard before, this step is skipped. Otherwise, the Prepare IBM MQ Wizard window displays a progress bar with the following message: 
    Status: Setting up IBM MQ Configuration

    Wait until the progress bar completes.

  3. The Prepare IBM MQ Wizard window displays a progress bar with the following message: 
    Status: Setting up the IBM MQ Service.

    Wait until the progress bar completes.

  4. IBM MQ attempts to detect whether you must configure IBM MQ for use with Windows Active Directory Server or Windows domain users. Depending on the results of the detection, IBM MQ does one of the following things:
    • If IBM MQ detects that you need to configure IBM MQ for Windows Active Directory Server or Windows domain users, the Prepare IBM MQ Wizard window displays a message that starts: 
      IBM MQ does not have the authority to query information about
your user account

      Click Next, and go to step 5.

    • If you are not installing on a Windows Active Directory Server or Windows domain server and IBM MQ cannot detect whether you need to configure IBM MQ for Windows Active Directory Server or Windows domain users, the Prepare IBM MQ Wizard window displays the following message: 
      Are any of the domain controllers in your network running
Windows 2000 or later domain server?

      If you select Yes, click Next, then go to step 5.

      If you select No, click Next, then go to step 9.

      If you select Don't know, you cannot continue. Select one of the other options, or click Cancel and contact your domain administrator.

    • If IBM MQ detects that you do not need to configure IBM MQ for Windows Active Directory Server or Windows domain users, go to step 9.
  5. The Prepare IBM MQ Wizard window displays the following message: 
    Do you need to configure IBM MQ for users defined on Windows 2000
or later domain controllers?

    If you select Yes, click Next, then go to step 6.

    If you select No, click Next, then go to step 9.

    If you select Don't know, you cannot continue. Select one of the other options, or click Cancel and contact your domain administrator. For more information about domain accounts, see Creating and setting up Windows domain accounts for IBM MQ.

  6. Give the domain user that you obtained from your domain administrator the access to run as a service.
    1. Click Start > Run..., type the command secpol.msc and click OK.
    2. Open Security Settings > Local Policies > User Rights Assignments. In the list of policies, right-click Log on as a service > Properties.
    3. Click Add User or Group... and type the name of the user you obtained from your domain administrator, then click Check Names
    4. If prompted by a Windows Security window, type the user name and password of an account user or administrator with sufficient authority, and click OK > Apply > OK. Close the Local Security Policy window.
  7. In the next window, enter the Domain and user ID of the domain user account that you obtained from your domain administrator. Either enter the Password for this account, or select the option This account does not have a password. Click Next.
  8. The Prepare IBM MQ Wizard window displays a progress bar with the following message: 
    Status: Configuring IBM MQ with the special domain user account

    Wait until the progress bar completes. If there are any problems with the domain user account, a further window is displayed. Follow the advice on this window before you continue with this procedure.

  9. The Prepare IBM MQ Wizard window displays a progress bar with the following message: 
    Status: Starting IBM MQ services

    Wait until the progress bar completes.

  10. Next, select the options that you require.
    The Prepare IBM MQ Wizard window displays the following message: 
    You have completed the Prepare IBM MQ Wizard
    Select the options that you require, then click Finish. Select one or more from the following list:
    • Remove the shortcut to this wizard from the desktop

      This option is available only if you have previously attempted installation, but you canceled the procedure from thePrepare IBM MQ Wizard and you created a desktop shortcut to this wizard. Select this option to remove the shortcut. You do not need it now that you have completed the Prepare IBM MQ Wizard.

    • Launch IBM MQ Explorer

      The IBM MQ Explorer allows you to view and administer your IBM MQ network. You can use the items in the Welcome to IBM MQ Explorer Content view page to explore the facilities in IBM MQ. This page is launched the first time that the IBM MQ Explorer is launched. The Welcome page can be viewed at any time from the IBM MQ Explorer by clicking IBM MQ in the Navigator view.

    • Launch Notepad to view the release notes

      The release notes contain information about installing IBM MQ and also late-breaking news that is available after the published documentation is produced.

What to do next

Optionally, follow the procedure described in Checking for problems after installing.

For information on how to verify an installation, see Verifying an IBM MQ installation on Windows.