Error handling for AMS

IBM® MQ Advanced Message Security defines an error handling queue to manage messages that contain errors or messages that cannot be unprotected.

Defective messages are dealt with as exceptional cases. If a received message does not meet the security requirements for the queue it is on, for example, if the message is signed when it should be encrypted, or decryption or signature verification fails, the message is sent to the error handling queue. A message might be sent to the error handling queue for the following reasons:
  • Quality of protection mismatch - a quality of protection (QOP) mismatch exists between the received message and the QOP definition in the security policy.
  • Decryption error - the message cannot be decrypted.
  • PDMQ header error - the Advanced Message Security (AMS) message header cannot be accessed.
  • Size mismatch - length of a message after decryption is different than expected.
  • Encryption algorithm strength mismatch - the message encryption algorithm is weaker than required.
  • Unknown error - unexpected error occurred.
AMS uses the SYSTEM.PROTECTION.ERROR.QUEUE as its error handling queue. All messages put by IBM MQ AMS to the SYSTEM.PROTECTION.ERROR.QUEUE are preceded by an MQDLH header.

Your IBM MQ administrator can also define the SYSTEM.PROTECTION.ERROR.QUEUE as an alias queue pointing to another queue.

[z/OS][MQ 9.2.0 Jul 2020]From IBM MQ 9.1.3, on IBM MQ for z/OS®, if server to server Message Channel Agent (MCA) interception is in use:
  • If, for one of the previously stated reasons, IBM MQ AMS moves messages from the transmission queue to the error handling queue, the sender MCA simply proceeds to process the next available message on the transmission queue.
  • In general, existing channel rules apply for:
    • Putting messages to the Dead Letter Queue, and
    • Actions taken if puts to the Dead Letter Queue should fail.
See Undelivered messages on AMS for further information on specific scenarios.