Problems opening protected queues when using JMS
Various problems can arise when you open protected queues when using IBM® MQ Advanced Message Security.
You are running JMS and you receive error 2085 (MQRC_UNKNOWN_OBJECT_NAME) together with error JMSMQ2008.
You have verified that you have set up your IBM MQ AMS as described in Quick Start Guide for IBM MQ AMS with Java clients.
A possible cause is that you are using a non-IBM Java Runtime Environment. This is a known limitation described in Known limitations.
You have not set the AMQ_DISABLE_CLIENT_AMS environment variable.
Resolving the problem
- Start your JMS application under a supported IBM Java Runtime Environment (JRE).
- Move your application to the same machine where your queue manager is running and have it connect using a bindings mode connection.
A bindings mode connection uses platform native libraries to perform the IBM MQ API calls. Accordingly, the native AMS interceptor is used to perform the AMS operations and there is no reliance on the capabilities of the JRE.
- Use an MCA interceptor, because this allows signing and encryption of messages as soon as they arrive at the queue manager, without the need for the client to perform any AMS processing.
Given that the protection is applied at the queue manager, an alternate mechanism must be used to protect the messages in transit from the client to the queue manager. Most commonly this is achieved by configuring SSL/TLS encryption on the server connection channel used by the application.
- Set the AMQ_DISABLE_CLIENT_AMS environment variable if you do not want to use IBM MQ AMS.
See Message Channel Agent (MCA) interception for further information.
keystore.conf used by the queue manager.