IBM Support

IC70076: FDC CUT WITH PROBE ID XY314146 FROM XCSTIMEDLOOKUPACCOUNTSID WHEN A SECURITY EXIT UPDATES THE SECURITYID FIELD.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • If a  security exit is used that updates the SecurityId field
    of a channel definition, a FDC with the following information
    may be generated:
    Probe Id          :- XY314146
    Component         :- xcsTimedLookupAccountSid
    Probe Description :- AMQ6119: An internal WebSphere MQ error has
    occurred
    (WinNT error 87 from LookupAccountSid.)
    Comment1          :- WinNT error 87 from LookupAccountSid.
    Comment2          :- The parameter is incorrect.
    MQM Function Stack
    zlaMainThread
    zlaProcessMessage
    zlaProcessSPIRequest
    zlaSPIInquireQueueStatus
    zsqSPIInquireQueueStatus
    kqiInquireQueueHandleStatus
    xcsTimedLookupAccountSid
    xcsFFST
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All Windows users who have replacement OAMs plus security exits
    on their channels.
    
    Platforms affected:
    Windows
    
    ****************************************************************
    PROBLEM SUMMARY:
    When an application connects, some context is stored about the
    userid, and on Windows this includes the SID (security id). On
    Windows, MQ may use the SID to retrieve the userid if it can.
    
    In a setup where the user context is changed by a user exit
    such that the securityId is overridden, and a user replacement
    OAM modifies the accounting token so it no longer contains a
    SID, WebSphere MQ does not have a valid SID to work with and
    hence stores nulls for the associated SID.
    
    When querying the qstatus type(handle), Websphere MQ attempts
    to resolve the SID into a userid, but in the case where it is
    no longer valid an FDC is cut showing invalid parameter, and
    trace shows the parameter is all nulls.
    

Problem conclusion

  • WebSphere MQ has been modified to prevent the looking up of a
    SID during the display qstatus type(handle) processing, if the
    SecurityId is no longer a valid SID.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
                       v7.0
    Platform           Fix Pack 7.0.1.4
    --------           --------------------
    Windows            U200323
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available, information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC70076

  • Reported component name

    WMQ WINDOWS V7

  • Reported component ID

    5724H7220

  • Reported release

    701

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-07-21

  • Closed date

    2010-07-28

  • Last modified date

    2010-07-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ WINDOWS V7

  • Fixed component ID

    5724H7220

Applicable component levels

  • R701 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCPQ63","label":"APAR \/ Maintenance"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
28 July 2010