IBM Support

IC92418: PREPARE MQ WIZARD FAILS WITH UNEXPECTED ERROR WHILE VALIDATING THE SECURITY CREDENTIALS OF DOMAIN USER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The Prepare WebSphere MQ Wizard fails while attempting to
    configure the service to run under a domain user.  A Windows
    pop-up error reports  "An unexpected error has occurred while
    validating the security credentials of user "DOMAIN\userid".
    The domain mqm account was created following the steps provided
    in the WebSphere MQ Infocenter, and the "log on as a service"
    local user right was granted to the account prior to running the
    Wizard.
    The Prepare Wizard log (amqmjpse.txt) shows:
    CheckSecurity: Checking that the MQ Service can read the group
    membership of the logged on user
    Starting the MQ Service 'MQ_Installation1'
    MQ Service is already started
    CheckGroups returned code 268468345 (0x10008079)
    CheckSecurity: rc=1 (0x1)
    Checking Services status: SECURITY_STATE_BAD_AUTHORITY
    Where 268468345=zrc_CSPRC_UNABLE_TO_OBTAIN_GROUPS
    
    WebSphere MQ trace shows the following error:
    Checking local groups for 'DOMAIN\userid'
    NetUserGetLocalGroups returned 0x0000054B
    :       ----}! mkntCheckServer
    (rc=zrc_CSPRC_UNABLE_TO_OBTAIN_GROUPS)
    Where 0x0000054B=ERROR_NO_SUCH_DOMAIN
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Users of Prepare MQ Wizard attempting to configure a domain user
    
    Platforms affected:
    Windows
    
    ****************************************************************
    PROBLEM SUMMARY:
    Prepare MQ Wizard fails while attempting to configure a domain
    user. As part of validation MQ retrieves the local group of the
    domain user,  when doing so the NetUserGetLocalGroups API used
    by MQ to retrieve local group can fail when there is a firewall
    between the server and the domain controller.
    

Problem conclusion

  • MQ code has been modified such that NetUserGetLocalGroups API is
    altered with different parameter to cope with the firewall
    between the server and domain controller.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following:
    
                       v7.1
    Platform           Fix Pack 7.1.0.4
    --------           --------------------
    Windows            7.1.0.4
    
                       v7.0
    Platform           Fix Pack 7.0.1.11
    --------           --------------------
    Windows            7.0.1.11
    
    Version            v7.5
    --------           --------------------
    Fix available in:  7.5.0.3
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC92418

  • Reported component name

    WMQ WINDOWS V7

  • Reported component ID

    5724H7220

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-05-20

  • Closed date

    2013-06-27

  • Last modified date

    2013-08-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ WINDOWS V7

  • Fixed component ID

    5724H7220

Applicable component levels

  • R710 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCPQ63","label":"APAR \/ Maintenance"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
14 August 2013