APAR status
Closed as program error.
Error description
After upgrading queue manager to MQ v8.0.0.10 and installing fix for MQ auth 'ctrl' issue (APAR IT25591), client getting 2035 (NOT_AUTHORIZED) error. The queue manager error logs only show error AMQ9209. The SYSTEM.ADMIN.CHANNEL.EVENT does receive events showing 2577 (Channel Blocked), but there is no related error in the queue manager error log.
Local fix
Set SHARECNV(1) on the SVRCONN channel that the client us using, example: ALTER CHANNEL (CHANNELNAME) CHLTYPE(SVRCONN) SHARECNV(1)
Problem summary
**************************************************************** USERS AFFECTED: This problem affects users of MQ V8.0.0.10 on all platforms who define SVRCONN channels with a combination of CHLAUTH mapping rules, security exits and SHARECNV greater than 1. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: A SVRCONN channel was defined with SHARECNV greater than 1 and a security exit, and CHLAUTH rules were created to allow only one specific user to connect to the channel. In this scenario, a logic error failed to apply the user mapping CHLAUTH rules correctly, which meant that when an MQ client attempted to connect multiple conversations with a valid user id to the channel, the first conversation connected successfully, but subsequent conversations failed with reason code 2035 (MQRC_NOT_AUTHORIZED).
Problem conclusion
The logic error in the application of the CHLAUTH mapping rules has been addressed. CHLAUTH rules are now applied consistently regardless of whether a security exit is defined or the value of SHARECNV. The changes to the ordering of CHLAUTH processing resulting from this APAR are document in further detail under the following technote: https://www.ibm.com/support/docview.wss?uid=ibm10725873 --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v8.0 8.0.0.11 v9.0 LTS 9.0.0.5 v9.1 CD 9.1.1 v9.1 LTS 9.1.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT25839
Reported component name
IBM MQ BASE MP
Reported component ID
5724H7251
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-07-27
Closed date
2018-08-17
Last modified date
2018-08-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PH06233
Fix information
Fixed component name
IBM MQ BASE MP
Fixed component ID
5724H7251
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
17 August 2018