APAR status
Closed as program error.
Error description
The MQ Appliance mqweb server log file (messages.log) contains several entries similar to the following: Entry DatapowerThriftTAI.negotiateValidateandEstablishTrust() Data DatapowerThriftTAI.negotiateValidateandEstablishTrust() Header present Data DatapowerThriftTAI.negotiateValidateandEstablishTrust() mqaread 18 Valid Session Entry DatapowerThriftTAI.createAdminSubjectForUsername() mqaread Data DatapowerThriftTAI.createAdminSubjectForUsername() Adding mqaread to role MQWebAdminRO Data DatapowerThriftTAI.createAdminSubjectForUsername() Adding mqaread to role MFTWebAdminRO Exit DatapowerThriftTAI.createAdminSubjectForUsername() mqaread Exit DatapowerThriftTAI.negotiateValidateandEstablishTrust() 200 mqaread Entry DatapowerThriftTAI.isTargetInterceptor() The entries are diagnostic information from the MQ Appliance web UI component's user authentication/authorization routines, and this information does not need to be written out under normal operation when diagnostic trace options are disabled.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of the IBM MQ 9.2 Appliance. Platforms affected: Linux on x86-64 **************************************************************** PROBLEM DESCRIPTION: The MQ Appliance contains a component called the web UI, which runs within the mqweb server. The component includes a class called DatapowerThiftTAI, which is a custom Trust Association Interceptor (TAI) that is used to authenticate and authorise users against the DataPower user store. Whenever the DatapowerThriftTAI class was used to perform authentication and authorisation checks, it would write diagnostic information similar to the examples show below to the mqweb server log file (messages.log), regardless of whether mqweb server trace had been enabled or not: Entry DatapowerThriftTAI.negotiateValidateandEstablishTrust() Data DatapowerThriftTAI.negotiateValidateandEstablishTrust() Data DatapowerThriftTAI.negotiateValidateandEstablishTrust() mqaread 18 Valid Session Entry DatapowerThriftTAI.createAdminSubjectForUsername() mqaread Data DatapowerThriftTAI.createAdminSubjectForUsername() Adding mqaread to role MQWebAdminRO Data DatapowerThriftTAI.createAdminSubjectForUsername() Adding mqaread to role MFTWebAdminRO Exit DatapowerThriftTAI.createAdminSubjectForUsername() mqaread Exit DatapowerThriftTAI.negotiateValidateandEstablishTrust() 200 mqaread Over time, these entries caused the messages.log file to fill up and be archived, using up unnecessary disk space on the MQ Appliance.
Problem conclusion
To resolve this issue, the DatapowerThriftAPI class within the MQ Appliance web UI has been updated so that it will only write diagnostic information to the mqweb server log file (messages.log) if mqweb server trace is enabled and set to the logging level "*=all". An example of the command that should be used to to enable trace at this logging level is shown below: setmqweb properties -k traceSpec -v *=all This prevents the messages.log file filling up with unnecessary entries, while still providing a mechanism to generate the diagnostic information if required. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.2 LTS 9.2.0.6 v9.x CD 9.3.0.0 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT34490
Reported component name
MQ APPLIANCE M2
Reported component ID
5737H4700
Reported release
920
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-10-09
Closed date
2022-01-20
Last modified date
2022-04-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MQ APPL M2002 V
Fixed component ID
5737H4701
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SS5K6E","label":"IBM MQ Appliance"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"920"}]
Document Information
Modified date:
14 April 2022