Ibm Mq Error 2381
Contents |
replies Latest Post - 2013-04-23T18:22:19Z by peterfa Display:ConversationsBy Date 1-12 of 12 Previous Next peterfa 200000234J 38 Posts Pinned topic SSL Channel not working 2013-04-22T12:46:28Z | Tags: Answered question compcode: 2, reason: 2393 This question has been answered. Unanswered question This question has not
Mq Error 2393
been answered yet. I am trying to connect to a queue manager on AIX from a windows desktop, mqsslkeyr using an SSL channel with CipherSpec. The error I am getting is the following message on the queue manager side: AMQ9639: Remote channel 'SSL.SVRCONN' did not specify a CipherSpec. amq9642 I have taken what I believe to be the steps needed to set this up, but I guess I have missed something. I created a SVRCONN channel called SSL.SVRCONN, and specified an SSL Cipher Spec of DES_SHA_EXPORT. I created a CLNTCONN channel of the same name specifying DES_SHA_EXPORT in it also, and copied the file AMQCLCHL.TAB from the AIX
Mqrc_key_repository_error
system to the windows system. I created certificates on both sides, extracted the public part on each side and imported it into the other side. The SSL connection works fine if I do not specify a CipherSpec. The error message is suggesting that I am missing the Cipherspec on the windows side ( which is the remote side ). I have looked at the file AMQCLCHL.TAB with a hex viewer, and I can see that DES_SHA_EXPORT is in there. ( It came from thr CLNTCONN channel I created on the server side ). Does anyone have an idea as to what I might have missed when adding aCipherSpec value on the SVRCONN and CLNTCONN channels ? Log in to reply. Updated on 2014-03-28T16:53:24Z at 2014-03-28T16:53:24Z by Morag Hughson peterfa 200000234J 38 Posts ACCEPTED ANSWER Re: SSL Channel not working 2013-04-23T18:22:19Z Morag Hughson 110000EQPN 2013-04-23T18:12:32Z You're going to have to get in touch with the authors of the program to find out how to make use of either a CCDT, or how to exp
administration, clients, security, tools, webspheremq Emir Gaza (Consulting IT Specialist, Hursley Software Lab Services) and I are currently putting together a list of SSL gotchas based on our personal experiences and, of course, those of mq ssl our customers. Our list covers many problems and solutions already well documented in the manuals mqrc=2393\ (e.g. Error messages), but what we're trying to do is compile a single list containing both common problems and those with sometimes cryptic
Amq9637: Channel Is Lacking A Certificate.
solutions. We aim to expand this list in future with more items and more detail, but for now, here's the list we have compiled… Comments most welcome… 1.1 CSQX630E Channel requires SSL Platform: z/OS Problem description This https://www.ibm.com/developerworks/community/forums/html/topic?id=141eecd0-7c09-467f-bfed-f45739c6cf6e may happen when you start an SSL channel, and there are no SSL tasks running. Solution To start SSL tasks use ALTER QMGR( ) SSLTASKS(n) and restart the channel initiator. 1.2 CSQX642E No SSL certificate for channel name Platform: z/OS Problem description You attempt to start an SSL channel with mutual authentication (receiver has SSLCAUTH(REQUIRED)) and you get this error message. If you change SSLCAUTH to OPTIONAL the channel starts! This may happen when the SSL https://hursleyonwmq.wordpress.com/2007/06/29/websphere-mq-ssl-%E2%80%9Cgotchas%E2%80%9D-common-mistakes-and-how-to-avoid-them/ certificates do not have the correct Key Usage attributes. Solution Key Usage must be: Either blank, or If not blank, it must include HANDSHAKE A certificate with this Key Usage will not work: Key Usage: DATAENCRYPT This will work: Key Usage: HANDSHAKE, DATAENCRYPT 1.3 Certificate not signed Platform: z/OS Problem description You sent a certificate for signature by the Certification Authority, but, when you list the certificate, you find that Subject and Issuer are the same. This means that the certificate is not signed. Solution The most probable cause is that you did not ADD the certificate to the RACF database. 1.4 CSQX686E SSL private key error Platform: z/OS Problem description If you list the certificate that gives you this error, you will see that it has Private Key = NONE. Most probably you sent a certificate for signature and then added the signed certificate with the wrong label. For example, you sent a certificate with label ibmWebSphereMQCSQ2 and added the signed certificate with label ibmWebSphereMQCSQ1. The latter will not have a private key. Solution Add the signed certificate with the same label of the original, self-signed certificate sent for signature. 1.5 CSQX632I SSL certificate has no associated user ID Platform: z/OS Problem description MQ cannot find a userid from the certificate. The channel will run under the CHINIT userid (this may be a security exposure).
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring http://stackoverflow.com/questions/13687004/how-to-resolve-websphere-mq-reason-code-2195-related-error developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question http://blog.robiii.nl/2012/01/websphere-mq-reason-codes.html x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up How to resolve WebSphere MQ Reason code 2195 related error? up vote 5 down vote favorite 4 I am getting an WebSphere MQ Reason code 2195 MQRC_UNEXPECTED_ERROR when I try to connect mq error to the message flows deployed on the execution group. Can somebody please tell me what exactly does this reason code mean? Queue manager, broker , execution group.. everything is up and running and the ports are also open. I am not getting anything worthwhile on the net. Please advise. websphere-mq messagebroker share|improve this question edited Dec 3 '12 at 17:54 Charles 40.1k1069107 asked Dec 3 '12 at 15:59 Tanu 975514 add a comment| 2 Answers 2 active oldest votes up ibm mq error vote 6 down vote The 2195 return code is a high-level exception that is hit when errors are not caught at lower levels in the code. Very often these are generated when some external dependency such as file access or Os resources does not behave as expected and the failure cascades into WMQ. Usually when these errors are thrown, WMQ will produce an FDC file in {WMQ install dir}/errors to record the event. The FDC file tells which executable failed, the function that was executing during the failure, the environment, user ID and many other details. These can be used by IBM to diagnose the problem but are often useful for WMQ admins as well. As a general rule, for any WMQ error that you cannot easily diagnose, take a look in: {WMQ install dir}/qmgrs/{qmgr name}/errors/AMQERR01.LOG {WMQ install dir}/errors/AMQERR01.LOG {WMQ install dir}/errors/*.FDC When reporting an error, please post whether you found any error log entries or new FDC files in these locations and if so what the content of these was. This will make it easier for respondents to to provide answers that are specific and relevant. If you care to update your question with diagnostic info from the errors directories, I'll be happy to update this response in kind. share|improve this answer answered Dec 3 '12 at 16:09 T.Rob 23.3k84381 add a comment| up vote 0 down vote You might encounter this code after changing
InnerException is beyond me. This page can be used to look up "ReasonCodes" (which is all the LinkedException provides in XMS.NET). The links in this page all lead to the specific help-page. CodeCode (hex)ReasonCodeDescription 00000RC0MQRC_NONE 9000384RC900MQRC_APPL_FIRST 99903E7RC999MQRC_APPL_LAST 200107D1RC2001MQRC_ALIAS_BASE_Q_TYPE_ERROR 200207D2RC2002MQRC_ALREADY_CONNECTED 200307D3RC2003MQRC_BACKED_OUT 200407D4RC2004MQRC_BUFFER_ERROR 200507D5RC2005MQRC_BUFFER_LENGTH_ERROR 200607D6RC2006MQRC_CHAR_ATTR_LENGTH_ERROR 200707D7RC2007MQRC_CHAR_ATTRS_ERROR 200807D8RC2008MQRC_CHAR_ATTRS_TOO_SHORT 200907D9RC2009MQRC_CONNECTION_BROKEN 201007DARC2010MQRC_DATA_LENGTH_ERROR 201107DBRC2011MQRC_DYNAMIC_Q_NAME_ERROR 201207DCRC2012MQRC_ENVIRONMENT_ERROR 201307DDRC2013MQRC_EXPIRY_ERROR 201407DERC2014MQRC_FEEDBACK_ERROR 201607E0RC2016MQRC_GET_INHIBITED 201707E1RC2017MQRC_HANDLE_NOT_AVAILABLE 201807E2RC2018MQRC_HCONN_ERROR 201907E3RC2019MQRC_HOBJ_ERROR 202007E4RC2020MQRC_INHIBIT_VALUE_ERROR 202107E5RC2021MQRC_INT_ATTR_COUNT_ERROR 202207E6RC2022MQRC_INT_ATTR_COUNT_TOO_SMALL 202307E7RC2023MQRC_INT_ATTRS_ARRAY_ERROR 202407E8RC2024MQRC_SYNCPOINT_LIMIT_REACHED 202507E9RC2025MQRC_MAX_CONNS_LIMIT_REACHED 202607EARC2026MQRC_MD_ERROR 202707EBRC2027MQRC_MISSING_REPLY_TO_Q 202907EDRC2029MQRC_MSG_TYPE_ERROR 203007EERC2030MQRC_MSG_TOO_BIG_FOR_Q 203107EFRC2031MQRC_MSG_TOO_BIG_FOR_Q_MGR 203307F1RC2033MQRC_NO_MSG_AVAILABLE 203407F2RC2034MQRC_NO_MSG_UNDER_CURSOR 203507F3RC2035MQRC_NOT_AUTHORIZED 203607F4RC2036MQRC_NOT_OPEN_FOR_BROWSE 203707F5RC2037MQRC_NOT_OPEN_FOR_INPUT 203807F6RC2038MQRC_NOT_OPEN_FOR_INQUIRE 203907F7RC2039MQRC_NOT_OPEN_FOR_OUTPUT 204007F8RC2040MQRC_NOT_OPEN_FOR_SET 204107F9RC2041MQRC_OBJECT_CHANGED 204207FARC2042MQRC_OBJECT_IN_USE 204307FBRC2043MQRC_OBJECT_TYPE_ERROR 204407FCRC2044MQRC_OD_ERROR 204507FDRC2045MQRC_OPTION_NOT_VALID_FOR_TYPE 204607FERC2046MQRC_OPTIONS_ERROR 204707FFRC2047MQRC_PERSISTENCE_ERROR 20480800RC2048MQRC_PERSISTENT_NOT_ALLOWED 20490801RC2049MQRC_PRIORITY_EXCEEDS_MAXIMUM 20500802RC2050MQRC_PRIORITY_ERROR 20510803RC2051MQRC_PUT_INHIBITED 20520804RC2052MQRC_Q_DELETED 20530805RC2053MQRC_Q_FULL 20550807RC2055MQRC_Q_NOT_EMPTY 20560808RC2056MQRC_Q_SPACE_NOT_AVAILABLE 20570809RC2057MQRC_Q_TYPE_ERROR 2058080ARC2058MQRC_Q_MGR_NAME_ERROR 2059080BRC2059MQRC_Q_MGR_NOT_AVAILABLE 2061080DRC2061MQRC_REPORT_OPTIONS_ERROR 2062080ERC2062MQRC_SECOND_MARK_NOT_ALLOWED 2063080FRC2063MQRC_SECURITY_ERROR 20650811RC2065MQRC_SELECTOR_COUNT_ERROR 20660812RC2066MQRC_SELECTOR_LIMIT_EXCEEDED 20670813RC2067MQRC_SEL