Mq Error Reason 2063
Contents |
FROM Z/OS AMS ENABLED QUEUE USING JMS CLIENT Subscribe to this APAR By subscribing, you receive periodic emails alerting you to the
Amq4999
status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product. Notify me when this APAR changes. Notify me when an APAR for this component changes. APAR status Closed as program error. Error description z/OS PTF UK80834 for APAR PM69493 http://www-01.ibm.com/support/docview.wss?uid=isg1PM69493 enabled function http://www.ibm.com/support/knowledgecenter/SSFKSJ_9.0.0/com.ibm.mq.tro.doc/q041320_.htm that exposed the following behaviour in the MQ for JMS classes: A WebSphere MQ classes for JMS client application, using IBM MQ Advanced Message Security (AMS) functionality, fails to receive a message from an IBM MQ AMS enabled queue that is defined on a z/OS queue manager. The following JMS Exception is returned to the application: JMSCMQ0001: WebSphere MQ call http://www.ibm.com/support/docview.wss?uid=swg1IT06183 failed with compcode '2' ('MQCC_FAILED') reason '2063' ('MQRC_SECURITY_ERROR'). Local fix Problem summary **************************************************************** USERS AFFECTED: This issue affects users who have either: - WebSphere MQ classes for JMS, or - WebSphere MQ classes for Java applications that consume encrypted messages from an IBM MQ Advanced Message Security enabled queue, where the message contains one or more of the following message headers: - MQIIH - MQCIH - MQDLH If consuming messages from a WebSphere MQ for z/OS queue manager APAR PM69493 (included in PTF UK80834) also needs to have been applied to the z/OS queue manager. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: When sending encrypted messages using IBM MQ Advanced Message Security (AMS), message headers should not be encrypted along with the message body. On the z/OS queue manager, APAR PM69493 introduced a change to ensure IBM MQ AMS on z/OS behaved the same as its distributed platform counterparts such that WebSphere MQ message headers are skipped and not protected by the AMS encryption mechanism. When a WebSphere MQ classes for JMS or classes for Java applic
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support
MQSeries.net Forum Index » IBM MQ Java http://www.mqseries.net/phpBB2/viewtopic.php?t=285&highlight=alternateuserid+mqqueue / JMS » 2063-security error and 2035-unauthorized access error 2063-security error and 2035-unauthorized access error « View previous topic :: View next topic » Author Message schoubal Posted: Thu Aug 23, 2001 2:23 am Post subject: NewbieJoined: 15 Aug 2001Posts: 3 Hello - I am having the following problem - I am running a program under userid 'caclsdev' which does not belong to group mqm. We have a queue manager QM1 and an alias queue COS.AR.ALIAS.Q which maps to a local queue on another queue manager. Initially when we mq error tried to put a message on the queue COS.AR.ALIAS.Q we got error '2035' which is MQRC_NOT_AUTHORIZED. Then using 'setmqaut' command I gave +allmqi for the alias queue and +all for the queue manager QM1 for userid caclsdev. After doing this I got error 2063 MQRC_SECURITY_ERROR. The connection to the queue manager does not give any error - the connection to the queue gives this error. When I do QM1.accessQueue with alternate user id as one that belongs to group mqm, i can easily put messages on mq error reason the alias queue i.e. i use the following method : public synchronized MQQueue accessQueue ( String queueName, int openOptions, String queueManagerName, String dynamicQueueName, String alternateUserId ) Throws MQException. specifying alternate userid as one that belongs to group mqm. I checked the authority of the userid belonging to group mqm and the userid caclsdev using dspmqaut and they are the same except for the crt authority. Can anyone tell me why this is happening ? I have the .FDC file and I have also got the relevant section of the error log if anyone needs it to help resolve this problem. My mail id is schoubal@yahoo.co.uk. Thanks in advance ! Back to top bduncan Posted: Thu Aug 23, 2001 4:16 pm Post subject: PadawanJoined: 11 Apr 2001Posts: 1554Location: Silicon Valley A couple of preliminary questions... 1) if you are running MQ5.2 or higher, have you tried issuing the REFRESH SECURITY command? 2) you say that dspmqaut shows the same permissions for your test user as well as mqm. Here's my question. Which queue did you run dspmqaut against? Was it the alias queue, or the queue that it is pointing to? Because as it turns out, you can give user "A" one set of permissions on alias queue "X", but that doesn't necessarily mean he'll have those same permissions on local queue "Y", the queue that alias queue "X" points to. 3) You mention that the alias queue points to "a local queue on another queue manager". Normally this is impossible; you cannot point an alias que