无法将应用程序连接到队列管理器获取错误JMSWMQ2013

时间:2018-04-27 16:15:23

标签: ibm-mq

我们正在使用websphere MQ版本9.0.0.1,基本上我们已经在linux机器上配置了主动/被动群集设置,所有队列管理器都在主动/被动节点上正常运行。我们在队列管理器中配置了通道队列, 当应用程序尝试连接我的队列管理器时,我们正面临错误

以下错误到达应用程序端。

The Security athuntication was not valid that supplied for  QUEUEMANAGER 'xxxxx_OUTWARD'WITH CONNECTION 'CLIENT' and HOST NAME 'xxxxx'PLEASE CHECK IF THE ERROR QUEUEMANAGER 'xxxxx_OUTWARD'WITH CONNECTION MODE 'CLIENT'AND HOST NAME'xxxxxx.

在ERROR下面,我们在queuemanager级错误日志中找到了

----- cmqxrsrv.c : 2362 -------------------------------------------------------
04/27/2018 07:52:35 PM - Process(29498.16) User(mqm) Program(amqzlaa0)
                    Host(xxxxxxx) Installation(Installation2)
                    VRMF(9.0.0.1) QMgr(xxxxx_INWARD)

AMQ5534: User ID 'mqm' authentication failed

EXPLANATION:
The user ID and password supplied by the 'WebSphere MQ Client for Java' program
could not be authenticated. 
Additional information: 'N/A'.
ACTION:
Ensure that the correct user ID and password are provided by the application.
Ensure that the authentication repository is correctly configured. Look at
previous error messages for any additional information.
----- amqzfuca.c : 4486 -------------------------------------------------------
04/27/2018 07:52:35 PM - Process(29498.16) User(mqm) Program(amqzlaa0)
                    Host(JPRIPAYMENTMQ2) Installation(Installation2)
                    VRMF(9.0.0.1) QMgr(xxxxx_INWARD)

AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(OPTIONAL) configuration.

EXPLANATION:
The user ID 'mqm' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with
CHCKCLNT(OPTIONAL). 

This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information. 

Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server. 

If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
not passing a user ID across the channel. For example, by omitting the MQCSP
structure from the client MQCONNX API call. 

To avoid the authentication check, you can amend the authentication
configuration of the queue manager connection, but you should generally not
allow unauthenticated remote access.
-------------------------------------------------------------------------------
04/27/2018 07:52:36 PM - Process(18265.105) User(xxx) Program(amqrmppa)
                    Host(xxxxx) Installation(Installation2)
                    VRMF(9.0.0.1) QMgr(xxxxx_INWARD)

AMQ9557: Queue Manager User ID initialization failed for 'mqm'.

EXPLANATION:
The call to initialize the User ID 'mqm' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was 'mqm'.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 2362 -------------------------------------------------------
在此之后,我已经获得了“mqm”的许可。使用以下命令的队列管理器级别和队列级别的用户仍然面临同样的错误。

setmqaut -m queue manager name -t qmgr -p mqm +connect & 
setmqaut -m queue manager name -n queue name -t queue -p mqm user name +all

任何人都可以帮助解决这个问题

@Morag Hughson: - 如何在队列管理器级别关闭用户标识和密码

@Morag Hughson: -  关闭用户ID和密码的任何命令请分享命令来解决此问题。

@JoshMC: - 如果我将其关闭,这是一个很好的做法,还是有任何其他选项可以从队列管理器/应用程序端解决此问题?

@Hello all,我被告知应用程序放置消息而不提及任何用户ID和密码。之后我的应用程序能够访问所有队列管理器。 问题得到解决。感谢所有人帮助解决这个问题。

2 个答案:

答案 0 :(得分:2)

队列管理器错误消息告诉您确切的问题。首先它说: - 

AMQ5534: User ID 'mqm' authentication failed

EXPLANATION:
The user ID and password supplied by the 'WebSphere MQ Client for Java' program
could not be authenticated.

因此,试图通过客户端连接的Java应用程序发送'mqm'作为用户ID和错误的密码(或者根本没有密码)。

队列管理器正在检查密码。第二条错误消息告诉您为什么要检查它。

AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(OPTIONAL) configuration.

EXPLANATION:
The user ID 'mqm' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with
CHCKCLNT(OPTIONAL).

队列管理器默认存在第二条错误消息中描述的配置。

您有两种选择。

  1. 发送正确的密码以使用Java应用程序中的“mqm”用户ID。
  2. 选择关闭队列管理器上的用户ID和密码检查。

答案 1 :(得分:0)

首先,除了MQAdmins和在'mqm'帐户下运行的MQ服务之外,没有应用程序应该使用'mqm'帐户。常规业务应用程序永远不应该使用'mqm'帐户。这是一个很大的安全风险,违背了IBM的MQ最佳实践。

其次,'mqm'帐户已经拥有对所有内容的完全权限。

setmqaut -m queue manager name -t qmgr -p mqm +connect & 
setmqaut -m queue manager name -n queue name -t queue -p mqm +all

您正在尝试授予已拥有完全权限的UserId。

第三,通过执行这些命令,您可能会弄乱队列管理器。

Fouth,错误消息与授权无关,但正如JoshMc所指出的那样,它是关于 身份验证 。 setmqaut命令用于授权(即权限)。

第五,在运行队列管理器的服务器上创建UserId和密码(或使用MS AD),并在应用程序连接到队列管理器时提供这些凭据。注意:您需要使用setmqaut命令为新的UserId权限授予访问队列管理器和队列的权限。

相关问题
最新问题