| Author |
Message
|
| vsridhara |
 Posted: Fri Nov 06, 2009 3:24 am Post subject: MQ Behaving wierd. |
 |
|
Novice
Joined: 12 Feb 2009
Posts: 10
|
We have been testing continuously sending messages from Windows to Z/OS. The Queue is connected to IMS on the Z/OS side. So we invoke a transaction basically.
A couple of days back I stopped testing and was doing other chores. Today I resumed testing and I am getting a wierd RACF authentication errors.
I am using a Windows logon user ID "MVSID1" from which I send MQ messages to Z/OS. I also have a Administrator user id on Windows. But I dont use it to send MQ messages because I get Authentication errors.
However even by using MVSID1, which is a valid MVS user id on Z/OS, the IMS transaction complains that message is received from ADMINIST.
What is this wierd behaviour?
I tried to modify the windows services to run the IBM MQSeries service under the userid MVSID1, I logged off multiple times, restarted multiple times, deleted MVSID1 on windows and recreated it. But nothing is helping me out. Can you tell me what is wrong suddenly?
The error I get is
--------------
ICH408I USER(ADMINIST) GROUP( ) NAME(??? ) 511
LOGON/JOB INITIATION - USER AT TERMINAL NOT RACF-DEFINED
--------------
Thanks ..
Vijay S |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Fri Nov 06, 2009 3:45 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
Check for mcauserid on windows channel 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| vsridhara |
| Posted: Fri Nov 06, 2009 4:17 am Post subject: |
|
|
Novice
Joined: 12 Feb 2009
Posts: 10
|
| I checked the MCA again, it says MVSID1... tried to send another message, still the same error... |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Nov 06, 2009 4:53 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Is IMS using the UserId field of the message? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Nov 06, 2009 6:26 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9403
Location: US: west coast, almost. Otherwise, enroute.
|
It's pretty clear that your RACF admins have not granted ADMINIST sufficient authority to whatever is being attempted. Ask the RACF admins to display ADMINIST's profile(s).
I'm guessing (since you didn't provide sufficient details) that the inbound message to IMS is driving an IMS transaction, and that there is no rule granting ADMINIST sufficient authority to run the transaction.
As always, there are other moving parts here, like OTMA.
Your question about what has suddenly changed indicates that something has changed. Look to the RACF folks for the answer to this.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| vsridhara |
| Posted: Sun Nov 08, 2009 4:43 am Post subject: |
|
|
Novice
Joined: 12 Feb 2009
Posts: 10
|
What you didnt understand is that I got the error when I logged into Windows with Administrator user id and sent MQ message . Later I created a windows user MVSID1 where MVSID1 is a valid RACF user.
I was successful in sending messages. Now I try again with MVSID1; I get the error now for ADMINIST. which is weird. Hope I clarified myself.
Vijay S |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sun Nov 08, 2009 8:54 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9403
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| What you didn't understand is that I got the error when I logged into Windows with Administrator user id and sent MQ message. |
If I understand this, you successfully sent messages from Windows using Administrator username?
MVS/RACF only understand 8 character userids in upper-case. So, I'm guessing that no RACF rule prevented you from sending messages, and MVS receiving them, and putting them into the correct destination queue.
| Quote: |
| Later I created a windows user MVSID1 where MVSID1 is a valid RACF user. I was successful in sending messages. |
If I understand this, you next logged on (or did a contact admin) with username MVSID1, and you successfully sent messages? Did you use the same application program or utility?
| Quote: |
| Now I try again with MVSID1; I get the error now for ADMINIST. which is weird. |
Were you logged in as MVSID1 when you did this? Or were you logged on as Administrator? It appears that you were Administrator, as the username Administrator was shortened to 8 characters and folded to upper-case when the message arrived on MVS.
| Quote: |
| I checked the MCA again, it says MVSID1... |
Please post the MVS receiver channel definition. There are other channel attributes at work here.
| Quote: |
| Hope I clarified myself. |
Some.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| vsridhara |
| Posted: Sun Nov 08, 2009 10:08 pm Post subject: |
|
|
Novice
Joined: 12 Feb 2009
Posts: 10
|
When you hinted me look at the receiving channel on mainframe and I did. It has wrong entry ADMINIST in it, though I never touched it. I changed it to MVSID1 and it resolved my issue..
Thanks much for help
Vijay s  |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Nov 09, 2009 6:23 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9403
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| though I never touched it. I changed it to MVSID1 and it resolved my issue.. |
If you never touched (changed) it, who did?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat Nov 21, 2009 5:17 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9403
Location: US: west coast, almost. Otherwise, enroute.
|
Moved to Security forum.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
