ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » amqoamd on Windows issue (User no longer exists)

Post new topic  Reply to topic Goto page Previous  1, 2
 amqoamd on Windows issue (User no longer exists) « View previous topic :: View next topic » 
Author Message
jefflowrey
PostPosted: Sun Dec 19, 2004 4:04 pm    Post subject: Re: amqoamd on Windows issue (User no longer exists) Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981

WannaBeInAParker wrote:
User name: FAIL : unresolved account
Authorities: altusr connect inq set setall setid chg crt dlt dsp (0x009f07ff)
SID: S-1-5-21-1177238915-1767777339-725345543-43546

_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
WannaBeInAParker
PostPosted: Sun Dec 19, 2004 6:19 pm    Post subject: Reply with quote

Voyager

Joined: 09 Dec 2003
Posts: 81

Jeff,

That's correct the user does not exist any longer. I think I may have confused things by showing an example of what authorities are defined when a user creates a new queue.


fjb_saper, first time I saw the -remove option. Thanks for that, seems helpful for other scenarios, but not my current one.

-WannaBe-
_________________
-WannaBe-
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sun Dec 19, 2004 8:35 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY

You wrote the error output as output of amqoamd.

Did you try dmpmqaut -m qmgr ?
and if yes what was the output thereof.
Did you see any errors or can you see the offending principal in the dmpmqaut output.
Back to top
View user's profile Send private message Send e-mail
WannaBeInAParker
PostPosted: Mon Dec 20, 2004 3:37 am    Post subject: Reply with quote

Voyager

Joined: 09 Dec 2003
Posts: 81

Here is the output of dmpmqaut:

profile: SYSTEM.ADMIN.CHANNEL.EVENT
object type: queue
entity: S-1-5-21-1177238915-1767777339-725345543-43546@
entity type: unknown
authority: allmqi dlt chg dsp clr
- - - - - - - -
profile: SYSTEM.ADMIN.CHANNEL.EVENT
object type: queue
entity: mqm@INAW2168
entity type: group
authority: allmqi dlt chg dsp clr
_________________
-WannaBe-
Back to top
View user's profile Send private message
jefflowrey
PostPosted: Mon Dec 20, 2004 5:25 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981

Have you tried copy/pasting the SID into setmqaut?
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
WannaBeInAParker
PostPosted: Mon Dec 20, 2004 6:10 am    Post subject: Reply with quote

Voyager

Joined: 09 Dec 2003
Posts: 81

I thought of that when I pasted the snippet above. I need to reproduce this on a dev system and try it there as this issue appeared in PROD. I will try and let you know the results. The only thing that leads me to believe that this may not work is the fact that the entity type is listed as "unknown", instead of principal or group.
_________________
-WannaBe-
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Dec 20, 2004 11:25 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY

We are talking about the SYSTEM.CHANNEL.EVENT queue. There should not be that many authorizations on it.
Just a suggestion if remove with SID does not work
Make a dmpmqaut and look at all authorizations for said queue.
Try the setmqaut -remove specifying the object:
-t q -n SYSTEM.CHANNEL.EVENT and no principal.
See if it removes all authorizations ?
After that all you need is to reset the authorizations needed to run and REFRESH the security....

Keep us informed
Back to top
View user's profile Send private message Send e-mail
WannaBeInAParker
PostPosted: Tue Dec 21, 2004 5:18 am    Post subject: Reply with quote

Voyager

Joined: 09 Dec 2003
Posts: 81

Let me just reiterate, that we have not granted any permissions on this or other queues and that this is just one example of several objects that have this autority set. MQseries must automatically grant +all to the user that creates the queue in the Windows environment.
_________________
-WannaBe-
Back to top
View user's profile Send private message
JasonE
PostPosted: Tue Dec 21, 2004 10:43 am    Post subject: Reply with quote

Grand Master

Joined: 03 Nov 2003
Posts: 1220
Location: Hursley

There is nothing you can do about entries in the OAM relating to userids which dont exist. Suggestion - raise a requirement for consideration in a future release that you can remove by SID...

For now you will have to live with it

(And yes, I think the creator and mqm both get explicit entries in the OAM, if I remember correctly).
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » General IBM MQ Support » amqoamd on Windows issue (User no longer exists)
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.