| Author |
Message
|
| Manish Kumar |
 Posted: Wed May 28, 2014 2:17 am Post subject: Unable to connect to new Queue Manager |
 |
|
Novice
Joined: 16 May 2014
Posts: 13
|
I am getting 2035 error code which means user id is not authorised.
My application runs under different id and but i am using different id to connect to MQ. My application is in VB 6 and i have used alternate used id property to pass the user id which is authorised.
Can anyone tell me how to override application id with id which is authorised to resolve the issue. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed May 28, 2014 1:11 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20768
Location: LI,NY
|
What did you use as Put Message Options (pmo) ? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| PaulClarke |
| Posted: Wed May 28, 2014 10:24 pm Post subject: |
|
|
Grand Master
Joined: 17 Nov 2005
Posts: 1002
Location: New Zealand
|
I think the first thing to discover it what call are you getting the 2035 on? Are you failing to connect or failing to open?
Cheers,
Paul.
_________________
Paul Clarke
MQGem Software
www.mqgem.com |
|
| Back to top |
|
|
| Manish Kumar |
| Posted: Wed May 28, 2014 10:27 pm Post subject: |
|
|
Novice
Joined: 16 May 2014
Posts: 13
|
I am using CMQB.bas library for making connection and all.
Below is the code which i am using to connect :
Private Function IBAAGMQConnect() As String
Dim CompCode As Long ' Completion code
Dim Reason As Long ' Reason code
Dim od As MQOD ' Object descriptor
Dim CnoCD As MQCNOCD ' Connect Options for SSL
Dim QMgrName As String * MQ_Q_MGR_NAME_LENGTH ' Pass to MQCONN
' Connect to the Queue Manager
QMgrName = QManagerName
MQCONN QMgrName, gHcon, CompCode, Reason
If CompCode <> MQCC_OK Then
IBAAGMQConnect = "IBAAG MQ: Connection to Queue Manager failed. Reason: " & Reason & " Mgr Name is " & QMgrName
Exit Function
Else
IBAAGMQConnect = "0000"
End If
End Function
-----------------------------------
Private Function IBAAGMQOpen(FQueueName As String) As String
Dim CompCode As Long ' Completion code
Dim Reason As Long ' Reason code
Dim O_options As Long ' Open options
Dim od As MQOD ' Object descriptor
' Open the queue specified in the Queue textbox
' if the connect was successful
If gHcon Then
MQOD_DEFAULTS od
od.ObjectName = FQueueName
' To specify a queue manager uncomment the
' Following line which is (Case-Sensitive)
od.ObjectQMgrName = QManagerName
od.AlternateUserId = AlternateUsedId
O_options = MQOO_OUTPUT + MQOO_INPUT_SHARED + MQOO_ALTERNATE_USER_AUTHORITY
MQOPEN gHcon, od, O_options, gHobj, CompCode, Reason
If CompCode <> MQCC_OK Then
Select Case Reason
Case Is = 2085
IBAAGMQOpen = "IBAAG MQ: Opening of " & Trim(FQueueName) & " failed. " & "ReasonCode = (2085) - MQRC_UNKNOWN_OBJECT_NAME: Check the spelling of the Queue name, which is Case-Sensitive."
Case Is = 2087
IBAAGMQOpen = "IBAAG MQ: Opening of " & Trim(FQueueName) & " failed. " & "ReasonCode = (2087) - MQRC_REMOTE_Q_MGR: Check the spelling of the Queue name, which is Case-Sensitive."
End Select
Exit Function
Else
IBAAGMQOpen = "0000"
End If
Else
IBAAGMQOpen = "IBAAG MQ: Opening of " & Trim(FQueueName) & " failed. " & Reason
End If
End Function |
|
| Back to top |
|
|
| Manish Kumar |
| Posted: Wed May 28, 2014 10:29 pm Post subject: |
|
|
Novice
Joined: 16 May 2014
Posts: 13
|
I think its failing at connecting below are the logs:
IBAAG_GetInquireMQData|1:16:55 AM|1:16:55 AM|IBAAGMQConnectFailure - IBAAG MQ: Connection to Queue Manager failed. Reason: 2035 Mgr Name is WMQT037
IBAAG_GetInquireMQData|1:16:55 AM|1:16:55 AM|OpenQueueFailure - IBAAG MQ: Opening of IBAAG.WEBSERVICES_REQ failed. 0
IBAAG_GetInquireMQData|1:16:55 AM|1:16:55 AM|IBAAGWriteMQFailure - 2018
IBAAG_GetInquireMQData|1:16:55 AM|1:16:55 AM|OpenQueueFailure - IBAAG MQ: Opening of IBAAG.WEBSERVICES_RESP failed. 0 |
|
| Back to top |
|
|
| PaulClarke |
| Posted: Wed May 28, 2014 10:36 pm Post subject: |
|
|
Grand Master
Joined: 17 Nov 2005
Posts: 1002
Location: New Zealand
|
And the obvious question therefore is 'does the userid you are running the application under have the authority to connect to MQ?'
Bear in mind that Alternative UserId is a useful MQI feature but it is not a security hole. You can't just specify any alternate userid and have MQI operations happen as though it were they that were issuing the calls. You need to have the authority to do it. Essentially in order to use Alternate authority APIs the original userid needs more authority not less.
Cheers,
Paul.
_________________
Paul Clarke
MQGem Software
www.mqgem.com |
|
| Back to top |
|
|
| Manish Kumar |
| Posted: Wed May 28, 2014 10:55 pm Post subject: |
|
|
Novice
Joined: 16 May 2014
Posts: 13
|
Application is running under "bagabc" and this id does not have any authority ,it is not authorised.
"uprabc" is the user id which is authorised to connect to mq thats why i am passing this in alternate user id but i am getting 2035 error.
I have no idea what piece am i missing or what step i have done wrong. |
|
| Back to top |
|
|
| Manish Kumar |
| Posted: Wed May 28, 2014 11:07 pm Post subject: |
|
|
Novice
Joined: 16 May 2014
Posts: 13
|
Just to add we have made this code as component it is written in VB6 and COM component is registered does not have authority to connect to MQ.
and more over the logs are showing my id not the id by which it is registered while making connection to MQ |
|
| Back to top |
|
|
| Manish Kumar |
| Posted: Mon Jun 02, 2014 10:59 pm Post subject: |
|
|
Novice
Joined: 16 May 2014
Posts: 13
|
Seems like I have identified the root cause why we are getting 2035 error in return. We are using windows authentication in IIS to acces the website and VB 6 COM is being called by IIS website to make MQ request and display MQ response and every time user id of the user is getting passed not the id which i am passing through code.
Any idea or suggestion how to resolve this issue.
Please help me i need to resolve this ASAP.  |
|
| Back to top |
|
|
| IanAlderson |
| Posted: Tue Jun 03, 2014 2:33 am Post subject: |
|
|
Novice
Joined: 23 Apr 2014
Posts: 17
|
You have been pointed to the answer already but you have not realised it
| Quote: |
| And the obvious question therefore is 'does the userid you are running the application under have the authority to connect to MQ?' |
Look up altusr and you will see that this needs setting for the original ID for the connect.
I would ask though whether you really want to use alternate user? Your IIS service is presumably a trusted app and it appears from your last post that IIS is authenticating users. So why would you want to to set permissions to MQ on a per user basis rather than just the userid for the IIS service? |
|
| Back to top |
|
|
| Manish Kumar |
| Posted: Tue Jun 03, 2014 2:47 am Post subject: |
|
|
Novice
Joined: 16 May 2014
Posts: 13
|
| yes the IIS website section which is making MQ connection/request is performing Windows athentication. Regarding why we need to set permission to MQ , this is the new setup on which our organization MQ services are being migrated and we are told to update our programs accordingly. So a new id specially for MQ access is created and given access that's why I have used alt user but its not working. |
|
| Back to top |
|
|
| IanAlderson |
| Posted: Tue Jun 03, 2014 3:29 am Post subject: |
|
|
Novice
Joined: 23 Apr 2014
Posts: 17
|
Well if you insist on using alternate user then look at what permissions are required. Try searching for setmqaut and altusr and you the information you need.
The key part you seem to be missing is that it is the userid that is connecting to MQ needs the permission to connect and also needs to have altusr authority granted to be able to use the feature you're trying to use. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Jun 03, 2014 3:33 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Manish Kumar wrote: |
...Regarding why we need to set permission to MQ , this is the new setup on which our organization MQ services are being
migrated and we are told to update our programs accordingly... |
In which case you should be not be using VB6 anymore...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Manish Kumar |
| Posted: Tue Jun 03, 2014 11:39 pm Post subject: |
|
|
Novice
Joined: 16 May 2014
Posts: 13
|
We have created dedicated id for MQ connection.
Every Time window id is getting passed but i want to pass specially created id for connection.
Please help me how to resolve this issue.
ALt user parameter is not overriding the windows id.
|
|
| Back to top |
|
|
| hughson |
| Posted: Wed Jun 04, 2014 1:50 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1967
Location: Bay of Plenty, New Zealand
|
| Manish Kumar wrote: |
| ALt user parameter is not overriding the windows id. |
Alternate User parameter does not have any effect on MQCONN at all - it can only start taking effect at MQOPEN time. The user ID you run your application under will be used for the connect check.
| Manish Kumar wrote: |
We have created dedicated id for MQ connection.
Every Time window id is getting passed but i want to pass specially created id for connection. |
Is there any reason you cannot run the application under your dedicated id that you have created?
For my information in case you ask a follow-up question, is this a locally bound application or a network attached/client application?
Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
