| Author |
Message
|
| deesub |
 Posted: Mon Nov 29, 2021 6:52 am Post subject: Datadog-MQ conn :- User ID initialization failed for 'mqmon' |
 |
|
Novice
Joined: 08 Jun 2018
Posts: 12
|
I am using datadog on my monitoring server that connects to MQ Server for alerts monitoring.
THe connection to my qmanager throws the below error in the qmgr logs:
AMQ9557E: Queue Manager User ID initialization failed for 'mqmon'.
EXPLANATION:
The call to initialize the User ID 'mqmon' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. If a
userID flow was used, the User ID in the UID header was 'dd-agent' and any
CHLAUTH rules applied prior to user adoption were evaluated case-sensitively
against this value.
ACTION:
Correct the error and try again.
AMQ5531E: Error locating user or group in LDAP
EXPLANATION:
The LDAP authentication and authorization service has failed in the ldap_search
call while trying to find user or group 'mqmon'. Returned count is 0.
Additional context is '(&(objectClass=inetOrgPerson)(uid=mqmon))'.
ACTION:
Specify the correct name, or fix the directory configuration. There may be
additional information in the LDAP server error logs.
I have given the necessary CHLAUTH rules and access for the mqmon userid to the qmanager. QManager Object authorities and also for all objects are enabled for mqmon id.
Other qmanagers running on the same host are working fine and datadog is able to access them.
What else do I need to check.
I dont know what to check for the dd_agent id here.
any thoughts? |
|
| Back to top |
|
 |
| exerk |
| Posted: Mon Nov 29, 2021 10:20 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Deleted the duplicate post.
Obvious questions:
1. Is the CONNAUTH and AUTHINFO object setup exactly the same for this queue manager as it is for the others?
2. Is the userid and authorities setup exactly the same for this queue manager as it is for the others?
I would normally script this sort of thing so that it is uniform across all queue managers, i.e. have a script that has an input file for the settings for that user, and takes a queue manager name as an argument.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Nov 29, 2021 2:43 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20767
Location: LI,NY
|
Especially when the error shows an LDAP error. It is so easy to make those...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| deesub |
| Posted: Tue Nov 30, 2021 1:29 am Post subject: |
|
|
Novice
Joined: 08 Jun 2018
Posts: 12
|
Obvious questions:
1. Is the CONNAUTH and AUTHINFO object setup exactly the same for this queue manager as it is for the others?
YES
2. Is the userid and authorities setup exactly the same for this queue manager as it is for the others?
YES |
|
| Back to top |
|
|
| hughson |
| Posted: Tue Nov 30, 2021 1:46 am Post subject: Re: Datadog-MQ conn :- User ID initialization failed for 'mq |
|
|
Padawan
Joined: 09 May 2013
Posts: 1967
Location: Bay of Plenty, New Zealand
|
| deesub wrote: |
EXPLANATION:
The LDAP authentication and authorization service has failed in the ldap_search
call while trying to find user or group 'mqmon'. Returned count is 0.
Additional context is '(&(objectClass=inetOrgPerson)(uid=mqmon))'.
ACTION:
Specify the correct name, or fix the directory configuration. There may be
additional information in the LDAP server error logs. |
This suggests that the queue manager is trying to find the mqmon user id in the LDAP server and has not found it. Is the mqmon user id in the LDAP user repository?
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Nov 30, 2021 11:14 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| deesub wrote: |
Obvious questions:
1. Is the CONNAUTH and AUTHINFO object setup exactly the same for this queue manager as it is for the others?
YES
2. Is the userid and authorities setup exactly the same for this queue manager as it is for the others?
YES |
If changes were made to the above, was a refresh of security or restart of the queue manager carried out?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| deesub |
| Posted: Tue Nov 30, 2021 11:47 pm Post subject: |
|
|
Novice
Joined: 08 Jun 2018
Posts: 12
|
| YES REFRESH SECURITY AND QMGR RESTART WAS Also done |
|
| Back to top |
|
|
| hughson |
| Posted: Wed Dec 01, 2021 12:23 am Post subject: Re: Datadog-MQ conn :- User ID initialization failed for 'mq |
|
|
Padawan
Joined: 09 May 2013
Posts: 1967
Location: Bay of Plenty, New Zealand
|
| hughson wrote: |
| deesub wrote: |
EXPLANATION:
The LDAP authentication and authorization service has failed in the ldap_search
call while trying to find user or group 'mqmon'. Returned count is 0.
Additional context is '(&(objectClass=inetOrgPerson)(uid=mqmon))'.
ACTION:
Specify the correct name, or fix the directory configuration. There may be
additional information in the LDAP server error logs. |
This suggests that the queue manager is trying to find the mqmon user id in the LDAP server and has not found it. Is the mqmon user id in the LDAP user repository? |
Just checking you saw this question too?
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Dec 01, 2021 12:23 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| deesub wrote: |
| YES REFRESH SECURITY AND QMGR RESTART WAS Also done |
What does the following command return?
| Code: |
| ldapsearch -x -b "dc=mqmon,dc=com" -H ldap://<your ldap ip> -W "(objectclass=account)" |
The above assumes your LDAP allows anonymous bind.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| deesub |
| Posted: Thu Feb 24, 2022 2:23 am Post subject: |
|
|
Novice
Joined: 08 Jun 2018
Posts: 12
|
ldapsearch -x -b "dc=mqmon,dc=com" -H ldap:deesub -W "(objectclass=account)"
-bash: ldapsearch: command not found
ldapsearch
-bash: ldapsearch: command not found |
|
| Back to top |
|
|
| deesub |
| Posted: Thu Feb 24, 2022 2:26 am Post subject: |
|
|
Novice
Joined: 08 Jun 2018
Posts: 12
|
THe datadog monitoring agent is using the userid 'dd-agent' not wsure where
the MQ monitoring server is using the monitoring clien tchannel to poll the mQ server detaisl which is using the userid mqmon (chlauth rules in place for this userid)
THis works for all other qmanagers in the same server setup the same way.no differences.
but doee not work only for one qmanager that throws this error:
AMQ9557E: Queue Manager User ID initialization failed for 'mqmon'.
EXPLANATION:
The call to initialize the User ID 'mqmon' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. If a
userID flow was used, the User ID in the UID header was 'dd-agent' and any
CHLAUTH rules applied prior to user adoption were evaluated case-sensitively
against this value.
ACTION: |
|
| Back to top |
|
|
| snandam |
| Posted: Sat Aug 03, 2024 4:44 pm Post subject: Please advise how you have resolved this issue. |
|
|
Newbie
Joined: 03 Aug 2024
Posts: 1
|
| Please advise how you have resolved this issue, assuming it was resolved. |
|
| Back to top |
|
|
|
|
