198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
IBM Installation Manager and the Not-Well-Formed Markup
Fri, Sep 22nd 2017 55
IBM Business Process Manager 8.6
Fri, Sep 22nd 2017 62
Kubernetes 1.7 available in IBM Bluemix Container Service
Wed, Sep 20th 2017 77
Using openSSL on macOS to encrypt a file using a password
Wed, Sep 20th 2017 66
This time, it's about a freezer
Tue, Sep 19th 2017 91
Kubernetes and IBM Bluemix - again with the #HoldingItWrong
Tue, Sep 19th 2017 79
Testing JDBC Data Sources using Jython
Mon, Sep 18th 2017 57
Top 10
This time, it's about a freezer
Tue, Sep 19th 2017 91
Kubernetes and IBM Bluemix - again with the #HoldingItWrong
Tue, Sep 19th 2017 79
Kubernetes 1.7 available in IBM Bluemix Container Service
Wed, Sep 20th 2017 77
Using openSSL on macOS to encrypt a file using a password
Wed, Sep 20th 2017 66
IBM Business Process Manager 8.6
Fri, Sep 22nd 2017 62
Transport Layer Security (TLS) 1.2 and SoapUI
Fri, Jun 12th 2015 59
Testing JDBC Data Sources using Jython
Mon, Sep 18th 2017 57
IBM Installation Manager and the Not-Well-Formed Markup
Fri, Sep 22nd 2017 55
Secure Identity Propagation Using WS-Trust, SAML2, and WS-Security
Mon, Sep 18th 2017 45
Hmmmm, HTTP404 and SRVE0190E seen with IBM HTTP Server and WebSphere Application Server
Fri, Nov 14th 2014 38


IBM Integration Bus - The Fun Continues .... MQ reason code 2035 while trying to connect
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

So I now have IBM Integration Bus (IIB) 9.0.0.2 and the Toolkit running on my Red Hat Enterprise Linux VM, as per these most recent posts: -



I have the toolkit installed as user wasadmin because that's the user with which I installed a whole slew of other WebSphere products, using IBM Installation Manager.

Therefore, in order to use the Toolkit to create/administer an Integration Node ( fka Broker ), I need to ensure that the wasadmin user is setup to access IIB and WebSphere MQ (WMQ).

I did this by: -

(a) Adding the user into the appropriate Linux groups - this is what I now have: -

id wasadmin

uid=500(wasadmin) gid=505(mqm) groups=505(mqm),506(mqbrkrs)

id mqm

uid=505(mqm) gid=505(mqm) groups=505(mqm)

id wmbadmin

uid=506(wmbadmin) gid=506(mqbrkrs) groups=506(mqbrkrs),505(mqm)

In essence, I added the wasadmin user to the mqbrkrs group as follows: -

usermod -G mqm,mqbrkrs wasadmin

( as root )

(b) configuring the Bash environment for user wasadmin to use BOTH WMQ and IIB: -

cat /home/wasadmin/.bashrc

# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

# User specific aliases and functions
umask 022
set -o vi
alias hist='history | cut -c 8-'

. /opt/ibm/mqm/bin/setmqenv -s -k

source /opt/ibm/mqsi/9.0.0.2/bin/mqsiprofile


I have highlighted in bold the two lines added to achieve this.

Now I can log in as wasadmin and create an Integration Node ( aka Broker ), as follows: -

mqsicreatebroker DAVEHAY -q DAVEHAY

WebSphere MQ queue manager created.
Directory '/var/mqm/qmgrs/DAVEHAY' created.
The queue manager is associated with installation 'Installation2'.
Creating or replacing default objects for queue manager 'DAVEHAY'.
Default objects statistics : 79 created. 0 replaced. 0 failed.
Completing setup.
Setup completed.
WebSphere MQ queue manager 'DAVEHAY' starting.
The queue manager is associated with installation 'Installation2'.
5 log records accessed on queue manager 'DAVEHAY' during the log replay phase.
Log replay for queue manager 'DAVEHAY' complete.
Transaction manager state recovered for queue manager 'DAVEHAY'.
WebSphere MQ queue manager 'DAVEHAY' started using V8.0.0.0.
BIP8071I: Successful command completion. 


mqsistart DAVEHAY

BIP8096I: Successful command initiation, check the system log to ensure that the component started without problem and that it continues to run without problem. 

mqsilist

BIP1285I: Broker 'DAVEHAY' on queue manager 'DAVEHAY' is stopped. 
BIP8071I: Successful command completion.


dspmq

QMNAME(QM_MDB)                                            STATUS(Running)
QMNAME(DAVEHAY)                                           STATUS(Running)

I can then start the Toolkit: -

~/IBM/IntegrationToolkit90/launcher

One small glitch - I see this within the Toolkit when I attempt to connect to the Integration Node: -


The user 'wasadmin' is not authorized to connect to queue manager 'DAVEHAY' (MQ reason code 2035 while trying to connect) 

Happily the solution is relatively simple :-)

I looked at the logs: -

cd /var/mqm/qmgrs/DAVEHAY/errors
cat AMQERR01.LOG

wherein I could see: -

AMQ5534: User ID 'wasadmin' authentication failed

EXPLANATION:

The user ID and password supplied by 'javaw' could not be authenticated.

ACTION:

Ensure that the correct user ID and password are provided by the application. Ensure that the authentication repository is correctly configured. Look at previous error messages for any additional information.

AMQ5542: The failed authentication check was caused by the queue manager CONNAUTH CHCKLOCL(OPTIONAL) configuration.

EXPLANATION:

The user ID 'wasadmin' and its password were checked because the queue manager connection authority (CONNAUTH) configuration refers to an authentication information (AUTHINFO) object named 'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with CHCKLOCL(OPTIONAL).

This message accompanies a previous error to clarify the reason for the user ID and password check.

ACTION:
Refer to the previous error for more information.

Ensure that a password is specified by the client application and that the password is correct for the user ID. The authentication configuration of the queue manager connection determines the user ID repository. For example, the local operating system user database or an LDAP server.

If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by not passing a user ID across the channel. For example, by omitting the MQCSP structure from the client MQCONNX API call.

To avoid the authentication check, you can amend the authentication configuration of the queue manager connection, but you should generally not allow unauthenticated remote access.

After some digging, I think that the problem is that the Toolkit is attempting to connect to the DAVEHAY Queue Manager, and is not sending the correct authentication string e.g. user ID *AND* password.

Looking at the Queue Manager in more detail: -

runmqsc DAVEHAY

5724-H72 (C) Copyright IBM Corp. 1994, 2014.
Starting MQSC for queue manager DAVEHAY.

display qmgr connauth

AMQ8408: Display Queue Manager details.
   QMNAME(DAVEHAY)                      
   CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)

display AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)

AMQ8566: Display authentication information details.
   AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
   AUTHTYPE(IDPWOS)                        ADOPTCTX(NO)
   DESCR( )                                CHCKCLNT(REQDADM)
   CHCKLOCL(OPTIONAL)                      FAILDLAY(1)
   ALTDATE(2014-09-19)                     ALTTIME(11.21.38)

My reading of this is: -

(a) the Toolkit is sending a user ID ( wasadmin ) but NOT sending a password
(b) the Queue Manager expects BOTH a user ID and a password

Interestingly, the Toolkit, leastways on Linux, doesn't give one the opportunity to specific connection credentials :-)

Therefore, the Toolkit, whilst running as wasadmin, is trying to connect to the Queue Manager as that user wit NO password :-)

Ironically, I'm making a LOCAL connection as both the Toolkit AND the Queue Manager are running on the same OS.

After much faffing about, I found this excellent deck from my IBM Hursley colleague, Morag Hughson: -


which led me to this solution: -

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(REQDADM) CHCKLOCL(NONE)    
REFRESH SECURITY TYPE(CONNAUTH)


which, as far as I can establish, means that MQ will require a valid set of credentials for client connections, via CHCKCLNT(REQDADM), but not for local connections, via CHCKLOCL(NONE).

To verify this hypothesis, I switched back to the old state: -

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(REQDADM) CHCKLOCL(OPTIONAL)    
REFRESH SECURITY TYPE(CONNAUTH)

and my old friend: -

The user 'wasadmin' is not authorized to connect to queue manager 'DAVEHAY' (MQ reason code 2035 while trying to connect) 

popped up.

I reverted back to CHCKLOCL(NONE) and I'm now in like Flynn: -


On a related note, I had a similar, but different problem with WMQ Explorer ( running as another user - wmbadmin ): -

/opt/ibm/WebSphere_MQ_Explorer/MQExplorer

With this, I was attempting to make a remote connection to the same Queue Manager: -

Host name or IP address bam8012.uk.ibm.com
Port number 1414
Server-connection channel SYSTEM.DEF.SVRCONN

Unlike the IIB Toolkit, this DOES allow me to enter credentials.

However, Explorer failed to connect with: -

Could not establish a connection to the queue manager - reason 2538. (AMQ4059)
  Could not establish a connection to the queue manager - reason 2538. (AMQ4059)
  Severity: 10 (Warning)
  Explanation: The attempt to connect to the queue manager failed. This could be because the queue manager is incorrectly configured to allow a connection from this system, or the connection has been broken.
  Response: Try the operation again. If the error persists, examine the problem determination information to see if any information has been recorded.


I took the default port of 1414 so then checked to see whether it was running: -

netstat -aon | grep LISTENING | grep 1414

unix  2      [ ACC ]     STREAM     LISTENING     11460  /var/run/mcelog-client

In other words, nothing was listening on port 1414.

I did have a Channel defined: -

display CHANNEL(SYSTEM.DEF.SVRCONN)

AMQ8414: Display Channel details.
   CHANNEL(SYSTEM.DEF.SVRCONN)             CHLTYPE(SVRCONN)
   ALTDATE(2014-09-19)                     ALTTIME(11.21.38)
   CERTLABL( )                             COMPHDR(NONE)
   COMPMSG(NONE)                           DESCR( )
   DISCINT(0)                              HBINT(300)
   KAINT(AUTO)                             MAXINST(999999999)
   MAXINSTC(999999999)                     MAXMSGL(4194304)
   MCAUSER( )                              MONCHL(QMGR)
   RCVDATA( )                              RCVEXIT( )
   SCYDATA( )                              SCYEXIT( )
   SENDDATA( )                             SENDEXIT( )
   SHARECNV(10)                            SSLCAUTH(REQUIRED)
   SSLCIPH( )                              SSLPEER( )
   TRPTYPE(TCP)                         


which was running: -

display chstatus(*)

AMQ8417: Display Channel Status details.
   CHANNEL(SYSTEM.DEF.SVRCONN)             CHLTYPE(SVRCONN)
   CONNAME(192.168.8.100)                  CURRENT
   STATUS(RUNNING)                         SUBSTATE(RECEIVE)


and a default Listener: -

display    LISTENER(SYSTEM.DEFAULT.LISTENER.TCP)

AMQ8630: Display listener information details.
   LISTENER(SYSTEM.DEFAULT.LISTENER.TCP)   CONTROL(MANUAL)
   TRPTYPE(TCP)                            PORT(0)
   IPADDR( )                               BACKLOG(0)
   DESCR( )                                ALTDATE(2014-09-19)
   ALTTIME(11.21.38)                    


*BUT* the Listener was listening on .... port 0, which ain't ever gonna work :-)

Therefore, I needed to create a new Listener: -

DEFINE LISTENER(DAVEHAY) TRPTYPE(TCP) CONTROL(QMGR) PORT(1414)

AMQ8626: WebSphere MQ listener created.

and then start it: -

START LISTENER(DAVEHAY)

AMQ8021: Request to start WebSphere MQ listener accepted.

Again, I'm in like Flynn: -


which is nice.

Ain't it sweet ?







---------------------
http://portal2portal.blogspot.com/2014/09/ibm-integration-bus-fun-continues-mq.html
Sep 19, 2014
26 hits



Recent Blog Posts
55
IBM Installation Manager and the Not-Well-Formed Markup
Fri, Sep 22nd 2017 7:54p   Dave Hay
I saw this: -ERROR: Failed to read response file. ERROR: Problem in /mnt/installIIM186.rsp at line 5: The markup in the document following the root element must be well-formed.00:00.52 ERROR [main] com.ibm.cic.agent.core.application.HeadlessApplication run Failed to read response file. Problem in /mnt/installIIM186.rsp at line 5: The markup in the document following the root element must be well-formed.whilst trying to install IBM Installation Manager 1.8.7, using a response file: -/mnt/ins
62
IBM Business Process Manager 8.6
Fri, Sep 22nd 2017 11:35a   Dave Hay
As per my previous post: -Introducing IBM Business Process Manager 8.6 and there's moreIBM BPM 8.6 was released today, and I've started the download.This is what I'm pulling down as I type: -IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (3 of 3) (CNM6BML )IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (2 of 3) (CNM6AML )IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (1 of 3) (CNM69ML )More t
77
Kubernetes 1.7 available in IBM Bluemix Container Service
Wed, Sep 20th 2017 6:02p   Dave Hay
This arrived in my inbox today: -We're excited to announce that Kubernetes 1.7 is available for IBM Bluemix Container Service. You can now update your Kubernetes master and worker nodes to the latest supported version of Kubernetes by using either the Bluemix dashboard or the CLI.Kubernetes 1.7 available in IBM Bluemix Container ServiceThis is perfect timing for me, as: -(a) I'm reading and reviewing Kubernetes Microservices with Docker (b) I've been tinkering with DB2 and WebSphere Liberty P
66
Using openSSL on macOS to encrypt a file using a password
Wed, Sep 20th 2017 8:44a   Dave Hay
I had a requirement to share a file with a colleague, which I did using Box. However, I wanted to go one step further and encrypt the file BEFORE sharing.This is known, in some circles, as Pre-Internet Encryption (PIE), which is funny, because I like pie - fish pie, apple pie, mince pie, you name it :-)This is what I did: -Encrypt the fileopenssl enc -aes-256-cbc -in Patent.doc > Patent_enc.doc This example uses the AES-256-CBC cipher and requests a password, which is used, with the chosen bl
91
This time, it's about a freezer
Tue, Sep 19th 2017 2:14p   Dave Hay
So almost all of my blog posts are technical, and most involve some kind of IT and/or IBM product or service.,This time, whilst still technology, it's all about …. freezers.We recently took delivery of a Zanussi ZFT10210WA freezer, and hit a problem ….Specifically, it was a UI problem.More specifically, the UI didn't match the documentation.This is what the documentation has: -whereas the freezer looks more like this: -In other words, how can I set it to -16 degrees C when the Temperature
79
Kubernetes and IBM Bluemix - again with the #HoldingItWrong
Tue, Sep 19th 2017 1:27p   Dave Hay
So I saw this: -kubectl get nodesUnable to connect to the server: could not refresh token: unrecognized error {"errorCode":"BXNIM0408E","errorMessage":"Provided refresh token is expired","context":{"requestId":"4294322993","requestType":"incoming.Kube_Token","startTime":"19.09.2017 11:58:26:739 UTC","endTime":"19.09.2017 11:58:26:741 UTC","elapsedTime":"2","instanceId":"tokenservice_dal06/1","host":"localhost","threadId":"1955e0","clientIp":"146.90.21
57
Testing JDBC Data Sources using Jython
Mon, Sep 18th 2017 5:35p   Dave Hay
One of my colleagues asked me about this …In essence, did I have a Jython script that allows one to test JDBC data source …Here's one I prepared earlier: -testDataSource.jycellID = AdminControl.getCell()cell=AdminConfig.getid( '/Cell:'+cellID+'/')for dataSource in AdminConfig.list('DataSource',cell).splitlines(): print dataSource AdminControl.testConnection(dataSource)Notes: -- To support the FOR loop, there are indentations ( thanks Python, we love you ) in front of the last two line
45
Secure Identity Propagation Using WS-Trust, SAML2, and WS-Security
Mon, Sep 18th 2017 10:43a   Dave Hay
I'm reading this: -Secure Identity Propagation Using WS-Trust, SAML2, and WS-Security [PDF]in the context of Single Sign-on (SSO), via this: -SAML 2.0 VS. JWT: UNDERSTANDING FEDERATED IDENTITY AND SAML and: -The Anatomy of a JSON Web Token
32
New Technology Demonstration: BPM Analytics
Fri, Sep 15th 2017 10:12a   Dave Hay
This from my IBM colleague, Allan Chan: -…A new BPM Analytics technology demonstration is available to use with the latest IBM Business Process Manager. The latest version works with V8.5.7.0 CF201706 release at the end of June 2017. The original version worked with V8.5.7.0 CF201703 released on 31st March 2017....The key value of IBM Business Process Manager (BPM) is in streamlining custom enterprise business processes to better optimize service and cost. It does this namely through 1) custom
13
IBM Redbook - Developing Node.js Applications on IBM Bluemix
Mon, Sep 11th 2017 1:44p   Dave Hay
Developing Node.js Applications on IBM BluemixThis IBM® Redbooks® publication explains how to create various applications based on Node.js and run them on IBM Bluemix®. In this book, you will do the following activities: • Develop a Hello World application in Node.js, executing on IBM Bluemix. Through this activity, you can learn about these technologies: • IBM SDK for Node.js • Eclipse Orion Web IDE • Use asynchronous callback • Create an Express application • Build a rich u




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition