203 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
"com.ibm.bpm.config.util.ConfigException: Failed to import LTPA:" seen when attempting to move a BPM Deployment Environment from one host to another
Thu, Nov 23rd 2017 10
Interesting - java.lang.NoClassDefFoundError: com.ibm.xylem.utils.ErrorHandlerProvider
Wed, Nov 22nd 2017 35
IBM Cloud Private and Kubernetes - Coping files
Wed, Nov 22nd 2017 33
IBM Java and Health Centrer - There's More
Tue, Nov 21st 2017 44
IBM DB2, Red Hat Enterprise Linux and the IBM Mainframe
Thu, Nov 16th 2017 59
Telnet, my Telnet - Or macOS High Sierra, what have you done ?
Tue, Nov 14th 2017 37
Vagrant and VMware - all the Vs together - or not
Tue, Nov 14th 2017 27
Top 10
IBM DB2, Red Hat Enterprise Linux and the IBM Mainframe
Thu, Nov 16th 2017 59
IBM Java and Health Centrer - There's More
Tue, Nov 21st 2017 44
Hmmm, macOS Sierra and XQuartz and X11
Thu, Oct 27th 2016 43
Executing external Python/Jython scripts from within WebSphere Application Server's wsadmin tool
Thu, Feb 27th 2014 39
Transport Layer Security (TLS) 1.2 and SoapUI
Fri, Jun 12th 2015 38
Telnet, my Telnet - Or macOS High Sierra, what have you done ?
Tue, Nov 14th 2017 37
Interesting - java.lang.NoClassDefFoundError: com.ibm.xylem.utils.ErrorHandlerProvider
Wed, Nov 22nd 2017 35
IBM Cloud Private and Kubernetes - Coping files
Wed, Nov 22nd 2017 33
Oracle and Response File Locations
Mon, Jul 7th 2014 28
Securing the Database - IBM DB2 10.5 and Transport Layer Security 1.2
Wed, Jun 3rd 2015 27


IBM Integration Bus - The Fun Continues .... MQ reason code 2035 while trying to connect
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

So I now have IBM Integration Bus (IIB) 9.0.0.2 and the Toolkit running on my Red Hat Enterprise Linux VM, as per these most recent posts: -



I have the toolkit installed as user wasadmin because that's the user with which I installed a whole slew of other WebSphere products, using IBM Installation Manager.

Therefore, in order to use the Toolkit to create/administer an Integration Node ( fka Broker ), I need to ensure that the wasadmin user is setup to access IIB and WebSphere MQ (WMQ).

I did this by: -

(a) Adding the user into the appropriate Linux groups - this is what I now have: -

id wasadmin

uid=500(wasadmin) gid=505(mqm) groups=505(mqm),506(mqbrkrs)

id mqm

uid=505(mqm) gid=505(mqm) groups=505(mqm)

id wmbadmin

uid=506(wmbadmin) gid=506(mqbrkrs) groups=506(mqbrkrs),505(mqm)

In essence, I added the wasadmin user to the mqbrkrs group as follows: -

usermod -G mqm,mqbrkrs wasadmin

( as root )

(b) configuring the Bash environment for user wasadmin to use BOTH WMQ and IIB: -

cat /home/wasadmin/.bashrc

# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

# User specific aliases and functions
umask 022
set -o vi
alias hist='history | cut -c 8-'

. /opt/ibm/mqm/bin/setmqenv -s -k

source /opt/ibm/mqsi/9.0.0.2/bin/mqsiprofile


I have highlighted in bold the two lines added to achieve this.

Now I can log in as wasadmin and create an Integration Node ( aka Broker ), as follows: -

mqsicreatebroker DAVEHAY -q DAVEHAY

WebSphere MQ queue manager created.
Directory '/var/mqm/qmgrs/DAVEHAY' created.
The queue manager is associated with installation 'Installation2'.
Creating or replacing default objects for queue manager 'DAVEHAY'.
Default objects statistics : 79 created. 0 replaced. 0 failed.
Completing setup.
Setup completed.
WebSphere MQ queue manager 'DAVEHAY' starting.
The queue manager is associated with installation 'Installation2'.
5 log records accessed on queue manager 'DAVEHAY' during the log replay phase.
Log replay for queue manager 'DAVEHAY' complete.
Transaction manager state recovered for queue manager 'DAVEHAY'.
WebSphere MQ queue manager 'DAVEHAY' started using V8.0.0.0.
BIP8071I: Successful command completion. 


mqsistart DAVEHAY

BIP8096I: Successful command initiation, check the system log to ensure that the component started without problem and that it continues to run without problem. 

mqsilist

BIP1285I: Broker 'DAVEHAY' on queue manager 'DAVEHAY' is stopped. 
BIP8071I: Successful command completion.


dspmq

QMNAME(QM_MDB)                                            STATUS(Running)
QMNAME(DAVEHAY)                                           STATUS(Running)

I can then start the Toolkit: -

~/IBM/IntegrationToolkit90/launcher

One small glitch - I see this within the Toolkit when I attempt to connect to the Integration Node: -


The user 'wasadmin' is not authorized to connect to queue manager 'DAVEHAY' (MQ reason code 2035 while trying to connect) 

Happily the solution is relatively simple :-)

I looked at the logs: -

cd /var/mqm/qmgrs/DAVEHAY/errors
cat AMQERR01.LOG

wherein I could see: -

AMQ5534: User ID 'wasadmin' authentication failed

EXPLANATION:

The user ID and password supplied by 'javaw' could not be authenticated.

ACTION:

Ensure that the correct user ID and password are provided by the application. Ensure that the authentication repository is correctly configured. Look at previous error messages for any additional information.

AMQ5542: The failed authentication check was caused by the queue manager CONNAUTH CHCKLOCL(OPTIONAL) configuration.

EXPLANATION:

The user ID 'wasadmin' and its password were checked because the queue manager connection authority (CONNAUTH) configuration refers to an authentication information (AUTHINFO) object named 'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with CHCKLOCL(OPTIONAL).

This message accompanies a previous error to clarify the reason for the user ID and password check.

ACTION:
Refer to the previous error for more information.

Ensure that a password is specified by the client application and that the password is correct for the user ID. The authentication configuration of the queue manager connection determines the user ID repository. For example, the local operating system user database or an LDAP server.

If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by not passing a user ID across the channel. For example, by omitting the MQCSP structure from the client MQCONNX API call.

To avoid the authentication check, you can amend the authentication configuration of the queue manager connection, but you should generally not allow unauthenticated remote access.

After some digging, I think that the problem is that the Toolkit is attempting to connect to the DAVEHAY Queue Manager, and is not sending the correct authentication string e.g. user ID *AND* password.

Looking at the Queue Manager in more detail: -

runmqsc DAVEHAY

5724-H72 (C) Copyright IBM Corp. 1994, 2014.
Starting MQSC for queue manager DAVEHAY.

display qmgr connauth

AMQ8408: Display Queue Manager details.
   QMNAME(DAVEHAY)                      
   CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)

display AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)

AMQ8566: Display authentication information details.
   AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
   AUTHTYPE(IDPWOS)                        ADOPTCTX(NO)
   DESCR( )                                CHCKCLNT(REQDADM)
   CHCKLOCL(OPTIONAL)                      FAILDLAY(1)
   ALTDATE(2014-09-19)                     ALTTIME(11.21.38)

My reading of this is: -

(a) the Toolkit is sending a user ID ( wasadmin ) but NOT sending a password
(b) the Queue Manager expects BOTH a user ID and a password

Interestingly, the Toolkit, leastways on Linux, doesn't give one the opportunity to specific connection credentials :-)

Therefore, the Toolkit, whilst running as wasadmin, is trying to connect to the Queue Manager as that user wit NO password :-)

Ironically, I'm making a LOCAL connection as both the Toolkit AND the Queue Manager are running on the same OS.

After much faffing about, I found this excellent deck from my IBM Hursley colleague, Morag Hughson: -


which led me to this solution: -

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(REQDADM) CHCKLOCL(NONE)    
REFRESH SECURITY TYPE(CONNAUTH)


which, as far as I can establish, means that MQ will require a valid set of credentials for client connections, via CHCKCLNT(REQDADM), but not for local connections, via CHCKLOCL(NONE).

To verify this hypothesis, I switched back to the old state: -

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(REQDADM) CHCKLOCL(OPTIONAL)    
REFRESH SECURITY TYPE(CONNAUTH)

and my old friend: -

The user 'wasadmin' is not authorized to connect to queue manager 'DAVEHAY' (MQ reason code 2035 while trying to connect) 

popped up.

I reverted back to CHCKLOCL(NONE) and I'm now in like Flynn: -


On a related note, I had a similar, but different problem with WMQ Explorer ( running as another user - wmbadmin ): -

/opt/ibm/WebSphere_MQ_Explorer/MQExplorer

With this, I was attempting to make a remote connection to the same Queue Manager: -

Host name or IP address bam8012.uk.ibm.com
Port number 1414
Server-connection channel SYSTEM.DEF.SVRCONN

Unlike the IIB Toolkit, this DOES allow me to enter credentials.

However, Explorer failed to connect with: -

Could not establish a connection to the queue manager - reason 2538. (AMQ4059)
  Could not establish a connection to the queue manager - reason 2538. (AMQ4059)
  Severity: 10 (Warning)
  Explanation: The attempt to connect to the queue manager failed. This could be because the queue manager is incorrectly configured to allow a connection from this system, or the connection has been broken.
  Response: Try the operation again. If the error persists, examine the problem determination information to see if any information has been recorded.


I took the default port of 1414 so then checked to see whether it was running: -

netstat -aon | grep LISTENING | grep 1414

unix  2      [ ACC ]     STREAM     LISTENING     11460  /var/run/mcelog-client

In other words, nothing was listening on port 1414.

I did have a Channel defined: -

display CHANNEL(SYSTEM.DEF.SVRCONN)

AMQ8414: Display Channel details.
   CHANNEL(SYSTEM.DEF.SVRCONN)             CHLTYPE(SVRCONN)
   ALTDATE(2014-09-19)                     ALTTIME(11.21.38)
   CERTLABL( )                             COMPHDR(NONE)
   COMPMSG(NONE)                           DESCR( )
   DISCINT(0)                              HBINT(300)
   KAINT(AUTO)                             MAXINST(999999999)
   MAXINSTC(999999999)                     MAXMSGL(4194304)
   MCAUSER( )                              MONCHL(QMGR)
   RCVDATA( )                              RCVEXIT( )
   SCYDATA( )                              SCYEXIT( )
   SENDDATA( )                             SENDEXIT( )
   SHARECNV(10)                            SSLCAUTH(REQUIRED)
   SSLCIPH( )                              SSLPEER( )
   TRPTYPE(TCP)                         


which was running: -

display chstatus(*)

AMQ8417: Display Channel Status details.
   CHANNEL(SYSTEM.DEF.SVRCONN)             CHLTYPE(SVRCONN)
   CONNAME(192.168.8.100)                  CURRENT
   STATUS(RUNNING)                         SUBSTATE(RECEIVE)


and a default Listener: -

display    LISTENER(SYSTEM.DEFAULT.LISTENER.TCP)

AMQ8630: Display listener information details.
   LISTENER(SYSTEM.DEFAULT.LISTENER.TCP)   CONTROL(MANUAL)
   TRPTYPE(TCP)                            PORT(0)
   IPADDR( )                               BACKLOG(0)
   DESCR( )                                ALTDATE(2014-09-19)
   ALTTIME(11.21.38)                    


*BUT* the Listener was listening on .... port 0, which ain't ever gonna work :-)

Therefore, I needed to create a new Listener: -

DEFINE LISTENER(DAVEHAY) TRPTYPE(TCP) CONTROL(QMGR) PORT(1414)

AMQ8626: WebSphere MQ listener created.

and then start it: -

START LISTENER(DAVEHAY)

AMQ8021: Request to start WebSphere MQ listener accepted.

Again, I'm in like Flynn: -


which is nice.

Ain't it sweet ?







---------------------
http://portal2portal.blogspot.com/2014/09/ibm-integration-bus-fun-continues-mq.html
Sep 19, 2014
14 hits



Recent Blog Posts
10
"com.ibm.bpm.config.util.ConfigException: Failed to import LTPA:" seen when attempting to move a BPM Deployment Environment from one host to another
Thu, Nov 23rd 2017 1:30p   Dave Hay
I saw this exception: -[23/11/17 11:57:38:222 GMT] 00000001 BPMConfig E com.ibm.bpm.config.BPMConfig main Failed to import LTPA: com.ibm.bpm.config.util.ConfigException: Failed to import LTPA: at com.ibm.bpm.config.util.ws.update.UpdateLTPAKeys.importLTPA(UpdateLTPAKeys.java:170) at com.ibm.bpm.config.util.ws.update.UpdateLTPAKeys.updateSecurityParameters(UpdateLTPAKeys.java:73) at com.ibm.bpm.config.util.ws.update.ConfigPostUpdater.postUp
35
Interesting - java.lang.NoClassDefFoundError: com.ibm.xylem.utils.ErrorHandlerProvider
Wed, Nov 22nd 2017 9:56p   Dave Hay
During an installation of IBM BPM Advanced 8.5.5 onto Red Hat Enterprise Linux 7.4 ( which, I know, is an unsupported combination ), I had an interesting experience.This was the installation command: -/opt/ibm/InstallationManager/eclipse/tools/imcl -input /mnt/ResponseFiles/installBPM855.rsp -acceptLicenseand this was the result: -ERROR: java.lang.NoClassDefFoundError: com.ibm.xylem.utils.ErrorHandlerProviderjava.lang.NoClassDefFoundError: com.ibm.xylem.utils.ErrorHandlerProvidercom.ibm.oti.vm.V
33
IBM Cloud Private and Kubernetes - Coping files
Wed, Nov 22nd 2017 2:59p   Dave Hay
Whilst I have used docker cp numerous times to copy files from a running container to the host ( or vice versa ), I had the need to do the same with a container running in a Pod orchestrated by Kubernetes.The syntax for Docker is: -docker cp :/from-path /to-pathe.g.docker cp 97ee4c182ece:/opt/ibm/db2/V11.1/java/db2jcc4.jar .For containers running in Pods via Kubernetes, it's a little different.The first trick is to inspect the Pod: -kubectl get podNAME RE
44
IBM Java and Health Centrer - There's More
Tue, Nov 21st 2017 5:23p   Dave Hay
Following an earlier post: -IBM WebSphere Application Server - Tuning and Monitoring and Tuning - IBM Health CenterI've been guiding a colleague in the use of HC, outside of WebSphere Application Server (WAS).This time I wanted to show how HC could be used to monitor a Plain Ole Java Object (POJO), specifically a Java class.Here's one I prepared earlier: -HelloWorld.javapublic class HelloWorld{ public static void main(String[] args) { while (true) { System.out.println("Hello, World");
59
IBM DB2, Red Hat Enterprise Linux and the IBM Mainframe
Thu, Nov 16th 2017 5:54p   Dave Hay
I'm running through the process to deploy IBM Business Process Manager (BPM) 8.6 onto an IBM mainframe ….This is something that I've done a number of times before, since I first joined the (then) IBM Software Services for WebSphere team in late 2012.In essence, although the underlying hardware is the IBM z platform ( also known as LinuxOne in this guise ), I'm installing BPM etc. onto Red Hat Enterprise Linux (RHEL) and Linux is …. Linux.So the approach to install BPM, and it's dependenc
37
Telnet, my Telnet - Or macOS High Sierra, what have you done ?
Tue, Nov 14th 2017 2:04p   Dave Hay
This harks back to a VERY old post: -Testing Times with Telnetwhich was penned back in 2010.Since I've upgraded to macOS High Sierra, I've lost the FTP and Telnet clients.Ordinarily that wouldn't be a problem but ….Telnet is often useful for testing ports e.g. telnet localhost 9443.Thankfully, we have a solution …. Netcat.Q: Checking TCP/UDP ports!nc -vnzu 127.0.0.1 9080found 0 associationsfound 1 connections: 1: flags=82 outif (null) src 127.0.0.1 port 59595 dst 127.0.0.1 port 9080 r
27
Vagrant and VMware - all the Vs together - or not
Tue, Nov 14th 2017 12:49p   Dave Hay
Further to my last: -IBM Cloud Private - Tinkering with VagrantI'm now looking at the options to use VMware Workstation ( this is on Linux, rather than my default home of macOS ) instead of VirtualBox.Following this: -https://www.vagrantup.com/docs/vmware/installation.htmlI've installed the appropriate plugin: -vagrant plugin install vagrant-vmware-workstationInstalling the 'vagrant-vmware-workstation' plugin. This can take a few minutes...Fetching: vagrant-share-1.1.9.gem (100%)Fetching: va
27
IBM Cloud Private - Tinkering with Vagrant
Mon, Nov 13th 2017 3:11p   Dave Hay
So I've been on a slow boat to IBM Cloud Private, over the past few weeks, and am continuing to self-enable in my "spare" time ( my formal enablement starts next week ). Looking at this: -Source: IBM Cloud Private 2.1.0 - Architectureit was clear that I really needed a few boxes onto which to actually install ICP.Whilst it is possible to run everything on one box ( as per this IBM Cloud Private - My first foray ), I thought that I really should do things properly.So, starting with Beast, whic
11
Cloud Foundry and Ruby on IBM Bluemix - Learning, learning, learning - keep those lessons learning
Thu, Nov 9th 2017 7:06p   Dave Hay
Following a previous post: -Hmmm, Segmentation Fault 11 with Cloud FoundryI'm running through this: -LFS132x Introduction to Cloud Foundry and Cloud Native Software Architectureand was hitting an issue with the version of Ruby specified within some of the lesson material.This is what I saw: -cf pushUsing manifest file /Users/davidhay/Downloads/LFS132x/Scaling/web_app/manifest.ymlCreating app web-app in org david_hay@uk.ibm.com / space david_hay as david_hay@uk.ibm.com...OKCreating route web-app
8
Hmmm, Segmentation Fault 11 with Cloud Foundry
Thu, Nov 9th 2017 5:15p   Dave Hay
Whilst following this online course: -LFS132x Introduction to Cloud Foundry and Cloud Native Software ArchitectureI was tinkering ( man, I love that word ) with Cloud Foundry ( CF ).Now it's been a while and I've been through a macOS upgrade from Sierra to High Sierra ( wonder if there's a clue there ? ).So this time around, I'm seeing "Segmentation Fault: 11" : -cf versionSegmentation fault: 11cf loginSegmentation fault: 11which cf/usr/local/bin/cfls -al `which cf`-rwxr-xr-x 1 root whee




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition