Geek Answers Handbook

MQ Security - Getting 2035 in One Queue

I have an application that is trying to send a message to a queue (LOG.TRANSACTION.IN) in a remote queue manager. The message fails since 2035 and is placed in DLQ in the local queue manager. In the local queue manager (QMLOCAL), the application places the message directly in SCTQ because there is no definition of a remote queue. The application runs under an identifier that has full access to MQ. I know this is not ideal, but this is for another discussion. We have mcauser on the clusrcvr channel at the remote end (QMREMOTE), which was granted access to the local queue. I thought I had security, but it seems like it is not. Here is the security information

QMLOCAL:

Entity application_id has the following authorizations for object SYSTEM.CLUSTER.TRANSMIT.QUEUE: get browse put inq set crt dlt chg dsp passid passall setid setall clr

QMREMOTE:

 Entity MY_MCAUSER has the following authorizations for object LOG.TRANSACTION.IN: put crt setall

Any help on this would be greatly appreciated.

+4
source share
3 answers

There are several possibilities here. Since the message ends in DLQ, then we know that the problem is on the remote side. If your app generated 2035, a message will never be posted.

This means that MCAUSER in the CLUSRCVR channel is a problem. For it to work, it must have the following (suppose MY_MCAUSER is in the mqmmca group):

setmqaut -m QMREMOTE -g mqmmca -t qmgr -all +connect +inq +setall
setmqaut -m QMREMOTE -g mqmmca -n 'LOG.TRANSACTION.IN' -t queue -all +put +setall

setmqaut -m QMREMOTE -g mqmmca -n 'SYSTEM.CLUSTER.COMMAND.QUEUE' -t queue -all +put +setall to your 2035, the channel also needs setmqaut -m QMREMOTE -g mqmmca -n 'SYSTEM.CLUSTER.COMMAND.QUEUE' -t queue -all +put +setall
just to work in a cluster. Depending on your version, the MCAUSER channel may also require access to SYSTEM.CHANNEL.SYNCQ (v7 options).

An easy way to say for sure is to allow authorization events.
ALTER QMGR AUTHOREV(ENABLED)

Authorization events inform you that the crash, the crash of the object (QMgr, queue, etc.), the API call and the parameters used.

Then install SupportPac MS0P in WMQ Explorer. This will cause the binary PCF event messages to be formatted in a readable form, and it will be really obvious what the problem is.

In this case, it is likely that either a) MCAUSER is missing + setall on QMgr, or b) it is v7, and MCAUSER does not have appropriate SCSQ permission, as indicated above.

+2
source

I took a small photo. Hope this makes it a little easier.

http://imgur.com/92NJm.jpg

0
source

You can also solve this problem. By installing mcauser ('mqm'), I was able to overcome error 2035.

 Define channel (channel1) chltype (svrconn) trptype (tcp) mcauser('mqm')

Esp thanx to my Bilal Ahmad (PSE)

0
source

More articles:


All Articles