×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

MQ Series V9 - MQCONNX ended with reason code 2035 with new user

MQ Series V9 - MQCONNX ended with reason code 2035 with new user

MQ Series V9 - MQCONNX ended with reason code 2035 with new user

(OP)
Hi,

i'm struggling with using a new userid in a windows 10 pro environment. And i hope you can help me with my problem.
I know there are a lot of thread with the same error, but i couldn't find my solution.

I have a 'MQ-Series' group with the name mqclient. In this group i will connect all the users which should work with the new queue manager and objects.

Lets define some Names:
windows group: mqclient
windows root-user: proroot (that is the Windows-Admin and Installer of MQ)
windows normal user1: app
windows normal user2: mquser
other/more users will be necessary

As 'proroot' i had made the following definitions in MQ:

crtmqm QM1
strmqm QM1

STOP LISTENER('SYSTEM.DEFAULT.LISTENER.TCP') IGNSTATE(YES)

DEFINE QLOCAL('DEV.QUEUE.1') REPLACE
DEFINE QLOCAL('DEV.QUEUE.2') REPLACE
DEFINE QLOCAL('DEV.QUEUE.3') REPLACE
DEFINE QLOCAL('DEV.DEAD.LETTER.QUEUE') REPLACE

ALTER QMGR DEADQ('DEV.DEAD.LETTER.QUEUE')

DEFINE TOPIC('DEV.BASE.TOPIC') TOPICSTR('dev/') REPLACE

DEFINE AUTHINFO('DEV.AUTHINFO') AUTHTYPE(IDPWOS) CHCKCLNT(REQDADM) CHCKLOCL(OPTIONAL) ADOPTCTX(YES) REPLACE

ALTER QMGR CONNAUTH('DEV.AUTHINFO')

REFRESH SECURITY(*) TYPE(CONNAUTH)

DEFINE CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) REPLACE
DEFINE CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) MCAUSER('app') REPLACE

SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('Back-stop rule - Blocks everyone') ACTION(REPLACE)
SET CHLAUTH('DEV.APP.SVRCONN') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(REQUIRED) DESCR('Allows connection via APP channel') ACTION(REPLACE)
SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allows admins on ADMIN channel') ACTION(REPLACE)
SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(USERMAP) CLNTUSER('admin') USERSRC(CHANNEL) DESCR('Allows admin user to connect via ADMIN channel') ACTION(REPLACE)

DEFINE LISTENER('DEV.LISTENER.TCP') TRPTYPE(TCP) PORT(1414) CONTROL(QMGR) REPLACE

START LISTENER('DEV.LISTENER.TCP') IGNSTATE(YES)

setmqaut -m QM1 -t qmgr -g mqclient +connect +inq
setmqaut -m QM1 -n DEV.** -t queue -g mqclient +put +get +browse +inq

Everything is local on windows.

In DOS-Box i can now:

set MQSERVER=DEV.APP.SVRCONN/TCP/localhost(1414)
set MQSAMP_USER_ID=app

amqsputc DEV.QUEUE.1 QM1
==> THIS WORKS FINE!!! and i can append messages.

But when i set in the same DOS-Box
set MQSAMP_USER_ID=mquser
amqsputc DEV.QUEUE.1 QM1

i entered the password, i received 'MQCONNX ended with reason code 2035'.

In my opinion the advantage of windows-groups will be to grant one group and to
connect many users in this group without thinking twice of rights in MQ.

But this doesn't work.

How can i solve this Problem. Hope you can help me.

Thanks alot.

OlliP


==> SOLUTION: i've read the hole day and found the solution for that problem....

If someone changes a user or a group in windows, then you can only work with the changed rights after logging on to Windows again.

A restart from the queue manager and / or MQ Explorer is not sufficient. A new DOS box is not enough!

It's very simple, but you don't think it works. But it's just Windows.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close