I am accessing an MQ8 server using HermesJms.
The latter has the following configuration:
However, when I am trying to "Discover" via the relevant option provided by Hermes, I get an 2035
with the following message appearing on the queue manager error logs:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
EXPLANATION:
The call to initialize the User ID 'pkaramol' failed with CompCode 2 and Reason
2035.
Note that pkaramol
is my local OS user I am logged in as, in the linux machine running Hermes.
Questions:
1) Why I get the following error despite the fact that I have disabled both CHLAUTH
and CONNAUTH
:
ALTER QMGR CHLAUTH(DISABLED) CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
2) Why is the server perceiving pkaramol
as the user trying to access the queue manager, although I am explicitly providing mquser
in both ClientID
and user
fields of HermesJMS?
I cannot find much documentation on HermesJMS, but through some trial and error I found out that it does not honor the User
and Password
settings if you click Discover, it will always send the user you are logged in as to the queue manager, this is why you do not see the user mquser
. Because you are running it as the user pkaramol
which does not exist on the server where your queue manager is running you receive the following error:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
I also found that to perform the discover it opens a temporary dynamic queue using the model queue SYSTEM.DEFAULT.MODEL.QUEUE
and puts PCF messages to the SYSTEM.ADMIN.COMMAND.QUEUE
. In addition for it to discover any queue details you must have at minimum +inq
and +dsp
on the queues.
In your comment you stated you added the user pkaramol
to the server and put it in the mqm
group. While this is a quick way to get this to work, it does provide that user full MQ Admin access. You could provide your actual user with the following permissions and still be able to Discover all of the objects on the queue manager. Please replace the word group
below with a group your user is a member of on the server:
setmqaut -m DMSQM -t qmgr -g group +connect +inq +dsp
setmqaut -m DMSQM -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -g group +inq +put +dsp
setmqaut -m DMSQM -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -g group +get +dsp
setmqaut -m DMSQM -n '**' -t queue -g group +inq +dsp
I also noted that once you have queues populated either through Discover or manually adding them, it will use the User that you specified.
Note that with CHLAUTH
and CONNAUTH
disabled the queue manager is taking whatever user is presented and using it. You could leave CONNAUTH
enabled and specify a valid user and password and MQ would authenticate it.
Another option since Discover does not honor the User setting would be to set a MCAUSER
on the SVRCONN channel of mquser
.
You need to give the UserId 'pkaramol' permission to access the queue manager and the queues via the setmqaut command.