Why doesn't it restart ? Are there any Events posted ? May be a user login/domain issue.
Bender, Alan [EMAIL PROTECTED]
Bender, Alan [EMAIL PROTECTED]
Sent by: MQSeries List [EMAIL PROTECTED]
11/23/2004 02:39 PM
Please respond to MQSeries List
To: [EMAIL
You should check with IBM, however... The technique will work, but if an
object is broken, then it will likely be broken forever. Also, there's no
guarantee the queue file will accurately reflect the state of the queue.
That is, there may be messages that would have been backed out and synced
Issue a clear queue command on the empty queue, but the queue cannot be
opened elsewhere.
Jeff A Tressler
[EMAIL PROTECTED]To:
[EMAIL PROTECTED]
cc:
Sent by:
Try it your self and see.
Potkay, Peter M
(ISD, IT) To:
[EMAIL PROTECTED]
[EMAIL PROTECTED]cc:
RTFORD.COMSubject: Re: 'q' file resize
It gives no warning. Usually, the Certificate Authority would publish a
list of certs that are due to expire. The CA should give at least on
months notice.
Ward, Mike S
[EMAIL PROTECTED]To:
[EMAIL PROTECTED]
no, you need to create a separate group for the mquser userid. whenever
you grant authority to an individual user, all members in the same group
get that same authority. And, yes any member of the mqm group gets the
full authority of the mqm group...
Driscoll Tom -
I apologize for sending this to you all. It was not my intention to do so.
However, you now have a pretty good Security Exit that works on 3
platforms, and addresses SSL concerns as well.
By the by, this IS a security exit, and it documented in a separate DESIGN
document (I won't trouble you
you can try setting the MAXINITIATOR qm.ini to zero... I think that is
what that parameter is for...
|-+
| | Lawrence Coombs |
| | [EMAIL PROTECTED]|
| | M |
| | Sent
That's not documented it is ?
Also, then what would be the effect of setting MAXINITIATORS=0 ?
Paul Clarke
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
IBM.COM cc:
Sent by:
we love long stories...
|-+
| | Lawrence Coombs |
| | [EMAIL PROTECTED]|
| | M |
| | Sent by: MQSeries|
| | List |
| |
#include cmqc.h
#include cmqxc.h
Rick Tsujimoto
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
.CANON.COMcc:
Sent by: MQSeries List Subject: need help finding
As I recall there's nothing really to do expect install the new software.
mq will migrate the data. However, there's no going back ! if you want to
go back to 5.2 for some reason, you will need to copy the /var/mqm
directory structure as backup before you install 5.3.
Paul... you have already mentioned this, but is the support pack
Supported ??
By the by, I've been using the new beta of MO71 .. thus far no problems.
thanks !
Paul Clarke
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
Does anyone know where the IKEYMAN fix pack would be for AIX ? Can't seem
to find it anymore...
Thanks !
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official
Although I've not done this for a queue manager, on other apps, I export
the registry entry, and import them when restoring...(using regedit).
Robert Broderick
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
OTMAIL.COM
With 5.3 the MQOPEN overhead is dramatically reduced for reopens (see
performance reports). What is still very costly is MQCONNs when a new
connection is being established. If you are using SSL, multiply by 10 or
100.
Potkay, Peter M
(ISD, IT)
Well I know we run ms03, and our own program to backup the OAM, every
week or whenever a config change occurs. We don't have to many intel
qmgrs, but there are a few. While your thinking about this don't forget
about SSL Certs. On intel, you can't just copy the sto files, you need to
keep a
Paul, Yes. Please send the beta to me. Thanks ! Phil
Paul Clarke
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
IBM.COM cc:
Sent by: MQSeriesSubject: MO71 Version 5.3.4
http://www-1.ibm.com/support/docview.wss?rs=203q1=mA1Juid=swg24000673loc=en_UScs=utf-8lang=en
|-+
| | Karla Kirkpatrick|
| | [EMAIL PROTECTED]|
| | COM |
| | Sent by:
This parameter was designed for use by QM to QM connections, not MQClient.
The Admin Guides states, as you've said, the channel types supported.
Also, take note that the manual states it works for amqcrsta there's no
mention about runmqlsr
Wyatt, T Rob
As long as we're talking basics has anyone implemented a C Channel
Security Exit on VMS ? Any gotya's ? I've written a security exit that
runs on Win2K, Sun, AIX, and z/OS, but now someone wants to run it on VMS.
As I understand it, VMS is back level to MQ 5.0 (or 5.1). Beside that
There used to be a support pack for OS/2 that did file transfer. Don't
know if it supplied the source code but take a look. Also, WMQI has file
transfer nodes you can utilize.
[EMAIL PROTECTED]
.AU To: [EMAIL PROTECTED]
Good Luck Bill ! Have fun volunteer !
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other
Pavel,
We do this type of work in a message exit...
Pavel Tolkachev
pavel.tolkachev@To: [EMAIL PROTECTED]
DB.COM cc:
Sent by: MQSeriesSubject: Changing MQXQH on
Candle's PQEdit (Pathways now). can edit the xmit header...
Roger Lacroix
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
ALWARE.BIZ cc:
Sent by: MQSeries Subject: Re:
Gina,
Sounds like the channel is Indoubt. Resolve the channel with the
BACKOUT option. Then see if you can clear the queue. If this works i
think you will need to reset the sequence number before starting the
channel back up.
Gina McCarthy
Me too. I eventually killed any processes beginning with amq or runmq,
then the installed worked OK. I first, stopped the mq services.
Rick Tsujimoto
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
.CANON.COM
All,
Does anyone know if it's necessary to have a unique key ring for each queue
manager on z/OS ? On the distributed side, it is necessary. From my
reading in WMQ Security (z/OS), I think you use the same key ring for all
queue managers, but I'm not 100% sure about this.
Any help is
Roger,
The api crossing exit which comes with WMQ addresses most of your concerns.
Have you looked at it ?
Bullock, Rebecca
(CSC) To: [EMAIL PROTECTED]
[EMAIL PROTECTED]cc:
you can get makecert from Microsoft
Ward, Mike S
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
Sent by: MQSeriescc:
List Subject: MQ Security Certificates
YES.
Philip DiStefano
(Embedded image moved to file: pic24484.gif) (Embedded image moved to
file: pic08281.gif) (Embedded image moved to file: pic04734.gif)
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase
Tim,
Thank for replying.
We have our own IP blocking Security exit, but it's never been compiled or
used on VAX. I think it's the only way available using MQ technology.
Do you know of any VAX based technology we can use to strengthen the
security ?
Phil
Tim
Tim,
Yes, of course. How could I forget. We developed such a pair some time
ago when using the Entrust PKI to perform authentication. I wonder if
Entrust is available on VAX ? I'll check it out and report back to all.
Thanks Again,
Phil
Tim Armstrong
Has anyone addressed or could advise on the MQ Security issues when using
VAX ?
As I understand it, only MQ V2.2.1 is available on VAX which rules out
using SSL or even MQSecure. The only thing I can think of is to use an IP
validation security exit, but that's a bit weak.
Any advise is
It's a big topic. Look at the Security Guide
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other
Rao,
I have one more point to add to Paul's. If you do NOT specify the CONNAME
on the SERVER channel, there's no MQ mechanism to automatically start the
Requester channel to induce the SERVER channel. Therefore, you will need
to devise your own method to keep the channel running.
Phil
Gary,
you could disable their ability to change the registry by using the
gpedit.msc tool.
- Admin Templates
- System (right click)
change Disable registry editing tools to
Enabled.
However, if they know about this tool, they could always undo...
make sure there are no runmq... processes too.
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other
Dave,
Dinosaurs never die, they just go underground.
So what's your next ride ?
Good Luck from kindred spirt,
Phil
Dave Adam
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
RVALU.COM cc:
John,
Please check this out. It contains a nice security exit but it does not
deal will SSL. You need to add a few things.
http://www.mrmq.dk/index.htm?page1.htm
#ifdef MQCD_VERSION_7 /* verifies you are running on WMQ 5.3 */
/* is the channel using SSL ? */
if
well, if all of your authorized clients have access to all queues, there's
no problem. But if this is not the case, then using the facilities of the
OAM are in order. The Security Exit should (could) set the MCAUSER field
corresponding to the clients authority (as per OAM settings).
John,
If you set the SSLPEER parameter to the specific remote Distinguished Name,
then you could simply set the MCAUSER to the correct identity to limit
access. This would take advantage of OAM, thereby providing Access
Authority. If the incoming DN does not match the one coded in the SSLPEER,
I'd love to, but unfortunately it is the property of JPMorgan Chase Co.
However, if you can find a shell for a Security Exit, I would be willing to
provide some feed back as to WHAT you would have to keep in mind when
developing the code.
John Melden
Ben,
Yes, I've gotten it to work. In fact, it's worked since 1996. What kind
of problem are you having ? do you check off the MVS box ?
The queue is SYSTEM.COMMAND.INPUT (normally), not SYSTEM.ADMIN.COMMAND.
This communication is for informational purposes only. It is not
Ben,
MO71, will tell you the reason code. If it's 2035, then perhaps RACF is
the issue you cannot connect.
Benjamin F.
ZhouTo: [EMAIL PROTECTED]
[EMAIL PROTECTED]cc:
I remember seeing the 65540 reason code when message were put to the DLQ by
MQSI. So, are you using MQSI ?
David Awerbuch
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
AHOO.COMcc:
Does anyone know what this program is for ? it seems to be associated
with the MCA.
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction.
how is this different the amqcrsta ?(if using inetd). I seem to have both
of these.
Bright, Frank
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
HEALTH.COMcc:
Sent by: MQSeries
I could not find any doc on this. Where have you read about it ?
Potkay, Peter M
(PLC, IT) To: [EMAIL PROTECTED]
[EMAIL PROTECTED]cc:
RTFORD.COMSubject: Re:
Excellent. Thank you.
Wyatt, T. Rob
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
MERICA.COM cc:
Sent by: MQSeries Subject: Re: amqrmppa ??
List
You can use support pack MO71 to do all but change individual messages.
The only drawback I'm aware of is that it does not provide a means to audit
its activity. However, that's easily corrected. Of course, it is a
support pack, so you could not get emergencies resolved in a timely manner.
I've
you can put a qmgr inside the fire wall, but then the messages will be put
to disk in the DMZ.
Bill Anderson
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
TA.AERO cc:
Sent by:
Mr. Sphere,
If it's not a problem for the channel to always be running, then fine.
However, knowing the behavior of the application, I would disconnect it
after 5 minutes of inactivity, then have the chin start it once messages
arrive. By the by, are the messages very large ? That is, how long
MaxChannel default is 100. I don't see a problem with leaving it up and
running, but I would advise you let it stop during periods of inactivity.
I'm just frugal.
Web Sphere
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
That would be funny... understandable, but funny..
Wyatt, T. Rob
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
MERICA.COM cc:
Sent by: MQSeries Subject: Re: Channel Exits
I know there's an api crossing exit for CICS on z/OS, and one available on
the distributed platforms, but does IBM plan on having an API Crossing exit
similar to that on the distributed environment available on z/OS ?
Any comments ... Interest ... ? what does IBM have to say ?
thanks,
PHIL
are you referring to amqoamd ?
Robert Broderick
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
OTMAIL.COM cc:
Sent by: MQSeries Subject: Re: How to back up
authorites on
Bob,
I too have done the same, journaling a best practices for MQ. You have to
be careful to review it each time a new release comes out. Often the
lessons we've learned are not documented and can change without any notice.
Phil
This communication is for informational purposes only. It is
See AdoptNewMCA parameter for qm.ini (System Admin Guide)
Bob Kasischke
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
SFARGO.COM cc:
Sent by: MQSeries List Subject:
Yes there is. The SSLPEER parameter is set to the remote Distinguished
Name. But you must wait to the INIT-SEC phase..
Tom Fox
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
.COMcc:
Just a side question, but would you need to start one CHIN for every Port
you want a queue manager to service ?
Dave Adam
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
RVALU.COM cc:
should be endmqtrc. but check out the parameters. you may need to do the
endmqtrc cmd twice once more with the -e parameter..
Sony Varghese
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
ILEVER.COM cc:
Bill
Thanks. I did find that, but it has to be updated to handle 5.3
parameters. There are two PERL scripts. The first transforms a channel
table to an INI style file, and the second does the reverse. It seems OK
so we're taking a look at it to see if we can change it to handle the 5.3
All,
We have had some interest in using the channel table, but without a proper
maintenance tool, it is quite cumbersome. Using the queue manager to do
this is awkward at best. Several years ago, I recall there was a firm
which that said it had such a tool. Is anyone aware of a similar tool
Use MO71...
Christopher Fryett
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
FOMAHA.COM cc:
Sent by: MQSeriesSubject: Re: Message Browse Tool
All...
Try lowering the heartbeat interval from the 300 default to 30 seconds then
change the queue manager configuration by adding the AdoptNewMCA=ALL
AdoptNewMCACheck=ALL. Check the System Admin guide for details...
Phil
Scott Gray
[EMAIL
You don't have to use the MQSSLKEYR if you use MQCONNX and specify the key
file within the params.
Wmq Techie
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
T.NET cc:
Sent by:
Yes a single store can have multiple certificates, but only one can be
specified as THE personal certificate for that store. If all you want is to
verify the incoming certificates, then you should be installing a DER type
not a PKCS12 type certificate for the remote entities.
Well, I've never used the -expire parameter, but all the other parms are
OK. Since you're creating the kdb, make sure it does not exist prior to
executing the command. Also, all the path info is valid.
Bryan,
I'm coming in on this thread a bit late, so if I'm being redundant, accept
my apologies.
Checking the Channel status using MQSC is no assurance the channel is
functioning normally. You need to actually send a message across it. I
suggest you create an inbound/outbound channel pair;
It is expensive, but remember that you do not have to administer MQ at the
client location. That brings to cost of ownership down a bit.
Phil
|-+---
| | Wyatt, T. Rob |
| | [EMAIL PROTECTED]|
| |
Just a guess, but if you executed the 'mqver' as a system command, the
reply may give you a hint. I don't believe, the command comes with a client
install.
Name:WebSphere MQ
Version: 530.3 CSD03
CMVC level: p530-CSD03J
BuildType: IKAP - (Production)
Jeff
I suggest, if you follow this technique, you load the Server Libs first,
since it is not unusual to install both libraries.
John Scott
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
.CO.UK cc:
Has anyone seen this new product announcement ? It appears to be plain MQ,
but for Windows or Linux.
Check this out:
http://www-3.ibm.com/fcgi-bin/common/ssi/ssialias?infotype=ansubtype=caappname=Demonstrationhtmlfid=897/ENUS203-258
Would anyone from IBM care to explain the differences
Good Grief Charlie Brown,
You're right. Seems like the majority of the functionality is the same,
they're just reacting to a fundamental change in computer manufacturing,
where now there can be very many CPUs (70). The pricing method is
becoming obsolete.
(Embedded image moved to file:
Check the Performance guide for Websphere MQ of your particular platform...
KANE, TOM M
(SBCSI) To: [EMAIL PROTECTED]
[EMAIL PROTECTED] cc:
Sent by: MQSeriesSubject:
Does anyone know where and when the next MQ Tech Conference is for the US ?
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market
Pavel,
The SSLPEER parameter is actually a filter. Therefore you can code it like
SSLPEER(CN=APPL*, O=MYCompany, OU=Any*, C=US). This will then permit any
CN prefixed by APPL and any OU prefix by Any. By using the filter you
can service and validate many different Distinguished Names
Pavel,
I actually build a Security Exit to address your concern. It checks either
the incoming IP address or the incoming SSLPEER against a list of SSLPEER
(Distinguished Names) and/or IP addresses, and then assigns a corresponding
user id to the MCAUSER field. The exit can also be used to
I wouldn't use AMI since it is being dropped from support...
[EMAIL PROTECTED]
ITICORP.COM To: [EMAIL PROTECTED]
Sent by: MQSeriescc:
List Subject: Re:
Thank you all for replying... The behavior is rather strange. Does anyone
know why the WMQ Design resets the stats after they've been listed ?
mikhail malamud
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
.NET
Paul All !
After requesting the Queue Stats, if I cancel and re-display the INPUT
stats have been reset when I haven't requested a reset. Am I missing
something ?
I have the initial-refreash turned on. The point is, if I want to just
look at the stats without resetting them. How do I
your security requirements can
become quite difficult.
Philip DiStefano
IBM Certified Solutions Expert - MQSeries
IBM Certified Developer - MQSeries
IBM Certified Specialist - MQSeries
|-+
| | Heggie, Peter |
| | [EMAIL
Paul,
Nice job implementing SSL for MO71. I've tried all aspects including CRL
and all worked fine.
Thanks !
Phil
Paul Clarke
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
IBM.COM cc:
FYI...
There's another wrinkle to the MCAUSER field. This field is also available
on SENDER/SERVER channels, implying that a security exit could change the
id to something other than mqm. Unfortunately, that's not how it works and
therefore, the affect of setting the MCAUSER field on the these
If the cert is issued in PKCS12 format then that file can be given to as
many entities, and SSL will let it pass. This is true even if you set the
SSLPEER, use SSLAUTH(Required), even if you do CRL checking. you may want
to check the incoming IP address using a security exit.
Don,
Well it's one way for an application to process any number of unknown named
queues...
Thomas, Don
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
OM cc:
Sent by: MQSeries
I agree with Paval on the DLQ issue. Unless you are prepared to process
the DLQ and your applications can suffer both delayed and out of sequence
messages you really shouldn't use on. Also, if some errant queue manager
is sending your queue manager messages to queues which do not exist, the
Hi Pete ! Long time...
After the program processes the Queue named in MQTMC2, does it close the
queue ? If not, then MQ will not issue a new trigger message.
Is the program multi-threaded? if not, then you're causing a bottle neck
for other trigger messages for other queues.
It might be more
Well, if there were and they too would pay the relocation costs, I'd be the
first on line for it. I LOVED Australia.
[EMAIL PROTECTED]
.AU To: [EMAIL PROTECTED]
Sent by: MQSeriescc:
WMQers,
Besides Bristol's Transaction Vision, what other message tracking software
is available in the market ?
Thank you for your input !
Phil
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial
Glen Robert... Thank you for your reply.
WMQers !
Thanks for the data. Has anyone used any of these products ? I'm trying
to flesh out a requirements document. Thus far I'll research...
1. Transaction Vision, by Bristol
2. Q'Nami, by MQSoftware
3. InStream, by UniTech
Wyatt,
StatWatch ? Who is the developer ?
Wyatt, T. Rob
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
MERICA.COM cc:
Sent by: MQSeries Subject: Re: Message Tracking
Peter,
Does it use exits (channel or API xing) to obtain the data ? What
mechanism (if you know) ?
Thanks,
Phil
peter d
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
NE.NET cc:
That's what I thought. Thanks! One more question. Does it also use its
own Security Exit ?
Philip DiStefano
IBM Certified Solutions Expert - MQSeries
IBM Certified Developer - MQSeries
IBM Certified Specialist - MQSeries
peter d
[EMAIL PROTECTED
The Max Msg also depends upon the MaxMsgSize of the corresponding Channel
Definition (of a channel is used).
Roger Lacroix
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
ALWARE.BIZ cc:
Well, when using dots MQ creates its queue file directory with !.
Wyatt, T. Rob
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
MERICA.COM cc:
Sent by: MQSeries Subject:
Yes, it was about at that time Congress was convinced to change the
emigration laws, by creating the H-1B and L1 visas. These permits firms to
temporarily bring foreign born professionals into the US to handle this
extra work. Now, however, the H-1B and L1 temps are still in the US.
At what
Comprehensive as usual !
Gary Ward
[EMAIL PROTECTED]To: [EMAIL PROTECTED]
A.NET cc:
Sent by: MQSeriesSubject: MQ software evolution - fill
in the gaps?
Fellow WMQers,
Now that we've gained some experience I would like to share some
observations and, hopefully, confirmation on them.
It seems to me, that if you stop an outbound channel, a RESET becomes
needed since, on occasion, the sender channels sequence number is, some
how, set back to 1.
1 - 100 of 141 matches
Mail list logo