连接到 MQ 时出现错误“2035”(“MQRC_NOT_AUTHORIZED”)
[英]Error '2035' ('MQRC_NOT_AUTHORIZED') While Connecting to MQ
问题描述
I am getting this error while connecting to IBM MQ.
我在连接到 IBM MQ 时收到此错误。 I know that this is because of privileges, but is there any way just to check the connection with IBM MQ?我知道这是因为特权,但有什么方法可以检查与 IBM MQ 的连接吗?
Please suggest.请建议。
9 个解决方案
解决方案1
6 2011-02-26 03:50:18
The 2035 suggests that your connection is getting to the QMgr. 2035年表明您的连接正在进入QMgr。 If you had the wrong channel name, host or port you would get back a 2059. The 2035 means that the connection made it to the listener, found a channel of the name that was requested and attempted a connection. 如果您有错误的频道名称,主机或端口,您将获得2059. 2035意味着连接使其成为侦听器,找到了请求的名称的通道并尝试连接。
If you want to test past this point it will be necessary to either authorize the ID that you are using to connect or to put an authorized ID in the MCAUSER attribute of the channel. 如果要测试超过此点,则需要授权用于连接的ID或将授权ID放入通道的MCAUSER属性中。
For a detailed explanation of how the WMQ security works on client channels, see the WMQ Base Hardening presentation at http://t-rob.net/links . 有关WMQ安全性如何在客户端通道上工作的详细说明,请参阅http://t-rob.net/links上的WMQ Base Hardening演示文稿。
解决方案2
4 2011-04-30 19:28:25
If you enable authorization messages then the 2035 will show up in the event queue. 如果启用授权消息,则2035将显示在事件队列中。 Then you can look at the message and see what ID was used to connect and what options were used too. 然后,您可以查看消息并查看用于连接的ID以及使用的选项。 The 2035 might be because you asked for set authority on the queue manager or something else you aren't supposed to have. 2035可能是因为您要求对队列管理器设置权限或者其他您不应该拥有的权限。 The authorization messages wil show you that. 授权消息将告诉你。
解决方案3
2 2014-03-03 10:58:26
You can also resolve this By setting mcauser('mqm') .. i was able to overcome 2035 error. 你也可以解决这个问题通过设置mcauser('mqm')..我能够克服2035错误。
Define channel (channel1) chltype (svrconn) trptype (tcp) mcauser(‘mqm’)
Esp thanx to my SENIOR Bilal Ahmad (PSE) Esp thanx到我的SENIOR Bilal Ahmad(PSE)
解决方案4
0 2011-02-24 08:11:31
您必须与MQ管理员一起检查权限。
解决方案5
0 2018-08-28 16:10:21
I have been struggling with this for ages too. 我也一直在努力解决这个问题。 Eventually I found this solution. 最终我找到了这个解决方案。 (If you can call turning off authentication a solution.) (如果您可以调用关闭身份验证解决方案。)
I am using version - IBM Websphere 9.1.0.201807091223 我正在使用的版本 - IBM Websphere 9.1.0.201807091223
From IBM's website they advise turning connection authentication off!!! 从IBM的网站上,他们建议关闭连接验证!
Resolving the problem Disable channel authentication
You will need to disable connection authentication, at least temporarily.
Steps to disable connection authentication: Open MQ command console and type runmqsc ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(NONE) CHCKLOCL(NONE) Restart the queue manager for this change to take effect.
Source http://www-01.ibm.com/support/docview.wss?uid=swg21962081 来源http://www-01.ibm.com/support/docview.wss?uid=swg21962081
解决方案6
0 2022-03-17 10:13:39
On this topic if you are using MQSeries 9.1 in a test or development environment you can disable channel authentication with the following approach: .关于这个主题,如果您在测试或开发环境中使用 MQSeries 9.1,您可以使用以下方法禁用通道身份验证:。 Launch MQ command line utility with the following: runmqsc (for example runmqsc QM1).使用以下命令启动 MQ 命令行实用程序:runmqsc(例如 runmqsc QM1)。 Disable authentication for all channels with the following command ALTER QMGR CHLAUTH (DISABLED)使用以下命令禁用所有通道的身份验证 ALTER QMGR CHLAUTH (DISABLED)
解决方案7
-1 2012-07-19 11:46:50
For a Q/Q-manager running on Windows, you may have to create the user on the Q/Q-manager machine [ie create a user on the Q-machine to match the user on the Q-client machine], and then add that user to the 'mqm' group on that machine. 对于在Windows上运行的Q / Q管理器,您可能必须在Q / Q管理器计算机上创建用户[即在Q计算机上创建用户以匹配Q客户端计算机上的用户],然后将该用户添加到该计算机上的“mqm”组。
Steps: 脚步:
Ensure that the domain user that is being used to create the Q CLIENT [ie the user that the Q-client app is running under] also exists on the box with the Q/Q-manager.
确保用于创建Q CLIENT的域用户[即运行Q-client应用程序的用户]也存在于Q / Q-manager的框中。 You may be able to just create a local user on the Q/Q-manager box [, or you may have to do some more complicated creation of an Active Directory user - I can't help you there]. 您可以在Q / Q-manager框中创建一个本地用户[,或者您可能需要做一些更复杂的Active Directory用户创建 - 我无法帮助您]。 On the Q/Q-manager box, add the user you have just created [or the existing one, if it already exists] to the mqm group.
在Q / Q-manager框中,将刚创建的用户[或现有用户(如果已存在)添加到mqm组。 [On a Windows server box you will need to use the Microsoft Management Console (1. 'mmc' from the command line, 2. File > Add/Remove SnapOn > Local Users & Groups, 3. add user to group)]. [在Windows服务器上,您需要使用Microsoft管理控制台(1.命令行中的'mmc',2。文件>添加/删除SnapOn>本地用户和组,3。将用户添加到组)]。 The 'mqm' group should already exist on the Q/Q-manager machine. 'mqm'组应该已经存在于Q / Q管理器机器上。
解决方案8
-1 2016-12-05 11:27:13
You can use dspmqaut to check the grant. 您可以使用dspmqaut来检查授权。 Below is the sample to give user poc access to Queue Manager QM1 and Queue LQ1 下面是用户poc访问Queue Manager QM1和Queue LQ1的示例
# check the access right of user POC to QM1
dspmqaut -m QM1 -n LQ1 -t q -p poc
# if you want to give access, you should use
setmqaut -m QM1 -n LQ1 -t q -p poc <access Types>
# eg (put everything - in the real live scenario, choose only what you want to grant) :
setmqaut -m QM1 -n LQ1 -t q -p poc +put +get +browse +inq +set +crt +dlt +chg +dsp +passid +setid +setall +clr
Then dont forget to restart QM1 with 然后别忘了重新启动QM1
endmqm -i QM1
strmqm QM1
Finally, you should be able to proceed without error 2035. 最后,您应该能够无错误地继续前进2035。
解决方案9
-1 2022-05-31 08:19:07
Error MQRC 2035 basically means that your application has been able to connect to the queue manager, however due to certain absence of permissions/authorizations, it was unable to put/get/publish/subscribe messages.错误 MQRC 2035 基本上意味着您的应用程序已经能够连接到队列管理器,但是由于某些权限/授权的缺失,它无法放置/获取/发布/订阅消息。
To resolve this, at first, try these steps in order to disable the authorizations from queue manager and channel.要解决此问题,首先,尝试这些步骤以禁用来自队列管理器和通道的授权。 Use this only if it isn't a production queue manager.仅当它不是生产队列管理器时才使用它。
Always check the queue manager logs.
始终检查队列管理器日志。 It tells you exactly where you need to look into, and resolve the issue.它准确地告诉您需要调查和解决问题的位置。In this case, generally, you can issue the following commands after doing a runmqsc on the queue manager:
在这种情况下,通常,您可以在队列管理器上运行 runmqsc 后发出以下命令:ALTER QMGR CHLAUTH(DISABLED)
Then set the chckclnt object(under authinfo) to optional然后将 chckclnt 对象(在 authinfo 下)设置为可选
DISPLAY QMGR CONNAUTH DISPLAY AUTHINFO(name-from-above) ALL //name from the first commands ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) ADOPTCTX(YES) ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL) REFRESH SECURITY TYPE(CONNAUTH)SET CHLAUTH('*') TYPE(BLOCKUSER) ACTION(REMOVEALL)This helps remove any blocks that the channel is creating against any user.
这有助于删除频道针对任何用户创建的任何块。SET CHLAUTH(your channel name) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL)
This should resolve your issue, since we have disabled every authorization that an application has to pass in order to do anything on a queue manager.这应该可以解决您的问题,因为我们已经禁用了应用程序必须通过才能在队列管理器上执行任何操作的所有授权。
Now, in case you are using a production queue manager, NEVER remove authorizations.现在,如果您使用的是生产队列管理器,切勿删除授权。 Go, and right click on any QM that you have configured in your MQ explorer. Go,然后右键单击您在 MQ 资源管理器中配置的任何 QM。 Go to the QM authority, and authority records. Go给QM权限,以及权限记录。 Click on create new user, and give the same name as the username your application is using.单击创建新用户,并提供与您的应用程序使用的用户名相同的名称。 Select all the checkboxes, then copy from the space below all the commands that are given. Select 所有复选框,然后从下面的空白处复制所有给出的命令。 Namely, setmqaut.即,setmqaut。 Edit with your queue manager name, and issue them!使用您的队列管理器名称进行编辑,然后发布它们!
----Never give up, the answer is where you have not looked yet-------- ----永不放弃,答案就在你还没看的地方--------
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.