0

I am trying to connect to a remote Enterprise MQ server using JMS in Spring boot. When I try to connect to a local MQ, I am able to make the connection and send messages, but the same code doesnt work for the remote MQ. Below are the error details -

Caused by: com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'MQGWD2' with connection mode 'Client' and host name 'mqcad1.sdde.deere.com(2171)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
    at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:531)
    at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:215)
    at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:424)
    at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:8475)
    at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:7815)
    at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl._createConnection(JmsConnectionFactoryImpl.java:303)
    at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:236)
    at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6016)
    at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQueueConnectionFactory.java:136)
    at com.ibm.mq.jms.MQQueueConnectionFactory.createConnection(MQQueueConnectionFactory.java:209)
    at org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter.doCreateConnection(UserCredentialsConnectionFactoryAdapter.java:188)
    at org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter.createConnection(UserCredentialsConnectionFactoryAdapter.java:162)
    at org.springframework.jms.connection.SingleConnectionFactory.doCreateConnection(SingleConnectionFactory.java:428)
    at org.springframework.jms.connection.SingleConnectionFactory.initConnection(SingleConnectionFactory.java:353)
    at org.springframework.jms.connection.SingleConnectionFactory.getConnection(SingleConnectionFactory.java:328)
    at org.springframework.jms.connection.SingleConnectionFactory.createConnection(SingleConnectionFactory.java:243)
    at org.springframework.jms.support.JmsAccessor.createConnection(JmsAccessor.java:197)
    at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:494)
    ... 53 more
Caused by: com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
    at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203)

Please note , for local MQ server I use - admin,passw0rd as the credentials which are set by default. For Enterprise MQ, we have created an application ID and gained access to the MQ using this appID. I am giving all the details - queue manager, host, port, channel, queue name and username(appID) and password while hitting the queue.

My question is - the same code is working for local queue but I get unauthorized when I hit the remote one. Also , we do not get any error logs for the remote MQ, so it is quite difficult to debug the reason for getting Unauthorized Error. Could anyone help in this regard? Any inputs will really be helpful. What changes when we hit the remote MQ?

I have only 2 files -

properties -

ibm.mq.queueManager=QM1
ibm.mq.channel=DEV.ADMIN.SVRCONN
ibm.mq.connName=localhost(1414)
ibm.mq.user=admin(this is replaced by appID when I hit remote MQ)
ibm.mq.password=passw0rd(pwd for appID in case of remote MQ)

Created a test controller -

@EnableJms
@Component
@RestController
public class SendMessage {
    
    @Autowired
    JmsTemplate jmsTemplate;
    
    @GetMapping("send")
    String send(){
        try{
            jmsTemplate.convertAndSend("DEV.QUEUE.1", "Hello World!");
            return "OK";
        }catch(JmsException ex){
            return "FAIL";
        }
    }
JoshMc
  • 10,239
  • 2
  • 19
  • 38
Sugandha Mishra
  • 69
  • 7
  • It is deliberate that debugging "not authorized" is difficult if you have no access to the server side error logs, otherwise MQ would be easy to hack into. To resolve your issue you must take a look at the queue manager (server side) error logs. – Morag Hughson Jul 23 '23 at 06:36
  • There is another team which handles the access to error logs. I will confirm with them. Is it ever possible that Unauthorized type of errors never reach the MQ server error logs? – Sugandha Mishra Jul 23 '23 at 07:08
  • What version of MQ is running on the Enterprise MQ server? There should be something logged in the queries managers AMQERR01.LOG file on any recent version. – JoshMc Jul 23 '23 at 07:19
  • The only case I know of where you could get 2035 client side with no queue manager log is if you are using a client side security exit which fails, for example mqccred where the mqccred.ini is not locked down. – JoshMc Jul 23 '23 at 07:23

0 Answers0