I do see in QM log:The call to initialize the User ID 'msgw' failed withReason 2035.If an MQCSP block was used, the User ID in the MQCSP block was

Question

I do see below log in queue manager error log : AMQ9557: Queue Manager User ID initialization failed for 'msgw' EXPLANATION: The call to initialize the User ID 'msgw' failed with CompCode 2 and Reason 2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. ACTION: Correct the error and try again.

Did the same setup on QA environment, but there was no such error in the log. Please advise.

I have installed MQ version 8 on rhel7 : 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 15 17:36:42 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux when the application is trying to connect they are getting MQRC 2538. When I check my logs I saw the above mentioned error. All permissions are present on queue manager and queue level.

Application should be able to connect to the queue manager without any errors in queue manager log

Answer 1

The error code usually means that the queue manager has been created to use the Object Authority Manager (OAM). By default the queue manager is created this way and will attempt to authenticate each user against the credentials on the node where the MQ server is running.

We have other authentications methods in place before users can execute our applications, so we don't want any connecting user authenticated against the OS credentials where the MQ server is running. Therefore we export this environment variable:

export MQSNOAUT=yes

just prior to issuing the 'crtmqm' command to create the queue manager.

You will see these entries in you qm.ini file if the queue manager has been created with OAM enabled: .

Service:
    Name=AuthorizationService
    EntryPoints=14 
ServiceComponent:
    Service=AuthorizationService
    Name=MQSeries.UNIX.auth.service
    Module=amqzfu
    ComponentDataSize=0

If these entries aren't there, then the queue manager was created with OAM disabled.

Answer 2

This resolves most of the 2035 authentication issue, without disabling chlauth.

Create a new user on your computer, for instance – testuser Set that user as the MCAuser of your channel. (Go to channel properties and set testuser as your MCAuser

Go to your Queue manager -> Right click -> Object authorities -> Manage Create Authorities. Then click on New, and put the user name under entity. Select all, and execute all the commands

Under Object authorities of Queue manager we also have Manage Queue manager authority records, click on it, then click on new. Put the user name(testuser) as your entity, and select all to execute all the commands

Go to your Queue -> Right click -> Object authorities -> Manage Queue authority records. Perform the same actions as above for the queue that you are using (select it under specific profiles)

Go to your channel -> Right click -> Object authorities -> Manage Channel authority records. Perform the same as above.

Restart your queue manager or, perform the following in command line Runmqsc

Refresh security(*)

End