MQGem Software is a small company dedicated to providing affordable IBM MQ services and utilities. The company name reflects that each tool/program created is a little gem. The company was founded in 2012 by Paul Clarke, a former member of the IBM MQ Development team, and provides:
- Design reviews
This blog is going to provide small tutorials, step-by-step instructions, feature highlights (“Did you know you could do this?”) about our gems, and any other interesting posts we can think of!
Choose to read posts about the product you are interested in from the menu bar.
You can follow MQGem Software on our various social media channels as well as following our blog, or drop us an email.
Could MO71 be used or customized to support MQ self service operations?
Yes, you can disable unwanted options to reduce menu clutter as well.
I tried to use amqsslc sample program on MQ but it’s failing with MQCONNX FAILED WITH mqrc 2393 ssl initialization error
MQ version is 9
Cipher spec used is TLS 1.2 AES 256 SHA 256
JRE version : IBM : version 8
The client AMQERR01.LOG will have an error message showing more detail about why the 2393 reason code was given. Please look in there and see what it shows.
I am using the mq client on the same machine where queue manager is hosted
Exported the MQ server variable
Error log says
AMQ9641: Remote CipherSpec error for channel TEST.ASL
Even the amqsputc fails with the same reason 2393
The command I used is
./amqssslc -m TEST -c TEST.ASL -x ‘localhost(4540)’ -k “/var/mqm/qmgrs/TEST/ssl/key” -s TLS_RSA_WITH_AES_256_CBC_SHA256
If you read the Response text of that error message it says, “Review the error logs on the remote system to discover the problem with the CipherSpec.”
So, what does the queue manager error log say?
AMQ9641: Remote CipherSpec error for channel TEST.ASL is from /var/mqm/errors/AMQERROR1.log . Nothing logged in Queue Manager log
I am using the MQ client on the same machine on which Queue Manager is hosted .
The error you showed from the client error log will certainly have a matching message in a queue manager error log somewhere. This suggests that your client channel did not connect to the TCP listener you intended it to. Therefore the error message we are looking for is in another queue manager error log somewhere else. Do you have other queue managers on the same hostname? Can you check their error logs too.
Is there a tool that can look at channel events from CHLAUTH rules in WARN mode (or look at channel status info) and generate the channel auth commands to create rules for the channels/IP addresses in question? We want to legitimise access that is currently being used, before enforcing the backstop rule.
I’m not aware of any tool that will process the particular sequence you are looking for. However, you may have seen our recent announcement of a closed beta for a new product that will work with MQ Events. This product will allow you to catch ANY MQ event and process it in any number of ways. It has the MQSCX control language built in to allow you to write scripts to do literally anything you can think of. So for example, it could automatically construct and issue MQSC commands, or write them to a file to review before issuing, using the data in an event message, e.g. MQRC_CHANNEL_BLOCKED_WARNING in your case.
If this product is of interest to you, let us know and we could get you on the beta.
I may have a little play with writing the script in question, and drop you a line later with an example of the above!
Active MQ has something called mirrormaker that replicates messages across datacenter. Is there a similar product for IBM MQ that can do this? We host a huge IBM MQ and wondering what options there are to do message replication across datacenter! Appreciate your response in advance.
MQGem Software has two products that could do this. QLOAD and Q. Here are two simple example commands of how you could run each to browse messages off one queue on the source queue manager, and put them to the same named queue on the destination queue manager.
qload -m MQG1 -i Q1 -m MQG2 -o Q1
q -xb -m MQG1 -i Q1 -m MQG2 -o Q1
You can add a wait interval, e.g. -w 600, so that the program waits around for more messages, or trigger the program to run whenever messages turn up on the queue.
Both programs have a number of other features, especially QLOAD which is very much designed for message manipulations. You can filter messages that meet certain criteria, send the output to multiple queues, read in from multiple queues, etc.
I suggest the best idea would be for you to try it out yourself. To that end, please do send an email to email@example.com to request a trial licence of both products and try them out.
MQSC window in MO71 appears to only allow one-line commands. It doesn’t recognize any command after the continuation mark (-). Is there a way to run more than one command on the MQSC line?
Characters such as + and – aren’t really appropriate for a single line entry. As such you can only use them in file() mode in the MQSC window. However, if you are just typing in the single line at the top then you can enter multiple commands by separating them with ‘;’. If you take a look at the table in the MQSC window section of the manual it explains what options you have.