Tuesday, March 15, 2011

AMQ4036 Error connecting to queue manager on Linux using MQ Explorer or RFHUTILC

Issue: MQ Explorer fails to connect to a Queue manager located on Linux server. Fails with error AMQ4036 : Access not permitted. You are not authorized to perform this operation

Setup:

User has two IDs.
• Linux user ID: j1234d
• Windows ID: mydomain\jdove

Queue Manager (QM1) is on Linux machine and the Linux ID “j1234d” has access to the queue manager.
MQ Explorer is on Windows machine where the user is logged on with Windows ID “mydomain\jdove”.
When user tries to connect to QM1 from Windows machine using MQ Explorer, he/she gets the following error.

Resolution:

MQ Explorer makes a client connection and the credentials passed to the QM1 on Linux server would be “mydomain\jdove”. Since the ID “mydomain\jdove” is not defined on the Linux server, it fails to get authenticated.

Simple way to resolve:

1. Create ID “j1234d” on your Windows machine and use MQ Explorer to connect to the QM1 on Linux Server

However above fix would need you to log off current Windows session and sign in as “j1234d”. This is a pain.
Instead, do the following:

Create ID “j1234d” on your Windows machine and use MQ Explorer to connect to the QM1 on Linux Server
Create a Windows batch script as shown :

set APPDATA=

runas /env /user: "strmqcfg -d"

So for the above example it would be:

set APPDATA=D:\mqeclipse\mqcm5dev

runas /env /user:j1234d "strmqcfg -d"

When you run the above script, at the prompt enter the password you have set for the id you created for id ‘j1234d’
The runas  command makes the MQ Explorer to run under the local id which is the equivalent of the Linux id. When we run the MQ Explorer process under the id , the credentials will be passed as is ( eg:’j1234d’) and you will be able to connect to the queue manager since this ID on Linux server has access to the queue manager QM1.

The same solution can be used  if you are getting error "Not authorized" with RFHUTILC utility. The following screen shows the error.
Use the above approach to circumvent the error.
Hope this helps!!!



No comments: