Costa, D. (Damian | 1 Oct 09:37 2014
Picon

MQ eclipse plug in for developers and access into development qmgrs.

Hi all,
I Got a request to grant a user access to view certain queues. the user is using the MQ explorer on eclipse. So
we're getting through it slowly but I'm starting to see access requirements into  queues I  feel might be a
security risk.
As I'm not entirely sure how the MQ admin view works on the explorer is it safe to grant put auth to the
SYSTEM.ADMIN.COMMAND.QUEUE so the use can view his queues?

Ta.

********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Costa, D. (Damian | 29 Sep 16:34 2014
Picon

can one block IP 's and use usermaps on the same inbound connection using channel auth rules?

HI all,
 So I was wondering if, using a set of chl auth rules, I can block ranges on IP connecting and map the user to a
valid users on an inbound connection at the same time?
Ie check that the connection is coming from a  particular IP range and validate the inbound client user ID as well?
 thanks

********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Eileen Duchane | 26 Sep 23:03 2014
Picon

Using DB2 MQ Listener to invoke stored procedures instead of CICS?

Has
anybody used the DB2 MQ Listener to invoke stored procedures for messages
arriving on a queue in place of triggering a CICS transaction?  Any gotchas?  

Somebody is suggesting we look into methods to eliminate CICS usage for
one of our high volume CICS apps to reduce costs.  I believe this might be one mechanism they
are thinking we could use.   
Eileen Duchane

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Paul Clarke | 26 Sep 20:08 2014

MQSCX Version 8.0.0 Available

Hi,

 

I am pleased to announce that, after a successful Beta program, Version 8.0.0 of MQSCX is now available at http://www.mqgem.com/mqscx_download.html

 

Many thanks to those of you who have fed back suggestions and bug reports during the Beta.

 

MQSCX Version 8.0 introduces a number of improvements over the previous version:

 

  • CCDT Editing
    Let’s you create, edit and merge CCDT files of any MQ version.

  • MQSC Control Language
    Extends the static MQSC command language to easily allow dynamic scripts to be written which respond to Command Server responses.

  • Namelist manipulation
    In MQSC namelists are awkward to use. Adding and removing items from the list require you specify the whole list. Now, with MQSCX you need only specify the changes you wish.

  • MQ V8 Support
    Although, of course, it will still run against any previous version of MQ

 

Anyone with a licence for a previous version of MQSCX can download and start using the new version immediately at no additional cost.

 

If anyone would like to try out this version then please send a request to support-PvZknbXPofMAvxtiuMwx3w@public.gmane.org for a one month trial licence provided free with no obligation to buy.

 

Cheers,

Paul.

 
Paul Clarke

MQGem Software Limited
www.mqgem.com

List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Omen Blue | 26 Sep 19:49 2014
Picon

MQ Presentations 9/29 and 9/30

Avada Software's Product Manager and Innovation Pioneer, Peter D'Agosta, will be presenting 3 sessions at the MQ Technical Conference in Sandusky Ohio next week.


-  'The Value of Visibility Amongst Interconnected Middleware Assets'
Monday at 11:15 am


-  'Infrared360 and the Internet of Relevant Things'
Tuesday at 11:15 am


-  'The Value of MQ Stats by Business Unit' **
Monday and Tuesday at 2:10 pm


** Note:   Monday's Session focuses on MQ Stats
               Tuesday's session focuses on FTE and Message Broker Stats



Check out these powerful presentations.  



http://avadasoftware.com/news/?p=72


Enjoy the conference. 

List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

T.Rob | 26 Sep 05:19 2014

Explorer chokes on valid cert Org field

Hi listers,

 

WMQ v8 Server install, Win 64, using whatever JRE comes installed with MQ

I've discovered that MQ's tools will happily create a cert where 'O=IoPT Consulting' but when it is used at the QMgr, Explorer chokes on it returns 2397.  In fact, it seems that *any* organization field containing an embedded space causes chokage.

 

I do not currently have a customer with an MQ support contract and can't open a PMR.  So before I go down the road of trying to report this, has anyone out there already reported it?  Do you have a PMR number that I can reference?  

 

Thanks -- T.Rob

 

T.Robert Wyatt, Managing partner

IoPT Consulting, LLC

+1 704-443-TROB US Voice/Text

+44 (0) 8714 089 546  UK Voice

https://ioptconsulting.com

https://twitter.com/tdotrob

 


List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

T.Rob | 25 Sep 14:54 2014

Windoze

> Install that, reboot (its Windoze), then apply Fix 7.5.0.4 (which includes
> all 7.5.0.3 fixes as well), reboot, and you should be good.

Actually, reboot *before* installing anything on Windoze, as well as after.

Consider the case that the last person to install something perhaps didn't
reboot after.  That means the last good registry backup is *before* their
install.  So then you go to install WMQ and the install hangs so you reboot,
retry the install and go on about your business.  Except that the last thing
is now Uninstalled due to the restore of the registry and "MQ broke my
application!"

Or perhaps the server has something with a memory leak or that is otherwise
ill-behaved.  Again, anything that causes the install of MQ to coincide with
the crash of some other component becomes "MQ broke my application!"  A
fresh boot resolves any issues with memory leaks or other cumulative,
degenerative OS instability to the extent possible.  That makes it more
likely your install will sail through.

I always recommend doing a reboot of the Windows server before changing
anything on it.  That backs up the registry and if anything fails to come up
it cannot possibly be "MQ broke my application!"  It might be "the MQ admin
broke my application!" but at least that's something I'm prepared to defend
without an extended root cause analysis. Sometimes my recommended procedure
isn't followed and the install goes smoothly.  However, that recommendation
has saved my butt on many occasions when it wasn't followed and the install
augured into the ground at high speeds and caused an outage.

Kind regards,
-- T.Rob

T.Robert Wyatt, Managing partner
IoPT Consulting, LLC
+1 704-443-TROB
https://ioptconsulting.com
https://twitter.com/tdotrob

> -----Original Message-----
> From: MQSeries List
[mailto:MQSERIES@...] On Behalf
> Of Potkay, Peter M (CTO Architecture + Engineering)
> Sent: Thursday, September 25, 2014 7:26 AM
> To: MQSERIES@...
> Subject: Re: Need MQ V 7.5.0.1 refresh pack or higher to install on wintel
> OS 2012 only finding fix packs
> 
> Damian,
> On Passport Advantage you'll find MQ 7.5.0.2 for Windows, under item #
> CIN8JML. That is the full MQ install: 7.5.0.0 + all the fixes in 7.5.0.1
> and 7.5.0.2, all bundled up into one new base version called 7.5.0.2.
> 
> Install that, reboot (its Windoze), then apply Fix 7.5.0.4 (which includes
> all 7.5.0.3 fixes as well), reboot, and you should be good.
> 
> 
> 
> Peter Potkay
> 
> 
> -----Original Message-----
> From: MQSeries List
[mailto:MQSERIES@...] On Behalf
> Of Costa, D. (Damian)
> Sent: Thursday, September 25, 2014 6:29 AM
> To: MQSERIES@...
> Subject: Re: Need MQ V 7.5.0.1 refresh pack or higher to install on wintel
> OS 2012 only finding fix packs
> 
> Ok so I went for the 7.5.0.4 thinking it would  be the same story as for
> v7.5.0.1.
>  Alas v 7.5.0.4 is also only a fix pack.  It gave us only two options:
> 1: load files only or
> 2: load files and apply fix pack to existing MQ installation.
> 
> Would it work to upgrade a v 7.1 with a fix pack of v 7.5.0.4? my
> intuition says only disaster can occur if we try it like this....
> 
> So our only option is: install v 7 .5.0.1? and never update the MQ install
> .
> Something doesn't add up here?
> 
> 
> > -----Original Message-----
> > From: MQSeries List
[mailto:MQSERIES@...] On
> > Behalf Of Paul Meekin
> > Sent: 23 September 2014 12:54 PM
> > To: MQSERIES@...
> > Subject: Re: Need MQ V 7.5.0.1 refresh pack or higher to install on
> > wintel OS
> > 2012 only finding fix packs
> >
> > Hi Damian,
> >
> > MQ 7.5.0.1 is a base level install so you should be able to install
> > that .exe directly onto a clean system.
> >
> > Cheers,
> > Paul
> >
> >
> >
> > From:	"Costa, D. (Damian)" <DamianC@...>
> > To:	MQSERIES@...
> > Date:	23/09/2014 11:44
> > Subject:	Need MQ V 7.5.0.1 refresh pack or higher to install on
wintel
> >             OS 2012  only finding fix packs
> > Sent by:	MQSeries List <MQSERIES@...>
> >
> >
> >
> > Hi all,
> >  I'm on the IBM site logged into passport advantage trying to find a
> > wintel version 7.5.0.1 or higher refresh pack that will install
> > standalone without starting at 7.5 and applying a fix pack.
> > I have to do this because Wintel OS 2012 is only supported IFF MQ is
> > installed one time to version 7.5.0.1 or higher.
> >
> > So I'm going around in circles here trying to find an installable
> > download of version 7.5.0.1 or higher.
> > I used this string as a search criteria: " MQ V 7.5.0.1 Refresh Pack"
> > but all I get are fix pack releases.
> >
> > What am I doing wrong here?
> >
> >  Ta.
> >
> >
> >
> >
> > ************************************************************
> > HSBC Bank plc
> > Registered Office: 8 Canada Square, London E14 5HQ Registered in
> > England - Number 14259 Authorised by the Prudential Regulation
> > Authority and regulated by the Financial Conduct Authority and the
> > Prudential Regulation Authority
> > ************************************************************
> >
> > -----------------------------------------
> > SAVE PAPER - THINK BEFORE YOU PRINT!
> >
> > This E-mail is confidential.
> >
> > It may also be legally privileged. If you are not the addressee you
> > may not copy, forward, disclose or use any part of it. If you have
> > received this message in error, please delete it and all copies from
> > your system and notify the sender immediately by return E-mail.
> >
> > Internet communications cannot be guaranteed to be timely secure,
> > error or virus-free. The sender does not accept liability for any errors
> or omissions.
> >
> > To unsubscribe, write to
LISTSERV@... and, in
> > the message body (not the subject), write: SIGNOFF MQSERIES
> > Instructions for managing your mailing list subscription are provided
> > in the Listserv General Users Guide available at http://www.lsoft.com
> > Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
> 
> ********************
> Nedbank Limited Reg No 1951/000009/06. The following link displays the
> names of the Nedbank Board of Directors and Company Secretary.
> [ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ] This email is
> confidential and is intended for the addressee only.
> The following link will take you to Nedbank's legal notice.
> [ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
> ********************
> 
> To unsubscribe, write to
LISTSERV@... and, in the
> message body (not the subject), write: SIGNOFF MQSERIES Instructions for
> managing your mailing list subscription are provided in the Listserv
> General Users Guide available at http://www.lsoft.com
> Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
> 
> ************************************************************
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information.  If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited.  If you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, delete this communication and destroy all copies.
> ************************************************************
> 
> To unsubscribe, write to
LISTSERV@... and, in the
> message body (not the subject), write: SIGNOFF MQSERIES Instructions for
> managing your mailing list subscription are provided in the Listserv
> General Users Guide available at http://www.lsoft.com
> Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Umapathy Subburam | 24 Sep 17:20 2014
Picon

SSL vs TLS cipherspec on channels

Hi,

 

I have a JMS application that currently uses SSL_RSA_WITH_DES_CBC_SHA ciphersuite to connect to a queue manager.  The SVRCONN channel has DES_SHA_EXPORT as the cipher.  This works fine.

 

With DES_SHA_EXPORT is no more supported on MQ 8, I am trying whether I can use the same ciphersuite but switch to a different cipherspec.  Setting SVRCONN channel cipherspec to TLS_RSA_WITH_DES_CBC_SHA doesn’t work. 

The qmgr is running 7.0.1.11

 

Qmgr reports

AMQ9631: The CipherSpec negotiated during the SSL handshake does not match the

required CipherSpec for channel 'S_ACPTTEST2'.

 

EXPLANATION:

There is a mismatch between the CipherSpecs on the local and remote ends of

channel 'S_ACPTTEST2'. The channel will not run until this mismatch is

resolved. The CipherSpec required in the local channel definition is

'TLS_RSA_WITH_DES_CBC_SHA'. The name of the CipherSpec negotiated during the

SSL handshake is 'DES_SHA_EXPORT'. A code is displayed if the name of the

negotiated CipherSpec cannot be determined.

 

So I suspect the SSL protocol is still in use.  How and/or where can I set the protocol to TLS?

Sun JDK 7.65 is used. (I thought TLS is the default in Sun JDK)

 

JMS gets its connectionfactory et all configuration from a JNDI file based bindings file (generated through JMSAdmin).  There, the ciphersuite is set to SSL_RSA_WITH_DES_CBC_SHA.

The keystore and certificates are self signed and generated through gsk7cmd.

 

TLS is supported for this ciphersuite in MQ 7.  http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.0.1/com.ibm.mq.xms.doc/concepts/xms_csecure_mapping_wpm.html?lang=en

 

Thanks in advance for any help.

 

Umapathy

 

Java Developer / MQ Administrator



Satellite Information Services Limited. Registered Office: Whitehall Avenue, Kingston, Milton Keynes, Buckinghamshire, MK10 0AX. Company No. 4243307

The information in this email (which includes any files transmitted with it) is confidential and is intended for the addressee only. Unauthorized recipients are required to maintain confidentiality. If you have received this email in error please notify the sender immediately, destroy any copies and delete it from your computer system.



List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Roger Lacroix | 24 Sep 00:43 2014

Re: Queue manager default security Unix script

Hi Tim,

Security script for what?  file permission or user access to queue managers or user access to queues or CHLAUTH or ??

Regards,
Roger Lacroix
Capitalware Inc.


At 04:29 PM 9/23/2014, Tim Zielke wrote:
Hello,
 
I was just curious if anyone was aware of a published script for applying
Tim Zielke | 23 Sep 22:29 2014

Queue manager default security Unix script

Hello,

 

I was just curious if anyone was aware of a published script for applying “default” security to a distributed Unix queue manager.  We do have one in-house, but was just curious if there was anything published or recommended that someone was aware of, that I could compare against.

 

Thanks,

Tim


List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

AkBar Dar | 23 Sep 18:30 2014

MQ SDR Channel won't Start

Channel keep going from Binding to Initializing.  And we are getting TCP error and bad data error.  MQ 7(SDR) is talking to MQ 6(RCV)

 

Receiving QMGR is showing this:

 

AMQ9207: The data received from host '209              |

|   (***.***.*.***)' is not valid

 

 

The return code 10061 stands for ECONNREFUSED. I suggest you involving your OS/Network team on this.

 

 

Regards,

AkBar Dar

 

Telecommute Day: Wednesday

 

Disclaimer This e-mail, and any attached file(s), is intended solely for the use of the individual or entity to whom this e-mail is addressed and may contain information that is privileged, confidential or exempt from disclosure. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from any computer. Any other use, retention, dissemination, retransmission, printing or copying of this e-mail or its contents (including any attached files) is strictly prohibited.
List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com


Gmane