Ravi KPB | 10 Feb 17:42 2016
Picon

command server stopping frequently on MQ V7

Hello Team,

Good Evening!!!

We are seeing a command server stopping frequently these days on MQ V7, but
it is not generating any FDCs and any errors in error logs.

But we are seeing high CPU usage intermittently.

As it is a critical Hub, we are not going with a Queue manager restart.
Would you please shed a light here.

Thanks and Regards,

Kumar

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Voges, P. (Pieter | 10 Feb 15:55 2016
Picon

Re: MQ Appliance - Management Software

Hi Everyone

 

What Management Software is available for the MQ Appliance?

 

1)      According to our Datapower support team, they use ITCAM for Datapower and ITCAM for SOA – can ITCAM be used for the MQ appliance as well.

 

2)      Any other supported management software?

 

3)      I know this has been discussed recently, but please let me know as soon as there is a DR solution available with a High-available setup... (Is there a RFE I can vote for...)

 

 

Thank you.

 

 

 

Pieter Voges

Technical Specialist (Multi Discipline) | Group Technology | Nedbank Limited

12 Olyfenbosch Close Protea-Heights Brackenfell Western-Cape 7560 South Africa |

t +27 (0)21 981 3733  c +27 (0)83 645 5300  <at> pietervo <at> nedbank.co.za

Website: nedbank.co.za

 

 

 

 

THINK BEFORE YOU PRINT - At Nedbank we are committed to minimising environmental impact and encourage the preservation of natural capital.

 

 

 

 


********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************


List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Tim Zielke | 9 Feb 19:27 2016

Client data conversion question

This manual link on data conversion -> http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q027300_.htm?lang=en

 

has the following statement:

 

“If the connected queue manager requires the data to be converted, then conversion is done by the client support code on the queue manager.”

 

Is this statement also correct if the queue manager is using AMS?  I ran across some documentation that seemed to suggest that the data conversion occurs on the client side if the queue manager is using AMS.

 

Thanks,

Tim

 

Tim Zielke | CICS/MQ Systems Programmer

Aon Service Corporation | Aon Technology | Foundational Technologies

4 Overlook Point, Lincolnshire, IL 60069 

t +1.847.295.5000

tim.zielke-VwKEKOxrCg4@public.gmane.org

 


List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Costa, D. (Damian | 9 Feb 13:41 2016
Picon

MQ persistent msgs and the transaction log size requirements

Hi ,
 Just confirming something in my mind:
If someone wants to publish 250K persistent messages of 50k bytes daily to a topic queue  what does my
transaction log requirement look like?

A: Is it 50000 bytes X 250000 msgs  just for the messages excluding log pointers and MQ header records. so
approx. 12 gigs
OR
B: The TX logs only need to be able to handle any inflight uncommitted units of work?

My mind is telling me scenario A means 12 Gigs of tx log and a similar 12 Gig for the queue.

Did I mention they wanted 3 topic queues with similar message sizes and volumes .

What type of time would be required to failover  said qmgr if it were in HA or multi-instance setup? my guess is
the fail over time is significant.

Ta.

********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES

RFE : Enhance information SMF 115

Hello,

 

Please, could you vote this RFE? It would be an enhanced information on SMF 115.

 

http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=83656

 


“The SMF 115, the MQ Statistical data, reports on the number of API requests that have been issued, but it does not report on how many complete with good completion and reason codes.    We would request to include an API success and total counts in the SMF 115.

We know that it is possible to get information on SSMF 116, where ‘valid gets'    and ‘valid puts' are recorded on the individual task, but it gets the global information through SMF 116 is very complex, and we need to spend a lot of    CPU to obtain these data”

 

Thank you

 



AVISO DE CONFIDENCIALIDAD.
Este correo y la información contenida o adjunta al mismo es privada y confidencial y va dirigida exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que contiene información confidencial cuyo uso, copia, reproducción o distribución está expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos lo ponga en conocimiento del emisor y proceda a su eliminación sin copiarlo, imprimirlo o utilizarlo de ningún modo.

CONFIDENTIALITY WARNING.
This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. everis informs to whom it may receive it in error that it contains privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute any portion of this E-mail.

List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

HACMP, MSCS, VCS - How does that "floating" IP Address exactly work

OK, here goes exposing my lack of knowledge with basic networking.

 

Server #1 with IP Address #1

Server #2 with IP Address #2

 

Both servers added into a hardware cluster (say Veritas) where along with the MQ Queue Manager and disk groups, a virtual IP address and virtual DNS name are added as resources in the cluster group that can be active on either Server #1 or Server #2, but never both concurrently. Let’s call this IP Address #3 and DNS name #3

 

 

So the cluster group is started up on Server #1.

An application on my desktop starts up, and tries to connect to DNS name #3. It works, the call to DNS #3 gets routed to Server #1.

 

Now the cluster group is swung from Server #1 to Server #2.

 

As soon as the cluster resources are all online on Server #2, the very next call from my desktop to DNS #3 immediately gets routed to Server #2.

 

How? How is it that one minute DNS name #3 is sending TCP IP packets to Server #1, and the next minute DNS #3 is getting my TCP IP packets to Server #2? Just saying “Its simple, the cluster resources for IP Address #3 and DNS #3 became active on Server #2” is not good enough. How?  How does the network know to send TCP IP packets for DNS#3 and IP Address #3 to Server #1 one minute, and the very next minute the exact same DNS name #3 and IP Address #3 starts routing to another server instead?

 

 

 

 

 

Peter Potkay

 

************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************


List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Costa, D. (Damian | 5 Feb 09:33 2016
Picon

renewing qmgr cert error

Hi all,
 I am attempting to renew a qmgr cert using the ikeymay x11 gui. When I hit the renew request and specify the
location for the cert request and hit OK. The system throws an error about not being able to sign the request.
My guess is it's telling me the CA that originally signed it , can't sign it. Does that mean this cert was never
really functional in the first place?
The Entrust CA cert chain is in the key store.
Should I delete the existing qmgr cert and start from scratch?

Qmgr is at v 7.1.0.3 on AIX v7.1.

If I look through the java error it is stating that " No such security algorithm exists MD5withRSA".
If it doesn't exists how on earth did I generate the qmgr cert in the first place?
Where can I find what security algorithm was used for the original Cert?

Ta.

********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Mohammad Ali | 3 Feb 22:17 2016
Picon

MQ Appliance Virtual Machine Image

Hi All,

Is there a virtual machine image available of the MQ appliance which could be deployed to a cloud service such as AWS or local virtual box? 
I know it sounds unusual but there are some edge cases (particularly when developing) where such a deployment option could be very useful.

(Mo) Mohammad Ali
Software Engineer
LightApps Pty Ltd

LightApps - Creators of Lighthouse software. Modern web based management of messaging systems IBM MQ and Solace - queue browsing, automated configuration deployment and monitoring. 

List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Voges, P. (Pieter | 3 Feb 12:01 2016
Picon

Re: MQ CHANNEL SECURITY - SSL / TLS versus NSS versus MQCSP for Datapower

Hi Everyone

 

Hope to get a response from some hard-core IBM’ers.

 

Sure there will be a good one from T.Rob as well.  

 

Below I described our situation. Basically I am looking for a “cheap” replacement for connecting Datapower (XI52.7.1.0.4)  to Z/OS v2.1 – running in a Queue Sharing Group.

 

As we used NULL_MD5 up and till now, it’s safe to say we only used it for authentication purpose. We will in future be forced to use an encryption /  decryption SSL / TLS Cipher Spec with the associated cost it will incur on Z/OS resources.

 

So during some testing with my Datapower college, we realised there was a Z/OS configurations Tab in Datapower – opening to “Configure NSS Client”.

 

After reading more about this, it seems as if Datapower can open a “secure” connection to Z/OS communication manager through NSS, and RACF can in return authenticate / authorize the Datapower user through SAF.

 

There are also a MQCSP parameter with an user-id and password field – which seems to require a security exit on the QMGR side.

 

-          How “secure” are these options?

-          How often does it happen (authentication) – hopefully only at start-up – as we stop and start quite a lot of client channels during the day?

-          Any other option you can suggest?

-          Finally – any links to Redbooks or white papers on the roll-out of these?      

 

 

Thank you.

 

 

 

Pieter Voges

Technical Specialist (Multi Discipline) | Group Technology | Nedbank Limited

12 Olyfenbosch Close Protea-Heights Brackenfell Western-Cape 7560 South Africa |

t +27 (0)21 981 3733  c +27 (0)83 645 5300  <at> pietervo-YAGAJyvW217PKWblFCUSJw@public.gmane.org

Website: nedbank.co.za

 

 

 

 

THINK BEFORE YOU PRINT - At Nedbank we are committed to minimising environmental impact and encourage the preservation of natural capital.

 

 

 

 

 

From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+2wyY2g16FtwPuJ0ROkVbw@public.gmane.org] On Behalf Of T.Rob
Sent: 07 January 2016 05:53 PM
To: MQSERIES <at> LISTSERV.MEDUNIWIEN.AC.AT
Subject: Re: MQ CHANNEL SECURITY - SSL / TLS

 

Hi Peter,

 

The closest available ciphersuites are:

TLS_RSA_WITH_NULL_NULL
TLS_RSA_WITH_NULL_SHA256

ECDHE_RSA_NULL_SHA256

ECDHE_ECDSA_NULL_SHA256

 

Unfortunately, none of these are available on z/OS. 

 

It took a lot of lobbying to convince the right folks in Hursley that some customers want to use TLS for authentication but skip the data integrity and/or encryption.  Morag was instrumental in getting that implemented but she's not there anymore so we may need to start over with the lobbying.  I don't recall an RFE for this but if someone wants to enter one, I'd vote for it.  I'm thinking the scope would be something like "need NULL and NULL_NULL ciphersuites on z/OS and iSeries".  Obviously, mucking about with crypto on z is a bit more of a commitment than changing GSKit so I'm guessing there would need to be strong demand.

 

Kind regards,

-- T.Rob

 

T.Robert Wyatt, Managing partner

IoPT Consulting, LLC

+1 704-443-TROB (8762) Voice/Text

https://ioptconsulting.com

https://twitter.com/tdotrob

 

From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+2wyY2g16FtwPuJ0ROkVbw@public.gmane.org] On Behalf Of Voges, P. (Pieter)
Sent: Thursday, January 07, 2016 1:55 AM
To: MQSERIES <at> LISTSERV.MEDUNIWIEN.AC.AT
Subject: MQ CHANNEL SECURITY - SSL / TLS

 

Hi Everyone.

 

So IBM doesn’t support NULL_MD5 anymore... seems like support for most SSL level 3 algorithms are gone (For obvious reasons).

 

We have a fairly simple SSL deployment (Previously all NULL_MD5).

 

-          A couple of Datapower Devices

-          WAS running on AIX

-          Both connecting via client connections to a Z/OS QMGR (V7.1) – soon to connect to a Queue Sharing Group through Sysplex Distributer on Z/OS – to be upgraded to MQ V8.

 

 

So without re-inventing the wheel, any suggestions what we should replace the current NULL_MD5 with, which would be reasonably secure with the lowest possible impact on CPU utilisation as we do not have the hardware Crypto cards installed that offload the SSL overhead?

 

We are also playing with the idea to move the client connects to a MQ Appliance and do a MQ V8 Manager-to-Manager connect between the Appliance and Z/OS utilising the V8 security and trust the LAN enough to remove the encryption (Sure this will invoke some comment...)

 

 

Thank you.

 

 

 

Pieter Voges

Technical Specialist (Multi Discipline) | Group Technology | Nedbank Limited

12 Olyfenbosch Close Protea-Heights Brackenfell Western-Cape 7560 South Africa |

t +27 (0)21 981 3733  c +27 (0)83 645 5300  <at> pietervo-YAGAJyvW217PKWblFCUSJw@public.gmane.org

Website: nedbank.co.za

 

 

 


********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

 

List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

 

List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com


********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************


List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Tim Zielke | 2 Feb 14:37 2016

Update to MH06 Trace Tools Supportpac

Hello,

 

There is a new update to the MH06 Trace Tools supportpac.

 

http://www.ibm.com/support/docview.wss?uid=swg24036430

 

01Feb16:
Message parsing in mqtrcfrmt.  Message parsing provides the ability to do byte analysis on a message in a strmqtrc or activity trace, and find out information such as how much of the message is ASCII, the offset location and numbers of multi-byte 1208 characters, the offset location and numbers of surrogate pairs, the offset locations and numbers of invalid bytes if the message was marked as 1208 or 1200, and so on.  This tool could be used to do investigations such as "does this message contain surrogate pairs?" (which is not supported by MQ) and "where are the surrogate pairs located in the message?", "has the message been incorrectly marked as 819 when it has a 1208 make up?", "does the message contain non-ASCII bytes that could potentially cause a data conversion issue if the application is ported between servers with a different default CCSID for the queue manager?", and so on.
 
Msg2File in mqtrcfrmt.  This provides the ability to put a special tag above a message in a strmqtrc or activity trace output, and then have the mqtrcfrmt write the contents of the message to a file.  This file could then be used to PUT the message back onto a queue.  As a convenience, a java program called MQFile2Msg is provided to PUT the file onto a queue. 
 
amqsactz activity trace tool.  amqsact is an IBM supplied sample for formatting activity trace records. amqsactz takes the amqsact sample and provides some usability enhancements for working with activity trace data.  The amqsactz source and a sample Linux executable is provided in the SupportPac.

 

Thanks,

Tim

 

Tim Zielke | CICS/MQ Systems Programmer

Aon Service Corporation | Aon Technology | Foundational Technologies

4 Overlook Point, Lincolnshire, IL 60069 

t +1.847.295.5000

tim.zielke-VwKEKOxrCg4@public.gmane.org

 


List Archive - Manage Your List Settings - Unsubscribe

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com

Costa, D. (Damian | 1 Feb 16:22 2016
Picon

Can the api exerciser run a requst /response scenario?

Hi all,
 Further to the discussion regarding the request /response issue I'm having I wanted to see what happens and
how it all hangs together from a practical perspective rather than just an admin perspective so I
generated a request message onto remote queue that hops through a middleman qmgr to a target qmgr in our dev
qmgr network. Reply-to-queue &  reply-to-qmgr populated.

If I process the request message at the other end using the API exerciser  how do I get it to generate the
response message?   It keeps giving me a 2039 error. "not connected to queue"  when I try to fire off the mqput .

Rats would really like to get to grips with what I can and can't do before I commit  to a recommendation to the project.

Thanks.

********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES

Gmane