FreeKB - IBM MQ Resolve JMSCMQ0001 MQRC_HOST_NOT_AVAILABLE
IBM MQ - Resolve JMSCMQ0001 MQRC_HOST_NOT_AVAILABLE

Let's say the following error occurs when attempting to connect to the queue manager named MANAGER01.

JMSWMQ0018: Failed to connect to queue manager 'MANAGER01' with connection mode 'Client' and host name 'manager01.example.com(5201)'.

 

Following this message, there should be another message that may help to determine why the connection has failed.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2538' ('MQRC_HOST_NOT_AVAILABLE').

 

Ensure the nslookup command is able to resolve the host name in the error message to the correct MQ server.

nslookup manager01.example.com

 

On the MQ server, use the dspmq command to ensure the queue manager is running. If the queue manager is not running, use the strmqm command to start the queue manager.

QMNAME(MANAGER01)    STATUS(Running)

 

Use the display lsstatus command to ensure the queue manager listener is running and is using the port identified in the error message.

echo "display lsstatus (*) all" | runmqsc MANAGER01

LISTENER(LISTENER01)                    STATUS(RUNNING)
PID(92928)                              STARTDA(2020-06-09)
STARTTI(04.00.53)                       DESCR( )
TRPTYPE(TCP)                            CONTROL(QMGR)
IPADDR(*)                               PORT(5201)
BACKLOG(100)

 


Channel

Use the display chlauth command to determine if the channel has been granted authority. If the display chlauth command returns "channel authentication record not found", use the set chlauth command to give the channel authority. If the display chlauth command returns somelike like this, and type is ADDRESSMAP, only requests coming from the IP address or hostname listed in ADDRESS will be permitted to connect to the channel.

echo "display chlauth (CHANNEL01)" | runmqsc MANAGER01

CHLAUTH(CHANNEL01)                      TYPE(ADDRESSMAP)
DESCR(Allow access and use ID from channel)
CUSTOM( )                               ADDRESS(10.15.55.*)
USERSRC(CHANNEL)                        CHCKCLNT(ASQMGR)
ALTDATE(2019-08-20)                     ALTTIME(07.09.01)

 

The dspmqaut command can be used to ensure the user has the appropriate permissions to the queue manager.

dspmqaut -m MANAGER01 -t qmgr -p JohnDoe

Entity JohnDoe has the following authorizations for object MANAGER01: 
    connect
    inq

 

Use the display channel command to determine if the channel expects a certain SSL cipher.

echo "display channel (CHANNEL01)" | runmqsc MANAGER01

 

Something like this should be returned.

CHANNEL(CHANNEL01)           CHLTYPE(SVRCONN)
SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)

 

If the channel does have an SSL cipher, and the application connecting to the channel has a different SSL ciper, the IBM MQ error log may contain something like this.

AMQ9631E: The CipherSpec negotiated during the SSL handshake does not match the
required CipherSpec for channel 'MANAGER01.CHANNEL01.SVR'.

 

In this scenario, the application or IBM MQ channel can be updated with the same SSL cipher. Or, for Java application, the SSL cipher class can be set to false.

-Dcom.ibm.mq.cfg.useIBMCipherMappings=false

 


Topic

If the user is attempting to publish/subscribe to a topic, use the display topic command to ensure that pub and sub are enabled.

PUB(ENABLED)                            SUB(ENABLED)

 

Also use the dspmqauth command to ensure the user ID has the pub and sub permission to the Topic.

dspmqaut -m MANAGER01 -n TOPIC01 -t topic -p JohnDoe

Entity JohnDoe has the following authorizations for object TOPIC01: 
    pub
    sub

 


Queue

If the user is attempting to read, get or put a message on a queue, use the display queue command to ensure that get and put are enabled.

echo "display queue (QUEUE01) GET PUT " | runmqsc MANAGER01

 

Following is an example of what will be displayed.

QUEUE(queue01)             TYPE(QLOCAL)
GET(ENABLED)               PUT(ENABLED)
MAXDEPTH(5000)

 

Also use the dspmqauth command to ensure the user ID has the get, browse, put and inq permission to the Queue.

dspmqaut -m MANAGER01 -n QUEUE01 -t queue -p JohnDoe

Entity JohnDoe has the following authorizations for object QUEUE01: 
    get
    browse
    put
    inq

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter cd13b in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |