Bootstrap FreeKB - IBM MQ - Resolve "AMQ9777E Channel was blocked"
IBM MQ - Resolve "AMQ9777E Channel was blocked"

Updated:   |  IBM MQ articles

Let's say your IBM MQ - Error Logs contains AMQ9777E Channel was blocked. In this example, the channel named CHANNEL01 was blocked. This means that a connection could not be made to the channel.

mm/dd/yyyy hh:mm:ss - Process(18271.9654) User(mqm) Program(amqrmppa)
                    Host(mq.example.com) Installation(Installation1)
                    VRMF(9.1.0.3) QMgr(MANAGER01)
                    Time(yyyy-mm-ddThh:mm:ss.sss)
                    RemoteHost(10.1.2.3)
                    CommentInsert1(CHANNEL01)
                    CommentInsert2(SERVER01 (10.4.5.6))
                    CommentInsert3(CLNTUSER(john.doe) ADDRESS(client.example.com))

AMQ9777E: Channel was blocked

EXPLANATION:
The inbound channel 'CHANNEL01' was blocked from address 'client.example.com
(10.4.5.6)' because the active values of the channel matched a record
configured with USERSRC(NOACCESS). The active values of the channel were
'CLNTUSER(john.doe) ADDRESS(client.example.com)'.

 

The display chlauth (channel authority) command can be used. Notice in this example that the channel is configured to allow connections from "client01.example.com". If the connection is NOT being made from the system with hostname client01.example.com, the connection will be refused and the IBM MQ log should have "AMQ9777E Channel was blocked".

~]# echo "display chlauth (CHANNEL01)" | runmqsc <queue manager>
CHLAUTH(CHANNEL01)                      TYPE(ADDRESSMAP)
DESCR(Allow access and use ID from channel)
CUSTOM( )                               ADDRESS(client01.example.com)
USERSRC(CHANNEL)                        CHCKCLNT(ASQMGR)
ALTDATE(2019-08-20)                     ALTTIME(07.09.01)

 

The set chlauth command can be used to to allow connections from the DNS hostname or IP address of the source system.

echo "set chlauth ('<channel name>') type (ADDRESSMAP) address ('10.4.5.6') usersrc (CHANNEL)" | runmqsc <queue manager>

 

Let's say the connections are being made from a Java application with the following class.

  • If createConnection does not contain the username and password, CLNTUSER will be set as the user running the Java application. If createConnection contains the username and password, CLNTUSER will be the username used in createConnection.
  • If WMQConstants.WMQ_LOCAL_ADDRESS is not being used, ADDRESS will be the hostname of the system the Java application is running on.
import javax.jms.Connection;
import javax.jms.JMSException;
import com.ibm.msg.client.jms.JmsConnectionFactory;
import com.ibm.msg.client.jms.JmsFactoryFactory;
import com.ibm.msg.client.wmq.WMQConstants;

public class Connect {
	
  private static final String HOST       = "your_ibm_mq_server_or_cluster_hostname";
  private static final String QMGR       = "your_ibm_mq_queue_manager";
  private static final String CHANNEL    = "your_ibm_mq_channel";
  private static final String USERNAME   = "your_ibm_mq_username";
  private static final String myPASSWORD = "your_ibm_mq_password";
  private static final int PORT          = your_ibm_mq_queue_manager_port;

  public static void main(String[] args) throws JMSException {

    JmsFactoryFactory ff    = JmsFactoryFactory.getInstance(WMQConstants.WMQ_PROVIDER);
    JmsConnectionFactory cf = ff.createConnectionFactory();
    Connection conn = null;
  
    cf.setStringProperty (WMQConstants.WMQ_HOST_NAME, HOST);
    cf.setIntProperty    (WMQConstants.WMQ_PORT, PORT);
    cf.setStringProperty (WMQConstants.WMQ_CHANNEL, CHANNEL);
    cf.setIntProperty    (WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);
    cf.setStringProperty (WMQConstants.WMQ_QUEUE_MANAGER, QMGR);
    cf.setStringProperty (WMQConstants.USERID, USERNAME);
    cf.setStringProperty (WMQConstants.PASSWORD, myPASSWORD);
    cf.setBooleanProperty(WMQConstants.USER_AUTHENTICATION_MQCSP, false);
    cf.setStringProperty (WMQConstants.WMQ_SSL_CIPHER_SUITE, "SSL_RSA_WITH_AES_256_CBC_SHA256");
    cf.setStringProperty (WMQConstants.WMQ_LOCAL_ADDRESS, "server1.example.com");

    try {
      conn = cf.createConnection(USERNAME, myPASSWORD);
      conn.start();
    } 
    catch (JMSException e) {
      e.printStackTrace();
    }
    finally {
      if (cf == null) {
        System.out.println("Failed to create the connection factory");	
      }
      else if (conn == null) {
        System.out.println("Failed to create the connection");	
      }
      else {
        conn = cf.createConnection(USERNAME, myPASSWORD);
        if (conn == null) {
          System.out.println("Failed to create the connection object");					  
        }
        else {
          conn.start();
          System.out.println("Successfully started connection to channel " + CHANNEL);
          conn.close();
        }
      }
    }
  }
}

 

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter c3a329 in the box below so that we can be sure you are a human.