Roger's Blog on MQ, Java, C, etc… | A blog about IBM MQ, Java, C and other things developers or MQAdmins need to know.

MQME Issue with ExcludeQueue keyword on an MQPUT1 API Call

December 9, 2019 Roger Lacroix

Late last week, a customer discovered an obscure issue in MQ Message Encryption (MQME) with the ExcludeQueue keyword on an MQPUT1 API call.

I have since fixed it but here is what I mean by obscure:

– If the user has wild-carded their protected queue setup i.e. ‘TEST.*’
– And then set the ExcludeQueue keyword value to ‘TEST.FRED’ because they want all ‘TEST.*’ queues to have their messages encrypted EXCEPT for queue ‘TEST.FRED’
– There was a bug in MQME that it did not successfully handle the values for ExcludeQueue keyword on an MQPUT1 API call.
– Hence, the messages for queue ‘TEST.FRED’ would be encrypted.
– And this only happened for MQPUT1 API calls – MQPUT API calls were correctly handled.

This is an obscure but supported setup. Most customers either explicitly set the queue name for a protect queue (i.e. ‘TEST.BARNEY’) or they wildcard it (i.e. TEST.*) but they generally don’t wildcard the protected queues then exclude a single queue. Note: The user could actually exclude queues with a wildcard.

This too is a supported setup:
– Have protect queues of ‘TEST.*’
– And exclude queues of ‘TEST.FRED.*’
– Or the user could exclude queues for ‘TEST.FRED.*’ and ‘TEST.WILMA.*’

Hence, any queue listed in the ExcludeQueue would NOT have their messages encrypted.

If anyone would like to test out the latest release then send the email to support@capitalware.com

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Message Encryption, Security, Unix, Windows Comments Off

wc3270 and IBM RDP Issue

December 9, 2019 Roger Lacroix

I use IBM’s Remote Development Program (RDP) to host my z/OS and Linux for System z LPARs. I installed the latest release of wc3270 of the x3270 project on my new Windows 10 PC and copied my settings from my old Windows 7 PC. Hence, I should be good to go but no.

I have been getting the following error and at first I thought maybe IBM was re-configuring their Dallas data center (which they do from time to time):

SSL: InitializeSecurityContext: error 0x80090322 (The target principal name is incorrect.)

I checked the online documentation for IBM’s RDP and the IP address (requires TLS/SSL tunnel) for the master VM is still the same. I checked my wc320 session file for corruption and it was fine. I compared the old release of wc3270 wizard with the current release and I noticed a new option called “10. Verify host certificates”. It is set to “Yes” by default. I decided set it to “No” and try the connection again. Surprise, I got a successful connection.

I don’t know when the option “Verify host certificates” was added to wc3270 but if you upgrade wc3270 and start getting the above error messages then set “Verify host certificates” to “No”.

Or you can edit your wc3270 session file(s) and add the following line:

wc3270.verifyHostCert: false

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, Open Source, Security, Windows, z/OS Comments Off

IBM MQ Fix Pack 9.1.0.4 Released

December 6, 2019 Roger Lacroix

IBM has just released Fix Pack 9.1.0.4 for IBM MQ V9.1 LTS:
https://www.ibm.com/support/pages/node/1119051

Regards,
Roger Lacroix
Capitalware Inc.

Fix Packs for MQ, IBM MQ, Linux, Unix, Windows Comments Off

IBM MQ V9.1.4 Announced

December 3, 2019 Roger Lacroix

IBM has announced IBM MQ V9.1.4 for Multiplatforms:
https://www.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/7/897/ENUS219-487/index.html
Planned availability for IBM MQ V9.1.4 is December 5, 2019 for Electronic software delivery.

IBM MQ (aka WebSphere MQ) homepage
https://www.ibm.com/products/mq

Regards,
Roger Lacroix
Capitalware Inc.

Fix Packs for MQ, IBM MQ, IBM MQ Appliance, Linux, Unix, Windows, z/OS Comments Off

MQ Batch Toolkit v3.2.0 Released

December 3, 2019 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Batch Toolkit v3.2.0. This is a FREE upgrade for ALL licensed users of MQ Batch Toolkit. MQ Batch Toolkit allows users to manipulate, monitor and manage messages in a queue of an IBM MQ (formally WebSphere MQ & MQSeries) queue manager from a command-line or shell scripting environment.

For more information about MQ Batch Toolkit go to:
https://www.capitalware.com/mqbt_overview.html

Updated the QList and TopicList function to have ‘-S’ parameter that will allow SYSTEM queues or topics to be included in the output list
Fixed an issue with parsing event (PCF) messages and displaying them.
Updated SSL/TLS support
Enhanced the error message regarding an expired license key
Added warning message that the trial-only release cannot be registered.
Updated docs (English only)

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM MQ, Linux, macOS (Mac OS X), MQ Batch Toolkit, Windows Comments Off

Java on Windows 10 Issue: “Could not open/create prefs root node”

November 22, 2019 Roger Lacroix

I was getting the following error message when I would run a Java application on my new Windows 10 Pro PC:

Nov 21, 2019 3:57:37 PM java.util.prefs.WindowsPreferences <init>
WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0x80000002. Windows RegCreateKeyEx(...) returned error code 5.

I searched the internet regarding the error message, people say it is a known bug and you need to manually create the following Windows registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs

When I opened the RegEdit, I found that the key already exists.

After a little more searching on the internet, I came across another comment that says you also need the following Windows registry key:

HKEY_LOCAL_MACHINE\Software\WOW6432Node\JavaSoft\Prefs

So, I opened the RegEdit and found the key did not exist. I created it and then the error message went away.

Hence, for future users who encounter this error message, create a text file called javasoft_prefs.reg and put the following in it:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs]

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\JavaSoft\Prefs]

Now start RegEdit and click File – > Import and select the javasoft_prefs.reg file and the error message will go away.

Or you can run RegEdit from the Command Line and pass the file name as a parameter:

regedit  javasoft_prefs.reg

Regards,
Roger Lacroix
Capitalware Inc.

Java, Programming, Windows Comments Off

Customer Requested Update to MQ Message Encryption

November 21, 2019 Roger Lacroix

MQ Message Encryption (MQME) is a solution that provides encryption for MQ message data while it resides in a queue or topic and in the MQ logs (i.e. data at rest).

By default, when an application puts a message to a protected queue, MQME will encrypted the entire message data. If the application is putting messages that contain an embedded message (i.e. MQRFH, MQRFH2, MQCIH, etc.) then MQME will encrypt the entire message data which includes the MQ embedded headers. After MQME encrypts the entire message, it changes the MD.Format field from the current value to blanks (the MD.Format value is saved).

When the receiving application issues a get on the protected check (assuming it passes authorization checks), MQME will decrypt the message and reset the MD.Format field to its original value.

For 99.9% of applications, the above scenario works without any issues.

A JMS message (aka MQRFH2) has the following layout:

{RFH2 header}{mcd folder}{jms folder}{usr folder}{message payload}

Message properties (aka named properties) are stored in the ‘usr folder’.

MQ has special features/functionality for JMS messages and there are 2 situations where the above encryption scenario will not work:

If the protected queue has the attribute PROPCTL set to NONE
If the receiving application uses message selectors

1. When the queue’s PROPCTL attribute is set to NONE then MQ will strip off the RFH2 header and folders of a JMS message (aka MQRFH2) when the receiving application issues an MQGET. A useful feature for applications that cannot handle JMS messages.

2. JMS application can request a particular message from a queue by using message selectors. The message selector match on a value of a message property in the usr folder.
i.e.

String selector = "category='scifi'";
consumer = session.createConsumer(destination, selector);

The MQ internal code for handling those 2 features is processed before MQME is invoked for the MQGET operation which means MQ’s internal code cannot do either of those features because the message is encrypted.

I have asked IBM about moving the point at which those 2 features are processed to be after the API Exit (MQME) is invoked for MQXF_DATA_CONV_ON_GET. IBM has said no.

The reason I asked IBM to move the point at which those 2 features are handled is because some client applications put sensitive data in the message properties (aka named properties) in the usr folder of an MQRFH2. Yes, yes, I tell them all the time that it is a bad idea but it is what it is.

I have added a new keyword to MQME called EncryptRFH2Header. Its default value is set to ‘Y’ (Yes) which means it will retain existing behavior. When the EncryptRFH2Header keyword is set to ‘N’ then MQME will only encrypt the message payload of the JMS message and not encrypt the RFH2 header or any folders.

So, here’s the catch 22: if the application is using either the queue’s PROPCTL set to NONE or message selectors then the application MUST NOT put sensitive data in the message properties (aka named properties) because the usr folder will not be encrypted.

If anyone would like to test out the latest release then send the email to support@capitalware.com

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Message Encryption, Security, Unix, Windows Comments Off

AMQ7234 Question from the MQ ListServer

November 20, 2019 Roger Lacroix

Doug posted a question on MQ List Server regarding the MQ error message AMQ7234. His question was:

My shop has always struggled with large number of messages just being left on the queue. Sometimes to be processed later, sometimes because the application does not know what to do with them, but they cannot be removed. The following error “AMQ7234” is generated frequently about message being loaded onto the queue.

What I have observed, is that when this “loading” occurs all processing of MQSeries halts until the entire queue is read and loaded into memory. Sometimes this takes more than a couple of seconds causing delays in time sensitive responses to other queues for other applications. This queue manager is used, by executive mandate, by many applications – it would appear to me that this delay is the cause of other applications not meeting their performance SLA.

My reply was:

Now that’s an interesting problem. I had to Google the error messages because I have not see it before.

Here’s a good explanation: https://www.ibm.com/support/pages/amq7234-issued-periodically-wmq

It gives 4 solutions:

Avoid deep queues (MQ was not designed to be a database to keep messages for long periods of time)
Ensure that the queue is referenced very often by putting or getting messages
Keep an open handle on the queue so that the queue will not be unloaded to disk.
One possible way to do this would be to write a simple program that opens the queue for MQOO_INQUIRE, and then sleep indefinitely. The queue will be unloaded from memory if the last application accessing it has closed the queue. Therefore, if at least one application has the queue open, then the queue will not be unloaded from memory.

Pretty standard stuff but I do like the last solution. It is weird just like me. 🙂 But the only problem about sleeping forever is that if you try to stop the queue manager it may wait on the application. Hence, I would change it to do a Get and match on a crazy CorrelId. i.e. CorrelId = “Doug is an awesome MQAdm” (max 24 characters). Issue an MQGET with wait-forever and the “Fail if Quiescing” option.

Therefore, the queue will never to be unloaded and the problem is solved. Bonus: Set it up in as a ‘Server’ service in the queue manager then you never have to worry about it again.

I took one of my C sample programs and created a simple program called ‘GetMatchNone.c’. It opens a queue, performs a non-destructive get (browse) for a crazy Correlation Id and waits forever. You can download the program from here.

Here’s a sample MQSC service definition for GetMatchNone:

DEFINE SERVICE ('GetMatchNone') +
       DESCR('Keep QMgr from unloading the messages of this queue.') +
       STARTCMD('C:\Capitalware\Utils\GetMatchNone.exe') +
       STARTARG('TEST.Q1 +QMNAME+') +
       STOPCMD(' ') +
       STOPARG(' ') +
       STDOUT('C:\Capitalware\Utils\stdout.log') +
       STDERR('C:\Capitalware\Utils\stderr.log') +
       CONTROL(STARTONLY) +
       SERVTYPE(SERVER) +
       REPLACE

TEST.Q1 is the queue name that we don’t want messages to be unloaded.
C:\Capitalware\Utils\ is the directory where the executable is located and where the output files will be written to.
+QMNAME+ is an MQ environment variable for the name of the queue manager
Control is set to ‘STARTONLY’ because when the queue manager ends, the GetMatchNone program will gracefuly end.

Regards,
Roger Lacroix
Capitalware Inc.

C, HPE NonStop, IBM i (OS/400), IBM MQ, Linux, Programming, Unix, z/OS Comments Off

MQ Visual Edit on Windows, macOS & Linux

November 15, 2019 Roger Lacroix

I have mentioned this before, Capitalware has a fair number of users who run MQ Visual Edit on macOS.

I purchased and use Excelsior Jet for Windows, macOS and Linux. Excelsior Jet compiles and links Java code into an optimized C++ native executable. This means that the end-user does not need to run MQ Visual Edit in a VM (Virtual Machine) or in an emulator to use the product. It runs natively on Windows, macOS and Linux.

Here are 3 screen-shots of MQ Visual Edit running natively on Windows, macOS and Linux, all showing the same opened queue.

MQ Visual Edit on Windows (click image to see larger picture):

MQ Visual Edit on MacOS (click image to see larger picture):

MQ Visual Edit on Linux (SUSE) (click image to see larger picture):

So, people of the MQ world, do you need MQ tools that work on Windows, macOS and Linux? Capitalware has 3 MQ tools that can fill the void:

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM MQ, Linux, macOS (Mac OS X), Windows Comments Off

IBM: ‘Mac users are happier and more productive’

November 15, 2019 Roger Lacroix

Here’s an interesting article over at ComputerWorld called: IBM: ‘Mac users are happier and more productive’

On first look (the critic in me), I’m thinking the survey must be paid for by Apple.

At Jamf Nation User Conference, IBM CIO Fletcher Previn said that IBM employees who use Macs are more likely to stay with IBM and exceed performance expectations compared to PC users. The article says:

There are 22% more macOS users who exceeded expectations in performance reviews, compared to Windows users.
High-value sales deals tend to be 16% larger for macOS users, compared to Windows users.
macOS users are 17% less likely to leave IBM, compared to those who use Windows.
MacOS users are happier with the third-party software availability within IBM — just 5% of macOS users ask for additional software, compared to 11% of Windows users.

I have a MacBook Pro. I have tried several times to use it as my main development machine but my brain just cannot get around the user interface differences. I am a ‘keyboard guy’ and not a ‘mouse guy’. I am just much faster using Windows rather than macOS.

Fletcher Previn also said:
IBM also observed that users found it easier to migrate from a previous version of Windows to a Mac than to upgrade older Windows systems to the latest version of Windows. IBM claims 98% of its Mac users said migration from Windows to macOS was easy, compared to 86% of people shifting from Windows 7 to Windows 10 who felt the same way.

Now that, I would TOTALLY agree with. Several weeks ago, I switched both my development desktop PC and laptop PC from Windows 7 Pro to Windows 10 Pro and it has been VERY frustrating to get use to where Microsoft has put everything. To me, it looks like Windows 10 was designed for novice users and all advanced features are hidden. Come on Microsoft, not everyone is a grandma/grandpa using Windows 10!! Plus there is a Windows 10 Home release for those people.

Also, did someone at Microsoft think everyone is partially blind? I’m using the same 2 Samsung monitors each at 1920 x 1200 with my Windows 10 PC that I used with my Windows 7 PC. On Windows 7’s desktop, I had 13 icons per column but on Windows 10’s desktop, the icons are larger and it can only show 11 icons per column. When I go into the ‘Display Settings’, under ‘Scale and Layout’, it is set to ‘100% (Recommended)’. The only values are larger!!! I cannot go down to 90% or 95%. Again, it feels like Microsoft designed Windows 10 for grandma/grandpa who don’t see very well. Ugh!

I’m still in the Windows 10 learning curve. Hopefully, I’ll get through it soon! 🙁

Regards,
Roger Lacroix
Capitalware Inc.

macOS (Mac OS X), Programming, Windows Comments Off

Search for:
Recent Posts
Blog Calendar
September 2024

M T W T F S S

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30

« Aug
Archives
Archives
Capitalware
Categories
IBM MQ
- Terms of Use
- IT44510: No warning is provided when duplicate cluster receiver channels are created with a mismatched queue manager name September 27, 2024
- PH58443: +CSQX645E CSQXRESP CERTIFICATE MQ MISSING FOR CHANNEL XXXX DISPLAYED September 26, 2024
- IT46908: Error messages output when uninstalling an MQ 9.4 installation on Linux after upgrading from MQ 9.2/9.3 September 26, 2024
- IT46703: MQ WEB CONSOLE FAILS TO ADD MQ MANAGER WITH A DOT "." CHARACTER IN ITS NAME. September 26, 2024
- IT46889: Attempting to authenticate with a Queue Manager using a null password generates a NullPointerException. September 25, 2024
- IBM MQ Replicated Data Queue Manager Kernel Modules September 25, 2024
- IBM MQ error AMQ5057E: Unable to reserve file-system storage, file reserve.dat (AIX EBADF) September 23, 2024
- IBM MQ error AMQ7472W queue damaged, runmqsc AMQ8149E, rc 2101 MQRC_OBJECT_DAMAGED, FDC arcE_OBJECT_DAMAGED September 23, 2024
- Downloading IBM MQ 9.3 CD September 19, 2024
WebSphere MQ
- Terms of Use
- 8.1.0-IBM-MQ-HpeNsX64-FP0025.run September 5, 2024
- Cumulative security update (CSU) 9.0.0.27 for IBM MQ on Solaris 64-bit,SPARC September 5, 2024
- Cumulative security update (CSU) 9.0.0.27 for IBM MQ on Windows 64-bit, x86 September 5, 2024
- Cumulative security update (CSU) 9.0.0.27 for IBM MQ on Solaris 64-bit,x86 September 5, 2024
IBM Developer Messaging Blog
T.Rob’s Store and Forward
- MQ Safety Tips for the Pandemic April 5, 2020
- Command Server Gotcha May 14, 2018
- Client-based runmqsc gotcha May 3, 2018
- When deprecated != deprecated January 19, 2018
- Parsing MQ error logs in Splunk December 19, 2017
Mark Taylor’s Blog
- Tracing MQ JMS apps in Spring September 3, 2024
- Retiring SupportPac MS0P June 24, 2024
- MQ Spring Boot: Advanced Configuration and Transactions June 14, 2024
- Passwords with runmqsc scripts April 4, 2024
- MQ Metrics with OpenTelemetry March 1, 2024
Lyns Random Thoughts
Leif Davidsen’s Blog
- Is it art or is it integration? IBM Cloud Pak for Integration assembles the whole picture. September 25, 2024
- Sweet! IBM announces Cloud Pak for Integration 16.1.0 – enhancements, long-term support, and new version naming May 14, 2024
- IBM Cloud Pak for Integration 2023.4.1 – when bigger is not always better. October 31, 2023
- Cross the river without falling in. Modernize your business with IBM Cloud Pak for Integration. July 31, 2023
- More workload, less work with Cloud Pak for Integration 2023.2.1 May 9, 2023
Colin Paice on MQ
- One minute mvs: data set file system (/dsfs) on z/OS September 17, 2024
- Creating data sets and members from /dsfs September 17, 2024
- Problems I experienced when using /dsfs September 17, 2024
- Setting up data set file system /dsfs on z/OS September 17, 2024
- Using z/OS health checker is good – but how do I use it? September 17, 2024
- Where is my z/OS started task output? September 11, 2024
- Why can’t I see WordPress draft pages in firefox? September 9, 2024
- Migrating an ADCD z/OS release to the next release. September 8, 2024
- Migrating an ADCD z/OS release: user data sets, user catalogs and High Level Qualifier September 8, 2024
- Migrating an ADCD z/OS release: datasets September 8, 2024
StackOverflow MQ Questions
- .Net MQ client can't connect to MQ over TLS CWSMQ0006E with reason 2538 September 27, 2024
- We are using RDQM HA IBM MQ on Google Cloud with RHEL 8.9 and MQ v9.3. Why is QMGR getting restarted at a specific interval on specific node? September 25, 2024
- The type initializer for 'IBM.WMQ.Nmqi.BindingsNmqiMQ' threw an exception only in ASP.Net web application September 11, 2024
- Exception while using IBM MQ client side with powershell command September 9, 2024
- IISExpress stopped working after installing IBM MQ client 9.1.4 over 7.5 September 9, 2024
- How to set Client idle connection timeout in IBM MQ? [duplicate] September 6, 2024
- MQ client (amqputc) getting "MQCONNX ended with reason code 2393" when connecting TLS enabled queue September 6, 2024
- Configure MQ to authenticate using LDAP (MS Active Directory) September 4, 2024
- pymqi seems to ignore MD settings for ccsid for mqput August 30, 2024
- AMS in IBM MQ - Spring Boot Application - 'org.bouncycastle.asn1.ASN1Primitive org.bouncycastle.asn1.ASN1TaggedObject.getObject()' August 26, 2024
StackOverflow MQTT Questions
- How to get paho mqtt client to trust a self-signed certificate for TLS September 25, 2024
- paho.mqtt.c build and run the included tests September 25, 2024
- Connect to Azure IoTHub via TMS MQTT September 25, 2024
- MQTT data visible on loopback interface but not Ethernet in Wireshark capture?mosquitto broker file listener 1883 192.167.x.x [closed] September 22, 2024
- Property of a class using MQTT does not return the correct value? September 19, 2024
- Why new consumer with with new client id receives all old messages from another client id within same topic in Amazon MQ MQTT? [closed] September 18, 2024
- Why can't I sign into my Adafruit MQTT account from Android phone, but I can from Emulator using Android Studio App September 17, 2024
- Connect Portenta H7 with module CAT M1 with AWS September 17, 2024
- MQTT bridge_to_target authorization issue September 14, 2024
- I can't use MQTT.js node package with CDN September 9, 2024

Recent Posts

Blog Calendar

Archives

Capitalware

Categories