CSQX007E MQRC_NOT_AUTHORIZED in MQ using Top Secret

book

Article ID: 224999

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

 The MQ Address space fails with the following errors:

 +CSQX007E +MQS4 CSQXADPI Unable to connect to queue manager MQS4, 730

  MQCC=2 MQRC=2035 (MQRC_NOT_AUTHORIZED)                             

 +CSQX140E +MQS4 CSQXADPI Adapter failed to start                    

 +CSQX005E +MQS4 CSQXJST Channel initiator failed to start           

 IEF404I MQS4CHIN - ENDED - TIME=11.09.20                            

 $HASP395 MQS4CHIN ENDED - RC=0012

The MQ set up looks the same as other MQ regions that work.

Cause

Within MQ the following Parameters exist:

INTERVAL(integer)
The interval between checks for user IDs and their associated resources to determine whether the TIMEOUT has expired. The value is in minutes, in the range zero through 10080 (one week). If INTERVAL is specified as zero, no user timeouts occur.
TIMEOUT(integer)
How long security information about an unused user ID and associated resources is retained by WebSphere MQ. The value specifies a number of minutes in the range zero through 10080 (one week). If TIMEOUT is specified as zero, and INTERVAL is nonzero, all such information is discarded by the queue manager every INTERVAL number of minutes.

The length of time that an unused user ID and associated resources is retained by WebSphere MQ depends on the value of INTERVAL. The user ID times out at a time between TIMEOUT and TIMEOUT plus INTERVAL.

Environment

Top Secret Release : 16.0

MQ version 9.2

Resolution

Due to the MQ INTERVAL and TIMEOUT parameters, changes made to a user's MQSERIES authority will not take effect until the TIMEOUT is reached. 
Using the Top Secret Refresh(acid) command will not work; nor will signing off and back on the user.
MQSERIES must be notified to refresh the user within the MQSERIES Region. 
This is done by issuing the MQ RVERIFY Command.  Each user ID specified is signed off MQ and signed back on again the next time that a request is issued on behalf of that user that requires security checking.
The command has the following syntax:
RVERIFY SECURITY(acid)

 

 

Additional Information

Message Queue Manager Protection

RVERIFY Security(set a user reverification flag) on z/OS