It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

So this is not MQClient -> Load Balancer -> Queue Manager

It is Partner Queue Manager -> Load Balancer -> Queue Manager - is that correct?

One thing to be very careful of here is to ensure that your "Load Balancer" does not do any actual load balancing! The channel from queue manager to queue manager must always go to the correct queue manager.

You haven't said what this load balancer is, nor how it breaks the connection between your partners and your own queue manager to meet your security requirement. Clearly it is a very important part of the picture. You say when you test without the load balancer it works fine, but with the load balancer in the picture you get "Invalid data". What kind of invalid data? (The FDC will show the data)? Is the load balancer not passing on the connection data exactly as is?

Cheers,
Morag

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

So this is not MQClient -> Load Balancer -> Queue Manager

It is Partner Queue Manager -> Load Balancer -> Queue Manager - is that correct?

One thing to be very careful of here is to ensure that your "Load Balancer" does not do any actual load balancing! The channel from queue manager to queue manager must always go to the correct queue manager.

You haven't said what this load balancer is, nor how it breaks the connection between your partners and your own queue manager to meet your security requirement. Clearly it is a very important part of the picture. You say when you test without the load balancer it works fine, but with the load balancer in the picture you get "Invalid data". What kind of invalid data? (The FDC will show the data)? Is the load balancer not passing on the connection data exactly as is?

Cheers,
Morag

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

So this is not MQClient -> Load Balancer -> Queue Manager

It is Partner Queue Manager -> Load Balancer -> Queue Manager - is that correct?

One thing to be very careful of here is to ensure that your "Load Balancer" does not do any actual load balancing! The channel from queue manager to queue manager must always go to the correct queue manager.

You haven't said what this load balancer is, nor how it breaks the connection between your partners and your own queue manager to meet your security requirement. Clearly it is a very important part of the picture. You say when you test without the load balancer it works fine, but with the load balancer in the picture you get "Invalid data". What kind of invalid data? (The FDC will show the data)? Is the load balancer not passing on the connection data exactly as is?

Cheers,
Morag

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

So this is not MQClient -> Load Balancer -> Queue Manager

It is Partner Queue Manager -> Load Balancer -> Queue Manager - is that correct?

One thing to be very careful of here is to ensure that your "Load Balancer" does not do any actual load balancing! The channel from queue manager to queue manager must always go to the correct queue manager.

You haven't said what this load balancer is, nor how it breaks the connection between your partners and your own queue manager to meet your security requirement. Clearly it is a very important part of the picture. You say when you test without the load balancer it works fine, but with the load balancer in the picture you get "Invalid data". What kind of invalid data? (The FDC will show the data)? Is the load balancer not passing on the connection data exactly as is?

Cheers,
Morag

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

So this is not MQClient -> Load Balancer -> Queue Manager

It is Partner Queue Manager -> Load Balancer -> Queue Manager - is that correct?

One thing to be very careful of here is to ensure that your "Load Balancer" does not do any actual load balancing! The channel from queue manager to queue manager must always go to the correct queue manager.

You haven't said what this load balancer is, nor how it breaks the connection between your partners and your own queue manager to meet your security requirement. Clearly it is a very important part of the picture. You say when you test without the load balancer it works fine, but with the load balancer in the picture you get "Invalid data". What kind of invalid data? (The FDC will show the data)? Is the load balancer not passing on the connection data exactly as is?

Cheers,
Morag

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

So this is not MQClient -> Load Balancer -> Queue Manager

It is Partner Queue Manager -> Load Balancer -> Queue Manager - is that correct?

One thing to be very careful of here is to ensure that your "Load Balancer" does not do any actual load balancing! The channel from queue manager to queue manager must always go to the correct queue manager.

You haven't said what this load balancer is, nor how it breaks the connection between your partners and your own queue manager to meet your security requirement. Clearly it is a very important part of the picture. You say when you test without the load balancer it works fine, but with the load balancer in the picture you get "Invalid data". What kind of invalid data? (The FDC will show the data)? Is the load balancer not passing on the connection data exactly as is?

Cheers,
Morag

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top

So this is not MQClient -> Load Balancer -> Queue Manager

It is Partner Queue Manager -> Load Balancer -> Queue Manager - is that correct?

One thing to be very careful of here is to ensure that your "Load Balancer" does not do any actual load balancing! The channel from queue manager to queue manager must always go to the correct queue manager.

You haven't said what this load balancer is, nor how it breaks the connection between your partners and your own queue manager to meet your security requirement. Clearly it is a very important part of the picture. You say when you test without the load balancer it works fine, but with the load balancer in the picture you get "Invalid data". What kind of invalid data? (The FDC will show the data)? Is the load balancer not passing on the connection data exactly as is?

Cheers,
Morag

Thanks for the response.

Will try to explain my set up in more detailed way. 

Currently I have IBM MQ v9.1.5 installed on Linux server

I have couple of partners who will need to send us messages (MQ server to MQ server.) Due to our security policy, I cant let partners connect straight to our MQ server. So MQ Server sits behind Load balancer, where SSL is enabled and have wildcard certificate. From LB, connection is directed to MQ server.

I was testing the connection with "TEST QMGR", which is installed to the same instance. I've added our LB DNS to test channel CONNAME but unable to get the connection up.

FYI, with nc and telnet, I am able to connect to instance through LB. Logs are showing that the connection reached the instance.

Is it even possible, where client will connect straight from server to our Load balancer, where SSL is enabled?


Thanks

It is not completely clear from your description exactly what your setup is. It sounds like you have MQ Clients -> Load Balancer -> Queue Manager. However, you mention testing the connection using curl which would not be able to successfully connect to a queue manager since the queue manager doesn't use HTTP. Are you running the MQ Web Server in front of the queue manager for connecting HTTP clients to perhaps? If not, could you expand on your set up so we can understand the problem properly.

If you connect an HTTP connection to a queue manager listener, you will get "Invalid Data". What you describe sounds like you get "Invalid data" whether using SSL or not, only first the SSL handshake completes, which is to be expected. There is nothing MQ specific about the SSL Handshake.

If your MQ Client is using SSL, the MQ Svrconn on the queue manager will also expect SSL.

How is the load balancer breaking the connection between clients and queue manager - this is not explained either. 

Hopefully if we can understand your setup better, we can help you solve the problem.

Cheers,
Morag

Hello! I've set up MQ, generated certificates, configured channels, queues and so on. Due to my company's security policy, I cant let clients to connect straight to our MQ server. We are using load balancer with wildcard certificate and MQ server sits behind that. I have problems with setting up connection with clients and actually for local testing also. When I run curl command from linux cli (local machine where MQ is installed) - with https, the connection is successful. Server receives "invalid data". without https, curls says it gets connected but MQ server doesnt receive any connecton. When I configure my "TEST" queue manager (also installed on the same server) with the same CONNAMEs - with https (CONNAME('https://my.server.com(1414)')), Code: AMQ9202E: Remote host not available, retry later. RCVR qmgr doesnt receive any connection. without https (CONNAME('my.server.com(1414)')), LOGS: Code: An error occurred receiving data from 'x.x.x.x(1414)' over TCP/IP.  The connection to the remote host has unexpectedly terminated. RCVR qmgr doesnt receive any connection. Why does curl command with HTTPS works, but with channel it doesnt? Also, when I test with channel side SSL enabled without Load balancer, everything works. But as Load Balancer requires SSL enabled, I dont see a reason why I need to use SSL also on channels. Does anybody have experience with this type of set up? Like I mentioned, I cant let clients connect straight to our MQ Server. Any response & information would be useful

Back to top