We have upgraded MQ .Net client from 8.0.0.5 to 9.2.26. The existing code logic with 8.0.0.5 is not working after upgrading to 9.2.26. We are getting error as MQRC_HOST_NOT_AVAILABLE even though we are providing valid hostnames. Is there any other dll to be referred apart from amqmdnt.dll?

> is not working after upgrading to 9.2.26

Did you mean "9.2.0.26"?

You left out important information.

• Are you using .NET Framework or .NET Core (aka .NET)?
• What release of .NET Framework or .NET Core are you using?
• Did you check IBM's MQ website for .NET Framework or .NET Core prerequisites?

Why are you upgrading to MQ v9.2 when it will go out of support in a year (September 2025)?

You should just go straight to IBM MQ v9.4 (the latest release).

later

Roger

We have upgraded MQ .Net client from 8.0.0.5 to 9.2.26. The existing code logic with 8.0.0.5 is not working after upgrading to 9.2.26. We are getting error as MQRC_HOST_NOT_AVAILABLE even though we are providing valid hostnames. Is there any other dll to be referred apart from amqmdnt.dll?

Hi Roger,

Thanks for your response. We are using .Net framework 4.7 and we can't move to latest version of MQ because of other technical restrictions in the application.

I was able to trace the requests sent to the MQ and identified it is an issue with the SSL Certificate installed in the client machine. It is a self signed certificate.

 Connect
 06:20:42.856839  27652.1           :       Connect returned True
 06:20:42.857092  27652.1           :       TCP/IP LINGER disabled
 06:20:42.857110  27652.1           :       Using socket send buffer size 32768
 06:20:42.857129  27652.1           :       Using socket receive buffer size 32768
 06:20:42.857142  27652.1           :       --------------------}  MQTCPConnection.ConnectUsingLocalAddr(ParsedLocalAddr,IPAddress,int) (rc=OK)
 06:20:42.857148  27652.1           :       IP:*******************
 06:20:42.857401  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/NmqiObject.cs
 06:20:42.857428  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/MQEncryptedSocket.cs
 06:20:42.858385  27652.1           :       ---------------------{  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions)
 06:20:42.858416  27652.1           :       KeyStore is *USER
 06:20:42.858429  27652.1           :       CertificateLabel set from sslConfigOptions =  *****************************
 06:20:42.858448  27652.1           :       KeyResetCount is 0
 06:20:42.858458  27652.1           :       CertificationCheck = False
 06:20:42.858486  27652.1           :       Hostname is : ********************
 06:20:42.858493  27652.1           :       CipherSpec value is TLS_RSA_WITH_AES_128_CBC_SHA256
 06:20:42.858500  27652.1           :       SSLPEERNAME value is 
 06:20:42.858507  27652.1           :       --------------------}  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions) (rc=OK)
 06:20:42.860532  27652.1           :       ---------------------{  MQEncryptedSocket.MakeSecuredConnection()
 06:20:42.860577  27652.1           :       Created an instance of SSLStreams
 06:20:42.860586  27652.1           :       Setting current certificate store as 'User'
 06:20:42.860594  27652.1           :       Created store object to access certificates
 06:20:42.863206  27652.1           :       Opened store
 06:20:42.863218  27652.1           :       Accessing certificate - lido.bilupgrade.prod.easyjet.com
 06:20:42.863253  27652.1           :       Adding certificate with FriendlyName - lido.bilupgrade.prod.easyjet.com
 06:20:42.863312  27652.1           :       TLS12 supported - True
 06:20:42.863628  27652.1           :       Setting SslProtol as Tls12
 06:20:42.863639  27652.1           :       Starting SSL Authentication
 06:20:42.863646  27652.1           :       -----------------------{  MQClientCfg.GetStringValue(StringCfgProperty)
 06:20:42.863652  27652.1           :       ----------------------}  MQClientCfg.GetStringValue(StringCfgProperty) (rc=OK)
 06:20:42.863657  27652.1           :       OutboundSNI is set to 
 06:20:42.863663  27652.1           :       Server name is set to *
 06:20:42.865174  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
 06:20:42.865190  27652.1           :       Client callback has been invoked to find client certificate
 06:20:42.865202  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
 06:20:42.928170  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
 06:20:42.928192  27652.1           :       Client callback has been invoked to find client certificate
 06:20:42.928200  27652.1           :       Use the first certificate that is from an acceptable issuer.
 06:20:42.928272  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
 06:20:43.003988  27652.1           :       -----------------------{  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors)
 06:20:43.004057  27652.1           :       SSL Server Certificate validation failed - RemoteCertificateNameMismatch, RemoteCertificateChainErrors
 06:20:43.004070  27652.1           :       ----------------------}  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors) (rc=OK)
 06:20:43.006638  27652.1           :       Exception received
System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.

> is not working after upgrading to 9.2.26

Did you mean "9.2.0.26"?

You left out important information.

• Are you using .NET Framework or .NET Core (aka .NET)?
• What release of .NET Framework or .NET Core are you using?
• Did you check IBM's MQ website for .NET Framework or .NET Core prerequisites?

Why are you upgrading to MQ v9.2 when it will go out of support in a year (September 2025)?

You should just go straight to IBM MQ v9.4 (the latest release).

later

Roger

We have upgraded MQ .Net client from 8.0.0.5 to 9.2.26. The existing code logic with 8.0.0.5 is not working after upgrading to 9.2.26. We are getting error as MQRC_HOST_NOT_AVAILABLE even though we are providing valid hostnames. Is there any other dll to be referred apart from amqmdnt.dll?

Hello Arul,

Are you using the same .NET code and same SSL/TLS certificate with MQ v9.2.0.26 that you used with MQ v8.0.0.5?

Did you check the queue manager log file for error messages related to your connection attempt?

Note: I'm not an MQ SSL/TLS on .NET expert, so someone else will need to chime in.

later

Roger

Hi Roger,

Thanks for your response. We are using .Net framework 4.7 and we can't move to latest version of MQ because of other technical restrictions in the application.

I was able to trace the requests sent to the MQ and identified it is an issue with the SSL Certificate installed in the client machine. It is a self signed certificate.

 Connect
 06:20:42.856839  27652.1           :       Connect returned True
 06:20:42.857092  27652.1           :       TCP/IP LINGER disabled
 06:20:42.857110  27652.1           :       Using socket send buffer size 32768
 06:20:42.857129  27652.1           :       Using socket receive buffer size 32768
 06:20:42.857142  27652.1           :       --------------------}  MQTCPConnection.ConnectUsingLocalAddr(ParsedLocalAddr,IPAddress,int) (rc=OK)
 06:20:42.857148  27652.1           :       IP:*******************
 06:20:42.857401  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/NmqiObject.cs
 06:20:42.857428  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/MQEncryptedSocket.cs
 06:20:42.858385  27652.1           :       ---------------------{  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions)
 06:20:42.858416  27652.1           :       KeyStore is *USER
 06:20:42.858429  27652.1           :       CertificateLabel set from sslConfigOptions =  *****************************
 06:20:42.858448  27652.1           :       KeyResetCount is 0
 06:20:42.858458  27652.1           :       CertificationCheck = False
 06:20:42.858486  27652.1           :       Hostname is : ********************
 06:20:42.858493  27652.1           :       CipherSpec value is TLS_RSA_WITH_AES_128_CBC_SHA256
 06:20:42.858500  27652.1           :       SSLPEERNAME value is 
 06:20:42.858507  27652.1           :       --------------------}  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions) (rc=OK)
 06:20:42.860532  27652.1           :       ---------------------{  MQEncryptedSocket.MakeSecuredConnection()
 06:20:42.860577  27652.1           :       Created an instance of SSLStreams
 06:20:42.860586  27652.1           :       Setting current certificate store as 'User'
 06:20:42.860594  27652.1           :       Created store object to access certificates
 06:20:42.863206  27652.1           :       Opened store
 06:20:42.863218  27652.1           :       Accessing certificate - lido.bilupgrade.prod.easyjet.com
 06:20:42.863253  27652.1           :       Adding certificate with FriendlyName - lido.bilupgrade.prod.easyjet.com
 06:20:42.863312  27652.1           :       TLS12 supported - True
 06:20:42.863628  27652.1           :       Setting SslProtol as Tls12
 06:20:42.863639  27652.1           :       Starting SSL Authentication
 06:20:42.863646  27652.1           :       -----------------------{  MQClientCfg.GetStringValue(StringCfgProperty)
 06:20:42.863652  27652.1           :       ----------------------}  MQClientCfg.GetStringValue(StringCfgProperty) (rc=OK)
 06:20:42.863657  27652.1           :       OutboundSNI is set to 
 06:20:42.863663  27652.1           :       Server name is set to *
 06:20:42.865174  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
 06:20:42.865190  27652.1           :       Client callback has been invoked to find client certificate
 06:20:42.865202  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
 06:20:42.928170  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
 06:20:42.928192  27652.1           :       Client callback has been invoked to find client certificate
 06:20:42.928200  27652.1           :       Use the first certificate that is from an acceptable issuer.
 06:20:42.928272  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
 06:20:43.003988  27652.1           :       -----------------------{  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors)
 06:20:43.004057  27652.1           :       SSL Server Certificate validation failed - RemoteCertificateNameMismatch, RemoteCertificateChainErrors
 06:20:43.004070  27652.1           :       ----------------------}  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors) (rc=OK)
 06:20:43.006638  27652.1           :       Exception received
System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.

> is not working after upgrading to 9.2.26

Did you mean "9.2.0.26"?

You left out important information.

• Are you using .NET Framework or .NET Core (aka .NET)?
• What release of .NET Framework or .NET Core are you using?
• Did you check IBM's MQ website for .NET Framework or .NET Core prerequisites?

Why are you upgrading to MQ v9.2 when it will go out of support in a year (September 2025)?

You should just go straight to IBM MQ v9.4 (the latest release).

later

Roger

We have upgraded MQ .Net client from 8.0.0.5 to 9.2.26. The existing code logic with 8.0.0.5 is not working after upgrading to 9.2.26. We are getting error as MQRC_HOST_NOT_AVAILABLE even though we are providing valid hostnames. Is there any other dll to be referred apart from amqmdnt.dll?

Hi Roger,

Its all the same .Net code and same certificate as well. Testing both the versions on same server by installing one at a time.

Thanks,

Arul

Hello Arul,

Are you using the same .NET code and same SSL/TLS certificate with MQ v9.2.0.26 that you used with MQ v8.0.0.5?

Did you check the queue manager log file for error messages related to your connection attempt?

Note: I'm not an MQ SSL/TLS on .NET expert, so someone else will need to chime in.

later

Roger

Hi Roger,

Thanks for your response. We are using .Net framework 4.7 and we can't move to latest version of MQ because of other technical restrictions in the application.

I was able to trace the requests sent to the MQ and identified it is an issue with the SSL Certificate installed in the client machine. It is a self signed certificate.

 Connect
 06:20:42.856839  27652.1           :       Connect returned True
 06:20:42.857092  27652.1           :       TCP/IP LINGER disabled
 06:20:42.857110  27652.1           :       Using socket send buffer size 32768
 06:20:42.857129  27652.1           :       Using socket receive buffer size 32768
 06:20:42.857142  27652.1           :       --------------------}  MQTCPConnection.ConnectUsingLocalAddr(ParsedLocalAddr,IPAddress,int) (rc=OK)
 06:20:42.857148  27652.1           :       IP:*******************
 06:20:42.857401  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/NmqiObject.cs
 06:20:42.857428  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/MQEncryptedSocket.cs
 06:20:42.858385  27652.1           :       ---------------------{  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions)
 06:20:42.858416  27652.1           :       KeyStore is *USER
 06:20:42.858429  27652.1           :       CertificateLabel set from sslConfigOptions =  *****************************
 06:20:42.858448  27652.1           :       KeyResetCount is 0
 06:20:42.858458  27652.1           :       CertificationCheck = False
 06:20:42.858486  27652.1           :       Hostname is : ********************
 06:20:42.858493  27652.1           :       CipherSpec value is TLS_RSA_WITH_AES_128_CBC_SHA256
 06:20:42.858500  27652.1           :       SSLPEERNAME value is 
 06:20:42.858507  27652.1           :       --------------------}  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions) (rc=OK)
 06:20:42.860532  27652.1           :       ---------------------{  MQEncryptedSocket.MakeSecuredConnection()
 06:20:42.860577  27652.1           :       Created an instance of SSLStreams
 06:20:42.860586  27652.1           :       Setting current certificate store as 'User'
 06:20:42.860594  27652.1           :       Created store object to access certificates
 06:20:42.863206  27652.1           :       Opened store
 06:20:42.863218  27652.1           :       Accessing certificate - lido.bilupgrade.prod.easyjet.com
 06:20:42.863253  27652.1           :       Adding certificate with FriendlyName - lido.bilupgrade.prod.easyjet.com
 06:20:42.863312  27652.1           :       TLS12 supported - True
 06:20:42.863628  27652.1           :       Setting SslProtol as Tls12
 06:20:42.863639  27652.1           :       Starting SSL Authentication
 06:20:42.863646  27652.1           :       -----------------------{  MQClientCfg.GetStringValue(StringCfgProperty)
 06:20:42.863652  27652.1           :       ----------------------}  MQClientCfg.GetStringValue(StringCfgProperty) (rc=OK)
 06:20:42.863657  27652.1           :       OutboundSNI is set to 
 06:20:42.863663  27652.1           :       Server name is set to *
 06:20:42.865174  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
 06:20:42.865190  27652.1           :       Client callback has been invoked to find client certificate
 06:20:42.865202  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
 06:20:42.928170  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
 06:20:42.928192  27652.1           :       Client callback has been invoked to find client certificate
 06:20:42.928200  27652.1           :       Use the first certificate that is from an acceptable issuer.
 06:20:42.928272  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
 06:20:43.003988  27652.1           :       -----------------------{  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors)
 06:20:43.004057  27652.1           :       SSL Server Certificate validation failed - RemoteCertificateNameMismatch, RemoteCertificateChainErrors
 06:20:43.004070  27652.1           :       ----------------------}  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors) (rc=OK)
 06:20:43.006638  27652.1           :       Exception received
System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.

> is not working after upgrading to 9.2.26

Did you mean "9.2.0.26"?

You left out important information.

• Are you using .NET Framework or .NET Core (aka .NET)?
• What release of .NET Framework or .NET Core are you using?
• Did you check IBM's MQ website for .NET Framework or .NET Core prerequisites?

Why are you upgrading to MQ v9.2 when it will go out of support in a year (September 2025)?

You should just go straight to IBM MQ v9.4 (the latest release).

later

Roger

We have upgraded MQ .Net client from 8.0.0.5 to 9.2.26. The existing code logic with 8.0.0.5 is not working after upgrading to 9.2.26. We are getting error as MQRC_HOST_NOT_AVAILABLE even though we are providing valid hostnames. Is there any other dll to be referred apart from amqmdnt.dll?