MQ

 View Only
  • 1.  MQ Client upgrade from 8.0.0.5 to 9.2.26

    Posted 26 days ago

    We have upgraded MQ .Net client from 8.0.0.5 to 9.2.26. The existing code logic with 8.0.0.5 is not working after upgrading to 9.2.26. We are getting error as MQRC_HOST_NOT_AVAILABLE even though we are providing valid hostnames. Is there any other dll to be referred apart from amqmdnt.dll?



    ------------------------------
    Arul Saravanan
    ------------------------------


  • 2.  RE: MQ Client upgrade from 8.0.0.5 to 9.2.26

    IBM Champion
    Posted 24 days ago

    > is not working after upgrading to 9.2.26

    Did you mean "9.2.0.26"?

    You left out important information.

    • Are you using .NET Framework or .NET Core (aka .NET)?
    • What release of .NET Framework or .NET Core are you using?
    • Did you check IBM's MQ website for .NET Framework or .NET Core prerequisites?

    Why are you upgrading to MQ v9.2 when it will go out of support in a year (September 2025)?

    You should just go straight to IBM MQ v9.4 (the latest release).

    later

    Roger



    ------------------------------
    Roger Lacroix
    CTO
    Capitalware Inc.
    London Canada
    https://capitalware.com
    ------------------------------



  • 3.  RE: MQ Client upgrade from 8.0.0.5 to 9.2.26

    Posted 24 days ago

    Hi Roger,

    Thanks for your response. We are using .Net framework 4.7 and we can't move to latest version of MQ because of other technical restrictions in the application.

    I was able to trace the requests sent to the MQ and identified it is an issue with the SSL Certificate installed in the client machine. It is a self signed certificate.

     Connect
     06:20:42.856839  27652.1           :       Connect returned True
     06:20:42.857092  27652.1           :       TCP/IP LINGER disabled
     06:20:42.857110  27652.1           :       Using socket send buffer size 32768
     06:20:42.857129  27652.1           :       Using socket receive buffer size 32768
     06:20:42.857142  27652.1           :       --------------------}  MQTCPConnection.ConnectUsingLocalAddr(ParsedLocalAddr,IPAddress,int) (rc=OK)
     06:20:42.857148  27652.1           :       IP:*******************
     06:20:42.857401  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/NmqiObject.cs
     06:20:42.857428  27652.1           :       Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0073673B MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=basedotnet/nmqi/MQEncryptedSocket.cs
     06:20:42.858385  27652.1           :       ---------------------{  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions)
     06:20:42.858416  27652.1           :       KeyStore is *USER
     06:20:42.858429  27652.1           :       CertificateLabel set from sslConfigOptions =  *****************************
     06:20:42.858448  27652.1           :       KeyResetCount is 0
     06:20:42.858458  27652.1           :       CertificationCheck = False
     06:20:42.858486  27652.1           :       Hostname is : ********************
     06:20:42.858493  27652.1           :       CipherSpec value is TLS_RSA_WITH_AES_128_CBC_SHA256
     06:20:42.858500  27652.1           :       SSLPEERNAME value is 
     06:20:42.858507  27652.1           :       --------------------}  MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions) (rc=OK)
     06:20:42.860532  27652.1           :       ---------------------{  MQEncryptedSocket.MakeSecuredConnection()
     06:20:42.860577  27652.1           :       Created an instance of SSLStreams
     06:20:42.860586  27652.1           :       Setting current certificate store as 'User'
     06:20:42.860594  27652.1           :       Created store object to access certificates
     06:20:42.863206  27652.1           :       Opened store
     06:20:42.863218  27652.1           :       Accessing certificate - lido.bilupgrade.prod.easyjet.com
     06:20:42.863253  27652.1           :       Adding certificate with FriendlyName - lido.bilupgrade.prod.easyjet.com
     06:20:42.863312  27652.1           :       TLS12 supported - True
     06:20:42.863628  27652.1           :       Setting SslProtol as Tls12
     06:20:42.863639  27652.1           :       Starting SSL Authentication
     06:20:42.863646  27652.1           :       -----------------------{  MQClientCfg.GetStringValue(StringCfgProperty)
     06:20:42.863652  27652.1           :       ----------------------}  MQClientCfg.GetStringValue(StringCfgProperty) (rc=OK)
     06:20:42.863657  27652.1           :       OutboundSNI is set to 
     06:20:42.863663  27652.1           :       Server name is set to *
     06:20:42.865174  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
     06:20:42.865190  27652.1           :       Client callback has been invoked to find client certificate
     06:20:42.865202  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
     06:20:42.928170  27652.1           :       -----------------------{  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
     06:20:42.928192  27652.1           :       Client callback has been invoked to find client certificate
     06:20:42.928200  27652.1           :       Use the first certificate that is from an acceptable issuer.
     06:20:42.928272  27652.1           :       ----------------------}  MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) (rc=OK)
     06:20:43.003988  27652.1           :       -----------------------{  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors)
     06:20:43.004057  27652.1           :       SSL Server Certificate validation failed - RemoteCertificateNameMismatch, RemoteCertificateChainErrors
     06:20:43.004070  27652.1           :       ----------------------}  MQEncryptedSocket.ClientValidatingServerCertificate(Object,X509Certificate,X509Chain,SslPolicyErrors) (rc=OK)
     06:20:43.006638  27652.1           :       Exception received
    System.Security.Authentication.AuthenticationException
    Message: The remote certificate is invalid according to the validation procedure.



    ------------------------------
    Arul Saravanan
    ------------------------------



  • 4.  RE: MQ Client upgrade from 8.0.0.5 to 9.2.26

    IBM Champion
    Posted 23 days ago

    Hello Arul,

    Are you using the same .NET code and same SSL/TLS certificate with MQ v9.2.0.26 that you used with MQ v8.0.0.5?

    Did you check the queue manager log file for error messages related to your connection attempt?

    Note: I'm not an MQ SSL/TLS on .NET expert, so someone else will need to chime in.

    later

    Roger



    ------------------------------
    Roger Lacroix
    CTO
    Capitalware Inc.
    London Canada
    https://capitalware.com
    ------------------------------



  • 5.  RE: MQ Client upgrade from 8.0.0.5 to 9.2.26

    Posted 23 days ago

    Hi Roger,

    Its all the same .Net code and same certificate as well. Testing both the versions on same server by installing one at a time.

    Thanks,

    Arul



    ------------------------------
    Arul Saravanan
    ------------------------------



  • 6.  RE: MQ Client upgrade from 8.0.0.5 to 9.2.26

    IBM Champion
    Posted 23 days ago

    see your log:

    06:20:42.928192  27652.1           :       Client callback has been invoked to find client certificate
    06:20:42.928200  27652.1           :       Use the first certificate that is from an acceptable issuer.

    You might want to use something like SSLCERTLBL to force the client to use a specific cert in the store, so that you won't fail the SSL PEER check...



    ------------------------------
    Francois Brandelik
    ------------------------------