I unset client 7.5 as primary and made client 9 as primary and now my .Net application is working. But I am not sure I can do the same on production as existing .Net applications that are dependent on client 7.5 may stop working.
So need some idea as to why it is working.
Original Message:
Sent: Sun February 11, 2024 02:03 AM
From: Frank Martin
Subject: MQRC_SSL_INITIALIZATION_ERROR in ASP.Net application
I installed client version 9.1.4 in a separate directory. Client 7.5 is default.
When I use that C utility AMQSSSLC.exe then it successfully connects to MQ using SSL.
Then I went into my .Net application, added reference of amqmdnet.dll from the new 9.1.4 client and tried to run but getting error:
The type initializer for 'IBM.WMQ.Nmqi.UnmanagedNmqiMQ' threw an exception
------------------------------
Frank Martin
Original Message:
Sent: Tue February 06, 2024 02:04 PM
From: Roger Lacroix
Subject: MQRC_SSL_INITIALIZATION_ERROR in ASP.Net application
> I read somewhere that if you use amqmdnet.dll in your .Net application then it means code is unmanaged. If you use amqmdnetstd.dll in your .Net application then code is managed. Is it true?
No, that's not true.
- amqmdnet.dll is for IBM MQ classes for .NET Framework
- amqmdnetstd.dll is for IBM MQ classes for .NET Standard
You really should read my blog posting called: IBM MQ For .NET Core Primer
later
Roger
------------------------------
Roger Lacroix
CTO
Capitalware Inc.
London ON Canada
https://capitalware.com
Original Message:
Sent: Tue February 06, 2024 08:57 AM
From: Frank Martin
Subject: MQRC_SSL_INITIALIZATION_ERROR in ASP.Net application
I read somewhere that if you use amqmdnet.dll in your .Net application then it means code is unmanaged. If you use amqmdnetstd.dll in your .Net application then code is managed. Is it true?
------------------------------
Frank Martin
Original Message:
Sent: Mon February 05, 2024 02:52 PM
From: Roger Lacroix
Subject: MQRC_SSL_INITIALIZATION_ERROR in ASP.Net application
(1) If your MQ .NET application is running in 'managed mode' then all you need is the IBM MQ .NET DLLs from the NuGet Gallery and you put the following line in your .NET application:
prop.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
Note: IBM has 2 releases of IBM MQ called: IBM MQ classes for .NET Framework and IBM MQ classes for .NET Standard (aka Base .NET Classes). You can read my explanation of the difference between these packages here.
(2) If your MQ .NET application is running in 'unmanaged mode' then you need the full IBM MQ client installed and you put the following line in your .NET application:
prop.Add(MQC.TRANSPORT_PROPERTY, TRANSPORT_MQSERIES_CLIENT);
Basically, when your MQ .NET application is running in 'unmanaged mode', it will use the same MQ libraries as a regular C application.
later
Roger
------------------------------
Roger Lacroix
CTO
Capitalware Inc.
London ON Canada
https://capitalware.com
Original Message:
Sent: Sun February 04, 2024 05:43 AM
From: Frank Martin
Subject: MQRC_SSL_INITIALIZATION_ERROR in ASP.Net application
IBM MQ client 7.5 is installed. MQ team is saying that .Net client must be in unmanaged mode. Are they talking about MQ client or my .Net application? How can I make my application as unmanaged?
I am using amqmdnet.dll in my .Net application.
I even tried the following utility but it is showing a different error:
Command
AMQSSSLC -m cqm -c ABC.CORP.SSL -x mqtesting.mycorp.local:443 -k "C:\IBM\Keystore" -s TLS_RSA_WITH_AES_256_CBC_SHA256
Error
Connecting to queue manager cqm
Using the server connection channel ABC.CORP.SSL
on connection name mqtesting.mycorp.local:443.
Using SSL CipherSpec TLS_RSA_WITH_AES_256_CBC_SHA256
Using SSL key repository stem C:\IBM\Keystore
No OCSP configuration specified.
MQCONNX ended with reason code 2538
Error in logs is:
AMQ9202: Remote host 'mqtesting.mycorp.local:443'
not available, retry later.
EXPLANATION:
The attempt to allocate a conversation using TCP/IP to host
'mqtesting.mycorp.local:443' for channel
ABC.CORP.SSL was not successful. However the error may be a transitory one and
it may be possible to successfully allocate a TCP/IP conversation later.
In some cases the remote host cannot be determined and so is shown as '????'.
ACTION:
Try the connection again later. If the failure persists, record the error
values and contact your systems administrator. The return code from TCP/IP is
11001 (X'0'). The reason for the failure may be that this host cannot reach the
destination host. It may also be possible that the listening program at host
'mqtesting.mycorp.local:443' was not running. If
this is the case, perform the relevant operations to start the TCP/IP listening
program, and try again.
------------------------------
Frank Martin
Original Message:
Sent: Tue January 30, 2024 06:54 PM
From: Peter Potkay
Subject: MQRC_SSL_INITIALIZATION_ERROR in ASP.Net application
Frank,
When a connection fails to succeed for security related reasons, the side that is rejecting the connection has the details, the side that is being rejected typically has very little detail. In your error message it says "The SSL or TLS connection was closed by the remote host " and "Check the remote end of the channel for SSL and TLS errors.". There is likely more helpful diagnostic info there. It is not always possible to solve failed connections without checking logs at both ends.
You show port 443. While this is typical for HTTPs, it is almost certainly not correct for the MQ Server you are trying to connect. The default port number for an MQ Listener is 1414. The MQ Admin may have changed it to a different port. Almost certainly not 443. Validate with the MQ Administrator what port number you should be using. It would be the same port used in your successful non TLS connection - MQ does not use different ports for TLS versus non TLS (unlike HTTP/HTTPs).
MQ 7.5 went out of support in 2018. You should use a supported version of MQ Client, like version 9.3. Another factor that may be getting you here is that new MQ Servers are more restrictive in which TLS protocols they will allow (rejecting older ones) while ancient clients like 7.5 may be attempting that just. Again. more details in the logs on the server end is probably true.
------------------------------
Peter Potkay
Original Message:
Sent: Tue January 30, 2024 03:46 AM
From: Frank Martin
Subject: MQRC_SSL_INITIALIZATION_ERROR in ASP.Net application
I have an ASP.Net 4.8 application which is connecting to MQ using SSL. The non-SSL part works fine i.e. I am able to connect to MQ if I use non SSL connection so the problem is in SSL.
MQ team has setup SSL at their end and I MQ 7.5 client is installed on my machine. I am using amqmdnet.dll
in my application. MQ team provided me with following:
- SSL certificate: I have imported it in Windows machine
- Root certificate: I have also imported it in Windows machine
- jks file: I have converted this file to
.kdb
file using utility runmqckm
- The above utility generated 3 files; Keystore.kdb, Keystore.rdb, Keystore.sth and they are present on C:\
Here is my code and the error message I am getting:
MQEnvironment.SSLCipherSpec = "TLS_RSA_WITH_AES_256_CBC_SHA256";
queueProperties[MQC.HOST_NAME_PROPERTY] = "mq.ssl.local";queueProperties[MQC.PORT_PROPERTY] = 443;queueProperties[MQC.CHANNEL_PROPERTY] = "Some Channel";queueProperties[MQC.USER_ID_PROPERTY] = "some user";queueProperties[MQC.PASSWORD_PROPERTY] = "some password";queueProperties.Add(MQC.SSL_CERT_STORE_PROPERTY, @"C:\Keystore");queueProperties[MQC.TRANSPORT_PROPERTY] = MQC.TRANSPORT_MQSERIES_CLIENT;
Getting error MQRC_SSL_INITIALIZATION_ERRORIES_MANAGED
Can someone please tell me how to fix this issue? MQ is very confusing. Do I also need to use those certificates somewhere in code?
Logs are showing error detail as follows:
AMQ9665: SSL connection closed by remote end of channel 'MQ.ABC.SSL'.
EXPLANATION:
The SSL or TLS connection was closed by the remote host '192.168.1.23
(192.168.1.23)(443)' during the secure socket handshake. The channel is
'MQ.ABC.SSL'; in some cases its name cannot be determined and so is shown as
'????'. The channel did not start.
ACTION:
Check the remote end of the channel for SSL and TLS errors. Fix them and
restart the channel.
------------------------------
Frank Martin
------------------------------