That did indeed work, one never stops learnign ;)
Original Message:
Sent: Tue May 17, 2022 02:05 AM
From: Morag Hughson
Subject: plink.exe via MQ Trigger results in access denied
You said earlier that, "when starting a trace with runmqtrm -t all -p runmqtrm I get nothing traced at all"
I never use this -p
option, so I just looked in the Docs about it.
-p Apps
The named processes to which the trace generation is restricted. Apps is a comma-separated list. You must specify each name in the list exactly as the program name would be displayed in the "Program Name" FDC header. Asterisk (*) or question mark (?) wildcards are allowed. You cannot use the -p
parameter with the -e
parameter.
This makes me think you would need to have put -p runmqtrm.exe
in the command? If you do that, do you get trace out?
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Tue May 17, 2022 01:38 AM
From: Sebastian Wilk
Subject: plink.exe via MQ Trigger results in access denied
It runs the 64 bit version according to the trace and yeah, I just looked at the AMQxxxx with the matching PID from the Taskmanager to find the right one.
The method with the -p was given to me via PMR (an older one that is) where we had to isolate the process, it worked in that scenario, so I assumed it would have also worked for the trigger, might be different in that case.
------------------------------
Sebastian Wilk
Original Message:
Sent: Thu May 12, 2022 05:50 AM
From: Morag Hughson
Subject: plink.exe via MQ Trigger results in access denied
Glad to hear you are sorted - I guess not assuming you have a stdin is the takeaway here.
Your screenshot of the row in task manager sheds no light on whether you are using the bin or bin64 version. Did you have the "Image path name" column visible?
So if you have managed to locate the trace by tracing everything and then looking for the PID to locate the trace, what did the header at the top of the trace file suggest the name of the program was?
I never use the -p
option on strmqtrc
so I have no idea how reliable it is. Is that something you usually use and have success with?
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Thu May 12, 2022 03:02 AM
From: Sebastian Wilk
Subject: plink.exe via MQ Trigger results in access denied
I have some interesting findings after starting the triggermon as a service and via commandline in the foreground.
When started in an interactive window, executing the plink.exe command works just fine and it runs the script on the remote server without any errors.
When doing the same but as a service started via mqexplorer, it throws the same error as before.
Things become even weirder when starting a cmd via trigger:
Starting a cmd, which holds the aformentioned plink.exe command, runs the remote script just fine. In both versions, wether I start the trigger via runmqtrm in a commandline or as a service via mqexplorer, both versions are able to execute the command.
I do not quite comprehend why that is, while not ideal, it does get the job done.
The tracing does still not work, I checked the linked post, I can find the process as listed however, when starting a trace with runmqtrm -t all -p runmqtrm I get nothing traced at all, so instead I traced all and checked for the PID to locate the trace.
tl;dr
Works when using the "detour" via cmd instead of directly calling the plink.exe
Thank you for the input!
------------------------------
Sebastian Wilk
Original Message:
Sent: Wed May 11, 2022 05:57 AM
From: Morag Hughson
Subject: plink.exe via MQ Trigger results in access denied
So, if memory serves, running the trigger monitor as a service means that it is definitely running in the background, and also the trigger started applications are also started in the background, rather than running inline in the trigger monitor.
It is also hard to know which runmqtrm you are using (bin or bin64) from your screenshot. Please read this post which might explain why you are not seeing anything traced.
Anyway, I'm not sure where your stdin is supposed to come from if everything is running in the background? Is there something about this plink.exe that will create a stdin or are you relying upon the environment running your application to have a stdin?
You say that using your example command from a Windows Command window works, but of course then you are running in the foreground and have a stdin. What happens if you invoke it (outside of the triggering stuff) as a background command?
To test out foreground/background theory, you could also try running the trigger monitor in a command window, and then your application will run inline in that command window, and then you might have a stdin?
Just some ideas anyway,
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Wed May 11, 2022 05:40 AM
From: Sebastian Wilk
Subject: plink.exe via MQ Trigger results in access denied
We have defined a new service, in our case called "TRIGGER_MONITOR", with a Triggerqueue called "TRIGGER.INIT"
The process definition
And the application ID is the command as shown in the og post.
I have also tried tracing the runmqtrm process but I get 0 output there, not sure if the actual process doing something is not the runmqtrm one, but it seems very sketchy to me that nothing can be traced when starting, triggering and stopping the trigger.
------------------------------
Sebastian Wilk
Original Message:
Sent: Wed May 11, 2022 05:10 AM
From: Morag Hughson
Subject: plink.exe via MQ Trigger results in access denied
How is your trigger monitor running? Foreground/background.
How are you triggering the application? Foreground/background? Perhaps you can show us the queue and process object definitions involved.
This page in IBM Docs might be useful.
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Wed May 11, 2022 02:26 AM
From: Sebastian Wilk
Subject: plink.exe via MQ Trigger results in access denied
Hello dear MQ folks,
we are encountering a peculiar error when trying to run a script via plink.exe.
The following setup is used:
Queuemanager running on Windows, triggermonitor used to start plink.exe to run a script on a remote RHEL machine.
The issued command is:
path\plink.exe -i myprivatekey.ppk -hostkey myhostkey -v username@host /path/script.sh
Using this command in a windowscmd works just fine and we are able to run the script.
When using it through a trigger via MQ, we get the following log messages in our triggerlog:
Reading key file "path\myprivatekey.ppk"
Using username "username".
Offered public key
Offer of public key accepted
Authenticating with public key "rsa-key-20220510"
Sent public key signature
Access granted
Opening main session channel
Opened main channel
Started a shell/command
Unable to read from standard input: access denied
Any clues as to what we are doing wrong here?
Kind regards
------------------------------
Sebastian Wilk
------------------------------