Resolving CHLAUTH access issues
Steps and examples to resolve certain access issues when using channel authentication records (CHLAUTH).
Before you begin
Note: The steps in this task require you to run MQSC commands. How you do this varies by platform. See Administering IBM® MQ using MQSC commands.
About this task
There are three
default rules for CHLAUTH processing:
- NO ACCESS to all channels by any
MQ-admin*
users - NO ACCESS to all SYSTEM.* channels by all users
- ALLOW access to SYSTEM.ADMIN.SVRCONN channel (non
MQ-admin
users)
CHLAUTH rules are used to determine if a channel can be started, and they allow mapping, through
MCAUSER to another user ID. If the channel cannot be started, the following errors commonly occur:
-
RC 2035 MQRC_NOT_AUTHORIZED
-
RC 2059 MQRC_Q_MGR_NOT_AVAILABLE
-
AMQ4036 Access not permitted
-
AMQ9776: Channel was blocked by userid
-
AMQ9777: Channel was blocked
-
MQJE001: An MQException occurred: Completion Code 2, Reason 2035
-
MQJE036: Queue manager rejected connection attempt
You should block access strictly, then add more CHLAUTH rules to control who can access and start channels.
As a temporary measure, and to troubleshoot the errors listed, complete any of the following steps.