Skip to main content

Troubleshooting Java/JMS SSL Configurations - Middleware News

 This document is intended to help diagnose WebSphere MQ V7 Java™ or JMS SSL setup errors.
It lists most of the common configuration errors that can cause an SSL connection from a Java/JMS client to a queue manager to fail, and gives the course of action to resolve the problem.

In each case the error can be diagnosed by a combination of the error seen in the client log - either a console output, trace file or SystemOut.log file - and the queue manager's error logs.

The document is quite long, so the easiest way to find the potential error is to search for one of the errors seen in this list, then filter this list using the error from the opposite end of the channel. All cases here assume that 2-way authentication is being attempted (SSLCAUTH set to REQUIRED on the queue manager's SVRCONN channel). This is the default, and the errors are very similar for 1-way authentication (SSLCAUTH set to OPTIONAL).

Symptom

  • Instructions on collecting documentation
  • Cause 1: Client missing personal certificate
  • Cause 2: Missing server personal certificate
  • Cause 3: Missing server signer on client
  • Cause 4: Missing client signer on server
  • Cause 5: Cipher spec mismatch
  • Cause 6: No cipher enabled on client
  • Cause 7: No cipher enabled on queue manager's server connection channel
  • Cause 8 Using non-FIPS cipher, FIPS enabled on client (not on server)
  • Cause 9: Using non_FIPS cipher, FIPS enabled on server (not on client)
  • Cause 10: Using FIPS cipher, FIPS not enabled on client
  • Cause 11: Using non_FIPS cipher, FIPS enabled at both ends
  • Cause 12: Value of SSLPEER on client does not match personal certificate
  • Cause 13: Value of SSLPEER on server does not match personal certificate
  • Cause 14: Listener not running on server
  • Cause 15: Can not find client keystore
  • Cause 16: Client keystore password incorrect
  • Cause 17: Can not find client truststore
  • Cause 18: Client truststore password incorrect

Diagnosing the problem

Two sets of documentation are required:
  • SystemOut, console output or Java/JMS trace - this will show the exceptions with stack outputs as seen below
  • AMQERR*.LOG files from the queue manager install location. these will contain the AMQxxxx errors as seen below
    Back to top

Resolving the problem



Cause 1 Client missing personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE')

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;
AMQ9204: Connection to host localhost(1414)' rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2059;
AMQ9503: Channel negotiation failed.
[3=SYSTEM.DEF.SVRCONN]],3=localhost(1414),
5=RemoteConnection.analyseErrorSegment]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.
(WMQConnection.java:355)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;
AMQ9503: Channel negotiation failed.
[3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.analyseErrorSegment(RemoteConnection.java:4366)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.receiveTSH(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.initSess(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
Queue Manager
Error Logs		 AMQ9637: Channel is lacking a certificate.
Solution Add a personal certificate to the client's keystore which has been signed by a certificate in the queue manager's key database.



Cause 2 Missing server personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR'))

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;
AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException
[Remote host closed connection during
handshake],3=localhost/127.0.0.1:1414(localhost),
4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake
at com.ibm.jsse2.tc.a(tc.java:438)
at com.ibm.jsse2.tc.g(tc.java:416)
at com.ibm.jsse2.tc.a(tc.java:60)
at com.ibm.jsse2.tc.startHandshake(tc.java:381)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection$6
.run(RemoteTCPConnection.java:1005)
at java.security.AccessController.doPrivileged(AccessController.java:202)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1000)
... 11 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.ibm.jsse2.a.a(a.java:120)
at com.ibm.jsse2.tc.a(tc.java:540)
... 17 more )
Queue Manager
Error Logs		 AMQ9637: Channel is lacking a certificate.
Solution Add a personal certificate to the queue manager's key database which has been signed by a certificate in the client's truststore, and which has a label of the form"ibmwebspheremqqmname."


Cause 3 Missing server signer on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR')

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;
AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[com.ibm.jsse2.util.g: PKIX path building failed :
java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Some Name,
O=IBM, L=Hursley, ST=Hampshire, C=UK is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match.],3=localhost/127.0.0.1:1414
(localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.;internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Some Name,
O=IBM, L=Hursley, ST=Hampshire, C=UK is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match

Queue Manager
Error Logs		 AMQ9665: SSL connection closed by remote end of channel '????'.
Solution Add the certificate used to sign the queue manager's personal certificate to the client's truststore.



Cause 4 Missing client signer on server
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(1414)' rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[Software caused connection abort: socket write error],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],
3=localhost(1414),5=RemoteTCPConnection.protocolConnect]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.
(WMQConnection.java:355)
... 6 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[Software caused connection abort: socket write error],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: Software caused connection abort: socket write error


Queue Manager
Error Logs		 AMQ9633: Bad SSL certificate for channel '????'.
Solution Add the certificate used to sign the queue manager's personal certificate to the client's truststore.



Cause 5 Cipher spec mismatch
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599)

Queue Manager
Error Logs		 AMQ9631: The CipherSpec negotiated during the SSL handshake does not match the required CipherSpec for channel 'SYSTEM.DEF.SVRCONN'.
Solution Ensure that the cipher suite on the client matches the cipher spec on the queue manager's server connection channel.


Cause 6 No cipher enabled on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599)


Queue Manager
Error Logs		 AMQ9639: Remote channel 'SYSTEM.DEF.SVRCONN' did not specify a CipherSpec.
Solution Ensure that there is a cipher suite set on the client matching the cipher spec on the queue manager's server connection channel.

Cause 7 No cipher enabled on queue manager's server connection channel
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)


Queue Manager
Error Logs		 AMQ9635: Channel 'SYSTEM.DEF.SVRCONN' did not specify a valid CipherSpec.
Solution Ensure that there is a cipher spec on the queue manager's server connection channel matching the cipher suite set on the client..


Cause 8 Using non-FIPS cipher, FIPS enabled on client (not on server)
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed.
[1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1748)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite
SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode
at com.ibm.jsse2.q.a(q.java:84)
at com.ibm.jsse2.r.(r.java:75)
at com.ibm.jsse2.tc.setEnabledCipherSuites(tc.java:184)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1741)

Queue Manager
Error Logs		 No errors seen
Solution Either disable FIPS on the client or ensure both FIPS is enabled on the server and a FIPS-enabled cipher is being used.
Back to top


Cause 9 Using non_FIPS cipher, FIPS enabled on server (not on client)
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.ibm.jsse2.n.a(n.java:8)


Queue Manager
Error Logs		 AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
Solution Either disable FIPS on the server or ensure both FIPS is enabled on the client and a FIPS-enabled cipher is being used.
Back to top


Cause 10 Using FIPS cipher, FIPS not enabled on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.n.a(n.java:8)

Queue Manager
Error Logs		 AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
Solution Either enable FIPS on the client or ensure a non FIPS-enabled cipher is being used.
Back to top


Cause 11 Using non_FIPS cipher, FIPS enabled at both ends
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed.
[1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1748)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode at com.ibm.jsse2.q.a(q.java:84)

Queue Manager
Error Logs		 No errors seen..
Solution Either disable FIPS at both ends or ensure a FIPS-enabled cipher is being used.
Back to top


Cause 12 Value of SSLPEER on client does not match personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2398' ('MQRC_SSL_PEER_NAME_MISMATCH').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2398;AMQ9636: SSL distinguished name does not match peer name, channel '?'.
[4=CN=Some Name, O=IBM, ST=Hampshire, C=UK]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1071)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)

Queue Manager
Error Logs		 No errors seen
Solution Ensure the value of SSLPEER matches the distinguished name of the personal certificate.
Back to top


Cause 13 Value of SSLPEER on server does not match personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9643: Remote SSL peer name error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4330)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)


Queue Manager
Error Logs		 AMQ9636: SSL distinguished name does not match peer name, channel 'SYSTEM.DEF.SVRCONN'.
Solution Ensure the value of SSLPEER matches the distinguished name of the personal certificate.
Back to top


Cause 14 Listener not running on server
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9213: A communications error for occurred. [1=java.net.ConnectException[Connection refused: connect],3=localhost]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:663)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)


Queue Manager
Error Logs		 No errors seen
Solution Start the listener on the queue manager.
Back to top


Cause 15 Can not find client keystore
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(1414)' rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]], 3=localhost(1414),5=RemoteTCPConnection.makeSocketSecure]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.(WMQConnection.java:355)
... 6 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.lang.Exception: Keystore file does not exist: C:\keystore\wrongfile.jks

Queue Manager
Error Logs		 No errors seen
Solution Specify the correct name and location for the client keystore.
Back to top


Cause 16 Client keystore password incorrect
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect

Queue Manager
Error Logs		 No errors seen
Solution Specify the correct password for the client keystore.
Back to top


Cause 17 Can not find client truststore
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.lang.Exception: Truststore file does not exist: C:\keystore\wrongfile.jks


Queue Manager
Error Logs		 No errors seen..
Solution Specify the correct name and location for the client truststore.
Back to top



Cause 18 Client truststore password incorrect
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at com.ibm.crypto.provider.JavaKeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:414)
at com.ibm.jsse2.uc.a(uc.java:54)
at com.ibm.jsse2.lc.f(lc.java:12)
at com.ibm.jsse2.lc.(lc.java:16)
at java.lang.J9VMInternals.newInstanceImpl(Native Method)
at java.lang.Class.newInstance(Class.java:1345)
at java.security.Provider$Service.newInstance(Provider.java:880)
... 20 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed


Queue Manager
Error Logs		 No errors seen.
Solution Specify the correct password for the client truststore.
Labels:

Comments

Post a Comment

adsrerrapop

Popular posts from this blog

IBM Websphere MQ interview Questions Part 5

MQ Series: - It is an IBM web sphere product which is evolved in 1990’s. MQ series does transportation from one point to other. It is an EAI tool (Middle ware) VERSIONS:-5.0, 5.1, 5.3, 6.0, 7.0(new version). The currently using version is 6.2 Note: – MQ series supports more than 35+ operating systems. It is platform Independent. For every OS we have different MQ series software’s. But the functionality of MQ series Default path for installing MQ series is:- C: programfiles\BM\clipse\SDK30 C: programfiles\IBM\WebsphereMQ After installation it will create a group and user. Some middleware technologies are Tibco, SAP XI. MQ series deals with two things, they are OBJECTS, SERVICES. In OBJECTS we have • QUEUES • CHANNELS • PROCESS • AUTHENTICATION • QUERY MANAGER. In SERVICES we have LISTENERS. Objects: – objects are used to handle the transactions with the help of services. QUEUE MANAGER maintains all the objects and services. QUEUE: – it is a database structure
136 comments
Read more

IBM Websphere MQ Reason code list / mq reason codes / websphere mq error codes / mq error messages

Reason code list ================= The following is a list of reason codes, in numeric order, providing detailed information to help you understand them, including: * An explanation of the circumstances that have caused the code to be raised * The associated completion code * Suggested programmer actions in response to the code * 0 (0000) (RC0): MQRC_NONE * 900 (0384) (RC900): MQRC_APPL_FIRST * 999 (03E7) (RC999): MQRC_APPL_LAST * 2001 (07D1) (RC2001): MQRC_ALIAS_BASE_Q_TYPE_ERROR * 2002 (07D2) (RC2002): MQRC_ALREADY_CONNECTED * 2003 (07D3) (RC2003): MQRC_BACKED_OUT * 2004 (07D4) (RC2004): MQRC_BUFFER_ERROR * 2005 (07D5) (RC2005): MQRC_BUFFER_LENGTH_ERROR * 2006 (07D6) (RC2006): MQRC_CHAR_ATTR_LENGTH_ERROR * 2007 (07D7) (RC2007): MQRC_CHAR_ATTRS_ERROR * 2008 (07D8) (RC2008): MQRC_CHAR_ATTRS_TOO_SHORT * 2009 (07D9) (RC2009): MQRC_CONNECTION_BROKEN * 2010 (07DA) (RC2010): MQRC_DATA_LENGTH_ERROR * 2011 (07DB) (RC2011): MQRC_DYNAMIC_Q_NAME_ERROR * 2012 (07DC) (RC201
2 comments
Read more

IBM WebSphere MQ – Common install/uninstall issues for MQ Version on Windows - Middleware News

Creating a log file when you install or uninstall WebSphere MQ WebSphere MQ for Windows is installed using the Microsoft Installer (MSI). If you install the MQ server or client through launchpad , MQPARMS or setup.exe , then a log file is automatically generated in %temp% during installation. Alternatively you can supply parameters on the installation MSI command msiexec to generate a log file, or enable MSI logging system-wide (which generates MSI logs for all install and uninstall operations). If you uninstall through the Windows Add/Remove programs option, no log file is generated. You should either uninstall from the MSI command line and supply parameters to generate a log file, or enable MSI logging system-wide (which generates MSI logs for all install and uninstall operations). For details on how to enable MSI logging, see the following article in the WebSphere MQ product documentation: Advanced installation using msiexec For details on how to enable system-w
Post a Comment
Read more