Peter, Either the userid or the domain group must be a member of the local mqm group. Since there can be multiple domains in an organization, MQ needs to know what domains are trusted to use MQ. We have been authorizing domain groups to local mq groups for years. The only thing new is with 5.3 was the 'mq' userid. Essentialy by using the domain userid, it gave mq a cleaner way to check userids on the domain.
glen larson Zurich North America "Potkay, Peter M (ISD, IT)" <[EMAIL PROTECTED]>@AKH-Wien.AC.AT> on 07/15/2004 10:23:28 PM Please respond to MQSeries List <[EMAIL PROTECTED]> Sent by: MQSeries List <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Subject: Re: Prepare MQ Wizard on Win2003 errors out Glen, are you saying that I should forget using that Wizard, put User1_qa1, which is defined in the "domain mqm" group, inside the local mqm group, and then use the AMQMSRVN command? I don't know if that's correct. It seems to me that command is only used to replace MUSR_MQADMIN. And I shouldn't be using that ID anyway, since I am in a Windows 200 domain. from below: "Once the user has entered valid account details for the domain user account into the Prepare WebSphere MQ Wizard," Well, my Wizard never gets that far, it just errors out. -----Original Message----- From: Glen Larson [mailto:[EMAIL PROTECTED] Sent: Thursday, July 15, 2004 5:24 PM To: [EMAIL PROTECTED] Subject: Re: Prepare MQ Wizard on Win2003 errors out Peter, On how to assign the domain userid to you system, post mq install, from the MQ Systems Admin guide: In some network configurations, where user accounts are defined on domain controllers that are using the Windows 2000 operating system, the local user account MUSR_MQADMIN might not have the authority it requires to query the group membership of other domain user accounts. The Prepare WebSphere MQ Wizard identifies whether this is the case by carrying out tests and asking the user questions about the network configuration. If the local user account MUSR_MQADMIN does not have the required authority, the Prepare WebSphere MQ Wizard prompts the user for the account details of a domain user account with particular settings and permissions. The online help for the Prepare WebSphere MQ Wizard contains information about the domain user account required. Once the user has entered valid account details for the domain user account into the Prepare WebSphere MQ Wizard, it configures AMQMSRVN to run Chapter 8. Administration using the WebSphere MQ Services snap-in under this account instead of the local user account MUSR_MQADMIN. The account details are held in the secure part of the Registry and cannot be read by users. When the service is running, AMQMSRVN is launched and remains running for as long as the service is running. A WebSphere MQ administrator who logs onto the server after AMQMSRVN is launched can use the WebSphere MQ Services snap-in to administer queue managers on the server. This connects the WebSphere MQ Services snap-in to the existing AMQMSRVN process. These two actions need different levels of permission before they can work: v The launch process requires a launch permission. v The WebSphere MQ administrator requires Access permission. Changing the user name associated with WebSphere MQ Services You might need to change the user name associated with WebSphere MQ Services from MUSR_MQADMIN to something else. (For example, you might need to do this if your queue manager is associated with DB2®, which does not accept user names of more than 8 characters.) To change the user name: 1.Create a new user account (for example NEW_NAME) 2. Use the Prepare WebSphere MQ Wizard to enter the account details of the new user account. Alternatively, use the following command line to set the new account: AMQMSRVN -user <domain\>NEW_NAME -password <password> Where NEW_NAME is the new user name you have chosen. This can be qualified by a domain name if required. WebSphere MQ allocates the correct security rights and group membership to the new user account If for any reason you need to reset the user account back to the default MUSR_MQADMIN account, use the following command: AMQMJPSE -r All damain group id's must be members of the corresponding local group. IE. the userid defined in the AMQMSRVN command must be a member of the local MQM group. glen larson zurich north america "Potkay, Peter M (ISD, IT)" <[EMAIL PROTECTED]>@AKH-Wien.AC.AT> on 07/15/2004 03:22:47 PM Please respond to MQSeries List <[EMAIL PROTECTED]> Sent by: MQSeries List <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Subject: Prepare MQ Wizard on Win2003 errors out Windows 2003 Server MQSeries 5.3 CSD07 1st Install attempt in this domain, 1st install attempt on Win2003: I am logged on as User1, which is in the administrators group, thru pcAnywhere. 1. Answer No when the Set Up GUI asks me if I am in a Windows 2000 Domain. 2. Install of base MQ 5.3 is OK. 3. I try and run the Prepare WebSphere MQ Wizard, to make MQ a Service. It throws the following error: WebSphere MQ configuration problem WebSphere MQ is not correctly configured for Windows 2000 domain users An unexpected error while validating the security credentials of user QA1\User1 Ensure the network is operational, and that all required domain controllers are available. 4. I click Cancel, and install CSD07. 5. Try and run the Wizard again, and get the same error. 6. I add User1 to the mqm group, and try and run the Wizard again, with the same error. I find out that this is the first time we are installing MQ in this domain, and it IS a Windows 2000 domain. I have the Sys Admin follow the steps in Chapter 11 of the Quick Beginnings Manual. He creates the domain group "domain mqm" (no quotes), and adds a user call User1_qa1 into it. He gives me the password, and sets the password expiration to unlimited. He puts domain mqm / User1_qa1 into another global group as well, called OtherGlobal. OtherGlobal is in the Administrators group of this server. 7. I log back onto the server as User1_qa1, in the QA1 domain. I uninstall MQ, delete the MUSR_MQADMIN id, leave the mqm group, and reboot. 8. I run the set up again, this time answering YES to the domain question. The install again proceeds with no issues. I do not run the Prepare WebSphere MQ Wizard at this point. 9. I install CSD07 with no issues. 10. I go to run the Prepare WebSphere MQ Wizard, and again it bombs out with the same error, except this time it points to QA1\User1_qa1. It never asked me what special ID it should run under. And, it recreated the MUSR_MQADMIN ID again! What should I try next? Peter Potkay MQSeries Specialist The Hartford Financial Services [EMAIL PROTECTED] x77906 IBM MQSeries Certified This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive ******************* PLEASE NOTE ******************* This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive