ibm-mq

runmqsc AMQ8157: Security Error on MQ Version 8.0.0.5 on Windows 7 x64 Edition


Currently, I faced an issue whereby when trying to runmqsc (queue manager name), I achieved an error of AMQ8157: Security Error. Is there any way I can solve this issue?

I am running IBM MQ Version 8.0.0.5 on Windows 7 x64 Edition.

AMQ8157 appeared in the command prompt as AMQ8157: Security error.

However, This was the error which was displayed in the error log.

Error Log Message:

AMQ8079: Access was denied when attempting to retrieve group membership
information for user 'userdecim@ddgroup.com'.

EXPLANATION:

WebSphere MQ, running with the authority of user 'admin@dd-pc-002',
was unable to retrieve group membership information for the specified user.
ACTION:
Ensure Active Directory access permissions allow user
'admin@dd-pc-002' to read group memberships for user
'userdecim@ddgroup'. To retrieve group membership information for a domain user,
MQ must run with the authority of a domain user and a domain controller must be
available. 

Solution

  • The ACTION in the error explains the problem. The IBM MQ queue manager is running as a local user admin on the host dd-pc-002. The queue manager is trying to retrieve group membership information for the domain user userdecim@ddgroup.com. Because the queue manager is running under a local account it will not have permission to obtain information on a domain user.

    If the IBM MQ queue manager will interact with domain users and groups, the account which the queue manager processes run under on Windows must be a domain account that has Read group membership and Read groupMembershipSAM permissions.

    See the IBM MQ v8 Knowledge Center page "Creating and setting up domain accounts for IBM MQ" for more details.