none
MQSC Adapter problem, can't configure SSL settings with transaction enabled RRS feed

  • Question

  • Hi,

    I am facing this weared isssue while configuring MQSC adapter for websphere MQ in Biztalk server 2010.

    adapter itself doesn't allow to configure SSL properties when i enable transaction on it. its showing below error message .

    ---------------------------
    Error
    ---------------------------
    SSL properties cannot be configured from this UI when specifying Transaction Supported. Refer to product documentation for how to use SSL with Transaction Supported.
    ---------------------------
    OK  
    ---------------------------

    I did not find anything in documentation regarding this.

    I configured it according to this page as provided in MSDN, my communication is working fine with SSL when i dont use transactions, so am i missing some configuration for transactions ?

    Any help would be much appreciated

    Thanks in advance,

    Rahul

    Monday, March 26, 2012 9:19 AM

Answers

  • Hi Guys,

    latest update on this is that Microsoft has confirmed this as a bug in adapter configuration documentation and they promise to update it ASAP.

    So  MQSC adapter configuration does not provide full info for SSL configuration with transactions enabled.

    correct way to do it is:

    For creating self signed certificates  for testing and importing them to key store please follow chapter 2of this IBM guide .once you done this follow below steps to configure adapter.

    1. do not specify any properties in adapter configuration except queue name, queue manager name and transaction.
    2. Use a queue manager to define a CLNTCONN (client-connection) channel with the required SSL parameters. Also include the queue manager name in the QMNAME attribute on the CLNTCONN definition.
    3. Make the CLNTCONN definition available to the client system in a client channel definition table (CCDT), or, on Windows, in the active directory.
    4. If you are using a CCDT, identify the CCDT containing the definition of the CLNTCONN channel using environment variables MQCHLLIB and MQCHLTAB (These will need to be set in the environments in use by both the client application and the transaction manager) .This gives the transaction manager a channel definition to the appropriate queue manager with the SSL attributes needed to authenticate correctly, including the SSLCIPH CipherSpec.
    5. Once that is done we need to test it using “amqsputc”.
    6. And now in the adapter we will only set the Transaction parameter and SSL configuration will be read by the client from “Client definition table”.

            


    Best Regards, Rahul Dubey MCTS BizTalk Server

    • Marked as answer by RahulDubey Thursday, April 19, 2012 8:18 AM
    Thursday, April 19, 2012 8:17 AM

All replies

  • Hi Rahul,

    I believe you'll require certain configuration before you could implement transactional messaging in MQSC.

    You could try to check this How to Configure the MQSC Adapter for Transactional Messaging

    Hope that helps.

    Monday, March 26, 2012 10:01 AM
  • Hi rjygg,

    I have checked it and transactional messaging is working perfect for me, my problem is that when i try to configure SSL properties in adapter configuration it does not allow me to do that. i am getting below error.

    Monday, March 26, 2012 11:34 AM
  • Hi Rahul,

    Did you restart all the biztalk servers once you did the changes suggested in,

    http://msdn.microsoft.com/en-us/library/aa771857(v=bts.10).aspx


    Thanks With Regards,
    Shailesh Kawade
    MCTS BizTalk Server
    Please Mark This As Answer If This Helps You.
    http://shaileshbiztalk.blogspot.com/

    Tuesday, March 27, 2012 11:20 AM
  • Hi Shailesh,

    Yes, i did restart the server after installing adapter, i have checked all the configurations and transactional messaging is working absolutely fine without SSL.

    The only problem i am having is configuring SSL properties in adapter configuration page as seen in my last post.

    I have searched lot of artcles in MSDN and on internet but i did not find anything related to my issue.

    This is really very strange and could be a show stopper in our integration project.

    I am thinking to open a support ticket with Microsoft now.

    But any suggestion and finding related to this issue are most welcome.

    Wednesday, March 28, 2012 8:00 AM
  • Hi,

    Just to give an update on this issue.

    Yesterday, i decomplied "Microsoft.BizTalk.Adapter.MqscAdmin.dll"  using .Net Reflector and i found that there is a check for SSL on adapter configuration.

    private void CheckSSLConfig(XmlDocument configDOM) { XmlNode node = configDOM.SelectSingleNode("Config/transactionSupported"); if ((node != null) && (node.InnerText == "yes")) { XmlNode node2 = configDOM.SelectSingleNode("Config/sslCipherSpecification"); if ((node2 != null) && (node2.InnerText != string.Empty)) { throw new Exception(resourceManager.GetString("exceptionCannotConfigSSLandXA")); } XmlNode node3 = configDOM.SelectSingleNode("Config/sslPeerName"); if ((node3 != null) && (node3.InnerText != string.Empty)) { throw new Exception(resourceManager.GetString("exceptionCannotConfigSSLandXA")); } XmlNode node4 = configDOM.SelectSingleNode("Config/sslKeyRepositoryLocation"); if ((node4 != null) && (node4.InnerText != string.Empty)) { throw new Exception(resourceManager.GetString("exceptionCannotConfigSSLandXA")); } } } 

    Now, Everytime i try to set SSL properties in Adapter with Transaction Enable='yes', this config check throws exception.

    I don't know if its a bug or MQSC adapter doesn't support SSL with transactions, i am going to discuss it with Microsoft guys next week hoping for good results.


    Best Regards, Rahul Dubey MCTS BizTalk Server

    Thursday, March 29, 2012 5:59 AM
  • Nice idea with using Reflector, sometimes that is the only way to find out the reason. It definitely sounds like either a bug or an unsupported scenario, not sure of which so it would be a support call.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline

    Monday, April 2, 2012 4:18 PM
    Moderator
  • Hi Guys,

    latest update on this is that Microsoft has confirmed this as a bug in adapter configuration documentation and they promise to update it ASAP.

    So  MQSC adapter configuration does not provide full info for SSL configuration with transactions enabled.

    correct way to do it is:

    For creating self signed certificates  for testing and importing them to key store please follow chapter 2of this IBM guide .once you done this follow below steps to configure adapter.

    1. do not specify any properties in adapter configuration except queue name, queue manager name and transaction.
    2. Use a queue manager to define a CLNTCONN (client-connection) channel with the required SSL parameters. Also include the queue manager name in the QMNAME attribute on the CLNTCONN definition.
    3. Make the CLNTCONN definition available to the client system in a client channel definition table (CCDT), or, on Windows, in the active directory.
    4. If you are using a CCDT, identify the CCDT containing the definition of the CLNTCONN channel using environment variables MQCHLLIB and MQCHLTAB (These will need to be set in the environments in use by both the client application and the transaction manager) .This gives the transaction manager a channel definition to the appropriate queue manager with the SSL attributes needed to authenticate correctly, including the SSLCIPH CipherSpec.
    5. Once that is done we need to test it using “amqsputc”.
    6. And now in the adapter we will only set the Transaction parameter and SSL configuration will be read by the client from “Client definition table”.

            


    Best Regards, Rahul Dubey MCTS BizTalk Server

    • Marked as answer by RahulDubey Thursday, April 19, 2012 8:18 AM
    Thursday, April 19, 2012 8:17 AM