Configure/Access remote Message Queue (Open MQ)

Hi,
I am new to JMS and Message Queue. I have installed Sun's Open Message Queue on my system.I have created ObjectStore and Destination(Queue) and using java program to insert and fetch messages.
Following are the details:
1. Created ObjectStore MyObjectStore with following properties:-
java.naming.factory.initial=com.sun.jndi.fscontext.RefFSContextFactory
java.naming.provider.url=file:///c:/tmp
2. Created ConnectionFactory MyConnectionFactory and Destination MyQueue
3. Code to access above queue:
Hashtable env;
    Context     ctx = null;
    env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.fscontext.RefFSContextFactory");
    env.put(Context.PROVIDER_URL, "file:///c:/tmp");
    ConnectionFactory cf=(javax.jms.ConnectionFactory) ctx.lookup("MyConnectionFactory");
    Queue queue=(javax.jms.Queue)ctx.lookup("MyQueue");
    Connection connection = cf.createConnection();
    Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
    MessageProducer msgProducer = session.createProducer(queue);
    MessageConsumer msgConsumer = session.createConsumer(queue);
    ....................My problem is that I am able to access Message Queue on local machine only. I don't know how i can configure my MQ to be accessed on network or/and how to look up for MQ from a remote machine in network.
Can anybody help me on this.
Regards
Edited by: Arpit.Purohit on Apr 8, 2009 4:49 AM
Edited by: Arpit.Purohit on Apr 8, 2009 4:49 AM

Arpit,
Yes, this is because you have chosen to use com.sun.jndi.fscontext.RefFSContextFactory as the JNDI provider in which to store your destination and connection factory objects.
The Sun Java System Message Queue 4.3 Administration Guide has a section [File-System Object Stores|http://docs.sun.com/app/docs/doc/820-6740/aeogx?a=view] about this:
+"Message Queue ... supports the use of a directory in the local file system as an object store for administered objects. While this approach is not recommended for production systems, it has the advantage of being very easy to use in development environments. Note, however, that for a directory to be used as a centralized object store for clients deployed across multiple computer nodes, all of those clients must have access to the directory. In addition, any user with access to the directory can use Message Queue administration tools to create and manage administered objects"+
So if you place your JNDI store in a shared directory visible to other machines rather than C:/tmp you will be able to access it from other machines.
The ideal solution is to use an LDAP JNDI provider. See the section [LDAP Server Object Stores|http://docs.sun.com/app/docs/doc/820-6740/aeogw?a=view] in the Administration Guide.
Note that this issue relates to the administered objects used by MQ only. The MQ broker itself will be available from anywhere on the network and the messages themselves will stored in the broker's own message store.
Nigel

Similar Messages

  • MDB read message queue too slow

    For some reason only a small number of MDB in the pool are accessing the message queue. The queue is growing rather fast and I wish to know how I can increase the read rate of my MDB's. Should I create another bean type to read the same queue. This does not seem like the ideal solution.
              Thank you
              bea user
              

    The JMS Performance Guide white-paper contains information
              on how to configure an MDB to run more instances concurrently.
              One thing to realize is that the number of instances is limited
              by the size of the thread pool that the MDB is running in.
              You can find a link to the white-paper here:
              http://dev2dev.bea.com/technologies/jms/index.jsp
              Tom
              bea user wrote:
              > For some reason only a small number of MDB in the pool are accessing the message queue. The queue is growing rather fast and I wish to know how I can increase the read rate of my MDB's. Should I create another bean type to read the same queue. This does not seem like the ideal solution.
              >
              > Thank you
              > bea user
              

  • I am not able to open a PDF file that I just created. I get an access denied message instead.

    I am not able to open a PDF file that I just created. I get an access denied message instead.

    Thanks for asking.
    I was combining different types of files into a single PDF. Some of them were excel spreadsheets and I had set the print areas in each file. When I cleared the print area the problem stopped. So I am assuming that had something to do with it. Though I am not sure.
    The strange thing was that I was able to open the excel source documents after creating the faulty PDF but some of the MS word source documents also had "access denied" status. I still cannot figure that part out.

  • Ical server error message when accessed remotely

    hello we have a 10.6.7 ical server running mostly smoothly when accessed from the LAN.
    however, when accessed remotely it generates the following error message:
    The server responded with “HTTP/1.1 501 Not Implemented” to operation CalDAVAccountRefreshQueueableOperation.
    the message provides the following 2 responses / buttons: stay offline or go online - trouble is once you click go online, it comes up with the same message again.
    unfortunately, research the error message has so far not produced any promising results, thus any ideas would be much appreciated.

    There are many reports here on this site about this, crossing different carriers and regions of the world. Consequently, the only deduction that can be made is that this is a system-level issue rather than a single user issue. Hence, what each affected user must do is contact their mobile service provider for formal support and possible escalation up to BlackBerry.
    Good luck!
    Occam's Razor nearly always applies when troubleshooting technology issues!
    If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
    Join our BBM Channels
    BSCF General Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • Siri keeps popping open when I am trying to listen to voicemail messages. It won't play the voicemail and Siri continues to open every time I try and access the message. ?

    Quite often when I access voicemail on my screen, I hit "Play" the message, Siri opens up. I try and close it down and hit play again and it keeps popping open.
    I end up having to restart the entire phone.  Any suggestions?
    I am also noticing my voicemails are severly delayed in showing up as messages on my phone. Sometimes a few days later it will show i have a vm and when I listen to it, it was recorded 48 hours earlier. This is not consistent but intermittent.

    Still a problem a year later: you tap Play on the VM, raise the phone, and Siri interrupts!
    This bug really needs to be fixed! As soon as you tap the VM Play button, Siri should be deactivated! It works that way when you're on a call after all: I never have Siri interrupt the start of a call.
    The bug is this: Siri DOES deactivate, but there's a delay: you have to wait a little after hitting Play before it becomes "Siri-safe." How long to wait? Wait too long and you miss the start of the message, or wonder whether you might have. Wait too little and Siri pops up--including making the Siri chime when your phone is on vibrate! (Nice way to get glares in a library.) This not a guessing game we should have to play.
    Disabling Siri raise-to-speak entirely is workaround, but shouldn't be needed. I'd rather not give up that feature, flawed though it may be.

  • Are both "OpenMQ" and "Open Message Queue" correct names for it?

    Hello,
    should I use "OpenMQ" in the product name for a client library for OpenMQ (like 'MyLibraryName OpenMQ Client'), or is it recommended to use the name "Open Message Queue" for some reasons (so it would be 'MyLibraryName Open Message Queue Client"? I am not sure if OpenMQ is an "official" name for it, which I should use to refer to.
    It is a Delphi library, the first public release will be ready real soon.
    Best Regards,
    Michael Justin

    Many thanks for your answer! The library is targeted at Delphi developers, so maybe I will give it a short name and a long name, "MyLibraryName OpenMQ Client" and "MyLibraryName OpenMQ Client for Open Message Queue" for announcements and other places where it should be clear what MQ stands for.
    Best Regards
    Michael Justin

  • Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

    Some  dude has been running botnet attacks to gain access to my  Westell 9100 BHR router and this past weekend he was successful:
    Oct  9 20:01:39 2010    Inbound Traffic    Blocked - Default policy    TCP 74.125.227.33:80->71.170.238.87:49396 on eth1
    Oct  9 20:03:50 2010    Inbound Traffic    Blocked - Default policy    TCP 173.192.226.198:80->71.170.238.87:49487 on eth1
    Oct  9 20:04:34 2010    Outbound Traffic    Blocked - Default policy    UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
    Oct  9 20:04:36 2010    Inbound Traffic    Blocked - Default policy    TCP 65.60.38.194:80->71.170.238.87:49497 on eth1
    Oct  9 20:04:37 2010    Outbound Traffic    Blocked - Default policy    UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
    Oct  9 20:06:45 2010    Inbound Traffic    Blocked - Default policy    TCP 74.125.227.49:80->71.170.238.87:49534 on eth1
    Oct  9 20:07:01 2010    Inbound Traffic    Blocked - Default policy    TCP 78.141.177.62:443->71.170.238.87:49540 on eth1
    Oct  9 20:16:35 2010    Inbound Traffic    Blocked - Packet invalid in connection    TCP 77.67.87.105:80->71.170.238.87:49683 on eth1
    Oct  9 20:16:37 2010    Firewall Info    Rate Limit    1 messages of type [9] Packet invalid in connection suppressed in 1 second(s)
    Oct  9 20:23:25 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60289->71.170.238.87:2439 on eth1
    Oct  9 20:23:25 2010    Inbound Traffic    Accepted Traffic - Remote administration    TCP 81.200.61.23:60289->71.170.238.87:4567 on eth1
    Oct  9 20:23:25 2010    Firewall Info    Rate Limit    17 messages of type [15] Default policy suppressed in 1 second(s)
    Oct  9 20:23:25 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60289->71.170.238.87:4964 on eth1
    Oct  9 20:23:27 2010    Firewall Info    Rate Limit    53 messages of type [15] Default policy suppressed in 1 second(s)
    Oct  9 20:23:27 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60290->71.170.238.87:4728 on eth1
    Oct  9 20:23:27 2010    Inbound Traffic    Accepted Traffic - Remote administration    TCP 81.200.61.23:60296->71.170.238.87:4567 on eth1
    Oct  9 20:23:27 2010    Firewall Info    Rate Limit    59 messages of type [15] Default policy suppressed in 1 second(s)
    Oct  9 20:23:27 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60289->71.170.238.87:2000 on eth1
    Oct  9 20:23:28 2010    Firewall Info    Rate Limit    74 messages of type [15] Default policy suppressed in 1 second(s)
    Oct  9 20:23:28 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60290->71.170.238.87:2749 on eth1
    Oct  9 20:23:29 2010    Inbound Traffic    Accepted Traffic - Remote administration    TCP 81.200.61.23:60297->71.170.238.87:4567 on eth1
    Oct  9 20:23:29 2010    Firewall Info    Rate Limit    74 messages of type [15] Default policy suppressed in 1 second(s)
    I went ahead and reset whatever settings he changed, but how do I close this port to prevent this guy from gaining access to my router in the future?

    whokebe1 wroteI'm pretty certain I didn't see that bottom entry the previous week. And if you'll notice, I can't undo it without resetting the router.
    That certainly doesn't look like anything I've seen VZ add.
    I have seen VZ add a UDP from from ANY address / ANY port to DVR port 63145 which effective blocks port forwarding needed for third party VOIP.
    VZ recently encrypted the Actiontec config file.  However the config file for Westells remains unencrypted.
    If you want to block access to the CPE Management port. 
    Save your current configuration to a file.
    Open it with a text editor.
    About 3/4 of the way down the file you will see the following lines:
    (cwmp
        (enabled(1))
    Change it to:
    (cwmp
        (enabled(0))
    That should block remote CPU access.

  • Portal failed to access remote resource due to network failures

    Hi,
    We have a portlet that allows users to upload files to a SQL Server database and make it available for other users to access. The portlet code is on our remote servers. Everything works fine in dev environment, but certain files fail in pre-prod and prod within the portal, but work fine when the code is executed outside the portal.
    I keep getting this error:
    Error - Portal failed to access remote resource due to network failures. Try again later or contact your portal administrator.     
    What could the problem be?
    Thank you for your help.
    Rad

    If the Studio service looks good on the remote server where Studio is installed (check that
    the service is started and look in the Studio logs for any warnings or errors), you should
    also verify the configuration settings in the Studio remote server object. Is it properly
    configured and pointing to the correct remote server?
    If so, check the portal servers access to the Studio server via the port specified in the remote
    server (default is 11935). You can test this by doing a telnet test on the portal server. In a cmd
    prompt (Windows) or on the CLI (Unix), type 'telnet [studioserver] 11935', where "<servername> is
    the name of your Studio remote server. The screen should just go blank, meaning that there is
    something accepting connections on that port on the given server. (We would hope it's the Studio
    app and not another service occupying that port.) If you get "Could not open connection to the host"
    or some such similar result, check that the network between the portal and the Studio remote server
    is open (ie, make sure there isn't any port blocking or a firewall in place that would hinder the
    communication between the two servers).

  • VPN Clients cannot access remote site

    Hey there,
    I am pretty new in configuring Cisco devices and now I need some help.
    I have 2 site here:
    site A
    Cisco 891
    external IP: 195.xxx.yyy.zzz
    VPN Gateway for Remote users
    local IP: VLAN10 10.133.10.0 /23
    site B
    Cisco 891
    external IP: 62.xxx.yyy.zzz
    local IP VLAN10 10.133.34.0 /23
    Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
    I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
    What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
    Here is the config of site A
    Building configuration...
    Current configuration : 24257 bytes
    version 15.2
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname Englerstrasse
    boot-start-marker
    boot config usbflash0:CVO-BOOT.CFG
    boot-end-marker
    aaa new-model
    aaa group server radius Radius-AD
    server 10.133.10.5 auth-port 1812 acct-port 1813
    aaa authentication login default local
    aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
    aaa authorization exec default local
    aaa authorization network ciscocp_vpn_group_ml_2 local
    aaa session-id common
    clock timezone Berlin 1 0
    clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
    crypto pki trustpoint TP-self-signed-27361994
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-27361994
    revocation-check none
    rsakeypair TP-self-signed-27361994
    crypto pki trustpoint test_trustpoint_config_created_for_sdm
    subject-name [email protected]
    revocation-check crl
    crypto pki certificate chain TP-self-signed-27361994
    certificate self-signed 01
      30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
      2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
      5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
      2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
      3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
      64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
      BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
      2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
      9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
      010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
      18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
      04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
      F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
      20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
      14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
      C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
      AF3EF676 26AD3F31 D368F5
          quit
    crypto pki certificate chain test_trustpoint_config_created_for_sdm
    no ip source-route
    ip auth-proxy max-login-attempts 5
    ip admission max-login-attempts 5
    no ip bootp server
    no ip domain lookup
    ip domain name yourdomain.com
    ip inspect log drop-pkt
    ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
    ip inspect name CCP_MEDIUM ftp
    ip inspect name CCP_MEDIUM h323
    ip inspect name CCP_MEDIUM sip
    ip inspect name CCP_MEDIUM https
    ip inspect name CCP_MEDIUM icmp
    ip inspect name CCP_MEDIUM netshow
    ip inspect name CCP_MEDIUM rcmd
    ip inspect name CCP_MEDIUM realaudio
    ip inspect name CCP_MEDIUM rtsp
    ip inspect name CCP_MEDIUM sqlnet
    ip inspect name CCP_MEDIUM streamworks
    ip inspect name CCP_MEDIUM tftp
    ip inspect name CCP_MEDIUM udp
    ip inspect name CCP_MEDIUM vdolive
    ip inspect name CCP_MEDIUM imap reset
    ip inspect name CCP_MEDIUM smtp
    ip cef
    no ipv6 cef
    appfw policy-name CCP_MEDIUM
      application im aol
        service default action allow alarm
        service text-chat action allow alarm
        server permit name login.oscar.aol.com
        server permit name toc.oscar.aol.com
        server permit name oam-d09a.blue.aol.com
        audit-trail on
      application im msn
        service default action allow alarm
        service text-chat action allow alarm
        server permit name messenger.hotmail.com
        server permit name gateway.messenger.hotmail.com
        server permit name webmessenger.msn.com
        audit-trail on
      application http
        strict-http action allow alarm
        port-misuse im action reset alarm
        port-misuse p2p action reset alarm
        port-misuse tunneling action allow alarm
      application im yahoo
        service default action allow alarm
        service text-chat action allow alarm
        server permit name scs.msg.yahoo.com
        server permit name scsa.msg.yahoo.com
        server permit name scsb.msg.yahoo.com
        server permit name scsc.msg.yahoo.com
        server permit name scsd.msg.yahoo.com
        server permit name cs16.msg.dcn.yahoo.com
        server permit name cs19.msg.dcn.yahoo.com
        server permit name cs42.msg.dcn.yahoo.com
        server permit name cs53.msg.dcn.yahoo.com
        server permit name cs54.msg.dcn.yahoo.com
        server permit name ads1.vip.scd.yahoo.com
        server permit name radio1.launch.vip.dal.yahoo.com
        server permit name in1.msg.vip.re2.yahoo.com
        server permit name data1.my.vip.sc5.yahoo.com
        server permit name address1.pim.vip.mud.yahoo.com
        server permit name edit.messenger.yahoo.com
        server permit name messenger.yahoo.com
        server permit name http.pager.yahoo.com
        server permit name privacy.yahoo.com
        server permit name csa.yahoo.com
        server permit name csb.yahoo.com
        server permit name csc.yahoo.com
        audit-trail on
    parameter-map type inspect global
    log dropped-packets enable
    multilink bundle-name authenticated
    redundancy
    ip tcp synwait-time 10
    class-map match-any CCP-Transactional-1
    match dscp af21
    match dscp af22
    match dscp af23
    class-map match-any CCP-Voice-1
    match dscp ef
    class-map match-any sdm_p2p_kazaa
    match protocol fasttrack
    match protocol kazaa2
    class-map match-any CCP-Routing-1
    match dscp cs6
    class-map match-any sdm_p2p_edonkey
    match protocol edonkey
    class-map match-any CCP-Signaling-1
    match dscp cs3
    match dscp af31
    class-map match-any sdm_p2p_gnutella
    match protocol gnutella
    class-map match-any CCP-Management-1
    match dscp cs2
    class-map match-any sdm_p2p_bittorrent
    match protocol bittorrent
    policy-map sdm-qos-test-123
    class class-default
    policy-map sdmappfwp2p_CCP_MEDIUM
    class sdm_p2p_edonkey
    class sdm_p2p_gnutella
    class sdm_p2p_kazaa
    class sdm_p2p_bittorrent
    policy-map CCP-QoS-Policy-1
    class sdm_p2p_edonkey
    class sdm_p2p_gnutella
    class sdm_p2p_kazaa
    class sdm_p2p_bittorrent
    class CCP-Voice-1
      priority percent 33
    class CCP-Signaling-1
      bandwidth percent 5
    class CCP-Routing-1
      bandwidth percent 5
    class CCP-Management-1
      bandwidth percent 5
    class CCP-Transactional-1
      bandwidth percent 5
    class class-default
      fair-queue
      random-detect
    crypto ctcp port 10000
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key REMOVED address 62.20.xxx.yyy 
    crypto isakmp key REMOVED address 195.243.xxx.yyy
    crypto isakmp key REMOVED address 195.243.xxx.yyy
    crypto isakmp key REMOVED address 83.140.xxx.yyy  
    crypto isakmp client configuration group VPN_local
    key REMOVED
    dns 10.133.10.5 10.133.10.7
    wins 10.133.10.7
    domain domain.de
    pool SDM_POOL_2
    acl 115
    crypto isakmp profile ciscocp-ike-profile-1
       match identity group VPN_local
       client authentication list ciscocp_vpn_xauth_ml_2
       isakmp authorization list ciscocp_vpn_group_ml_2
       client configuration address respond
       virtual-template 1
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
    crypto ipsec profile CiscoCP_Profile1
    set transform-set ESP-3DES-SHA11
    set isakmp-profile ciscocp-ike-profile-1
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to62.20.xxx.xxx
    set peer 62.20.xxx.xxx
    set transform-set ESP-3DES-SHA
    match address 105
    crypto map SDM_CMAP_1 2 ipsec-isakmp
    description Tunnel to195.243.xxx.xxx
    set peer 195.243.xxx.xxx
    set transform-set ESP-3DES-SHA4
    match address 107
    crypto map SDM_CMAP_1 3 ipsec-isakmp
    description Tunnel to83.140.xxx.xxx
    set peer 83.140.xxx.xxx
    set transform-set ESP-DES-SHA1
    match address 118
    interface Loopback2
    ip address 192.168.10.1 255.255.254.0
    interface Null0
    no ip unreachables
    interface FastEthernet0
    switchport mode trunk
    no ip address
    spanning-tree portfast
    interface FastEthernet1
    no ip address
    spanning-tree portfast
    interface FastEthernet2
    no ip address
    spanning-tree portfast
    interface FastEthernet3
    no ip address
    spanning-tree portfast
    interface FastEthernet4
    description Internal LAN
    switchport access vlan 10
    switchport trunk native vlan 10
    no ip address
    spanning-tree portfast
    interface FastEthernet5
    no ip address
    spanning-tree portfast
    interface FastEthernet6
    no ip address
    spanning-tree portfast
    interface FastEthernet7
    no ip address
    spanning-tree portfast
    interface FastEthernet8
    description $FW_OUTSIDE$$ETH-WAN$
    ip address 62.153.xxx.xxx 255.255.255.248
    ip access-group 113 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect CCP_MEDIUM out
    no ip virtual-reassembly in
    ip verify unicast reverse-path
    duplex auto
    speed auto
    crypto map SDM_CMAP_1
    service-policy input sdmappfwp2p_CCP_MEDIUM
    service-policy output CCP-QoS-Policy-1
    interface Virtual-Template1 type tunnel
    ip unnumbered FastEthernet8
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile CiscoCP_Profile1
    interface GigabitEthernet0
    no ip address
    shutdown
    duplex auto
    speed auto
    interface Vlan1
    no ip address
    interface Vlan10
    description $FW_INSIDE$
    ip address 10.133.10.1 255.255.254.0
    ip access-group 112 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat inside
    ip virtual-reassembly in
    interface Async1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation slip
    ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
    ip local pool VPN_Pool 192.168.20.2 192.168.20.100
    ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip forward-protocol nd
    ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
    ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
    ip access-list extended VPN1
    remark VPN_Haberstrasse
    remark CCP_ACL Category=4
    permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    ip radius source-interface Vlan10
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.7
    access-list 23 remark CCP_ACL Category=17
    access-list 23 permit 195.243.xxx.xxx
    access-list 23 permit 10.133.10.0 0.0.1.255
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 100 remark CCP_ACL Category=4
    access-list 100 permit ip 10.133.10.0 0.0.1.255 any
    access-list 101 remark CCP_ACL Category=16
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny   ip host 255.255.255.255 any
    access-list 101 deny   ip any any
    access-list 102 remark auto generated by CCP firewall configuration
    access-list 102 remark CCP_ACL Category=1
    access-list 102 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
    access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
    access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
    access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 102 deny   ip host 255.255.255.255 any
    access-list 102 deny   ip host 0.0.0.0 any
    access-list 102 deny   ip any any log
    access-list 103 remark auto generated by CCP firewall configuration
    access-list 103 remark CCP_ACL Category=1
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
    access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
    access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
    access-list 103 permit esp any host 62.153.xxx.xxx
    access-list 103 permit ahp any host 62.153.xxx.xxx
    access-list 103 permit udp host 194.25.0.60 eq domain any
    access-list 103 permit udp host 194.25.0.68 eq domain any
    access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
    access-list 103 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
    access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
    access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
    access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 103 deny   ip host 255.255.255.255 any
    access-list 103 deny   ip host 0.0.0.0 any
    access-list 103 deny   ip any any log
    access-list 104 remark CCP_ACL Category=4
    access-list 104 permit ip 10.133.10.0 0.0.1.255 any
    access-list 105 remark CCP_ACL Category=4
    access-list 105 remark IPSec Rule
    access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
    access-list 106 remark CCP_ACL Category=2
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
    access-list 106 permit ip 10.10.10.0 0.0.0.7 any
    access-list 106 permit ip 10.133.10.0 0.0.1.255 any
    access-list 107 remark CCP_ACL Category=4
    access-list 107 remark IPSec Rule
    access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 107 remark IPSec Rule
    access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 108 remark Auto generated by SDM Management Access feature
    access-list 108 remark CCP_ACL Category=1
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
    access-list 108 deny   tcp any host 10.133.10.1 eq telnet
    access-list 108 deny   tcp any host 10.133.10.1 eq 22
    access-list 108 deny   tcp any host 10.133.10.1 eq www
    access-list 108 deny   tcp any host 10.133.10.1 eq 443
    access-list 108 deny   tcp any host 10.133.10.1 eq cmd
    access-list 108 deny   udp any host 10.133.10.1 eq snmp
    access-list 108 permit ip any any
    access-list 109 remark CCP_ACL Category=1
    access-list 109 permit ip 10.133.10.0 0.0.1.255 any
    access-list 109 permit ip 10.10.10.0 0.0.0.7 any
    access-list 109 permit ip 192.168.10.0 0.0.1.255 any
    access-list 110 remark CCP_ACL Category=1
    access-list 110 permit ip host 195.243.xxx.xxx any
    access-list 110 permit ip host 84.44.xxx.xxx any
    access-list 110 permit ip 10.133.10.0 0.0.1.255 any
    access-list 110 permit ip 10.10.10.0 0.0.0.7 any
    access-list 110 permit ip 192.168.10.0 0.0.1.255 any
    access-list 111 remark CCP_ACL Category=4
    access-list 111 permit ip 10.133.10.0 0.0.1.255 any
    access-list 112 remark CCP_ACL Category=1
    access-list 112 permit udp host 10.133.10.5 eq 1812 any
    access-list 112 permit udp host 10.133.10.5 eq 1813 any
    access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
    access-list 112 permit udp any host 10.133.10.1 eq isakmp
    access-list 112 permit esp any host 10.133.10.1
    access-list 112 permit ahp any host 10.133.10.1
    access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
    access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
    access-list 112 remark auto generated by CCP firewall configuration
    access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
    access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
    access-list 112 permit udp host 10.133.10.7 eq domain any
    access-list 112 permit udp host 10.133.10.5 eq domain any
    access-list 112 deny   ip 62.153.xxx.xxx 0.0.0.7 any
    access-list 112 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 112 deny   ip host 255.255.255.255 any
    access-list 112 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 112 permit ip any any
    access-list 113 remark CCP_ACL Category=1
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
    access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
    access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
    access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
    access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
    access-list 113 remark auto generated by CCP firewall configuration
    access-list 113 permit udp host 194.25.0.60 eq domain any
    access-list 113 permit udp host 194.25.0.68 eq domain any
    access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
    access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
    access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
    access-list 113 permit esp any host 62.153.xxx.xxx
    access-list 113 permit ahp any host 62.153.xxx.xxx
    access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
    access-list 113 remark Pop3
    access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
    access-list 113 remark Pop3
    access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
    access-list 113 remark SMTP
    access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
    access-list 113 remark IMAP
    access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
    access-list 113 deny   ip 10.133.10.0 0.0.1.255 any
    access-list 113 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
    access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
    access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
    access-list 113 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 113 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 113 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 113 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 113 deny   ip host 255.255.255.255 any
    access-list 113 deny   ip host 0.0.0.0 any
    access-list 113 deny   ip any any log
    access-list 114 remark auto generated by CCP firewall configuration
    access-list 114 remark CCP_ACL Category=1
    access-list 114 deny   ip 10.133.10.0 0.0.1.255 any
    access-list 114 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 114 permit icmp any any echo-reply
    access-list 114 permit icmp any any time-exceeded
    access-list 114 permit icmp any any unreachable
    access-list 114 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 114 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 114 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 114 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 114 deny   ip host 255.255.255.255 any
    access-list 114 deny   ip host 0.0.0.0 any
    access-list 114 deny   ip any any log
    access-list 115 remark VPN_Sub
    access-list 115 remark CCP_ACL Category=5
    access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
    access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
    access-list 115 permit ip 10.133.20.0 0.0.0.255 any
    access-list 116 remark CCP_ACL Category=4
    access-list 116 remark IPSec Rule
    access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 117 remark CCP_ACL Category=4
    access-list 117 remark IPSec Rule
    access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 118 remark CCP_ACL Category=4
    access-list 118 remark IPSec Rule
    access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 118 remark IPSec Rule
    access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    no cdp run
    route-map SDM_RMAP_1 permit 1
    match ip address 106
    control-plane
    mgcp profile default
    line con 0
    transport output telnet
    line 1
    modem InOut
    speed 115200
    flowcontrol hardware
    line aux 0
    transport output telnet
    line vty 0 4
    session-timeout 45
    access-class 110 in
    transport input telnet ssh
    line vty 5 15
    access-class 109 in
    transport input telnet ssh
    scheduler interval 500
    end

    The crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
    On Site A:
    should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
    You should also remove the following line as the pool is incorrect:
    access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    On Site B:
    should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
    NAT exemption on site B should also be configured with deny on the above ACL.

  • Message Queue Blocking / MSGMNI Setting

    Hi All,
    Firstly, many thanks to all that can assists. I am currently getting Message Queue
    Blocking messages in my ULOG files in my Tuxedo Application. (Tux ver 7.1 in Unix).
    I am not sure what is causing this, but started to look into the Tux Config (UBB.MP)
    and System message queue setting. Detailed as follows:
    1)
    Listed below is the system message queue setting:
    set msgsys:msginfo_msgmni=2000          
    set msgsys:msginfo_msgmax=128000     
    set msgsys:msginfo_msgmnb=100000     
    set msgsys:msginfo_msgssz=256          
    set msgsys:msginfo_msgseg=25088          
    set msgsys:msginfo_msgtql=1550          
    set msgsys:msginfo_msgmap=1000     
    According to the BEA site, the MSGMNI is determined by this formula:
    MSGMNI = MAXACCESSERS + 7 + (no. of servers with REPLYQ) + (no. MSSQ sets) - (no.
    of servers with MSSQ sets)
    The following is my current Tux. Config (UBB.MP) is set as :
    - MAXACCESSERS = 2300
    - Each servers (4 types in total) has its own REPLYQ and RQADDR.
    - The same type of servers are set the same across 4 application servers.
    Hence, my MSGMNI should be a minimum 2339 (ie. MSGMNI = 2300 + 16 + 16 - 0 = 2339).
    But my current MSGMNI is 2000.
    Would this contribute to my Message Queue Blocking?
    Is my understanding correct and is this something I should change to avoid Message
    Queue Blocking? Any helps and advice is much appreciated.

    Malcolm,
    Your information and explanations behind these error messages are very useful.
    It allow me to further understand Tuxedo internal processing and at the same time
    give me a chance to start analysing these fields.
    I am reluctant to ask further questions at the mean time. I will use your suggestions
    as a starting point.
    I will certainly keep you posted of the outcome when I have made the changes in
    my UBB config and machine parameters.
    Many thanks with your help/explanations Malcolm. It helps alot!
    Cheers.
    David.
    "Malcolm Freeman" <[email protected]> wrote:
    >
    Hi David,
    The MSGTQL reference you give (Solution S-00488) refers to the BEA MessageQ
    product
    and is not relevant to Tuxedo.
    The error messages indicate that the queue buildup is probably due to
    a restartable
    server failing. What happens is this:
    When a restartable server fails its IPC queue remains in place and continues
    to
    receive messages (which will be processed when the server restarts).
    Depending
    on the time taken to restart, the queue could become full and unable
    to receive
    any more messages, and this is probably why you got the message CMDTUX_CAT:1380
    indicating that the BRIDGE process was unable to put a message on the
    server's
    queue.
    A server is only restarted when the BBL does a SANITYSCAN check. If,
    for example,
    your SANITYSCAN interval is 300 seconds and your server fails immediately
    after
    the previous scan, then there will be a delay of almost 5 minutes before
    the failure
    is detected and the server restarted - plenty of time for the queue to
    fill up.
    There are a few things you could do:
    The key thing would be to find out why the server is failing, and fix
    the problem.
    If this is not possible immediately, consider some of the other ideas
    below.
    Have several servers form an MSSQ to service this queue; then if one
    fails the
    others will continue processing the messages while the failed server
    restarts
    (this assumes, of course, that your application does not require the
    messages
    to be processed in strict order through the server).
    Reduce the SANITYSCAN interval (but don't make it too small). This would
    reduce
    the average time taken to restart the server.
    Increase the size of the IPC queue (MSGMNB) so that it can hold more
    messages.
    I'm not sure why you got a LIBTUX_CAT:1485 message, but this could be
    due to a
    BRIDGE failure as a result of the congestion.
    The NETLOAD parameter would reduce the number of messages going to the
    remote
    machine, but only if the local machine offers the same service. If the
    remote
    machine is the only source of the service then NETLOAD will have no effect.
    I
    recommend you do a search of this newsgroup for postings on "load balancing"
    there's some good stuff which will explain how load balancing works.
    Depending how things go, it might not be a bad idea to open a case with
    BEA Support
    and ask for guidance (remember to submit your ubbconfig (or preferably
    do a tmunloadcf)
    together with the complete ULOGs from both the master and the slave machine).
    Hope this helps some.
    Regards,
    Malcolm.
    "Dave" <[email protected]> wrote:
    Hi Malcolm,
    Thank you for your reply. Interesting point you have made about theMSGTQL
    value.
    Based on your suggestion I went hunting around the BEA site and found
    the following
    snipplet:
    "- The MSGTQL parameter must be set to a value greater than or
    equal to the MSGMNI setting."
    (http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_solution&answerpage=solution&page=msq/S-00488.htm)
    If the above point is valid, then my MSGTQL is definitely way too low.
    IF this
    be the case, would you know of a method to work out what my MSGTQL bytes
    value
    should be?
    Additionally, I have looked at other parameters which I could tune,and
    would
    adding a NETLOAD parameter in the *MACHINES section will reduce remote
    servers
    call? Which potentially, maybe reduce message queue blocking?
    FYI:
    The error messages I am seeing in my ULOG file are:
    "LIBTUX_CAT: 1477 : ERROR .SysServerDied
    LIBTUX_CAT: 1476 : ERROR: .SysServerRestarting"
    Which then leads to message queue blocking
    "CMDTUX_CAT: 1380 : ERROR: Message queue blocking prevented delivery,
    Qaddr=..."
    and potentially "LIBTUX_CAT: 1485 .SysNetworkDropped."
    Many Thanks. Hope to hear from you (Malcolm) or other parties out there
    that can
    assists.
    Thanks.
    David

  • How to re-configure the actual Hotspot configuration/access information?

    Hi,
    how c/an I re-configure the acual HOTSPOT configuration/access information? [MBP Retina - late 2012  |  OSx 10.8.2]
    THX in advance,
    NNIE

    As you are using verzion DSL connection ….Try this setting on router:
    1) Open router set up page using http://192.168.1.1 …..You will see username & password …leave username blank & in password use admin.
    2) Under set up look for “mac address clone” sub-tab….. Enable the service & click clone ….click save settings.
    3) Click on “status” tab….. if it shows any valid public Ip address try going online…..if it shows Internet Ip as 192.168.1.X. with gateway 192.168.1.1…then
                      a)  Click set up again ….change the Local Ip address from 192.168.1.1 to 192.168.2.1….click save settings.
     b)  Power down the router then the modem for few seconds …..Power on the modem first …then the router & see you are online or not.
    4)  If the internet Ip address is 0.0.0.0…click on set up again …change internet connection type to PPPOE…use your DSL username & password …click save settings.
    5)  Click status & click connect…if shows connected try going online….if not let mw know the error message you are getting on the status screen.
    Follow above steps & let me know if it helps or not.

  • Error during JNDI lookup Accessing Remote EJB (access to web service restricted using declarative security model)

    Hello everyone,
    I developed a Web Service prototype accessing remote EJB using the EJB
    control with special syntax in the jndi-name attribute: @jws:ejb
    home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
    Everything works fine, but I get an error when I restrict access to my web
    service with a declarative security model by implementing steps provided in
    help doc:
    - Define the web resource you wish to protect
    - Define which security role is required to access the web resource
    - Define which users are granted the required security role
    - Configure WebLogic Server security for my web service(Compatibility
    Security/Users)
    I launch the service by entering the address in a web browser. When prompted
    to accept the digital certificate, click Yes, when prompted for network
    authentication information, enter username and password, navigate to the
    Test Form tab of Test View, invoke the method by clicking the button and I
    get the following exception:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
    name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
    for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
    </detail>
    </error>
    I have a simple Hello method as well in my WebService (which is also
    restricted) and it works fine, but remote EJB access doesn't. I tested my
    prototype on Weblogic 7.2 and 8.1 platforms - same result.
    Is that a bug or I am missing some additional configuration in order to get
    that working. Has anyone seen similar behavior? Is there a known resolution?
    Or a suggested way to work around the problem?
    Thank you.
    Andre

    Andre,
    It would be best if this issue is handled as an Eval Support case. Please
    BEA Customer Support at http://support.beasys.com along with the required
    files, and request that an Eval support case be created for this issue.
    Thanks
    Raj Alagumalai
    WebLogic Workshop Support
    "Andre Shergin" <[email protected]> wrote in message
    news:[email protected]...
    Anurag,
    I removed "t3", still get an error but a different one (Unable to create
    InitialContext:null):
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
    create InitialContext:null]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
    create InitialContext:null] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
    .jws:67) </jwErrorDetail>
    </detail>
    </error>
    Note: inter-domain communication is configured properly. The Web Service to
    remote EJB works fine without a declarative security.
    Any other ideas?
    Thank you for your help.
    Andre
    "Anurag" <[email protected]> wrote in message
    news:[email protected]...
    Andre,
    It seems you are using the URL
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
    whereas you should not be specifying the "t3:" protocol.
    The URL should be like
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
    Please do let me know if you see any issues with this.
    Note that this will only allow you to access remote EJBs in the same WLS
    domain. For accessing EJBs on another domain, you need to configure
    inter-domain communication by
    following a few simple steps as mentioned at
    http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
    been provided in the EJB Control Workshop documentation.
    Regards,
    Anurag
    "Andre Shergin" <[email protected]> wrote in message
    news:[email protected]...
    Raj,
    I tried that before, it didn't help. I got similar error message:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
    failed for
    name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
    ing>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
    failed for
    name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
    </detail>
    </error>
    Anything else should I try?
    P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
    restricted.
    I hope there is a solution.
    Thanks,
    Andre
    "Raj Alagumalai" <[email protected]> wrote in message
    news:[email protected]...
    Andre,
    Can you try using the following url with username and password
    jndi://username:password@host:7001/my.resource.jndi.object ?
    once you add webapp level security, the authenticated is the user who
    invokes the EJB.
    http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
    CreatingANewEJBControl.html?skipReload=true
    has more info on using remote EJB's.
    Hope this helps.
    Thanks
    Raj Alagumalai
    WebLogic Workshop Support
    "Alla Resnik" <[email protected]> wrote in message
    news:[email protected]...
    Hello everyone,
    I developed a Web Service prototype accessing remote EJB using the EJB
    control with special syntax in the jndi-name attribute: @jws:ejb
    home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
    Everything works fine, but I get an error when I restrict access to my
    web
    service with a declarative security model by implementing steps
    provided
    in
    help doc:
    - Define the web resource you wish to protect
    - Define which security role is required to access the web resource
    - Define which users are granted the required security role
    - Configure WebLogic Server security for my web service(Compatibility
    Security/Users)
    I launch the service by entering the address in a web browser. Whenprompted
    to accept the digital certificate, click Yes, when prompted for
    network
    authentication information, enter username and password, navigate tothe
    Test Form tab of Test View, invoke the method by clicking the buttonand
    I
    get the following exception:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
    name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during
    JNDI
    lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
    for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
    </detail>
    </error>
    I have a simple Hello method as well in my WebService (which is also
    restricted) and it works fine, but remote EJB access doesn't. I testedmy
    prototype on Weblogic 7.2 and 8.1 platforms - same result.
    Is that a bug or I am missing some additional configuration in order
    to
    get
    that working. Has anyone seen similar behavior? Is there a knownresolution?
    Or a suggested way to work around the problem?
    Thank you.
    Andre

  • How to access the JMS queues in the XI J2EE Engine?

    Hi Gurus,
    Can anybody know how to access the jms dead message queues in the WAS J2EE Engine?
    I have read in the SAP documentation that we can use some JMS commands from the telnet. I don't know how to use those commands.
    Can anybody provide a step-by-step process to access these queues?
    Thanks
    Kalyan

    1) Open a command prompt
    2) type
    telnet localhost 50008
    where the port is the same as your http, but with 8 as last digit.
    3) Login
    4) Issue the following set of commands
            jump 0
            add jms
            jms list deadmsgs
    Check by man jms other possible options.
    HTH
    Peter

  • "Stuck" remote messages

    We have our monitoring software setup to query and chart the "Actual" number of messages (as reported by "imqcmd query bkr" and recently noticed that this number is remaining at a higher minimum value. Meaning, it never drops to 0 as though there is a pile of messages that cannot be processed and they are sitting in the queue
    Our setup is a cluster of two brokers (not HA) and the cluster.properties file looks like this:
    cluster.properties
    imq.cluster.brokerlist=hobgoblin,smithwicks
    imq.cluster.masterbroker=hobgoblinWe have 10 queue destinations varying in volume from dozens to hundreds of thousands of messages a day. Three of these queues (all relatively high volume) exhibit this issue. I will use a particular queue named "networkActivity" in the following commands.
    When I run imqcmd query dst -t q -n networkActivity on hobgoblin (the master broker) the relevant piece of output is:
    Current Number of Messages           
        Actual                            75
        Remote                            75
        Held in Transaction               0When I run the same on smithwicks it is:
    Current Number of Messages           
        Actual                            284
        Remote                            284
        Held in Transaction               0The "Actual" number will occasionally increase when we are under heavy load but as we catch up on the load that number will only decrease to match the "Remote" number.
    The other 7 queues do not have this issue and some of those do equally heavy volume. New messages continue to be processed fast on all queues.
    What does this Remote number mean? I have struggled to find information in the documentation or online.
    We recently switched to OpenMQ and it has been utterly stable and performant compared to our previous provider (where queue lockups and shutdown due to slow consumers was commonplace). Very happy with it in general. We are planning to move to an HA setup in the near future - would this issue still occur when using HA?
    These "Remote" message counts are relatively small but they do seem to drift upward a small amount each day visually establishing a new baseline in our monitoring charts.
    Any help is greatly appreciate. I can easily provide any other information that would be helpful - logs, imqcmd output, server information, etc.

    I am surprised I found something not obvious in the docs because frankly the OpenMQ documentation is some of the best I have ever run into.
    Fortunately/Unfortunately we don't have this issue any longer so I cannot collect more information. The remote counts dropped to zero when I bounced OpenMQ one day. If that means we lost these particular messages it isn't a big deal for us.
    Our previous provider (ActiveMQ) had literally millions of backed up messages when we migrated to OpenMQ. A colleague here wrote a tool that pulled the messages off the AMQ queues and fed them to OpenMQ (OpenMQ proceeded to shred through those things) all at once and the remote number happened after that huge crush of old messages. I do not know if that is related at all but I am willing to chalk it up to a possibility as some of those AMQ messages were really old. There could have even been messages so old that our consumer logic didn't know how to handle them anymore.
    Have had no issues since and we switched to an HA configuration this morning and everything is running perfectly.

  • Access Denied message when running WU_TEST_106 form!!!

    Hi all,
    I am trying to use WebUtil components to use Oracle 9.0.3 Form to write from an Oracle Form to a MS Word document. To learn more about WebUtil, I downloaded a sample form named WU_TEST_106.fmb and compiled and have been trying to run it. When this form gets loaded, I click on the 'OLE' tab and then type a message in the 'Enter text to Transfer to Word' box and then pick a file named Sample.doc on my C:\ directory and then click on 'Write to Word' button. This causes the following 'access denied' message and the 'Sample.doc' file never gets updated.
    We are using JInitiator 1.3.1.17, IE 6.0, Java 1.4.2_03 and Oracle 10g database.
    Below is the contenet of the trace file:
    Oracle JInitiator: Version 1.3.1.17
    Using JRE version 1.3.1.17-internal Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\seyedg
    Proxy Configuration: no proxy
    JAR cache enabled
    Location: C:\Documents and Settings\seyedg\Oracle Jar Cache
    Maximum size: 50 MB
    Compression level: 0
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    q: hide console
    s: dump system properties
    t: dump thread list
    x: clear classloader cache
    0-5: set trace level to <n>
    Loading <SERVER NAME>/forms90/java/f90all_jinit.jar from JAR cache
    Loading <SERVER NAME>/forms90/java/frmwebutil.jar from JAR cache
    Loading <SERVER NAME>/forms90/java/jacob.jar from JAR cache
    proxyHost=null
    proxyPort=0
    connectMode=HTTP, native.
    Forms Applet version is : 9.0.4.0
    Exception occurred during event dispatching:
    java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.jacob)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkLink(Unknown Source)
         at java.lang.Runtime.loadLibrary0(Unknown Source)
         at java.lang.System.loadLibrary(Unknown Source)
         at com.jacob.com.Dispatch.<clinit>(Dispatch.java:537)
         at oracle.forms.webutil.ole.OleFunctions.create_obj(OleFunctions.java:398)
         at oracle.forms.webutil.ole.OleFunctions.getProperty(OleFunctions.java:189)
         at oracle.forms.handler.UICommon.onGet(Unknown Source)
         at oracle.forms.engine.Runform.onGetHandler(Unknown Source)
         at oracle.forms.engine.Runform.processMessage(Unknown Source)
         at oracle.forms.engine.Runform.processSet(Unknown Source)
         at oracle.forms.engine.Runform.onMessageReal(Unknown Source)
         at oracle.forms.engine.Runform.onMessage(Unknown Source)
         at oracle.forms.engine.Runform.processEventEnd(Unknown Source)
         at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
         at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
         at java.awt.Component.dispatchEventImpl(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.EventQueue.dispatchEvent(Unknown Source)
         at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.run(Unknown Source)
    Thanks in advance for your help,
    Seyed

    Hi all,
    Please disregard this posting. I resolved this issue by re-signing both the jacob.jar and frmwebutil.jar. See below:
    Signed the Jacob.jar file once again on 06/02/2008;
    C:\DevSuiteHome\forms90\webutil\webutil>sign_webutil c:\devsuitehome\forms90\jav
    a\jacob.jar
    Generating a self signing certificate for key=webutil2...
    keytool error: java.lang.Exception: Key pair not generated, alias <webutil2> alr
    eady exists
    There were warnings or errors while generating a self signing certificate. Pleas
    e review them.
    Backing up c:\devsuitehome\forms90\java\jacob.jar as c:\devsuitehome\forms90\jav
    a\jacob.jar.old...
    1 file(s) copied.
    Signing c:\devsuitehome\forms90\java\jacob.jar using key=webutil2...
    ...successfully done.
    C:\DevSuiteHome\forms90\webutil\webutil>
    I also re-signed frmwebutil.jar on 06/02/2008 at 9:55 AM:
    C:\DevSuiteHome\forms90\webutil\webutil>sign_webutil c:\devsuitehome\forms90\web
    util\frmwebutil.jar
    The given jar file c:\devsuitehome\forms90\webutil\frmwebutil.jar does not exist
    C:\DevSuiteHome\forms90\webutil\webutil>sign_webutil c:\devsuitehome\forms90\webutil\java\frmwebutil.jar
    Generating a self signing certificate for key=webutil2...
    keytool error: java.lang.Exception: Key pair not generated, alias <webutil2> alr
    eady exists
    There were warnings or errors while generating a self signing certificate. Pleas
    e review them.
    Backing up c:\devsuitehome\forms90\webutil\java\frmwebutil.jar as c:\devsuitehom
    e\forms90\webutil\java\frmwebutil.jar.old...
    1 file(s) copied.
    Signing c:\devsuitehome\forms90\webutil\java\frmwebutil.jar using key=webutil2..
    ...successfully done.
    I can now run the WU_TEST_106.fmb form and successfully write to a MS Word file.
    Thanks for your attention:
    Seyed

Maybe you are looking for