Websphere MQ v8 - MQRC_NOT_AUTHORIZED - 2035

WebSphere MQ V7.1 introduced CHLAUTH rules which by default banned remote access by privileged users. To turn off CHLAUTH you are correct that you can issue

ALTER QMGR CHLAUTH(DISABLED)

However, you could also very simply allow yourself access on a particular channel as described in CHLAUTH - Allow some privileged admins.

IBM MQ V8 introduced Connection Authentication which default demands a password to authenticate a remote privileged user. To make this OPTIONAL (as it is for non-privileged users) you can issue

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
      CHCKCLNT(OPTIONAL)

rather than turning it off completely with

ALTER QMGR CONNAUTH(' ')

After either of these commands you'll need to issue the following command for the queue manager to be aware of your changes.

REFRESH SECURITY TYPE(CONNAUTH)

You mention that this is for development purposes which is fair enough, but remember to turn these features on so that you can make your queue manager secure when using it in production!

Also, remember that the queue manager error log will provide you with details about why your application got the 2035, for example, "Channel is Blocked" for CHLAUTH and "Missing password" for CONNAUTH.


Ok so i found it! ALTER CHLAUTH(DISABLED) is not enough, you have to remove Connection Authentification as well (QM properties -> Extended)