Not for humans but for search engines

As I stumble around trying got get things to work, I keep falling over little problems, so I thought I would blog the problems and solutions. So as the title says – not for humans but for search engines. If you hit these problem, then the search engine finds it for you


AMQ9660 AMQ9660E: SSL key repository: password stash file absent or unusable.
Issue DIS QMGR SSLKEYR to display the location of the files. Check the value is accurate – and has mixed case if applicable.  Check the file name is specified without a suffix.

AMQ6125 AMQ6125E: An internal IBM MQ error has occurred.
AMQ6184 AMQ6184W: An internal IBM MQ error has occurred on queue manager QMA.

Check your client channel has QMNAME() with a value

AMQ9647 AMQ9637E  Channel is lacking a certificate.
DISPLAY QMGR CERTLABL and check it is in the keystore.

AMQ9518 AMQ9518E : File ‘….AMQCLCHL.TAB’ not found.
In mqclient.ini you specified a fully qualified file name. You need to specify



AMQ8118E: IBM MQ queue manager does not exist.

For example using runmqsc -c QMA .

  • Check  /var/mqm/errors/AMQERR01.LOG for error messages
  • Check the set up for the client environment, for example mqclient.ini,  and ccdt or ServerConnectionParms
  • Check MQCLNTCF environment variable is specified correctly
  • Check that all files in the mqclient.ini are fully qualified.   ChannelDefinitionDirectory=. and ChannelDefinitionFile=ccdt.json
     looks for the file in your current directory – not where the mqclient.ini file was.

AMQ9641E AMQ9641  Remote CipherSpec error for channel ‘… to host ‘.

EXPLANATION:The remote end of channel…  on host ‘… has
indicated a CipherSpec error ‘SSLCIPH(‘ ‘) -> SSLCIPH(????)’. The channel did
not start.

Defining a channel with MQSERVER environment variable or having mqclient.ini with Channels:

The doc says:  The ServerConnectionParms attribute defines only a simple channel; you cannot use it to define a TLS channel or a channel with channel exits


MQRC_EPH_ERROR 2420 (0974) (RC2420)

Can also be due to invalid PCF ( see this return code from MQPUT1 page).

My problem was the mqmd.CodedCharSetId was set to -1 ( MQCCSI_EMBEDDED) because I copied it from an input message.


MQRC_QUEUE_MGR_NAME_ERROR: 2058 (080A, 80A) (RC2058)

I got this using the new ccdt in json format.

I used tail -n50 /var/mqm/errors/*01*|less
and this reported
AMQ9518E: File ‘/var/mqm/AMQCLCHL.TAB’ not found.
EXPLANATION: The program requires that the file ‘/var/mqm/AMQCLCHL.TAB’ is present and available.
There is some unclear description which gave me the hint about mqclient.ini.

I had set up ccdt.json, but had not set up  I created this file with


  • You have specified a channel in MQCONNX and this is not in the CCDT, so if you have a channel called QMACLIENT, and use use “QM” or “QM*” both will give MQRC_HOST_NOT_AVAILABLE.
  • You had a network problem, for example the application gets MQRC_CONNECTION_BROKEN. If the next MQ verb the application issues is MQCONN or MQCONNX this will fail with MQRC_HOST_NOT_AVAILABLE. You need to issue MQDISC, or retry the MQCONN(X) a second time.
  • You specified a connection address like when it was expecting

MQRC_UNKNOWN_OBJECT_QMGR: 2086 (0826) (RC2086) with a client application

This can be caused when using a client connection and specifying a queue manager name of the format “*name” (for availability) . The application takes this queue manager name, and uses it in the MQOD.
If the first character of the Queue Manager Name is “*” then MQINQ should be used to retrieve the actual queue manager name, or do not use the “*name”.

MQRC_NOT_AUTHORIZED: 2035 (07F3) (RC2035) with MQCONNX

Trying to use MQCONNX to connect to a queue manger. The info from the Knowledge centre and the AMQ message say a blank userid or password was given. I also found the following can cause the same return code

  • mqcno.SecurityParmsPtr = 0;
  • csp.CSPPasswordLength = 0;
  • sp.CSPUserIdLength = 0;
  • csp.CSPPasswordPtr= 0;
  • csp.CSPUserIdPtr = 0;
  • csp.AuthenticationType != MQCSP_AUTH_USER_ID_AND_PWD;



  • Not using threaded application. My C program was built with -lmqic instead of -lmqic_r -lpthread
  • SHRCONV = 0 on the channel definitions

MQRC_Q_MGR_NAME_ERROR: 2058 (080A) (RC2058)

  • export MQCHLLIB not pointing to correct location
  • export MQCHLTAB pointing to the wrong name, or not set and AMQCLCHL.TAB not found in the location pointed to by MQCHLLIB
  • remember to update your .profile so this does not happen again
  • you are using a CCDT and passed in a QMNAME of XXXX, for all channels with QMNAME XXXX none could connect to the queue manager in the conname.
  • You think you were using a mqclient.ini file … but are now in a different directory
  • You are using the correct mqclient.ini file.  It has a ChannelDefinitionFile=… file.   This ccdt file is missing entries for the queue manager.  use the runmqsc command DIS CHL(*) where chltype(eq,svrconn) to display the valid channels on the server.
  • You tried to connect with the queue manager name, and need to connect to the QM group name.
  • You forgot the * in front of the queue manager name when using groups.

Check the AMQERR01.log for messages.  If there are no messages then the connection has not got to the queue manager, and is a client side problem.  If there are messages, resolve them, for example you may need a CHLAUTH definition.


  • MQSSLKEYR not set to the keystore path and file name
  • you specified …/key.kdb instead of /key without the .kdb
  • remember to update your .profile so this does not happen again




Solved it using

  • or
  • mqcno.Options = MQCNO_CD_FOR_OUTPUT_ONLY
  • but not both

Trying to connect as a client, but the queue manager specified does not have a matching entry in the CCDT.  You might need to specify *qmgrname to say pick any of these.

MQRC_CD_ERROR2277 (08E5) (RC2277)

I received message in the /var/mqm/error/*.LOG saying

AMQ9498E: The MQCD structure supplied was not valid.

EXPLANATION: The value of the ‘ChannelName’ field has the value ‘0’. This value is invalid for the operation requested.

This is only partially true. If you specify mqcno.Options=MQCNO_CD_FOR_OUTPUT_ONLY, this returns the name of the channel to you. In this case specifying a blank channel name is valid. If this options value is not specified, then a channel name is required.

AMQ9202E: Remote host not available, retry later.

The attempt to allocate a conversation using TCP/IP to host ” for channel
QMZZZ was not successful. However the error may be a transitory one and it may be possible to successfully allocate a TCP/IP conversation later.

This is not strictly accurate.

In my MQCONNX I specified a channel name of QMZZZ which did not exist in the Client Channel Definition Table (CCDT).

  • Check the channel name in ClientConn.ChannelName
  • Specify mqcno.Options = MQCNO_CD_FOR_OUTPUT_ONLY so it ignores what is in the channel, and picks one from the entries in the CCDT.

AMQ9498E: The MQCD structure supplied was not valid.

The value of the ‘ChannelName’ field has the value ‘0’. This value is invalid for the operation requested.
Change the parameter and retry the operation.

  • I got this when I specified a blank (not ‘0’ ) in the ChannelName field. If I specified mqcno.Options = MQCNO_CD_FOR_OUTPUT_ONLY I did not get this error message, as the specified channelname value is ignored. I fixed the problem by changing the MQCNO, not the MQCD


I got this when using PCF and got my lengths mixed up, for example StrucLength was longer than the structure.


I got this when I issued INQUIRE_Q and passed in a channel name


I also got back section MQIACF_ERROR_IDENTIFIER (1013) with a value of 2031619. I cant find what this means.
My problem was I had specified an optional section – but not a required one.


I got this when using MQCMD_INQUIRE_Q, and I had specified MQCACF_Q_NAMES instead of MQCACF_Q_NAME ( no ‘s’).

If you look at MQCMD_INQUIRE_Q  it lists the valid options, and MQCA_Q_NAME is listed – but not MQCA_Q_NAMES.


Oracle WebLogic

<BEA-320084> BEA-320084 The user principals=[] does not have authorization to view the logs.

I got this when using JMX to access the data.  The userid had not been set up to get this log data.  See here.

Specifically I got these trying to access webLogic Type=WLDFAccessRuntime JMX data.

com.bea:ServerRuntime=...,Name=Accessor, Type=WLDFAccessRuntime,WLDFRuntime=WLDFRuntime
com.bea:ServerRuntime=...,Name=DataSourceLog, Type=WLDFDataAccessRuntime,...
com.bea:ServerRuntime=...,Name=DomainLog, Type=WLDFDataAccessRuntime,...
com.bea:ServerRuntime=...,Name=HTTPAccessLog, Type=WLDFDataAccessRuntime,...
com.bea:ServerRuntime=...,Name=HTTPAccessLog, Type=WLDFDataAccessRuntime,...
com.bea:ServerRuntime=...,Name=ServerLog, Type=WLDFDataAccessRuntime,...

<BEA-240003> BEA-240003

<Administration Console encountered the following error: weblogic.application.ModuleException: The following exception occurred while processing annotations: No EJBs found in the ejb-jar file ..   I got this when redeploying an MDB, using Redeploy this application using the following deployment files…  If I used Update this application in place … it worked.


<BEA-149265>  BEA-149265 

Failure occurred in the execution of deployment request with …. Error is: “weblogic.application.ModuleException: java.lang.ClassCastException: cannot be cast to”

I got this when redeploying the MQ resource adapter in webLogic, and selecting Redeploy this application using the following deployment files:

When I used Update this application in place with new deployment plan changes. (A deployment plan must be specified for this option) it worked successfully.


Weblogic. Remember to update your deployment to reflect the new plan when you are finished with your changes.

You have changed a configuration, such as a Resource Adapter or MDB.  You have to restart the server, or redeploy the application to pick up changes.


Java jar command -C (No such file or directory)

jar cvfm abc.jar -C /home/colinpaice/xyz/  . -C (No such file or directory)

In the jar cvfm command, the m says use the manifest provided.  In this case -C was taken as the manifest – and so was not found.

jar cvfm abc.jar ./META-INF/MANIFEST.MF -C …



Error connecting to JMX endpoint: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host:; nested exception is: Connection refused (Connection refused)]

The web server was not set up to listen on the specified port – or the web server was not active.


Using Java and MQ

Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /opt/mqm/java/lib/ which might have disabled stack guard.

Ensure  you have -Djava.library.path=/opt/mqm/java/lib64 not -Djava.library.path=/opt/mqm/java/lib



openssl Error unable to get local issuer certificate getting chain.

I was using commands like

openssl verify -CAFile ca.pem  -untrusted myca.pem server.pem and  openssl pkcs12 .. -CAFile…  and got

Error unable to get local issuer certificate getting chain.

When I issued openssl x509 -in casss.pem -text -noout.  I did not have keyUsage = keyCertSign,  digitalSignature
I added them in and it worked.


TLS handshake KeyUsage does not allow key agreement

I received KeyUsage does not allow key agreement at the client

  • Check the server’s certificate has Key Usage: keyAgreement
  • If the certificate does not match with the cipher spec. For example cipher spec TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 and the certificate from the server is Elliptic Curve.  Cipher spec TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 does work.


You use runmqsc to show there is a client channel with your name.   You need to issue the command DIS CHL(..) chltype(SVCRCONN).
Use DIS CHL(*) SVRCONN to identify a channel you can use.



  • Check the AMQERR01.LOG for messages
  • Check the cluster name is a valid cluster name – check it matches the channels being used


Hercules emulator

HHCDA014E …. CKD out of sequence

The file is a zPDT file which was decrypted.  The disk size is not as expected Number of tracks * size of tracks is not equal to the size of the file on disk.

One thought on “Not for humans but for search engines

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s