Change Queue Manager
The Change Queue Manager ( MQCMD_CHANGE_Q_MGR) command changes the specified attributes of the queue manager.
For any optional parameters that are omitted, the value does not change.
- Required parameters:
- None
Optional parameters (Change Queue Manager)
- Specifies whether applications can override the settings of the
QueueAccounting and
MQIAccounting queue manager parameters (parameter identifier:
MQIA_ACCOUNTING_CONN_OVERRIDE). The value can be any of the following values:
- MQMON_DISABLED
- Applications cannot override the settings of the
QueueAccounting and
MQIAccounting parameters.
This value is the initial default value for the queue manager.
- MQMON_ENABLED
- Applications can override the settings of the QueueAccounting and MQIAccounting parameters by using the options field of the MQCNO structure of the MQCONNX API call.
This parameter is valid only on Multiplatforms.
- The time interval, in seconds, at which intermediate accounting records are written (parameter
identifier: MQIA_ACCOUNTING_INTERVAL).
Specify a value in the range 1 - 604,000.
This parameter is valid only on Multiplatforms.
- Specifies whether activity reports can be generated (parameter identifier:
MQIA_ACTIVITY_RECORDING).
The value can be:
- MQRECORDING_DISABLED
- Activity reports cannot be generated.
- MQRECORDING_MSG
- Activity reports can be generated and sent to the reply queue specified by the originator in the message causing the report.
- MQRECORDING_Q
- Activity reports can be generated and sent to SYSTEM.ADMIN.ACTIVITY.QUEUE.
- The elements checked to determine whether an MCA must be adopted (restarted) when a new inbound
channel is detected. It must be adopted (restarted) if it that has the same name as a currently
active MCA (parameter identifier: MQIA_ADOPTNEWMCA_CHECK).
The value can be:
- MQADOPT_CHECK_Q_MGR_NAME
- Check the queue manager name.
- MQADOPT_CHECK_NET_ADDR
- Check the network address.
- MQADOPT_CHECK_ALL
- Check the queue manager name and network address. Perform this check to prevent your channels from being inadvertently shut down. This value is the initial default value of the queue manager.
- MQADOPT_CHECK_NONE
- Do not check any elements.
This parameter applies to z/OS® only.
- Adoption of orphaned channel instances (parameter identifier:
MQIA_ADOPTNEWMCA_TYPE).
Specify whether an orphaned MCA instance is to be adopted when a new inbound channel request is detected matching the AdoptNewMCACheck parameters.
The value can be:- MQADOPT_TYPE_NO
- Do not adopt orphaned channel instances.
- MQADOPT_TYPE_ALL
- Adopt all channel types. This value is the initial default value of the queue manager.
This parameter applies to z/OS only.
- Controls whether authorization (Not Authorized) events are generated (parameter identifier:
MQIA_AUTHORITY_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled. This value is not permitted on z/OS.
- Controls whether IMS bridge events are generated (parameter identifier:
MQIA_BRIDGE_EVENT). This parameter applies to z/OS only.
The value can be:
- MQEVR_DISABLED
- Event reporting disabled. This value is the default value.
- MQEVR_ENABLED
- Event reporting enabled.
- Specifies the certificate label for this queue manager to use. The label identifies which
personal certificate in the key repository has been selected (parameter identifier:
MQCA_CERT_LABEL). The default and migrated queue manager values are:
- On UNIX, Linux , and Windows: ibmwebspheremqxxxx where xxxx is the queue manager name folded to lowercase.
- On IBM® i:
- If you specified SSLKEYR(*SYSTEM), the value is blank.
Note that it is forbidden to use a nonblank queue manager CERTLABL with SSLKEYR(*SYSTEM). Attempting to do so results in an MQRCCF_Q_MGR_ATTR_CONFLICT error.
- Otherwise, ibmwebspheremqxxxx where xxxx is the queue manager name folded to lowercase.
- If you specified SSLKEYR(*SYSTEM), the value is blank.
- On z/OS: ibmWebSphereMQXXXX where XXXX is the queue manager name.
- Specifies which TLS certificate validation policy is used to validate digital certificates
received from remote partner systems (parameter identifier: MQIA_CERT_VAL_POLICY).
This attribute can be used to control how strictly the certificate chain validation conforms to industry security standards. For more information, see Certificate validation policies in IBM MQ.
The value can be any of the following values:- MQ_CERT_VAL_POLICY_ANY
- Apply each of the certificate validation policies supported by the secure sockets library and accept the certificate chain if any of the policies considers the certificate chain valid. This setting can be used for maximum backwards compatibility with older digital certificates which do not comply with the modern certificate standards.
- MQ_CERT_VAL_POLICY_RFC5280
- Apply only the RFC 5280 compliant certificate validation policy. This setting provides stricter validation than the ANY setting, but rejects some older digital certificates.
This parameter is only valid on UNIX, Linux, and Windows and can be used only on a queue manager with a command level of 711, or higher. Changes to CertificateValPolicy become effective either:
- When a new channel process is started.
- For channels that run as threads of the channel initiator, when the channel initiator is restarted.
- For channels that run as threads of the listener, when the listener is restarted.
- For channels that run as threads of a process pooling process, when the process pooling process is started or restarted and first runs a TLS channel. If the process pooling process has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL). The process pooling process is amqrmppa on UNIX, Linux, and Windows.
- When a REFRESH SECURITY TYPE(SSL) command is issued.
- Specifies the action to be taken when the queue manager loses connectivity to the administration
structure, or any CF structure with CFConlos set to ASQMGR
(parameter identifier: MQIA_QMGR_CFCONLOS).
The value can be:
- MQCFCONLOS_TERMINATE
- The queue manager terminates when connectivity to CF structures is lost.
- MQCFCONLOS_TOLERATE
- The queue manager tolerates loss of connectivity to CF structures without terminating.
This parameter applies to z/OS only.
We can select MQCFCONLOS_TOLERATE only if all the queue managers in the queue sharing group are at command level 710 or greater and have OPMODE set to NEWFUNC.
- Controls whether receiver and server-connection channels can be auto-defined (parameter
identifier: MQIA_CHANNEL_AUTO_DEF).
Auto-definition for cluster-sender channels is always enabled.
This parameter is supported in the following environments: IBM i, UNIX, Linux, and Windows systems.
The value can be:- MQCHAD_DISABLED
- Channel auto-definition disabled.
- MQCHAD_ENABLED
- Channel auto-definition enabled.
- Controls whether channel auto-definition events are generated (parameter identifier:
MQIA_CHANNEL_AUTO_DEF_EVENT), when a receiver, server-connection, or cluster-sender
channel is auto-defined.
This parameter is supported in the following environments: IBM i, UNIX, Linux, and Windows systems.
The value can be:- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- Channel auto-definition exit name (parameter identifier:
MQCA_CHANNEL_AUTO_DEF_EXIT).
This exit is invoked when an inbound request for an undefined channel is received, if:
- The channel is a cluster-sender, or
- Channel auto-definition is enabled (see ChannelAutoDef).
The format of the name is the same as for the SecurityExit parameter described in Change, Copy, and Create Channel.
The maximum length of the exit name depends on the environment in which the exit is running. MQ_EXIT_NAME_LENGTH gives the maximum length for the environment in which your application is running. MQ_MAX_EXIT_NAME_LENGTH gives the maximum for all supported environments.
This parameter is supported in the following environments: z/OS, IBM i, UNIX, Linux, and Windows. On z/OS, it applies only to cluster-sender and cluster-receiver channels.
- Controls whether channel authentication records are used. Channel authentication records can
still be set and displayed regardless of the value of this attribute. (parameter identifier:
MQIA_CHLAUTH_RECORDS).
The value can be:
- MQCHLA_DISABLED
- Channel authentication records are not checked.
- MQCHLA_ENABLED
- Channel authentication records are checked.
- Controls whether channel events are generated (parameter identifier:
MQIA_CHANNEL_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- MQEVR_EXCEPTION
- Reporting of exception channel events enabled.
- Specifies whether the channel initiator is to be started when the queue manager starts
(parameter identifier: MQIA_CHINIT_CONTROL).
The value can be:
- MQSVC_CONTROL_MANUAL
- The channel initiator is not to be started automatically.
- MQSVC_CONTROL_Q_MGR
- The channel initiator is to be started automatically when the queue manager starts.
This parameter is valid only on Multiplatforms.
- Default setting for online monitoring for channels (parameter identifier:
MQIA_MONITORING_CHANNEL).
The value can be:
- MQMON_NONE
- Online monitoring data collection is turned off for channels regardless of the setting of their ChannelMonitoring parameter.
- MQMON_OFF
- Online monitoring data collection is turned off for channels specifying a value of MQMON_Q_MGR in their ChannelMonitoring parameter. This value is the initial default value of the queue manager.
- MQMON_LOW
- Online monitoring data collection is turned on, with a low ratio of data collection, for channels specifying a value of MQMON_Q_MGR in their ChannelMonitoring parameter.
- MQMON_MEDIUM
- Online monitoring data collection is turned on, with a moderate ratio of data collection, for channels specifying a value of MQMON_Q_MGR in their ChannelMonitoring parameter.
- MQMON_HIGH
- Online monitoring data collection is turned on, with a high ratio of data collection, for channels specifying a value of MQMON_Q_MGR in their ChannelMonitoring parameter.
- Controls whether statistics data is to be collected for channels (parameter identifier:
MQIA_STATISTICS_CHANNEL).
The value can be:
- MQMON_NONE
- Statistics data collection is turned off for channels regardless of the setting of their ChannelStatistics parameter. This value is the initial default value of the queue manager.
- MQMON_OFF
- Statistics data collection is turned off for channels specifying a value of MQMON_Q_MGR in their ChannelStatistics parameter.
- MQMON_LOW
- Statistics data collection is turned on, with a low ratio of data collection, for channels specifying a value of MQMON_Q_MGR in their ChannelStatistics parameter.
- MQMON_MEDIUM
- Statistics data collection is turned on, with a moderate ratio of data collection, for channels specifying a value of MQMON_Q_MGR in their ChannelStatistics parameter.
- MQMON_HIGH
- Statistics data collection is turned on, with a high ratio of data collection, for channels specifying a value of MQMON_Q_MGR in their ChannelStatistics parameter.
On z/OS systems, enabling this parameter simply turns on statistics data collection, regardless of the value you select. Specifying LOW, MEDIUM, or HIGH makes no difference to your results. This parameter must be enabled in order to collect channel accounting records.
- Number of adapter subtasks (parameter identifier: MQIA_CHINIT_ADAPTERS).
The number of adapter subtasks to use for processing IBM MQ calls. This parameter applies to z/OS only.
Specify a value in the range 1 - 9999. The initial default value of the queue manager is 8.
- Number of dispatchers (parameter identifier: MQIA_CHINIT_DISPATCHERS).
The number of dispatchers to use for the channel initiator. This parameter applies to z/OS only.
Specify a value in the range 1 - 9999. The initial default value of the queue manager is 5.
- Reserved for use by IBM (parameter identifier:
MQCA_CHINIT_SERVICE_PARM).
This parameter applies to z/OS only.
- Specifies whether the channel initiator trace must start automatically (parameter identifier:
MQIA_CHINIT_TRACE_AUTO_START).
The value can be:
- MQTRAXSTR_YES
- Channel initiator trace is to start automatically.
- MQTRAXSTR_NO
- Channel initiator trace is not to start automatically. This value is the initial default value of the queue manager.
This parameter applies to z/OS only.
- The size, in megabytes, of the trace data space of the channel initiator (parameter identifier:
MQIA_CHINIT_TRACE_TABLE_SIZE).
Specify a value in the range 2 - 2048. The initial default value of the queue manager is 2.
This parameter applies to z/OS only.
- Default setting for online monitoring for automatically defined cluster-sender channels
(parameter identifier: MQIA_MONITORING_AUTO_CLUSSDR).
Specifies the value to be used for the
ChannelMonitoring
attribute of automatically defined cluster-sender channels. The value can be any of the
following values:
- MQMON_Q_MGR
- Collection of online monitoring data is inherited from the setting of the queue manager's ChannelMonitoring parameter. This value is the initial default value of the queue manager.
- MQMON_OFF
- Monitor for the channel is disabled.
- MQMON_LOW
- Unless ChannelMonitoring is MQMON_NONE, this value specifies a low rate of data collection with a minimal effect on system performance. The data collected is not likely to be the most current.
- MQMON_MEDIUM
- Unless ChannelMonitoring is MQMON_NONE, this value specifies a moderate rate of data collection with limited effect on system performance.
- MQMON_HIGH
- Unless ChannelMonitoring is MQMON_NONE, this value specifies a high rate of data collection with a likely effect on system performance. The data collected is the most current available.
On z/OS systems, enabling this parameter simply turns on statistics data collection, regardless of the value you select. Specifying LOW, MEDIUM, or HIGH makes no difference to your results.
- Controls whether statistics data is to be collected for auto-defined cluster-sender channels
(parameter identifier: MQIA_STATISTICS_AUTO_CLUSSDR).
The value can be:
- MQMON_Q_MGR
- Collection of statistics data is inherited from the setting of the queue manager's ChannelStatistics parameter. This value is the initial default value of the queue manager.
- MQMON_OFF
- Statistics data collection for the channel is disabled.
- MQMON_LOW
- Unless ChannelStatistics is MQMON_NONE, this value specifies a low rate of data collection with a minimal effect on system performance.
- MQMON_MEDIUM
- Unless ChannelStatistics is MQMON_NONE, this value specifies a moderate rate of data collection.
- MQMON_HIGH
- Unless ChannelStatistics is MQMON_NONE, this value specifies a high rate of data collection.
On z/OS systems, enabling this parameter simply turns on statistics data collection, regardless of the value you select. Specifying LOW, MEDIUM, or HIGH makes no difference to your results. This parameter must be enabled in order to collect channel accounting records.
- Cluster workload exit data (parameter identifier: MQCA_CLUSTER_WORKLOAD_DATA).
This parameter is passed to the cluster workload exit when it is called.
The maximum length of the string is MQ_EXIT_DATA_LENGTH.
- Cluster workload exit name (parameter identifier: MQCA_CLUSTER_WORKLOAD_EXIT).
If a nonblank name is defined this exit is invoked when a message is put to a cluster queue.
The format of the name is the same as for the SecurityExit parameter described in Change, Copy, and Create Channel.
The maximum length of the exit name depends on the environment in which the exit is running. MQ_EXIT_NAME_LENGTH gives the maximum length for the environment in which your application is running. MQ_MAX_EXIT_NAME_LENGTH gives the maximum for all supported environments.
- Cluster workload length (parameter identifier: MQIA_CLUSTER_WORKLOAD_LENGTH).
The maximum length of the message passed to the cluster workload exit.
The value of this attribute must be in the range 0 - 999,999 999.
- Cluster workload most recently used (MRU) channels (parameter identifier:
MQIA_CLWL_MRU_CHANNELS).
The maximum number of active most recently used outbound channels.
Specify a value in the range 1 - 999,999 999.
- Use of remote queue (parameter identifier: MQIA_CLWL_USEQ).
Specifies whether a cluster queue manager is to use remote puts to other queues defined in other queue managers within the cluster during workload management.
Specify either:- MQCLWL_USEQ_ANY
- Use remote queues.
- MQCLWL_USEQ_LOCAL
- Do not use remote queues.
- Queue manager coded character set identifier (parameter identifier:
MQIA_CODED_CHAR_SET_ID).
The coded character set identifier (CCSID) for the queue manager. The CCSID is the identifier used with all character string fields defined by the application programming interface (API). If the CCSID in a message descriptor is set to the value MQCCSI_Q_MGR, it applies to the character data written into the body of a message. Data is written using MQPUT or MQPUT1. Character data is identified by the format specified for the message.
Specify a value in the range 1 - 65,535.
The CCSID must specify a value that is defined for use on the platform and use an appropriate character set. The character set must be:- EBCDIC on IBM i
- ASCII or ASCII-related on other platforms
Stop and restart the queue manager after execution of this command so that all processes reflect the changed CCSID of the queue manager.
This parameter is not supported on z/OS.
- Controls whether command events are generated (parameter identifier:
MQIA_COMMAND_EVENT).
The value can be any of the following values:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- MQEVR_NO_DISPLAY
- Event reporting enabled for all successful commands except Inquire commands.
- Command scope (parameter identifier: MQCACF_COMMAND_SCOPE). This parameter
applies to z/OS only.
Specifies how the command is executed when the queue manager is a member of a queue-sharing
group. We can specify one of the following values:
- Blank (or omit the parameter altogether). The command is executed on the queue manager on which it was entered.
- A queue manager name. The command is executed on the queue manager you specify, providing it is active within the queue sharing group. If you specify a queue manager name other than the queue manager on which it was entered, you must be using a queue sharing group environment. The command server must be enabled.
- An asterisk
*
. The command is executed on the local queue manager and is also passed to every active queue manager in the queue sharing group.
The maximum length is MQ_QSG_NAME_LENGTH.
- Specifies whether the command server is to be started when the queue manager starts (parameter
identifier: MQIA_CMD_SERVER_CONTROL).
The value can be:
- MQSVC_CONTROL_MANUAL
- The command server is not to be started automatically.
- MQSVC_CONTROL_Q_MGR
- The command server is to be started automatically when the queue manager starts.
This parameter is valid only on Multiplatforms.
- Controls whether configuration events are generated (parameter identifier:
MQIA_CONFIGURATION_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
-
The name of an authentication information object that is used to provide the location of user ID and
password authentication (parameter identifier: MQCA_CONN_AUTH).
The maximum length of the string is MQ_AUTH_INFO_NAME_LENGTH. Only authentication information objects with type IDPWOS or IDPWLDAP can be specified; other types result in an error message when the OAM (on UNIX, Linux, and Windows) or the security component (on z/OS) reads the configuration.
- Custom attribute for new features (parameter identifier: MQCA_CUSTOM).
This attribute is reserved for the configuration of new features before separate attributes are introduced. It can contain the values of zero or more attributes as pairs of attribute name and value, separated by at least one space. The attribute name-value pairs have the form NAME(VALUE). Single quotation marks must be escaped with another single quotation mark.
This description is updated when features using this attribute are introduced. Currently there are no possible values for Custom.
The maximum length of the string is MQ_CUSTOM_LENGTH.
- Dead letter (undelivered message) queue name (parameter identifier:
MQCA_DEAD_LETTER_Q_NAME).
Specifies the name of the local queue that is to be used for undelivered messages. Messages are put on this queue if they cannot be routed to their correct destination. The maximum length of the string is MQ_Q_NAME_LENGTH.
- The DefClusterXmitQueueType attribute controls which transmission queue is selected by default by cluster-sender channels to get messages from, to send the messages to cluster-receiver channels. (Parameter identifier:
MQIA_DEF_CLUSTER_XMIT_Q_TYPE.) The values of DefClusterXmitQueueType are
MQCLXQ_SCTQ or MQCLXQ_CHANNEL.
- MQCLXQ_SCTQ
-
All cluster-sender channels send messages from SYSTEM.CLUSTER.TRANSMIT.QUEUE. The correlID of messages placed on the transmission queue identifies which cluster-sender channel the message is destined for.
SCTQ is set when a queue manager is defined. This behavior is implicit in versions of IBM WebSphere MQ, earlier than Version 7.5. In earlier versions, the queue manager attribute DefClusterXmitQueueType was not present.
- MQCLXQ_CHANNEL
- Each cluster-sender channel sends messages from a different transmission queue. Each transmission queue is created as a permanent dynamic queue from the model queue SYSTEM.CLUSTER.TRANSMIT.MODEL.QUEUE.
- Default transmission queue name (parameter identifier: MQCA_DEF_XMIT_Q_NAME).
This parameter is the name of the default transmission queue that is used for the transmission of messages to remote queue managers. It is selected if there is no other indication of which transmission queue to use.
The maximum length of the string is MQ_Q_NAME_LENGTH.
- DNS group name (parameter identifier: MQCA_DNS_GROUP).
This parameter is no longer used. Refer to z/OS: WLM/DNS no longer supported. This parameter applies to z/OS only.
The maximum length of the string is MQ_DNS_GROUP_NAME_LENGTH.
- WLM/DNS Control: (parameter identifier: MQIA_DNS_WLM).
This parameter is no longer used. Refer to z/OS: WLM/DNS no longer supported.
The value can be any of the following values:- MQDNSWLM_NO
- This is the only value supported by the queue manager.
This parameter applies to z/OS only.
- Interval between scans for expired messages (parameter identifier:
MQIA_EXPIRY_INTERVAL). This parameter applies to z/OS only.
Specifies the frequency with which the queue manager scans the queues looking for expired
messages. Specify a time interval in seconds in the range 1 - 99,999,999, or the following special value:
- MQEXPI_OFF
- No scans for expired messages.
The minimum scan interval used is 5 seconds, even if you specify a lower value.
- Specifies whether Suite B-compliant cryptography is used and what level of strength is employed
(parameter identifier MQIA_SUITE_B_STRENGTH).
The value can be one or more of:
- MQ_SUITE_B_NONE
- Suite B-compliant cryptography is not used.
- MQ_SUITE_B_128_BIT
- Suite B 128-bit strength security is used.
- MQ_SUITE_B_192_BIT
- Suite B 192-bit strength security is used.
If invalid lists are specified, such as MQ_SUITE_B_NONE with MQ_SUITE_B_128_BIT, the error MQRCCF_SUITE_B_ERROR is issued.
- Force changes (parameter identifier: MQIACF_FORCE).
Specifies whether the command is forced to complete if both of the following are true:
- DefXmitQName is specified, and
- An application has a remote queue open, the resolution for which is affected by this change.
- Controls whether CICS® and XA client applications
can establish transactions with a GROUP unit of recovery disposition.
This attribute is only valid on z/OS and can be enabled only when the queue manager is a member of a queue sharing group.
The value can be:- MQGUR_DISABLED
- CICS and XA client applications must connect using a queue manager name.
- MQGUR_ENABLED
- CICS and XA client applications can establish transactions with a group unit of recovery disposition by specifying a queue sharing group name when they connect.
- Command scope (parameter identifier: MQIA_IGQ_PUT_AUTHORITY). This parameter is
valid only on z/OS when the queue manager is a member
of a queue sharing group.
Specifies the type of authority checking and, therefore, the user IDs to be used by the IGQ agent
(IGQA). This parameter establishes the authority to put messages to a destination queue. The value
can be any of the following values:
- MQIGQPA_DEFAULT
- Default user identifier is used.
The user identifier used for authorization is the value of the UserIdentifier field. The UserIdentifier field is in the separate MQMD that is associated with the message when the message is on the shared transmission queue. This value is the user identifier of the program that placed the message on the shared transmission queue. It is typically the same as the user identifier under which the remote queue manager is running.
If the RESLEVEL profile indicates that more than one user identifier is to be checked, the user identifier of the local IGQ agent ( IGQUserId ) is checked.
- MQIGQPA_CONTEXT
- Context user identifier is used.
The user identifier used for authorization is the value of the UserIdentifier field. The UserIdentifier field is in the separate MQMD that is associated with the message when the message is on the shared transmission queue. This value is the user identifier of the program that placed the message on the shared transmission queue. It is typically the same as the user identifier under which the remote queue manager is running.
If the RESLEVEL profile indicates that more than one user identifier is to be checked, the user identifier of the local IGQ agent ( IGQUserId ) is checked.. The value of the UserIdentifier field in the embedded MQMD is also checked. The latter user identifier is typically the user identifier of the application that originated the message.
- MQIGQPA_ONLY_IGQ
- Only the IGQ user identifier is used.
The user identifier used for authorization is the user identifier of the local IGQ agent ( IGQUserId ).
If the RESLEVEL profile indicates that more than one user identifier is to be checked, this user identifier is used for all checks.
- MQIGQPA_ALTERNATE_OR_IGQ
- Alternate user identifier or IGQ-agent user identifier is used.
The user identifier used for authorization is the user identifier of the local IGQ agent ( IGQUserId ).
If the RESLEVEL profile indicates that more than one user identifier is to be checked, the value of the UserIdentifier field in the embedded MQMD is also checked. The latter user identifier is typically the user identifier of the application that originated the message.
- Intra-group queuing agent user identifier (parameter identifier:
MQCA_IGQ_USER_ID). This parameter is valid only on z/OS when the queue manager is a member of a queue-sharing
group.
Specifies the user identifier that is associated with the local intra-group queuing agent. This identifier is one of the user identifiers that might be checked for authorization when the IGQ agent puts messages on local queues. The actual user identifiers checked depend on the setting of the IGQPutAuthority attribute, and on external security options.
The maximum length is MQ_USER_ID_LENGTH.
- The target frequency with which the queue manager automatically writes media images, in minutes
since the previous media image for an object (parameter identifier:
MQIA_MEDIA_IMAGE_INTERVAL). This parameter is not valid on z/OS.The value can be:
- The time in minutes from 1 - 999 999 999, at which the queue manager automatically writes media
images.
The default value is 60 minutes.
- MQMEDIMGINTVL_OFF
- Automatic media images are not written on a time interval basis.
- The time in minutes from 1 - 999 999 999, at which the queue manager automatically writes media
images.
- The target size of the recovery log, written before the queue manager automatically writes media
images, in number of megabytes since the previous media image for an object. This limits the amount
of log to be read when recovering an object (parameter identifier:
MQIA_MEDIA_IMAGE_LOG_LENGTH). This parameter is not valid on z/OS.The value can be:
- The target size of the recovery log in megabytes from 1 - 999 999 999.
- MQMEDIMGLOGLN_OFF
- Automatic media images are not written based on the size of log
written.
MQMEDIMGLOGLN_OFF is the default value.
- Specifies whether authentication information, channel, client connection, listener, namelist,
process, alias queue, remote queue, and service objects are recoverable from a media image, if
linear logging is being used (parameter identifier: MQIA_MEDIA_IMAGE_RECOVER_OBJ).
This parameter is not valid on z/OS.The value can be:
- MQIMGRCOV_NO
- The rcdmqimg (record media image) andrcrmqobj (re-create object) commands are not permitted for these objects, and automatic media images, if enabled, are not written for these objects.
- MQIMGRCOV_YES
- These objects are recoverable.
MQIMGRCOV_YES is the default value.
- Specifies the default ImageRecoverQueue attribute for local and permanent
dynamic queue objects, when used with this parameter (parameter identifier:
MQIA_MEDIA_IMAGE_RECOVER_Q). This parameter is not valid on z/OS.The value can be:
- MQIMGRCOV_NO
- The ImageRecoverQueue attribute for local and permanent dynamic queue objects is set to MQIMGRCOV_NO .
- MQIMGRCOV_YES
- The ImageRecoverQueue attribute for local and permanent dynamic queue
objects is set to MQIMGRCOV_YES .
MQIMGRCOV_YES is the default value.
- Whether the queue manager automatically writes media images (parameter identifier:
MQIA_MEDIA_IMAGE_SCHEDUING). This parameter is not valid on z/OS.The value can be:
- MQMEDIMGSCHED_AUTO
- The queue manager attempts to automatically write a media image for an object, before
ImageInterval minutes have elapsed, or ImageLogLength
megabytes of recovery log have been written, since the previous media image for the object was
taken.
The previous media image might have been taken manually or automatically, depending on the settings of ImageInterval or ImageLogLength.
- MQMEDIMGSCHED_MANUAL
- Automatic media images are not written.
MQMEDIMGSCHED_MANUAL is the default value.
- Controls whether inhibit (Inhibit Get and Inhibit Put) events are generated (parameter
identifier: MQIA_INHIBIT_EVENT). The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- Command scope (parameter identifier: MQIA_INTRA_GROUP_QUEUING). This parameter
is valid only on z/OS when the queue manager is a
member of a queue sharing group.
Specifies whether intra-group queuing is used. The value can be any of the following values:
- MQIGQ_DISABLED
- Intra-group queuing disabled.
- MQIGQ_ENABLED
- Intra-group queuing enabled.
- IP address version selector (parameter identifier: MQIA_IP_ADDRESS_VERSION).
Specifies which IP address version, either IPv4
or IPv6, is used. The value can be:
- MQIPADDR_IPv4
- IPv4 is used.
- MQIPADDR_IPv6
- IPv6 is used.
This parameter is only relevant for systems that run both IPv4 and IPv6. It affects only channels defined as having a TransportType of MQXPY_TCP when one of the following conditions is true:
- The channel attribute ConnectionName is a host name that resolves to both an IPv4 and IPv6 address and its LocalAddress parameter is not specified.
- The channel attributes ConnectionName and LocalAddress are both host names that resolve to both IPv4 and IPv6 addresses.
- Listener restart interval (parameter identifier: MQIA_LISTENER_TIMER).
The time interval, in seconds, between attempts by IBM MQ to restart the listener after an APPC or TCP/IP failure. This parameter applies to z/OS only.
Specify a value in the range 5 - 9,999. The initial default value of the queue manager is 60.
- Controls whether local error events are generated (parameter identifier:
MQIA_LOCAL_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- Controls whether recovery log events are generated (parameter identifier:
MQIA_LOGGER_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled. This value is valid only on queue managers that use linear logging.
This parameter is valid only on Multiplatforms.
- Generic LU name for the LU 6.2 listener (parameter identifier:
MQCA_LU_GROUP_NAME).
The generic LU name to be used by the LU 6.2 listener that handles inbound transmissions for the queue sharing group.
This parameter applies to z/OS only.
The maximum length of the string is MQ_LU_NAME_LENGTH.
- LU name to use for outbound LU 6.2 transmissions (parameter identifier:
MQCA_LU_NAME).
The name of the LU to use for outbound LU 6.2 transmissions. Set this parameter to be the same as the name of the LU to be used by the listener for inbound transmissions.
This parameter applies to z/OS only.
The maximum length of the string is MQ_LU_NAME_LENGTH.
-
APPCPM suffix (parameter identifier: MQCA_LU62_ARM_SUFFIX).
The suffix of the APPCPM member of SYS1.PARMLIB. This suffix nominates the LUADD for this channel initiator.
This parameter applies to z/OS only.
The maximum length of the string is MQ_ARM_SUFFIX_LENGTH.
- Maximum number of LU 6.2 channels (parameter identifier: MQIA_LU62_CHANNELS).
The maximum number of channels that can be current, or clients that can be connected, that use the LU 6.2 transmission protocol.
This parameter applies to z/OS only.
Specify a value in the range 0 - 9999. The initial default value of the queue manager is 200.
- Maximum number of active channels (parameter identifier: MQIA_ACTIVE_CHANNELS
).
The maximum number of channels that can be active at any time.
This parameter applies to z/OS only.
Sharing conversations do not contribute to the total for this parameter.
Specify a value in the range 1 - 9999. The initial default value of the queue manager is 200.
- Maximum number of current channels (parameter identifier: MQIA_MAX_CHANNELS).
The maximum number of channels that can be current (including server-connection channels with connected clients).
This parameter applies to z/OS only.
Sharing conversations do not contribute to the total for this parameter.
Specify a value in the range 1 - 9999.
- Maximum number of handles (parameter identifier: MQIA_MAX_HANDLES).
The maximum number of handles that any one connection can have open at the same time.
Specify a value in the range 0 - 999,999,999.
- Maximum message length (parameter identifier: MQIA_MAX_MSG_LENGTH).
Specifies the maximum length of messages allowed on queues on the queue manager. No message that is larger than either the queue attribute MaxMsgLength or the queue manager attribute MaxMsgLength can be put on a queue.
If you reduce the maximum message length for the queue manager, you must also reduce the maximum message length of the SYSTEM.DEFAULT.LOCAL.QUEUE definition, and your other queues. Reduce the definitions on the queues to less than or equal to the limit of the queue manager. If you do not reduce the message lengths appropriately, and applications inquire only the value of the queue attribute MaxMsgLength, they might not work correctly.
The lower limit for this parameter is 32 KB (32,768 bytes). The upper limit is 100 MB (104,857,600 bytes).
This parameter is not valid on z/OS. - Maximum property length (parameter identifier: MQIA_MAX_PROPERTIES_LENGTH).
Specifies the maximum length of the properties, including both the property name in bytes and the size of the property value in bytes.
Specify a value in the range 0 - 100 MB (104,857,600 bytes), or the special value:- MQPROP_UNRESTRICTED_LENGTH
- The size of the properties is restricted only by the upper limit.
- Maximum uncommitted messages (parameter identifier: MQIA_MAX_UNCOMMITTED_MSGS).
Specifies the maximum number of uncommitted messages. The maximum number of uncommitted messages
under any sync point is the sum of the following messages:
- The number of messages that can be retrieved.
- The number of messages that can be put.
- The number of trigger messages generated within this unit of work.
Specify a value in the range 1 - 10,000.
- Controls whether accounting information for MQI data is to be collected (parameter identifier:
MQIA_ACCOUNTING_MQI).
The value can be:
- MQMON_OFF
- MQI accounting data collection is disabled. This value is the initial default value of the queue manager.
- MQMON_ON
- MQI accounting data collection is enabled.
This parameter is valid only on Multiplatforms.
- Controls whether statistics monitoring data is to be collected for the queue manager (parameter
identifier: MQIA_STATISTICS_MQI).
The value can be:
- MQMON_OFF
- Data collection for MQI statistics is disabled. This value is the initial default value of the queue manager.
- MQMON_ON
- Data collection for MQI statistics is enabled.
This parameter is valid only on Multiplatforms.
- Mark-browse interval (parameter identifier: MQIA_MSG_MARK_BROWSE_INTERVAL).
Specifies the time interval in milliseconds after which the queue manager can automatically unmark messages.
Specify a value up to the maximum of 999,999,999, or the special value MQMMBI_UNLIMITED. The default value is 5000.Attention: You should not reduce the value below the default of 5000. MQMMBI_UNLIMITED indicates that the queue manager does not automatically unmark messages. - The maximum value in the range for the binding of outgoing channels (parameter identifier:
MQIA_OUTBOUND_PORT_MAX).
The maximum value in the range of port numbers to be used when binding outgoing channels. This parameter applies to z/OS only.
Specify a value in the range 0 - 65,535. The initial default value of the queue manager is zero.
Specify a corresponding value for OutboundPortMin and ensure that the value of OutboundPortMax is greater than or equal to the value of OutboundPortMin .
- The minimum value in the range for the binding of outgoing channels (parameter identifier:
MQIA_OUTBOUND_PORT_MIN).
The minimum value in the range of port numbers to be used when binding outgoing channels. This parameter applies to z/OS only.
Specify a value in the range 0 - 65,535. The initial default value of the queue manager is zero.
Specify a corresponding value for OutboundPortMax and ensure that the value of OutboundPortMin is less than or equal to the value of OutboundPortMax .
- The name of the queue manager to which this queue manager is to connect hierarchically as its
child (parameter identifier: MQCA_PARENT).
A blank value indicates that this queue manager has no parent queue manager. If there is an existing parent queue manager it is disconnected. This value is the initial default value of the queue manager.
The maximum length of the string is MQ_Q_MGR_NAME_LENGTH.
Note:- The use of IBM MQ hierarchical connections requires that the queue manager attribute PSMode is set to MQPSM_ENABLED.
- The value of Parent can be set to a blank value if PSMode is set to MQPSM_DISABLED.
- Before connecting to a queue manager hierarchically as its child, channels in both directions must exist between the parent queue manager and child queue manager.
- If a parent is defined, the Change Queue Manager command disconnects from the original parent and sends a connection flow to the new parent queue manager.
- Successful completion of the command does not mean that the action completed or that it is going to complete successfully. Use the Inquire Pub/Sub Status command to track the status of the requested parent relationship.
- Controls whether performance-related events are generated (parameter identifier:
MQIA_PERFORMANCE_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- Controls whether the queue manager participates in publish/subscribe clustering (parameter
identifier: MQIA_PUBSUB_CLUSTER).
The value can be:
- MQPSCLUS_ENABLED
- The creating or receipt of clustered topic definitions and cluster subscriptions is permitted. Note: The introduction of a clustered topic into a large IBM MQ cluster can cause a degradation in performance. This degradation occurs because all partial repositories are notified of all the other members of the cluster. Unexpected subscriptions might be created at all other nodes; for example; where proxysub(FORCE) is specified. Large numbers of channels might be started from a queue manager; for example, on resync after a queue manager failure.
- MQPSCLUS_DISABLED
- The creating or receipt of clustered topic definitions and cluster subscriptions is inhibited. The creations or receipts are recorded as warnings in the queue manager error logs.
- The number of attempts to reprocess a message when processing a failed command message under
sync point (parameter identifier: MQIA_PUBSUB_MAXMSG_RETRY_COUNT).
The value can be:
- 0 to 999 999 999
- The initial value is 5.
- Specifies whether the publish/subscribe engine and the queued publish/subscribe interface are
running. The publish/subscribe engine enables applications to publish or subscribe by using the
application programming interface. The publish/subscribe interface monitors the queues used the
queued publish/subscribe interface (parameter identifier: MQIA_PUBSUB_MODE).
The value can be:
- MQPSM_COMPAT
- The publish/subscribe engine is running. It is therefore possible to publish or subscribe by using the application programming interface. The queued publish/subscribe interface is not running. Therefore any message that is put to the queues that are monitored by the queued publish/subscribe interface is not acted on. MQPSM_COMPAT is used for compatibility with versions of IBM Integration Bus ( formerly known as WebSphere Message Broker) prior to version 7 that use this queue manager.
- MQPSM_DISABLED
- The publish/subscribe engine and the queued publish/subscribe interface are not running. It is therefore not possible to publish or subscribe using the application programming interface. Any publish/subscribe messages that are put to the queues that are monitored by the queued publish/subscribe interface are not acted on.
- MQPSM_ENABLED
- The publish/subscribe engine and the queued publish/subscribe interface are running. It is therefore possible to publish or subscribe by using the application programming interface and the queues that are monitored by the queued publish/subscribe interface. This value is the initial default value of the queue manager.
- Whether to discard (or keep) an undelivered input message (parameter identifier:
MQIA_PUBSUB_NP_MSG).
The value can be:
- MQUNDELIVERED_DISCARD
- Non-persistent input messages are discarded if they cannot be processed.
- MQUNDELIVERED_KEEP
- Non-persistent input messages are not discarded if they cannot be processed. In this situation, the queued publish/subscribe interface continues to try the process again at appropriate intervals and does not continue processing subsequent messages.
- Controls the behavior of undelivered response messages (parameter identifier:
MQIA_PUBSUB_NP_RESP).
The value can be:
- MQUNDELIVERED_NORMAL
- Non-persistent responses that cannot be placed on the reply queue are put on the dead letter queue. If they cannot be placed on the dead letter queue they are discarded.
- MQUNDELIVERED_SAFE
- Non-persistent responses that cannot be placed on the reply queue are put on the dead letter queue. If the response cannot be sent and cannot be placed on the dead letter queue the queued publish/subscribe interface rolls back the current operation. The operation is tried again at appropriate intervals and does not continue processing subsequent messages.
- MQUNDELIVERED_DISCARD
- Non-persistent responses that are not placed on the reply queue are discarded.
- MQUNDELIVERED_KEEP
- Non-persistent responses are not placed on the dead letter queue or discarded. Instead, the queued publish/subscribe interface backs out the current operation and then try it again at appropriate intervals.
- Whether only persistent (or all) messages must be processed under sync point (parameter
identifier: MQIA_PUBSUB_SYNC_PT).
The value can be:
- MQSYNCPOINT_IFPER
- This value makes the queued publish/subscribe interface receive non-persistent messages outside sync point. If the interface receives a publication outside sync point, the interface forwards the publication to subscribers known to it outside sync point.
- MQSYNCPOINT_YES
- This value makes the queued publish/subscribe interface receive all messages under sync point.
- Queue manager description (parameter identifier: MQCA_Q_MGR_DESC).
This parameter is text that briefly describes the object.
The maximum length of the string is MQ_Q_MGR_DESC_LENGTH.
Use characters from the character set identified by the coded character set identifier (CCSID) for the queue manager on which the command is executing. Using this character set ensures that the text is translated correctly.
- Specifies the certificate label for the queue sharing group to use (parameter identifier:
MQCA_QSG_CERT_LABEL).
This parameter takes precedence over CERTLABL in the event that the queue manager is a member of a QSG.
- Controls the collection of accounting (thread-level and queue-level accounting) data for queues
(parameter identifier: MQIA_ACCOUNTING_Q). Note, that changes to this value are
only effective for connections to the queue manager that occur after the change to the
attribute.
The value can be:
- MQMON_NONE
- Accounting data collection for queues is disabled. This value must not be overridden by the value of the QueueAccounting parameter on the queue.
- MQMON_OFF
- Accounting data collection is disabled for queues specifying a value of MQMON_Q_MGR in the QueueAccounting parameter.
- MQMON_ON
- Accounting data collection is enabled for queues specifying a value of MQMON_Q_MGR in the QueueAccounting parameter.
- Default setting for online monitoring for queues (parameter identifier:
MQIA_MONITORING_Q).
If the QueueMonitoring queue attribute is set to
MQMON_Q_MGR, this attribute specifies the value which is assumed by the channel.
The value can be any of the following values:
- MQMON_OFF
- Online monitoring data collection is turned off. This value is the initial default value of the queue manager.
- MQMON_NONE
- Online monitoring data collection is turned off for queues regardless of the setting of their QueueMonitoring attribute.
- MQMON_LOW
- Online monitoring data collection is turned on, with a low ratio of data collection.
- MQMON_MEDIUM
- Online monitoring data collection is turned on, with a moderate ratio of data collection.
- MQMON_HIGH
- Online monitoring data collection is turned on, with a high ratio of data collection.
- Controls whether statistics data is to be collected for queues (parameter identifier:
MQIA_STATISTICS_Q).
The value can be:
- MQMON_NONE
- Statistics data collection is turned off for queues regardless of the setting of their QueueStatistics parameter. This value is the initial default value of the queue manager.
- MQMON_OFF
- Statistics data collection is turned off for queues specifying a value of MQMON_Q_MGR in their QueueStatistics parameter.
- MQMON_ON
- Statistics data collection is turned on for queues specifying a value of MQMON_Q_MGR in their QueueStatistics parameter.
This parameter is valid only on Multiplatforms.
- How long a TCP/IP channel waits to receive data from its partner (parameter identifier:
MQIA_RECEIVE_TIMEOUT).
The approximate length of time that a TCP/IP channel waits to receive data, including heartbeats, from its partner before returning to the inactive state.
This parameter applies to z/OS only. It applies to message channels, and not to MQI channels. This number can be qualified as follows:- This number is a multiplier to be applied to the negotiated HeartBeatInterval value to determine how long a channel is to wait. Set ReceiveTimeoutType to MQRCVTIME_MULTIPLY. Specify a value of zero or in the range 2 - 99. If you specify zero, the channel waits indefinitely to receive data from its partner.
- This number is a value, in seconds, to be added to the negotiated HeartBeatInterval value to determine how long a channel is to wait. Set ReceiveTimeoutType to MQRCVTIME_ADD. Specify a value in the range 1 - 999,999.
- Tthis number is a value, in seconds, that the channel is to wait, set ReceiveTimeoutType to MQRCVTIME_EQUAL. Specify a value in the range 0 - 999,999. If you specify 0, the channel waits indefinitely to receive data from its partner.
- The minimum length of time that a TCP/IP channel waits to receive data from its partner
(parameter identifier: MQIA_RECEIVE_TIMEOUT_MIN).
The minimum length of time that a TCP/IP channel waits to receive data, including heartbeats, from its partner before returning to the inactive state. This parameter applies to z/OS only.
Specify a value in the range 0 - 999,999.
- The qualifier to apply to
ReceiveTimeout
(parameter identifier: MQIA_RECEIVE_TIMEOUT_TYPE).
The qualifier to apply to ReceiveTimeoutType to calculate how long a TCP/IP channel waits to receive data, including heartbeats, from its partner. It waits to receive data before returning to the inactive state. This parameter applies to z/OS only.
The value can be any of the following values:- MQRCVTIME_MULTIPLY
- The ReceiveTimeout value is a multiplier to be applied to the negotiated value of HeartbeatInterval to determine how long a channel waits. This value is the initial default value of the queue manager.
- MQRCVTIME_ADD
- ReceiveTimeout is a value, in seconds, to be added to the negotiated value of HeartbeatInterval to determine how long a channel waits.
- MQRCVTIME_EQUAL
- ReceiveTimeout is a value, in seconds, representing how long a channel waits.
- Controls whether remote error events are generated (parameter identifier:
MQIA_REMOTE_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- Cluster name (parameter identifier: MQCA_REPOSITORY_NAME).
The name of a cluster for which this queue manager provides a repository manager service.
The maximum length of the string is MQ_OBJECT_NAME_LENGTH.
No more than one of the resultant values of RepositoryName can be nonblank.
- Repository namelist (parameter identifier: MQCA_REPOSITORY_NAMELIST).
The name, of a namelist of clusters, for which this queue manager provides a repository manager service.
This queue manager does not have a full repository, but can be a client of other repository services that are defined in the cluster, if- Both RepositoryName and RepositoryNamelist are blank, or
- RepositoryName is blank and the namelist specified by RepositoryNamelist is empty.
No more than one of the resultant values of RepositoryNameList can be nonblank.
- Whether reverse lookup of the host name from a Domain Name Server is carried out. (parameter
identifier: MQIA_REVERSE_DNS_LOOKUP).
This attribute has an effect only on channels using a transport type (TRPTYPE) of TCP.
The value can be:- MQRDNS_DISABLED
- DNS host names are not reverse looked-up for the IP addresses of inbound channels. With this setting any CHLAUTH rules using host names are not matched.
- MQRDNS_ENABLED
- DNS host names are reverse looked-up for the IP addresses of inbound channels when this information is required. This setting is required for matching against CHLAUTH rules that contain host names, and for writing out error messages.
- Security case supported (parameter identifier: MQIA_SECURITY_CASE).
Specifies whether the queue manager supports security profile names in mixed case, or in uppercase only. The value is activated when a Refresh Security command is run with SecurityType(MQSECTYPE_CLASSES) specified. This parameter is valid only on z/OS.
The value can be:- MQSCYC_UPPER
- Security profile names must be in uppercase.
- MQSCYC_MIXED
- Security profile names can be in uppercase or in mixed case.
- Shared-queue queue manager name (parameter identifier: MQIA_SHARED_Q_Q_MGR_NAME
).
A queue manager makes an MQOPEN call for a shared queue. The queue manager that is specified in the ObjectQmgrName parameter of the MQOPEN call is in the same queue sharing group as the processing queue manager. The SQQMNAME attribute specifies whether the ObjectQmgrName is used or whether the processing queue manager opens the shared queue directly. This parameter is valid only on z/OS.
The value can be any of the following values:- MQSQQM_USE
- ObjectQmgrName is used and the appropriate transmission queue is opened.
- MQSQQM_IGNORE
- The processing queue manager opens the shared queue directly. This value can reduce the traffic in your queue manager network.
- The TLS namelist (parameter identifier: MQCA_SSL_CRL_NAMELIST).
The length of the string is MQ_NAMELIST_NAME_LENGTH.
Indicates the name of a namelist of authentication information objects which are used to provide certificate revocation locations to allow enhanced TLS certificate checking.
If SSLCRLNamelist is blank, certificate revocation checking is not invoked.
Changes to SSLCRLNamelist, or to the names in a previously specified namelist, or to previously referenced authentication information objects become effective:- On Multiplatforms, when a new channel process is started.
- For channels that run as threads of the channel initiator on Multiplatforms, when the channel initiator is restarted.
- For channels that run as threads of the listener on Multiplatforms, when the listener is restarted.
- On z/OS, when the channel initiator is restarted.
- When a REFRESH SECURITY TYPE(SSL) command is issued.
- On IBM i queue managers, this parameter is ignored. However, it is used to determine which authentication information objects are written to the AMQCLCHL.TAB file.
Only authentication information objects with types of LDAPCRL or OCSP are allowed in the namelist referred to by SSLCRLNamelist (MQCFST). Any other type results in an error message when the list is processed and is subsequently ignored.
- The TLS cryptographic hardware (parameter identifier:
MQCA_SSL_CRYPTO_HARDWARE).
The length of the string is MQ_SSL_CRYPTO_HARDWARE_LENGTH.
Sets the name of the parameter string required to configure the cryptographic hardware present on the system.
This parameter is valid only on UNIX, Linux, and Windows.
All supported cryptographic hardware supports the PKCS #11 interface. Specify a string of the following format:GSK_PKCS11=PKCS_#11_driver_path_and_file_name;PKCS_#11_token_label;PKCS_#11_token_password;symmetric_cipher_setting;
The PKCS #11 driver path is an absolute path to the shared library providing support for the PKCS #11 card. The PKCS #11 driver file name is the name of the shared library. An example of the value required for the PKCS #11 driver path and file name is /usr/lib/pkcs11/PKCS11_API.so
To access symmetric cipher operations through GSKit, specify the symmetric cipher setting parameter. The value of this parameter is either:- SYMMETRIC_CIPHER_OFF
- Do not access symmetric cipher operations.
- SYMMETRIC_CIPHER_ON
- Access symmetric cipher operations.
If the symmetric cipher setting is not specified, this value has the same effect as specifying SYMMETRIC_CIPHER_OFF.
The maximum length of the string is 256 characters. The default value is blank.
If you specify a string in the wrong format, you get an error.
When the SSLCryptoHardware (MQCFST) value is changed, the cryptographic hardware parameters specified become the ones used for new TLS connection environments. The new information becomes effective:- When a new channel process is started.
- For channels that run as threads of the channel initiator, when the channel initiator is restarted.
- For channels that run as threads of the listener, when the listener is restarted.
- When a Refresh Security command is issued to refresh the contents of the TLS key repository.
- Controls whether TLS events are generated (parameter identifier:
MQIA_SSL_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- SSLFIPS specifies whether only FIPS-certified algorithms are to be used if cryptography is
carried out in IBM MQ, rather than in cryptographic
hardware (parameter identifier: MQIA_SSL_FIPS_REQUIRED).
If cryptographic hardware is configured, the cryptographic modules used are those modules provided by the hardware product. These modules might, or might not, be FIPS-certified to a particular level depending on the hardware product in use. This parameter applies to z/OS, UNIX, Linux, and Windows platforms only.
The value can be any of the following values:- MQSSL_FIPS_NO
- IBM MQ provides an implementation of TLS
cryptography which supplies some FIPS-certified modules on some platforms. If you set
SSLFIPSRequired to MQSSL_FIPS_NO, any
CipherSpec supported on a particular platform can be used. This value is the initial default value
of the queue manager.
If the queue manager runs without using cryptographic hardware, refer to the CipherSpecs listed in Specifying CipherSpecs employing FIPS 140-2 certified cryptography:
- MQSSL_FIPS_YES
- Specifies that only FIPS-certified algorithms are to be used in the CipherSpecs allowed on all
TLS connections from and to this queue manager.
For a listing of appropriate FIPS 140-2 certified CipherSpecs; see Specifying CipherSpecs.
Changes to SSLFIPS become effective either:
- On UNIX, Linux, and Windows, when a new channel process is started.
- For channels that run as threads of the channel initiator on UNIX, Linux, and Windows, when the channel initiator is restarted.
- For channels that run as threads of the listener on UNIX, Linux, and Windows, when the listener is restarted.
- For channels that run as threads of a process pooling process, when the process pooling process is started or restarted and first runs a TLS channel. If the process pooling process has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL). The process pooling process is amqrmppa on UNIX, Linux, and Windows.
- On z/OS, when the channel initiator is restarted.
- When a REFRESH SECURITY TYPE(SSL) command is issued, except on z/OS.
- The TLS key repository (parameter identifier: MQCA_SSL_KEY_REPOSITORY).
The length of the string is MQ_SSL_KEY_REPOSITORY_LENGTH.
Indicates the name of the Secure Sockets Layer key repository.
The format of the name depends on the environment:- On z/OS, it is the name of a key ring.
- On IBM i, it is of the form pathname/keyfile, where keyfile is specified without the suffix ( .kdb ), and identifies a GSKit
key database file. The default value is
/QIBM/UserData/ICSS/Cert/Server/Default.
If you specify *SYSTEM, IBM MQ uses the system certificate store as the key repository for the queue manager. As a result, the queue manager is registered as a server application in Digital Certificate Manager (DCM). We can assign any server/client certificate in the system store to this application.
If you change the SSLKEYR parameter to a value other than *SYSTEM, IBM MQ unregisters the queue manager as an application with DCM.
- On UNIX, it is of the form pathname/keyfile and on Windows pathname\keyfile, where keyfile is specified without the suffix ( .kdb ), and identifies a GSKit key database file. The default value for UNIX is /var/mqm/qmgrs/QMGR/ssl/key, and on Windows it is C:\Program Files\IBM\MQ\qmgrs\QMGR\ssl\key, where QMGR is replaced by the queue manager name (on UNIX, Linux, and Windows).
On Multiplatforms, the syntax of this parameter is validated to ensure that it contains a valid, absolute, directory path.
If SSLKEYR is blank, or is a value that does not correspond to a key ring or key database file, channels using TLS fail to start.
Changes to SSLKeyRepository become effective as follows:- On Multiplatforms:
- when a new channel process is started
- for channels that run as threads of the channel initiator, when the channel initiator is restarted.
- for channels that run as threads of the listener, when the listener is restarted.
- On z/OS, when the channel initiator is restarted.
- SSL key reset count (parameter identifier: MQIA_SSL_RESET_COUNT).
Specifies when TLS channel MCAs that initiate communication reset the secret key used for encryption on the channel. The value of this parameter represents the total number of unencrypted bytes that are sent and received on the channel before the secret key is renegotiated. This number of bytes includes control information sent by the MCA.
The secret key is renegotiated when (whichever occurs first):- The total number of unencrypted bytes sent and received by the initiating channel MCA exceeds the specified value, or,
- If channel heartbeats are enabled, before data is sent or received following a channel heartbeat.
Specify a value in the range 0 - 999,999,999. A value of zero, the initial default value of the queue manager, signifies that secret keys are never renegotiated. If you specify a TLS secret key reset count between 1 byte through 32 KB, TLS channels use a secret key reset count of 32Kb. This count is to avoid the performance effect of excessive key resets which would occur for small TLS secret key reset values.
- Number of server subtasks to use for processing TLS calls (parameter identifier:
MQIA_SSL_TASKS). This parameter applies to z/OS only.
The number of server subtasks to use for processing TLS calls. To use TLS channels, you must have at least two of these tasks running.
Specify a value in the range 0 - 9999. However, to avoid problems with storage allocation, do not set this parameter to a value greater than 50.
- Controls whether start and stop events are generated (parameter identifier:
MQIA_START_STOP_EVENT).
The value can be:
- MQEVR_DISABLED
- Event reporting disabled.
- MQEVR_ENABLED
- Event reporting enabled.
- The time interval, in seconds, at which statistics monitoring data is written to the monitoring
queue (parameter identifier: MQIA_STATISTICS_INTERVAL).
Specify a value in the range 1 - 604,000.
This parameter is valid only on Multiplatforms.
- The maximum number of channels that can be current, or clients that can be connected, that use
the TCP/IP transmission protocol (parameter identifier: MQIA_TCP_CHANNELS).
Specify a value in the range 0 - 9999. The initial default value of the queue manager is 200.
Sharing conversations do not contribute to the total for this parameter.
This parameter applies to z/OS only.
- Specifies whether the TCP KEEPALIVE facility is to be used to check whether the
other end of a connection is still available (parameter identifier:
MQIA_TCP_KEEP_ALIVE).
The value can be:
- MQTCPKEEP_YES
- The TCP KEEPALIVE facility is to be used as specified in the TCP profile configuration data set. The interval is specified in the KeepAliveInterval channel attribute.
- MQTCPKEEP_NO
- The TCP KEEPALIVE facility is not to be used. This value is the initial default value of the queue manager.
This parameter applies only to z/OS.
- The name of the TCP/IP system that you are using (parameter identifier:
MQIA_TCP_NAME).
The maximum length of the string is MQ_TCP_NAME_LENGTH.
This parameter applies only to z/OS.
- Specifies whether the channel initiator can use only the TCP/IP address space specified in
TCPName
, or can optionally bind to any selected TCP/IP address (parameter identifier:
MQIA_TCP_STACK_TYPE).
The value can be:
- MQTCPSTACK_SINGLE
- The channel initiator uses the TCP/IP address space that is specified in TCPName . This value is the initial default value of the queue manager.
- MQTCPSTACK_MULTIPLE
- The channel initiator can use any TCP/IP address space available to it. It defaults to the one specified in TCPName if no other is specified for a channel or listener.
This parameter applies only to z/OS.
- Specifies whether trace-route information can be recorded and a reply message generated
(parameter identifier: MQIA_TRACE_ROUTE_RECORDING).
The value can be:
- MQRECORDING_DISABLED
- Trace-route information cannot be recorded.
- MQRECORDING_MSG
- Trace-route information can be recorded and replies sent to the destination specified by the originator of the message causing the trace-route record.
- MQRECORDING_Q
- Trace-route information can be recorded and replies sent to SYSTEM.ADMIN.TRACE.ROUTE.QUEUE.
If participation in route tracing is enabled using this queue manager attribute, the value of the attribute is only important if a reply is generated. Route tracing is enabled by not setting TraceRouteRecording to MQRECORDING_DISABLED. The reply must go either to SYSTEM.ADMIN.TRACE.ROUTE.QUEUE, or to the destination specified by the message itself. Provided the attribute is not disabled then messages not yet at the final destination might have information added to them. For more information about trace-route records, see Controlling trace-route messaging.
- The lifetime, in seconds, of non-administrative topics (parameter identifier:
MQIA_TREE_LIFE_TIME).
Non-administrative topics are those topics created when an application publishes to, or subscribes as, a topic string that does not exist as an administrative node. When this non-administrative node no longer has any active subscriptions, this parameter determines how long the queue manager waits before removing that node. Only non-administrative topics that are in use by a durable subscription remain after the queue manager is recycled.
Specify a value in the range 0 - 604,000. A value of 0 means that non-administrative topics are not removed by the queue manager. The initial default value of the queue manager is 1800.
- Trigger interval (parameter identifier: MQIA_TRIGGER_INTERVAL).
Specifies the trigger time interval, expressed in milliseconds, for use only with queues where TriggerType has a value of MQTT_FIRST.
In this case, trigger messages are normally generated only when a suitable message arrives on the queue, and the queue was previously empty. Under certain circumstances, however, an additional trigger message can be generated with MQTT_FIRST triggering, even if the queue was not empty. These additional trigger messages are not generated more often than every TriggerInterval milliseconds.
Specify a value in the range 0 - 999,999,999.
Error codes (Change Queue Manager)
This command might return the following errors in the response format header, in addition to the values shown on page Error codes applicable to all commands.
- Reason (MQLONG)
- The value can be any of the following values:
- MQRCCF_CERT_LABEL_NOT_ALLOWED
- Certificate label error.
- MQRCCF_CHAD_ERROR
- Channel automatic definition error.
- MQRCCF_CHAD_EVENT_ERROR
- Channel automatic definition event error.
- MQRCCF_CHAD_EVENT_WRONG_TYPE
- Channel automatic definition event parameter not allowed for this channel type.
- MQRCCF_CHAD_EXIT_ERROR
- Channel automatic definition exit name error.
- MQRCCF_CHAD_EXIT_WRONG_TYPE
- Channel automatic definition exit parameter not allowed for this channel type.
- MQRCCF_CHAD_WRONG_TYPE
- Channel automatic definition parameter not allowed for this channel type.
- MQRCCF_FORCE_VALUE_ERROR
- Force value not valid.
- MQRCCF_PATH_NOT_VALID
- Path not valid.
- MQRCCF_PWD_LENGTH_ERROR
- Password length error.
- MQRCCF_PSCLUS_DISABLED_TOPDEF
- Administrator or application attempted to define a cluster topic when PubSubClub is set to MQPSCLUS_DISABLED.
- MQRCCF_PSCLUS_TOPIC_EXSITS
- Administrator tried to set PubSubClub to MQPSCLUS_DISABLED when a cluster topic definition exists.
- MQRCCF_Q_MGR_ATTR_CONFLICT
- Queue manager attribute error. A possible cause is that you attempted to specify SSLKEYR(*SYSTEM) with a nonblank queue manager CERTLABL.
- MQRCCF_Q_MGR_CCSID_ERROR
- Coded character set value not valid.
- MQRCCF_REPOS_NAME_CONFLICT
- Repository names not valid.
- MQRCCF_UNKNOWN_Q_MGR
- Queue manager not known.
- MQRCCF_WRONG_CHANNEL_TYPE
- Channel type error.