Develop Reference

The client has been disconnected while trying to perform the connection

When trying to connect to a Mosquitto MQTT queue running locally, I get the following error.
Unhandled exception. System.AggregateException: One or more errors occurred. (The client has been disconnected while trying to perform the connection)
---> System.Net.Mqtt.MqttClientException: The client has been disconnected while trying to perform the connection
at System.Net.Mqtt.Sdk.MqttClientImpl.ConnectAsync(MqttClientCredentials credentials, MqttLastWill will, Boolean cleanSession)
I am using the default options when setting up the System.Net.Mqtt.MqttClient.
var config = new MqttConfiguration() {
Port = 1883
};
var client = MqttClient.CreateAsync("localhost", config).Result;
var sessionState = client.ConnectAsync(
new MqttClientCredentials(clientId: "camerasim")).Result;
The following errors show up in the Mosquitto MQTT log.
1644497589: New connection from 172.17.0.1:56792 on port 1883.
1644497589: New client connected from 172.17.0.1:56792 as camerasim (p2, c0, k0).
1644497589: Bad socket read/write on client camerasim: Invalid arguments provided.

The error you are seeing is most likely the result of a change made in Mosquitto 2.0.12:
Fix max_keepalive not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed.
A change made in 2.0.9 also comes into play:
Fix max_keepalive option not applying to clients connecting with keepalive set to 0. Closes #2117.
These changes were made to address an issue with the MQTT protocol itself which permits a denial of service attack (CVE-2020-13849).
The default value for max_keepalive is 65535 so this change means that attempting to connect with keep alive set to 0 (meaning no keepalive) will fail unless mosquitto.conf specifies max_keepalive 0. Unfortunately the error logged (Bad socket read/write on client XXXXXYYYYY: Invalid arguments provided.) does not really highlight the cause.
There are two available solutions:
Specify max_keepalive 0 in mosquitto.conf (Mosquitto 2.0.13 or later).
When connecting specify a keep alive between 1 and 65535. In xamarin/mqtt this means adding KeepAliveSecs to your config; this defaults to 0.
Note that setting KeepAliveSecs = 1 (as per your answer) will allow you to connect but is probably a little short for most users (KeepAliveSecs = 60 may be more appropriate). e.g.
var configuration = new MqttConfiguration {
Port = 1883,
KeepAliveSecs = 60,
WaitTimeoutSecs = 2,
};
I realise that you have already found a solution to this but as it's likely to affect others I thought it was worth explaining the root cause of the issue. Many MQTT libraries default keep alive to 0 so will be impacted (e.g. Go Paho had an issue logged).

I was able to successfully make a connection by changing the default KeepAliveSecs property when setting up the MqttConfiguration.
var config = new MqttConfiguration() {
KeepAliveSecs = 1,
Port = 1883
};

Suddenly getting LDAP Referrals

I have two domains, a production and development. My development domain has suddenly started giving the error DirectoryServicesCOMException: A referral was returned from the server.
This has only started happening today. I validated it was working yesterday. No changes have been identified with domain controllers or my application.
When my development server performs an LDAP search of a production user profile. I'm using some fairly standard LDAP query code:
private IUserDetails queryUserBySID(string sid)
{
DirectoryEntry de = new DirectoryEntry(domainLdap); // "DC=production,DC=local"
var ds = new DirectorySearcher(de);
ds.Filter = $"(&(objectCategory=User)(objectClass=person)(objectSid={sid}))";
var result = ds.FindOne(); // <-- referral error
//...
}
However, this works (Even when using IIS AppPool credentials):
PS C:\> Get-ADUser -Server productiondc -Identity testuser
I validated both domains trust each other. What could have changed on either of my domains to cause this?
Edit 1
The issue resolved itself for 1-2 days and then appeared again.
Checking the ExtendedErrorMessage gives
0000202B: RefErr: DSID-03100835, data 0, 1 access points
ref 1: 'production.local'
A quick google shows to run dcdiag
Edit 2
I believe this to be a pertinent error with dcdiag:
An error event occurred. EventID: 0xC0000010
Time Generated: 02/22/2022 22:22:22
Event String:
While processing a TGS request for the target server <user>/SERVER, the account DevMachine$#DEVELOPMENT.LOCAL did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18 17. The accounts available etypes were 18 17 23 -133 -128 24 -135. Changing or resetting the password of PRODUCTION.LOCAL will generate a proper key.

A referral means "I don't have the information you want, but I know where you can get it." So it's a mismatch between the server you're connecting to and where the data is. I can't tell you what changed, but I can tell you how to get more information about it.
After the exception is thrown, call de.Options.GetCurrentServerName() to see which server the search was performed on.
Then check the ExtendedErrorMessage property of the exception and see if it tells you which server it is referring you to.
To get around the exception and automatically follow the referral, you can use the ReferralChasing property of the DirectorySearcher:
ds.ReferralChasing = ReferralChasingOption.All;

Override the userid send by Websphere MQ Client in C# Windows application

I am trying to connect to a test instance of a Websphere MQ 7.5 server (on a Windows domain) from a C# application using the full MQ Client install, but I've had no luck. I keep getting the error code 2035 MQRC_NOT_AUTHORIZED from the MQ server. Initially I tried the code below:
string QueueManagerName = "myNewQManager";
MQEnvironment.Hostname = "tst-mqsvr";
MQEnvironment.Channel = "test.channel";
MQEnvironment.Port = 1414;
MQEnvironment.UserId = "domainUser";
MQEnvironment.Password = "********";
//set transport properties.
MQEnvironment.properties[MQC.TRANSPORT_PROPERTY] = MQC.TRANSPORT_MQSERIES_CLIENT;
try
{
queueManager = new MQQueueManager(QueueManagerName);
}
catch(MQException mqexp)
{
//I get the error code 2035
log.Error(mqexp)
}
changing to this doesn't work either:
string QueueManagerName = "myNewQManager";
var queueProperties = new Hashtable();
queueProperties[MQC.TRANSPORT_PROPERTY] = MQC.TRANSPORT_MQSERIES_CLIENT;
queueProperties[MQC.HOST_NAME_PROPERTY] = "tst-mqsvr";
queueProperties[MQC.PORT_PROPERTY] = "1414";
queueProperties[MQC.CHANNEL_PROPERTY] = "test.channel";
queueProperties[MQC.USER_ID_PROPERTY] = "domainUser";
queueProperties[MQC.PASSWORD_PROPERTY] = "*********";
try
{
queueManager = new MQQueueManager(QueueManagerName, queueProperties);
}
catch(MQException mqexp)
{
//I still get the error code 2035
log.Error(mqexp)
}
This error goes away and I can connect/put/get messages from my queue if
I manually set the MCAUSER on my channel, or
I run the application as the domain user who set up the MQ server (using RunAs)
However, I will not be able to use either of these two workarounds for the production set up. I am assuming I'm getting the error code 2035 because the MQ client is sending the wrong user-id. I need to be able to override (or at least determine) the flowed userid during server connection. How do I go about this?
Edit: I got the errors below in my AMQERR01.log file
-------------------------------------------------------------------------------
7/6/2016 13:06:14 - Process(1380.10) User(MUSR_MQADMIN) Program(amqzlaa0.exe)
Host(TST-MQSVR) Installation(DefaultInstall)
VRMF(7.5.0.2) QMgr(MYNEWQMANAGER)
AMQ8075: Authorization failed because the SID for entity 'sinistrian' cannot be
obtained.
EXPLANATION:
The Object Authority Manager was unable to obtain a SID for the specified
entity. This could be because the local machine is not in the domain to locate
the entity, or because the entity does not exist.
ACTION:
Ensure that the entity is valid, and that all necessary domain controllers are
available. This might mean creating the entity on the local machine.
----- amqzfubn.c : 2273 -------------------------------------------------------
7/6/2016 13:06:14 - Process(1380.10) User(MUSR_MQADMIN) Program(amqzlaa0.exe)
Host(TST-MQSVR) Installation(DefaultInstall)
VRMF(7.5.0.2) QMgr(MYNEWQMANAGER)
AMQ8073: Authorization failed because SID: ((None)) could not be resolved.
EXPLANATION:
The Object Authority Manager was unable to resolve the specified SID into
entity and domain information.
ACTION:
Ensure that the application provides a SID that is recognized on this system,
that all necessary domain controllers are available, and that the security
policy is set as you required.
----- amqzfubn.c : 4397 -------------------------------------------------------
7/6/2016 13:06:14 - Process(3008.3) User(MUSR_MQADMIN) Program(amqrmppa.exe)
Host(TST-MQSVR) Installation(DefaultInstall)
VRMF(7.5.0.2) QMgr(MYNEWQMANAGER)
AMQ9557: Queue Manager User ID initialization failed.
EXPLANATION:
The call to initialize the User ID failed with CompCode 2 and Reason 2035.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 1975 -------------------------------------------------------
7/6/2016 13:06:14 - Process(3008.3) User(MUSR_MQADMIN) Program(amqrmppa.exe)
Host(TST-MQSVR) Installation(DefaultInstall)
VRMF(7.5.0.2) QMgr(MYNEWQMANAGER)
AMQ9999: Channel 'TEST.CHANNEL' to host 'WKS-L450 (192.168.10.23)' ended
abnormally.
EXPLANATION:
The channel program running under process ID 3008(2192) for channel
'TEST.CHANNEL' ended abnormally. The host name is 'WKS-L450 (192.168.10.23)';
in some cases the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.

Until version 7.5, MQ client always flows the logged-in UserId and not the UserId specified by the application, to queue manager for authorization. You will need a security exit for this scenario.
This changed in MQ v8 where UserId specified by the application is flowed to the queue manager for authorization check. More details here: https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.sec.doc/q113260_.htm

You could use the MQS_REPORT_NOAUTH or MQSAUTHERRORS setting to get more info the authority failure.

Doesn't continuously read messages from IBM MQ Queue

When i have 2000 messages in an import queue, when i read it through get like this
MQQueue mqQueue = null;
MQQueueManager mqQMgr=null;
try
{
//Create connection to queue manager
mqQMgr = new MQQueueManager("Queue Manager name", properties);
//Access the queue
mqQueue = mqQMgr.AccessQueue(QueueName, MQC.MQOO_FAIL_IF_QUIESCING | MQC.MQOO_INPUT_SHARED | MQC.MQOO_BROWSE);
for(int i=1;i<2000;i++)
{
//read the messages
mqMsg=new MQMessage();
mqQueue.Get(mqMsg);
}
}
catch(MQException mqe)
{
//If no messages in the queue , break. (if not, catch any error)
}
finally
{
mqQueue.Close(); //Close the MQ Queue
mqQMgr.Disconnect(); //Disconnect the MQ Manager
}
The manager processes randomly everytime when i read, for example first 800 messages and then it throws back
"MQRC_HANDLE_NOT_AVAILABLE" (comp code:2 , reason code:2017).
Am I not closing the queue/manager in the above piece of code ? Please share your thoughts, so that, all the messages can be processed. I am using 7.5 MQ client via MQ.net classes. The log file contains this below info.
AMQ9051: WebSphere MQ could not find the security policy definition.
Compcode 2 : reason 2017 EXPLANATION: The security policy definition
is not defined. ACTION: Security policy definition must be defined
before this action.

I tried your sample code snippet and works fine for me. I don't see 2017 error.
The entry in error log may have a relation to your problem. Have you set security policy for the queue and expecting signed/signed&encrypted messages to be put/get to/from queue? It may be worth opening a ticket/PMR with IBM.

SQL Server Replication Error

I have a SQL Server 2005 box set up for merge replication to SQL Server CE 3.0. The publication, publisher, distributor and IIS have all been set up.
In my application, I attempt to sync the databases using the following code:
//TODO: Change for production
//***************************
string localDBPath = #"C:\Documents and Settings\Robert\Desktop\MyDB.sdf";
//***************************
SqlCeReplication replicator = new SqlCeReplication();
replicator.InternetUrl = "http://myWebServer/sqlcesa30.dll";
replicator.Publisher = "mySqlServer";
replicator.PublisherDatabase = "myDatabase";
replicator.PublisherSecurityMode = SecurityType.NTAuthentication;
replicator.Publication = "myPublication";
replicator.Subscriber = Dns.GetHostName();
replicator.SubscriberConnectionString = #"Data Source=" + localDBPath;
try
{
// Check if the database file already exists
if (!System.IO.File.Exists(localDBPath))
{
// Add a new subscription and create the local database file
replicator.AddSubscription(AddOption.CreateDatabase);
}
// Transfer the initial snapshot of data if this is the first time this is called.
// Subsequent calls will transfer only the changes to the data.
replicator.Synchronize();
}
catch (SqlCeException ex)
{
// Display any errors in message box
MessageBox.Show(ex.Message);
}
finally
{
// Dispose of the SqlCeReplication object, but don't drop the subscription
replicator.Dispose();
}
Unfortunately, this code fails at the "replicator.Synchronize" line with the following error message:
Failure to connect to SQL Server with provided connection information. SQL Server does not exist, access is denied because the IIS user is not a valid user on the SQL Server, or the password is incorrect.
This error message is not very clear to me and I am running out of places to look for the cause of this. Any ideas?

Make sure the agent account is the same user and password on all boxes.
Make sure you are calling the right instances.
Make sure agent is started on all machines involved.
Check the sql event logs on all servers and see which is giving the error, this may also narrow the issue down.
You can also check this to make sure you have setup correctly:
http://msdn.microsoft.com/en-us/library/aa454892.aspx
Same issue here he had to add the instance name correctly:
http://bytes.com/topic/sql-server/answers/611761-merge-replication-error-failure-connect-sql-server-provided-connection
Check these out too:
http://support.microsoft.com/kb/314783
http://support.microsoft.com/kb/319723
http://msdn2.microsoft.com/en-us/library/ms172357.aspx
again make sure you instances are correct:
repl.Publisher = "macnine-name\instance-name"
You can also take a look through this blog:
http://blogs.msdn.com/sql_protocols/archive/2005/09/28/474698.aspx

the message comes from your IIS replication plug-in: //myWebServer/sqlcesa30.dll. When it tries to connect to the publisher, it cannot find it. The publisher is named 'mySqlServer', but apparently it cannot be reached by myWebServer. This can be a name issue (a typo), a firewall issue (SQL port blocked), an IPSEC issue, a configuration issue (SQL is not listenning for remote connections) and so on. Follow normal SQL Server connectivity troubleshooting steps between myWeServer and mySqlServer.