Use the mqsichangebroker command to change some of the startup parameters of the broker. For example, if you change a password, you must then run this command. You can also use this command to set the UserExitPath property of a broker.
You must stop the broker before you can issue this command and restart the broker for the changes to take effect.
On Windows, Linux, and UNIX systems, use the mqsistop and mqsistart commands.
On z/OS, you must have started the original broker control process using the /S option. You must stop the broker components using the /F broker, PC option, and start the broker components again using the /S broker, SC option.
See mqsistop command and mqsistart command for more information.
For compatibility with existing systems, you can still specify password. However, if you do not specify a password with this parameter when you run the command you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.
On Linux and UNIX systems, -a is required for Windows systems compatibility but it is not used in relation to ServiceUserID; it is used as a default only if -p is not specified. (See the description of the -p parameter for further details.)
If you have created this broker to also use this user ID and password for database access (that is, either you omitted the -u DataSourceUserID and -p DataSourcePassword parameters, or you included them but provided the same user ID and password for the service user ID using -a ServicePassword and -i ServiceUserID), ensure that you update both instances of the password on this command by supplying the -p DataSourcePassword as well.
To complete a password change successfully, you must:
This can be specified in any valid username syntax. On Windows systems, these are:
On Linux and UNIX systems, only the last format, username, is valid.
If you use the unqualified form for this user ID (username) on Windows systems, the operating system searches for the user ID throughout its domain, starting with the local system. This search might take some time to complete.
The ServiceUserID specified must be a member of the local group mqbrkrs. On Windows systems, it can be an indirect or direct member of the group. The ServiceUserID must also be authorized to access the home directory (where WebSphere Message Broker has been installed), and the working directory (if specified by the mqsicreatebroker -w parameter). This ID must also be a member (either direct or indirect) of the local group mqm.
The security requirements for the ServiceUserID are detailed in Security requirements for Windows platforms for Windows systems and in Security requirements for Linux and UNIX platforms for Linux and UNIX systems.
For compatibility with existing systems, you can still specify password. However, if you do not specify a password with this parameter when you run the command you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.
For DB2 on Linux and UNIX systems, -p can be specified as an empty string (two double quotation marks, ""). In this case, DB2 grants WebSphere Message Broker the privileges of the ServiceUserID which results in a database connection as "already verified". If you specify an empty string for -a and -p, no passwords are stored by WebSphere Message Broker, creating the most secure configuration.
You must ensure that you change all instances of the use of this password. If you have created (or changed) the broker to use the same user ID and password for its service user ID as well as its database access, you must update both instances at the same time. See the description of the -a parameter for further details.
Note that on z/OS this name is case sensitive and you must include the names in single quotes if they contain mixed case characters.
For more details about using WebSphere MQ trusted applications, see WebSphere MQ Intercommunication.
You must create your own directory for storing your .lil or .jar files. Do not save them in the WebSphere Message Broker install directory.
If you specify more than one additional directory, they must be separated by the default operating system-specific path separator (semicolon (;) on Windows systems, colon (:) on Linux, UNIX systems, and z/OS).
You cannot include environment variables in this path: if you do so, they are ignored.
Note that on Linux and UNIX systems, and on z/OS, this name is case sensitive and you should include the names in single quotes if they contain mixed case characters.
When a message flow is processing an application message, it cannot respond to a configuration change. If any one of the message flows within the execution group that has been requested to change its configuration does not finish processing an application message and apply the configuration change within this timeout, the execution group returns a negative response to the deployed configuration message.
The value that you set for this timeout depends on the system load (including CPU utilization) and on each execution group's load. You can make an initial estimate by deploying the broker's entire configuration. The time taken for this to complete successfully gives you an indication of the minimum value that you should set.
The value is specified in seconds and can range from 10 to 3600. The default value is 300.
The sum of the ConfigurationTimeout and the ConfigurationDelayTimeout (described below) represents the maximum length of time that a broker is allowed to process a deployed configuration message before it generates a negative response.
This represents the time it takes for a minimal deployed configuration message to be processed by the broker and its execution groups, and is dependent on queue manager network delays, the load on the broker's queue manager, and system load.
mqsireporttrace brokerName -e "Execution Group Name" -u
F MQP1BRK,reporttrace u=yes,e='exgrp1'
Note that on z/OS, this name is case sensitive and you should include the names in single quotes if they contain mixed case characters.
The response time of each execution group differs according to system load and the load of its own processes. The value that you set must reflect the longest response time any execution group takes to respond. If the value you set is too low, the broker returns a negative response, and might issue error messages to the local error log.
The value is specified in seconds and can range from 10 to 3600. The default value is 60.
If the broker is on a production system, you are recommended to increase the values for both ConfigurationTimeout and ConfigurationDelayTimeout to allow for application messages currently being processed by message flows to be completed before the configuration change is applied.
If the broker is on a development or test system, you might want to reduce time-outs (in particular, the ConfigurationTimeout) to improve perceived response times, and to force a response from a broker that is not showing expected behavior. However, reducing the timeout values decreases the probability of successfully deploying a configuration change.
Note that this listener is started by the broker when a message flow that includes web services support is started, and has a default value of 7080.
You must ensure that the port you specify has not been specified for any other purpose.
An interval of zero minutes indicates that the operating system has an external method of notification and is not using an internal timer within WebSphere Message Broker.
If you want to change other broker properties, you must delete and recreate the broker, then use the workbench to redeploy the broker's configuration. If you want to change the user ID used for database access, see Administering the broker domain.
On Windows systems, the user ID used to invoke this command must have Administrator authority on the local system.
On Linux and UNIX systems, the user ID used to invoke this command must be a member of the mqbrkrs group.
On z/OS systems, the user ID used to invoke this command must be a member of a group that has READ and WRITE access to the component directory.
Using LDAP: Ensure that the registry is appropriately secured to prevent unauthorized access. The setting of LdapPrincipal and LdapCredentials options on mqsichangebroker is not required for correct operation of the broker. The password is not stored in clear text in the file system.
mqsichangebroker WBRK_BROKER -s WBRK_UNS_QM
mqsichangebroker WBRK_BROKER -s ""
mqsichangebroker WBRK_BROKER -x /opt/3rdparty/wmbexit
F MQP1BRK,cb g=100,k=200
/f MA05BRK,cb x='/u/test/wbi/MsgFlowTrackingUserExit/zOS',e='MqsiStrUserExit02:MqsiStrUserExit03'
Notices |
Trademarks |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
an07090_ |