In this article, we will provide an introduction of IBM MQ, how BizTalk Server can connect to IBM MQ and how to setup monitoring of IBM MQ Queues with BizTalk360.
IBM® MQ, formerly known as WebSphere MQ, is messaging-oriented middleware, which simplifies and accelerates the integration of different applications and data across multiple platforms. It uses message queues to exchange information for independent and non-concurrent applications in distributed systems. IBM MQ is available for large number of platforms, being:
- z/OS (mainframe)
- OS/400 (IBM System I or AS/400)
- UNIX (AIX, HP-UX. Solaris)
- HP Nonstop
- OS 2000
- Microsoft Windows
Microsoft Windows Platform
IBM MQ is messaging and queueing middleware, with several modes of operation:
- File Transfer
For the Microsoft platform, users can create and manage IBM MQ with two options:
- MQ Explorer GUI
- Running commands from command window or application.
For installing the MQ Explorer GUI, you can refer to this link and for installing the server using msiexec you can go to this link.
BizTalk Server and IBM MQ
As a middleware product, BizTalk Server can also connect to IBM MQ. For using IBM MQ with BizTalk Server, there are two adapters available.
- MQSeries Client (MQSC) Adapter
- MQSeries Adapter
MQSeries Client (MQSC) Adapter
The MQSC Adapter is available in the BizTalk Adapter for Host Systems installation that is part of Host Integration Server(HIS). This adapter is a light weight component of MQ that doesn’t require the MQSeries Queue Manager run-time code to reside on a client system. This adapter helps to connect IBM MQ queue manager on Windows and non-Windows platform. Using the MQSeries Client Adapter can do the following actions:
- Send and receive messages from local Queue, MQSeries Remote Queue, Transmission Queue, and Alias queue from BizTalk Server
- Connect Remote queue manager that reside on Windows platform or another platform directly from BizTalk server
- It Support Clustered MQSeries Queue Manager and clustered BizTalk servers
- It provides support Secure Socket Layer(SSL) for secure communication with MQSeries Queue Manager
MQSC Adapter Configuration
In a real-time scenario, the setup would be the following when using two servers
Server 1 (Windows)
Server 2 (Windows/Non-Windows)
WebSphere MQ Client (available from IBM)
If you want to use the WebSphere MQ Extended transactional client, you can use WebSphere MQ Client in Server 1.
MQSeries adapter requires IBM MQSeries Server for Windows to reside on the client system to communicate with an IBM WebSphere Queue Manager running on Windows or non-Windows. MQSeries comes with BizTalk Server installation. This adapter uses the MQSAgent2 COM+ application to put/get messages into the IBM MQ Queue Manager. Using the MQSeries Adapter can do the following actions:
- Send and Receive messages from local Queues, MQSeries Remote Queues, Transmission Queues, and Alias queues from BizTalk Server
- Send and Receive messages from MQSeries Server for Windows. You need to deploy one copy of MQSAgent (COM+ of the adapter) to support BizTalk server installation
- Dynamically create queues at runtime
- Request for Delivery of transactional and non-transactional messages for send and receive
- Dynamically receive messages from queues based on MQSeries MatchOptions
MQSeries Adapter Configuration
IBM MQ can be installed in multiple different configurations. Below you find an overview of which components need to be installed in case IBM MQ will be installed on one, two or three servers.
For configuring the MQSeries Adapter on a single Server:
Server 1 (Windows)
MQSAgent2 COM+ Application
And for the configuring it in two servers:
Case 1 – Installation while combining Windows and Non-Windows servers
Server 1 (Windows)
Server 2 (Windows/Non-Windows)
MQSAgent2 COM+ application
MQSeries Server for windows
Case 2 – Installation on 2 Windows servers
Server 1 (Windows)
Server 2 (Windows)
MQSAgent2 COM+ application
If you want to configure MQSeries Adapter on three servers, the configuration would be as follows:
Server 1 (Windows)
Server 2 (Windows)
Server 3 (Windows/Non-Windows)
MQSAgent2 COM+ Application
MQSeries Server for windows (Available from IBM)
Monitoring IBM MQ with BizTalk360
BizTalk360 has the capability to monitor the IBM MQ Queues that are configured with the receive location and send ports mapped with either MQSeries Client Adapter or MQSeries Adapter. BizTalk360 has the following requirements:
- Monitor the accessibility of the queue manager and queues
- Monitor the growth of queues and corresponding backout queue
- Identify the backout queues automatically and start monitoring them
You can refer to this link for an article about how to configure an IMB MQ queue for monitoring with BizTalk360.
Errors while connecting from BizTalk360 to IBM MQ
Customer might face errors or technical challenges while configuring BizTalk360 to monitor IBM MQ queues. Some of the error codes are:
- 2033 – MQRC_NO_MSG_AVAILABLE
- 2035 – MQRC_NOT_AUTHORIZED
- 2059 – MQRC_Q_MGR_NOT_AVAILABLE
- 2538 – MQRC_HOST_NOT_AVAILABLE
We can see the details about the errors and resolution:
MQRC_NO_MSG_AVAILABLE – 2033
Reason: There is no message on the queue
Resolution: This is an expected condition; no corrective action is required.
MQRC_NOT_AUTHORIZED – 2035
Reason: Trying to open a queue in a cluster
Resolution: create a local alias to the cluster queue, or authorize all users to have access to the transmission queue
Provide object authorities in the queue level or queue manager level to the user in the MQ Explorer.
MQRC_Q_MGR_NOT_AVAILABLE – 2059
- The default queue manager is not running
- The MQ listener program associated with the default queue manager is not running
- The default queue manager is not defined on the local system
- Determine the name of the queue manager
- Verify that the queue manager exists on the local machine, and that it is running
- Verify that the listener program is running
- Verify that queue manager trying to connect is the default queue manager
- If necessary, make queue manager as the default queue manager
MQRC_HOST_NOT_AVAILABLE – 2538
Connect to a queue manager but the attempt to allocate a conversation to the remote system failed.
- The listener has not been started on the remote system
- The connection name in the client channel definition is incorrect
- The network is currently unavailable
- A firewall blocking the port, or protocol-specific traffic
- The security call initializing the IBM MQ client is blocked by a security exit on the SVRCONN channel at the server
Resolution: Examine the client error log for messages explaining the cause of the problem
Here is the link of list of error codes while using IBM MQ.
Hope you found this article helpful. If you have any feedback or suggestions, please add it in our feedback portal. You can get started with monitoring IBM MQ by downloading the 30-day free trial of BizTalk360.
SFTP (SSH File Transfer Protocol also known as Secure File Transfer Protocol) is a secure file transferring protocol between two remote systems, which runs over Secure Shell protocol (SSH). It provides strong authentication and secure encrypted data communication between two computers, which are connecting over an insecure network. It was designed by the Internet Engineering Task Force (IETF) as a secure extension. SSH provides the secure file transfer capabilities.
In this article, we will explain how to configure SFTP, how to use it with BizTalk Server and how you can set up monitoring SFTP using BizTalk360.
- How to Configure SFTP
- Types of authentication available in SFTP
- Using SFTP in BizTalk Server
- Monitoring SFTP using BizTalk360 Application
How to Configure SFTP
SFTP has replaced legacy FTP (File Transfer Protocol) and FTP/S and it provides all the functionality offered by these protocols, but the protocol is more secure and reliable. Also, configuration is easier.
Following are the steps to configure SFTP:
- Download the OpenSSH for server using OpenSSH for Windows binaries (Packages OpenSSH-Win64.zip or OpenSSH-Win32.zip)
- Extract the package in folder location ‘C:Program Files’ as an administrator and install the SSH and SSHD services using the following command:
exe -Execution Policy Bypass -File install-sshd.psl
- Once you have run the above command, the SSH server and server agent will install the system and start the service in the services.msc
The SFTP port number for the SSH port is 22, basically just an SSH Server. Once the user has logged in to the server using SSH, the SFTP protocol can be initiated. There is no separate SFTP port exposed on the servers. There is also no need to configure another rule into the firewalls.
Once the command is executed in PowerShell, the rule is created in the firewall section.
Using Public Keys for SSH Authentication
One effective way of securing SSH access to the server, is to use a Public/Private Key pair. This means that the generated key pair, consists of a public key (allowed to know) and a private key (keep secret and don’t give to anybody). The private key can generate a Signature and cannot be forged for anybody who doesn’t have that key. But using the public key, anybody can verify that a signature is genuine. The public key is placed on the server and a private key is placed on local workstation. Using a key pair, it becomes impossible for someone to log in by using just a password, in case you have set up SSH to deny password-based authentication.
Create the .ssh directory in a local folder and create a file named as “authorized_keys”, where we store the public key for authentication.
PuTTYgen is a key generator. It generates pairs of public and private keys. When you run the PuTTYgen, you will see a window where you have two choices:
- Generate – to generate a new Public/Private key pair
- Load – to load an existing private key
Before generating a key pair, using PuTTYgen, you need to select which type of key you need.
PuTTYgen currently supports the following type of keys:
- An RSA key for use with the SSH-1 protocol
- An RSA key for use with the SSH-2 protocol
- A DSA key for use with the SSH-2 protocol
- An ECDSA (Elliptic Curve DSA) key for use with the SSH-2 protocol
- An Ed25519 key (another elliptic curve algorithm) for use with the SSH-2 protocol
Here, we will generate a RSA key, for use with the SSH-1 Protocol.
- Download the PuTTYgen from the web site
- Launch the program and click “Generate” button. The program generates the keys for you
- Once you click the Generate button, you must generate some randomness, by moving the mouse over the blank area
- Enter the unique Key passphrase and Confirm passphrase fields
- Save the public and private keys, by clicking Save Public Key and Save Private Key buttons
- From the Public Key, for pasting it into the OpenSSH authorized_keys file field at the top of the window, copy all the text (starting with ssh-rsa). The copied key must be pasted either into the public key tool, in the Control Panel, or directly into the authorized keys file on your server.
Using SFTP Adapter in BizTalk Server
BizTalk Server provides the SFTP adapter to send and receive a file from a secure FTP server using the SSH file transfer protocol. Let’s see how can configure the SFTP adapter for receiving and sending a file from the secure server.
- In the BizTalk Admin Console, create a SFTP Receive Port in the BizTalk application where you want to have it
- Create a Receive Location within that Receive Port
- Select the Transport Type as SFTP from the drop-down list
In the Properties section, configure the following steps:
- Connection Limit – Specify the maximum number of concurrent connections that can be opened to the server
- Polling Interval – Specify the interval at which the adapter polls the server. To poll continuously, set this value to zero
Default Value: 5
- Unit – Specifies the unit in which the polling interval is specified. For example: Seconds, Minutes, Hours or Days
- Accept Any SSH Server Host key – When the option is set as True, SSH will accept the connection from the host server; when it is set as False, the Receive Location uses the fingerprint of the server for authentication. For the authentication, you need to provide the finger print in the SSHServerHostKeyFingerPrint field.
There are three client authentication methods:
Password authentication mode is simply providing the password in the console for authenticating the client. For the PublicKeyAuthentication, you must provide the private key file in the PrivateKey field and provide the passphrase in the PrivateKeyPassword for authenticating.
For MultiFactorAuthentication, the user must provide the user name, password and Privatekey. If the private key is protected by a passphrase, you also need to provide that in the privatekeyPassword field.
- Password – Specify the password, if you have set the ClientAuthentication mode to password
- Private Key – Specify the private key for the SFTP user, if you have set the ClientAuthenticationMode to Publickeyauthentication
- Private Key Password – Specify the passphrase key to validate the private key
- SSH Server Host Key Fingerprint – It specifies the fingerprint of the public host key for the SSH server
- Username – Specifies a username to log on to the SFTP server
- File Mask – Specifies the file mask to use when retrieving files from a secure SFTP server
- Folder path – Specifies the folder path on the secure SFTP server from where the Receive Location can retrieve files
- Port – Specifies the port address for the secure SFTP server on which the file transfer takes place
- Server Address – Specifies the server name or IP address of the secure SFTP server
Configuring the Send Port
For Configuring the Send Port, create a Send Port or double click an existing send port to modify it in an application in the BizTalk Administration Console.
- On the General Tab, Choose the type of SFTP artifact in the transport section and click the configuration button.
- In the SFTP Transport Properties window configure the following options based on requirement
- Connection Limit – Maximum number of concurrent connections that can be opened to the server
- Log – Creating client-side log file to trouble shoot any errors. Enter the full path for creating the log file and its available from BizTalk Server 2016
- Temporary Folder – A temporary folder on the SFTP server to upload large files before automatically moved to the required location on the same server and its available from BizTalk server 2013 R2
- Address –Specifies either DNS or IP Address of the Proxy server
- Password –Specifies the Password of the proxy server
- Port – Specifies the port of the Proxy Server
- Type – Specifies the protocol used by the proxy server
- User Name – Specifies the User Name of the Proxy server
- Access Any SSH Server Host Key – When True, the send port accept any SSH Public host key from the server and if set as false, the port matches the host key with the key specified in the SSHServerHostKey
- Client Authentication Mode – Specifies the authentication method that the send port uses for authenticating the client to the SSH Server.
Three modes of authentication
- Password – If set as Password , you must provide the password in the Password Property
- PublicKeyAuthentication – if set as PublicKeyAuthentication, you must provide the private key of the user in the PrivateKey
- MultiFactorAuthentication – if set as MultiFactorAuthentication, you must provide UserName with its Password. If the private key is protected by a password, provide the password in the PrivateKeyPassword as well
- EncryptionCipher – Provide the kind of encryption cipher and available from BizTalk Server 2013 R2. Options are Auto, AES and TripleDES in the BizTalk Server 2013 R2 and for the BizTalk Server 2016 Auto, AES, Arcfour, Blowfish, TripleDES, and
- Password – Specify the SFTP user password if you set the ClientAuthenticationMode to Password
- Private Key – Specify the private key for the SFTP user if you set the ClientAuthenticationMode to PublicKeyAuthentication
- Private Key Password – Specify a private key password, if required for the key specified in the PrivateKey
- SSH Server Host Key Finger Print – Specifies the fingerprint of the server used by the adapter to authenticate the server if the AccessAnySSHServerHostKey property is set to False. If the fingerprints do not match, the connection fails.
- User Name – Specifies the username for the secure FTP Server
- Append If Exist – if the file being transferred to the secure FTP server already exists at the destination, this property specifies whether the data from the file being transferred should be appended to the existing file. If set to True, the data is appended. If set to False, the file at the destination server is overwritten
- Folder Path – Specifies the folder path on the secure FTP server where the file is copied
- Port – Specifies the port address for the secure FTP server on which the file transfer takes place
- Server Address – Specifies the server name or IP address of the secure FTP server
- Target File Name – Specifies the name with which the file is transferred to the secure FTP server. You can also use macros for the target file name
- Click Apply and OK again to save settings
Monitor the SFTP Location using BizTalk360
From the v8.4, under File Location in the Monitoring section, BizTalk360 has the capability to monitor SFTP servers. File Location Monitoring will list all the locations configured in the BizTalk artifacts (Send Ports and Receive Locations) for the SFTP Transport type. This helps users to easily monitor all the SFTP locations mapped within the Receive Locations/Send Ports.
It contains four sections:
- SSH Server Section has the details about the SFTP Location
- The Proxy Details Section is optional to connect to a SFTP Server behind a firewall
Note: In BizTalk, Proxy details are available from BizTalk 2013 R2
- Security Details Section has the authentication details
- In the SFTP Monitoring Config Section, you can configure the monitor with threshold conditions for the metric File Count
Based on the need, you can monitor the location with threshold conditions. If the specific condition is met, the user gets notified through an email, a SMS or another communication channel.
For monitoring the SFTP server, BizTalk360 uses the third-party tool nSoftware. Using the nSoftware IPWorks SSH product, BizTalk360 connects to the secure server with Private Keys and password for monitoring the location.
For monitoring the SFTP in BizTalk360 you can refer the knowledge base in this link.
See below, some code snippets for connecting to the secure server using nSoftware.
sftp.SSHUser = “test”;
sftp.SSHPassword = “password”;
sftp.SSHPort = 22;
sftp.SSHHost = “SSHHost”;
Public key Authentication
sftp.SSHUser = "test";
sftp.SSHCert = new Certificate(CertStoreTypes.cstPPKKeyFile, "....filesserver_cert.pem", "test", "*");
sftp.SSHAuthMode = SftpSSHAuthModes.amPublicKey;
sftp.SSHPort = 22;
sftp.SSHHost = "SSHHost";
This article demonstrates the creation of a SFTP Server. Using the SFTP server in BizTalk Receive Locations and Send Ports, you can send files securely and monitor the SFTP server using BizTalk360.
If you have any feedback or suggestions, please write to us at email@example.com.
Recently Microsoft rolled out the July 2018 .NET Framework Security Updates. These Security Updates caused series of errors in the BizTalk Server Administration Console, SharePoint, Internet Information Server (IIS) with classic ASP and .NET applications which use impersonation.
Related to BizTalk Server, the issue is that BizTalk server relies on a COM component, that runs with restricted permissions. This COM component may fail to start after installing the July 2018 Security Updates.
For BizTalk360 to monitor the BizTalk server, it needs that the BizTalk Server Administrator components are installed in the server. But when the BizTalk360 server is also updated with the security patches, the same errors will occur while accessing the BizTalk applications and their artifacts. Many of our customers raised support tickets to BizTalk360 support channel, as they were not aware of these issues due to the windows security patch.
How the errors occur in BizTalk360 and in BizTalk Server
The com exception will occur in BizTalk360 only after the July 2018 security patch update is installed on the servers. The issue will pop up on many occasions as mentioned below.
- BizTalk360 application
- BizTalk Applications and their artifacts
- Hosts and Host Instances
Following screenshot refers, how the exception appears in BizTalk360.
When launching BizTalk Server, a series of errors appear from Hosts and Host Instances.
Here are the errors that occurred in the BizTalk Admin console, When trying to access the host instance
Root Cause of the problem
Let ’s have a look at the root cause of these issues in detail. The Microsoft .NET Framework runtime uses the process token to determine whether the process is running within an elevated security context. These system calls can fail if the required process inspection permissions are not present. This causes an “access denied” error. However, these errors might reveal themselves with other error messages, as we have seen from the screen prints earlier in this article.
A temporary workaround is discussed in this MSDN thread. The simplest workaround is to uninstall the security patch and everything will be back to normal.
The latest patch was re-released by Microsoft on July 30, 2018. This update helps to resolve this issue. This patch has different versions applicable to your operating system and .NET Framework installed.
- 4346877Update for Windows 10, version 1607 and Windows Server 2016: July 30, 2018
- 4346406Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346406): July 30, 2018
- 4346405Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows Server 2012 (KB 4346405): July 30, 2018
- 4346407Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows 7 SP1 and Server 2008 R2 SP1 and .NET Framework 4.6 on Server 2008 SP2 (KB 4346407): July 30, 2018
- 4346408Update for .NET Framework 4.5.2 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346408): July 30, 2018
For detailed information about latest patch release, please click this link. Microsoft had also suggested a workaround for the issue but with the following warning message:
Warning: The workarounds may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend these workarounds. However, we are providing this information so that you can implement the workarounds at your own discretion. Use these workarounds at your own risk.
We have received quite a few support tickets on this specific cases from our customers who have recently update the security patches. Because, the problem lies with BizTalk Server, It has affected the BizTalk360 as well while accessing the applications. We informed the customers about the reason for the error. The new patches are uninstalled, BizTalk360 and BizTalk Server will be back to normal. Here is a happy feedback from our most valued customers.
With this release of BizTalk360(v8.5), the user can customize email template. The earlier version of BizTalk360 only has a capability to change the color of the email body, font, logo, background, footer background etc. Most of our customer had requested to customize the email alert with more comprehensive improvements, so we have revamped the email template module with more additional functionalities to simplify and customize the email notification. This allows to create and manage custom templates for notifications.
The user can able to create a template with an in-built XSLT validator with preview options. Email template can be used in different alarms with light or dark theme, which helps to
• grab the support team’s attention to take on the relevant actions.
• choose different theme templates to indicate different business cases.
• easily identify which template belongs to which environment.
So, let’s us look how to create a template in the newer version of BizTalk360.
In BizTalk360, Manage Email Template can be found in the monitoring and notification section of setting side. While installing the newer version, the default template “BizTalk360 Email Template” will be used for all the existing or newly created alarm.
For creating a new template, click on “NEW” icons as shown in above picture, a blade opens for providing the basic details like template name, description of the template, toggle button for making it as default template as shown in the picture below.
In the following section, the user can edit and provide their own data like display name, email address, logo text, footer text etc.same as previous versions for a better manageability.
Initially, BizTalk360 provides a default template “BizTalk360 Email Template” with a light elegant theme. Themes are also available in two variants light and dark. A user can able to choose light or dark theme while creating a template.
However, the earlier version of BizTalk360 email colors are chosen by selecting colors from color picker and here we came up with the idea of providing “themes” instead of simply selecting the color code for the email template.
We categorized themes into two
• Light Theme
• Dark Theme
We are not restricting the user to simply selecting light or dark theme, we have also provisioned to edit the themes.
Under the edit theme color settings, a user can choose 6 Body BG color which represents different themes for light and dark. Once the theme is selected, “PREVIEW TEMPLATE” option is being provided to cross check the desired changes on a new blade.
Once the template is created, it will be displayed in the main grid of Manage Email Templates page.
BizTalk360 uses XSLT (eXtensible Stylesheet Language Transformations) as a styling language for customizing the email template. The XSLT file editing option is being provided to a user for changing font family and font size. “Please do not change any logic in XSLT file, as this might corrupt the mailing functionality”. This facility is available in the edit section of each template by clicking the edit gear icon.
Once the changes are made in the XSLT file, the inbuilt XSLT validator verifies the XSLT file and allows the user to save the file after successful verification.
The “Preview Template” option is provided in edit section to make sure the desired changes have been made in XSLT file.
In the alarm configuration section, we have customized for a user-friendliness to choose the template that has been created at the manage email module. Also, we made the notification channel to be available in the Alarm configuration page itself. We have made the email configuration optional if the notification channel is being enabled so that either one of the choices can serve the purpose.
BizTalk360 already had a feature to format email template, with its latest release v8.5 it fills the gap by adding the ability to customize, create and manage template for different alarms based on user preference. Keep your mailing color codes intact with your thoughts using our customized email template feature. If you have any feedback or suggestion, please feel free to write to us at firstname.lastname@example.org.