Possibility of "Access Denied" errors for config files on Windows

Technote (troubleshooting)


On Windows if a file is created outside of the MQFT config directory tree and then moved into that tree (for example, into an agent's config directory) the file's permissions are set such that an agent or user cannot access it.


If this happens an error similar to this example will be output by the agent when it tries to access the file:

[29/05/2012 23:58:49:505 BST] 00000001 XMLFileLoader E BFGPR0046E: A problem has occurred while attempting to open the C:\Program Files\IBM\WebSphere MQ\mqft\config\MFTCOORD\agents\MFTQM2CDBRIDGE\ConnectDirectCredentials.xml XML file. The internal MQMFT data has not been updated. The details of the error are: C:\Program Files\IBM\WebSphere MQ\mqft\config\MFTCOORD\agents\MFTQM2CDBRIDGE\ConnectDirectCredentials.xml (Access is denied.)

A secondary symptom of this problem will be that the user who created and moved the file will also not be able to access the file and will, for example, get a similar "Access Denied" error when opening the file in a text editor.


When a new file is created on Windows, by default, it inherits its permissions from its parent directory. In version 7.5 the MQFT config directory tree has its directories defined such that they do not pass on permissions to files contained within them. This means that when a file, that is created out of this directory tree, is moved into this directory tree that it no longer inherits any permissions. This results in the file having no permissions set causing the "Access Denied" error to occur.

Resolving the problem

This problem has been fixed under APAR IC85473 which can be found here:


There is also a work-around for this problem which is to initially create the file directly under the MQFT directory tree so that the file then has the correct permissions associated with it. Alternatively if you have already moved a file to the MQFT config directory tree and are now encountering the "Access Denied" error, you can still edit the file's security permissions to make the file editable again. Setting the recommended level of security permissions on the file should allow both editing by the owning user and reading of the config by the agent.

Document information

More support for:

WebSphere MQ
WMQ Managed File Transfer

Software version:


Operating system(s):


Software edition:

All Editions

Reference #:


Modified date:


Translate my page

Content navigation