I'm hoping someone will be able to help me with an issue we are having moving from Test to Production. In test everything is working fine but in Production we are having queue access problems.
Current configuration...
MSMQ queue server located on a work group machine located in DMZ
MSMQ message receiver machine located on a work group machine located off the internal domain
Wcf workflow services hosted in IIS on message receiver machine that monitor the MSMQ queue server
Private queues with names that match the end point of the Wcf workflow service and use the IP address of the queue server, i.e. net.msmq://[IP address]/private/workflowservice/service.xamlx
Net.MSMQ binding in IIS on receiving machine is configured to the IP address of the queue server
Net.MSMQ activator service on the receiving machine is running under NETWORK SERVICE
The receiving workflow services run using an application pool running under NETWORK SERVICE
ANONYMOUS LOGON and NETWORK SERVICE have full permissions on queues
MSMQ server Disable Unauthenticated RPC Calls is disabled
MSMQ installed on both machines
Firewalls are configured to allow ingoing and outgoing on all MSMQ ports
Can send to the queues successfully
If access one of the receiving workflow services via Internet Explorer I receive the following error message,
"An error occurred while opening the queue: Unrecognized error -1072824319 (0xc00e0001)."
I can see from the MSMQ Server machine security event log that the ANONYMOUS LOGON user is accessing the machine but the queue is not being recognised.
Any help would be greatly appreciated.
Related
Steps followed to installed Load Agent on AWS.
Firewall Exception from controller for port 50500 , 54345, 443 and 3389 on load agent machine.
Installed Load Runner Setup [ as Load agent Process is also a part of Load Runner Setup]
Allowed all the programs [Agent Process, Agent Service.. etc] from Windows Firewall.
Tried to connect from Load Controller. Error received on controller is
Communication error: The Client failed to send packet. The socket has been shut down.
As per OPs team, the agent is trying to establish a connection back to a server 54.xxx.xx.xxx[Unknown AWS IP] on port 10051 and failing eventually where as this particular server is unknown to us.
Version of Loadrunner on Agent and Controller is same.
Please tell how do i have to install or configure MI LISTENER or AGENT PROCESS over firewall.
Turns out, it was a firewall exception mess made by the IT department. The above mentioned steps will clearly allow a communication with the LR Controller and Agent.
I have a website uses enterprise library to log using MSMQ trace listener. Site is creating logs. The logs are in MSMQ outgoing queues. However, queues are not being sent to remote computer. Message I get is
Failed to connect Winsock socket. Address:IP=xx.xx.xx.xx
State is in "Waiting to Connect". The queue path I have as queuePath="FormatName:DIRECT=OS:computername\Private$\private queuename"
Am I missing anything? May be firewall rule? when I look at the firewall rule in destination computer, it allows the MSMQ Inbound TCP/UDP for all ports.
Enabling Remote Event Monitor (RPC-EPMAP) inbound rule in firewall fixed the issue I was getting. Now the state is Connected and Connection History is Connection is ready to transfer messages.
Also to add I found that port 1801 which msmq port for allowing incoming traffic need to be opened.
https://support.microsoft.com/en-us/help/183293/how-to-configure-a-firewall-for-msmq-access
I have WAS MQ 7.1 Server installed in windows. My application running on unix is trying to connect to this server during which it gives the error "MQ Connect failed 2195" in the application logs. On debugging the code , i found it is while connecting to the q manager that it is throwing this error.
I tried to run a netstat on the MQ Server port no. and do a telnet to check if there is any connection being established . But I could not see any connection being established to the q manager .
The possible issues could be
1. Que Manager has not been started
2. Listener not started
3. Initiation queue not started or created or attached(usually optional depending on set up)
4. Listening to the wrong Port or IP
5. Firewall stopping traffic to Port or IP
6. Queue Manager not created on destination
7. Not authorized to Queue manager and/or channel and/or queue
8. Trial MQ copy expired.
9. Wrong Queue manager name
10. Wrong channel name or password or queue or queue type
Have done the following to check if it is working fine .
1. Tried to put a message from windows to the MQ Server which was successful.
2. Gave auth(setmqaut) permission to Request queue that was created.
3. There is no firewall between application and MQ Server.
4. Channel name , q manager , IP and port no.s are correct.
In my windows MQ Setup i have created the Server connection channel and Client connection Channel.
export the mqm lib to SHLIB_PATH.
Added the application user to mqm group and also the windows user through which I had created the MQ Server setup
Had copied the AMQCLCHL.TAB to the unix machine containing the client program.
exported MQCHLTAB to the table filename
exported MQCHLLIB to the path containing the table name
exported the MQSERVER=QMgrName/CHANNEL1/hostname from the client machine.
Please let me know if I am missing anything w.r.t connection of the application(in Unix) to the MQ Server(in Windows).
2195 is MQRC_UNEXPECTED_ERROR. It implies something that should not have happened, even if you set it up wrong. It may well be accompanied with an FDC file in the errors directory. You should raise a PMR with IBM Service.
We have a service that is hosted in IIS using WAS with the net.msmq binding. The service reads messages from a private transactional MSMQ queue. I need it to work by reading from a queue that is on a different machine to the service. I can get it working if the queue is on the same machine, but not if it is on a different machine.
Environment information
The servers are running Windows Web Server 2008 R2.
The servers are in a workgroup, i.e., they are not part of a domain.
MSMQ has been installed without the directory service integration feature.
I believe that the required Windows features are installed (WCF Non-Http Activation and Http Activation, Message Queuing Server, Multicasting Support, Message Queueing DCOM Proxy, Windows Process Activation Service, .NET Environment, Configuration APIs)
I have made the following registry changes on the machines:
NewRemoteReadServerAllowNoneSecurityClient = 1
NewRemoteReadServerDenyWorkgroupClient = 0
AllowNonauthenticatedRpc = 1
DTC has been enabled, with Network DTC Access, Allow Remote Clients, Allow Inbound, Allow Outbound, No Authentication Required and Enable SNA LU 6.2 Transactions all selected.
Firewall changes have been made.
Service configuration information
We are using netMsmqBinding.
The transport Security Mode of the netMsmqBinding is None.
ExactlyOnce is true
UseActiveDirectory is false
Durable is true
The queue address is net.msmq://the-host-computer-name/private/EmailAsyncService
WCF logging
There is a warning:
Cannot detect if the queue is transactional". The FormatName of the queue in the error is DIRECT=OS:the-host-computer-name\private$\EmailAsyncService
There is then an error:
An error occurred when converting the 'the-host-computer-name\private$\EmailAsyncService' > queue path name to the format name: Unrecognized error -1072824300 (0xc00e0014). All operations on the queued channel failed. Ensure that the queue address is valid. MSMQ must be installed with Active Directory integration enabled and access to it is available.
What I have tried
I can read messages from the remote queue from the machine the service is on if I manually create and use a MessageQueue instance.
I've tried hosting the service as a standalone console application. The error messages are the same.
I have tried disabling the firewalls involved.
I've tried the changes on http://msdn.microsoft.com/en-us/library/ms752246.aspx, which relate to running such services on a computer joined to a workgroup. ("both the activation service and the worker process must be run with a specific user account (must be same for both) and the queue must have ACLs for the specific user account... In workgroup, the service must also run using an unrestricted token.") The user account I'm currently using is Network Service.
Some thoughts
I don't believe that there is a firewall or permissions issue.
Despite the fact that the service configuration has UseActiveDirectory set to false, the queue address of net.msmq://the-host-computer-name/private/EmailAsyncService seems to be getting translated into the-host-computer-name\private$\EmailAsyncService, which AFAIK is a name format that requires lookup via Active Directory.
I'm a little late here, but since you have no other answers, I may still be of help.
You might want to try enabling Directory Service Integration, as I believe you need to muck with certificates to operate in Workgroup Mode.
Also, Juval Lowy's WCF book makes it clear that when you have queued services hosted in WAS you have to name the queue the exact same as the virtual path to your svc file. So if your service is actually hosted at /EmailAsyncService/EmailService.svc then that's precisely what you need to name your queue (without the first slash).
If I am using MSMQ over the web, what happens if the network connection is lost between client and server?
So can you still add messages to the Queue, and if so where are they stored? In the client app, or in the clients OS etc?
For instance if I have a windows service which is adding items to a queue in a different country. What if the network connection is lost, and the windows service is restarted. Do the messages get lost forever?
The other part of the question relates to the route that a message takes, is it sent directly to the receiving queue, or is it written into a queue on the client side? Does that require MSMQ to be installed on the sending server, and how about licensing for that?
Is there any good documentation to explain the required setup?
Update: Regarding your follow up question. Yes you have to install msmq on the sending server. There aren't any licensing cost, because MSMQ is part of windows and not a separate software (just like the IIS). Here is documentation on "Setting Up a Message Queue" on windwos 2003.
Before Update: Outgoing message are stored in the outgoing queue of the sending server. They are not lost if the sending service is restarted. They will wait in the outgoing queues ( which can be inspected with the msmq manager ) for I don't know how long.
if the msmq service or the sending server are restarted. Then "express" messages will be lost. express or recoverable are properties of non-transcriptional messages.