I have a public queue created in a remote machine. I am able to access the queue, create a message and send it from my workstation. However, when I access the remote machine that hosts the message queue, I do not see any messages. Any ideas on what I am missing? Is there anything that need to be configured to receive messages?
You should check the security settings on the remote queue - the default setting for any account is "allow sending only".
I got it to work by removing MessageQueueTransactionType.Single from MessageQueue.Send(message,MessageQueueTransactionType.Single) method.
It Seems like there was a mismatch between the Transaction types. I am still not familiar how the transaction types work.
Related
I have to create a MSMQ messaging mechanism between two servers in the same domain, SenderServer (MS Server 2012) and ReceiverServer (MS Server 2008 R2).
I created a private, transactional queue in ReceiverServer .\private$\receiver, I gave receive (and peek) message rights to system and administrators.
I then created a client application that creates and forwards messages to the queue by using the following code:
MessageQueue queue = new queue("FormatName:Direct=OS:ReceiverServer\private$\receiver");
Message message = new Message();
message.Body = "myMessage";
using (MessageQueueTransaction tx = new MessageQueueTransaction())
{
tx.Begin();
queue.Send(message, "myLabel", tx);
tx.Commit();
}
Before deploying the application, I tested it from my machine (Windows 7) that correctly creates an outgoing queue Direct=OS:ReceiverServer\private$\receiver with State:Connected and Connection History:Connection is ready to transfer messages.
The messages are correctly sent to the ReceiverServer and placed in the \private$\receiver queue. The End2End log of the ReceiverServer for every message logs two events:
Message came over network (EventId: 4)
Message with ID CN=msmq, CN=[mymachinename], CN=Computers, DC=[domain], DC=[other] was put into queue ReceiverServer\private$\receiver (EventId: 1)
Then I used the client application from within the SenderServer using the same code. The server correctly creates an outgoing queue Direct=OS:ReceiverServer\private$\receiver with State:Connected and Connection History:Connection is ready to transfer messages, I can see the message queuing up and be sent but I do not receive them in the remote ReceiverServer queue .\private$\receiver. If I check the End2End event log of the ReceiverServer I just see the first message (Message came over network (EventId: 4)) but the message is not placed in the queue.
I turned off firewalls from both machines, changed the authorization settings for the queue and tried the following endpoint for the queues:
FormatName:Direct=OS:[IPv6 address]\private$\receiver
FormatName:Direct=TCP:ReceiverServer\private$\receiver
FormatName:Direct=TCP:[IPv6 address]\private$\receiver
With no luck. The troubleshooting process and the documentation from Microsoft are really general and simplistic, therefore I decided to ask here because for me is a dead end.
The sender domain account needs to have the following permissions on the remote queue: Send, Get Permissions, Get Properties
Are these machines on the same domain? If not you may need to grant the above permissions to the local user called ANONYMOUS LOGON
I ran into a similar problem and spend a few hours resolving it, so I wanted to post an answer to save others who may fall into the same trap I did.
When the queue was created on the remote server, it was mistakenly created as a transactional queue. However the code that was posting the messages was calling send without the transaction parameter. I could see the message at the sending workstation, but once it hit the destination server, it would disappear without any logging, journaling, or events to help determine why.
Once I identified the problem, I recreated the Queue as a non-transactional queue, and the issue was fixed.
I have a queue that should only be read by a specific program. However, I have discovered that some other program is "stealing" messages from that queue. Is there a way to determine which program does that? I couldn't come up with anything.
For a given service account, set read-message and peek-message permissions on the queue, and then ensure that only the consumer runs under that service account.
UPDATE
On Windows server 2008 or Windows 7 or higher, MSMQ has a dedicated system event log which records everything the MSMQ subsystem does. It may be possible to see what user account is accessing the queue via this.
What considerations should be addressed when moving a Microsoft 2003 server with MSMQ installed to another domain?
We assigned permissions to the queue for a user account from the new domain. We still get an error "Access to Message Queing system is denied."
There are no other servers in the new domain running MSMQ. Is there an Active Directory object that gets created when MSMQ is installed on a member server?
The issue has been resolved. The problem was with a private queue created by our application. That explains why we didn't see any AD object created. Using domain admin credentials, we tried to modify the permissions on the private queue using the MMC snapin. We got an error and could not make the required change because the domain admin was not on the ACL for that queue. We found a work around to the problem. We created a new temporary private queue and assigned full control to the user account we need for our application. We located the newly created private queue configuration file in the \system32\msmq\storage\lqs directory. We opened the file and copied the entire security line. Then we opened the configuration file for the private queue we are trying to fix and pasted the security line over the same line in that file. We saved the configuration file. We restarted the MSMQ service and then started our application service. The application could now function properly. Thanks everyone for your help!
If the domain is in a different forest and you wish to make use of public queues, etc. then you will need to reinstall MSMQ so that all the MSMQ objects are created in AD.
What exact operation generates "Access to Message Queing system is denied."?
If you don't have any messages or journal history that you need to save, I would suggest uninstalling and reinstalling MSMQ.
Have you logged into the server directly using the account that is trying to send the message? This is necessary to establish a message queuing certificate, a little understood and poorly documented area of MSMQ.
We also found another easier way to reset the permissions on the private queue. Instead of modifying the private queue configuration file, we took ownership of the private queue as the domain admin, assigned full permissions to the user account needed for our application, and transfered ownership to the same user. This restored the private queue to the state it was in prior to the server move.
I have an agent and a server in different domains. The server acts as an MSMQ server and the agent acts as an MSMQ client. I am using the mqsender utility, which is part of the MSMQ tools.
My problem is that a message is not delivered when using the HTTP:// format string (the MSMQ is installed with HTTP support). Using the OS: format string works fine.
When using HTTP the messages are immediately moved to the Dead Letter queue and the Class is set to Unknown, so I do not know the reasons for this behaviour.
So, this works:
mqsender.exe /c:10 /j:dead /f:Direct=OS:il-mark-w2k3\private$\test
And this does not:
mqsender.exe /c:10 /j:dead /f:Direct=http://il-mark-w2k3/msmq/private$/test
I checked that MSMQ virtual directory exists. How can I trace the MSMQ operation to try and understand what is going on?
Thanks.
EDIT
All the commands work as expected when ran locally on the server.
Navigating to http://il-mark-w2k3/msmq/private$/test in the browser on the agent (and the server) results in 501 - Header values specify a method that is not implemented. The same error is received when navigating to http://il-mark-w2k3/msmq. I suppose that is OK, after all it is not 404 - Not Found, right?
EDIT2
I have succeeded to resolve the issue. IIS lacked Anonymous Authentication, it became obvious from observing its log - 401.2 HTTP error was there. All worked well after it was enabled. The mistery remains why did MSMQ display Class Unknown on the dead messages? On other machine the same setup produces Error : 401, which makes much more sense.
The logging for MSMQ is internal so you won't easily be able to see exactly why the message didn't get delivered without raising a support case with Microsoft.
I have a few blog posts on solving various MSMQ/HTTP issues.
The 17 entitled "MSMQ messages using HTTP just won't get delivered" may help.
Also make sure you check the IIS logs for information.
Cheers
John Breakwell
Does anyone know of a decent way of diagnosing MSMQ access errors. I'm using NServiceBus in a web application. There is a service running that actually creates the private queues, and the web application sends messages to that queue.
The web site uses anonymous access, and the application pool runs using the Network Service account. When my application tries to send a message to the queue (using NServiceBus), I get MSMQ access denied errors. I have tried all combinations of full control with ANONYMOUS LOGON, Everyone, etc, and still no luck. I have tried deleting the queues and letting NServiceBus recreate them, and still no luck.
When I set the IIS App Pool to run using a local administrator account, then it all works fine. How can I work out exactly what permissions I need to apply? Using the accounts/permissions that are added by default clearly isn't working.
You need to set up the queue permissions so that "everyone" can send to any queue.