As is the way, when I set up various tests with my trusty servers I bump into problems that haven't been documented before. The machines are used for many scenarios so have changed domain a few times and been upgraded every now and then. I know I should build fresh ones but the old virtual machies are handy...

Most recent issue arose when I tried to get a Windows 2008 client to install MSMQ with Active Directory Integration. The client would install in workgroup mode fine but could not create the necessary objects in directory services:

  • MSMQ Event 2116
    • "Message Queuing was unable to create the msmq (MSMQ Configuration) object in Active Directory Domain Services. Error c00e0033h: %2"
  • MSMQ event 2124
    • "The Message Queuing service failed to join the computer's domain 'TESTDOMAIN'. Error 0xc00e0033:"

0xc00e0033 means "MQ_ERROR_COMPUTER_DOES_NOT_SUPPORT_ENCRYPTION" 

In this particular case, the root cause was a couple of old machine key containers in the C:\Users\AllUsers\Microsoft\Crypto\RSA\MachineKeys directory. The containers are files with GUID-style names so I had to open then in Notepad one by one until I had located the ones that specifically mentioned MSMQ amongst the scrambled text.

Once I deleted these two files (and only these!) and restarted MSMQ, I was up and running with AD integration.