MSMQ from the plumber's mate

MSMQ is part of your business' IT plumbing which makes you the plumber and I'm your mate.

Browse by Tags

Tagged Content List
  • Blog Post: Understanding how MSMQ security blocks RPC traffic

    MSMQ makes use of several protocols to do its work, including: MSMQ - confusingly the protocol name is the same as the product name (although Microsoft Message Queuing is the preferred alternative. Not as snappy, mind). This protocol is for sending messages to remote destinations. RPC - used...
  • Blog Post: MSDN Video covering the removal from MSMQ 5.0 of the Windows 2000 client support service

    And 3rd in the trio created for Windows 7 / Windows 2008 R2, we have: Microsoft Message Queuing (MSMQ) - Removal of Windows 2000 Client Support Service where Nancy Strickland discusses the impact of installing Windows 2008 R2 domain controllers on Windows 2000 machines running MSMQ applications...
  • Blog Post: MSDN Video demonstrating MSMQ 5.0 and SHA-2 incompatibility

    Just noticed that MSMQ is featured on Microsoft Showcase as part of the "Windows 7 - Known Incompatibilites" series. Microsoft Message Queuing (MSMQ) - SHA-2 is the default Hash Algorithm, and how to overcome it This 8 minute video, voiced by Nancy Strickland , covers the changes to the default...
  • Blog Post: Error 0xC00E0033 when you try and install MSMQ with Active Directory Integration

    As is the way, when I set up various tests with my trusty servers I bump into problems that haven't been documented before. The machines are used for many scenarios so have changed domain a few times and been upgraded every now and then. I know I should build fresh ones but the old virtual machies are...
  • Blog Post: Microsoft Security Bulletin MS09-040 - Vulnerability in Message Queuing Could Allow Elevation of Privilege

    A new patch came out yesterday for MSMQ: MS09-040 Microsoft Security Bulletin MS09-040 - Important 971032 MS09-040: Vulnerability in Message Queuing could allow elevation of privilege If you are already on the latest service pack then you will be OK for Windows XP and Windows Vista; Windows...
  • Blog Post: Default MSMQ queue permissions have changed in MSMQ 4.0

    For Windows Vista and Windows Server 2008, newly created queues may not have the permissions you're used to. With MSMQ 3.0 and earlier, creating a queue would assign the following defaults: Everyone – Get permissions, Get properties, Send message. Anonymous Logon – Send message. Machine...
  • Blog Post: MSMQ and Federal Information Processing Standard (FIPS)

    The United States Government has a couple of standards that provide a benchmark for implementing cryptographic software. These are: Federal Information Processing Standard 140-1 (FIPS 140-1) which was published in January 1994, and is superceded by... Federal Information Processing Standard...
  • Blog Post: "Can I write a script to create a queue in MSMQ and set the permissions on it?"

    The first part is easy enough but the second is tricky. For example, here's how to create a public queue with 'Old School' VBScript: set iq=CreateObject("MSMQ.MSMQQueueInfo") iq.PathName=”machine\queue” iq.Label=”The queue” iq.Create (IsTransactional=0) There's no way to add permissions...
  • Blog Post: MSMQ won't install on Windows 2008 with a Fatal Error (0x80070643)

    One of my colleagues in support has ventured under the MSMQ spotlight with a post about a permissions/UAC problem preventing installation on Windows 2008: MSMQ installation on Windows 2008 fails with error "Attempt to install Message Queuing Server failed with error code 0x80070643. Fatal error...
  • Blog Post: MSMQ 5.0 - Changes introduced with Windows 7 and Windows Server 2008 R2

    Quick clarification point to prevent confusion: MSMQ 5.0 means Windows 7 and Windows Server 2008 R2 MSMQ 4.0 means Windows Vista and Windows Server 2008 'R1' Currently there doesn't seem to be much to worry about - business as usual for most customer. There are two items of interest, though...
  • Blog Post: How to send authenticated MSMQ messages without using a domain account

    For MSMQ, message authentication relies on a certificate being stored in Active Directory under the user account. These certificates are automatically created when the domain user logs in with their account on a machine (one certificate created per machine). Therefore if you are running a windows service...
  • Blog Post: Authenticated or encrypted MSMQ messages are rejected because of incorrect CSP name

    There is a new hotfix released for MSMQ 3.0 on Windows XP to correct a problem where the certificate service provider name was not being written correctly to the message: FIX: A Message Queuing 3.0 message is rejected on the receiver when you send the message by using an external certificate from...
  • Blog Post: Routing Support in MSMQ requires Enterprise Administrator privileges

    One down-side of enabling Routing Support for MSMQ is that you need to be an Enterprise Administrator to install it, as can be seen from this Technet article: Installation permissions Message Queuing computer Permission level required Message Queuing server on a domain controller...
  • Blog Post: Microsoft Security Bulletin MS08-065 - MSMQ 2.0 vulnerability

    This bulletin came out yesterday and only applies to Windows 2000. If you are still running systems using MSMQ 2.0 then please download and deploy the hotfix at your earliest convenience. This KB discusses the hotfix (build 5.0.0.807): 951071 MS08-065: Vulnerability in Message Queuing could...
  • Blog Post: Authenticating MSMQ messages between forests

    If you try to send authenticated messages between machines in different forests, you will see them end up in the Transactional Dead Letter Queue (assuming you enabled source journaling). This is because authentication uses certificates that are stored in Active Directory but forests - even those with...
  • Blog Post: Clearing up MSMQ certificates from Active Directory

    Some people have found a problem where Active Directory contains too many MSMQ certificates for a particular user account, usually if that's the one they use for installing all their MSMQ machines. As you know, MSMQ uses certificates for authentication and encryption of messages. MSMQ generates...
  • Blog Post: Sending encrypted MSMQ messages

    MSMQ has moved out of private corporate LANs and now companies send messages over the Internet. Data security should therefore be top of the to-do list for anyone wanting to follow this route. The first consideration is what do you actually need to encrypt? Are you only interested in ensuring that...
  • Blog Post: Getting MSMQ messages out of Windows Server 2008 remotely

    I'm now into full swing looking at MSMQ 4.0 on Windows Server 2008 using Virtual Server. I haven't got round to installing 2008 on my 64-bit laptop and desktop yet but maybe in the summer sometime when customers are on vacation I'll have the time. Sending messages works fine but receiving them fails...
  • Blog Post: Cross-forest MSMQ? You need to be trusting

    Let's assume you want to use a classic "resource domain/account domain" setup where: DomainA in Forest1 (the resource domain) contains the MSMQ servers DomainB in Forest2 (the account domain) contains the service account for the MSMQ application There is a 1-way trust from resource domain...
  • Blog Post: No default security when WCF uses MSMQ in workgroup mode

    One thing to note when using WCF and MSMQ in workgroup mode is that there is no SID sent in a security header: 952570 A Message Queuing message does not include the security header when you use WCF to send the message in Workgroup mode This isn't much of a big deal as the security header is wide...
  • Blog Post: MSMQ 4.0 runs with the Network Service account instead of Local System

    The changes in security between Windows XP and Windows Vista have thrown up one or two problems for MSMQ. Take this one: You cannot send or receive encrypted Message Queuing messages after you upgrade a computer from Windows XP to Windows Vista The move to running MSMQ under the (less privileged...
  • Blog Post: Clear the way - MSMQ coming through

    [[Edited Ping information - 20th May 2008]] A reasonably common question is "what ports does MSMQ use?" Usually the infrastructure guys have their routers locked down tight and want to open up only the bare minimum to let your new MSMQ application through. The problem can be in understanding what...
  • Blog Post: MSMQ messages using HTTP just won't get delivered #11

    Security. You've got to love it. Spent a little while trying to work out why my test messages weren't going over HTTP to a Windows Vista destination before I realised what was wrong. The IIS service may have been running but, of course, the Windows Firewall is blocking port 80 by default. So... ...
  • Blog Post: "How do I send MSMQ messages between domains?"

    Nine times out of ten this will not be the correct question. Whoever is asking REALLY means "How do I send MSMQ messages between forests?" MSMQ will happily send messages between domains in the same forest. All you need is a Global Catalogue (GC) in every domain and the whole forest is enabled for...
  • Blog Post: MSMQ 4.0 - what's new in Computer Management?

    I'm now the proud owner of a working Windows Server 2008 installation (I know, I know, I should have got into the beta but I've been busy..) so I thought I'd have a quick look at what's different in Computer Management. You'll be happy to know that little has been changed within MSMQ management except...
Page 1 of 2 (27 items) 12