0

I am creating a web based solution (MVC / C#) that places messages on an MSMQ public queue. I am currently testing on a development server where I am an administrator.

The web server is a single server and has WindowsAuthentication and ASP.NET Impersonation enabled, and Anonymous Authentication disabled.

The Application Pool on the server is running under a domain account. This same account has been used to log onto the server and therefore has generated a certificate on the machine (ref: John Breakwell’s blog and this StackOverflow solution)

I have installed MSMQ with these MSMQ installation options I have created a public queue which is transactional and authenticated, to which both Authenticated Users and the domain account have full control

When running in debug mode in Visual Studio (but using the same message queue) a message is sent successfully.

However, when I navigate to the site with a browser and perform an action that should send a message, the process fails. The queue is retrieved correctly; the failure occurs at the point when a transactional message is sent.

I have tried renewing the internal certificate (in Message Queue Properties) which changed the error message to: Cryptographic function has failed (CorruptedSecurityData). On logging onto the server using the service account the error message returns to the original.

I have tried altering the message queue permissions so that “Everyone” and “ANONYMOUS LOGON” and my personal domain account have full control, and Authentication is removed.

Edit #1

Ensuring both the queue and sending message properties include an acknowledgement of FullReachQueue, and with the above permissions set, the Event Log: {Applications and Service Logs, Microsoft, Windows, MSMQ, End2End} displays two new entries:

Message with ID CN=msmq,CN=TDBDEV,OU=Hosted Servers,OU=Member Servers,DC=npfit,DC=nhs,DC=uk\8194 was sent to queue PUBLIC=e50ae2b5-25ce-447d-96ea-9ec4c9de3d48

Message with ID CN=msmq,CN=TDBDEV,OU=Hosted Servers,OU=Member Servers,DC=npfit,DC=nhs,DC=uk\8194 was put into queue PUBLIC=e50ae2b5-25ce-447d-96ea-9ec4c9de3d48

The custom system logging also recorded:

2016-05-13 15:00:40,045 NPFIT\MyUserName
ERROR Logging.Log4NetLogger Message Queue Exception:  Inner Exception  Error Code: -2147016672 System.Messaging.MessageQueueException (0x80004005)
   at System.Messaging.MessageQueue.GenerateQueueProperties()
   at System.Messaging.MessageQueue.get_QueuePath()
   at System.Messaging.MessageQueue.get_QueueName()
   at MSMQCoreService.QueueManager.SendMessage[T](String queueName, T messageObject) in c:\Source\Application\MSMQCoreService\QueueManager.cs:line 164

This takes me to Edit#5 of the other stackoverflow post mentioned above, but unsuccessfully adding messages to the queue with all permissions open.

Community
  • 1
  • 1
Andy
  • 1
  • 3
  • What is the exact error message you are getting - please can you add to your question. – James P May 13 '16 at 11:18
  • Sorry James, I should have been clearer. The title is the message I get. I catch the error as a MessageQueueException. The exception message is: "User's internal Message Queuing certificate does not exist.", the inner exception is empty and the MessageQueueException error code is "NoInternalUserCertificate". – Andy May 13 '16 at 11:25
  • Sure. I'm looking to find out the server configuration required to make this all work. The code interacts with the queue's through the .NET's own Message objects. I believe it to be a permissions/certificate issue as the same code works fine via Visual Studio. I'm just out of my depth with server configuration of certificates. – Andy May 13 '16 at 11:39
  • Thanks James. I've followed that link already (and highlighted it in the 3rd paragraph). I've logged onto the server using the domain account specified, and my own domain account, and checked in the registry that the certificates exist. It's baffling! – Andy May 13 '16 at 12:02
  • Sorry bit out of depth on this one - maybe others can help :) – James P May 13 '16 at 12:03
  • Thank you for looking. I don't think it's a simple problem at all! – Andy May 13 '16 at 12:04

1 Answers1

0

I know this is an old thread, but I recently encountered a similar issue regarding a BizTalk Server Isolated (IIS based) host invoking a MessageQueue.

Root cause seemed to be that the profile of the IIS application pool account was not loaded, therefore no certificate information was available.

Solution: select the 'Load User Profile' option on the application pool in IIS.

Charles Storm
  • 1