I am hitting my head against a wall with this one and could do with some inspiration.
I have a .NET 4.5.2 app that uses System.Messaging.MessageQueue to send MSMQ messages to a transaction, authenticated, private queue on the local machine.
This works wonderfully, in dev, in test, and on a Windows 2008 R2 server in live. I am in the process of migrating to Windows Server 2019, and it no longer works. Nor, does it work on a Windows 10 desktop.
When I try to send a message to the local (or remote), it silently fails and lands up in the Transactional dead-letter queue, with the error: "The signature is invalid.".
The traditional answers for this are:
- MSMQ is not installed. A: it's locally delivery, so not applicable
- Certificate has expired. A: Renewed and re-registered certificate through MSMQ console.
- Turn off authentication. A: works, but leaves queue insecure so not an option
- Enabled Weak algorithm support. A: only applicable cross-operating systems for remote queues.
On the working 2008 installation, a test message has the sender correctly identified, with authentication set to yes with a SHA-512.
On the dead-letter queues, the sender is still correctly identified, but it says authentication is no and an unknown hash. Yet, it's the exact same test code that is generating the message.
My only other oddity is that in all production computers, I am unable to "view" the user's certificate due to:
User certificate cannot be obtained. Error: There is an internal Active Directory Domain Services error.
Although this happens on the 2008 box too and works fine. I can also view the certificate locally on the computer by pressing "Register...", and I can see data in the mSMQSignCertificates attribute under the AD user.
So, I'm completely stuck as to what could be causing this. Or more importantly, how to progress it any further.
