What considerations should be addressed when moving a Microsoft 2003 server with MSMQ installed to another domain?
We assigned permissions to the queue for a user account from the new domain. We still get an error "Access to Message Queing system is denied."
There are no other servers in the new domain running MSMQ. Is there an Active Directory object that gets created when MS开发者_C百科MQ is installed on a member server?
The issue has been resolved. The problem was with a private queue created by our application. That explains why we didn't see any AD object created. Using domain admin credentials, we tried to modify the permissions on the private queue using the MMC snapin. We got an error and could not make the required change because the domain admin was not on the ACL for that queue. We found a work around to the problem. We created a new temporary private queue and assigned full control to the user account we need for our application. We located the newly created private queue configuration file in the \system32\msmq\storage\lqs directory. We opened the file and copied the entire security line. Then we opened the configuration file for the private queue we are trying to fix and pasted the security line over the same line in that file. We saved the configuration file. We restarted the MSMQ service and then started our application service. The application could now function properly. Thanks everyone for your help!
If the domain is in a different forest and you wish to make use of public queues, etc. then you will need to reinstall MSMQ so that all the MSMQ objects are created in AD.
What exact operation generates "Access to Message Queing system is denied."?
If you don't have any messages or journal history that you need to save, I would suggest uninstalling and reinstalling MSMQ.
Have you logged into the server directly using the account that is trying to send the message? This is necessary to establish a message queuing certificate, a little understood and poorly documented area of MSMQ.
We also found another easier way to reset the permissions on the private queue. Instead of modifying the private queue configuration file, we took ownership of the private queue as the domain admin, assigned full permissions to the user account needed for our application, and transfered ownership to the same user. This restored the private queue to the state it was in prior to the server move.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论