Discussion:
Unable to send message from remote machine to a private queue
(too old to reply)
RP
2009-07-16 09:48:08 UTC
Permalink
Hi,

I have configured a private queue on Windows server 2008 where MSMQ is
configured with Domain mode.
I am trying to send message to this queue from a remote machine.
Both the machines are in same domain.

This works only when I give ANONYMOUS LOGON access to that queue.
But I don't want to give ANONYMOUS LOGON access to the queue due to security
reason. However, Except this none of the other permission seems to work.


I tried giving full access to Everyone, domain User (from which I am sending
the message), Another domain User which I am using to logon to the Windows
2008 which is running MSMQ, SYSTEM Account. Both the domain Users are
administrators on their respective machines.

Could any one help to resolve this issue please?

Thanks,

RP
John Breakwell (MSFT)
2009-07-16 13:17:02 UTC
Permalink
Hi RP,

If the only way to allow access is through Anonymous Logon then that means
the messages are not being sent by an account that the destination machine
recognises.
In your case this would be one of the local non-domain accounts.

Messages are sent containing the SID of the sending account.
If you are logged in with a domain user but messages don't get delivered
then that indicates to me that the logged on account is actually sending the
message.
For example, I could have a web page that calls a local service to send a
message. The account in this case is the one used by the local service and
not the logged in user.

How exactly are you sending messages? Where is the code running and in what
security context?

Cheers
John Breakwell (MSFT)
Post by RP
Hi,
I have configured a private queue on Windows server 2008 where MSMQ is
configured with Domain mode.
I am trying to send message to this queue from a remote machine.
Both the machines are in same domain.
This works only when I give ANONYMOUS LOGON access to that queue.
But I don't want to give ANONYMOUS LOGON access to the queue due to security
reason. However, Except this none of the other permission seems to work.
I tried giving full access to Everyone, domain User (from which I am sending
the message), Another domain User which I am using to logon to the Windows
2008 which is running MSMQ, SYSTEM Account. Both the domain Users are
administrators on their respective machines.
Could any one help to resolve this issue please?
Thanks,
RP
RP
2009-07-30 07:30:01 UTC
Permalink
Hi John,

Thank you very much for your reply!

Actually, whats happening is my client machine - from where I am sending
messages to the remote queue is logged with domain User name and msmq service
is running there with NETWORK SERVICES account.

The Server machine is having the MSMQ Service again running on NETWORK
SERVICES account. I have given rights to my Domain User account which I am
using to login into the client machine. Also, I have given the full rights to
the client Computer on this private queue.

Still the problem is same and I am only able to send message when I give
access to the ANONYMOUS LOGON account.

I have checked the properties of message which are sent successfully. It has
the SID and Source Computer as the GUIDs, which are I guess Active Directory
Unique names for the User ID and Computer Name. The User property of the
message is shown as "\".

Could you please give any clue with all the above description what could be
the issue with?

Thanks in Advance!

RP
Post by John Breakwell (MSFT)
Hi RP,
If the only way to allow access is through Anonymous Logon then that means
the messages are not being sent by an account that the destination machine
recognises.
In your case this would be one of the local non-domain accounts.
Messages are sent containing the SID of the sending account.
If you are logged in with a domain user but messages don't get delivered
then that indicates to me that the logged on account is actually sending the
message.
For example, I could have a web page that calls a local service to send a
message. The account in this case is the one used by the local service and
not the logged in user.
How exactly are you sending messages? Where is the code running and in what
security context?
Cheers
John Breakwell (MSFT)
Post by RP
Hi,
I have configured a private queue on Windows server 2008 where MSMQ is
configured with Domain mode.
I am trying to send message to this queue from a remote machine.
Both the machines are in same domain.
This works only when I give ANONYMOUS LOGON access to that queue.
But I don't want to give ANONYMOUS LOGON access to the queue due to security
reason. However, Except this none of the other permission seems to work.
I tried giving full access to Everyone, domain User (from which I am sending
the message), Another domain User which I am using to logon to the Windows
2008 which is running MSMQ, SYSTEM Account. Both the domain Users are
administrators on their respective machines.
Could any one help to resolve this issue please?
Thanks,
RP
p***@gmail.com
2017-12-13 08:05:20 UTC
Permalink
Post by RP
Hi,
I have configured a private queue on Windows server 2008 where MSMQ is
configured with Domain mode.
I am trying to send message to this queue from a remote machine.
Both the machines are in same domain.
This works only when I give ANONYMOUS LOGON access to that queue.
But I don't want to give ANONYMOUS LOGON access to the queue due to security
reason. However, Except this none of the other permission seems to work.
I tried giving full access to Everyone, domain User (from which I am sending
the message), Another domain User which I am using to logon to the Windows
2008 which is running MSMQ, SYSTEM Account. Both the domain Users are
administrators on their respective machines.
Could any one help to resolve this issue please?
Thanks,
RP
Hi - I am trying to either
a.) Locate a stranger's computer, not locally, and not even near our network, knowing only it's SID, or,
b.) Send a message to a stranger's computer, not locally, and not even near our network, knowing only it's SID.
Please assist.
I can't give out the SID though.

Loading...