MSMQ产生错误：工作组安装的计算机不支持该操作/用户的内部消息队列证书不存在 [英] MSMQ creating errors: A workgroup installation computer does not support the operation / User's internal Message Queuing certificate does not exist

问题描述

这是推动我升技坚果因此，如果任何人都可以HEPL我会非常感激！

This is driving me abit nuts so if anyone could hepl i'd be very grateful!!

我想从一个服务器的域的域控制器内将消息发送到公用队列，但我得到的错误：

I am trying to send a message to a public queue from a server within the domain to the domain controller but i get the error:

工作组安装的计算机不支持该操作。

'A workgroup installation computer does not support the operation.'

我已经设置了MSMQ在域控制器上，并在公共队列文件夹中创建一个消息队列。

I have set up the MSMQ on the Domain COntroller and created a message queue in the Public Queues folder.

我知道了类似的问题已经被问过：

I know a similar question has been asked before:

为什么MSMQ觉得我是一个工作组计算机上？

但我已经尝试了所有被建议的事情，但我仍然得到同样的错误。

but i have tried all of the things that were suggested but i still get the same error.

所以，带你通过什么我已经从建议尝试：

So to take you through what i have tried from suggestions:

一）AD集成没有被选中作为一个设置选项 - 如果MSMQ安装此选择

a) AD integration was not selected as a setup option - when msmq installed this was selected

二）AD集成被选中，但未能初始化;查看事件日志 - 我检查我的事件日志，我有消息 - 包MSMQ服务器包的可选更新MSMQ-ADIntegration成功开启

b) AD integration was selected but failed to initialise; check event logs - i have checked my event logs and i have the message - Selectable update MSMQ-ADIntegration of package MSMQ Server package was successfully turned on.

c）检查在活动目录孤立的对象 - 我已经检查了LostAndFound目录在Active Directory用户和计算机，检查没有孤立对象在AD

c) Check for orphaned object in the Active directory - I have checked the LostAndFound Directory in Active Directory Users and Computers to check no orphaned objects in AD

和我已按照以上说明： http://technet.microsoft.com/en-us/library/cc730960.aspx

and i have followed these instructions: http://technet.microsoft.com/en-us/library/cc730960.aspx

我还卸载了重新启动，重新安装，并再次检查了我不吨有任何孤立的对象。

I have also uninstalled restarted and reinstalled and checked again that i don t have any orphaned objects.

也将所有发送邮件的服务器需要安装MSMQ？此刻我只有它，我觉得就足够了在域控制器上。

Also would all the servers which send the message need msmq installed? at the moment i only have it on the domain controller which i thought would be enough.

编辑1：我添加的MSMQ所有发送邮件的服务器（他们是负载平衡，因此canbe任何人），他们已经MSMQ安装了，但是没有公共队列，所以我unistalled resrted并重新安装（检查所有适当的在选择框时，MSMQ -Directory服务集成/路由服务等​​。而他们现在有公共队列我现在得到一个新的错误如下：

Edit 1: I have added msmq to all the servers which send messages (they are load balanced so it canbe any of them) they had msmq installed already but without Public Queues so i unistalled resrted and installed again (checking all the appropriate boxes when selecting msmq -Directory service integration/routing service etc.. and they now have Public Queues I am now getting a new error as follows:

用户的内部消息队列证书不存在。

'User's internal Message Queuing certificate does not exist.'

编辑2：

我仍然在这方面的工作，但已经取得了一些进展 - 当我检查我的域控制器的证书颁发机构就在那里，但是当我看了一下IIS它缺少虚拟目录CertServ - 请链接解释：

I am still working on this but have made some progress - When i checked my domain controller for the Certificate Authority it was there but when I looked at IIS it was missing the Virtual Directory CertServ - please see link for explanation:

的http://msdn.microsoft.com/en-us/library/windows/desktop/ms755466%28v=vs.85%29.aspx

有一次，我已经整理这个问题了，我会要求，我的每个服务器计算机证书如下：

Once i have sorted this problem out i will request a computer certificate for each of my servers as below:

http://technet.microsoft。 COM / EN-US /库/ cc740173％28V = ws.10％29.aspx

希望这会工作！

编辑3：确定，所以对于垃圾网络即时通讯的原因无法申请证书，但希望这将在几天之下一coupke予以纠正。所以，我想自证明其奥斯卡最佳吨有所作为，起飞UseAuthentication = TRUE，UseEncryption =真正的和未选中的身份验证对话框中，设置加密选项。我不再让这使我相信，有什么不对的身份验证（做与Active Directory）。然而，即使它没有失败在某种意义上说，已经显示错误消息，我希望在网页中显示的错误信息我的网站上显示。没有消息在我的域控制器公共队列中的消息...

EDIT 3: ok so for reasons of rubbish internet i m not able to request a certificate but hopefully that will be rectified in the next coupke of days. So i tried self certifying which didn t make a difference and took off UseAuthentication = true, UseEncryption = true and unchecked the authenticated box in and set encryption to optional. I no longer get an error message which leads me to believe there is something wrong with Authentication (to do with Active Directory) However even though it hasn't failed in the sense that no error message has displayed and the page i expect to be shown on my site is shown. There is no message in my Domain Controller Public queue messages...

我已经这样做了局部的地方它的工作原理就好像是，当我尝试，是造成问题的一个领域内做到这一点。

I have done this locally where it works it seems to be when i try to do it within a domain that is causing problems.

编辑4：

只是tolet你知道我对这个进步 - 我想，以确保该消息已被发送到域控制器，所以我不得不看看MSMQ端到端监控 - 所以在每台Web服务器（该消息是从发送）和域控制器（该消息被发送到），在事件查看器>应用程序和服务日志> Microsift>窗口> MSMQ>端到端我启用日志记录。

Just tolet you know my progress on this - I wanted to make sure that the message was being sent to the Domain controller so i had a look at MSMQ End2End monitoring - So on each of the web servers (the message is sent from) and the Domain controller (the message is sent to) in the Event Viewer>Application and Services Logs > Microsift> Windows >MSMQ >End2End I enabled logging.

当我试图在Web服务器2端到端事件再次登录发送消息：

When i tried sending a message again on the web server 2 End2End events were logged:

1. 信息与ID CN ​​= MSMQ，CN = ETAILWEB03，CN =计算机，DC​​ = Etail，DC =本地\ 7被送到队列PUBLIC = d7ee680c-11ec-4d9a-aa31-528dcc9b1eba

1. Message with ID CN=msmq,CN=ETAILWEB03,CN=Computers,DC=Etail,DC=local\7 was sent to queue PUBLIC=d7ee680c-11ec-4d9a-aa31-528dcc9b1eba

信息发送网络

和在域控制器上的端到端事件：

And on the Domain Controller in the End2End events:

1. 信息过来网络

所以从这个似乎消息已经到达，所以我现在想看看那里的消息已经得到了失去了：

So from this it seems the message has arrived so i am now looking to see where the message has got lost:

<一个href="https://groups.google.com/forum/?fromgroups=#!topic/microsoft.public.msmq.networking/88FYCvO2YwQ" rel="nofollow">https://groups.google.com/forum/?fromgroups=#!topic/microsoft.public.msmq.networking/88FYCvO2YwQ

编辑5：

好了，所以以下内容：

<一个href="http://stackoverflow.com/questions/6469095/msmq-messages-received-but-not-delivered-win2k8r2">MSMQ收到的消息，但不传递Win2K8R2

我添加了一个匿名用户，并能够将消息添加到队列，这是伟大的，但我现在需要倒退一步，只有充分控制的消息应该由接收用户 - 在Web服务器的有啥用户名是，也为安全，我需要的信息进行身份验证所以回到我前面的问题之一。

I added a Anonymous user and was able to add a message to the queue, which is great but i need to step backwards now and only give full control to users that messages should be received from - so what the username of the webservers are and also for security i need the messages to be Authenticated so going back to one of my earlier issues.

编辑6：

不过受困于这一点，但有一个远一点......

Still struggling with this but got a bit further...

在域控制器（其中，认证机构和接收MSMQ是）证书的自动注册配置，我运行Web服务器上的以下（其中发送消息） - 运行 - 运行gpupdate / force和每次重新启动Web服务器

On the Domain COntroller (where the certificate authority and receiving MSMQ is) the certificate auto-enrol is configured and i run the following on the web servers (which send the messages) - run - gpupdate /force and Restarted each web server.

我确信，对所有Web服务器验证了检查，身体是在消息队列属性中选择。我还重申对所有Web服务器证书，以确保他们最新的我现在得到以下错误：

I made sure that on all the web servers Authenticate was checked and Body was selected in the message queue properties. I also renewed the certificates on all the web servers to make sure they up to date I am now getting the following error:

无效的队列路径名。

我已经看过下面的链接：

I have looked at the following link:

<一个href="http://blogs.msdn.com/b/johnbreakwell/archive/2010/03/24/understanding-how-msmq-security-blocks-rpc-traffic.aspx" rel="nofollow">http://blogs.msdn.com/b/johnbreakwell/archive/2010/03/24/understanding-how-msmq-security-blocks-rpc-traffic.aspx

编辑7：

确定，所以，试图得到这个工作，它似乎是在Web应用程序的用户没有被认可所以Web服务器我去IIS>应用程序池>高级设置>身份并设置身份的网络服务。一旦这样做我不再得到一个错误消息，当我运行我的应用程序，但该消息似乎并不符合公众排队在那里我会想到它是那么我现在就来看看端到端再来看看，如果我能找到它已经一去不复返了。

ok so to try to get this to work it seemed that where the web application user was not being recognised so on the web servers i went to IIS > Application Pools > Advanced Settings > Identity and set the identity to Network Service. Once this was done I no longer get a error message when i run my application but the message does not seem to be in the public queue where i would expect it to be so I will now look at end2end again to see if i can find out where it has gone.

修正

一旦IIS设置为网络服务我仔细检查了正在发送该邮件已通过身份验证和域控制器被接收的消息已认证检查。我给我的公共队列完全访问每个人都和它的工作！

Once the IIS was set to Network Service i double checked that the message that was being sent was authenticated and the Domain controller that was receiving the message had authenticated checked. I gave full access to everyone on my public queue and it worked!

说实话有很多试验和错误，一路上，但希望这一职位将帮助其他人 - ！感谢John B个最的东西，我读过关于这一问题是在这种或那种形式发表他的

To be honest there was a lot of trial and error along the way but hopefully this post will help others - thanks to john B most of the stuff i ve read on this subject was posted by him in one form or another!

推荐答案

用户的内部消息队列证书不存在。

'User's internal Message Queuing certificate does not exist.'

交互方式登录到将要发送消息的每个服务器。
使用该发送应用程序是下运行的用户帐户。
这将创建证书，一台机器一个，该帐户。

Interactively log on to each server that will be sending messages.
Use the user account that the sending apps are running under.
This will create the certificate, one per machine, for that account.

这篇关于MSMQ产生错误：工作组安装的计算机不支持该操作/用户的内部消息队列证书不存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！