Tuesday, June 07, 2011

MSMQ Dynamics Sendport – TimeToReachQueue not Infinite

When using a Dynamics MSMQ SendPort, be aware to set the TimeToReachQueue to a higher value then 0! I had created an Itinerary and could not see any messages…It turns out that the TimeToReachQueue interval is somehow ignored when using Dynamic MSMQ send ports.

If the interval specified by the TimeToReachQueue property expires before the message reaches its destination, Message Queuing discards the message in one of two ways. If the message's UseDeadLetterQueue property is true, the message is sent to the dead-letter queue. If UseDeadLetterQueue is false, the message is ignored.

In my case the solution was to set the interval to a higher value than 0, otherwise the message has to be submitted to the queue very quickly! (I noticed this only during bulk/stress-testing so I might slip you attention!)







Sunday, June 05, 2011

Configuring ESB Portal resubmit

When setting up the ESB Portal we didn’t see the receive ports. After some digging around it seems that the content type is not correctly set resulting in not showing up the available receive locations.

A minor change in the SP solves this problem…

Modify the Stored Procedure: EsbExceptionDb.usp_insert_Message 

IF (@ContentType = 'text/plain' AND LEFT(@MessageData,1) = '<')
SET @ContentType = 'text/xml'


See the very useful post on the BizTalk forum



Sander Nefs

Thursday, June 02, 2011

MSMQ with ‘Authenticate’ enabled for communicating with Dynamics AX

Hereby my findings on how to communicate with a remote MSMQ with the ‘Authenticate’ property set (required for Dynamics AX MSMQ inbound Channels).

There are 2 ways how MSMQ (4+) works, either in workgroup mode (when you only install MSMQ) or in active directory mode (when you choose 'Directory Integration').

The Logon Info only works when you work in workgroup mode. When you set the 'Authenticate' flag on the Queue the Logon Info is useless...implicitly you are using personal user certificates that are installed when you logon to the machine.


So my issue was resolved once i got it working with the certificates, although i would expect that the Logon Info should work hereby my resolution:

- Logon to the client machine where the Send port is defined using the Host instance account

- Open Features\MSMQ\Properties


- Go to the tab 'User Security'


- Click on 'Register' to Register the public part of the certificate in the active directory (this is the public certificate used during user validation)

- Click on 'Renew' to install the private part of the certificate in the local machine


- Repeat these steps on each machine the user is involved on (e.g. Server/Client)

When sending a message from the client machine the private part of the certificate is used to determine the public certificate in the active directory, this makes the MSMQ server trust the user so that the message is written in the queue using the correct authentication.


Some useful resources:

post from John Breakwell


Some errors/solutions

Message was rejected

Message Queuing could not authenticate a message sent to queue ‘…….’. The message was rejected because the queue only accepts authenticated messages. It is possible that sender did not sign the message, or signed it with a self-signed certificate. A negative arrival acknowledgement will be sent if requested by the sender. This event is logged at most once per 600 seconds. To change this setting, set \HKLM\Software\Microsoft\MSMQ\Parameters\Event2195 registry value to desired time in seconds.

Cause: ‘Authenticate’ is checked on the queue, however the internal certificate does not match the public key in the active directory / MSMQ certificate store.

Solution: Renew Internal certificaat

CryptoGraphic function failed

The adapter failed to transmit message going to send port "SendPort1" with URL "FORMATNAME:DIRECT=OS:…". It will be retransmitted after the retry interval specified for this Send Port. Details:"A cryptographic function failed.".

Cause: ‘Authenticate’ is checked on the queue, however the certificate is not correctly registered.

Solution: Execute the procedure voor the certificate registration.