MSMQ outside own Network

mathiaslindahl

Hello!
My problem is that I cant send/receive message with MSMQ to a remote computer located outside our firewall. I try to send with TCP and HTTP without being able to get connected, computer or queue can't be find. Using Navision 4sp3. This is the code:

CREATE(ComCom);
CREATE(MSMQ);

ComCom.AddBusAdapter(MSMQ,1);
MSMQ.OpenReceiveQueue'DIRECT=TCP:212.112.162.xyz:1801/private$\TestQ',0,0);

OR
MSMQ.OpenReceiveQueue'DIRECT=HTTP://stefmkwe.d3g.com/private$\testq',0,0);

Ports are opened in our firewall (135,1801,2101-2105 and 3527).

Happy to receive any tips!

/M

kajnn@wmdata.com

If the server outside the firewall is a stand-alone server, then you must hack the registry on that server to allow workgroup mode access to MSMQ:

Message Queuing 3.0 cross-forest clients on Windows Server 2003 family computers in non-trusted domains will use the secure remote read interface. By default, the Message Queuing 3.0 server requires domain clients to establish an encrypted channel, and such a channel cannot be established between non-trusted domains. Thus remote read requests from such clients will be rejected. To modify this default behavior and allow the Message Queuing server to accept domain clients that do not establish an encrypted channel, create a DWORD value Security\NewRemoteReadServerAllowNoneSecurityClient in the registry and set it to 1.

DenSter

I'm pretty sure ComCom and the MQBA only work with private queues. You could program C/AL directly on the MSMQ object model though, so if you know how to do that in VB or C# it should not be a big deal implementing that in NAV.

mathiaslindahl

I tried to enter the DWORD-value in the HKEY_Local_Machine\Security, but it's not possible to write anything there. "Cannot create value: Error writing to the registry" . So I guess it's a dead-end.

/M

kajnn@wmdata.com wrote:

If the server outside the firewall is a stand-alone server, then you must hack the registry on that server to allow workgroup mode access to MSMQ:

Message Queuing 3.0 cross-forest clients on Windows Server 2003 family computers in non-trusted domains will use the secure remote read interface. By default, the Message Queuing 3.0 server requires domain clients to establish an encrypted channel, and such a channel cannot be established between non-trusted domains. Thus remote read requests from such clients will be rejected. To modify this default behavior and allow the Message Queuing server to accept domain clients that do not establish an encrypted channel, create a DWORD value Security\NewRemoteReadServerAllowNoneSecurityClient in the registry and set it to 1.

nunomaia

mathiaslindahl wrote:

I tried to enter the DWORD-value in the HKEY_Local_Machine\Security, but it's not possible to write anything there. "Cannot create value: Error writing to the registry" . So I guess it's a dead-end.

/M

kajnn@wmdata.com wrote:

If the server outside the firewall is a stand-alone server, then you must hack the registry on that server to allow workgroup mode access to MSMQ:

Message Queuing 3.0 cross-forest clients on Windows Server 2003 family computers in non-trusted domains will use the secure remote read interface. By default, the Message Queuing 3.0 server requires domain clients to establish an encrypted channel, and such a channel cannot be established between non-trusted domains. Thus remote read requests from such clients will be rejected. To modify this default behavior and allow the Message Queuing server to accept domain clients that do not establish an encrypted channel, create a DWORD value Security\NewRemoteReadServerAllowNoneSecurityClient in the registry and set it to 1.

Key isn't in HKEY_Local_Machine\Security but in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\Security\NewRemoteReadServerAllowNoneSecurityClient

Read http://msdn2.microsoft.com/en-us/library/ms699854.aspx