Welcome to Microsoft® Message Queue Server (MSMQ) version 1.0 for the Windows NT® 4.0 Option Pack. This document supplements the MSMQ documentation.
This document includes:
Latest MSMQ Information
Additional Documentation
Known Problems
Copyright Information
Note This version of MSMQ differs from the stand-alone version for Windows NT Server/E (Enterprise Edition). The HTML MSMQ Administrator's Guide has been authored for the Windows NT Server/E version of MSMQ. Under "Microsoft Message Queue Server," click "Before You Begin," which describes the differences between the two versions of MSMQ. The information in this document supersedes the information in "Before You Begin" and in the MSMQ Administrator's Guide.
Up-to-date information about MSMQ can be found on the Microsoft MSMQ Web site at http://www.microsoft.com/msmq/.
For technical information or support on MSMQ, visit Microsoft Technical Support Online at http://www.microsoft.com/support/.
This section contains installation and configuration documentation not found in the HTML MSMQ Administrator's Guide.
Note For Software Development Kit (SDK) issues, see the HTML MSMQ Programmer's Reference. In particular, for ActiveX issues see "Changes in ActiveX Components" in the HTML documentation.
MSMQ is not installed by default during installation of the Windows NT Option Pack. You must click Custom on the Windows NT Option Pack Setup dialog box to install MSMQ. You will then be presented with a list of components to install. Select the Microsoft Message Queue check box to install MSMQ. By default, all components of MSMQ (Core, Admin, Docs, and SDK) are automatically installed during a Custom installation. If you do not want specific MSMQ components installed, click to clear the check boxes of the components you do not want to install.
Note When the MSMQ documentation is installed, Internet Information Server (IIS) is automatically installed. IIS occupies approximately 100 MB of hard disk space on your computer.
Note If you install only the MSMQ Core component on a computer running Windows NT Workstation 4.0 or Windows® 95, you will not see an MSMQ entry on the Start menu under Programs.
If you install MSMQ on a computer running Windows NT Workstation 4.0 or Windows 95, you must install Personal Web Server (PWS) in order to view the HTML documentation. MSMQ does not automatically install PWS when the MSMQ documentation component is installed.
MSMQ includes the MSMQ Exchange connector, which allows Microsoft Exchange users to send messages and forms to MSMQ queues. To configure the MSMQ Exchange connector after MSMQ installation, click Start, point to Windows NT 4.0 Option Pack, point to Microsoft Message Queue, click Exchange Connector Setup, and then follow the on-screen instructions. The MSMQ Exchange connector is available only on computers running Windows NT Server 4.0 and Windows NT Server/E.
If you want to run unattended MSMQ Setup, you must create a new folder on your server computer and perform unattended installations from that folder. This is useful for performing installations without remaining at the computer and stepping through the installation options. Use the following procedure to perform unattended MSMQ setup. You can use a text editor, such as Microsoft Notepad, to create the necessary files.
For general information on unattended setup, see "Unattended Option Pack Installation," in "Option Pack Installation," in "Windows NT 4.0 Option Pack Setup," in "Getting Started," in the HTML Windows NT Option Pack documentation.
To perform unattended MSMQ SetupOr, if you have previously installed MSMQ and now want to add or remove components, you must use maintenance
mode during unattended installation. Type:
%windir%\system32\sysocmgr.exe /I:%windir%\system32\setup\iisv4.inf /c /u:full path to
Mysetup.txt
where full path to Mysetup.txt is the drive and path on the local computer
where Mysetup.txt is located.
For step 2 (above), use the following sample Msmqinst.ini file as a template for step 2 . Be careful to edit the section headings and entry settings appropriately.
[Common Parameters] ControllerServer=Myservername SupportingServer=Myservername ExistingDatabase=Delete StopServices=Allow IPAddresses=Myipaddress [MyPEC] ServerType=PEC DataDevice=c:\msmq,80 LogDevice=c:\msmq,20 EnterpriseName=Myenterprise IPCNs=Myipnetwork IPXCNs=Myipxnetwork SiteName=Mysite IPXAddresses=Myipxaddress [MyPSC] ServerType=PSC DataDevice=c:\msmq,80 LogDevice=c:\msmq,20 ControllerServer=MyPEC SiteName=Mysite SiteLinks=Mylink IPXAddresses=Myipxaddress [MyBSC] ServerType=BSC DataDevice=c:\msmq,80 LogDevice=c:\msmq,20 ControllerServer=MyPEC
Important You must use the file name Msmqinst.ini. For more information on the Msmqinst.ini file, see "Unattended Setup" in "Installing MSMQ" in the MSMQ Administrator's Guide.
For step 3 of an unattended MSMQ Setup (above), you can use the following sample Mysetup.txt as a template. You can also use the unattend.txt file included on the Windows NT Option Pack compact disc as a template. Be sure to edit the section headings and entry settings appropriately.
[Version] Signature="$Windows NT$" [Global] FreshMode=Custom|Minimal|Typical MaintanenceMode=AddRemove|ReinstallFile|ReinstallComplete|RemoveAll UpgradeMode=AddExtraComps|UpgradeOnly ;NOTE: Windows NT Option Pack Setup sets the [Global] section above ;automatically. You can also specify the installation mode that unattended ;MSMQ Setup runs in, based on the configuration of your target computer. ;For example, if your target computer will: ;* receive a new MSMQ installation (fresh mode), but no "FreshMode=" ;line is specified, then Typical is the default value. ;* receive a MSMQ re-installation or uninstallation (maintenance mode), but no ;"MaintanenceMode=" line is specified, then ReinstallComplete is the ;default value. ;* receive an upgrade of MSMQ (upgrade mode), but no "UpgradeMode=" ;line is specified, then UpgradeOnly is the default value. [Components] Iis_common=ON Iis_www=OFF Iis_ftp=OFF Mts_Core=ON Mts_Mmc=ON Msmq_Server_Core=ON Msmq_Admin=OFF|ON Msmq_Doc=OFF|ON Msmq_SDK=OFF|ON ;NOTE: the [Components] section is valid only when ;FreshMode = Custom, ;MaintanenceMode = AddRemove, and ;UpgradeMode = AddExtraComps ;for the [Global] section above [iis] Path=c:\myunatten\myiis PathFTPRoot=c:\myunatten\myinetpub\ftproot PathWWWRoot=c:\myunatten\myinetpub\wwwroot PathPROGRoot=c:\myunatten\myprogroot [mts_core] Path=c:\myunatten\mymtx USERID=myuserid PASSWORD=mypassword [Msmq_Server] Path=c:\myunatten\msmq ServerType=RS
Note Valid settings for the ServerType entry above include: PEC (primary enterprise controller, PSC (primary site controller), BSC (backup site controller), RS (Routing Server), RAS (Remote Access Service), IND (independent client), and DEP (dependent client).
If you install an MSMQ client on a computer running Windows NT Workstation 4.0 or Windows 95, you must replace the [Msmq_Server] section with [Msmq_Client], and the ServerType entry with ClientType. ClientType values include IND (independent client) and DEP (dependent client).
Be sure to test your unattended installation script before deployment.
You can create an MSMQ installation share if you want to provide the ability to install MSMQ client software from a server computer. Use the procedure described later in this section to manually create an MSMQ installation share. You can use a text editor, such as Microsoft Notepad, to create the necessary files. You should copy the contents of the Windows NT Option Pack compact disc to your server computer. Specifically, you must copy all subfolders and files in the \ntoptpak folder to your hard disk for the procedure to succeed.
Note If you install the version of MSMQ provided with the Windows NT Option Pack over a version of MSMQ provided with Windows NT Server/E that has an existing MSMQ installation share, the shared folder is removed but the shared files are not. You must manually delete the shared files.
For the following procedure, you can use two computers: one to store the contents of the Windows NT Option Pack compact disc and another computer to store the .bat and .ini files you have created.
To create an MSMQ installation sharecopy \\Myservername\Mysetupshare\Setup\Msmqoptp.ini %windir% \\Myservername\Myshare\Setup
[Common Parameters] ControllerServer=myservername SupportingServer=myservername ServerAuthenticationOnly=True
Important You must use the file name Msmqoptp.ini.
A client computer can download and install MSMQ client software by connecting to the shared public folder, running Mqsetup.bat, and following the on-screen instructions.
You can upgrade any existing version of MSMQ on a computer that is running Microsoft Cluster Server (MSCS) with the version of MSMQ provided with Windows NT Option Pack.
However, on a computer running MSCS, you can install a MSMQ Routing server, Independent client, or Dependent client only with the version of MSMQ provided with Windows NT Option Pack. To install a PEC, PSC, or BSC on a cluster, you must first install the version of MSMQ provided with Windows NT Server/E before you can upgrade and install these server types with the version of MSMQ provided with Windows NT Option Pack.
You can install MSMQ on one computer (node) of the cluster, and then install MSMQ on the second computer (node) of the cluster. The cluster will continue to operate even when one computer in the cluster has been upgraded and the other computer has not. To install MSMQ on the second node of a cluster, you must first install Internet Information Server (IIS) and Microsoft Transaction Server (MTS) from the Windows NT Option Pack; you can then install MSMQ from the Windows NT Option Pack.
When specifying the name of the MSMQ server during MSMQ setup, you can specify whether or not you want to use a secured connection. If you choose to use a secured connection, and the MSMQ server does not have a trusted server certificate, the following warning message can appear when you install an MSMQ server or independent client:
"No Server Authentication. Setup cannot initiate a secured communications channel with the MSMQ server. Either the server or the computer on which you are installing MSMQ is not configured for secure communication, or there is an unauthorized server on your MSMQ network. As a result, all further communications with this server and other servers will not be secure until the servers and the computer on which you are installing MSMQ are properly configured.
For more information, contact your MSMQ administrator or see "Securing Communication Between Controller Servers" in the MSMQ Release Notes..."
You can control how unattended MSMQ Setup deals with this warning using the ServerAuthenticationOnly entry in the Msmqoptp.ini file (discussed in a previous section). If ServerAuthenticationOnly=True, unattended MSMQ Setup will exit if it cannot initiate a secured communications channel with the MQIS server, and attended Setup will show the above warning.
If ServerAuthenticationOnly=False, MSMQ Setup will continue even if it cannot initiate a secured communications channel with the MQIS server. If Setup cannot find the ServerAuthenticationOnly entry in the Msmqoptp.ini file, Setup functions as if ServerAuthenticationOnly is set to True.
For more information on configuring servers for secure communication either before or after installing MSMQ, see "Securing Controller Server Communications" in "Managing Your MSMQ Enterprise," in the MSMQ Administrator's Guide. For general information on securing controller server communication, see "Securing Communication with Controller Servers" in "Securing Your MSMQ Enterprise."
All computers running Windows 95 must have the network access control set to User Level Access Control. You can verify this in Control Panel with Network, on the Access Control tab.
These issues are covered in "Installing MSMQ," in the MSMQ Administrator's Guide.
Make sure all your MQIS administrators can be trusted to appropriately access information on all MQIS servers. With administrative access to just one MQIS server, an administrator can potentially obtain full access to any object in the MSMQ enterprise. This can be done for example, by taking ownership on the object and then changing its access permissions.
MSMQ counts Windows NT Server client access licenses (CALs). If no CALs are available, MSMQ-based applications fail to: send messages, open queues on remote computers, and open queues from clients. MSMQ enforces the following rules for counting CALs:
Important MSMQ-based applications tend to communicate with a larger number of servers than traditional network-based applications do. For this reason, per seat licensing may be more cost effective for your enterprise.
For more information on CALs and changing CALs, see "Licensing and License Manager," in Windows NT Server 4.0 Concepts and Planning.
MSMQ requires the use of Microsoft SQL Server 6.5 Service Pack 1 or Service Pack 3. MSMQ is not compatible with Microsoft SQL Server 6.5 Service Pack 2.
The Windows NT Option Pack compact disc contains an \MSMQ\SQL.SP3 folder. This folder contains SQL Server Service Pack 3, which you should install on any existing SQL Server installations that use Service Pack 2.
"Securing Your MSMQ Enterprise," in "Securing Communication with Controller Servers", in the MSMQ Administrator’s Guide, states:
"Communication between MSMQ controller servers is inherently secure because all the messages are signed and verified, based on information found in the MQIS database."
Although this is true, it does not explain that by default the initial communications are not secure between the MQIS server you are installing and its "parent" MQIS server (the PEC in case of a PSC; the PSC in case of a BSC). This initial communication (done through remote procedure call (RPC)) is not secure unless you configure the server for secure communication before installing MSMQ. For example, you can unknowingly install the MQIS server from an unauthorized MQIS server. However, once you install an MQIS server from an authentic server, all further communications with other MQIS servers are secure. To prevent the installation of MQIS servers from other unauthorized MQIS servers, configure the servers for secure communication before installing MSMQ on them.
Note Configuring MQIS servers for secure communication (even though communication between MSMQ controller servers is inherently secure) can also simplify the renewal of cryptographic keys. For example, if you renew the cryptographic keys of an MQIS server that has been configured for secure communication, the child server can automatically obtain the new public keys. However, if the parent MQIS server is not configured for secure communication, you must manually make changes to allow MQIS replication to resume between the two servers.
For more information on configuring servers for secure communication either before or after installing MSMQ, see "Securing Controller Server Communications" in "Managing Your MSMQ Enterprise," in the MSMQ Administrator's Guide. For general information on securing controller server communication, see "Securing Communication with Controller Servers" in "Securing Your MSMQ Enterprise."
All MSMQ computers except dependent clients use cryptographic keys. These cryptographic keys are used for various security operations in MSMQ. Users can renew the cryptographic keys using MS Message Queue in Control Panel.
For independent clients and MSMQ routing servers, the only implication of renewing the cryptographic keys is that private (encrypted) messages, which were encrypted according to the previous keys and were then sent to the computer, are rejected. This happens until the new public keys are propagated to all MQIS servers and the sending computers start using the new public key.
If you renew the cryptographic keys for a PEC, the enterprise PSCs reject any MQIS replication messages sent from the PEC. If you renew the cryptographic keys for a PSC, all its BSCs reject any MQIS replication messages sent from the PSC. This problem occurs only if the MQIS servers are not configured for secure communication.
If you renew the cryptographic keys of an MQIS server and all your MQIS servers are not configured for secure communication, use the following procedure to correct the problem:
If you want your MSMQ dependent clients to use secure communication with MQIS servers, you must override the default setting, which does not use secure communication between these computers.
To configure dependent clients to use secure communication with MQIS serversThe MSMQ Security feature guarantees full security of messages from the sending application to the destination queue. To guarantee full security, the receiving application and the queue must reside on the same computer (local read).
In the case of a remote read (such as reading a message from computer A when the queue is on computer B), only authorized users are able to open a queue for read. That is, the user must have the right access permissions for the queue. However, the message is not encrypted or authenticated when read by the receiving application over the network.
Message are not encrypted or authenticated when read remotely by the receiving application. To ensure integrity checking for each message sent to a remote reader, use Services in Control Panel to configure the Microsoft Message Queue Service of the reading computer to run under a domain user account (not the local system account).
Each MQIS server (the PEC, all PSCs, and all BSCs) must have at least one network adapter. The network adapter is required even if the server is a laptop computer or connects to the network only by modem through RAS.
The MSMQ Administrator's Guide states that "both the supporting server and the site controller server (PSC or PEC) must be online when you install an MSMQ dependent client." However, if the supporting server is not online, or if it has not yet been installed, you can still install the client.
The MSMQ dependent client Setup attempts to communicate with the specified supporting server. If the server does not respond, Setup displays a message telling you that the server is not reachable. You can either specify another server or click Cancel. If you click Cancel, Setup completes successfully, using the server name you entered. Using this feature, you can install dependent clients before you install the supporting server. However, you cannot configure the MS DTC service on computers running Windows 95 when the supporting server is offline.
For more information on configuring computers running Windows 95 to use the MS DTC service, see "MSMQ Dependent Client Configuration Procedure" in "Installing MSMQ," in the MSMQ Administrator’s Guide.
MSMQ uses its own certificate store to keep certification authorities (CA) certificates. At installation time, MSMQ will copy the list of CAs trusted by Microsoft Internet Explorer 4 (IE4) into its own certificate store.
To manage which CA is trusted by MSMQNote If you add a new CA into the IE4 certificate store, and you want the CA to be trusted by MSMQ, click System Certificates to import IE4 certificates into the MSMQ store.
Each user can use MS Message Queue in Control Panel to delete only her own certificates. However, administrators can use the Remove User Certificates option on the MSMQ Explorer Tools menu to delete other user certificates. To delete certificates of other users, the administrator must have Set Properties permission for the MSMQ enterprise.
MSMQ Explorer Help incorrectly states that you can search for computers using the following options: All Types, MSMQ routing servers, Backup site controllers, and Primary site controllers. The valid options are: All Types, MSMQ Servers, Site Controllers, and Primary Site Controllers.
All Types returns all MSMQ computers. MSMQ Servers returns all MSMQ servers. Site Controllers returns all BSCs, PSCs, and the PEC. Primary Site Controllers returns all PSCs and the PEC.
Do not use any multihomed, MSMQ independent client with two network cards on two different IP CNs if there is an MSMQ server with two network cards on the same two IP CNs in the same site. Otherwise, the MSMQ independent client may fail to send or receive messages.
Visual Basic® scripts under Active Server Pages (ASP) run under the security of the account running the IIS service (w3svc). If that account is a local account, MSMQ messages sent by Visual Basic scripts under ASP on that computer are sent with no Security Identifier (SID). Therefore, the message successfully arrives at its target only if the target queue does not restrict incoming messages.
Note This programming consideration applies to any service or process running under a local account. Local accounts do not have valid credentials on other machines and therefore can access MSMQ queues only if the access requested is granted to all accounts.
RAS IP addresses of MSMQ Servers (PEC, PSC, BSC, and Routing Servers) must not be published in MQIS. Only LAN addresses should be published in MQIS.
After you set up MSMQ servers that use RAS, you should use MSMQ Explorer to verify that no RAS IP addresses are listed in the MQIS.
Define an additional static (non-DHCP) IP address on your LAN in the same IP subnet as the RAS address. This applies only if you do not have an IP LAN address in the same CN as your RAS IP address.
To define an additional static IP address in the same IP subnetMSMQ Explorer can display only 20,000 messages in a queue. If there are more than 20,000 messages in a queue, MSMQ displays the following message below the last message displayed:
"Additional messages cannot be displayed"
You must stop the MSMQ Exchange connector service before you run Setup. If you run MSMQ Setup from the Start menu to add or remove components, reinstall MSMQ, or remove MSMQ, and if the MSMQ Exchange connector service is running on that computer, Setup displays a message stating that an MSMQ-based application is running, and then Setup exits.
To stop the MSMQ Exchange connector serviceIf you install an MQIS server (PEC, PSC, or BSC), remove it, install an MSMQ routing server, and then remove SQL Server, the MSMQ routing server will be unable to process coordinated transactions. This problem occurs because SQL Server Setup, when used to remove SQL Server, also removes MS DTC.
To avoid this situation, remove SQL Server before installing the MSMQ routing server.
Windows NT 4.0 Service Pack 3 includes an enhanced version of the Microsoft remote procedure call (RPC) facility, which includes a new message-based asynchronous model and support for running RPC over MSMQ.
If your enterprise consists of a large number of site controller (PSC or BSC) servers, you may want to disable automatic switching of site controller servers by MSMQ Routing servers or clients for performance reasons.
You can control which site controller server is accessed by an MSMQ Routing server or client by adding a value entry to the Windows NT registry using the Registry Editor. To start the Registry Editor, open an MS-DOS command-prompt window, and then type regedit or regedt32.
The new registry entry name is StaticMQISServer, the data type is REG_SZ, and the value is a list of site controller server names, each prefixed with two protocol flags. The path you should add the entry under is as follows:
HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet
\Services
\MSMQ
\Parameters
\MachineCache
As an example, see the MQISServer entry under the same path.
Important Before editing the registry, it is recommended that you create a backup of your configuration file. If you introduce an error in the registry and your computer becomes nonfunctional, you can use the backup configuration file to restore your computer settings.
This section documents problems known at the time of release of MSMQ.
If you are upgrading from the version of MSMQ provided with Windows NT Server/E to the version of MSMQ provided with the Windows NT Option Pack, the following events can occur during Setup:
The section "MSMQ Server Naming" in "Before You Begin" is incorrect. MSMQ servers are called routing servers for both the Windows NT 4.0 Option Pack and for Windows NT Server/E.
"Determining the Size of the Information Store", in "Deploying MSMQ," in the MSMQ Administrator's Guide describes the default MQIS database size as 50 MB, with an 8-MB log file. This is incorrect. This is incorrect. The default MQIS database size is 80 MB, with a 20-MB log file.
The "MSMQ Dependent Clients" section in "Understanding MSMQ" in the MSMQ Administrator's Guide states:
"MSMQ servers can support up to 15 dependent clients."
This is incorrect. The number of dependent clients that an MSMQ server can support is based on the number of CALs available on the server. For more information, see "MSMQ and Windows NT Server CALs" earlier in this document.
The "MSMQ Setup" section in "Before You Begin" states:
"You can install MSMQ independent clients and dependent clients on computers running Windows NT Workstation 4.0 or Windows 95. You cannot install MSMQ clients on computers running Windows NT Server."
This is incorrect. You can install MSMQ independent and dependent clients on computers running Windows NT Server, Windows NT Workstation, or Windows 95.
The "MSMQ Setup" section in "Before You Begin" states:
"You should not install the version of MSMQ provided with the Windows NT 4.0 Option Pack on a computer running Windows NT Server/E. You should instead install the version of MSMQ that is provided with Windows NT Server/E. "
This is incorrect. You can install the version of MSMQ provided with the Windows NT 4.0 Option Pack on a computer running Windows NT Server/E. However, you forfeit the use of the limited edition of SQL Server 6.5 that is provided with Windows NT Server/E if you install the version of MSMQ provided with the Windows NT 4.0 Option Pack.
"Managing Your MSMQ Enterprise," in the MSMQ Administrator's Guide describes the renaming of MSMQ dependent clients, independent clients, and routing servers. This is supported only for dependent clients.
Note To rename a computer running MSMQ, you must uninstall MSMQ, rename the computer, and reinstall MSMQ. This procedure deletes all the queues that are on the computer. You must re-create the queues after you reinstall MSMQ.
"Securing MSMQ," in the MSMQ Administrator's Guide, documents the Create Route Server special access permission. This is not the correct name for the permission. The special access permission is Create Routing Server. This error appears in table 5.2, table 5.6, and in "Auditing a Site" in that section.
"Creating a Custom Managing Application" in "Managing Your MSMQ Enterprise" in the MSMQ Administrator's Guide states:
"The ActiveX controls provided by MSMQ can be used to:
- Create sites, CNs, and computers
- Change CNs, InRSs, and OutRSs for computers
- Change site gate settings for the PEC and PSCs
- View enterprise settings"
This functionality is not available in MSMQ version 1.0.
The procedure for installing the MSMQ Software Development Kit (SDK) is incorrect in the MSMQ Programmer's Reference. The correct procedure for installing the SDK after MSMQ is installed is as follows:
© 1997 Microsoft Corporation. All rights reserved.
These materials are provided "as-is," for informational purposes only.
Neither Microsoft nor its suppliers makes any warranty, express or implied with respect to the content of these materials or the accuracy of any information contained herein, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose. Because some states/jurisdictions do not allow exclusions of implied warranties, the above limitation may not apply to you.
Neither Microsoft nor its suppliers shall have any liability for any damages whatsoever including consequential, incidental, direct, indirect, special, and lost profits. Because some states/jurisdictions do not allow exclusions of implied warranties, the above limitation may not apply to you. In any event, Microsoft's and its suppliers' entire liability in any manner arising out of these materials, whether by tort, contract, or otherwise shall not exceed the suggested retail price of these materials.