Reading Messages from Remote Queues

  • Article

 

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

Although remote read operations are not part of the optimal messaging model, reading messages from remote nontransactional queues is fully supported. Remote reading is typically used to distribute the work load among servers. Remote reading is a high-overhead and therefore inefficient process. Including remote read operations in an application limits scaling.

Message Queuing supports sending transactional messages to remote queues, but does not support reading messages from a remote queue within a transaction. This means that reliable, exactly-once reception is not available from remote queues.

Messages can be retrieved from a remote private queue on an MSMQ 3.0 computer when either the local or remote computer is operating in workgroup mode only if the queue's default security descriptor is changed to grant the Receive Message permission to anonymous users.

Message Queuing does not support reading of messages from a remote queue if the remote queue resides in a different AD forest.

Secured Remote Read

MSMQ 3.0 provides a new secured remote read API that enhances the security of the old remote read API supplied with previous versions of the Windows operating system and allows applications running on Message Queuing servers to read messages from remote queues in a more secure way.

Following the installation of Message Queuing on a computer running a member of the Windows Server family, MSMQ 3.0 can accept requests from both the old remote read API and the new secured remote read API, and the following default settings are applied:

  • MSMQ 3.0 applications running on computers running a member of the Windows Server family in the same forest as the MSMQ 3.0 server hosting the queue containing the message to be read will use the secured remote read API in an encrypted channel.

  • MSMQ 3.0 applications running a member of the Windows Server family in non-trusted domains will use the secured remote read API. By default, the MSMQ 3.0 server hosting the queue containing the message to be read requires other domain computers making read requests to establish an encrypted channel, but such a channel cannot be established between non-trusted domains. Thus, remote read requests from non-trusted computers will be rejected. To modify this default behavior and allow the Message Queuing server to accept requests from domain computers that do not establish an encrypted channel, add the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\Security\NewRemoteReadServerAllowNoneSecurityClient registry entry (a DWORD) and set it to 1.

  • Applications running on computers running a member of the Windows Server family with MSMQ 3.0 installed in workgroup mode will use the secured remote read API. Workgroup computers cannot establish an encrypted channel for remote reading, and, by default, the Message Queuing server hosting the queue containing the message to be read accepts requests from workgroup computers on a non-encrypted channel. To modify this default behavior so that the MSMQ 3.0 server rejects requests from workgroup computers, add the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\Security\NewRemoteReadServerDenyWorkgroupClient registry entry (a DWORD) and set it to 1.

  • MSMQ 1.0 and MSMQ 2.0 applications and MSMQ 3.0 applications running on Windows computers will use the old remote read API. If you enable your MSMQ 3.0 server to use only the secured remote read API, the computer does not accept requests from the old remote read API, and remote read requests from these computers are not supported.

In the secured remote reading mode, a computer running a member of the Windows Server family will accept requests only from the new secured remote read API, and not from the old remote read API. The effect of this is that only MSMQ 3.0 applications running on computers running a member of the Windows Server family can remotely receive messages from queues on a computer running a member of the Windows Server family, and requests for remote read operations from MSMQ 1.0 and MSMQ 2.0 applications as well as MSMQ 3.0 applications running on Windows computers are not supported. For instructions on enabling a computer running a member of the Windows Server family to use only the new secured mode, see the online Help on a computer running a member of the Windows Server family.