Hi, I have a BizTalk Server 2009 Standard running on Windows Server 2008 R2 Standard with SQL Server 2008. The BizTalk application is configured to connect to a private Message Queue(RemoteServer\private$\AppName) on a remote server . One of the receive locations of the BizTalk Application is configured for authentication to the remote queue. From the command line I can connect successfully to any shares on the remote server :

C:\Users\Administrator>NET USE * \\RemoteServer\temp* /USER:RemoteServer\LocalUser

Type the password for \\RemoteServer\temp:
Drive Y: is now connected to \\RemoteServer\temp.

The command completed successfully.

However with the same LocalUser configured under Receive Locations(MSMQ transport type) I get the following error:

Event Type:    Warning
Event Source:    BizTalk Server 2009
Event Category:    (1)
Event ID:    5740
Date:        25.06.2010
Time:        17:52:26
User:        N/A
Computer:    ServerName
Description:
The adapter "MSMQ" raised an error message. Details "The user does not have permissions to receive messages.
 Please check the queue permissions. ".

LocalUser has Full access on the private message queue.

Background: We have migrated the application from a Windows Server 2003/BizTalk 2006 server to the current one(Export/Import Application + Bindings). If we test on the old system it works perfectly with the same user and same remote system.

Is there an issue with BizTalk 2009 in this regard?

Thanks.

 

• Changed type Steef-Jan WiggersMVP, Moderator Tuesday, August 30, 2011 9:24 AM No repsonse

Hi,

There is another thread on this forum dicussing similar situation. For know issues I like to refer to Known Issues with the MSMQ Adapter. Also look at the best practices for MSMQ.

HTH

Regards,

Steef-Jan Wiggers
MCTS BizTalk Server
http://soa-thoughts.blogspot.com/
If this answers your question please mark it accordingly

Hi,

The MSMQ Adapter runs in a host instance.  The host instance (service) runs under a local or domain account depending on how BizTalk was installed.  This is the account you would like to grant access to the remote MSMQ queue.  As it is the account which actual invokes the call to the remote queue.

Thanks,

William

Also note that BizTalk 2009 is not officially supported on Windows Server 2008 R2.  BizTalk 2010 will support Windows Server 2008 R2.

Thanks for all of your answers:

@Jan: The link to the thread in your post is invalid(HTML 404)

@willjr20: Your suggestion brings us closer to the solution. What I forgot to mention is the fact that the BizTalk Server is a domain-member whereas the remote server with the private queue is in a DMZ and not part of the domain. The firewall between the two servers allows however every kind of communication between the two server (any-any protocols/ports in both directions). The remote MSMQ in non-transactional. I checked the security log on the remote server and I can confirm that the domain account under which the BizTalk Host instance runs tries and fails to authenticate with the remote server. I got the following error(please note: the reason the remote server throws the "password expired" error is because it's unable to check the logon information with the active directory since it is not a domain member):

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          26.06.2010 14:38:24
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      RemoteServer
Description:
An account failed to log on.

Subject:
    Security ID:        NULL SID
    Account Name:        -
    Account Domain:        -
    Logon ID:        0x0

Logon Type:            3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:        BizTalk_Host_DomainUser
    Account Domain:        DomainName

Failure Information:
    Failure Reason:        The specified account's password has expired.
    Status:            0xc0000224
    Sub Status:        0x0

Process Information:
    Caller Process ID:    0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:    BizTalkServer
    Source Network Address:    BizTalkServer IP Adress
    Source Port:        62826

Detailed Authentication Information:
    Logon Process:        NtLmSsp
    Authentication Package:    NTLM
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2010-06-26T12:38:24.880Z" />
    <EventRecordID>71608</EventRecordID>
    <Correlation />
    <Execution ProcessID="672" ThreadID="1040" />
    <Channel>Security</Channel>
    <Computer>RemoteServer</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">BizTalk_Host_DomainUser</Data>
    <Data Name="TargetDomainName">DomainName</Data>
    <Data Name="Status">0xc0000224</Data>
    <Data Name="FailureReason">%%2309</Data>
    <Data Name="SubStatus">0x0</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">NtLmSsp </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">BizTalkServer</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">BizTalkServer IP Adress</Data>
    <Data Name="IpPort">62826</Data>
  </EventData>
</Event>

 

At the same time the BizTalk Server throws the following error:

Event Type:    Warning
Event Source:    BizTalk Server 2009
Event Category:    (1)
Event ID:    5740
Date:        26.06.2010
Time:        14:49:46
User:        N/A
Computer:   BizTalk Server
Description:
The adapter "MSMQ" raised an error message. Details "0".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

Is there a way to add the domain user under which the BizTalk Host Instance runs to the isolated server in the DMZ?

Please also note that this constellation(BizTalk domain member - remote server DMZ) did function with Windows Server2003/BizTalk 2006.

 

Thanks a lot!

 

Exactly the similar situation I am facing .Using BTS 2010 win Win 2008 R2

Also the strange thing is that , it suddenly stopped working with this error ,which means it was working fine .

MSMQ Adapter trying to read messages from Private Non-Transactional Q from a server across another domain.

Checked Everything like Firewall. All seems ok. Checked user credentials .. Everything seems ok. Clueless as it simply says ...

The adapter "MSMQ" raised an error message. Details "The user does not have permissions to receive messages.
 Please check the queue permissions. ".

 

Anybody has any resolution , would be highly appreciated.Thanks

Same problems here, except public non-transactional queues.

The BizTalk setup is Windows Server 2008 R2 / BizTalk 2010. Message queues are on the same domain on another Windows Server 2008 R2 server, no firewall between.

Event log error message details were:
Event Type:    Warning
Event ID:    5740
The adapter "MSMQ" raised an error message. Details "0".

I can see that the account I use in the MSMQ adapter configuration successfully logs on to the server where queues are. At the same time the warning is logged to biztalk server event log.

Does anyone have an idea how this could be resolved? Would be greatly appreciated.

 

• Edited by maakku Thursday, September 08, 2011 1:19 PM

Was a account related issue, account used in the adapter configuration was from a different domain than the queues.

HI Maaku,

We are also facing the same issue, I have performed the below steps to resolve this issue -->

1. Restarted the Message Queuing and MSMQTriggers 

2. Restarted the DTC Service

3. Restarted the Host on which that MSMQ Receive Location resides.

4. Restarted MSMQ Receive Location

Messages are not getting picked up by Receive Location and no warning coming now.

Regards,

Akshay Shaha

Its working now with the above steps mentioned.