Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

the security descriptor cannot be set

3,754 views

Skip to first unread message

Sam

unread,

Dec 6, 2007, 5:51:00 AM12/6/07

Hello, i am using msmq within a windows service.
Queues are created by a .Net windows service (first it was running as local
account then i changed the user to User1)
I am logged in as administrator and when i want to modify the queues
permissions i am getting "the security descriptor cannot be set, access is
denied"
I cannot even take ownership ok the queues, the current owner is "ANONYMOUS
LOGON"
I cant access, delete nor change permissions on the queues, how can i take
ownership, delete or add permissions to the queues?

I searched a lot and couldn't find the solution anywhere

Thanks
Sam

John Breakwell (MSFT)

unread,

Dec 7, 2007, 9:01:22 AM12/7/07

Hi Sam,

If this is a Public queue then the issue is with permissions on the Active
Directory object.
Check the security properties of the msmq object in "AD Users and
Computers".
Maybe you have a Deny on set properties, for example, that is blocking you.

If this is a Private queue then the permissions are stored in a text file in
the storage\lqs directory on the MSMQ machine.

174307 Interpreting file names in the Storage directory
http://support.microsoft.com/default.aspx?scid=kb;EN-US;174307

Here is an example configuration file for a private queue I just created
called TESTTX:

[Properties]
Label=private$\testtx
Type=00000000-0000-0000-0000-000000000000
QueueName=\private$\testtx
Journal=00
Quota=4294967295
Security=010007808c000000a8000000000000001400000002007800040000000000140024000200010100000000000100000000000014000400000001010000000000050700000000002400200002000105000000000005150000006b4398667e2d941be97ab95bdb6f2800000024003f000f000105000000000005150000006b4398667e2d941be97ab95be48700000105000000000005150000006b4398667e2d941be97ab95be48700000105000000000005150000006b4398667e2d941be97ab95b01020000
JournalQuota=4294967295
CreateTime=1172240801
BasePriority=0
ModifyTime=1172240801
Authenticate=00
PrivLevel=1
Transaction=01
SystemQueue=00
Signature=DoronJ

If the security permissions are no longer good then you can edit the
Security field and save the file.
The steps are as follows:

1. Create a NEW queue with good permissions that allow you to administer the
queue
2. Open up the configuration file for the new queue
3. Copy the whole “Security=xxxxxxxxxxxx” string
4. Open up the configuration file for the old queue
5. Paste in the copied “Security=xxxxxxxxxxxx” string over the existing one
6. Save the file
7. Restart MSMQ

If you have performed the steps correctly then the old queue should become
visible.

Cheers
John Breakwell

"Sam" <S...@discussions.microsoft.com> wrote in message
news:282A12B5-4C26-4A55...@microsoft.com...

0 new messages