Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

MSMQ: read from remote queue over the internet via tcp/ip

2,003 views
Skip to first unread message

Elpaggio

unread,
Apr 20, 2007, 5:42:03 AM4/20/07
to
Hi out there

Is it really impossible to read messages from a remote queue located
somewhere outside your own network(over the internet via TCP/IP) without
using VPN or something?

I know nobody would recommend that for security reasons, but say that you
want to communicate with a Windows Service located on a remote computer(b)
and that computer sits behind a firewall unable to open any ports. It would
be possible to communicate with this computer(b) if it is able to listen and
receive messages on a queue located on your local computer(a) over the
internet(TCP/IP, not http) which would have opened for the required tcp
ports.

I know its possible for the computer(b) to send messages to a private queue
on computer(a) via the internet(TCP/IP) if the required ports are open on
computer(a), but I can't receive/read messages from computer(a).

Does anyone have any suggestions? I would really appreciate that. Thanks in
advance

Cheers, Elpaggio

John Breakwell (MSFT)

unread,
Apr 20, 2007, 6:37:28 AM4/20/07
to
This is a standard firewall configuration problem that affects every network
protocol.
If you can't open the right ports then you can't use the protcol that needs
them.

For MSMQ we send to remote queues over port 1801 or 80.
We receive from remote queues using RPC (port 135 and so on).

So you can see that MSMQ was not initially designed for receiving messages
over the Internet.
15-ish years ago, when the protocol choices were first made, MSMQ would have
been running on a private LAN product and customers didn't really have to
worry too much about port blocking, viruses, etc. This means that in 2007,
using MSMQ across the Internet requires a lot of thought about security. Few
ISPs, for example, are going to open up the RPC ports to the Internet enough
for you.

Bottom line is you need to configure the firewall to open up RPC for remote
reads.

178517 TCP ports, UDP ports, and RPC ports that are used by Message Queuing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;178517
"Message Queuing Independent Clients and Servers listen on fixed TCP port
2103 and 2105 for RPC-based remote reads of their public queues and private
queues."
"There is a dynamic RPC port that is assigned by the RPC layer for
handshaking with an Independent Client or with an RPC server for the Message
Queuing Server to determine the fixed ports. This is typically port 135."

183293 How To Configure a Firewall for MSMQ Access
http://support.microsoft.com/default.aspx?scid=kb;EN-US;183293

"Example 3: Full Send-Receive Access
Allowing traffic to ports 2103 and 2105 permits the outside IDCs to read
from queues on the server and from computers on its connected network. This
also allows send-receive for DCs. No send or receive from a DC is possible
unless these ports are open."

838259 How to provide access to an internal Message Queuing server by using
ISA Server 2004
http://support.microsoft.com/default.aspx?scid=kb;EN-US;838259

839880 How to troubleshoot RPC Endpoint Mapper errors
http://support.microsoft.com/default.aspx?scid=kb;EN-US;839880

Cheers
John Breakwell

"Elpaggio" <Elpa...@discussions.microsoft.com> wrote in message
news:957B7399-29A6-4203...@microsoft.com...

Elpaggio

unread,
Apr 20, 2007, 8:10:03 AM4/20/07
to
Thank you very much John for your quick reply which really summarized that it
is indeed possible for a client to do a remote read over the internet(TCP/IP)
on a private queue hosted by MSMQ on a server(eg. Win2003) if the right ports
are open. I didn't know if reads where supported in that way. We have a Win
2003 server running MSMQ 3.0 hosting a private queue from which i want
different clients from remote machines and networks to listen/read. I have
opened port 1801, 135, 2103 & 2105 specified in the articles. I can send
messages to the private queue from remote machines using
FormatName:DIRECT=TCP:xx.xxx.xxx.xxx\\private$\\requestchannel_test", but I
still can't read from that queue from remote machines. using the same format.
I have tried to set security permissions on the queue to Full Access for
users: Anonymous Login and Everybody. It's still not possible. How can I
troubleshoot this further. Can't seem to find out how use the MSMQlog.bin and
how to do audit on the queue. Any suggestions?
Best regards, Elpaggio

John Breakwell (MSFT)

unread,
Apr 20, 2007, 8:19:36 AM4/20/07
to
You are encountering security changes in MSMQ 3.0:
http://blogs.msdn.com/johnbreakwell/archive/2007/01/15/msmq-3-0-too-secure-for-you.aspx

Cheers
John Breakwell


"Elpaggio" <Elpa...@discussions.microsoft.com> wrote in message

news:77251768-B1B0-495E...@microsoft.com...

0 new messages