MSMQ:死信队列中的“签名无效”
[英]MSMQ: “The signature is invalid” in dead letter queue
问题描述
I am getting the error 
我收到了错误
The signature is invalid
when sending messages to a W2008 server from a W2012 server. 从W2012服务器向W2008服务器发送消息时。 The messages are received on the destination server, but fall to Dead letter queue, with this error message. 消息在目标服务器上接收,但落入死信队列,并显示此错误消息。
The same tool is able to send messages successfully to the same W2012 server from my workstation. 同一工具能够从我的工作站成功将消息发送到同一W2012服务器。
Using Manage console, at Computer Management, item Message Queuing, tab sender, i can see that the message sender account was identified correctly but not authenticated . 使用管理控制台,在计算机管理,项目消息队列,选项卡发件人,我可以看到消息发件人帐户已正确识别但未经过身份验证 。
2 个解决方案
解决方案1
0 已采纳 2017-05-23 14:54:57
Find out the problem is the same i had before, but with a different message. 找出问题与以前一样,但有不同的信息。 The problem is that the sender is using a weak certificate algorithm. 问题是发件人使用弱证书算法。
To allow weak certificate algorithm i added this key to registry on the server machine: 为了允许弱证书算法,我将此密钥添加到服务器计算机上的注册表:
HKLM\\SOFTWARE\\Microsoft\\MSMQ\\Parameters\\Security\\WeakHashAlgorithms HKLM \\ SOFTWARE \\微软\\ MSMQ \\参数\\安全\\ WeakHashAlgorithms
and restart MSMQ service. 并重新启动MSMQ服务。
Then i also needed to register the certificate for the sender account at the sender machine. 然后我还需要在发件人机器上注册发件人帐户的证书。 Using again Microsoft Management Console, opening Properties of Message Queuing, remove and register the certificate for the account using the User Certificate tab. 再次使用Microsoft管理控制台,打开消息队列的属性,使用“ User Certificate选项卡删除并注册该帐户的User Certificate 。
The certificate can then be registered again, using Register button. 然后可以使用“ Register按钮再次Register证书。 Not sure but i think that the registry can be done automatically by MSMQ when a message is received from the client. 不确定,但我认为当从客户端收到消息时,MSMQ可以自动完成注册表。
Hope this help someone in the future. 希望这能帮助将来的某个人。
解决方案2
0 2019-02-26 13:41:23
Other solution, that i almost add to apply, is to remove the Signature Validation from the queue. 我几乎要添加的其他解决方案是从队列中删除签名验证。 To do this, do the following: 为此,请执行以下操作:
- At the queue properties window, uncheck
Validationbox在队列属性窗口中,取消选中“ Validation框 - At the security tab of the property window, add permissions to send (default) for the user ANONYMOUS LOGON. 在属性窗口的安全选项卡中,为用户ANONYMOUS LOGON添加要发送(默认)的权限。
The WCF default netmsmq
msmqAuthenticationModeisWindowsDomainfor transport level security, so to not use security at all the binding should be:WCF默认netmsmq msmqAuthenticationMode是用于传输级安全性的WindowsDomain,因此要在所有绑定中不使用安全性应该是:<binding name="noSecurity"> <security mode="None" /> </binding>Security settings have to be the same in both ends, client and service.
安全设置必须在两端,客户端和服务中相同。 WCF will not let the service accept an message not properly signed if the service is configuration to receive Authenticated messages. 如果服务是配置以接收经过身份验证的消息,则WCF将不允许服务接受未正确签名的消息。 If there are already clients using the queue, a secondary queue can be created for nonsigned messages.
如果已有客户端使用该队列,则可以为非签名消息创建辅助队列。 WCF services can listen to more then one queue. WCF服务可以侦听多个队列。 Still, the sender and receiver have to have permissions on the queue ACL in able to use it. 但是,发送方和接收方必须拥有队列ACL的权限才能使用它。
Note that this action will allow anyone in the network to send messages to the queue. 请注意,此操作将允许网络中的任何人向队列发送消息。
For more information read " Allow anonymous users to send to the queue " page topic. 有关更多信息,请阅读“ 允许匿名用户发送到队列 ”页面主题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.