I have a WCF service hosted in IIS/AppFabric running on Windows Server 2012R2. The service is bound to a local transactional MSMQ queue via netMsmqBinding. My operations are decorated with TransactionScopeRequired = true. The service operations recieves calls from a BizTalk server, handles them and send responses back to a remote queue (on the same BizTalk Server), also via a netMsmqBinding.
<endpoint name="Outbound" address="net.msmq://int01test.mydomain.com/private/queue.name" binding="netMsmqBinding" bindingConfiguration="QueueBindingConfigurationOutbound" contract="My.Outbound.Contract" /> <netMsmqBinding> <binding name="QueueBindingConfigurationOutbound"> <security> <transport msmqAuthenticationMode="WindowsDomain" msmqProtectionLevel="Sign" /> </security> </binding> </netMsmqBinding>
In the testing environment this works as intended.
Physical setup in testing environment: Server int01test.mydomain.com hosts a BizTalk server and my inbound queue. This runs under service account mydomain\inttestuser. Server app01test.mydomain.com hosts my application (IIS/AppFabric), my database (SQL server) and my outbound queue. This runs under service account mydomain\apptestuser.
When this solution is promoted to the acceptance testing environment, calls are still handled, but the responses are blocked with error message:
System.ServiceModel.EndpointNotFoundException: An error occurred while opening the queue:Unrecognized error -1072824317 (0xc00e0003). The message cannot be sent or received from the queue. Ensure that MSMQ is installed and running. Also ensure that the queue is available to open with the required access mode and authorization. ---> System.ServiceModel.MsmqException: An error occurred while opening the queue:Unrecognized error -1072824317 (0xc00e0003). The message cannot be sent or received from the queue. Ensure that MSMQ is installed and running. Also ensure that the queue is available to open with the required access mode and authorization.
In the testing environment, my service and my database is running on a single server instance. (The BizTalk Server and it's queue, the target of my outbound messages, is on another server though) In the acceptance testing environment, my solution is deployed on two load balanced servers and the database is on a separate cluster. There are also more strict external firewall rules to mimic the production environment. Even the BizTalk server is clustered, though we communicate machine-to-machine rather than cluster-to-cluster right now.
So setup in QA Environment is: Server int01qa.mydomain.com (clustered with int02qa.mydomain.com) hosts a BizTalk server and my inbound queue. This runs under service account mydomain\intqauser. Server app01qa.mydomain.com (clustered with app02qa.mydomain.com) hosts my application (IIS/AppFabric) and my outbound queue. This runs under service account mydomain\appqauser. Server db01qa.mydomain.com hosts my database.
The problem turned out to be that MSMQ couldn't find a certificate for the app pool user. That is, the 0xc00e0003, MQ_ERROR_QUEUE_NOT_FOUND was really caused by a 0xC00E002F, MQ_ERROR_NO_INTERNAL_USER_CERT Changing security settings to
<transport msmqAuthenticationMode="None" msmqProtectionLevel="None" />
enabled messages to be sent. The real solution, of course, is not to disable security but to ensure that the app pool users cerificate is installed in msmq.