locked
MSMQ in a RODC env? RRS feed

  • Question

  • hi out there

    We have a webserver in a RODC DMZ zone where we need to give support for MS MSMQ 5.0. We have installed MSMQ on the webserver (needed to move it from the local RODC to a writeable DC temporarily to do this) but are not able to browse public queues. So - since the RODC in the local site hasn't got MSMQ enabled I eopxect that I need to do this (even though it is not stated any where that it is supported In a RODC zone - but neither that it isn't) but I can see that when installing it we need to grant the "Network Service" account the Create MSMQ Configuration Objects permissions on the computer object in the AD DS before installing the DS integration feature on a computer that is domain controller - so - this will conflict with the concept of a RODC as far as I can see - we are not able to write in the AD on a RODC - so what can I do?

    How do I install AD integrated MSMQ on a RODC site?

    best regards /Thomas iwang

    Wednesday, November 19, 2014 1:23 PM

Answers

  • Hi,

    Sorry for the delay reply.

    According to the error message, the most likely cause is that the local computer cannot   connect to a Microsoft Message Queueing server with Active Directory (AD) in   the domain due to an invalid Domain Name System (DNS) search order. A   connection with an Active Directory server requires that DNS be able to resolve   to the domain suffix name of the AD server.

    http://support.microsoft.com/kb/254405

    Regards.


    Vivian Wang

    • Proposed as answer by Vivian_Wang Tuesday, December 2, 2014 6:36 AM
    • Marked as answer by Vivian_Wang Friday, December 5, 2014 6:59 AM
    Wednesday, November 26, 2014 2:45 AM

All replies

  • This doesn't really answer your question from a MSMQ with RODCs supported or not perspective, but as long as the write is taking place over LDAP against the RODC, a referral is generated to the nearest writable DC and the data is written there and then replicated back to the RODC, so this should be seamless (unless MSMQ expect to read that value off the RODC directly before it has replicated back).

     

    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Wednesday, November 19, 2014 4:44 PM
  • hi again

    ok - make sense - now have I just first started on the project where we are a bit in doubt what is working and what not - we have opened the relevant ports on the firewall in between but since we are not 100% sure which box iss talking with what it takes a bit time.

    When I try to open "public queues" on the webserver the MSC hangs for long time and gives a error back:

    "Active directory Domain Services cannot be queried."

    Error: A connection with Active Directory Domain Services cannot be established. Verify that there are sifficent permissions to perform this operation.

    The local RODC hasn't got the MSMQ protocol installed - not MSMQ routing or the MSMQ DCOM Proxie - should some of these features be installed on the local DC (RODC) also since this in fact is to be looked at as a remote site?

    Thursday, November 20, 2014 9:15 AM
  • Hi,

    Sorry for the delay reply.

    According to the error message, the most likely cause is that the local computer cannot   connect to a Microsoft Message Queueing server with Active Directory (AD) in   the domain due to an invalid Domain Name System (DNS) search order. A   connection with an Active Directory server requires that DNS be able to resolve   to the domain suffix name of the AD server.

    http://support.microsoft.com/kb/254405

    Regards.


    Vivian Wang

    • Proposed as answer by Vivian_Wang Tuesday, December 2, 2014 6:36 AM
    • Marked as answer by Vivian_Wang Friday, December 5, 2014 6:59 AM
    Wednesday, November 26, 2014 2:45 AM
  • Hi,

    Any update about the issue?

    Regards.


    Vivian Wang

    Monday, December 1, 2014 7:09 AM