Event ID 2190 — Message Queuing Operation
Applies To: Windows Server 2008
Message Queuing operation provides message authentication, message encryption, dead-letter queues, security settings, and other basic features. If Message Queuing has problems with any of these features, proper Message Queuing operation may suffer.
Event Details
Product: | Windows Operating System |
ID: | 2190 |
Source: | MSMQ |
Version: | 6.0 |
Symbolic Name: | EVENT_MQCONN_GENERIC_SSL_NEGOTIATION_FAILURE |
Message: | Message Queuing could not complete SSL negotiation with the remote computer. This event is logged at most once per %1 seconds. To change this setting, set \HKLM\Software\Microsoft\MSMQ\Parameters\Event2190 registry value to desired time in seconds. |
Resolve
Confirm configuration of SSL/HTTPS for Message Queuing
This issue may have one of the following causes:
- The server certificate may not be installed properly. For more information about Message Queuing with Secure Hypertext Transfer Protocol (HTTPS), including information about server certificates as they apply to Message Queuing, see HTTPS Authentication (https://go.microsoft.com/fwlink/?LinkId=104331).
- The remote computer may not be listening with HTTPS on port 443 (SSL). You can use the procedure "Determine if the computer is listening on port 443" to determine if this is the issue.
- The Windows Firewall may be blocking communicaqtion over port 443. You can use the procedure "Ensure that Windows Firewall is allowing communication over port 443" to determine if this is the issue.
To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.
Determine if the computer is listening on port 443
To determine if the computer is listening on port 443:
Open a command prompt. To run open a command prompt, click Start. In the search box, type cmd, and then press ENTER.
At the command prompt, type netstat -aon, and then press ENTER. A list of listening and active ports and services is output by the command.
If the computer is listening on TCP port 443, the following local address entries will appear in resulting list when you run the netstat -aon command: 0.0.0.0:443 (IPv4) [::]:443 (IPv6).
Ensure that Windows Firewall is allowing communication over port 443
To ensure that Windows Firewall is allowing communication over port 443:
- Click Start, point to Administrative Tools, and then click Windows Firewall with Advanced Security.
- If you are prompted, enter Administrator credentials, and then continue through the User Access Control messages.
- In the console tree, click Inbound Rules. The rules appear in the details pane. Note that it may take a few seconds for the rules to load and appear.
- Locate the rule World Wide Web Services (HTTPS Traffic-In) listening on local port 443. (You may have to scroll to see the port that a rule is listening on.)
- Make sure that the rule is Enabled,the rule’s Action is set to Allow the connections, and the network profile type of the computer’s Internet connection matches the profile that the rule applies to (Public, Private, or Domain). The default profile for this rule is Any.
If you need help figuring out which machine SSL negotiation failed (the remote computer), contact Microsoft Customer Service and Support (CSS) to take a Message Queuing trace. For information about how to contact CSS, see Enterprise Support (https://go.microsoft.com/fwlink/?LinkId=52267).
Verify
Verify that the MSMQ Service is installed and running.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To verify that the MSMQ Service is installed and running:
- Open the Services snap-in. To open Services, click Start. In the search box, type services.msc, and then press ENTER.
- Locate the Message Queuing service, and confirm that the value in the Status column is Started.