Message Queuing could not authenticate a message sent to queue.

Microsoft.MSMQ.2008.Rule.Alert.Event2195 (Rule)

Message Queuing could not authenticate a message sent to queue. The message was rejected because the queue only accepts authenticated messages. A negative arrival acknowledgement will be sent if requested by the sender.

Knowledge Base article:

Summary

Causes

Because the queue accepts only authenticated messages, messages that are sent to the queue must be authenticated and signed with a certificate, which is registered in Active Directory Domain Services (AD DS).

Resolutions

Confirm that messages are authenticated and that the sending computer has a valid certificate

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To confirm the presence of user certificates:

On any computer in the domain, click Start. In the search box, type compmgmt.msc, and then press ENTER.
Enter administrator credentials, if you are prompted, and then continue through the User Access Control messages.
Navigate to the Message Queuing console tree. Click Services and Applications, and then click Message Queuing.
Right-click Message Queuing, and then click Properties.
Click the User Certificate tab.
Click View.
Determine whether the computer sending the unauthenticated messages is in the Personal Certificates list.
If the computer is not in the list, a certificate was not registered.
You can fix this by performing steps 1 through 7 on the computers on which the certificate was not registered. For step 6, click Register instead of View.

Additional

For more information about signing messages, see Message Authentication ( http://go.microsoft.com/fwlink/?LinkID=104732).

For more information, see Event ID 2195 ( http://technet.microsoft.com/en-us/library/dd337486(WS.10).aspx)

Element properties:

Target

Microsoft.MSMQ.2008.Servers

Category

SecurityHealth

Enabled

False

Event_ID

2195

Event Source

$Target/Property[Type="Microsoft.MSMQ.2008.ServerRole"]/ServiceName$

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Remotable

True

Alert Message

Message Queuing could not authenticate a message sent to queue.

Event Description: {0}

Event Log

Application

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.Windows.EventProvider	Default
Alert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Microsoft.MSMQ.2008.Rule.Alert.Event2195" Enabled="false" Target="Microsoft.MSMQ.2008.Servers" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>SecurityHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">2195</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/Property[Type="Microsoft.MSMQ.2008.ServerRole"]/ServiceName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertName/>

      <AlertDescription/>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.MSMQ.2008.Rule.Alert.Event2195.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>