Message Queuing could not complete SSL negotiation with the remote computer.
Message Queuing could not complete SSL negotiation with the remote computer.
This issue may have one of the following causes:
The server certificate may not be installed properly. For more information about Message Queuing with Secure Hypertext Transfer Protocol (HTTPS), including information about server certificates as they apply to Message Queuing, see HTTPS Authentication ( http://go.microsoft.com/fwlink/?LinkId=104331).
The remote computer may not be listening with HTTPS on port 443 (SSL). You can use the procedure "Determine if the computer is listening on port 443" to determine if this is the issue.
The Windows Firewall may be blocking communicaqtion over port 443. You can use the procedure "Ensure that Windows Firewall is allowing communication over port 443" to determine if this is the issue.
Confirm configuration of SSL/HTTPS for Message Queuing
Determine if the computer is listening on port 443
To determine if the computer is listening on port 443:
Open a command prompt. To run open a command prompt, click Start. In the search box, type cmd, and then press ENTER.
At the command prompt, type netstat -aon, and then press ENTER. A list of listening and active ports and services is output by the command.
If the computer is listening on TCP port 443, the following local address entries will appear in resulting list when you run the netstat -aon command: 0.0.0.0:443 (IPv4) [::]:443 (IPv6).
Ensure that Windows Firewall is allowing communication over port 443
To ensure that Windows Firewall is allowing communication over port 443:
Click Start, point to Administrative Tools, and then click Windows Firewall with Advanced Security.
If you are prompted, enter Administrator credentials, and then continue through the User Access Control messages.
In the console tree, click Inbound Rules. The rules appear in the details pane. Note that it may take a few seconds for the rules to load and appear.
Locate the rule World Wide Web Services (HTTPS Traffic-In) listening on local port 443. (You may have to scroll to see the port that a rule is listening on.)
Make sure that the rule is Enabled,the rule’s Action is set to Allow the connections, and the network profile type of the computer’s Internet connection matches the profile that the rule applies to (Public, Private, or Domain). The default profile for this rule is Any.
If you need help figuring out which machine SSL negotiation failed (the remote computer), contact Microsoft Customer Service and Support (CSS) to take a Message Queuing trace. For information about how to contact CSS, see Enterprise Support ( http://go.microsoft.com/fwlink/?LinkId=52267).
For more information, see Event ID 2190 ( http://technet.microsoft.com/en-us/library/dd337498(WS.10).aspx)
Target | Microsoft.MSMQ.6.3.Servers | ||
Category | ConfigurationHealth | ||
Enabled | False | ||
Event_ID | 2190 | ||
Event Source | $Target/Property[Type="Microsoft.MSMQ.6.3.ServerRole"]/ServiceName$ | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Application |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.MSMQ.6.3.Rule.Alert.Event2190" Enabled="false" Target="Microsoft.MSMQ.6.3.Servers" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>ConfigurationHealth</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">2190</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">$Target/Property[Type="Microsoft.MSMQ.6.3.ServerRole"]/ServiceName$</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="Microsoft.MSMQ.6.3.Rule.Alert.Event2190.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>
<SuppressionValue>$Data/LoggingComputer$</SuppressionValue>
</Suppression>
<Custom1/>
<Custom2/>
<Custom3/>
<Custom4/>
<Custom5/>
<Custom6/>
<Custom7/>
<Custom8/>
<Custom9/>
<Custom10/>
</WriteAction>
</WriteActions>
</Rule>