Private Key issue in Service Broker

Question

We are trying to make conversation between two SQL instances in one SQL Engine through Service Broker by following tutorial from MSDN. In order to make it simple , we send the dialog with Encryption = OFF so we do not need to deal with Master key , Certificate... and it works in the local workstation.

DECLARE @InitDlgHandle UNIQUEIDENTIFIER;

DECLARE @RequestMsg NVARCHAR(100);

BEGIN TRANSACTION;

BEGIN DIALOG @InitDlgHandle FROM SERVICE [//InstDB/2InstSample/InitiatorService] TO SERVICE N'//TgtDB/2InstSample/TargetService' ON CONTRACT [//BothDB/2InstSample/SimpleContract] WITH ENCRYPTION = OFF;

SELECT @RequestMsg = N'Message for Target service.';

SEND ON CONVERSATION @InitDlgHandle MESSAGE TYPE [//BothDB/2InstSample/RequestMessage] (@RequestMsg);

SELECT @RequestMsg AS SentRequestMsg;

COMMIT TRANSACTION; GO

However , After moving to the server , With the same script, the target DB keep showing "Can not found private key , message can not deliver" in the SQL trace after initDB send out the message.

My question is since we set the encryption = OFF , why the target DB shows missing certificate ?

We use SQL 2005 SP2 , Windows 2003

Appreciated for any input.

Answer 1

Talking about coming late to the party...
Didn't seen this post before. I don't know if is still of any relevance, but here's the probably cause:

The REMOTE SERVICE BINDING presence will trump the ENCRYPTION = OFF. This is to allow separation of developer duties from administrator duties. If Encryption is required by the Application, then the developer specifies ENCRYPTION = ON and the administrator must provide a REMOTE SERVICE BINDING. If the Application does not require encryption, then the developer specifies ENCRYPTION = OFF and the administrator may provide a REMOTE SERVICE BINDING if the deployment site decides that the encryption is needed, even if the application does not require it.

A full description of how dialog security and authentication works can be found on my site.