wcf msmq service activation fails

Question

I have wcf service using net.msmq protocol but service fails to activate with following error. What could be wrong?

Looks like it is trying to find machineid or something in AD but why? Sevice name is like net.msmq://localhost/private/myservice.svc

  A connection with Active Directory cannot be established. Verify that there are sufficient permissions to perform this operation.

System.Messaging.MessageQueue.GetMachineId(String machineName)
System.Messaging.MessageQueueCriteria.set_MachineName(String value)
System.Messaging.MessageQueue.GetPublicQueuesByMachine(String machineName)
System.ServiceModel.Channels.MsmqBindingMonitor.OnTimer(Object state)

Answer 1

Maybe it needs to check with AD to be able to write to the message queue.

If you are running under a local account that does not have access to AD you may get this error.

Answer 2

What security settings to you have? By default, the MSMQ binding will expect users to present a certificate to authenticate them and needs access to AD to verify that certificate.

If you want to totally turn off all security, add this snippet to your config:

<bindings>
  <netMsmqBinding>
    <binding name="NoSecurity">
      <security mode="off" />
    </binding>    
  </netMsmqBinding>
</bindings>
<endpoint name="...." address="..." contract="....."
   binding="netMsmqBinding" bindingConfiguration="NoSecurity" />

That way, you should be able to call MSMQ without access to AD.

Marc

Answer 3

I've had this error when my WCF service is hosted by a Windows Service that is running as the LocalSystem or NetworkService account. Changing the Windows Service to run under an interactive login account, like my own account or one I create just to host MSMQ-WCF Windows Services, eliminates this problem.

I believe the error is not related to WCF, but rather the service not having an interactive login that can auto-retrieve an AD certificate that will allow the WCF code to communicate with MSMQ.