views:

93

answers:

2

I am getting this error in my sys.transmission_queue table whenever I attempt to send a SQL Service Broker message between two different SQL Server servers. (i.e. the databases are on two different physical machines)

Dialog security is unavailable for this conversation because there is no security 
certificate bound to the database principal (Id: 5).  
Either create a certificate for the principal, or specify ENCRYPTION = OFF 
when beginning the conversation 

When this error refers to "database principal" what is it referring to? (the "master" database? dbo user?) I've used the CREATE CERTIFICATE command, backed up the certificate and created a same named certificate on the other server with the backup .cer file from the first server, but I keep getting this message.

Any help would be appreciated in getting me pointed in the right direction. I must be missing something obvious.

FYI, in my development environment, both the initiating and target databases were on the same physical server, and same SQL instance, and everything was working fine.

+1  A: 

The error refers to a user in the database hosting your Service Broker service (select name from sys.database_principals where principal_id = 5).

In addition to exporting a certificate to the target server, you also need to import target server's certificate, associate it with a user and create a remote service binding to tell Service Broker which local user represents the remote service. The following 2 articles should help you: Service Broker Dialog Security and Securing a dialog with certificates.

Pawel Marciniak
Another resource, if one has a SQL Server Central web account, is the following article: http://www.sqlservercentral.com/articles/Service+Broker/2797/
yanigisawa
It turns out that I had created the Initiating service with: "AUTHORIZATION <PrincipalId = 5 User>"; rather than leaving out this clause. Once I dropped and recreated the Initiating service without the AUTHORIZATION statement, it started working.
yanigisawa
A: 

In addition to what Pawel said, I'd also recommend to give the SSBDIAGNOSE tool a try. Use the CONFIGURATION option and it will tell you exactly what user needs certificates, in which database, as well as analyzing the endpoint connectivity, the routes and the permissions.

Remus Rusanu
Thanks Remus for the tool. It didn't end up helping us find the exact problem, but it was handy in identifying a duplicate service_broker_guid problem we had when we restored a back-up from another server.
yanigisawa