Category: Networking

MSMQ: solving access denied errors for private queues

For the majority cases, it is pretty obvious that you don’t have the required security permission to access a particular message queue if you get the MSMQ “Access to Message Queuing system is denied” exception when accessing a private queue.

Security information for the private queues are managed in the same way as files and folders in Windows:

  1. Browse to your private queues in the management console:
    • In Start menu, type “computer management” and enter
    • Then under “Services and Applications” find “Message Queuing” then “Private Queues”.
  2. Right click on the target queue for its Properties, you’ll see the security tab in the properties window.
  3. Here you can assign permissions to the user/group that your application runs on.
    • If this is for debugging or testing purpose and you don’t know which user or group to assign the permission to, you can try giving Full Control to “Everyone”.

If you do not have the permission to modify the security settings of this queue, this queue was probably not created by you.

The first thing you need to do is to take over the ownership:

  1. Click the Advanced button
  2. Go to the Owner tab
  3. Select or find your user/group, then go OK

This requires that you have permission to take ownership from another user, and it usually means that you need to be an administrative user first.

Once you have taken the ownership, you can modify the security settings for this queue without problems.

What happens if the above did’t work

There’s another trick that you  can try.

Usually the meta data of these queues are stored at C:\Windows\System32\msmq\storage\lqs. If you use any text editor to open files in this folder, you’ll see the details of the queues. By default, the Administrator group and the MSMQ system account has full control on these files, so if you are an administrative user, you should be able to modify these files (otherwise, try taking ownership of these files see if that works).

  1. First, you need to stop the MSMQ service.
  2. Then locate the queue file that you are having problem with, the Security attribute is the one we need to modify.
  3. If you need a working value for this attribute, you can create a new private queue in the management console and copy the security value in this new queue to your target queue.
  4. Now start the MSMQ service and hopefully this works 😛

VPN without going through the VPN gateway

This could be quite a common sense to a lot of people but I just found out today.

When you connect to your company VPN, you are going through the company gateway by default. Thus external network traffics such as the internet will be accessed through the company gateway then to your gateway/router then your machine. However, you can easily get around with the VPN gateway accessing the internet directly.

Bring up the property window of your VPN connection, double click on Internet Protocol Version 4 (or 6 depends on which one is in use), and click “Advanced” button. Untick “Use default gateway on remote network” and save.

Default gateway option of IP Settings

This means even when you are connected with a VPN, you can still access your own computer using it’s own external IP address instead of the internal IP address assigned by the VPN’s DHCP server.