PRB: "Permission Denied" Error When You Use Queued Components in Workgroup Mode (247394)


The information in this article applies to:

  • Microsoft COM+ 1.0
This article was previously published under Q247394

SYMPTOMS

When you attempt to create a Queued Component (QC) recorder with the GetObject instruction, if you have Microsoft Message Queuing (MSMQ) version 2.0 configured to run in Workgroup mode (instead of working with a Domain Controller), you may receive the following error message:
Run-time error '70': Permission Denied

CAUSE

When a COM+ application is configured to be queued, it creates MSMQ queues to receive the incoming calls. If MSMQ is configured in Workgroup mode, two problems occur:
  • The queues are private, and are therefore not published in Active Directory.
  • Because there are no MSMQ certificates, MSMQ cannot authenticate the origin of the messages that arrive in the queue.

RESOLUTION

To use queued components in Workgroup mode, you must do two things:
  • To allow for unsigned MSMQ messages, you must set the Authentication Level of the COM+ Application to None.
  • To access the queued components from a remote computer, you must specify a queue: moniker that contains the complete FormatName of the destination queue.

MORE INFORMATION

To change the Authentication Level of the COM+ Application that hosts the queued components, perform the following steps:
  1. Under Administrative Tools, open the Component Services MMC snap-in.
  2. Expand My Computer and browse to the COM+ Application that hosts the queued components.
  3. To open the property sheet for the application, right-click the application and select Properties. Click the Security tab, and select None for Authentication level for calls.
When you create your queued components locally (on the same computer as the COM+ Application), you can use the queue moniker in the standard way: 
Set oMyQC = GetObject("queue:/new:MyProject.CMyClass")
To create the recorder and send QC-recorded calls from a remote computer, you must change the way that you specify the moniker. To reference an MSMQ queue on a remote computer that is installed in Workgroup mode, you must specify the moniker by using the DIRECT Format Name; for example: 
Set oMyQC = GetObject("queue:FormatName=DIRECT=OS:MyServer\PRIVATE$\MyApp/new:Myproject.CMyClass")
where MyServer is the computer name for the server on which the queued COM+ Application resides, and MyApp is the name of the queued COM+ Application. Note the PRIVATE$ portion of the path; this is required because only private queues can be hosted in an MSMQ Workgroup mode server.

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

246825 HOWTO: Configure a COM+ Application for Queued Components

For information on the queue: moniker, see the article "Using the Queue Moniker" at the following Microsoft Developer Network (MSDN) Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cossdk/htm/pgservices_queuedcomponents_786q.asp

For additional information, see the "Using Queued Components" section of the article "COM+ Application Guidelines for Visual Basic Development" at the following MSDN Web site:

http://msdn.microsoft.com/library/techart/complus.htm

Modification Type:MajorLast Reviewed:7/29/2003
Keywords:kbComPlusQC kbprb KB247394
©2003 Microsoft Corporation. All rights reserved.