PRB: An Error Message Is Displayed While You Are Configuring Messaging Manager to Connect to a Remote Server (317990)
The information in this article applies to:
- Microsoft BizTalk Server 2002
This article was previously published under Q317990 SYMPTOMS When you configure the BizTalk Server 2002 Messaging
Manager to point to a remote BizTalk Server 2002 computer, you may receive the
following error message: The response document is
not a valid document.
This could be due to an incorrect BizTalk Server
path, a failure in server authentication, or SSL not being enabled on your
BizTalk Server. If you want to change the BizTalk Server path, on the Tools
menu, click Options, and then specify a new BizTalk Server
path. CAUSE This error message is generated if the HTTPS protocol is
not enabled on the remote BizTalk Server to which you are trying to connect
with the Messaging Manager. RESOLUTIONTo configure the BizTalk Messaging Manager on a remote
computer to connect to the BizTalk Server computer through Secure Sockets Layer
(SSL), follow these steps:
- Install a Web Server certificate on the computer running
BizTalk Server and Microsoft Internet Information Services (IIS). Follow the
steps for doing this by clicking the following link on a Microsoft Windows 2000
Server-based computer that has IIS installed:If BizTalk Server is clustered, you must first perform this step
on one node in the cluster, and then export the certificate and install it on
the other nodes in the cluster.
Note Typically, if you can use a browser on the remote computer to
connect to the /MessagingManager URL through HTTPS (for example
https://biztalkserver/messagingmanager) without
receiving a prompt for authentication or without receiving a prompt to click in
any Security Alert dialog boxes, the Messaging Manager on the
remote computer will work correctly. The Messaging Manager cannot communicate
with dialog boxes. It fails and you receive an error message if the Messaging
Manager is presented with a dialog box. You must follow steps 2, 3, 4, and 5 of
this procedure to make sure that the Messaging Manager is not presented with a
dialog box. - Verify that the certification authority that issued the
certificate to the BizTalk Server computer is in the Trusted Root
Certification Authorities list as viewed from the Certificates MMC
snap-in on the Messaging Manager client computer. The easiest way to do this is
to export the Root CA for the Certificate Server that issued the Web Server
certificate from your computer running BizTalk Server, and then import this
certificate to the Trusted Root Certification Authorities store on your
Messaging Manager client computer. You can perform both of these operations
from the Certificates MMC snap-in on the respective computers. When you add the
Certificates MMC snap-in, select the option to manage certificates for
My user account when you receive this prompt.
- Verify that the name of the server on the certificate
matches the name of the server that you specify in the Messaging Manager in the
Name of BizTalk Server to connect to text box. This text box
is located on the Tools menu, under
Options.
- Add the name of the server that you specified in step 3 to
the list of Trusted Sites in Internet Explorer. To do this in Internet
Explorer, follow these steps:
- On the Tools menu, click
Internet Options.
- Click the Security tab, click to
select Trusted Sites, and then click
Sites.
- Verify that the Security Level for the
Trusted Sites zone has the following settings selected. To do
this, click Custom, and then scroll through the list.
- Under User Authentication, for
Logon, click to select Automatic logon with current
username and password.
- Under Miscellaneous, for
Access data sources across domains, click to select
Enable.
- If BizTalk and SQL Server are on separate computers, or if
this is a clustered BizTalk configuration, configure the MessagingManager
virtual directory on the BizTalk Server computer to run in High
Isolation. Also, change the Identity for the
associated COM+ package to the same account that the BizTalk Messaging Service
is running under the context of. You must do this to avoid double-hop
authentication problems. For example:
- SQL Server and BizTalk are not installed on the same
computer, and the MessagingManager virtual directory is located on the computer
running IIS.
- When the computer running IIS uses the remote Messaging
Manager client to gain access to the MessagingManager virtual directory, IIS
will not pass the credentials of the calling user to SQL Server.
For SQL Server to authenticate the user that is specified
as the Identity for this COM+ application, the following must be true:
- The computer running SQL Server must be registered in
Active Directory (if Active Directory is used).
- Kerberos delegation must be enabled.
For
additional information, click the following article number to view the article
in the Microsoft Knowledge Base: 283201
HOWTO: Use Delegation in Windows 2000 with COM+
STATUSThis
behavior is by design.MORE INFORMATION The BizTalk Server 2002 Messaging Manager requires that
connections that are made to remote BizTalk Servers be made over SSL to prevent
username and password information from being passed over the network in plain
text.
If the name of the server that is defined in the Name
of BizTalk Server to connect to: box is the netbios name of the
BizTalk Server or the name localhost, the Messaging Manager connects to the BizTalk Server that is
specified over TCP/IP port 80.
If the name of the server that is
defined in the Name of BizTalk Server to connect to: box is
not the actual netbios name of the BizTalk Server or the name localhost, the Messaging Manager connects to the BizTalk Server that is
specified over TCP/IP port 443.
The BizTalk Server 2002 Messaging
Manager cannot connect to BizTalk Server over any TCP/IP ports other than 80
and 443.
REFERENCES For additional about how to enable the HTTPS protocol on
your IIS Web server, see the Microsoft Internet Information Services (IIS) Help
topic "Enabling Encryption." To view this topic on a Microsoft
Windows 2000 Server-based computer that has IIS installed, click the following
link: To view this topic on a Microsoft Windows 2003 Server-based
computer that has IIS installed, paste
the following link in the address bar of your browser, and then press ENTER: mk:@MSITStore:C:\WINNT\Help\IISMMC.chm::/HTM/sec_encryp_enableencryp.htm
Note This link is correct if Windows is located on the
C:\ drive of your computer. If Windows is located on a different drive, substitute the
correct drive letter for C:\ in this link.
| Modification Type: | Major | Last Reviewed: | 8/20/2003 |
|---|
| Keywords: | kberrmsg kbprb KB317990 |
|---|
|