Microsoft KB Archive/317990

= PRB: An Error Message Is Displayed While You Are Configuring Messaging Manager to Connect to a Remote Server =

Article ID: 317990

Article Last Modified on 8/20/2003

-

APPLIES TO


 * Microsoft BizTalk Server 2002 Standard Edition

-



This article was previously published under Q317990



SYMPTOMS
When you configure the BizTalk Server 2002 Messaging Manager to point to a remote BizTalk Server 2002 computer, you may receive the following error message:

The response document is not a valid document.

This could be due to an incorrect BizTalk Server path, a failure in server authentication, or SSL not being enabled on your BizTalk Server. If you want to change the BizTalk Server path, on the Tools menu, click Options, and then specify a new BizTalk Server path.



CAUSE
This error message is generated if the HTTPS protocol is not enabled on the remote BizTalk Server to which you are trying to connect with the Messaging Manager.



RESOLUTION
To configure the BizTalk Messaging Manager on a remote computer to connect to the BizTalk Server computer through Secure Sockets Layer (SSL), follow these steps:  Install a Web Server certificate on the computer running BizTalk Server and Microsoft Internet Information Services (IIS). Follow the steps for doing this by clicking the following link on a Microsoft Windows 2000 Server-based computer that has IIS installed:

If BizTalk Server is clustered, you must first perform this step on one node in the cluster, and then export the certificate and install it on the other nodes in the cluster.

Note Typically, if you can use a browser on the remote computer to connect to the /MessagingManager URL through HTTPS (for example https:// /messagingmanager) without receiving a prompt for authentication or without receiving a prompt to click in any Security Alert dialog boxes, the Messaging Manager on the remote computer will work correctly. The Messaging Manager cannot communicate with dialog boxes. It fails and you receive an error message if the Messaging Manager is presented with a dialog box. You must follow steps 2, 3, 4, and 5 of this procedure to make sure that the Messaging Manager is not presented with a dialog box. Verify that the certification authority that issued the certificate to the BizTalk Server computer is in the Trusted Root Certification Authorities list as viewed from the Certificates MMC snap-in on the Messaging Manager client computer. The easiest way to do this is to export the Root CA for the Certificate Server that issued the Web Server certificate from your computer running BizTalk Server, and then import this certificate to the Trusted Root Certification Authorities store on your Messaging Manager client computer. You can perform both of these operations from the Certificates MMC snap-in on the respective computers. When you add the Certificates MMC snap-in, select the option to manage certificates for My user account when you receive this prompt. Verify that the name of the server on the certificate matches the name of the server that you specify in the Messaging Manager in the Name of BizTalk Server to connect to text box. This text box is located on the Tools menu, under Options. Add the name of the server that you specified in step 3 to the list of Trusted Sites in Internet Explorer. To do this in Internet Explorer, follow these steps:  On the Tools menu, click Internet Options. Click the Security tab, click to select Trusted Sites, and then click Sites.</li></ol> </li> Verify that the Security Level for the Trusted Sites zone has the following settings selected. To do this, click Custom, and then scroll through the list. <ul> Under User Authentication, for Logon, click to select Automatic logon with current username and password.</li> Under Miscellaneous, for Access data sources across domains, click to select Enable.</li></ul> </li> If BizTalk and SQL Server are on separate computers, or if this is a clustered BizTalk configuration, configure the MessagingManager virtual directory on the BizTalk Server computer to run in High Isolation. Also, change the Identity for the associated COM+ package to the same account that the BizTalk Messaging Service is running under the context of. You must do this to avoid double-hop authentication problems. For example: <ol style="list-style-type: lower-alpha;"> SQL Server and BizTalk are not installed on the same computer, and the MessagingManager virtual directory is located on the computer running IIS.</li> When the computer running IIS uses the remote Messaging Manager client to gain access to the MessagingManager virtual directory, IIS will not pass the credentials of the calling user to SQL Server.</li></ol>

For SQL Server to authenticate the user that is specified as the Identity for this COM+ application, the following must be true: <ul> The computer running SQL Server must be registered in Active Directory (if Active Directory is used).</li> Kerberos delegation must be enabled.</li></ul>

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

283201 HOWTO: Use Delegation in Windows 2000 with COM+

</li></ol>

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

MORE INFORMATION
The BizTalk Server 2002 Messaging Manager requires that connections that are made to remote BizTalk Servers be made over SSL to prevent username and password information from being passed over the network in plain text.

If the name of the server that is defined in the Name of BizTalk Server to connect to: box is the netbios name of the BizTalk Server or the name localhost, the Messaging Manager connects to the BizTalk Server that is specified over TCP/IP port 80.

If the name of the server that is defined in the Name of BizTalk Server to connect to: box is not the actual netbios name of the BizTalk Server or the name localhost, the Messaging Manager connects to the BizTalk Server that is specified over TCP/IP port 443.

The BizTalk Server 2002 Messaging Manager cannot connect to BizTalk Server over any TCP/IP ports other than 80 and 443.

<div class="references_section">