Microsoft KB Archive/223156

= INFO: MSMQ-Based Applications Written to Be Run as a Service =

Article ID: 223156

Article Last Modified on 9/24/2003

-

APPLIES TO


 * Microsoft Message Queue Server 1.0
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q223156



SUMMARY
An application that is written for use with Microsoft Message Queue Server (MSMQ) can be run as a Windows service. Such a service must, however, run under the context of a valid Domain account with "Log on As Service" and "Act as Part of the Operating System" advanced privileges. Failure to do so results in a significant slowing of messaging.



MORE INFORMATION
Services can be written in C++ by using the MSMQ C API or ActiveX Control set. Microsoft Viual Basic applications that are run as services are not supported.

MSMQ has distinct security requirements for the transmission of messages between the various computers in an MSMQ Enterprise. In a Microsoft Windows NT domain, for example, the MSMQ Queue Manager attaches the user security identifier (SID) to each message sent by an Independent Client (IC) to a Primary Site Controller (PSC). The PSC uses the SID to determine whether the sender has the proper authority to place a message, as well as to determine who messages belong to within the Enterprise. Note that this is a different level of security than that of Secured Server Communications that are selected during setup of the Primary Enterprise Controller, Primary Site Controller, or Backup Site Controller.

Windows services are typically defined to run under the Local System account. The Local System account, however, is not a valid Domain account and does not have privileges for transmission between other Windows computers on a network. When you write your service, make sure that:


 * The service runs under the context of a valid Domain account with "Log on As Service" and "Act as Part of the Operating System" advanced privileges.
 * The account has no expiration date set for the password.
 * The account is placed in the Local Administrators group of the computer on which the service is run.

