Microsoft KB Archive/247394

= PRB: "Permission Denied" Error When You Use Queued Components in Workgroup Mode =

Article ID: 247394

Article Last Modified on 7/29/2003

-

APPLIES TO


 * Microsoft COM+ 1.0

-



This article was previously published under Q247394



SYMPTOMS
When you attempt to create a Queued Component (QC) recorder with the GetObject instruction, if you have Microsoft Message Queuing (MSMQ) version 2.0 configured to run in Workgroup mode (instead of working with a Domain Controller), you may receive the following error message:

Run-time error '70': Permission Denied



CAUSE
When a COM+ application is configured to be queued, it creates MSMQ queues to receive the incoming calls. If MSMQ is configured in Workgroup mode, two problems occur:
 * The queues are private, and are therefore not published in Active Directory.
 * Because there are no MSMQ certificates, MSMQ cannot authenticate the origin of the messages that arrive in the queue.



RESOLUTION
To use queued components in Workgroup mode, you must do two things:
 * To allow for unsigned MSMQ messages, you must set the Authentication Level of the COM+ Application to None.
 * To access the queued components from a remote computer, you must specify a queue: moniker that contains the complete FormatName of the destination queue.



MORE INFORMATION
To change the Authentication Level of the COM+ Application that hosts the queued components, perform the following steps:
 * 1) Under Administrative Tools, open the Component Services MMC snap-in.
 * 2) Expand My Computer and browse to the COM+ Application that hosts the queued components.
 * 3) To open the property sheet for the application, right-click the application and select Properties. Click the Security tab, and select None for Authentication level for calls.

When you create your queued components locally (on the same computer as the COM+ Application), you can use the queue moniker in the standard way: Set oMyQC = GetObject("queue:/new:MyProject.CMyClass") To create the recorder and send QC-recorded calls from a remote computer, you must change the way that you specify the moniker. To reference an MSMQ queue on a remote computer that is installed in Workgroup mode, you must specify the moniker by using the DIRECT Format Name; for example: Set oMyQC = GetObject("queue:FormatName=DIRECT=OS:MyServer\PRIVATE$\MyApp/new:Myproject.CMyClass") where MyServer is the computer name for the server on which the queued COM+ Application resides, and MyApp is the name of the queued COM+ Application. Note the PRIVATE$ portion of the path; this is required because only private queues can be hosted in an MSMQ Workgroup mode server.

