Home / server / Questions / 411454
Accepted
scott_lotus
Asked: 2012-07-27 05:40:21 +0800 CST

windows QUEUE MESSAGES error on open - The list of messages cannot be retrieved. Error: Access is denied

  • 772

Problem:

When opening windows "QUEUE MESSAGES" on windows server 2003 I received the error message

"The list of messages cannot be retrieved. Error: Access is denied"

Why?

Recreated following these steps:

  • Windows Server 2003 standard 64-bit
  • Right click MY COMPUTER
  • Select MANAGE
  • SERVICES
  • MESSAGE QUEUING
  • PRIVATE QUEUE
  • MYSERVICE
  • QUEUE MESSAGES

Error message displayed:

"The list of messages cannot be retrieved. Error: Access is denied."

Setup/configuration currently deployed:

  • Logged in as local administrator.
  • Machine is stand alone.
  • WCF service is running (using WCF specific user)
  • WCF user account is a member of the local ADMIN group.
  • dot net 4.0.
  • Messing Queueing service is running (local system)
  • Maybe a permissions issue creating the error.
windows-server-2003

2 Answers

  1. Best Answer

    This can happen if the .NET Service removed the "Everyone" group from the permissions the private queue. Here are some steps you can take to resolve this:

    1. Stop the MSMQ Service
    2. Open the folder C:\WINDOWS\system32\msmq\storage\lqs
    3. Find the file in this folder that describes your queue -- (incommingQueue)
    4. Using notepad, open the lqs file for some other private queue that has good security permissions. (If you don't have any other private queues create one)
    5. Locate the line in the file that begins Security=....
    6. Copy the whole line to your clipboard (watch out for Word Wrap, this line will be quite long)
    7. Open the lqs file for your problem queue in your text editor
    8. Overwrite the Security=... line in this file with the contents of your clipboard
    9. Save the modified lqs file
    10. Start the MSMQ service

    You should find that the problem queue now has the same permissions as the queue whose security settings you copied at step 6 above.

    • 5

  2. I guess it is worth starting from checking permissions on the queue, its objects and parent containers using Computer Management (compmgmt.msc) or Active Directory Users and Computers (dsa.msc). The latter can be used when MSMQ Directory Service Integration component was installed, as it allows publishing of queue properties to the directory.

    Here is how to do that using Active Directory Users and Computers (dsa.msc). Make sure that in this snap-in under View, you have enabled the following options "Users, Contacts, Groups, and Computers as containers" and "Advanced Features" which allow you to locate computer object where your MSMQ queues are hosted, expand it and invoke properties to edit queue container ACL in the same way you work with files/folder ACL (see sample screenshot below). Most likely you will need to take ownership before you will be able to make any changes in ACL.

    enter image description here

    You can also use Computer Management to check ACLs by means of navigating to Computer Management > Message Queuing and locating your queue or its parent container there and checking/editing ACL. See sample screenshot below.

    enter image description here

    But if MSMQ Directory Service Integration Component is not installed you won't see MSMQ queues in Active Directory Users and Computers snap-in and only Computer Management can be used to edit MSMQ objects ACLs.

    In case editing ACL does not help you should look at the answer above which involves editing queue files located under C:\Windows\System32\msmq\storage\lqs. You may also look at this blog post for details on that.

    • 1