Message Queuing in Hardened MSMQ Mode

Applies To: Windows Server 2008

Message Queuing in hardened MSMQ mode

The purpose of Message Queuing in hardened MSMQ mode is to enhance the security of Message Queuing computers running on the Internet. Hardened MSMQ mode is intended to support scenarios that employ only HTTP (SRMP) messages.

Message Queuing in hardened MSMQ mode imposes the following restrictions:

• The Message Queuing service does not listen directly to any ports. Thus, only messages arriving from remote computers through IIS are accepted and placed in their destination queues. Remote RPC calls are ignored (remote reading is blocked), and dependent clients are not supported.

• Attempts to open remote queues with non-HTTP format names and send messages to them succeed. However, all the outgoing queues created on the local computer that correspond to remote destination queues specified by non-HTTP format names are in the locked state. Messages, including acknowledgment and response messages, that reside in locked outgoing queues are not transmitted to their destinations.

• Messages intended for remote destination queues with non-HTTP format names, including remote queues designated by non-HTTP elements of a multiple-element format name, remain in the locked outgoing queues until hardened MSMQ mode is canceled and the Message Queuing service is restarted.

In hardened MSMQ mode, messages can still be placed in local queues with non-HTTP format names and received from them.

Security considerations in hardened MSMQ mode

When deploying a domain controller with the Windows 2000 Client Support feature in a perimeter network, be aware that this component listens to the RPC interface, and that it is not governed by hardened MSMQ mode. For reducing the attack surface, you may want to disable the Windows 2000 Client Support feature on the domain controller.

For instructions on enabling or canceling hardened MSMQ mode on the local computer, see Enable Hardened MSMQ Mode.