Deploying in Workgroup Mode

  • Article

Applies To: Windows Server 2008, Windows Vista

For Message Queuing, any mode of operation that does not allow access to Active Directory Domain Services is known as workgroup mode. Note that this is regardless of whether a computer belongs to a domain, and that computers that belong to a domain can operate in workgroup mode. Computers in workgroup mode require direct connectivity with a destination computer for messaging.

Computers that belong to a domain

If you are installing Message Queuing on a computer that is a member of a Server domain you can specify whether the computer will operate in domain mode by installing the directory service Integration feature, or in workgroup mode, by not installing this feature. In the context of Message Queuing, workgroup mode can be defined as any mode of operation that does not allow access to a directory service, even if the applicable computer belongs to a domain.

The default installation setting is that the directory service Integration feature is installed, and when your computer is part of a domain, Setup will attempt to contact a domain controller in the local site or a nearby site. If successful, the computer will operate in domain mode, meaning that access to Active Directory Domain Services will be enabled. In such a situation, where the directory service Integration feature is installed but the computer is unable to access a domain controller, the next time you restart such a computer, or stop and restart the Message Queuing service, Message Queuing will automatically attempt to contact a domain controller in the local domain. If a domain controller is available and contact is successful, the computer will then operate in domain mode.

Computers that do not belong to a domain

For computers that are not part of a domain and have no access to Active Directory Domain Services, during default setup they are installed as independent clients in workgroup mode. The directory service Integration feature is still installed, and if the workgroup computer later joins a domain, this feature is activated. Conversely, a Message Queuing computer can be part of a domain and then join a workgroup. Such a computer can later rejoin the same domain.

The following restrictions exist when using Message Queuing in workgroup mode:

  • Computers in workgroup mode require direct connectivity with a destination computer, and only support direct message transmission. Messages sent by such computers cannot be routed.

  • There is no access to Active Directory Domain Services. As such, you can create and manage private queues only on a local computer. You can view the list of private queues on another computer, and the messages in them, using the Computer Management snap-in. For information about managing queues on remote computers, see Manage queues on other computers [LH]. You cannot view or manage public queues or any other information in Active Directory Domain Services. You can, however, send messages to or retrieve messages from private queues if there is direct connectivity.

  • Internal certificates cannot be used for sending authenticated messages; an external certificate must be used. For more information about user certificates, see User Certificates [LH].

  • Messages cannot be encrypted. For more information about encryption, see Encryption for Message Queuing [LH].

  • There is no support for dependent clients. For more information about restrictions on the deployment of dependent clients, see Dependent Clients [LH].

  • Cross-platform messaging is not supported. For more information, see Cross-Platform Messaging [MSMQ_LH].