As is the way, when I set up various tests with my trusty servers I bump into problems that haven’t been documented before. The machines are used for many scenarios so have changed domain a few times and been upgraded every now and then. I know I should build fresh ones but the old virtual machies are handy…
Most recent issue arose when I tried to get a Windows 2008 client to install MSMQ with Active Directory Integration. The client would install in workgroup mode fine but could not create the necessary objects in directory services:
- MSMQ Event 2116
- “Message Queuing was unable to create the msmq (MSMQ Configuration) object in Active Directory Domain Services. Error c00e0033h: %2”
- MSMQ event 2124
- “The Message Queuing service failed to join the computer’s domain ‘TESTDOMAIN’. Error 0xc00e0033:”
0xc00e0033 means “MQ_ERROR_COMPUTER_DOES_NOT_SUPPORT_ENCRYPTION”
In this particular case, the root cause was a couple of old machine key containers in the C:\Users\AllUsers\Microsoft\Crypto\RSA\MachineKeys directory. The containers are files with GUID-style names so I had to open then in Notepad one by one until I had located the ones that specifically mentioned MSMQ amongst the scrambled text.
Once I deleted these two files (and only these!) and restarted MSMQ, I was up and running with AD integration.