The Legacy of an Old Bug

Internally, MSMQ uses the Windows-provided CryptoAPI to do all of its encryption and hashing. Starting with Windows NT 4.0 Service Pack 2, CryptoAPI had a bug in its implementation of RC2 encryption in the enhanced (128-bit) provider: the keys were generated with an effective length of only 40 bits, not 128. This directly affected the…

1

Automate Your MSMQ Installation

Two New Operating Systems Bring Two New, Exciting Ways to Install (or Uninstall) MSMQ This week we talk about automated installation (and new in Vista and Windows Server 2008, uninstallation) of MSMQ via unattend files. The Optional Component setup story has changed a bit since Windows Server 2003, but have no fear, we’ve got the…

4

Unattended MSMQ installation on Windows Server 2003

Let’s say you want to install all components except Downlevel Client Support on a Windows Server 2003 computer. You could run the following command: sysocmgr /i:sysoc.inf /x /u:unattend.ini with following unattend.ini file: [Version] Signature = “$Windows NT$” [Global] FreshMode = Custom MaintenanceMode = RemoveAll UpgradeMode = UpgradeOnly [Components] MSMQ = on MSMQ_Core = on MSMQ_LocalStorage…

3

Unattended MSMQ installation on Windows Vista

Edited on 4/11/2008 to corrected the build numbers in the examples. The correct build number is 6.0.6000.16386. Vista introduces a new tool for installing and removing Optional Components, called OCSetup.exe. For those of you familiar with Package Manager (pkgmgr.exe), OCSetup is, in part, a wrapper for pkgmgr. If you want to install MSMQ with the…

2

Unattended MSMQ installation on Windows Server 2008

Windows Server 2008 has a nifty new command line tool called ServerManagerCmd.exe which makes installing and uninstalling Optional Components and Server Roles quick and easy. It is not related to the Package Manager/OCSetup family of tools, so although it’s different, it’s also a bit simpler and easier to use. It has a Query option, which…

2

Encryption and MSMQ4

Just as with authentication, the security sweep for Vista and Windows Server 2008 had an effect on MSMQ’s encryption feature. In previous versions, MSMQ offered two “privacy levels”, BASE and ENHANCED. The two levels reflected the length of the keys used: BASE used 40-bit keys and ENHANCED used 128-bit keys. Both levels allowed a choice…

0

Complementing MSMQ Security with WCF

An issue that frequently causes confusion for MSMQ users is that of message encryption.  A message is marked for encryption and sent off, but when it shows up in the destination queue the contents are plainly viewable in clear text.  What’s going on here?   Let’s look first at what MSMQ encryption actually does. MSMQ…

2

Come See Us at TechEd Developers!

In just five weeks, we’re going to be at TechEd Developers in Barcelona and we want to see you there!  Everyone’s favorite plumber’s mate and world-renowned MSMQ expert, John Breakwell, and I will be representing MSMQ and WCF Queuing Nov. 5-9th at TechEd Developers.  If you’re an MSMQ and/or WCF customer, we really want to…

1