I need to publish MSMQ server on the internal LAN so that the web farm servers can access them. Presently the MSMQ servers are in the DMZ because the guy that left couldn't get it to work. All the server in the DMZ are on their own AD domain. When I move the MSMQ servers to the internal LAN they will be on the internal AD domain. All the servers are Windows 2000
Has anyone done this. I read a few MS articles e.g. http://support.microsoft.com/kb/q183293 but searching this site they appear from previous posts not to work. Would IPsec/VPN be a possibility
The following ports are used for Microsoft Message Queuing operations:
• TCP: 1801
• RPC: 135, 2101*, 2103*, 2105*
•
UDP: 3527, 1801
* These port numbers may be incremented by 11 if the initial choice of RPC port is being used when Message Queuing initializes. A connecting QM queries port 135 to discover the 2xxx ports.
I'm concerned about opening RPC from the DMZ to the LAN.
I am having the same issue...I have a web server in the DMZ and I need to get MSMQ to send messages from the web server to an internal database server through SBS with ISA 2004. I tried adding a policy rule to allow the required ports from the web server (192.168.1.106) to the internal database (192.168.16.5), but the outbound message queue only said "waiting to connect" (I'm using DIRECT TCP:192.168.16.5 in the MSMQ script)...and the message never goes. I then installed MSMQ on the SBS server(192.168.1.100 -external NIC & 192.186.16.2 - internal NIC)and changed the script to "DIRECT TCP:192.168.1.100" and created a publishing rule for MSMQ. The message makes it to the SBS server queue. I have found a document for creating an XML document for redirecting MSMQ messages from the firewall server to an internal computer, but I can't get it to work.
How do I set up a direct connection over these ports from the web server to the internal DB server, so that I can use "DIRECT TCP:192.168.16.5"?
I've succesfully configured my ISA 2004 server to connect to my Clustered MSMQ server on the LAN. Its caused me some head scratching but it now works. If any one's interested let me know and I provide the details. Its similar to Exchange RPC publishing but the UDDI are different for MSMQ. There are some security gotcha's on Windows 2003 that block remote read of queues. What threw me for a while was that I could read queues from XP but not 2003 server, some registry hacks fix this.
In your article you have mentioned port 135 direction both. As primary connection does not allow inbound and outbound so outbound may be defined in secondary.
Only two publishing rules you have defined is required for or any other access rule is required for RPC
Please check out the article on my website http://www.khowlette.btinternet.co.uk/isa_msmq.htm . The RPC rules are defined within the document. Some of the early post I made were made when I didn't fully understand MSMQ but once I had it all working with the security I needed I published the article on my website. Have a look at it and if its still not clear contact me again and I expand further.
You mentioned that following is to be included in MSMQ Inbond Rule --------------------------------- port | protocol | direction -------------------------------- 135 | Tcp | both --------------------------------- AS ISA 2004 allows inbond or outbond in same rule. Inform me How to include the above port in both direction in MSMQ Inbond.
I have made two rules as you mentioned in the artilcle (msmq inbond and msmq rpc) but log is showing 1801 unidetified denied connection by default rule.
in place of my server i have mentioned ISA server name directing to externel IP of ISA server.
Is any other configuration is required in ISA SErver 2004 or queue name mentioned in publishing server should also be on ISA server
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> MSMQ DMZ to LAN 
MSMQ DMZ to LAN - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread