Securing a Message Queue

  • Article

Securing a Message Queue

Microsoft Speech Server (MSS) uses Microsoft Message Queue (MSMQ) to support speech applications that generate outbound calls.

After a message queue is created, securing it will enable Telephony Application Services (TAS) to read from the queue (TAS runs under the NetworkService account), and will also enable the application server in the business logic tier to write to the queue.

Important   Always secure the message queue according to specific network user domain policies. The procedure in this topic is provided as a guideline.

To secure the queue

  1. From Control Panel, select Administrative Tools, and click Computer Management.

  2. Under Services and Applications, expand Message Queuing so the specific queue is visible.

  3. Right-click the queue, and then click Properties.

  4. In the Security tab, click Add, and then click Locations.

  5. In the tree view, select the computer where TAS is installed, and then click OK.

  6. In the Enter the object name to select users field, type NetworkServices, and then click OK.

  7. Select the appropriate permissions based on the following table:

    Type of queue

    Local or Remote

    Permissions required

    Private

    Local

    NetworkService account must be granted permission to: Receive Message

    Private

    Remote

    TAS machine account must be granted permission to: Receive Message

    Public

    Local

    NetworkService account must be granted permission to: Receive Journal Message, Peek Message, Receive Message

    Public

    Remote

    TAS machine account must be granted permission to: GetPermissions, GetProperties, Receive Journal Message, Peek Message, Receive Message

    Note   The account being used to run the application in the business logic tier must be allowed the permission Send Message.

  8. Click OK.

Remarks

When configuring a public queue, administrators may see the following message logged by TAS:"Queue is not registered in the DS (Directory Services)." This message may also indicate that TAS cannot access the public queue because of insufficient permissions. As a remedy, iterate through the permission levels to find the minimum permissions required by the domain security policy that still allow TAS to access the public queue.

Next Step: Configuring Speech Server for Outbound Calling

See Also

setting up a message queue | Message Queuing Overview (MSDN) | Deploying Outbound-Calling Applications | Configuring Speech Server for Outbound Calling