MSMQ: “The signature is invalid” in dead letter queue

Find out the problem is the same i had before, but with a different message. The problem is that the sender is using a weak certificate algorithm.

To allow weak certificate algorithm i added this key to registry on the server machine:

HKLM\SOFTWARE\Microsoft\MSMQ\Parameters\Security\WeakHashAlgorithms

and restart MSMQ service.

Then i also needed to register the certificate for the sender account at the sender machine. Using again Microsoft Management Console, opening Properties of Message Queuing, remove and register the certificate for the account using the User Certificate tab.

The certificate can then be registered again, using Register button. Not sure but i think that the registry can be done automatically by MSMQ when a message is received from the client.

Hope this help someone in the future.

Other solution, that i almost add to apply, is to remove the Signature Validation from the queue. To do this, do the following:

• At the queue properties window, uncheck Validation box
• At the security tab of the property window, add permissions to send (default) for the user ANONYMOUS LOGON.

• The WCF default netmsmq msmqAuthenticationMode is WindowsDomain for transport level security, so to not use security at all the binding should be:

  <binding name="noSecurity">
      <security mode="None" />
  </binding>
  

  Security settings have to be the same in both ends, client and service. WCF will not let the service accept an message not properly signed if the service is configuration to receive Authenticated messages.

  If there are already clients using the queue, a secondary queue can be created for nonsigned messages. WCF services can listen to more then one queue. Still, the sender and receiver have to have permissions on the queue ACL in able to use it.

Note that this action will allow anyone in the network to send messages to the queue.

For more information read "Allow anonymous users to send to the queue" page topic.