Event ID - 2123

Event Id2123
SourceMSMQ
DescriptionThe Message Queuing server cannot determine if the local domain controller is trusted for delegation. This may indicate a serious problem.
Event Information According to Microsoft :

Cause :

This event is logged when the Message Queuing server cannot determine if the local domain controller is trusted for delegation.

Resolution :

Enable domain controller delegation

The domain controller must have the Active Directory option Trust computer for delegation enabled.

To perform this procedure, you must have membership in Administrators , or you must have been delegated the appropriate authority.

Note : This procedure applies to Windows Server 2008 only.

Note : Make sure that this computer really should be trusted for delegation before performing this procedure, as trusting for delegation could be a security risk.

To enable delegation for the local domain controller:
  1. Click Start , point to Administrative Tools , right-click Active Directory Users and Computers , and then click Run as administrator .
  2. In the console tree, click Domain Controllers .
  3. Right-click the computer that you want to configure (that is, the local domain controller), and then click Properties .
  4. Click Trust this computer for delegation to any service (Kerberos only) , and then click OK .
  5. Accept any confirmation dialog boxes.
Verify :

You can confirm the presence of the Directory Service Integration feature by doing the following:
  • Verify the registry key setting
  • Verify that the computer is joined to the correct domain
  • Verify Active Directory operation
To perform these procedures, you must have membership in Administrators , or you must have been delegated the appropriate authority.

Caution : Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

Verify the registry key setting

To verify the registry key setting:
  1. Open Registry Editor. To open Registry Editor, click Start . In the search box, type regedit , and then press ENTER.
  2. In Registry Editor, expand HKEY_LOCAL_MACHINE , expand SOFTWARE , expand Microsoft , expand MSMQ , and then click Setup .
  3. In the details pane, double-click msmq_ADIntegrated .
  4. Confirm that Value data is set to 1 .
  5. Under MSMQ , expand Parameters .
  6. In the details pane, double-click Workgroup .
  7. Confirm that Value data is not set to 1 .
Verify that the computer is joined to the correct domain

To verify that the computer is joined to the correct domain:
  1. Open Server Manager. To open Server Manager, click Start , point to Administrative Tools , and then click Server Manager .
  2. Confirm that the domain that is listed in Computer Information is the correct domain.
Verify Active Directory operation

You can confirm that Active Directory is operating correctly by verifying that the Public Queue feature is enabled in Message Queuing.

To verify that the Public Queue feature is enabled:
  1. Open the Computer Management snap-in. To open Computer Management, click Start . In the search box, type compmgmt.msc , and then press ENTER.
  2. Navigate to MSMQ .
  3. If the Public Queues folder exists and you can right-click the folder, Message Queuing is operating correctly in domain mode with Active Directory Integration.
  4. For further confirmation, run a test application that uses the Active Directory features that you require.
Reference LinksEvent ID 2123 from MSMQ

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh