Event Id | 2196 |
Source | MSMQ |
Description | Message Queuing failed to verify digital signature of a message sent to queue %1. The message was rejected. A negative arrival acknowledgement will be sent if requested by the sender. This event is logged at most once per %2 seconds. To change this setting, set \HKLM\Software\Microsoft\MSMQ\Parameters\Event2196 registry value to desired time in seconds. |
Event Information | According to Microsoft : Cause : This event is logged when Message Queuing failed to verify digital signature of a message sent to queue. Resolution : Confirm that the Message Queuing application is using a strong hash function and that it has a valid user certificate The message's signature could not be verified. This may indicate the following issues:
By default, Message Queuing 4.0 does not support certain weaker security algorithms that were available in earlier versions of Message Queuing. Support for the weaker security algorithms can be enabled with a registry entry. Message Queuing has historically offered four hashing algorithms with which to sign a message: MD2, MD4, MD5, and SHA1. In previous versions of Message Queuing, MD5 was the default for most message and SHA1 was used for Hypertext Transfer Protocol (HTTP) and multicast messaging, which were introduced in Message Queuing 3.0. SHA1 is now the default for all types of messages, because MD2, MD4, and MD5 have been deprecated as weak. Also, by default, Message Queuing 4.0 will neither accept messages that are signed with these weak algorithms nor generate them. You can enable weaker algorithms on Message Queuing 4.0 to support any Message Queuing applications that require them by adding the registry key (not value) HKLM\SOFTWARE\Microsoft\MSMQ\Parameters\Security\WeakHashAlgorithms . If this registry key is not present, as is the case by default, all weaker algorithms are disabled. If this registry key is present, all weaker algorithms are enabled. To enable only certain weak algorithms, you must add the registry key and then specify the values of those weaker algorithms that you want to continue to disable. Caution : Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data. To perform the following procedures, you must have membership in Administrators , or you must have been delegated the appropriate authority. To continue to disable certain weaker authentication algorithms:
For more information, see the following resources:
To fix an issue with a bad user certificate:
If you think the message was corrupted in transit, there is probably an issue with a level below Message Queuing. If you continue to get this error, note any details in the event message, and then contact Microsoft Customer Service and Support (CSS). Verify : Verify that the MSMQ Service is installed and running. To perform this procedure, you must have membership in Administrators , or you must have been delegated the appropriate authority. To verify that the MSMQ Service is installed and running:
|
Reference Links | Event ID 2196 from MSMQ |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.