How to rebuild the Microsoft Message Queues in Windows 2003 for SM? (NETIQKB73014)

  • Document ID:7773014
  • Creation Date:03-Jun-2011
  • Modified Date:14-Sep-2012
    • Micro Focus Products:
      Security Manager

Environment

NetIQ Security Manager 6.5.4
NetIQ Security Manager 6.5.3
Microsoft Message Queueing (MSMQ)
 

Situation

How to rebuild the Microsoft Message Queues in Windows 2003 for Security Manager?

Resolution

Stop the NetIQ Security Manager service so that new events do not try to come into the queues.

Then (if possible) make sure that the private and outgoing queues are empty.  If they are not processing on their own, it may be necessary to to delete this data


Central Computer:
NOTE**  Right-click on Message Queueing, and select Properties.  On the General tab, put a checkmark in the Limit Message Storage to field, and in the blank to the right, set it to at least 8GB (8388608).  Then click Apply.

Right-click on Private Queues and create the following queues:

netiq.iqsm.request

 - General tab:
There are no message storage limits to set, nor is this a transactional queue, so leave that unchecked.
 - Multicast tab:
No need to set anything here.
 - Security tab:
Add the LOCAL OnePointOp System account and give it Full Control.
Everyone by default should be no access.
Administrators (the local group) should have Full Control.

 netiq.iqsm.response

 - General tab:
There are no message storage limits to set, nor is this a transactional queue, so leave that unchecked.
 - Multicast tab:
No need to set anything here.
 - Security tab:
Add the LOCAL OnePointOp System account and give it Full Control.
Everyone by default should be no access.
Administrators (the local group) should have Full Control.

 netiq.sm.logarchival

 - General tab:
There should be a limit set that is roughly 70 % of the total size allocated to all of MSMQ.
This is a transactional queue, so make sure there is a checkmark in this box when creating it, otherwise you will need to delete it and recreate it.
 - Security tab:
Add the LOCAL OnePointOp System account and give it Full Control.
Everyone by default should be no access.
Administrators (the local group) should have Full Control.


Log Archive Server:
NOTE**  Right-click on Message Queueing, and select Properties.  On the General tab, put a checkmark in the Limit Message Storage to field, and in the blank to the right, set it to at least 8GB (8388608) for each Central Computer sending data to this machine (ie, 3 CC's would be 25165824).  Then click Apply.

Right-click on Private Queues and create the following queues:

netiq.logarchive.import

 - General tab:
There are no message storage limits to set.
This is a transactional queue, so make sure there is a checkmark in this box when creating it, otherwise you will need to delete it and recreate it.
 - Security tab:
Add the LOCAL OnePointOp System account and give it Full Control.
Everyone by default should be no access.
Administrators (the local group) should have Full Control.


netiq.logarchive.index

 - General tab:
There are no message storage limits to set.
This is a transactional queue, so make sure there is a checkmark in this box when creating it, otherwise you will need to delete it and recreate it.
 - Security tab:
Add the LOCAL OnePointOp System account and give it Full Control.
Everyone by default should be no access.
Administrators (the local group) should have Full Control.


Once these are all created, start the Message Queueing service.  The Outgoing queue will be dynamically created by the NetIQ Security Manager Core service.

Cause

This can be used when there is a corrupted MSMQ to rebuild the queues back to original function.

Additional Information

Formerly known as NETIQKB73014

This KB is for Windows 2003 only.