I am experiencing an issue with a MSMQ receive location setup in BizTalk. I am looking for ideas on resolution. Your help in this regard is much appreciated!

Here is the setup:

BizTalk Server – Windows Server 2012 - Hosted on a domain

a) The MSMQ Receive location points to a remote private queue

b) BizTalk MSMQ host instance runs under a domain account

Server hosting MSMQ – Windows Server 2008 R2 - Not on domain

a) Setup a private transactional and non-transactional queue

b) Provided Everyone, Anonymous, and Network Service users full control over both queues c) Created a shadow account, bthost.instance, with the same password to determine if that resolves the issue

Here are some of the steps I used to troubleshoot:

1. When I enable the receive location within BizTalk, I receive an error stating that “The user does not have permissions to receive messages. Please check the queue permissions. "

2. I am able to send successfully to a queue hosted on the MSMQ Server. However, MSMQ uses different protocols for receive (RPC) and send (TCP). I believe this explains the discrepancy.

3. I am able to receive successfully from a queue that is hosted on another server that is on the domain. I am encountering issues with queues hosted on a server that is not on the domain.

4. I have followed directions from the following blog post. I have ensured DTC is configured appropriately, windows firewall exceptions have been set for Message Queuing and Cleared the ‘Disable un-authenticated RPC calls’ from the Message Queuing Server Security settings from Computer Management (both on the BizTalk and server that hosts the message queue)

5. Based on the following Technet article, Added a registry setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\Security\NewRemoteReadServerAllowNoneSecurityClient and set it to 1

6. Tested with both TCP:IP address and OS:Server Name conventions.** Both convention results in the same error above. FORMATNAME:DIRECT=TCP:xxx.xx.x.xx\PRIVATE$\QueueName and FORMATNAME:DIRECT=OS:ServerName\PRIVATE$\QueueName

7. I wrote a C# console program to read from the same transactional queue. I executed the console program from the BizTalk server. I noticed that I was able to read from the queue using my AD credentials. However, I was unable to read using the BizTalk host credentials. I am receiving a "Access to message queuing system is denied".

We have an option to set username/password in the receive location from BizTalk. I used my domain credentials and got the same error. My hunch is that the BizTalk host credentials are probably still being used to initiate the RPC call.