MSMQ

I’m getting a Socket error (No buffer space available)

We saw lots of ephemeral sockets being created and destroyed, which overwhelmed Windows.  We were able to get rid of these errors by increasing the number of sockets available and decreasing the time they are in a TIME_WAIT state.  We did that by adding some keys to the registry: 

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, add the following keys: 

TcpTimedWaitDelay: 30 (Decimal)

MaxUserPort: 8FFF (Hexadecimal)

This increases the number of available connections from 16K to 32K, and ensures that connections are only in a TIME_WAIT state for 30 seconds, rather than the default of 120 seconds.  

However, looking at the netstat command, I see 11,000 connections in the ESTABLISHED state connecting to DllHost.  Since you run all the connections sequentially, you probably also want to lower the size of your MSMQ connection pool.  In your bridgegate.xml, you should have the following entry: 

<MSMQ_POOL MIN_SIZE=”2″ MAX_SIZE=”4″ />

You may need to experiment with the min and max values for maximum throughput.  The defaults are 5 and 20, but there are many sockets opened per connection. 

Does BridgeGate support external transactions with MSMQ

We support transactional MSMQ, just not *external* transactions.  

There are two types of transactions with MSMQ.  There is a specific MSMQ transaction service, which we support.  Commit/Rollback is executed through a workflow Action item.  Microsoft also has a method of integrating with external transactions, which can tie the MSMQ transaction in with another transaction (such as SQL Server).  This uses something called DTC (Distributed Transaction Controller, I believe), and this is what we do not currently support.  

Given that the MSMQ access through our product is done through our project, I’m not sure how it would be triggering a DTC transaction, so this requires some additional investigation into the error. 

How To Configure the Firewall to allow DCOM connections on Windows Server 2008

OVERVIEW Windows Server 2008  introduced an improved version of the Windows Firewall as enabled and running by default. As part of that default configuration, DCOM connections to a Windows 2008 (and higher) server are blocked. However, there are various scenarios where it would be advantageous to allow DCOM connections to that server (for instance for the Quick Link Client or ArchiveOne Admin console).

HOW TO STEPS On the Windows 2008 (and higher)  server that you wish to allow DCOM connections to, use the following Microsoft Technet article details how to apply the default firewall rule ‘COM+ Network Access (DCOM In)‘ to permit DCOM connections on TCP port 135: http://technet.microsoft.com/en-us/library/cc774289(v=WS.10).aspx

RPC uses a range of dynamic TCP ports (1024-65535). You can configure RPC to use a static port following the Microsoft Technet article: How to configure RPC dynamic port allocation to work with firewalls This will limit the range of ports you will need to open on the Windows Firewall. If you do not assign a static port, then you will need to create a Firewall rule permitting the entire dynamic range of ports as follows:

  1. On the archive server, open the ‘Windows Firewall’ application from the Control Panel.
  2. Click ‘Advanced Settings’ link in the left-hand pane.
  3. Right-click on the ‘Inbound Rules’ node in the tree view and select ‘New Rule…’ from the context menu.
  4. The ‘New Inbound Rule Wizard’ will open. On the ‘Rule Type’ step, select ‘Custom’ and click the ‘Next’
  5. On the ‘Program’ step, select ‘All Programs’ and click ‘Next’.
  6. On the ‘Protocol and Ports’ step, in the ‘Protocol Type’ dropdown menu select ‘TCP’.
  7. In the ‘Local Port’ dropdown menu select ‘RPC Dynamic Ports’.
  8. In the ‘Remote Port’ dropdown menu select ‘Specific Ports’, and enter ’1024-65535′ in the box beneath.
  9. Click the Next
  10. On the ‘Scope’ page, under ‘Which local IP addresses does this rule apply to?’ select ‘Any IP Address’.
  11. Under ‘Which remote IP addresses does this rule apply to?’ select ‘Any IP Address’ to allow all remote connections, or select ‘These IP addresses’ to enter the specific IP address(es). Click ‘Next’.
    • This is recommended if only one machine or a range of machines are going to connect via DCOM.
  12. On the ‘Action’ page, select ‘Allow the connection’ and click the ‘Next’
  13. On the ‘Profile’ page, select only the ‘Domain’ option and click the ‘Next’
  14. On the ‘Name’ page, name your rule suitably (e.g. ArchiveOne incoming DCOM connections) and click the ‘Finish’
  15. If the rule shows as disabled, enable it.

You have now created the firewall rule to allow DCOM access for ArchiveOne.