Post reply

Service Broker Error... The certificate's private key cannot be found

  • April 15, 2014 at 4:26 pm

    #292453

    Hi,

    I am by no means an expert on SB, but I thought I had my head around it until this happened...

    I set up Service broker (2008R2 -> 2012) across different servers and domains using certificates.

    I set up 2 queues (one for sending, one for receiving)

    I set up 6 services (3 for send, 3 for receive), all 3 sharing the same queue type. (srv_send_1, srv_send_2, srv_send_3), (srv_receive_1, srv_receive_2, srv_receive_3).

    I set up a route for each receiving service on the source, and for each sending service on the target.

    I set up a SB binding to the remote for each sender service type.

    I granted send rights to the sending services on the source server.

    I then tested my first service, and it worked perfectly (still works).

    My second service however is failing with the error "The certificate's private key cannot be found".

    I am stumped, as all the setup code was a lot of copy/paste which I have checked, rechecked and even re-coded.

    Basically, here is what Im doing:

    ...

    begin dialog @ConversationHandle

    FROM Service srv_send_1

    TO Service 'srv_receive_1'

    ON CONTRACT myContract

    WITH ENCRYPTION = OFF, LIFETIME = 60*60*24*7;

    SEND ON CONVERSATION @conversationHandle

    MESSAGE TYPE [my_msgtype] (@xml);

    The above code works 100% with service1, but not with service2.

    Note that on profiler, the target server doesnt receive any communication. The error shows on the sender profiler.

    Also, The conversation shows up as CONVERSING in sys.conversation_endpoints and the entry exists in sys.transmission_queue.

    I was wondering if there is some sort of basic thing that Im missing, like do services have to have their own queues or something a SB newbie would miss?

    Also, is there maybe some sort of tool or methodology to testing these things?

    Any help will be greatly appreciated.

    Thanks

    Roman Vinnik

  • April 16, 2014 at 4:50 am

    #1706394

    well, it looks like I solved it... all I needed was a good night sleep 🙂

    Turns out that my Route for Service2 was using the sending service instead of the target service, so effectively I was trying to send to myself using the certificate of the target.

    I should write a tool that auto generates the code for these things!

    Thanks to those who looked at this, sorry to waste your guys time.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply