Freigeben über


Managing server authentication

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Managing server authentication

Server authentication is used by clients to authenticate queries sent to domain controllers and Message Queuing servers. A client can verify that the query results have not been tampered with and that the results were returned by the correct domain controller or Message Queuing server. The method used for server authentication depends on the version of Message Queuing (and hence the operating system) running on the server and the client. The following table shows the method used for each situation.

Client Server Server authentication method

Message Queuing client running on Windows Server 2003 family

Windows Server 2003 or Windows 2000 domain controller

Kerberos V5

Message Queuing client running on Windows 2000

Message Queuing server running on Windows Server 2003 family or Windows 2000

Kerberos V5

Message Queuing client on Windows 2000

MSMQ 1.0 controller server running on Windows NT 4.0

Server certificate

MSMQ 1.0 client running on Windows NT 4.0, Windows 98, or Windows 95

Message Queuing server running on Windows Server 2003 family or Windows 2000

Server certificate

Using server certificates

Server certificates are used to authenticate some Message Queuing servers. You need to create and register a server certificate for the following:

  • Message Queuing servers that reply to Active Directory queries from MSMQ 1.0 clients running on Windows NT 4.0, Windows 98, or Windows 95.

  • MSMQ 1.0 controller servers running on Windows NT 4.0 that reply to queries from Message Queuing clients on Windows 2000 computers.

Note that Message Queuing clients running on Windows Server 2003 family or Windows 2000 use Kerberos V5 to authenticate Windows Server 2003 family or Windows 2000 Servers, and do not require server certificates.

For information on how to create a server certificate, see Create server certificates for Message Queuing. For information on how to change an existing server certificate, see Change server certificates for Message Queuing.

Server certificates used to authenticate Message Queuing servers must be installed separately from any user (client) certificates that may be installed for message authentication. However, if properly configured, the same certificate can be used by Message Queuing to authenticate servers and by Internet Information Services (IIS) for secure Web (HTTPS) communication.