security context could not be retrieved

Hot Topic

Deployment
New Java Driver spec
How can i insert a default row if it doenst exists already?
Problem conecting to the same DB from two applications
How can I connect to Microsoft SQL Server 2005 CTP with Microsoft SQL Server 2005 Express Manager?
Sub report ocassionally forcing page break when printing
Active (non executed) objects will still drain performance!?
Multiple variables on a Script transformation
Cannot import file from Mainframe
enforcing password complexity in sql server 2000

SQL Server

Help with new server registration
Cannot create a connection to data source 'mydatasourcename'.
Object Explorer - Default Database
SQL Express user permissions?
Error in creating a simple asp.net app similar to sample.net (as2000 samples)
Creating a Subtotal of select Groups
Stored Procedure being saved in System Stored Procedures
SQL CMD and Scripting
Problem in specifiying GUID as key column in AS 2000
How to convert SDF to XML?

security context could not be retrieved

some time back i had problem with sending the service broker messages on remote machine,

I had some security issues and they were resolved by the help of Remusu.

since the ip of the remote machine was changed in between so i just re-executed the same scrips which used to successfully send messages on the remote machine.(I just updated the IP in the route )

To my surprise same script did not work now where as no change have been made.

I am doing the following:

1.Created the certificate and end point on the sender side. back up the certificate in a file and copied to the other machine.
same step was repeated for receiving side as well.

2.both the side i created the certificates using the back up files from other sidend proper authorization

3.Then I created the database,route,messagetypes,contract,queues,services etc both the side.

4. then i setup dialog security(ie.created the dialog security certificates both the sides and back up them). Later I copied these back up files to each other, create some dialog user and create certificate using authorization to these remote dialog users created.

5.I also created remote service binding on both the sides and granted send permission to the remote dialog user.

When i send the message from sender to the receiver, and run the profiler, I see that on the sending side none of the broker event gives any error.

In the recever side I get the followng Event:
Broker:Message Undeliverable

This message could not be delivered because the security context could not be retrieved.
Error 11229.


I m surprised that the same script was run in the same order,Why was it running before and not now.

I also checked the End points using telnet and they seem to be fine. Also the firewall was "Off" on both the machines i.e. there was no change in system state also. 

Please provide the solution. Thanks in advance.

Answer this question

security context could not be retrieved

  • jonathanVerrier

    Hello Remusu,

    The ip of the machine was changed when it was re-started (it did not had a static ip).

    Any way the script which i ran was re-creating the databases on both the sender and target and then sending the message from sender to target so it should not affect.

    I did not understand what do u mean by "target is now restored back in time".

    I checked the converdsation_endpoint on the initiator and it is showing send_sequence as 1 (or 2for some messages) and receive_sequence is 0.

    for target I did not get any thing in the sys.transmission_queue,sys.conversation_endpoints i.e. both of them are empty and does not display any thing when i use select * from sys.conversation_endpoints.


    I am really frustrated with this.

  • Steven Don

    Please turn on the 'Security Audit\Audit Broker Conversation' event in the profiler on the target, it should give a detailed reason why the 'security context could not be retrieved'.

    One we know that, we can say why the script worked once but doesn't work again.

    HTH,
    ~ Remus



  • LopuX

    Can you save the traces and send them to me at remus.rusanu@microsoft.com This data doesn't make too much sense to me either.

    Thanks,
    ~ Remus



  • Sebastien St-Laurent

    What are the values of the other columns of the event in Profiler A description of the columns is here: http://msdn2.microsoft.com/en-us/library/ms191483(SQL.90).aspx

    Specially I'm interested what the dropped message sequence number and fragment number are.

    Thanks,
    ~ Remus



  • Keith M. Dennis

    I have the exact same problem happening. Looking forward to the answers...

  • alaonso

    After looking through the trace, the problem is showed by this trace record: Audit Broker Conversation 1 - No Security Header

    The subclass 'No Security Header' is caused because the timestamp of the sent messages is not accepted by the target. Problem turned out to be a clock difference of one hour between machines. The maximum accepted time difference is 30 min.



  • Mukesh Joshi

    Well, though there is no error for event 'Audit Broker Conversation' but i see that Event SubClass for this event shows 1-No Security Header.

    by refering MSDN for this subclass i understood that the Service broker message did not contain a session key. Is that some thing to do with the Send Script

    As a side note, in the sender side though i have subsrcibed for all the service broker related events, I get only event periodically that is "Broker:Remote Message Acknowledgement" with it's subclass as "1 - Message with Acknowledgement Sent".

    Thanks

  • Patrick Boyd

    How did the IP address of the target changed Was the database backed up/restored on a different machine

    I suspect that the sender and target are now out of sync in time. I.e. the sender has already received acks for some messages from the target, but the target is now restored back in time and no longer has the messages that he acknowledged first.

    Can you look at the conversation endpoints (sys.conversation_endpoints) on the initiator and the target and see if what is the send_sequence and receive_sequence Pair endpoints can be identified by the conversation_id column, it has the same value on both endpoints. Also look at the sender's sys.transmission_queue. what you're looking for is a situation when the sender is sending message with sequence number N (there is no with sequence number less than N in sys.transmission_queue), but the target has a receive_sequence less than N.

    HTH,
    ~ Remus



  • DanVC

    Hi I am also facing the same error and did check out the timstamp. It was the same. I am running service broker in the same server but different Instances. Thats why I don't think its a issue with the timestamp. I would appreatiate any other suggestions.

    thankyou

    Sunny

  • Mohammad Javadpur

    My initiator has the following values at the sys.conversation_endpoints

    lifetime = 2075-04-29 19:17:31.107

    security_timestamp = 1900-01-01 00:00:00.000

    dialog_timer = 1900-01-01 00:00:00.000

    send_sequence = 1

    DevGal wrote:
    I have the exact same problem happening. Looking forward to the answers...

  • Chris_Jose

    On the target and the initiator , Though I have selected all the events in the trace related to Service broker (and Audit) , Only these events are coming up on the Initiator:
    Broker:Conversation Group
    Broker:Conversation
    Broker:Connection
    Audit Broker Login
    Broker:Remote message Acknowledgement

    On the target only the following events are coming up:

    Broker:Connection
    Audit Broker Login

    following events comes up Repeatedly
    Broker:Message Classify 
    Audit Broker Conversation 
    Broker:Message Undeliverable
    Broker:Message Classify 
    Audit Broker Conversation 
    Broker:Message Undeliverable


    I am surprised that I did not see the listing of the Event 'Broker:Message Drop' on the event selection tab.

    I did selected the 'Broker:Forwarded Message Dropped' on both the taget and initiator but this event never came up in the trace.

    So i donot know how to get the dropped message sequence number and fragment number.

    Thanks

    PS:however in the broker :Message undeliverable event i see that the sequence number starts from 33850 and incrementing by 1 each time the event is repeating.

    The field integer data (i.e. the fagment number) remains 0 all the repeatation of this event.

    similarly for the initiator, the event Broker:Remote message Acknowledgement is the only one which is repeating and sequence number for this event starts from 10368 and incrementing by 1 each time the event is repeating.
    The field integer data (i.e. the fagment number) remains 0 all the repeatation of this event.

    I don't know if this data make any sense for u but just in case, i am writing.
  • security context could not be retrieved
Answer this question