Activation problems

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

John Cantley - 01 Feb 2008 20:34 GMT

I have service broker running between two instances. That works fine. What I
am doing when I get the response back from the target is to log the response
time and some other information out of the xml (cast as varchar). So I call
the stored proc and it fails everytime. I have a user (ServiceBrokerLogger)
setup that I execute these procs as. If I disable the Activation and run the
ProcessMemberResponses in sql management studio it runs just fine, so I know
it is a rights thing. Also if I change the ProcessMemberResponses to just do
an insert on a local table in the same database that works just fine. So
here is the setup. What else do I need here to get this to work? The rights
of the users are after the scripts.

Alter QUEUE [dbo].[MemberUpdateInitQueue]
WITH STATUS = ON ,
RETENTION = OFF ,
ACTIVATION
(
STATUS = ON ,
PROCEDURE_NAME = [dbo].[ProcessMemberResponses] ,
MAX_QUEUE_READERS = 1 ,
EXECUTE AS 'ServiceBrokerLogger'
)

The activated stored proc

Create Procedure ProcessMemberResponses
With Execute AS 'ServiceBrokerLogger'
AS.......
(the stored proc call)
exec [MemberUpdateLogging].[dbo].[logMemberUpdate] @ConversationID=@ch,
@X=@xml

The target of the activated procedure

Create Procedure [dbo].[logMemberUpdate]
@ConversationID uniqueidentifier,
@X varchar(8000)
WITH EXECUTE AS 'ServiceBrokerLogger'
as

Login Script
CREATE LOGIN [ServiceBrokerLogger]
WITH PASSWORD=N'blahblah',
DEFAULT_DATABASE=[UCC],
DEFAULT_LANGUAGE=[us_english],
CHECK_EXPIRATION=OFF,
CHECK_POLICY=OFF

User Scripts
USE [MemberUpdateLogging]
GO
CREATE USER [ServiceBrokerLogger]
FOR LOGIN [ServiceBrokerLogger]
WITH DEFAULT_SCHEMA=[dbo]
Rights on db
dbDataReader
dbDataWriter
dbOwner
Public
sp_execute

USE [UCC]
GO
CREATE USER [ServiceBrokerLogger]
FOR LOGIN [ServiceBrokerLogger]
WITH DEFAULT_SCHEMA=[dbo]
Rights on db
dbDataReader
dbDataWriter
dbOwner
Public
sp_execute

Reply to this Message

Craig Thomas - 02 Feb 2008 03:48 GMT

John,

The root issue you're facing is permissions, right?

Are you getting messages like this in your event log:
The activated proc [dbo].[ProcessMemberResponses] running on queue
MemberUpdateQueue output the following: 'The server principal
ServiceBrokerLogger is not able to access the database 'MemberUpdateLogging'
under the current security context.'

Probably get a few of those messages, then your queue is disabled with
"The activated proc [dbo].[ProcessMemberResponses] running on queue
MemberUpdateQueue output the following: 'The service queue
'MemberUpdateInitQueue' is currently disabled.'

If so, the remedy is certificate based authentication for your
cross-database execution.

The steps are roughly:
1) change your ProcessMemberResponses procedure to EXECUTE AS OWNER
2) Create a certificate in the database where your service broker service
procedure is executing (that's [UCC], right?)
3) Sign the ProcessMemberResponses procedure with the certificate
4) discard the primary key from the certificate
5) backup the certificate to a file
6) In the other database ([MemberUpdateLogging]) create a certificate from
the file. At this point you have the public key of the certificate in the
MemberUpdateLogging database.
7) Create a user, say ProcessMemberResponsesUser, from the certificate.
8) Grant authenticate to the ProcessMemberResponsesUser
9) Grant execute on [dbo].[logMemberUpdate] to ProcessMemberResponsesUser
10) voila

These steps are from Chapter 4 of Klaus Aschenbrenner's book Pro SQL Server
2005 Service Broker. I'd heartily recommend this book.

Hope that helps.

Thanks,
--Craig.

> I have service broker running between two instances. That works fine. What I
> am doing when I get the response back from the target is to log the response
[quoted text clipped - 67 lines]
> Public
> sp_execute

Reply to this Message