Table of Contents
- Why is my Message Queuing service failing after the Windows December 2025 update?
- Critical Advisory: MSMQ Failures Following December 2025 Windows Security Updates
- Affected Platforms and KB Identifiers
- Technical Symptoms and Diagnostics
- Root Cause Analysis: NTFS Permission Changes
- Current Status and Mitigation
Why is my Message Queuing service failing after the Windows December 2025 update?
Critical Advisory: MSMQ Failures Following December 2025 Windows Security Updates
System administrators and IT professionals must be aware of a critical operational failure affecting the Microsoft Message Queuing (MSMQ) service. Microsoft confirmed that the security updates released on December 9, 2025, introduced a regression that disrupts message queue functionality across specific Windows 10 and Windows Server environments.
Affected Platforms and KB Identifiers
The issue stems from the December 2025 cumulative updates. If your infrastructure relies on MSMQ, verify if the following updates were installed on your endpoints or servers:
- Windows Server 2016 & Windows 10 1607 Enterprise LTSC: Update KB5071543
- Windows Server 2019 & Windows 10 2019 Enterprise LTSC: Update KB5071544
- Windows 10 22H2 (with ESU license): Update KB5071546
Technical Symptoms and Diagnostics
This regression impacts both standalone and clustered MSMQ environments under load. The failure often manifests as resource exhaustion errors, which can mislead administrators during initial troubleshooting.
Monitor your systems for the following specific behaviors:
- Service Stagnation: MSMQ queues become inactive or unresponsive without warning.
- IIS Failures: Internet Information Services (IIS) sites dependent on queuing fail, returning the error: “Not enough resources to complete the operation.”
- Write Failures: Applications lose the ability to write data to queues.
- File Creation Errors: The system fails to create message files, specifically logging errors regarding C:\Windows\System32\msmq\storage\*.mq.
- Misleading Logs: Event logs may report insufficient storage space or memory. Note: This is a false positive; the physical resources are likely available, but the service cannot access them due to permission blocks.
Root Cause Analysis: NTFS Permission Changes
Microsoft engineers identified the root cause as a modification to the MSMQ security model within the recent patch.
The update altered the NTFS permissions for the critical directory: C:\Windows\System32\MSMQ\storage
Previously, write access to this folder was restricted to the Administrators group. The December 2025 update introduced a change where the standard MSMQ user context now requires write access to this directory to function correctly. Because these permissions were not automatically granted during the update process, the service fails when it attempts to write data, triggering the “insufficient resources” error messages.
Current Status and Mitigation
As of December 12, 2025, Microsoft has listed this as a “Known Issue” on the Windows Release Health Dashboard. There is currently no official patch to reverse this behavior.
Microsoft is investigating the problem. Until a rollback or a new cumulative update is released, administrators should monitor the System32\MSMQ\storage folder permissions. While Microsoft has not officially detailed a manual workaround, the root cause suggests that auditing and adjusting access control lists (ACLs) for this specific folder may provide temporary relief for critical production environments.