WAITFOR
( RECEIVE TOP(1)
    @RecvReplyDlgHandle = conversation_handle,
    @RecvReplyMsg = message_body
  FROM InstInitiatorQueue
), TIMEOUT 1000;

WAITFOR
( RECEIVE TOP(1)
    @RecvReplyDlgHandle = conversation_handle,
    @RecvReplyMsg = message_body
  FROM InstInitiatorQueue
), TIMEOUT 1000;
if @@ROWCOUNT = 1
    end conversation @RecvReplyDlgHandle
else begin
     throw 50000, 'Ошибка! в очереди нет сообщений для обработки', 1
     --какие то действия при данной ситуации
end

select coalesce(try_convert(xml, [message_body]), try_convert(varchar(max), [message_body]), '') from sys.transmission_queue

select * from sys.routes
select * from sys.remote_service_bindings
select * from sys.service_broker_endpoints

alter endpoint [ServiceBrokerEndPoint]
state = STOPPED;

alter endpoint [ServiceBrokerEndPoint]
FOR SERVICE_BROKER (  
    AUTHENTICATION = CERTIFICATE EndPointCertificateA
   , ENCRYPTION = SUPPORTED, ALGIRITHM RC4;

alter endpoint [ServiceBrokerEndPoint]
state = STARTED;

--на сервере №1
CREATE ENDPOINT [endpoint_server1] STATE = STARTED AS TCP (LISTENER_PORT=4022) FOR SERVICE_BROKER (AUTHENTICATION = WINDOWS, ENCRYPTION = REQUIRED);
CREATE LOGIN [mydomain\sql2] FROM WINDOWS;
GRANT CONNECT ON ENDPOINT::[endpoint_server1] TO [mydomain\sql2];
--на сервере №2
CREATE ENDPOINT [endpoint_server2] STATE = STARTED AS TCP (LISTENER_PORT=4022) FOR SERVICE_BROKER (AUTHENTICATION = WINDOWS, ENCRYPTION = REQUIRED);
CREATE LOGIN [mydomain\sql1] FROM WINDOWS;
GRANT CONNECT ON ENDPOINT::[endpoint_server2] TO [mydomain\sql1];

--на сервере №1
CREATE LOGIN [mydomain\sqlserver2$] FROM WINDOWS;
--на сервере №2
CREATE LOGIN [mydomain\sqlserver1$] FROM WINDOWS;

USE master;
GO

ALTER SERVICE MASTER KEY REGENERATE;
GO
DECLARE @backupFile NVARCHAR(128) = CONVERT(NVARCHAR(128), SERVERPROPERTY('InstanceDefaultDataPath')) + REPLACE(@@SERVERNAME, '\', '_') + '.key';
EXEC (N'BACKUP SERVICE MASTER KEY TO FILE = ''' + @backupFile + N'''ENCRYPTION BY PASSWORD = ''123456'';');
GO

USE master;
GO

IF NOT EXISTS (SELECT 1 FROM sys.symmetric_keys WHERE [name] = '##MS_DatabaseMasterKey##') CREATE MASTER KEY ENCRYPTION BY PASSWORD = '123456';
GO
IF NOT EXISTS (SELECT 1 FROM sys.databases WHERE [is_master_key_encrypted_by_server] = 1) ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY;
GO
IF NOT EXISTS (SELECT 1 FROM sys.certificates WHERE [name] = 'main_cert') CREATE CERTIFICATE [main_cert] WITH SUBJECT = 'Main machine certificate';
GO

DECLARE @backupFile NVARCHAR(128) = CONVERT(NVARCHAR(128), SERVERPROPERTY('InstanceDefaultDataPath')) + 'main_cert.cer';
EXEC (N'BACKUP CERTIFICATE [main_cert] TO FILE = ''' + @backupFile + ''';');
GO

CREATE ENDPOINT [main_endpoint] STATE = STARTED AS TCP (LISTENER_PORT=4022) FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE [main_cert], ENCRYPTION = REQUIRED ALGORITHM AES);

USE master;
GO

ALTER SERVICE MASTER KEY REGENERATE;
GO
DECLARE @backupFile NVARCHAR(128) = CONVERT(NVARCHAR(128), SERVERPROPERTY('InstanceDefaultDataPath')) + REPLACE(@@SERVERNAME, '\', '_') + '.key';
EXEC (N'BACKUP SERVICE MASTER KEY TO FILE = ''' + @backupFile + N'''ENCRYPTION BY PASSWORD = ''123456'';');
GO

USE master;
GO

IF NOT EXISTS (SELECT 1 FROM sys.symmetric_keys WHERE [name] = '##MS_DatabaseMasterKey##') CREATE MASTER KEY ENCRYPTION BY PASSWORD = '123456';
GO
IF NOT EXISTS (SELECT 1 FROM sys.databases WHERE [is_master_key_encrypted_by_server] = 1) ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY;
GO
IF NOT EXISTS (SELECT 1 FROM sys.certificates WHERE [name] = 'note_cert') CREATE CERTIFICATE [note_cert] WITH SUBJECT = 'Notebook certificate';
GO

DECLARE @backupFile NVARCHAR(128) = CONVERT(NVARCHAR(128), SERVERPROPERTY('InstanceDefaultDataPath')) + 'note_cert.cer';
EXEC (N'BACKUP CERTIFICATE [note_cert] TO FILE = ''' + @backupFile + ''';');
GO

CREATE ENDPOINT [note_endpoint] STATE = STARTED AS TCP (LISTENER_PORT=4022) FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE [note_cert], ENCRYPTION = REQUIRED ALGORITHM AES);

SELECT * FROM sys.service_broker_endpoints; --представление показывает что у нас настроены конечные точки слушающие порт 4022 (может быть любым другим, но такой используется по умолчанию) для входящих подключений компонента Service Broker

CREATE LOGIN [note_user] with password = '123456';
CREATE USER [note_user];
CREATE CERTIFICATE [note_cert] AUTHORIZATION [note_user] FROM FILE = 'C:\Users\felix_ff\note_cert.cer';
GRANT CONNECT ON ENDPOINT::main_endpoint TO [note_user];

CREATE LOGIN [main_user] with password = '123456';
CREATE USER [main_user];
CREATE CERTIFICATE [main_cert] AUTHORIZATION [main_user] FROM FILE = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\main_cert.cer';
GRANT CONNECT ON ENDPOINT::note_endpoint TO [main_user];

--основной комп:
USE [master];
GO
IF EXISTS (SELECT 1 FROM sys.databases WHERE [name] = 'SB_test') DROP DATABASE [SB_test];
GO
CREATE DATABASE [SB_test];
GO
IF NOT EXISTS (SELECT 1 FROM sys.databases WHERE [name] = 'SB_test' AND [is_broker_enabled] = 1) ALTER DATABASE [SB_test] SET ENABLE_BROKER;
GO
USE [SB_test];
GO

CREATE MESSAGE TYPE [//SB_test/MessageTypes/test_msg] VALIDATION = NONE;
CREATE CONTRACT [//SB_test/Contracts/test_contract] (
  [//SB_test/MessageTypes/test_msg] SENT BY ANY
);
CREATE QUEUE [//SB_test/Queues/Inbound];
CREATE QUEUE [//SB_test/Queues/Outbound];

CREATE SERVICE [//SB_test/Services/main_service_inbound] ON QUEUE [//SB_test/Queues/Inbound] ([//SB_test/Contracts/test_contract]);
CREATE SERVICE [//SB_test/Services/main_service_outbound] ON QUEUE [//SB_test/Queues/Outbound] ([//SB_test/Contracts/test_contract]);
GO

--ноут:
USE [master];
GO
IF EXISTS (SELECT 1 FROM sys.databases WHERE [name] = 'SB_test') DROP DATABASE [SB_test];
GO
CREATE DATABASE [SB_test];
GO
IF NOT EXISTS (SELECT 1 FROM sys.databases WHERE [name] = 'SB_test' AND [is_broker_enabled] = 1) ALTER DATABASE [SB_test] SET ENABLE_BROKER;
GO
USE [SB_test];
GO

CREATE MESSAGE TYPE [//SB_test/MessageTypes/test_msg] VALIDATION = NONE;
CREATE CONTRACT [//SB_test/Contracts/test_contract] (
  [//SB_test/MessageTypes/test_msg] SENT BY ANY
);
CREATE QUEUE [//SB_test/Queues/Inbound];
CREATE QUEUE [//SB_test/Queues/Outbound];

CREATE SERVICE [//SB_test/Services/note_service_inbound] ON QUEUE [//SB_test/Queues/Inbound] ([//SB_test/Contracts/test_contract]);
CREATE SERVICE [//SB_test/Services/note_service_outbound] ON QUEUE [//SB_test/Queues/Outbound] ([//SB_test/Contracts/test_contract]);
GO

IF OBJECT_ID('[dbo].[sb_clear]', N'P') IS NULL EXEC(N'create procedure [dbo].[sb_clear] as select 0;');
GO
ALTER PROCEDURE [dbo].[sb_clear]
AS
DECLARE @sql NVARCHAR(MAX) = N''
SELECT @sql = @sql + REPLACE('END CONVERSATION "' + CONVERT(NVARCHAR(36), [conversation_handle]) + '" WITH CLEANUP', NCHAR(34), NCHAR(39)) + NCHAR(59) + NCHAR(13) + NCHAR(10) FROM sys.conversation_endpoints WHERE [state] <> 'CD';
PRINT @sql;
EXEC (@sql);
GO

IF OBJECT_ID('[dbo].[sb_get]', N'P') IS NULL EXEC(N'CREATE PROCEDURE [dbo].[sb_get] AS SELECT 0;');
GO
ALTER PROCEDURE [dbo].[sb_get]
AS
SELECT
     'sys.conversation_endpoints' AS [desc],
     [conversation_handle],
     [is_initiator],
     [state_desc],
     [far_service],
     [far_broker_instance],
     [outbound_session_key_identifier] AS [ok],
     [inbound_session_key_identifier] AS [ik]
FROM sys.conversation_endpoints;

SELECT
      'sys.transmission_queue' AS [desc],
      [conversation_handle],
      [to_service_name],
      [to_broker_instance],
      [from_service_name],
      [message_type_name],
      [transmission_status],
      CONVERT(VARCHAR(MAX), [message_body]) AS [msg],
      CONVERT(NVARCHAR(MAX), [message_body]) AS [msg2]
FROM sys.transmission_queue;

SELECT
      'sys.dm_broker_connections' AS [desc],
      [connection_id],
      [state_desc],
      [connect_time],
      [principal_name],
      [remote_user_name],
      [last_activity_time],
      [is_accept],
      [login_state_desc],
      [peer_certificate_id],
      [encryption_algorithm_desc],
      [total_sends],
      [total_receives]
FROM sys.dm_broker_connections;

SELECT
      'service_to_certs_relations' AS [desc],
      USER_NAME(s.[principal_id]) AS [service_owner],
      s.[name] AS [service_name],
      c.[name] AS [cert_name],
      USER_NAME(c.[principal_id]) AS [cert_owner],
      c.[certificate_id] AS [cert_id],
      c.[pvt_key_encryption_type_desc],
      c.[is_active_for_begin_dialog],
      IIF(c.[issuer_name] <> c.[subject], CONCAT('issuer:', c.[issuer_name], CHAR(32), 'subject:', c.[subject]), c.[subject]) AS [comment],
      c.[start_date],
      c.[expiry_date],
      c.[pvt_key_last_backup_date]
FROM sys.services s
    JOIN sys.certificates c ON c.[principal_id] = s.[principal_id];

SELECT
      'remote_service_bindings' AS [desc],
      USER_NAME([remote_principal_id]) AS [remote_login],
      *
FROM sys.remote_service_bindings;
GO

USE [SB_test];
GO
SELECT [service_broker_guid] FROM sys.databases WHERE database_id = DB_ID(); --EC1080D9-AF1F-490A-97D8-47682754FB16
GO

IF EXISTS (SELECT 1 FROM sys.routes WHERE [name] = 'route_to_note') DROP ROUTE [route_to_note];
GO
CREATE ROUTE [route_to_note] WITH SERVICE_NAME = '//SB_test/Services/note_service_inbound', ADDRESS = 'TCP://192.168.1.205:4022', BROKER_INSTANCE = '1FEEA52E-452B-459E-8DB7-66067445303E';

А на ноуте нам нужен обратный маршрут что бы служба понимала куда ей отвечать:
[src]
IF EXISTS (SELECT 1 FROM sys.routes WHERE [name] = 'route_to_main') DROP ROUTE [route_to_main];
GO
CREATE ROUTE [route_to_main] WITH SERVICE_NAME = '//SB_test/Services/main_service_outbound', ADDRESS = 'TCP://192.168.1.20:4022', BROKER_INSTANCE = 'EC1080D9-AF1F-490A-97D8-47682754FB16';

--на основном компе:
USE [SB_test];
GO

DECLARE @config TABLE ([name] sysname, [mininum] int, [maximum] int, [config_value] int, run_value int);
INSERT INTO @config
  EXEC sp_configure;
IF NOT EXISTS (SELECT 1 FROM @config WHERE [name] = 'xp_cmdshell' AND [run_value] = 1) EXEC (N'sp_configure "xp_cmdshell", 1; RECONFIGURE;');
GO

CREATE USER [main_service_owner] WITHOUT LOGIN; 
ALTER AUTHORIZATION ON SERVICE::[//SB_test/Services/main_service_inbound] TO [main_service_owner];
ALTER AUTHORIZATION ON SERVICE::[//SB_test/Services/main_service_outbound] TO [main_service_owner];
GO

IF NOT EXISTS (SELECT 1 FROM sys.symmetric_keys WHERE [name] = '##MS_DatabaseMasterKey##') BEGIN
    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'main_service';
    ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY;
END;
GO

IF NOT EXISTS (SELECT 1 FROM sys.certificates WHERe [name] = 'main_service_owner_cert') CREATE CERTIFICATE [main_service_owner_cert] AUTHORIZATION [main_service_owner] WITH SUBJECT = 'Certificate for main service owner dialog security'
GO

DECLARE @backupFile NVARCHAR(128) = CONVERT(NVARCHAR(128), SERVERPROPERTY('InstanceDefaultDataPath')) + 'main_service_owner_cert.cer';
DECLARE @cmd NVARCHAR(512) = 'IF EXIST "' + @backupFile + '" (DEL /Q "' + @backupFile + '")';
EXEC xp_cmdshell @cmd;
EXEC (N'BACKUP CERTIFICATE [main_service_owner_cert] TO FILE = ''' + @backupFile + ''';');
GO

--на ноуте:
USE [SB_test];
GO

DECLARE @config TABLE ([name] sysname, [mininum] int, [maximum] int, [config_value] int, run_value int);
INSERT INTO @config
  EXEC sp_configure;
IF NOT EXISTS (SELECT 1 FROM @config WHERE [name] = 'xp_cmdshell' AND [run_value] = 1) EXEC (N'sp_configure "xp_cmdshell", 1; RECONFIGURE;');
GO

CREATE USER [note_service_owner] WITHOUT LOGIN; 
ALTER AUTHORIZATION ON SERVICE::[//SB_test/Services/note_service_inbound] TO [note_service_owner];
ALTER AUTHORIZATION ON SERVICE::[//SB_test/Services/note_service_outbound] TO [note_service_owner];
GO

IF NOT EXISTS (SELECT 1 FROM sys.symmetric_keys WHERE [name] = '##MS_DatabaseMasterKey##') BEGIN
    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'note_service';
    ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY;
END;
GO

IF NOT EXISTS (SELECT 1 FROM sys.certificates WHERe [name] = 'note_service_owner_cert') CREATE CERTIFICATE [note_service_owner_cert] AUTHORIZATION [note_service_owner] WITH SUBJECT = 'Certificate for notebook service owner dialog security';
GO

DECLARE @backupFile NVARCHAR(128) = CONVERT(NVARCHAR(128), SERVERPROPERTY('InstanceDefaultDataPath')) + 'note_service_owner_cert.cer';
DECLARE @cmd NVARCHAR(512) = 'IF EXIST "' + @backupFile + '" (DEL /Q "' + @backupFile + '")';
EXEC xp_cmdshell @cmd;
EXEC (N'BACKUP CERTIFICATE [note_service_owner_cert] TO FILE = ''' + @backupFile + ''';');
GO

USE [SB_test]
DECLARE @conversation_handle UNIQUEIDENTIFIER;
BEGIN DIALOG CONVERSATION @conversation_handle
FROM SERVICE [//SB_test/Services/main_service_outbound] TO SERVICE '//SB_test/Services/note_service_inbound'
ON CONTRACT [//SB_test/Contracts/test_contract]
WITH ENCRYPTION = OFF; 

SEND ON CONVERSATION @conversation_handle MESSAGE TYPE [//SB_test/MessageTypes/test_msg] ('test message without message security');
GO
WAITFOR DELAY '00:00:05.000'; --задержка сделана специально, потому что если сразу запросить статусы в sys.conversation_endpoints может сложиться мнимое ошущение что ошибка в чем то другом потому что диалог будет в статусе CONVERSING
EXEC [dbo].[sb_get];

SELECT TRY_CONVERT(XML, [message_body]), * FROM [dbo].[//SB_test/Queues/Outbound] WITH(NOLOCK);

<Error xmlns="http://schemas.microsoft.com/SQL/ServiceBroker/Error">
  <Code>-8494</Code>
  <Description>You do not have permission to access the service '//SB_test/Services/note_service_inbound'.</Description>
</Error>

This message could not be delivered because the user with ID 0 in database ID 10 does not have permission to send to the service. Service name: '//SB_test/Services/note_service_inbound'.

grant send on service::[//SB_test/Services/note_service_inbound] to public

Service Broker uses a remote service binding to locate the certificate to use for a new conversation.
The public key in the certificate associated with user_name is used to authenticate messages sent to the remote service and to encrypt a session key that is then used to encrypt the conversation.
The certificate for user_name must correspond to the certificate for a user in the database that hosts the remote service.

EXEC [dbo].[sb_clear];

IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE [name] = 'note_service_owner') CREATE USER [note_service_owner] WITHOUT LOGIN;
IF NOT EXISTS (SELECT 1 FROM sys.certificates WHERE [name] = 'note_service_owner_cert') CREATE CERTIFICATE [note_service_owner_cert] AUTHORIZATION [note_service_owner] FROM FILE = 'C:\Users\felix_ff\note_service_owner_cert.cer';
GRANT SEND ON SERVICE::[//SB_test/Services/main_service_outbound] TO [note_service_owner];
GO

IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE [name] = 'main_service_owner') CREATE USER [main_service_owner] WITHOUT LOGIN;
IF NOT EXISTS (SELECT 1 FROM sys.certificates WHERE [name] = 'main_service_owner_cert') CREATE CERTIFICATE [main_service_owner_cert] AUTHORIZATION [main_service_owner] FROM FILE = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\main_service_owner_cert.cer';
GRANT SEND ON SERVICE::[//SB_test/Services/note_service_inbound] TO [main_service_owner];
GO

CREATE REMOTE SERVICE BINDING [ToNote]
AUTHORIZATION [dbo]
TO SERVICE '//SB_test/Services/note_service_inbound'
WITH USER = [note_service_owner]; --ANONYMOUS = ON

SELECT TRY_CONVERT(XML, [message_body]), * FROM [dbo].[//SB_test/Queues/Inbound] WITH(NOLOCK);
DECLARE @h UNIQUEIDENTIFIER, @message_type_name SYSNAME, @msg VARCHAR(MAX);
WHILE 1=1 BEGIN
     BEGIN TRANSACTION;
     WAITFOR (
	        RECEIVE TOP(1) @h = [conversation_handle],
			               @message_type_name = [message_type_name]
            FROM [dbo].[//SB_test/Queues/Inbound]
	 ), TIMEOUT 1000
	 IF @@ROWCOUNT <= 0 BEGIN
	     ROLLBACK TRANSACTION;
		 BREAK;
	 END;
	 IF @message_type_name NOT IN ('http://schemas.microsoft.com/SQL/ServiceBroker/Error', 'http://schemas.microsoft.com/SQL/ServiceBroker/EndDialog', 'http://schemas.microsoft.com/SQL/ServiceBroker/DialogTimer') BEGIN
	     SET @msg = 'answer on conversation ' + CONVERT(VARCHAR(36), @h);
	     SEND ON CONVERSATION @h MESSAGE TYPE [//SB_test/MessageTypes/test_msg] (@msg);
	 END;
	 END CONVERSATION @h;
	 COMMIT TRANSACTION;
END;
GO