My security configuration is out-of-the-box, and all my queue deployments mirror the example ones that permit guest access. All clients, both in-container (JMSRA) and outside it connect without user/password credentials. The DB change was scheduled for today. However, a couple of days ago a colleague stubmbled across this: http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg31913.html On a whim, I decided to try bumping jboss.security:JaasSecurityManager.DefaultCacheTimeout from 1800 to 31536000 (1 year). As a result of this change, the failures seem to have stopped. It certainly looks at this point like none of this was JBM's fault, and instead caused by some faulty invalidation code in SX. I won't be able to change my user/role configuration without restarting the server anymore, but I can live with that if my transactions stop dying mysterious deaths. :) Thanks for all your help gentlemen. The ML thread suggests the issue is old and known, but do let me know if I can offer something further. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4165323#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...