Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Domain Security
Message
From
29/12/2011 11:29:57
Bonnie DeWitt
Geneva Systems Group
Ellensburg, Washington, United States
 
 
To
All
General information
Forum:
ASP.NET
Category:
Windows Communication Foundation (WCF)
Title:
Domain Security
Environment versions
Environment:
C# 4.0
OS:
Windows Server 2008
Miscellaneous
Thread ID:
01531880
Message ID:
01531880
Views:
99
Hi All,

I've Googled around a bit for this topic, but thought I'd ask a quick question here before I do any more searching.

I have a WCF service (currently hosted from a Console Host, eventually will be a Windows Service), with only netTcp bindings. When doing testing originally, so that I could easily test between machines on my network, I set the security to none, and this works fine:
<netTcpBinding>
    <binding name = netTcpConfig" />
    <security mode="None" />
</netTcpBinding>
Now, we've got a nice setup for using virtual machines (using VMWare's esxi) and we've set up some VM's to be a domain controller and several to be Windows Server 2008 R2 on the domain.

Before setting up the VMs on the domain, I tried testing the service. With the security mode "None", the service could be accessed across VMs. Commenting out the security mode, the service could NOT be accessed (which, of course, is what should happen).

Then we set up the VM's on the domain. But when I first started testing, I had been logged into the *machines* (as Administrator) rather than into the *domain*. With the security mode still commented out, the service could now be accessed across VMs, presumably because the machines were members of the domain (even though I was not logged on to the domain).

However, and here's the problem, once I logged onto the domain, the service could not be accessed across the VMs and I get an error message: "A call to SSPI failed, see inner exception". As I said, I've been Googling and finding lots of different suggestions. I'd like to know which way to go before blindly following some of these suggestions (not sure I can easily find the inner exception either, but I haven't tried yet either). Suggestions have been made such as using an identity tag in my config and specifying either a userPrincipalName or a servicePrincipalName. Even so, I'm not sure what those should be and where they should go (client? service?). And, why were the VMs able to communicate with each other when logged in at the machine level, but not when logged in to the domain?

TIA,
~~Bonnie
Bonnie Berent DeWitt
NET/C# MVP since 2003

http://geek-goddess-bonnie.blogspot.com
Next
Reply
Map
View

Click here to load this message in the networking platform