我们有一个使用WCF的现有系统,并且工作正常,直到昨天,当它突然停止在我的机器和另一台开发者机器上工作时。
我在客户端配置中设置系统诊断程序以编写跟踪文件,我们看到以下异常:
Throwing an exception
**Basic Information**
Activity Name Receive bytes on connection 'net.tcp://localhost:8004/'.
Time 2016-01-06 13:38:45.3958
Level Error
Source System.ServiceModel
Process NServiceBus.Host
Thread 219
Computer RL-ZORO-LPT
Trace Identifier/Code http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx
**Exception**
System.ServiceModel.Security.SecurityNegotiationException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Authentication.AuthenticationException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.ComponentModel.Win32Exception, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Exception Type: System.ServiceModel.Security.SecurityNegotiationException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message: A call to SSPI failed, see inner exception.
Stack Trace: System.ServiceModel.Channels.StreamSecurityUpgradeAcceptorAsyncResult.CompleteAuthenticateAsServer(IAsyncResult result)
System.ServiceModel.Channels.StreamSecurityUpgradeAcceptorAsyncResult.OnAuthenticateAsServer(IAsyncResult result)
System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
System.Net.LazyAsyncResult.Complete(IntPtr userToken)
System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
System.Net.Security.SslState.FinishHandshake(Exception e, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ReadFrameCallback(AsyncProtocolRequest asyncRequest)
System.Net.AsyncProtocolRequest.CompleteRequest(Int32 result)
System.Net.FixedSizeReader.CheckCompletionBeforeNextRead(Int32 bytes)
System.Net.FixedSizeReader.ReadCallback(IAsyncResult transportResult)
System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
System.ServiceModel.Channels.ConnectionStream.IOAsyncResult.OnAsyncIOComplete(Object state)
System.ServiceModel.Channels.TracingConnection.TracingConnectionState.ExecuteCallback()
System.Net.Sockets.SocketAsyncEventArgs.OnCompleted(SocketAsyncEventArgs e)
System.Net.Sockets.SocketAsyncEventArgs.FinishOperationSuccess(SocketError socketError, Int32 bytesTransferred, SocketFlags flags)
System.Net.Sockets.SocketAsyncEventArgs.CompletionPortCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
我们的服务器配置如下所示:
<system.serviceModel>
<services>
<service name="ServerImpl.RACServiceImpl.RACService" behaviorConfiguration="BILLService.ServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="net.Tcp://localhost:8004" />
<add baseAddress="http://localhost:8006" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint address="BILLService" binding="netTcpBinding" bindingConfiguration="netTcpBindingConf" contract="ServerImpl.Rsp.ServiceInterfaces.IRACService">
<identity>
<dns value="RACServer" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<client>
<endpoint address="net.Tcp://localhost:8001/RMACService" behaviorConfiguration="ClientBehavior" binding="netTcpBinding" bindingConfiguration="netTcpBindingConf" contract="ServerImpl.Rsp.ServiceInterfaces.IRACService" name="IRACService">
<identity>
<dns value="RACServer" />
</identity>
</endpoint>
</client>
<behaviors>
<serviceBehaviors>
<behavior name="BILLService.ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="RACServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<clientCertificate>
<certificate findValue="RACClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
</clientCertificate>
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="40" maxConcurrentInstances="40" maxConcurrentSessions="40" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<clientCertificate findValue="RACClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="RACServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="netTcpBindingConf" closeTimeout="00:11:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="100" openTimeout="00:20:00">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:15:00" />
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" algorithmSuite="Default" />
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
这是我们的客户端配置:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcpBinding_RACService" closeTimeout="00:10:00" openTimeout="00:40:00" receiveTimeout="00:32:00" sendTimeout="00:10:00" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" />
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" algorithmSuite="Default" />
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
<wsHttpBinding>
<binding name="WSHttpBinding_IThirdPartyRACService" closeTimeout="00:59:00" openTimeout="00:59:00" receiveTimeout="00:59:00" sendTimeout="00:59:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="None">
<message clientCredentialType="None" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"></message>
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="net.Tcp://localhost:8004/AMACService" behaviorConfiguration="ClientBehavior" binding="netTcpBinding" bindingConfiguration="netTcpBinding_RACService" contract="ServerImpl.Rsp.ServiceInterfaces.IRACService" name="IRACService">
<identity>
<dns value="RACServer" />
</identity>
</endpoint>
<endpoint address="net.Tcp://localhost:8004/AMACService" behaviorConfiguration="ClientBehavior" binding="netTcpBinding" bindingConfiguration="netTcpBinding_RACService" contract="ServerImpl.Rsp.ServiceInterfaces.IRACService" name="IRACService1">
<identity>
<dns value="RACServer" />
</identity>
</endpoint>
<endpoint address="https://localhost/ThirdPartyWebService/ThirdPartyRACService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IThirdPartyRACService" contract="IThirdPartyRACService" name="WSHttpBinding_IThirdPartyRACService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<clientCertificate findValue="RACClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="RACServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
如果我们在两者客户端和服务器上将安全模式设置为“无”,那么它就能正常工作。
这里有什么不妥?
答案 0 :(得分:4)
事实证明导致问题的是当天发生的Windows更新(奇怪的巧合)。更新是kb3102467(又名.NET Framework 4.6.1) - 最终会在计算机上找到它。
事实证明,我们使用的SSL证书使用的是RSA / SHA512,这是我读过的,导致CPU使用率过高而且被禁用(这个问题有一个修补程序,我看到的注册表信息已添加,但在kb3102467之后它仍然发生了。)
作为一种解决方法(在我们发布新的SSL证书之前),我已按以下方式禁用了TLS 1.2:
解决了这个问题,无需卸载kb3102467
答案 1 :(得分:0)
我在Windows 10的localhost上测试此错误,并想与大家共享。
在客户端的App.Config中,我删除/注释了以下行:
<!--<identity>
<userPrincipalName value="AD\7329688" />
</identity>-->
现在可以正常工作