我正在Windows Server 2008 R2 Standard上托管工作流服务。我通过在同一服务器上运行的Windows服务/ topshelf启用的控制台应用程序访问它。问题是,我无法在本地(来自同一服务器)访问端点,但可以从任何其他服务器访问它(使用完全相同的服务帐户,相同的域)。
我的客户端(Windows服务)绑定如下所示:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BindingIBeginNewRequestAdded">
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://WorkFlowServerTest.corp.gdg/NewAccountRequestWorkflow.xamlx" binding="basicHttpBinding"
bindingConfiguration="BindingIBeginNewRequestAdded" contract="NewAccountRequest.IBeginNewRequestAdded" name="BindingIBeginNewRequestAdded"/>
</client>
</system.serviceModel>
WorkFlow服务绑定如下所示:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="HTTPSBindingConfiguration">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="MEXHTTPSBindingConfiguration">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="HTTPSBehavior" name="NewAccountRequestWorkflow">
<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MEXHTTPSBindingConfiguration" contract="IMetadataExchange" />
<endpoint binding="basicHttpBinding" bindingConfiguration="HTTPSBindingConfiguration" name="SecureTransportNoCredentialsEndpoint6" contract="IBeginNewRequestAdded" />
</service>
</services>
C#/ Windows服务代码:
NewAccountRequest.BeginNewRequestAddedClient _ws = new NewAccountRequest.BeginNewRequestAddedClient();
_ws.BeginNewRequestAdded(_newRequest.RequestID);
错误:
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
at WinSvc.DailySales.NewAccountRequest.BeginNewRequestAddedClient.WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
at WinSvc.DailySales.Classes.DailySalesExceptionHandler.CallGPAccountSubmitService()
所以我意识到了这一点:https://support.microsoft.com/en-us/kb/896861
并且已经将BackConnectionHostNames:WorkFlowServerTest.corp.gdg添加到HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa \ MSV1_0。
我已尝试绑定中的客户端和服务器clientCredentialType和安全模式设置的每种组合。丢失...
答案 0 :(得分:0)
答案是注册表设置:HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa \ MSV1_0 \ BackConnectionHostNames
......不正确!
所以,我试着将它指向我的WorkFlowServerTest.corp.gdg DNS。但是,DNS只不过是指向该服务器的FQDN之一的CName。分辨率:
Ping该CNAME / DNS名称以获取IP地址。 NSLOOKUP即IP获取FQDN。将注册表项设置为FQDN并进行修复。固定!