由于我们的WCF服务导致Windows事件日志中出现大量审核失败事件(4652)。
问题
有谁知道我们为什么会收到这些审核日志条目, 如何在不删除证书的情况下阻止它们发生 我们的终点安全吗?
任何帮助非常赞赏!
尝试的事情
背景
当Service2调用Service1时,我们会收到两个失败的审核条目 进入Windows安全事件记录每次调用。但是,呼叫成功 没有任何问题,数据成功返回。
仅当绑定在WCF绑定配置中的安全元素下使用'clientCredentialType =“Certificate”'时才会出现问题
事件日志条目1
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: COMPUTERNAME$
Account Domain: DOMAINNAME
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x21c
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: COMPUTERNAME
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
事件日志条目2
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC000006D
Sub Status: 0x80090325
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Microsoft Unified Security Protocol Provider
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Service1和Service2绑定配置
<netTcpBinding>
<binding name="Service1Binding"
maxBufferPoolSize="0"
maxReceivedMessageSize="2147483647"
transactionFlow="true"
portSharingEnabled="true"
transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxStringContentLength="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
Service1行为配置
<behavior name="Service1Behavior">
<serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" maxConcurrentCalls="2147483647" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
<peer>
<peerAuthentication certificateValidationMode="PeerTrust" />
<certificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
</peer>
</serviceCredentials>
</behavior>
Service2行为配置
<behavior name="Service2Behavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName"
x509FindType="FindBySubjectDistinguishedName"
storeLocation="LocalMachine"
storeName="Root"/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
</serviceCredentials>
</behavior>