none
Dynamic File Adapter - Network Access Rights for BizTalk Host Service Account RRS feed

  • General discussion

  • Hi 

    I have a task to process a file and generate Good file out of input file.

    The good file generated then need to be sent to a network location,  with a username and password.

    Based on content of file, I pick associated File location, Username and Password to populate dynamic file adapter settings from a table of network paths, usernames and passwords.

    Every thing was working great till one day we got this issue.

    Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.


    Now this worked out fine with multiple files in UAT environment. so a network guy investigated the logs of PRD network drive and said that your BizTalk Host Service Account was trying to get access to shared drive where as you should use the username and password provided. (Which I am picking up from SQL)

    Event Type:        Failure Audit

    Event Source:    Security

    Event Category:                Account Logon

    Event ID:              681

    Date:                     09/05/2013

    Time:                     14:50:38

    User:                     NT AUTHORITY\SYSTEM

    Computer:          ENET-PPA-S3440

    Description:

    The logon to account: My Host Service Account

    by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

    from workstation: My Server

    failed. The error code was: 3221225572

    Logon Failure:

                   Reason:                                Unknown user name or bad password

                   User Name:       My Host Service Account

                   Domain:                             MyDomain

                   Logon Type:       3

                   Logon Process:  NtLmSsp

                    Authentication Package:               NTLM

                   Workstation Name:       My Server

    They don't want to give access to BizTalk Host Service Account.

    May I ask a lame question, why BizTalk Host Service Account need access to shared location ? 

    Isn't the username and password that we have provided enough to do file processing ?

    Another interesting thing is that the First connection is always successful but remaining are not.

    For example, If I drop 3 files which generate 3 good files on 3 folders in same network shared drive, it works fine for first file but not for other two and fails.

    Cheers

    Bharat


    Thursday, May 9, 2013 4:00 PM

All replies

  • To be clear, this is a Windows restriction and is not directly related to anything BizTalk is doing.

    Make sure all the Send ports are configured the same, meaning the same credentials.  If they're different, you wouldn't be able to make simultaneous connections.

    However, integrated security is preferred approach.

    Thursday, May 9, 2013 9:26 PM
  • Thanks for reply boatseller

    Its single dynamic port and for a specific network drive it has single credentials.

    The only thing different is the different sub folders in same drive.

    Do you know why BizTalk Host Service Account need access to shared location ?

    Thanks again

    Thursday, May 9, 2013 11:06 PM
  • You've checked that there are not static ports, Send or Receive, pointing to the server (anywhere on that particular server, not just that share).

    Friday, May 10, 2013 1:28 PM
  • Nope we only have dynamic port.

    Interestingly it worked for me when I restarted the DNS Client service.

    Dont know if its a temp fix......

    I still don't know why BizTalk Host Service Account needed access to shared location ?

    Friday, May 10, 2013 2:27 PM
  • Ok 

    I guess I have got a solution as we don't have any more access issues.

    Solution.

    These are the step to make it work

    1) Replaced Server name by their IP address

    So for example if the path is \\myserver\myfolder\  I replaced it with \\192.168.0.1\\myfolder\

    2) Restarted the DNS Client service in the Biztalk Node\Nodes.

    Now most important, the inferred answer for my question 

    I still don't know why BizTalk Host Service Account needed access to shared location ?

    So my guess is that if we use a static port, File adapter by default will try to use the BizTalk Host Service Account. if the host does not have access, we can set these properties to make it work.

    File Transport Properties

    In my case I am using a dynamic port, so I guess this property is enabled by default.

    This can be the reason why my Network administrator was telling me that he is getting log in failure for BizTalk Host Service Account.

    Please feel free to correct me for my conclusion if I am wrong :)

    Cheers

    Bharat


    Monday, May 13, 2013 12:20 PM