locked
Error when trying to access WCF service on TCP connection over wireless RRS feed

  • Question

  • User-1690212949 posted

    Hello,

    I'm testing access to a WCF service currently on a test server from a deployed Windows Application.  When I connect to the TCP endpoint of the service using a desktop pc (with a hard-wired connection), I have no issue.  When I try to connect to that service from a Microsoft Surface (using the work's wireless connection), I'm getting the following error:

    System.ServiceModel.Security.SecurityNegotiationException:  The server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException:  The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception:  The login attempt failed.

    Does anyone know if any sort of special set up that would need to occur for the service when deployed on the server in order to accept requests from a wireless connection?

    Thanks!

    Monday, March 10, 2014 5:56 PM

Answers

  • User-1796506859 posted

    If for example using a Managed Windows Service and Net.TCP there are a few things required:

    Enable Net.TCP Port sharing

    Configure SMSvcHost to enable the service.  this will require the SID of the account the service is running under (I use special service accounts)

    Add an urlACL   (netsh command) for the service mex binding.  (I usually have an install and backout script for this one) as one as I then run installutil to install the service and "net start" to start the service.

    Unfortunately I dont have any links to relevant documentation for you, but there should be information available.  I have never tried using an anonymous service so I would not be able to tell you what to do to enable anyone to connect.

    -- your machine will be on the same domain if you login to the machine using a domain account.   So if you login using the format xyz\username  then xyz is the domain.  Also, right click the start menu and choose 'system'  the domain is listed under "computer name, domain and workgroup setting".

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 11, 2014 7:04 PM

All replies

  • User-1796506859 posted

    I think the answer to your question is that there is no difference as to how the client connects - a TCP connection is a TCP connection regardless of the phyical medium.

    Without knowing a little bit more about your setup, I would hazard a guess that the service on your test server is not setup to handle the credentials that the client is passing through.

    Is the client machine on the same domain as the test server and is the credential that the user logged in as the one that the test server is expecting?

    How is the service hosted? e.g. IIS or Managed windows service?

     

    Monday, March 10, 2014 10:32 PM
  • User-1690212949 posted

    Andy,

    When accessing a WCF service through a net.tcp endpoint, would I need to provide credentials of some sort?  When accessing services through a http endpoint, I don't need to provide any sort of credentials and I'm able to connect to them just fine.

    The service is hosted via IIS.

    I'm not for certain at this point if the client machine is considered on the "same domain" as the test server versus the Surface that is going through wireless.

    Tuesday, March 11, 2014 1:00 PM
  • User-1796506859 posted

    If for example using a Managed Windows Service and Net.TCP there are a few things required:

    Enable Net.TCP Port sharing

    Configure SMSvcHost to enable the service.  this will require the SID of the account the service is running under (I use special service accounts)

    Add an urlACL   (netsh command) for the service mex binding.  (I usually have an install and backout script for this one) as one as I then run installutil to install the service and "net start" to start the service.

    Unfortunately I dont have any links to relevant documentation for you, but there should be information available.  I have never tried using an anonymous service so I would not be able to tell you what to do to enable anyone to connect.

    -- your machine will be on the same domain if you login to the machine using a domain account.   So if you login using the format xyz\username  then xyz is the domain.  Also, right click the start menu and choose 'system'  the domain is listed under "computer name, domain and workgroup setting".

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 11, 2014 7:04 PM