locked
How to Turn off Security in AppFabric beta caching? RRS feed

  • Question

  • In reference to this error:

    Microsoft.Data.Caching.DataCacheException: ErrorCode<ERRCA0022>:SubStatus<ES0006>:There is a temporary failure, please retry after some time. (One or more specified cache servers are unavailable, which could be caused by busy network or servers. Please ensure security permission has been granted for this client account on cluster and ensure that cache service is allowed through firewall on all cache hosts. Retry later)

    Is there any way to disable security so that we do not have to add usernames or machine names to gain access to the distributed cache? We do not currently run our web teir in a domain and do not plan to.

    What are your suggestions for being able to dynamically scale the web tier and not have to manually grant access for each new machine?

    Thanks,
    -Joe
    woot.com


    Thursday, January 7, 2010 11:49 PM

Answers

  • To turn off the security:


    For the cluster:

    1.      Export the cluster config file with export-cacheclusterconfig

    2.      Add the red line below.

    <?xml version="1.0" encoding="utf-8"?>

    xxxxxxxxx

            <advancedProperties>

                <partitionStoreConnectionSettings providerName="System.Data.SqlClient"

                    connectionString="Data Source=BTSWA09-2;Initial Catalog=DistributedCache;Integrated Security=True"

                    leadHostManagement="false" />

                <securityProperties mode="None" protectionLevel="None" />

         <advancedProperties>

    xxxxxxxx

    3.      Import the new cluster config with import-cacheclusterconfig

    4.      Start the cluster.

     

    For your client application
    U
    se this constructor to signal no security

    DataCacheFactory fac = new DataCacheFactory(eps, true, true,100,DataCacheLocalCacheSyncPolicy.TimeoutBased,10000,200,new DataCacheSecurity(DataCacheSecurityMode.None,DataCacheProtectionLevel.None));

    • Marked as answer by joe-freeman Thursday, January 14, 2010 6:23 PM
    Friday, January 8, 2010 9:59 PM

All replies

  • Adding the following tag to the cluster.config will disable the security

    <advancedProperties>
                <securityProperties mode="None" protectionLevel="None" />
    </advancedProperties>


    Add the tag to the cluster config file at the location shown in the file below:


    Cluster Config:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
        <configSections>
            <section name="dataCache" type="Microsoft.ApplicationServer.Caching.DataCacheSection, Microsoft.ApplicationServer.Caching.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=63118e5b4b42c36a" />
        </configSections>
        <dataCache size="Small">
            <caches>
                <cache type="partitioned" consistency="strong" name="default">
                    <policy>
                        <eviction type="lru" />
                        <expiration defaultTTL="1000" isExpirable="true" />
                    </policy>
                </cache>
            </caches>
            <hosts>
                <host replicationPort="22236" arbitratorPort="22235" clusterPort="22234"
                    hostId="1802629267" size="4055" leadHost="true" account="fareast.corp.microsoft.com\imdbperf58$"
                    cacheHostName="DistributedCacheService" name="imdbperf58"
                    cachePort="22233" />
                <host replicationPort="22236" arbitratorPort="22235" clusterPort="22234"
                    hostId="1390505374" size="4055" leadHost="false" account="fareast.corp.microsoft.com\imdbperf59$"
                    cacheHostName="DistributedCacheService" name="imdbperf59"
                    cachePort="22233" />
                <host replicationPort="22236" arbitratorPort="22235" clusterPort="22234"
                    hostId="7388354" size="4055" leadHost="false" account="fareast.corp.microsoft.com\imdbperf60$"
                    cacheHostName="DistributedCacheService" name="imdbperf60"
                    cachePort="22233" />
            </hosts>
            <advancedProperties>
                <securityProperties mode="None" protectionLevel="None" />
            </advancedProperties>

        </dataCache>
    </configuration>



    Anshul Rastogi
    Friday, January 8, 2010 7:29 AM
  • And if SQL Express is used for the config?
    Friday, January 8, 2010 3:38 PM
  • Hrm, still no luck. Is there any log files or way I can check the reason why I am still getting the error: "

    ErrorCode<ERRCA0022>:SubStatus<ES0006>:There is a temporary failure, please retry after some time"


    We use the Amazon EC2 network. CTP3 works fine, still can't get CTP4 (AppFabric beta) working in an environment without a domain.

    I tried adding the advancedProperties setting, restarted the cache service, double-checked that windows firewall was completely turned off, etc...

    I believe it is not a TCP/Firewall issue, because when I try to connect to the CTP4 cache with the CTP3 client, I get this error:

    ----------------------------------

    ErrorCode<ERRCA0024>:CacheAPIGetCache: Check the client's version. It should be equal to the server version. Else upgrade the client to the server version.

    ----------------------------------


    Which seems to imply that the Cache server is available.

    Are you sure the advancedProperties XML config works?

    here is my cache config:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
        <configSections>
            <section name="dataCache" type="Microsoft.Data.Caching.DataCacheSection, CacheBaseLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        </configSections>
        <dataCache size="Small">
            <caches>
                <cache type="partitioned" consistency="strong" name="default">
                    <policy>
                        <eviction type="lru" />
                        <expiration defaultTTL="10" isExpirable="true" />
                    </policy>
                </cache>
            </caches>
            <hosts>
                <host replicationPort="22236" arbitratorPort="22235" clusterPort="22234"
                    hostId="1732137115" size="3840" leadHost="true" account="\MACHINENAME$"
                    name="MACHINENAME" cacheHostName="DistributedCacheService"
                    cachePort="22233" />
            </hosts>
            <advancedProperties>
                <securityProperties mode="None" protectionLevel="None" />
            </advancedProperties>
        </dataCache>
    </configuration>


    Friday, January 8, 2010 5:36 PM
  • Maybe it is because I am not running it on a R2 machine, but on a SP2 machine?

    is there significant code differences between:
    AseSetup_amd64_6.0.exe
    and
    AseSetup_amd64_6.1.exe
    ?

    Thanks,
    -Joe Freeman
    Friday, January 8, 2010 7:04 PM
  • Having the same error but with some caveats.  Client is setup on an XP box running 2008 and it's an asp.net app hosted under IIS 5.  It will fail with the same error above if I do not change my machine.config's processModel to a valid user

    <processModel enable="true"  autoConfig="true" userName="username" password="password"  />

    If I do this it will work.  However this will also fail

        <processModel enable="true"  autoConfig="true" userName="System" password="AutoGenerate"  />

    I would expect this to work (as well as not modifying and letting asp.net run under ASPNET) with the following added to the caching servers xml config

        <advancedProperties>
                <securityProperties mode="None" protectionLevel="None" />
        </advancedProperties>

    It would be nice to have someone fully explain the security model used by velocity at this point.  I looked for docs covering it and found nothing.  I tried specifically adding thing like "*" etc to the clusterconfig as well to no avail.  The weird thing is why should it work with my windows user account when I never told the host server anything about that user (never added it to the security options under advancedproperties) yet prevent ASPNET etc.

    Thanks in advance.

    Jason





    Friday, January 8, 2010 9:05 PM
  • To turn off the security:


    For the cluster:

    1.      Export the cluster config file with export-cacheclusterconfig

    2.      Add the red line below.

    <?xml version="1.0" encoding="utf-8"?>

    xxxxxxxxx

            <advancedProperties>

                <partitionStoreConnectionSettings providerName="System.Data.SqlClient"

                    connectionString="Data Source=BTSWA09-2;Initial Catalog=DistributedCache;Integrated Security=True"

                    leadHostManagement="false" />

                <securityProperties mode="None" protectionLevel="None" />

         <advancedProperties>

    xxxxxxxx

    3.      Import the new cluster config with import-cacheclusterconfig

    4.      Start the cluster.

     

    For your client application
    U
    se this constructor to signal no security

    DataCacheFactory fac = new DataCacheFactory(eps, true, true,100,DataCacheLocalCacheSyncPolicy.TimeoutBased,10000,200,new DataCacheSecurity(DataCacheSecurityMode.None,DataCacheProtectionLevel.None));

    • Marked as answer by joe-freeman Thursday, January 14, 2010 6:23 PM
    Friday, January 8, 2010 9:59 PM
  • Thanks Gan,

    I have tested this and it seems to work.

    A couple questions:

    1) If the eps array only contains one cache server endpoint, I am assuming the cache client will still find and use the rest of the servers in the cluster?

    2) Is there any way to do this in config?  Our cache initialization code used to be very simple: 
    var cache = new DataCacheFactory().GetCache("default");

    now it is more complex:
                DataCacheServerEndpoint[] servers = new DataCacheServerEndpoint[1];
                servers[0] = new DataCacheServerEndpoint(ConfigurationManager.AppSettings["DistributedCacheHost"], 22233, "DistributedCacheService");
                var cacheFactory =  new DataCacheFactory(servers, true, true, 100, DataCacheLocalCacheSyncPolicy.TimeoutBased, 10000, 200, new DataCacheSecurity(DataCacheSecurityMode.None, DataCacheProtectionLevel.None));
                var cache = cacheFactory.GetCache("default");

    Thanks,
    -Joe


    Monday, January 11, 2010 8:15 PM
  •  

    Joe,

    Yes, the client will use other servers in the cluster as well.

    If you want to use configuration method, you can use one like this.

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <configSections>
        <section name="dataCacheClient" type="Microsoft.Data.Caching.DataCacheClientSection, CacheBaseLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </configSections>
      <dataCacheClient deployment="simple">
        <hosts>
          <host name="localhost" cachePort="22233"   cacheHostName="DistributedCacheService" />
        </hosts>
      
          <securityProperties mode="None" protectionLevel="None" />
       
      </dataCacheClient>
      <runtime>
        <gcServer enabled="true" />
      </runtime>
    
    </configuration>
    Monday, January 11, 2010 10:58 PM
  • No need to add the client code - only configuration setting works in the cluster config file. Why do we need to do this, is it a security risk
    Friday, March 12, 2010 11:26 AM