Secured Net.TCP communication issue: SChannel Error 0x8009030D internal Error State 10001 RRS feed

  • Question

  • Environment: Windows Server 2016/IIS 10

    .Net Framework 4.7.1

    We have a Web Application which uses net.tcp to send notifications to a windows service (same box).  We encrypt the communication with transport mode security, using certificates.  Certificates are identified in the config files with a thumbprint.

    We are trying to get the App Pool and the Windows Service to run as a non-privileged user in hopes of leveraging managed service accounts.  Ideally we would like the user to be members of only the following groups: Domain Users, Performance Monitor Users.  

    Currently to get the solution to work correctly we still need to make the user a member of the local Administrator group.  If we don't add the user to the administrators we get the following errors:

    Event Viewer:
    A fatal error occurred when attempting to access the TLS server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.

    WCF Client Side Trace: 
    The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:10:00'.

    Wednesday, July 24, 2019 10:24 PM


All replies