我在Windows Server 2008 R2 Standard上托管工作流服务。我正在通过在同一台服务器上运行的启用 Windows 服务/顶层的控制台应用程序访问它。问题是,我无法在本地(从同一服务器)访问端点,但可以从任何其他服务器(使用完全相同的服务帐户,相同的域)访问它。
我的客户端(Windows 服务)绑定如下所示:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BindingIBeginNewRequestAdded">
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://WorkFlowServerTest.corp.gdg/NewAccountRequestWorkflow.xamlx" binding="basicHttpBinding"
bindingConfiguration="BindingIBeginNewRequestAdded" contract="NewAccountRequest.IBeginNewRequestAdded" name="BindingIBeginNewRequestAdded"/>
</client>
</system.serviceModel>
工作流服务绑定如下所示:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="HTTPSBindingConfiguration">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="MEXHTTPSBindingConfiguration">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="HTTPSBehavior" name="NewAccountRequestWorkflow">
<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MEXHTTPSBindingConfiguration" contract="IMetadataExchange" />
<endpoint binding="basicHttpBinding" bindingConfiguration="HTTPSBindingConfiguration" name="SecureTransportNoCredentialsEndpoint6" contract="IBeginNewRequestAdded" />
</service>
</services>
C#/Windows 服务代码:
NewAccountRequest.BeginNewRequestAddedClient _ws = new NewAccountRequest.BeginNewRequestAddedClient();
_ws.BeginNewRequestAdded(_newRequest.RequestID);
错误:
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
at WinSvc.DailySales.NewAccountRequest.BeginNewRequestAddedClient.WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
at WinSvc.DailySales.Classes.DailySalesExceptionHandler.CallGPAccountSubmitService()
所以我知道这一点:https://support.microsoft.com/en-us/kb/896861
并且已经添加了 BackConnectionHostNames 的: WorkFlowServerTest.corp.gdg 到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0。
我已经尝试了绑定中客户端和服务器客户端凭据类型和安全模式设置的每种组合。失去。。。
答案是注册表设置:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames
。是不对的!
因此,我尝试将其指向我的WorkFlowServerTest.corp.gdg DNS。但是该DNS只不过是一个CName,它指向该服务器的FQDN之一。分辨率:
Ping 该别名记录/DNS 名称以获取 IP 地址。NS查找该 IP 以获取 FQDN。将注册表项设置为 FQDN 并修复它。固定!