I can only get this SDK sample of PeerChannel SecureChat to work in the following scenarios in a basic home network:
Locally among instances running on the same machine, or
Among Windows 7 machines
I cannot get this to work between my Windows Server 2008 R2 and any other machine (no exceptions are thrown, but the nodes never find each other and thus don't go "online"). I CAN ping the IPv6 addresses among all machines. The executable has a firewall exception rule, but I have also tried disabling the Windows 2008 firewall completely. The PRNP Service is running.
Is it possible to get it working? How?
Does it work on YOUR 2008 machine?
My best guess: I notice that in the Windows 7 machines, the "Peer Networking Grouping" and "Peer Networking Identity Manager" services are present. The "Peer Networking Grouping" service's description there and online talks specifically about enabling multi-party conversations, but related to Home Groups. This service is missing in the Windows Server machine.
So, I suspect the missing service as the reason that the SecureChat sample won't work on the Windows Server machine, but I don't understand why Microsoft would lock out Peer Channel from working on the Server product. Could this be the reason?
Thanks!
Try enabling these services on the server:
Peer Name Resolution Server (Install through Server Management)
Peer Discovery Server (Install through Server Management)
Simple Service Discovery Protocol Service (SSDP Service)
Then simply ensure that the Firewall Rules are modified; by default they block IPv4 / IPv6 Teredo Tunneling driver. IPv6 needs to be supported as it is required by PNRP.
Also you should be able to configure your service in two ways; through Internet Information Systems (IIS) or as a Windows Service. Your best bet will be to use IIS, you can find an article here on how to configure it: Hosting and Consuming WCF Service
Those are the few tips I can think of to get it running. Hope that helps.
This MSDN page mentions this subtle detail of Windows implementation of PNRP:
Any two clients running the same version of PNRP can locate each other
using this protocol...
Related
I have created a service (WCF) that acts as a backend for a DB. For now it does basic operations such as INSERT, SELECT etc. I have run it locally and now it is time to expose her to the internet and enter 'production'. Is there a best practice to doing so? Bear in mind this service will be hosted on a PC as a Windows Service (not IIS). This is the first time I am putting a Windows Service into production so I am hazy on the details but I think this is the main idea:
On the service: Check for 'rookie' errors such as SQL Injection. Set maximum message sizes to ones marginally higher than the largest message that should be transmitted by my service. Also upgrade self signed X.509 certificate to one issued by a CA. (Where does one store this certificate? Locally on the PC?)
On the PC: Fully patched software (OS etc) and windows firewall with a specific set of rules that allows traffic only on the ports being used (I suppose the safest way to do this is to use the windows tool Allow a program or feature through Windows Firewall ?). Furthermore an updated antivirus running.
On the Network: For the network router, port forward the respective ports being used (the base address is declared as http://localhost:8080 so I guess port 80 for HTTP and 443 for HTTPS? I am using message level Security.)
General precautions: Full message logging on the service to analyze traffic and potential attackers. Also run a Network intrusion detection system such as Snort so that I can sleep a bit better at night.
Am I missing anything obvious? Also should I be hosting in IIS, on security exchange someone said that I would be vulnerable to HTTP attacks if I did not put the code behind a web server. However I have not read this anywhere else
I am trying to configure Windows Service Bus (1.1) using Service Bus Configuration Wizard. I am getting below error when I try to configure it. Can anybody tell me what is the problem.
[Error] [5/9/2014 9:32:40 AM]: System.Management.Automation.CmdletInvocationException: Starting service Service Bus Gateway on machine USHP2-10-056A failed: Time out has expired and the operation has not been completed. ---> Microsoft.ServiceBus.Commands.Common.Exceptions.OperationFailedException: Starting service Service Bus Gateway on machine USHP2-10-056A failed: Time out has expired and the operation has not been completed. ---> System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
Please see below for Configuration Information of Service Bus
Management Database SQL Instance USHP2-10-056A\SQLSERVER2012SP1
Enable SSL connection with SQL Server instance False
Authentication Windows Authentication
Management Database Name SbManagementDB
Gateway Database SQL Instance USHP2-10-056A\SQLSERVER2012SP1
Enable SSL connection with SQL Server instance False
Authentication Windows Authentication
Gateway Database Name SbGatewayDatabase
Message Container SQL Instance USHP2-10-056A\SQLSERVER2012SP1
Enable SSL connection with SQL Server instance False
Authentication Windows Authentication
Message Container Database Name SBMessageContainer01
RunAs Account gopalac-c#HERBALIFECORP
RunAs Password *******
Certificate Generation Key ******* (Gopala123)
Farm Certificate Auto-generated
Encryption Certificate Auto-generated
HTTPS Port 9355
TCP Port 9354
Message Broker Port 9356
Resource Provider HTTPS Port 9359
Amqp Port 5672
Amqps Port 5671
Internal Communication Port Range 9000 - 9004
Enable firewall rules on this computer True
Administrators Group BUILTIN\Administrators
Registering container databases SBMessageContainer01 SBMessageContainer02
SBMessageContainer03
Creating Namespace ServiceBusDefaultNamespace
Management Portal Admin User adminUser
Management Portal Tenant User tenantUser
Look in \Windows\System32\drivers\etc and edit the hosts file - In my case I noticed that I had localhost defined more than once. Even though they were all set to 127.0.0.1 it still seems to have confused the Service Bus config.
I removed the duplicates and then it worked.
I lost 2 days on this.
My issue.
I had previously (months before) installed and was running RabbitMQ.
This guy gave me the hint:
http://www.khalidabuhakmeh.com/installing-windows-service-bus
Make sure you uninstall all previous versions of the Windows App Fabric on your development machine. Additionally, disable any
windows service that utilizes the AMQP protocol (RabbitMQ). If you do
not disable RabbitMQ then the Service Bus will not be able to start
up. Finally, make sure you have SQL Server Express 2012 installed.
In regards to SQL Server, make sure to enable TCP/IP protocol; this
can be done using the SQL Server Configuration Manager tool.
Once I stopped all RabbitMQ service, I was able to complete the installation.
Sidenote : I used a domain-account. I was connected to my domain-network while doing the install. I did not try with a local-account after I got my issue resolved.
========================================================
Other links I found along the way (besides this one).
http://developers.de/blogs/damir_dobric/archive/2012/09/18/servicebus-message-broker-service-is-starting-and-starting.aspx
https://github.com/matthewcanty/Microsoft.Cloud.Common.AzureStorage.FAKE.dll
http://curtisbadke.ca/blog/2015/10/18/fun-with-installing-service-bus-for-windows/
Things you’ll need to be aware of for local Service Bus installation:
If you are in a workgroup you must use local users, if you are in a domain you must use domain users. If you are on Windows 10 with an
AAD user your machine is probably in a workgroup. reference
If you have VS 2015, you need to install a fake Microsoft.Cloud.Common.AzureStorage assembly.
You must use Nuget package WindowsAzure.ServiceBus 2.1.4.0 or older.
You must address your Service Bus connections using your full machine name not a short name or something like localhost
Hopefully this saves someone hours of frustration
I got it working with the following procedure:
before install
(https://social.msdn.microsoft.com/Forums/en-US/688ada3c-bb95-488d-9ad0-aec297438e1c/problem-starting-message-broker-during-service-broker-configuration?forum=servbus)
Open configuration Wizard and select "Leave Farm"
Delete all the Service Bus related databases in SQL server
Uninstall Service Bus 1.0 and Windows Fabric
Remove the folder 'C:\ProgramData\Windows Fabric' if it exists
Remove the folders 'C:\Program Files\Service Bus' and 'C:\Program Files\Windows Fabric' if it exists
Reinstall the product:
Run "Microsoft.ServiceBus.ConfigWizard.exe" as admin (right-click 'run as admin')
Choose 'with custom settings'
Set the 'Internal communication port range' to any unused port (not the default 9000, which is often used)
I've got a working WCF service and a working Delphi client. On a normal PC, they work nicely. On a VM that's "Bridged" they work nicely if I log onto the domain (but not if I logon locally to the VM as administrator). If the VM is NATed, the connection attempt times out.
I would love to hear people's thoughts on what could be making such a difference to whether the client can successfully connect to the WCF service. Bear in mind I'm connecting with basicHttpBinding with no security.
The service is setup to use System Account (interact with desktop is NOT checked), and it starts automatically. The service URI doesn't change, the port is open, and can be telnet'd to in all scenarios.
Any ideas or pointers?
Within the VM, open Internet Explorer and verify that you can view the WSDL of the WCF service. If you can't, then your issue is connectivity and has nothing to do with your Delphi code.
Group Policies and Enterprise Security solutions that swap certificates or require certificates to be registered (we're using a UTM called CyberRoam) make a difference.
Also when Virtual Machines join a domain, their ComputerNames are added to a list maintained by the Domain Controller. When the same Virtual Machine is "moved" or "copied", its ComputerName should be changed to avoid DNS resolution issues.
I'm not claiming this as the definitive answer, however it does explain the issues I noticed in this instance.
Summary:
Does anybody know if there are known issues or configuration gotchas with an IIS service connecting to an Azure based service?
Scenario:
I currently have a scenario that requires me to host two web-services, one in Azure, and one on a server running IIS. The IIS hosted service (a WCF service) connects to the Azure hosted service (actually the Azure storage API) in order to fetch certain information. This information is manipulated and returned to the client.
Client -> IIS Service -> Azure Storage Service
Issue:
I'm running into issues with the IIS service connecting to the Azure Service. The hostname cannot be resolved. I'm using the Azure Storage client from my code, but have actually tried this using the azure API calls, and they also do not work from IIS. I captured the requests using Fiddler (on a different machine), they match the azure REST API calls, as expected. These requests, when made outside of IIS on the host machine execute properly. It is only when they are issued by the IIS service that they fail.
In my research other people have been running into this issue when there's a firewall problem, but since I can hit the service properly from the machine, that doesn't seem to fit the bill. My hunch is that there's a configuration issue I need to sort out in IIS, but I've failed to find anything useful with my searches.
Does anyone have any information on why this might be occuring (known bugs, gotchas etc)? Any workarounds? From a SOA perspective, this seems fairly critical to understand.
Any assitance anyone has would be helpful. Thank you.
Sounds like a proxy configuration issue. Check how your IIS server connected to Internet. If you are using some sort of proxy to get to Internet, that connection has to be configured correctly.
Specifically, if your proxy servers are Microsoft ISA server, or Microsoft Forefront TMG, then you need to check two things:
ISA server client or Forefront TMG client software is installed on the server
The account used by IIS application pool is domain user. ISA Server/TMG are designed to work only with user account, not service account. Alternative workaround for this limitation is using "defaultProxy" configuration in web.config, however it only wokrs for HTTP/HTTPS.
If you use different proxy server, then other issues might be involved, for example proxy might require authentication.
I need to remotely spawn WCF services on a remote machine from a client. I cannot use IIS (no HTTP) or WAS (no Windows Server 2008).
Was wondering if there's a way to do it apart from these hosting environments without having to create a service on the remote machine responsible for the spawning of other WCF services.
If a Windows Service host is the only way, can someone point me to a good article or book for an efficient architecture for doing this (including lifecycle management of spawned WCF services).
Thanks
Riko
If you cannot use IIS/WAS, then you're only option left is self-hosting.
You can host your WCF service in either a Windows (NT) Service, or a console app, or any other app you like to have.
The point though is: other than IIS/WAS which will load your service class as needed, when a request comes in and needs to be processed, in a self-hosting environment, you have to have your host app up and running - that's why a NT Service seems like the best choice at least for production environments, a service that can be run even if no one is logged on to the machine. Console or other apps require a user being logged on, and the app must be running.
Hope this helps a bit.
Marc
There is one additional option you can use on Server 2003 - hosting WCF services in COM+:
http://msdn.microsoft.com/en-us/library/bb735856.aspx
This is not as easy as hosting non-HTTP services in WAS on Server 2008, but provides a better supported monitoring and deployment model than hosting as an NT Service. Generally in my experience, though, most people I know have used NT services since is fairly straightforward to generate one in .NET, and then they perf counters or something similar to monitor them in production.