I have a problem in getting WCF Windows Service reads from un-authenticated public Queue in another server in another domain.
Both servers are Windows Server 2008 R2.
When i set the windows server running user as Network Service , i receive MQ_ERROR_ACCESS_DENIED (0xC00E0025). When i set the user of the windows service to Local System i receive a different error A security package specific error occurred (80070721)
Is there any configuration i'm missing at any of the 2 servers? I enabled DTC at both sides
If you are going cross domain you need to grant receive permissions on the queue to "Anonymous Logon"
Related
I've found a lot of articles on web deploy and why it might fail, but not any with answers with this error message.
Web deployment task failed. (Could not complete the request to remote agent URL https://myserver:8172/msdeploy.axd?site=mysite.)
Could not complete the request to remote agent URL https://myserver:8172/msdeploy.axd?site=mysitename. The request was aborted: The request was canceled. This method is not supported by this class.
I am trying to deploy an MVC4 website from Visual Studio 2013 Express to a Windows 2008 R2 Datacenter server with the Web Server role installed.
I followed this (and other installation guides) and can confirm the following:
Windows Server 2008 R2 Datacenter
Web Server role installed
Management Services is running
Accepting windows and IIS credentials
Server Administrator has permissions
Remote connections enabled (and service restarted)
SSL certificate is our real one, not the self-cert
My firewall is configured to allow this traffic
I am prompted for a username/password when accessing https://myserver:8172/msdeploy.axd
The website is running
Bound to all IPs on :80 and :443 (with same cert as deploy)
So for some reason, it didn't want the Windows Administrator account doing a deploy.
Created an IIS user in IIS Manager User
Changed the permission settings to Windows credentials or IIS manager credentials
Restarted Management Service
Added the newly created user to the website
it works!
I'm trying to test a migration of moving a BizTalk SQL Server from one server to another. Here are the details.
Currently it was all on a single server in a dev environment, BizTalk SQL, SSO and BizTalk runtime all on one server. It is a Windows 2008 R2 server with SQL Server 2008 R2.
What I want to do is split out the SSO Master secret server and BizTalk databases to a Windows Server 2012/SQL Server 2012 setup. So far I got SSO all setup on the new SQL server. I configured just the SSO portion on that server and all went well.
I then unconfigured the existing BizTalk Runtime and then went to configure again, using the new Windows/SQL Server/SSO in the configuration process.
All goes well up to the point where it tries to configure the BizTalk runtime. That being said all the database are created, SSODB, BizTalkMessageBoxDb, all of them. But when it goes to configure BizTalk Runtime, it hangs for a while and several of the following errors show up in both of the Server's logs:
Could not access the SSO database. If this condition persists, the SSO service will go offline.
Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding..
SQL Error code: 0xFFFFFFFE
It shows up in the SQL/SSO servers logs first, then the Runtime server a few seconds later. Eventually the configuration times out and fails. I believe it's permissions related, but I can't seem to figure out what it would be.
Questions:
what permissions do I need to review?
would the fact that the new server is Windows 2012/SQL 2012 while the runtime server is Windows 2008 be an issue?
is there any way I can get more details on this error?
Edit to add both DTCPing and DTCTester pass with flying colours and I can connect to SQL via SSMS from the server. Firewall has been completely disabled for now in order to eliminate that as well.
How were your service accounts configured in the first environment? Typically a single DEV environment with everything on one box can be done by using a local account on that server. If you now split out your SSO onto another server (it doesn't matter if it's W2K12 instead of W2K8), you are going to have to switch your service account(s) and groups for BizTalk to Domain accounts.
In a multicomputer environment, BizTalk Server supports only domain groups and domain service accounts. Domain groups include Domain Local groups (not recommended), Global groups, and Universal groups. Built-in accounts such as NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\SERVICE, NT AUTHORITY\SYSTEM, and Everyone are not supported if you want to configure BTS in a multicomputer environment.
Make sure your SSO is running as a domain account, and a member of an SSO Administrators domain group - and ensure this domain account/group combo is configured for the SSO system on the SQL server (instead of local accounts):
After that the SSO system you join from the BizTalk Server before configuring the runtime on BizTalk Server usually needs to be configured with the same domain service account for SSO:
I have a WCF service which is hosted in Windows Service and windows service is running with "Local System Account". Service is trying to download a file from SharePoint server and failed with error:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.WebClient.DownloadFile(Uri address, String fileName)
at System.Net.WebClient.DownloadFile(String address, String fileName)
Similar setup is working in another machine and service is able to communicate with Sharepoint site but not in my server. I have tried this setup in another machine but same error except one machine.
What kind of permissions are required to communicate with SharePoint? Also, how can I check what are the credential passed during request?
If certificates are involved here, see if this is a certificate issue. Use the MMC snap-in and compare the certs on the working and non-working machines.
I am trying to host a WCF service in IIS 6.0 on server 2003. And when I
browse to the server I get the following error.
SecurityException: Request for the permission of type
'System.Net.DnsPermission
Is this related to the permissions granted to the user account the app
pool is running under or some other problem, and how do I fix this.
This might be related to the settings for local Intranet. I am assuming that you are browsing from your PC to the server. Try this:
Connect to the server via Remote desktop (or just use the server console), then browse the service and see if you get the same error.
If you do not get an error:
On your PC add the address of the server to local intranett, then try and browse the service again.
Good luck
Shiraz
To answer the replies.
Yes that was the entire error message Terry. It didn't appear to be a WCF issue but a security configuration problem on the web server that wasn't allowing DNS Permission as required by WCF.
The problem was resolved by uninstalling SharePoint services on that server where the WCF service was being hosted. Not sure still, why SharePoint would change the security permissions.
I'm trying to connect to a remote SQL Server 2005 db from a .NET Windows service running in Vista Home Premium x64. I can access the remote db from a console app with no problem. I can connect to a local db from the Windows service with no problem. I was able to connect from a service from XP with no problem. There's no firewall or anti-virus running. How do I configure this service to be able to connect to the remote db?
I've tried to connect by running the Windows service as a local admin account, LocalSystem, LocalService, and NetworkService.
The connection string:
Data source=SERVER_NAME;Initial Catalog=DB_NAME;Integrated Security=True;
The error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
MORE INFO:
I have also tried to connect using SQL Server authentication with no success:
Data Source=SERVER_NAME;User ID=USER_ID;Password=PWD;Initial Catalog=DB_NAME
This connection string works from the console app too.
MORE INFO:
I ran Process Monitor for the Windows Service and the console app. The Windows service showed \SERVER_NAME\pipe\sql\query was ACCESS DENIED but the console app showed SUCCESS when reading/writing files to \SERVER_NAME\pipe\sql\query.
Good Lord! Why all the gibberish and complex responses on this site. Create a User Account
Either local or Domain and set the service to use that account. Then go into your SQL Server and Add you new account to the Database and set permissions. Voila!
Oh yeah, dont plague yourself with SQL Authentication. Integrated Security is much easier to maintain and without a password in your web.config your much safer.
1) open a command prompt. Type "ping SERVER_NAME". Does it respond? You may have a DNS or connectivity issue if this doesn't work.
2) "telnet SERVER_NAME 1443". Do you see anything or does it refuse your connection? This will definitively tell you whether or not someone is listening on the other end.
3) Go into SQL Server Management Studio. Right click Properties of your server. Select "Connections" from the left side. Is "Allow Remote Connections" checked?
4) Since you're running using network service/system, you will need to make sure you have a login configured on your server for the machine account DOMAIN\CLIENTSYSTEMNAME$. Note the $ sign. This is your machine account, and this will be the user that SQL Server will see.