my goal is to secure the communication between MSMQ Queue Managers – I don’t want unknown clients sending messages to my MSMQ server.
I have spent many hours now trying to get Transport security working for the net.msmq binding in WCF, where MSMQ is in Workgroup mode and the client and server do not have Active Directory… so I’m using certificates. I have created a new X.509 certificate, called Kristan and put it into the “Trusted people” store on the server and into the My store of Current User of the client.
The error I’m getting is:
An error occurred while sending to the queue: Unrecognized error -1072824272 (0xc00e0030).Ensure that MSMQ is installed and running. If you are sending to a local queue, ensure the queue exists with the required access mode and authorization.
Using smartsniff, I see that there’s no attempted connection with the remote MSMQ, however, it’s an error probably coming from the local queue manager. The stack trace is:
at System.ServiceModel.Channels.MsmqOutputChannel.OnSend(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.OutputChannel.Send(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.OutputChannelBinder.Send(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
The code:-
EndpointAddress endpointAddress = new EndpointAddress(new Uri(endPointAddress));
NetMsmqBinding clientBinding = new NetMsmqBinding();
clientBinding.Security.Mode = NetMsmqSecurityMode.Transport;
clientBinding.Security.Transport.MsmqAuthenticationMode = MsmqAuthenticationMode.Certificate;
clientBinding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
clientBinding.ExactlyOnce = false;
clientBinding.UseActiveDirectory = false;
// start new
var channelFactory = new ChannelFactory<IAsyncImportApi>(clientBinding, endpointAddress);
channelFactory.Credentials.ClientCertificate.SetCertificate("CN=Kristan",
StoreLocation.CurrentUser,
StoreName.My);
The queue is flagged as ‘Authenticated’ on the server. I have checked the effect of this and if I turn off all security in the client send, then I get ‘Signature is invalid’ – which is understandable and shows that it’s definitely looking for a sig.
Are there are special ports that I need to check are open for cert-based msmq auth?
Have a look at http://www.controlsystemworks.com/articles/CertificateSecurityForWcfOverMsmq.html
I think you need to set-up both client and server cerificates.
I have the same problem and could not figure this out. However, I get slightly different error message 0xc00e002c but situation is the same - trying to use Transport security with Certificate but it simply does not work. If I use the same certificate for message security it works fine.
By the way - if i impersonate ASPNET process to run as current user (which has more rights) everything works as expected (no errors). I have also found certificate file and added the same all possible permissions to ASPNET account but that does not help either.
Related
I have one WCF service in which I have some methods. One method name is KilProcess(), which kills the Windows process created and it contains the code
public void KilProcess()
{
Process.GetCurrentProcess().Kill();
}
It's working in my machine but in client machine (high config machine) this WCF service is getting stopped and throwing the exception
2016-09-15 16:08:11,789 INFO [stdout] (default task-120)
1473948491783 SystemLog 1473948491078 ScriptEngine-There was no
endpoint listening at net.pipe://localhost/MyService that could accept
the message. This is often caused by an incorrect address or SOAP
action. See InnerException, if present, for more details. Server
stack trace: at
System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri
uri, IPipeTransportFactorySettings transportFactorySettings) at
System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress
address, Uri via) at
System.ServiceModel.Channels.CommunicationPool`2.TakeConnection(EndpointAddress
address, Uri via, TimeSpan timeout, TKey& key) at
System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan
timeout) at
System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan
timeout) at
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout) at
System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout) at
System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel
channel, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan
timeout, CallOnceManager cascade) at
System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at
Myprod.TestFacade.Interface.IScriptProcess.UnregisterProcess(Int32
ProcessId, String taskId) at Program.KillProcess()..
Can anyone have any idea why it is (WCF service) stopping ?
First, you have to know that net.pipes are for interprocess communication only (2 process on the same machine).
You also have to tell us more details about what you are trying to do. In your explications, it looks like you are using two different machines, right?
Then net.tcp insteed of pipe is what you are looking for (https://msdn.microsoft.com/en-us/library/ff649818.aspx)
But if it's not the case, try to give us more details, the context and your WCF configuration files is a good start.
You didn't give a lot details about your code or client/server setup, so my answer will be kind of general. If it's running fine on your machine but not on a client machine, here a couple of things you can check:
Named pipes is a method for accomplishing Inter-Process
Communication (IPC), where (at least for WCF) your named pipes server (in
this case, your WCF service) must be on the same machine as your client. As a side
note though, Named Pipes can be used to communicate between computers across a
network, but this is not the case for WCF's implementation of Named
Pipes, where the server and client must be confined to the same
machine.
You can use Process Explorer
(https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx)
to troubleshoot and make sure the named pipe server endpoint is alive.
Just go to Find->Find handle or dll and search using the name of your named pipe. The tricky part with this is
that the actual named pipe name is actually a guid generated by
Windows. Check out this interesting article to find out how to get the actual name of your pipe:
https://blogs.msdn.microsoft.com/rodneyviana/2011/03/22/named-pipes-in-wcf-are-named-but-not-by-you-and-how-to-find-the-actual-windows-object-name/
Is your server and client running on different security contexts?
Check out Chris Dickson's answer to this SO question:
Named pipe not found when using WCF netNamedPipeBinding. He gives on explanation on why a client might fail to find the named pipe if it's running in a different context.
I was developing a project with a WCF REST and TCP(inter-role) endpoint on Windows 7. I just upgraded to Windows 8 and now I have serious problems with it.
First of all, when I deploy my project to azure I get these warnings:
Windows Azure Tools: Warning: Remapping private port 80 to 81 in role 'OfisimCRM.WebClient' to avoid conflict during emulation.
Windows Azure Tools: Warning: Remapping private port 443 to 446 in role 'OfisimCRM.WebClient' to avoid conflict during emulation.
Skype is disabled and it is not the issue.
this is not so important but the important thing is I'm getting more serious errors from my interrole communication requests although I disabled firewall completely. Here it is:
Could not connect to net.tcp://127.255.0.0:22000/NotifyService. The connection attempt lasted for a time span of 00:00:01.1820716. TCP error code 10061: No connection could be made because the target machine actively refused it 127.255.0.0:22000. -
Server stack trace:
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
TCP client code:
public static LicenseItem CheckLicense(int userID)
{
// This instance does not exist in memory cache. Check if other servers in the same web role know anything about this instance.
var webRoles = RoleEnvironment.Roles["OfisimCRM.WebClient"];
var myID = RoleEnvironment.CurrentRoleInstance.Id;
LicenseItem remoteValue = null;
foreach (var targetInstance in webRoles.Instances)
{
// I am currently going through a loop of instances. Check if the current enumaration shows my address.
if (targetInstance.Id == myID)
{
// Skip.
}
else
{
// This is a neighbour instance. Check to see if it knows about the instance I'm looking for.
NetTcpBinding binding = new NetTcpBinding(SecurityMode.None);
EndpointAddress targetAddress = new EndpointAddress(
String.Format("net.tcp://{0}/NotifyService", targetInstance.InstanceEndpoints["NotificationServiceEndPoint"].IPEndpoint)
);
ChannelFactory<INotifyService> channelFactory = new ChannelFactory<INotifyService>(binding, targetAddress);
INotifyService targetClient = channelFactory.CreateChannel();
try
{
remoteValue = targetClient.CheckLicense(userID);
if (channelFactory.State != System.ServiceModel.CommunicationState.Faulted)
{
channelFactory.Close();
}
}
catch (TimeoutException timeoutException)
{
Trace.TraceError("Unable to check license on web role instance '{0}'. The service operation timed out. {1}", myID, timeoutException.Message);
((ICommunicationObject)targetClient).Abort();
}
catch (CommunicationException communicationException)
{
Trace.TraceError("Unable to check instance on web role instance '{0}'. There was a communication problem. {1} - {2}", myID, communicationException.Message, communicationException.StackTrace);
((ICommunicationObject)targetClient).Abort();
}
}
}
return remoteValue;
}
Edit 1: Important Update:
I think the problem is about the second instance. I did a debug and I saw the connection refused only by this stopped instance. I think this explains everything but I don't know why it is happening.
Edit 2: Temprorary Solution:
I noticed that is not an issue about Windows 8 because I was upgraded Azure SDK June 2012 SP1 to Fall 2012. I downloaded the not upgraded version of my project from TFS than I saw it's working. In conclusion, its the Azure SDK but I don't know why.
Remapping port numbers is not symptom for issues at all. It is normal behavior and has always been.
While doing/configuring your Windows 8 Dev Box, did you install the "Windows Features" WCF Activation:
Another way to test whether your Service is actually up and running is to:
Make sure you have the endpoint by launching the Compute Emulator and expecting the local deployment
telnet on the provided IP and port number to see whether a connection can actually be established
Verify endpoints UI:
Well, this will show you the Input endpoints. And from what I see you are using Internal Endpoints. Just for the sake of trial, try changing them to Input to see whether there will be some change in behavior.
But first check out that you have installed the WCF Activation.
I always get this issue when I forget to unbind the default web site in IIS (full IIS) on my dev box. Did you remember to do that? By default, your local IIS will bind http to port 80 on the 'Default Web Site'. If you edit that binding (using inetmgr) to another port, then the emulator can grab 80.
I have requirements to configure IIS 6 to host a WCF service targeting .NET Framework 4.0 using a custom identity for the worker process. The identity is a highly restricted domain account that is used to identify and manage the permissions for an entire ecosystem of services that interact in the same business process.
I have run aspnet_regiis.exe with the -ga flag to grant this identity permissions to the relevant ASP.NET locations on the server environment and add it to the IIS_WPG group. For the most part, things seem to work relatively well... except for the auto-generated WSDL specification's includes. Accessing the top-level WSDL spec works fine (i.e. path.to/MyService.svc?wsdl), but IIS 6 is resetting the connection before returning the response for the WSDL's includes (i.e. path.to/MyService.svc?xsd=xsd0, etc). This happens both when accessed via loopback on the server and through the public IP. It does not happen when reconfiguring the app pool to run under the default Network Service account.
I haven't found any documentation for this particular problem, but it's not the first time I've had difficulty with certain bits of the .NET Framework not quite working correctly when the IIS 6 worker process is running under a custom domain identity. I haven't configured any special privileges in the Local Security Policy for this account, other than the pre-configured permission for members of IIS_WPG to log on as a batch job. What might I be missing to get the worker functioning correctly?
EDIT:
The Event Viewer contains no errors and IIS logs show the server responding with 200 OK to the request, but the full status value is 200 0 64, indicating a Win32 status code of 64.
The dump I receive on that error from net helpmsg 64 is as follows:
The specified network name is no longer available.
Responses from various entities are below:
Chrome: Error 101 (net::ERR_CONNECTION_RESET): The connection was reset
Firefox: The connection to the server was reset while the page was loading
Eclipse/Java: java.net.SocketException: Connection reset
EDIT:
Service logging (provided by BNL) produced the following exception dump:
System.InvalidOperationException: Unable to generate a temporary class
(result=1). error CS2001: Source file 'C:\WINDOWS\TEMP\vxmgwmnl.0.cs'
could not be found. error CS2008: No inputs specified.
at System.Xml.Serialization.Compiler.Compile(Assembly parent, String
ns, XmlSerializerCompilerParameters xmlParameters, Evidence evidence)
at
System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[]
xmlMappings, Type[] types, String defaultNamespace, Evidence evidence,
XmlSerializerCompilerParameters parameters, Assembly assembly,
Hashtable assemblies) at
System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings,
Type[] types, String defaultNamespace, String location, Evidence
evidence) at System.Xml.Serialization.XmlSerializer..ctor(Type type,
String defaultNamespace) at
System.Xml.Schema.XmlSchema.Write(XmlWriter writer,
XmlNamespaceManager namespaceManager) at
System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.XmlSchemaMessage.OnWriteBodyContents(XmlDictionaryWriter
writer) at
System.ServiceModel.Channels.Message.OnWriteMessage(XmlDictionaryWriter
writer) at
System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message
message, BufferManager bufferManager, Int32 initialOffset, Int32
maxSizeQuota) at
System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message
message, Int32 maxMessageSize, BufferManager bufferManager, Int32
messageOffset) at
System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message
message) at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan
timeout) at
System.ServiceModel.Channels.HttpRequestContext.OnReply(Message
message, TimeSpan timeout) at
System.ServiceModel.Channels.RequestContextBase.Reply(Message message,
TimeSpan timeout) at
System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.Reply(MessageRpc&
rpc)
Using the guidelines on the Microsoft KB article Error message when ASP.NET 2.0 is configured to run with a user account: "Unable to generate a temporary class", I located the C:\Windows\Temp directory and inspected its folder properties by right-clicking and choosing Properties. I then navigated to the Security tab and clicked Advanced, then Add. I entered the name of the IIS_WPG group on the local computer and allowed it only the special permission List Folder / Read Data. This has now resolved the issue.
Answer
It was a configuration problem.
We had two services in the application. Prior to the problem, both services had explicit binding configuration that matched and worked well. One service was going to be removed, so the dev remmed out the explicit binding configuration, forgetting that .NET 4.0 provides default (and different) bindings.
Whichever service was hit first, its settings would not be incompatible with any other settings (since it was first) and would be fine. The service that was loaded subsequently would have different binding settings and be refused by the TransportManager.
The apparent intermittency was due to us only focusing on the one remaining service, thinking the other service was no longer in the picture. A monitoring utility was still hitting the removed service and would get in sometimes before we could reload the other service after a configuration change.
Original Question
We're getting an intermittent error when first starting up a service in IIS. If I make a whitespace change to any of the configs and reload, then about 50% of the time the service will come up fine. Once it's up, it's good to go. But the next time we deploy to this box, we start the russian roulette all over again.
We've looked over other forum posts on the same error and so far have not been able to come up with a definite fix. It took us a while to realize that none of the configuration changes we were trying were actually influencing the problem since merely a whitespace change is enough to get it to start afresh and get it to work part of the time. Seems there's some sort of race condition internally with the TransportManagerTable, perhaps it's empty when the service fails to come up? Not sure, trying to get some tracing or something to give us better info on what's in the TransportManagerTable instance.
There is no compatible TransportManager found for URI 'net.tcp://box:10101/DEV/AwesomeService.svc'. This may be because that you have used an absolute address which points outside of the virtual application, or the binding settings of the endpoint do not match those that have been set by other services or endpoints. Note that all bindings for the same protocol should have same settings in the same application.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: There is no compatible TransportManager found for URI 'net.tcp://box:10101/DEV/AwesomeService.svc'. This may be because that you have used an absolute address which points outside of the virtual application, or the binding settings of the endpoint do not match those that have been set by other services or endpoints. Note that all bindings for the same protocol should have same settings in the same application.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidOperationException: There is no compatible TransportManager
found for URI 'net.tcp://box:10101/DEV/AwesomeService.svc'. This may
be because that you have used an absolute address which points outside
of the virtual application, or the binding settings of the endpoint do
not match those that have been set by other services or endpoints.
Note that all bindings for the same protocol should have same settings
in the same application.]
System.ServiceModel.Channels.TransportChannelListener.ThrowTransportManagersNotFound()
+8955459 System.ServiceModel.Channels.TransportChannelListener.SelectTransportManagers()
+16199511 System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback
selectTransportManagerCallback) +71
System.ServiceModel.Channels.TcpChannelListener`2.OnOpen(TimeSpan
timeout) +182
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout) +789
System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan
timeout) +375
[InvalidOperationException: The ChannelDispatcher at
'net.tcp://box:10101/DEV/AwesomeService.svc' with contract(s)
'"IAwesomeService", "ILoggingService"' is unable to open its
IChannelListener.]
System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan
timeout) +16199205
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout) +789 System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan
timeout) +126
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout) +789
System.ServiceModel.HostingManager.ActivateService(String
normalizedVirtualPath) +287
System.ServiceModel.HostingManager.EnsureServiceAvailable(String
normalizedVirtualPath) +1132
[ServiceActivationException: The service '/DEV/AwesomeService.svc'
cannot be activated due to an exception during compilation. The
exception message is: The ChannelDispatcher at
'net.tcp://box:10101/DEV/AwesomeService.svc' with contract(s)
'"IAwesomeService", "ILoggingService"' is unable to open its
IChannelListener..] System.Runtime.AsyncResult.End(IAsyncResult
result) +890624
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult
result) +180062
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult
ar) +107
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.0.30319.1
Edited the configuration to set the Address Empty and the error was fixed.
To add a little bit more instruction, the issue is most likely in the Web.Config file of your service. In the node, make sure that your Endpoint Address is an empty string -or- make sure that your Endpoint Address URL points to the exact location of your service, as you specified in IIS.
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyServiceBinding" contract="MySolution.IMyService"/>
I am getting this error while connecting to Dashboard Designer in Performance Point Server 2010.
Also when i check with windows administrator logs, i get following:
An unexpected error occurred. Error 19106.
Exception details:
System.ServiceModel.ServiceActivationException: The requested service, 'http://win-engffdbgdb:32843/16cf7edf9c81417b97f549e23f57eb5f/PerformancePointService.svc' could not be activated. See the server's diagnostic trace logs for more information.
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.PerformancePoint.Scorecards.IBIMonitoringServiceApplication.GetListItems(String listUrl)
at Microsoft.PerformancePoint.Scorecards.BIMonitoringServiceApplicationProxy.<>c__DisplayClasse8.<GetListItems>b__e7(IBIMonitoringServiceApplication channel)
at Microsoft.PerformancePoint.Scorecards.BIMonitoringServiceApplicationProxy.ExecuteOnChannel(CodeBlock codeBlock)
That hotfix is not relevant anymore, it's been applied to the most recent rollups and VS2010 service pack 1. For me to fix this annoying error, I had to stop the service on the server, and start it again.
Go to Central Admin
Manage services on this server
PerformancePoint Application, click Stop
Accept warning to disable it
Once disabled, wait a few minutes, then start it again.
It looks like its trying to activate the PerformancePointService automatically, when you connect with the Dashboard designer.
It might be worthwhile to activate it manually, and see what occurs.
In addition can you look at the SharePoint diagnostic logs, and see if there is any more information there?
Grant access to the account you use for performance point service application
$w = Get-SPWebApplication -identity <web application>
$w.GrantAccessToProcessIdentity("<service account>")
Not to forget to configure the performance point services to use this as Unattended Service Account to access data sources:
Central Admin > Manage Service Applications> PerformancePoint Services
PerformancePoint Service Application Settings
Key in the account and password and OK.
Hope it helps
I had to work with PerformancePoint updating the credentials, at one point I had the same error message. It finally came out all right after I follow these steps, I know it should be already like this in your farm, but it may worth the shoot just to make sure is not an Authentication issue!!
http://www.slideshare.net/slideshow/embed_code/31958482
Hope it helps!!