We have a WCF service with multiple clients to schedule operations amongst clients. It worked great on XP. Moving to win7, I can only connect a client to the server on the same machine. At this point, I'm thinking it's something to do with IPv6, but I'm stumped as to how to proceed.
Client trying to connect to a remote server gives the following exception:
System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://10.7.11.14:18297/zetec/Service/SchedulerService/Scheduler. The connection attempt lasted for a time span of 00:00:21.0042014. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.7.11.14:18297. ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.7.11.14:18297
The service is configured like so:
<system.serviceModel>
<services>
<service
name="SchedulerService"
behaviorConfiguration="SchedulerServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost/zetec/Service/SchedulerService"/>
</baseAddresses>
</host>
<endpoint address="net.tcp://localhost:18297/zetec/Service/SchedulerService/Scheduler"
binding="netTcpBinding"
bindingConfiguration = "ConfigBindingNetTcp"
contract="IScheduler" />
<endpoint address="net.tcp://localhost:18297/zetec/Service/SchedulerService/Scheduler"
binding="netTcpBinding"
bindingConfiguration = "ConfigBindingNetTcp"
contract="IProcessingNodeControl" />
</service>
</services>
<bindings>
<netTcpBinding>
<binding name = "ConfigBindingNetTcp" portSharingEnabled="True">
<security mode="None"/>
</binding>
</netTcpBinding >
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SchedulerServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceThrottling maxConcurrentSessions="100"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
The client connects like so:
String endPoint = "net.tcp://" + GetIPV4Address(m_SchedulerHostAddress) + ":" + m_SchedulerHostPort.ToString(CultureInfo.InvariantCulture) + "/zetec/Service/SchedulerService/Scheduler";
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.None;
m_Channel = new DuplexChannelFactory<IProcessingNodeControl>(this, binding, endPoint);
m_IProcessingNodeControl = m_Channel.CreateChannel();
I've checked my firewall about a dozen times, but I guess there could be something I'm missing. Tried disabling windows firewall. I tried changing localhost to my ipv4 address to try to keep away from ipv6, I've tried removing any anti-ipv6 code.
Don't know if it means anything, but:
Microsoft Telnet> open 10.7.11.14 18297
Connecting To 10.7.11.14...Could not open connection to the host, on port 18297:
Connect failed
The telnet test unfortunately doesn't seem to be key. I have successfully connected to my service's port from localhost and a remote computer when the service is running, but my client did not work from the remote computer.
Looks like connecting to localhost is not always guaranteed. Desktop (win7/32) works, Laptop (win7/64) doesn't work. Other win7/64 boxes do work though. Perhaps due to multiple nic's on the laptop? Also doesn't explain failures to connect on testers' systems.
I set up two win7 machines with IPv6 fully disabled (using 0xffffffff as in http://support.microsoft.com/kb/929852 ). No help.
Something doesn't look right about your host base address and then the end point addresses. One has an explicit port reference, the other doesn't. Usually when you use a base address you use a relative URL in the endpoint address.
I can't think why this would be related to IPv6, because none of the error messages mention IPv6 addresses.
Perhaps try again after disabling the net.tcp port sharing option. Without port sharing, you should be able to confim a connection using telnet like you did.
Also, how is your service hosted in Win7? In IIS7 or self hosted in a Windows Service? Hosting it in a Service may require some permissions to be granted to your exe beyond opening ports on your firewall (like you sometimes have to do for hosting a windows service in HTTP in Win XP).
Sorry, I'm in a hurry and can't look up URLs for these.
I don't have time to go back and test whether it is a combination of the help I received from ligos or not, but the primary fix appears to be adding SMSvcHost.exe to the exceptions in the Windows Firewall.
Thanks a lot for your help, ligos. I was ready to give up until you replied to my question.
Instructions for adding net.tcp to windows firewall:
Go to Services, find the net.TCP port sharing service, and double click it. Swipe the Path to executable (don’t worry if it’s not all on screen, the swiping action should scroll it over) and copy it (ctrl-c)
Go to your firewall and add a new program to be allowed to communicate through the Windows Firewall. Paste in the path from Services and hit ok.
Related
I need help setting up my Azure virtual machine to allow connection to my WCF website service. Please, I am just missing something simple relative to Azure.
I get this error:
"There was no endpoint listening at http://mydomainname.com/registrations.svc that could accept the message"
I have set up the HTTP, HTTPS, FTP, and other endpoints for my VM.
I have searched the web and this site for hours and still no answer - like lots of other folks it seems.
Details:
I have a website on an Azure Virtual Machine (Server 2008). The website is a copy of our production website hosted on our local server. The website has a WCF service used by a windows desktop client. Everything woks on our local server.
Everything on the Azure server works except access to the service. My registered domain name points to the Azure Server public IP address so accessing website hosted on the Azure machine works.
Example: http://www.mydomainname.com brings up my ASP.NET website. It works as expected including the https binding.
The service seems to be visible to the outside world.
Example http://www.mydomainname.com/Registrations.svc?wsdl brings up the details of the service.
Also, if I put a copy of the client code on the VM and a local host version of the website on the VM (using VS Express for web debug) and change the url in my client to point to the local host version of the service - that all works
I have not changed any firewall settings as of yet because I did not need to do so in our onsite server (or even on an ISP webserver).
Here is the service info:
<system.serviceModel>
<services>
<service name="RegistrationsService" behaviorConfiguration="RegistrationsServiceBehavior">
<endpoint address="" binding="wsHttpBinding" contract="IRegistrations"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="RegistrationsServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
Can someone tell me what I may be missing.
Do I need to set up another endpoint for my VM in Azure Portal so WCF will work: Name=AnyName? Protocol= "TCP; public port = ? Private Port= ?
After the above, what ports do I enable in server firewall (the public port or the private port)
Anything else different between an Azure Virtual Machine and other Virtual machines (like our onsite servers or ISP web servers)
Are there any settings I may have missed in IIS or other places. I have everything set just like in our local server where the website and services work.
Any help would be very much appreciated
Dennis
I read all over the msdn where it says to enable port sharing : The port sharing service should be started and my net.tcp binding should specify 'portSharingEnabled = True'.
I also see that net.tcp binding documentation shows the default value for portsharing as false.
But in my VS 2013, WIN 7 machine, I have a console app hositing many services and I am able to run it from VS without any issues. My servichost is able to host more than 10 services with the same port. What am I missing to understand ? Any ideas ?
I use this endpoint followed by servicename for all my services:
<service name="Lookup" behaviorConfiguration="">
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8000/"/>
</baseAddresses>
</host>
<endpoint
name="IEntitiesLookup"
binding="netTcpBinding"
address="LookupService"
contract="ILookup" />
</service>
I managed to clear my understanding on port sharing to an extent. But would be happy for more thoughts on this.
I managed to find the reason behind the above scenario. Within a process, I am able to host several endpoints which shares the same port. This does not need port sharing to be enabled. But if I have another process which tries to host some services with same port numbers, then an exception for 'ports already in use' happens. In this case, we then need to enable port sharing in the binding of all the endpoints in both the service host processes and start the PortSharing service.
I believe this boils down to the understanding that in the transport layer, the port numbers are tied to the process.
I've been having major problems with WCF, which are not amenable to any wisdom I can find. I've tried basicHttpBinding, wsHttpBinding, netTcpBinding (with the Net.Tcp service running on both machines). The behaviour can be boiled down to:
works on same machine, when running in debugger, standalone (non-service) process, Windows service
cannot be accessed from other machine, unless I'm running the service in the debugger
I must confess to being baffled by the plethora of options for bindings/security/etc. I must also confess to being ignorant of the restrictions on running as a Windows service, although I'm sure I've read somewhere that the SYSTEM account does not have network credentials. I've tried running the service under my own credentials, with the same results.
I'm up against a deadline in a few hours, and at the moment I'm going to have to resort to running as a standalone process, which is pretty embarassing.
I'm sure I've made some simple but crucial mistake in my understanding, and would be happy to be enlightened. But for now I'd be happy if someone knows a quick and dirty way to run WCF between two machines on the same Windows network without any security necessary, where one is a windows service and the other is a Windows GUI app.
This calls for the NetNamedPipe binding (on-machine communication)!
Your config would have to look something like:
<system.serviceModel>
<bindings>
<netNamedPipeBinding>
<binding name="NoSecurityIPC">
<security mode="None" />
</binding>
</netNamedPipeBinding>
</bindings>
<client>
<endpoint name="internal"
address="channel1"
binding="netNamedPipeBinding"
bindingConfiguration="NoSecurityIPC"
contract="IYourService" />
</client>
<services>
<service name="Namespace.YourService">
<host>
<baseAddresses>
<add baseAddress="net.pipe://localhost/" />
</baseAddresses>
</host>
<endpoint
address="channel1"
binding="netNamedPipeBinding"
bindingConfiguration="NoSecurityIPC"
contract="IYourService" />
</service>
</services>
</system.serviceModel>
Marc
Is it a Windows Firewall issue? BasicHttpBinding defaults to security mode "none", and setting it on netTcp for client and service is as simple as putting a security mode="none" element under the root binding element in both the client and server config. Seems like the firewall on the server would be the only thing that'd keep you from connecting if the security mode is set to none.
1) as well as opening the firewall, you almost certainly need to explicitly permit binding the serving port via the APIs on HTTP.SYS. This can be done by the built in netsh http add command on Vista or later, via the downloadable httpcfg tool on earlier systems, or by directly P/Invoking against the HTTP APIs with administrative privilege as a set-up step.
2) if you have multiple services, getting them to share the address space on a given port is far easier if they talk HTTP than net.tcp
3) as a default, a service that talks across the network should be run with Network Service identity, ideally as a service-specific SID : even if the data are not sensitive, exposing a high privilege user like System on the network is not good practice.
This is a bit different than other questions I've found on SO regarding this issue...
We're running 2 websites, one a WCF service and the other is a client to the service. Whenever we try to access the service we get the message "The request for security token could not be satisfied because authentication failed."
Both the websites are hosted on the same machine and under the same App Pool. Both websites are hosted on port 80 and have different host headers... example: client.website.com and service.website.com
We're using wsHttpBinding on the service side:
<endpoint address="http://service.website.com/MessagingService.svc/wshttp"
binding="wsHttpBinding"
contract="WebServices.IMessagingService"
bindingNamespace="CNI/CNIMessenger"
bindingConfiguration="wsHttpBindingConfig"
name="wsHttpBinding">
</endpoint>
When we try to run the service we get the above mentioned error. After hours of debugging I was able to find that if I use a service configuration address without any url only wshttp and point my client to the IP Address/Port everything works fine. for example:
<endpoint address="wshttp"
... And client address points to: http://127.0.0.1:8888/MessagingService.svc/wshttp
When I change the address and website to use service.website.com and keep the port 8888 I continue to get the same error.
Does anyone have any insight on this? MANY Thanks!
Try adding the following to your configuration:
<host>
<baseAddresses>
<add baseAddress="http://service.website.com"/>
</baseAddresses>
</host>
keep the address as wshttp
We have a WCF service deployed on a Windows 2003 server that is exhibiting some problems. The configuration is using wsHttpBinding and we are specifying the IP address. The services is being hosted by a Windows Service.
When we start the service up, most of the time it grabs the wrong IP address. A few times it bound to the correct address only to drop that binding and go to the other address (there are 2) bound to the NIC after processing for a short while.
It is currently using port 80 (we've configured IIS to bind to only 1 address via httpcfg) although we have tried it using different ports with the same results.
When the Windows Service starts hosting the WCF service, the properties show that it is being bound to the correct address; however, tcpview shows that it is indeed listening on the incorrect address.
Here is the portion of the config that sets up tehe baseAddress. The one that gets bound to ends up being .4 instead of .9
<services>
<service name="Service.MyService"
behaviorConfiguration="serviceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://xx.xx.xx.9:80/" />
</baseAddresses>
</host>
<endpoint address="MyService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IMyService"
contract="Service.IMyService" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
Is there some other configuration that needs to be set?
Is there a tool that can help track down where this is getting bound to the wrong address?
Your WCF configuration looks OK to me. This might be an issue with the binding order of your NIC cards. Make sure that the NIC with correct address is first. Here is an article that discuss how to set and view nic binding orders:
http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/
The issue seems to be ISS related. Here is the description about the error your getting from http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ddf72ae0-aa1e-48c9-88d1-10bae1e87e4f.mspx?mfr=true
This error is logged to the event log when HTTP.sys parses the IP inclusion list and finds that all of the entries in the list are invalid. If this happens, as the description in Table 11.15 notes, HTTP.sys listens to all IP addresses.
You can also check the following thread which talks about a similiar issue
http://www.webhostingtalk.com/showthread.php?t=534174
Hope this helps.
We had the same issue and this feature helped us to solve our problem :
http://msdn.microsoft.com/en-us/library/system.servicemodel.hostnamecomparisonmode.aspx
Hope this help.
More information: I removed the xx.xx.xx.4 IP address from the NIC altogether and turned off IIS. Now when I try to start the service it fails and I find this in the System event log.
Description:
Unable to bind to the underlying transport for xx.xx.xx.4:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
My configuration file still has the xx.xx.xx.9 baseAddress setting.
One more piece of informatoin. If we change the binding to use NetTcp instead of WsHttp it binds to the correct address on port 80. Changing it back to WsHttp it goes back to the incorrect IP address.
BaseAddress is ignored. You need to set a host header under IIS.