Hi,
I have a strange problem with a live WCF application which implements one of my Internet websites (this is a Production problem).
Client:
- Internet facing.
- WCF Application Client.
- Runs on a Windows Virtual Machine running Windows Server 2008 R2.
- Runs in II 7.5 (web server).
- Uses its own Application Pool, set for the ApplicationPoolIdentity.
- There are other WebSites running in the IIS Web Server, each using their own Application Pool, all using ApplicationPoolIdentity.
Server:
- Intranet facing, firewall blocks connections except from client virtual machine.
- WCF Application Server/Service.
- Runs on a Windows Virtual Machine running Windows Server 2008 R2.
- Runs in II 7.5 (application server).
- Uses its own Application Pool, set for the ApplicationPoolIdentity.
- Both virtual machines are one the same physical machine.
- Both virtual machines, and the physical machine, are all in the same Windows Domain and share the same domain users/Active Directory.
- Both ApplicationPoolIdentities are IUSR.
- There are no known problems with the AD or the DNS.
- Both IIS are configured to enable anonymous access.
Everything was running fine until Friday night. At that time, I changed the TimeOut value on the WCF Client Application Pool, saved the
new Application Pool configuration, restarted the Application Pool, and then restarted the Web Server.
Since that time, I can no longer connect to the Application Server WCF Server Application from the Web Server WCF Client Application using that Application Pool.
Since a helpful post pointed out the the client.Abort() WCF service method should be called instead of client.Close() in case of problems, I have the exact problem:
"WCF - the caller was not authenticated by the service" caused by a "System.ServiceModel.Security.SecurityNegotiationException", thrown by the WCF Server Application.
Failed Request Tracing on the Application Server also shows that the processing stopped at the Authentication of the client. The Windows Event Log of the Application
Server virtual machine also shows Anonymous Authentications (successful) since the time I changed the ApplicationPool. I don't see any before that, always real
accounts related to the ApplicationPoolIdentity (System and AppPool).
Nothing I do to the Application Pool allows it to work again (even changing to NetworkService instead of ApplicationPoolIdentity).
Strangely, if I use an older Application Pool from another Web Site, it works again; however, if I now change the Application Pool from the
second WebSite, both WebSites now cannot access the WCF Service (they both use the same WCF Service running in the same Application Server).
I am down to my last working Application Pool. I don't especially want to turn off security, but will be doing it soon if I cannot find a solution.
Can someone tell me what is going on ? This kind of problem makes me very nervous. Usually I can find the cause of such problems after a while,
but this time I am absolutely stumped. As far as I know, I have changed nothing but the Application Pool. The Active Directory has not changed,
or at least, has not changed that I know of. The OS has not been upgraded either.
Any help appreciated, if this problem has been seen before or anywhere I can check.
Thanks and regards