我们有大量的审核失败事件 (4652) 进入 Windows 事件日志,这是由我们的 WCF 服务引起的。
问题
Does anyone know why we could be receiving these audit log entries, and how can we stop them from occurring WITHOUT removing certificate security on our end points?
任何帮助大大赞赏!
尝试过的东西
背景
When Service2 calls into Service1, we get two failed audit entries into the Windows Security Event Log on every call. However, the call succeeds without any issues and data is returned successfully.
Issue only occurs when binding uses 'clientCredentialType="Certificate"' under the security element within WCF binding configuration
事件日志条目 1
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: COMPUTERNAME$
Account Domain: DOMAINNAME
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x21c
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: COMPUTERNAME
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
事件日志条目 2
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC000006D
Sub Status: 0x80090325
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Microsoft Unified Security Protocol Provider
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Service1和Service2绑定(bind)配置
<netTcpBinding>
<binding name="Service1Binding"
maxBufferPoolSize="0"
maxReceivedMessageSize="2147483647"
transactionFlow="true"
portSharingEnabled="true"
transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxStringContentLength="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
Service1行为配置
<behavior name="Service1Behavior">
<serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" maxConcurrentCalls="2147483647" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
<peer>
<peerAuthentication certificateValidationMode="PeerTrust" />
<certificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
</peer>
</serviceCredentials>
</behavior>
Service2行为配置
<behavior name="Service2Behavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName"
x509FindType="FindBySubjectDistinguishedName"
storeLocation="LocalMachine"
storeName="Root"/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
</serviceCredentials>
</behavior>
最佳答案
我知道这是一个旧问题,但我在 Windows 更新并将安全模式更改为 TransportWithMessageCredential 并相应地更新凭据类型后遇到了与客户相同的问题,似乎已经解决了这个问题:
<security mode="TransportWithMessageCredential" >
<transport clientCredentialType="Windows" />
<message clientCredentialType="Certificate" />
</security>
只是想我会分享以防它对其他人有帮助。
关于c# - 协助审核由 WCF netTcpBinding 与 clientCredentialType 证书导致的失败 4625 消息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41052382/