c# - 协助审核由 WCF netTcpBinding 与 clientCredentialType 证书导致的失败 4625 消息

Question

我们有大量的审核失败事件 (4652) 进入 Windows 事件日志，这是由我们的 WCF 服务引起的。

问题

Does anyone know why we could be receiving these audit log entries, and how can we stop them from occurring WITHOUT removing certificate security on our end points?

任何帮助大大赞赏!

尝试过的东西

DisableLoopbackCheck 和 BackConnectionHostNames 注册表修复

对行为配置的更改，例如:

将trustedStoreLocation="LocalMachine"添加到所有身份验证元素

将 Service1 的绑定(bind)配置镜像到 Service2

背景

系统使用两个 WCF 服务

两者都作为 Windows 服务托管

在“本地系统”帐户下运行

Service1 调用 Service2

本问题结尾处的绑定(bind)和行为信息

我们正在为 Peer Trust

使用自定义 SHA1RSA 证书

证书已部署到本地受信任的人和受信任的根证书颁发机构

When Service2 calls into Service1, we get two failed audit entries into the Windows Security Event Log on every call. However, the call succeeds without any issues and data is returned successfully.

Issue only occurs when binding uses 'clientCredentialType="Certificate"' under the security element within WCF binding configuration

事件日志条目 1

An account failed to log on.

Subject:
    Security ID:        SYSTEM
    Account Name:       COMPUTERNAME$
    Account Domain:     DOMAINNAME
    Logon ID:           0x3E7

Logon Type:         3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       
    Account Domain:     

Failure Information:
    Failure Reason:     Unknown user name or bad password.
    Status:             0xC000006D
    Sub Status:         0xC0000064

Process Information:
    Caller Process ID:  0x21c
    Caller Process Name:    C:\Windows\System32\lsass.exe

Network Information:
    Workstation Name:   COMPUTERNAME
    Source Network Address: -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:      Schannel
    Authentication Package: Kerberos
    Transited Services: -
    Package Name (NTLM only):   -
    Key Length:     0

事件日志条目 2

An account failed to log on.

Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:           0x0

Logon Type:         3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       
    Account Domain:     

Failure Information:
    Failure Reason:     An Error occured during Logon.
    Status:             0xC000006D
    Sub Status:         0x80090325

Process Information:
    Caller Process ID:      0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:   -
    Source Network Address: -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:      Schannel
    Authentication Package: Microsoft Unified Security Protocol Provider
    Transited Services: -
    Package Name (NTLM only):   -
    Key Length:     0

Service1和Service2绑定(bind)配置

<netTcpBinding>
    <binding name="Service1Binding" 
             maxBufferPoolSize="0" 
             maxReceivedMessageSize="2147483647" 
             transactionFlow="true"
             portSharingEnabled="true"
             transferMode="Streamed">
      <readerQuotas maxArrayLength="2147483647" 
                    maxBytesPerRead="2147483647" 
                    maxStringContentLength="2147483647"
                    maxDepth="2147483647" 
                    maxNameTableCharCount="2147483647" />
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </netTcpBinding>

Service1行为配置

<behavior name="Service1Behavior">
          <serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" maxConcurrentCalls="2147483647" />
          <dataContractSerializer maxItemsInObjectGraph="2147483647" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
          <serviceCredentials>
            <serviceCertificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"></authentication>
            </clientCertificate>
              <peer>
                <peerAuthentication certificateValidationMode="PeerTrust" />
                <certificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
              </peer>
          </serviceCredentials>
    </behavior>

Service2行为配置

<behavior name="Service2Behavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483647" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
          <serviceCredentials>
            <serviceCertificate findValue="CN=CertificateName"
                              x509FindType="FindBySubjectDistinguishedName"
                              storeLocation="LocalMachine"
                              storeName="Root"/>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"></authentication>
            </clientCertificate>
          </serviceCredentials>
        </behavior>

Answer 1

我知道这是一个旧问题，但我在 Windows 更新并将安全模式更改为 TransportWithMessageCredential 并相应地更新凭据类型后遇到了与客户相同的问题，似乎已经解决了这个问题:

<security mode="TransportWithMessageCredential" >
  <transport clientCredentialType="Windows" />
  <message clientCredentialType="Certificate" />
</security>

只是想我会分享以防它对其他人有帮助。