C# 协助审核失败4625条由WCF netTcpBinding与clientCredentialType证书导致的消息
我们的WCF服务导致大量审核失败事件(4652)进入Windows事件日志 问题C# 协助审核失败4625条由WCF netTcpBinding与clientCredentialType证书导致的消息,c#,wcf,security,ssl,client-certificates,C#,Wcf,Security,Ssl,Client Certificates,我们的WCF服务导致大量审核失败事件(4652)进入Windows事件日志 问题 <netTcpBinding> <binding name="Service1Binding" maxBufferPoolSize="0" maxReceivedMessageSize="2147483647" transactionFlow="true" portSharingE
<netTcpBinding>
<binding name="Service1Binding"
maxBufferPoolSize="0"
maxReceivedMessageSize="2147483647"
transactionFlow="true"
portSharingEnabled="true"
transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxStringContentLength="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
<behavior name="Service1Behavior">
<serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" maxConcurrentCalls="2147483647" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
<peer>
<peerAuthentication certificateValidationMode="PeerTrust" />
<certificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
</peer>
</serviceCredentials>
</behavior>
<behavior name="Service2Behavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName"
x509FindType="FindBySubjectDistinguishedName"
storeLocation="LocalMachine"
storeName="Root"/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
</serviceCredentials>
</behavior>
有人知道我们为什么会收到这些审核日志条目吗,
我们如何在不删除证书的情况下阻止它们的发生
我们终点的安全
非常感谢您的帮助
尝试过的事情
- DisableLoopbackCheck和BackConnectionHostNames注册表修复程序
- 对行为配置的更改,例如:
- 将trustedStoreLocation=“LocalMachine”添加到所有身份验证元素
- 将绑定配置从Service1镜像到Service2
- 系统使用两种WCF服务
- 两者都作为Windows服务托管
- 在“本地系统”帐户下运行
- Service1调用Service2
- 此问题末尾的绑定和行为信息
- 我们正在使用自定义SHA1RSA证书进行对等信任
- 证书部署到本地受信任的人和受信任的根证书颁发机构
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: COMPUTERNAME$
Account Domain: DOMAINNAME
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x21c
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: COMPUTERNAME
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
事件日志条目2
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC000006D
Sub Status: 0x80090325
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Microsoft Unified Security Protocol Provider
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Service1和Service2绑定配置
<netTcpBinding>
<binding name="Service1Binding"
maxBufferPoolSize="0"
maxReceivedMessageSize="2147483647"
transactionFlow="true"
portSharingEnabled="true"
transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxStringContentLength="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
<behavior name="Service1Behavior">
<serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" maxConcurrentCalls="2147483647" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
<peer>
<peerAuthentication certificateValidationMode="PeerTrust" />
<certificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
</peer>
</serviceCredentials>
</behavior>
<behavior name="Service2Behavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName"
x509FindType="FindBySubjectDistinguishedName"
storeLocation="LocalMachine"
storeName="Root"/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
</serviceCredentials>
</behavior>
服务1行为配置
<netTcpBinding>
<binding name="Service1Binding"
maxBufferPoolSize="0"
maxReceivedMessageSize="2147483647"
transactionFlow="true"
portSharingEnabled="true"
transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxStringContentLength="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
<behavior name="Service1Behavior">
<serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" maxConcurrentCalls="2147483647" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
<peer>
<peerAuthentication certificateValidationMode="PeerTrust" />
<certificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
</peer>
</serviceCredentials>
</behavior>
<behavior name="Service2Behavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName"
x509FindType="FindBySubjectDistinguishedName"
storeLocation="LocalMachine"
storeName="Root"/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
</serviceCredentials>
</behavior>
服务2行为配置
<netTcpBinding>
<binding name="Service1Binding"
maxBufferPoolSize="0"
maxReceivedMessageSize="2147483647"
transactionFlow="true"
portSharingEnabled="true"
transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxStringContentLength="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
<behavior name="Service1Behavior">
<serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" maxConcurrentCalls="2147483647" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
<peer>
<peerAuthentication certificateValidationMode="PeerTrust" />
<certificate findValue="CN=CertificateName" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="Root" />
</peer>
</serviceCredentials>
</behavior>
<behavior name="Service2Behavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<serviceCredentials>
<serviceCertificate findValue="CN=CertificateName"
x509FindType="FindBySubjectDistinguishedName"
storeLocation="LocalMachine"
storeName="Root"/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"></authentication>
</clientCertificate>
</serviceCredentials>
</behavior>