NTLM SSPI -- AcceptSecurityContext occasionally fails

0

Here is a related question I asked last month: related

There is a WCF service that adds secondary IP using netsh on startup and creates an endpoint on that IP. As soon as endpoint is created, few 'fake' clients are connecting to that endpoint. Occasionally the server will reject the client credentials (in this case trying to connect from the same computer). The error code for AcceptSecurityContext() is always SEC_E_LOGON_DENIED. The problem never occurs from a different machine.

An account failed to log on.

Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:       0x0

Logon Type:         3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       dnainstaller
    Account Domain:     ENASPROD

Failure Information:
    Failure Reason:     An Error occured during Logon.
    Status:         0xC000006D
    Sub Status:     0x0

Process Information:
    Caller Process ID:  0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:   PRENAS01
    Source Network Address: -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:      
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only):   -
    Key Length:     0

I've read that status 0xC000006D is : "This is either due to a bad username or authentication information" but I'm not sure why this happens randomly (not so often).

It is a custom tcp binding with this security settings:

TcpClientCredentialType clientCredentialType = TcpClientCredentialType.Windows;
ProtectionLevel protectionLevel = ProtectionLevel.EncryptAndSign;

The main question is why does this happen? Does this have something to do with assigning a secondary ip? I've had this issue for almost 2 months and have a feeling I've reached a dead end. Any help would be appreciated.

.net
wcf
ntlm
sspi
asked on Stack Overflow Oct 18, 2019 by sstefan

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0