.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

A call to SSPI failed: The target principal name is incorrect - How to ignore this Security Check

Posted By:      Posted Date: September 01, 2010    Points: 0   Category :WCF
I find that I am getting this error since I am using the netTCPBinding. I don't get this exception when the client and server are on the same machine, but when they are on different machines, this exception occurs. If I set the identity on the end point as mentioned in the article: http://blogs.msdn.com/b/drnick/archive/2007/11/08/setting-a-user-principal-on-the-endpoint.aspx it is working fine.   So my question is , should the service end point always have an identity when using netTcpBinging? I tried setting Security.Mode = None and still I got this identity exception. is there any way through which I can ask the service to ignore the SSPI details and accept client request?   Thanks!

View Complete Post

More Related Resource Links

[FtpWebRequest] System.Security.Authentication.AuthenticationException: A call to SSPI failed


Hi All,

   I'm using FtpWebReuqest, SSL enabled, to connect and upload files to an FTP server.

   During testing of the module i'm developing, I've encountered an unhandled exception indicating,

   "System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid"


Now before I decided to post this question here, I've searched the net and found several posts related to this. However, most them were not really helpful and not that clear. Hence, the post. :)

Additional info, I've already over ride the validation part of the SSL connection using the codes below:


ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(MyCertValidationCb);

public static bool MyCertValidationCb(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)


        return true;



What I can't really figure out is the root caus

WCF The Security Support Provider Interface (SSPI) negotiation failed


I am using a wcf service that I created, when both hosting machine and the client machine are on the same domain everything works just fine. When I publish the client app to the webserver in the DMZ I am getting the following error:

SOAP security negotiation with '' for   
'' failed. See inner exception  
for more details.The Security Support Provider Interface (SSPI) negotiation failed.

Here is my service main where I set up the service


 Uri baseAddress = new Uri("Http://");
      ServiceHost selfHost = new ServiceHost(typeof(QBService), baseAddress);


An add-on for this website failed to run. Check the security settings in Internet options for potent


Hello everyone,,

I am using IE8 and getting this problem.

An add-on for this website failed to run. Check the security settings in Internet options for potential conflicts.

Can anyone help me,,,plz

2 WCFs and "A call to SSPI failed, see inner exception"


I have 2 WCFs. One is hosted on my local IIS, and another is self-hosted on a Windows service. It was all running great, until I made some modifications. Of course, probably my first problem is that I don't know how to "see the inner exception". But I'm betting it's in one of my app.config files. Here they are:

Client web.config:





<binding name="NetTcpBinding_IService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="565536" maxConnections="10" maxReceivedMessageSize="565536"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="516384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />


Security negotiation failed because the remote party did not send back a reply in a timely manner. T



Dear All i have created one simple service

like this

namespace WcfService2
        public class Service1 : IService1
        public string ShowEmpName(string strFirstName, string strLastName)
            return strFirstName + strLastName;

after executing in .net command promt i got 2 files

service.cs & output.config

after that i create one class file like this

namespace WcfService2
    public class clientcs

        static void Main(string[] args)
            Service1Client client = new Service1Client();
            string strResult = client.ShowEmpName("Pradeep", "Deokar");

Msg 15121, Level 16, State 10, XP_Cmdshell - A call to 'CreateProcessAsUser' failed with error cod

I have the XP_cmdshell issues for the past two days in SQL2005 SP2 environment. There is a domain account with sysadmin privilege. I have created a proxy account and gave the execute privilege for xp_cmdshell. If i try to run the following commmand EXEC master..xp_cmdshell 'dir *.txt' Msg 15121, Level 16, State 10, Procedure xp_cmdshell, Line 1 An error occurred during the execution of xp_cmdshell. A call to 'CreateProcessAsUser' failed with error code: '1314'. But if i give sysadmin priv and then i try to execute. It worked. I cant give sysadmin priv so i m using a proxy account. Whether any one have solution for it.

ODBC call failed

I try to export a table from Access 2007 to SQL-Server Express 2008R2 and it returns the error: ODBC call failed. [Microsoft][SQL Server Native Client 1.0][SQL Sever] Line1: Specifed Scale 1 is invalid (#1002). The problem is related with a datetime column, because if I drop this column it is possible to export. Thanks for your help.    

MessageSecurityException "Identity check failed for outgoing message" when using custom endpointaddr

Hi! I am currently developing a WCF service which will use ASP.NET Membership and RoleProvider as authentication/authorization. I followed the description in on this page http://msdn.microsoft.com/en-us/library/ff647294.aspx to do this, and everything works as expected when I try add a reference to my development service and uses that without any interaction. But, I want to be able to override the enpoint address in code since the server may be placed on other servers, but when I do this in my code (with the same enpointAddress stated in the client wcf file for testing purpose) I get a MessageSecurityException with this information: "Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'localhost' but the remote endpoint provided DNS claim 'MyCert'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'MyCert' as the Identity property of EndpointAddress when creating channel proxy." I have search the net for information about this, and found that the only thing I had to do was to add a <dns value="MyCert" /> to my client wcf configuration, and everything should work. But it doesn't, I still get the same error. My server behavior configuration looks like this: <serviceCredentials> <serviceCertificate findValue="CN=MyCert" />

Wait on the Database Engine recovery handle failed. Check the SQL Server error log for potential cau

Attempting to upgrade from SQL 2005 EE to SQL 2008 EE on Vmware ESX 3.5 virtual server. below is info from Detail.txt related to successful install with failures... 2010-09-02 13:50:46 Slp: Sco: Attempting to check if file 'D:\Data\MSSQL.1\MSSQL\LOG\ERRORLOG' exists 2010-09-02 13:50:46 Slp: Sco: Returning security descriptor O:BAG:SYD:AI(A;ID;FA;;;S-1-5-21-3788118842-658835432-3441893140-1006)(A;ID;FA;;;S-1-5-21-3788118842-658835432-3441893140-1007)(A;ID;FA;;;BA)(A;ID;FA;;;SY)S:AI(AU;IDFA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) 2010-09-02 13:50:46 Slp: Configuration action failed for feature SQL_Engine_Core_Inst during timing ConfigRC and scenario ConfigRC. 2010-09-02 13:50:46 Slp: Wait on the Database Engine recovery handle failed. Check the SQL Server error log for potential causes. 2010-09-02 13:50:46 Slp: Configuration action failed for feature SQL_Engine_Core_Inst during timing ConfigRC and scenario ConfigRC. 2010-09-02 13:50:46 Slp: Microsoft.SqlServer.Configuration.SqlEngine.SqlEngineConfigException: Wait on the Database Engine recovery handle failed. Check the SQL Server error log for potential causes. 2010-09-02 13:50:46 Slp:    at Microsoft.SqlServer.Configuration.SqlEngine.SqlServerServiceBase.WaitSqlServerStart(Process processSql) 2010-09-02 13:50:46 Slp:    at Microsoft.SqlServer.Configuration.SqlEngine.SqlServerServiceSCM.StartSqlServer(St

Security Context Token verification failed. (The security protocol cannot verify the incoming messag

Hello, I would like implement Message Lever security with username/password authentication on HTTP. My environment looks something like this.  Server Side - Message lever security is configured on service.           <security mode="Message">             <message clientCredentialType="UserName" negotiateServiceCredential="True"/>           </security> - CA and self signed certificates are created on server and configured. ServiceCredentials are looks like this <serviceCredentials> <serviceCertificate findValue="CertForIdm" storeLocation="LocalMachine" storeName="My" x509FindType="FindByIssuerName" /> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="IfMembershipProvider" /> </serviceCredentials> Client Side (References are generated by VS) - Binding configuration                 <binding name="WSHttpBinding_IWaypoint2" closeTimeout="00:11:00"                     openTimeout="00:11:00" receiveTimeout="00:10:00" sendTimeout="00:11:00"  &nb

Error Message: The attempt to connect to the report server failed. Check your connection informatio

I have a web page that contains a ReportViewer control.  I am trying to display a report, which is an .rdl file located on the SSRS server, in this ReportViewer control.  I have set the ReportPath and ReportServerUrl correctly.  I am getting an error message. Am I suppose to use an .rdlc file rather than a .rdl file?  Does the web server configuration need to use a certain account?  I am getting the following error message: The attempt to connect to the report server failed. Check your connection information and that the report server is a compatible version. The request failed with HTTP status 404: Not Found.

How to resolve "Performance counter registry hive consistency check" failed?

I want to install SQL Server 2008 November CTP Developer Enu. When "System Configuration Check" it shows: Rule "Performance counter registry hive consistency check" failed. The performance counter registry hive is corrupted.   And cannot continue installing. How to solve this problem?

ODBC--call failed.[Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismat

I need to establish a connection between an Access 2003 database (32 bit) and an 11g 64 bit Oracle database on a server. I am running Windows 7 on a 64 bit laptop. I did a clean install of Oracle 11g for 64 bit. I have no problem accessing the Oracle database via the Oracle SQL Developer. I just have a problem from within Access. I hope someone can help me. I've been fighting this for several months. Thanks in advance!

not your usual SSPI negotiation failed error

Okay, it is the typical message: The Security Support Provider Interface (SSPI) negotiation failed.  But the scenario is different than when I've run into it before.  In our setup, we have a workstation within a very secure environment running an application that needs to call one of our WCF services which are using Windows Authentication.  If I run this app on our regular network with a domain account it runs just fine.  Within the secure environment on this workstation, it throws the SSPI error.  Here's where it gets interesting.  For at least one user, who had logged into the machine before it had been fully "hardened" the application still works.  For users logging in since then, fail.  I am guessing there is some specific facet of local profile creation that doesn't work in our hardened environment that does not apply to the user whose profile already existed.  I have previously run into the service-to-service issue where you have to create a local profile for your back end service account before its upn will work in the config (which still makes no sense to me).  I'm hoping this is somehow related and one of you internals geniuses will know what part of my profile is missing.  Thanks in advance.

Alerts - 1 user fails with "PermissionMask check failed. asking for 0x00000055, have 0x3C4312EF", ot

I have set Alerts for 3 users on a Document Library in our Team Site in a MOSS 2007 environment.  Alerts go out for every other person I set alerts for, with the exception of this person.  Our Exchange Admin tracked down the Alert email and saw that while everyone else was listed, this person was not.  At the same time I turned on Verbose logging for the log files and found the PermissionMask failure.  The problem is I cannot figure out why this person is failing this check. This person happens to be a member of our IT team, as are the other people I added Alerts for.  I should also note that this problem occurs whether I add the alert for this person, or this person adds the alert themselves.  I have checked the permissions on the Library and they are inherited from the Site level.  When I check the permissions on the Site level, the IT team has Contribute permissions, I did then check the AD Security Group to be sure that this person is in the group, and they are. Any ideas as to why this would happen for this person only?  This person can access, and add content, to the Library which puzzles me more.  My next test will be to add this permission to the Site permissions explicity with Full Control to see if that matters. In Googling for this, I find a number of PermissionMask posts, but none that seem to address this specific pro

Secure channel cannot be opened because security negotiation with the remote endpoint has failed

Please help me to pinpoint what's wrong with the configurations. CoreClient client = new CoreClient(); client.ClientCredentials.UserName.UserName = "test"; client.ClientCredentials.UserName.Password = "test"; string msg = client.SayHello(); //==== ERROR Happens here Error message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. Configurations: Host: <behaviors> <serviceBehaviors> <behavior name="DefaultBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> <serviceCredentials> <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Promotion.Services.UsernameValidator, LibraryIIS" /> </serviceCredentials> </behavior>
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend