I have a client connecting to the WCF service using the following on both endpoints:
<security mode="Message"> <message clientCredentialType="Windows" /> </security>
This works in my dev environment (both run locally) and negotiations work correctly. When I push it into the test environment, I get the following message:
SOAP security negotiation with ' http: // host / service ' for target ' http: // host / service ' failed. See Internal Exception for more details.
Internal exception:
System.ComponentModel.Win32Exception: Security Support Provider Interface Authentication Failure (SSPI). Perhaps the server is not running in the account with the identifier host / server-name.domain . If the server is running under a service account (for example, a network service), specify the ServicePrincipalName account as the identifier in the EndpointAddress for the server. If the server is running with a user account, specify the UserPrincipalName account as the identifier in the EndpointAddress for the server.
After accidentally changing attributes and, as a rule, using it randomly, the only way to make it work is to change the application pool for the service in order to use LocalSystem as Identity. This subsequently led to sys administrators having kittens, and I cannot continue to do so.
Can anyone shed some light on why this is happening? Both the Windows client account and the AppPool ID are in the same domain. The service runs on a server in the same domain.
source share