Yes, I'm using the FQDN in both the local and remote machine scenarios. In
both cases, the machines are joined to the same DC, have the correct DNS
entries, user accounts are within same DC and the SPNs have been checked and
double-checked. In the shared box scenario, the only way I could make the
code work was to set allowNtlm=true, which I don't want to do...unless I can
get a vote of confidence that mutual authentication is somehow guaranteed?
Thanks you for the response. I had actually worked through the debugging
link previously. The odd thing is the I know for certain that machine to
machine works perfectly. As soon as I move the client onto the target server,
the mutual auth exception is thrown. Doesn't make sense to me, and I look
forward to any more suggestions.
"Tiago Halm" wrote:
Are you using the FQDN when performing the test?
read here for possible hints on what the issue may be:
http://msdn.microsoft.com/en-us/library/bb463274.aspx
Tiago Halm
"smpdave" <sm*****@discussions.microsoft.comwrote in message
news:77**********************************@microsof t.com...
I've created a simple WCF client-server application that uses the net.tcp
binding. I'm using SPN's in a domain environment and want to force mutual
authentication via Kerberos by setting the "allowNtlm" property to "false"
at
the client. This works exactly as planned when the client and server are
on
not on the same system. However, when co-located, the exception is thrown
stating "...remote server did not satisfy the mutual authentication
requirement". Is there a trick to make this work? I've tried practically
every possible option with no success. BTW, the test is run on Server
2003.