Click here to Skip to main content
15,867,330 members
Articles / Microsoft

WCF Secure Channel cannot be opened - Load Balancing with wsHttp Binding

Rate me:
Please Sign up or sign in to vote.
0.00/5 (No votes)
12 Feb 2011CPOL1 min read 41.1K   1   1
WCF Secure Channel cannot be opened - Load Balancing with wsHttp Binding

When a WCF service generates the following error:

Exception:
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.

Inner Exception:

The request for security token has invalid or malformed elements.

This probably means that the service is running under a load balanced environment, and the WCF settings are not configured correctly. This error is intermittent because the load balancer may be landing on the same server, but when the request is sent to a different server the security token becomes invalid. When using the wsHttpBinding on a Load balanced environment , it is necessary to turn off the security context establishment. The establishSecurityContext attribute should be set to false. By default, this value is true. This needs to be added to both the host and client configurations.

The host configuration should look something like this:

XML
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingLB">
     <security mode="Message">
         <message clientCredentialType="Windows" establishSecurityContext="false"/>
      </security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
    <behavior name="ozkary.SerBehavior">
    <serviceMetadata httpGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ozkary.SerBehavior" name="ozkary.Service">
     <endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBindingLB" 
contract="ozkary.IService">                   
                </endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>   
</system.serviceModel>

The client configuration should look as follows:

XML
<system.serviceModel>
<bindings>
<wsHttpBinding>
   <binding name="wsHttpBindingLB">               
    <security mode="Message">                    
         <message clientCredentialType="Windows"  establishSecurityContext="false"/>
    </security>
    </binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint  address="myService.svc" binding="wsHttpBinding"
        bindingConfiguration="wsHttpBindingLB" contract="ozkary.IService">               
</endpoint>
</client>  
</system.serviceModel>

Another approach to address this error is to add another endpoint and use BasicHttpBinding instead. This by default provides persistent connections, but if you do not want the persistent connection, it can be disabled by setting the KeepAliveEnabled attribute to false. To learn more about configuring WCF services in a load balanced environment, you can read the following from MSDN:

I hope this helps.

This article was originally posted at http://ozkary.blogspot.com/feeds/posts/default

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Architect OG-BITechnologies
United States United States
Software engineer, author & speaker who enjoys mentoring, learning, speaking and sharing with others about software development technologies. Microsoft MVP.

My Blog

Comments and Discussions

 
Questioni encounter the same error Pin
people8091126-Sep-11 16:19
people8091126-Sep-11 16:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.