无法从 Windows Server 2003 内部访问存储在 Windows Server 2003 上的 WebService

发布于 2024-09-26 14:34:14 字数 1264 浏览 0 评论 0原文

在所有情况下，我们都运行 .NET Framework 3.5

我公司有一台运行 Windows Server 2003 R2 (Service Pack 2)、32 位处理器的服务器。该计算机上的 IIS 实例运行多个网站。我们运行的网站之一是 Microsoft CRM 4。

当我尝试从本地 PC 登录 CRM 时，一切都非常简单。我收到输入用户名和密码的提示，输入详细信息，通过身份验证，然后通过。简单的。

但是：我可以通过 RDP 进入 2003 Server 并打开 IE。如果我随后浏览我们的 CRM 网站，系统会提示我输入用户名和密码。我提供了与我从本地 PC 输入的完全相同的详细信息 - 包括正确的域。但什么也没有。我被拒绝访问。

我是本地 PC 和 2003 Server 的管理员。

这很奇怪。我什至不知道从哪里开始看这个。我什至不知道要在Google 中搜索哪些关键术语。

任何帮助将非常感激。

背景

现在，知道开发人员是什么样的（我就是其中之一），第一反应将是：“如果您可以从 PC 登录，那您为什么要关心？”

还有更多事情发生。

我们在该服务器上还有另一个网站，除了托管一组关键的 Web 服务之外什么也不做。这是因为关键 Web 服务本身很少发生变化，但其他功能却一直在变化。我们不希望在其他区域进行维护时关键 Web 服务出现故障，因此大约 18 个月前将它们拆分为自己的独立网站。

我正在为关键站点开发 Web 服务。该 Web 服务本身包含一个指向 CRM 4 的 CrmService 的代理。我们的想法是，我们希望人们能够向我们的 CRM 提交某些信息（例如潜在客户联系信息）。然而，我们不想让任何人都可以访问整个 CRM 系统（显然）。因此，通过发布我们自己的位于中间的 WebService，我们可以只公开我们希望其他人拥有的功能。

这个新的 Web 服务现已准备好部署。所有场景都满足，所有单元测试都通过，所有应该失败的事情都通过。一切都很顺利。

当我将该 WebService 放在 2003 Server 上时，突然由于身份验证失败，它无法再与 CrmService 通信。 ???

在尝试诊断问题时，我注意到没有人（甚至管理员）可以从 2003 Server 内部登录 CRM 网站。因此，我怀疑导致该问题的原因也导致我的 Web 服务无法访问 CrmService。

对于其他上下文，我们在 2003 Server 上有一个新的多域 SSL 证书，并且我们通过主机标头分割对所有网站的访问。

我想不出更多相关信息。如果我遗漏了一些重要的内容，请尽管询问。

原文

In all cases we are running .NET Framework 3.5

My company has a server running Windows Server 2003 R2 (Service Pack 2), 32-bit processor. The IIS instance on this machine runs several Websites. One of the Websites we are running is Microsoft CRM 4.

When I attempt to log in to CRM from my local PC, everything's perfectly straightforward. I receive a prompt for username and password, I enter the details, I'm authenticated, and I pass through. Easy.

However: I can RDP into the 2003 Server and open IE. If I then browse to our CRM website I am prompted for a username and password. I provide exactly the same details - including the correct domain - as I enter from my local PC. But nothing. I'm denied access.

I am an administrator both of my local PC and of the 2003 Server.

This is very weird. I don't even know where to begin looking on this one. I don't even know what key terms to hit into Google.

Any help would be very much appreciated.

Context

Now, knowing what developers are like (I am one) the first response is going to be: "If you can log in from your PC, why do you care?"

There's more going on.

We have another website on that server that does nothing but host a set of critical web services. This is because the critical web services themselves rarely change but the other features change all the time. We don't want the critical web services to go down while maintenance is performed on other areas, so they were split off into their own independent web site about 18 months ago.

I am developing a web service for the critical site. This Web Service itself includes a proxy that points to the CrmService of CRM 4. The idea is that we want people to be able to submit certain information - such as lead contact information - into our CRM. However, we don't want to give just anyone access to the whole CRM system (obviously). So by publishing our own WebService that sits in the middle we can expose only the functionality that we want other people to have.

This new web service is now ready for deployment. All scenarios are met, all unit tests pass, everything that should fail does. It's all hunky-dory.

When I put that WebService on the 2003 Server, suddenly it can't communicate with CrmService any more due to authentication failure. ???

In my attempts to diagnose the problem, I noticed that no-one - not even administrators - can log into the CRM Website from within the 2003 Server. So I'm suspecting that whatever is causing that issue is also responsible for my web service to be unable to access the CrmService too.

For additional context, we have a new multi-domain SSL cert on the 2003 Server and we're splitting access to all our websites via host-headers.

I can't think of any more relevant information. If I've left out something critical, just ask.

分享到QQ

分享到微博