Task Client Machines Are Unable To Communicate With NS Bindings On Ports 50121 and 50124 Fail.
search cancel

Task Client Machines Are Unable To Communicate With NS Bindings On Ports 50121 and 50124 Fail.

book

Article ID: 154835

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Task client machines are unable to communicate with Notification Sever (SMP) but are able to communicate to site servers. The atrshost.exe on the Notification Server also fails to bind on 50121 and 50124 but 50120, 50122, and 50123 all bind correctly.

NS logs:

"No connection could be made because the target machine actively refused it 127.0.0.1:50121"
"Credential check for "<Your Application Identity Account>" failed: System.Net.WebException: The remote server returned an error: (401) Unauthorized."

Windows System Logs:

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 8/8/2011 12:12:50 PM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: <FQDN>

Description:

An account failed to log on.

Subject:

Security ID: NULL SID

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:

Security ID: NULL SID

Account Name: <NSACCTNAME>

Account Domain:

Failure Information:

Failure Reason: An Error occurred during Logon.

Status: 0xc000006d

Sub Status: 0x0

Process Information:

Caller Process ID: 0x0

Caller Process Name: -

Network Information:

Workstation Name: <NSHOSTNAME>

Source Network Address: <NSHOSTIPADDR>

Source Port: 17992

Detailed Authentication Information:

Logon Process:

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

Environment

ITMS 8x

Cause

The atrshost service attempts to authenticate to the local machine multiple times using the server alias. Microsoft by design put in security measures to prevent programs from doing this, to prevent reflection attacks.

Resolution

1: Open up the registry editor by typing regedit under Run.
2: Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3: Right-click MSV1_0 and click New and choose to make it a Multi-String Value.
4: Enter BackConnectionHostNames as name for the entry, and double-click it to modify it.
5: Type the hostnames you need to use (usually the value specified NSPrefferedhost).
6: Restart IISAdmin Service ("Start" -> "Administrative Tools" -> "Services")

Solution 2 (Not recommended, but may be easier to test with):
1: Open up the registry editor by typing regedit under Run.
2: Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3: Right-click Lsa and click New and choose to make it a DWORD Value.
4: Enter DisableLoopbackCheck as name for the entry, and double-click it to modify it.
5: Set the value to 1 and click OK

Powered by Wolken Software